From fd6648f16592f1a5b500a0ad1f8ee4f840b4e05c Mon Sep 17 00:00:00 2001 From: Deepak Date: Wed, 2 Aug 2023 19:28:38 +0530 Subject: [PATCH 001/279] removed( enable log handling) command and its content --- .../docs/concepts/security/security-checklist.md | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/content/en/docs/concepts/security/security-checklist.md b/content/en/docs/concepts/security/security-checklist.md index ce96812567c82..914650777a94a 100644 --- a/content/en/docs/concepts/security/security-checklist.md +++ b/content/en/docs/concepts/security/security-checklist.md @@ -207,21 +207,7 @@ SELinux is only available on Linux nodes, and enabled in ## Logs and auditing - [ ] Audit logs, if enabled, are protected from general access. -- [ ] The `/logs` API is disabled (you are running kube-apiserver with - `--enable-logs-handler=false`). - Kubernetes includes a `/logs` API endpoint, enabled by default, - that lets users request the contents of the API server's `/var/log` directory over HTTP. Accessing - that endpoint requires authentication. - -Allowing broad access to Kubernetes logs can make security information -available to a potential attacker. - -As a good practice, set up a separate means to collect and aggregate -control plane logs, and do not use the `/logs` API endpoint. -Alternatively, if you run your control plane with the `/logs` API endpoint -and limit the content of `/var/log` (within the host or container where the API server is running) to -Kubernetes API server logs only. ## Pod placement From 6c70a45be38d9015e129d1c56e244cc642bec504 Mon Sep 17 00:00:00 2001 From: Sagar Muchhal <8758225+srm09@users.noreply.github.com> Date: Thu, 28 Sep 2023 12:22:45 -0700 Subject: [PATCH 002/279] Fixes comment for webhook conversion strategy This patch fixes the language of the comment for the webhook conversion strategy. --- .../custom-resources/custom-resource-definition-versioning.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md index f472a94962616..9d82ca703c8a6 100644 --- a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md +++ b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md @@ -493,7 +493,7 @@ spec: port: type: string conversion: - # a Webhook strategy instruct API server to call an external webhook for any conversion between custom resources. + # the Webhook strategy instructs the API server to call an external webhook for any conversion between custom resources. strategy: Webhook # webhook is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhook: @@ -561,7 +561,7 @@ spec: port: type: string conversion: - # a Webhook strategy instruct API server to call an external webhook for any conversion between custom resources. + # the Webhook strategy instructs the API server to call an external webhook for any conversion between custom resources. strategy: Webhook # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhookClientConfig: From 077e878c2c6c216b6c9e8abd6e174e5358b857ab Mon Sep 17 00:00:00 2001 From: Surya Seetharaman Date: Wed, 11 Oct 2023 13:54:30 +0200 Subject: [PATCH 003/279] Clarify NetPol applies to connections, not pkts Signed-off-by: Surya Seetharaman --- .../services-networking/network-policies.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/services-networking/network-policies.md b/content/en/docs/concepts/services-networking/network-policies.md index 2eaad9b6a6649..e8823dc3f8234 100644 --- a/content/en/docs/concepts/services-networking/network-policies.md +++ b/content/en/docs/concepts/services-networking/network-policies.md @@ -58,7 +58,8 @@ By default, a pod is non-isolated for egress; all outbound connections are allow A pod is isolated for egress if there is any NetworkPolicy that both selects the pod and has "Egress" in its `policyTypes`; we say that such a policy applies to the pod for egress. When a pod is isolated for egress, the only allowed connections from the pod are those allowed by -the `egress` list of some NetworkPolicy that applies to the pod for egress. +the `egress` list of some NetworkPolicy that applies to the pod for egress. Reply traffic for those +allowed connections will also be implicitly allowed. The effects of those `egress` lists combine additively. By default, a pod is non-isolated for ingress; all inbound connections are allowed. @@ -66,7 +67,8 @@ A pod is isolated for ingress if there is any NetworkPolicy that both selects th has "Ingress" in its `policyTypes`; we say that such a policy applies to the pod for ingress. When a pod is isolated for ingress, the only allowed connections into the pod are those from the pod's node and those allowed by the `ingress` list of some NetworkPolicy that applies to -the pod for ingress. The effects of those `ingress` lists combine additively. +the pod for ingress. Reply traffic for those allowed connections will also be implicitly allowed. +The effects of those `ingress` lists combine additively. Network policies do not conflict; they are additive. If any policy or policies apply to a given pod for a given direction, the connections allowed in that direction from that pod is the union of @@ -372,6 +374,16 @@ implemented using the NetworkPolicy API. - The ability to prevent loopback or incoming host traffic (Pods cannot currently block localhost access, nor do they have the ability to block access from their resident node). +## NetworkPolicy's impact on existing connections + +When the set of NetworkPolicies that applies to an existing connection changes - this could happen +either due to a change in NetworkPolicies or if the relevant labels of the namespaces/pods selected by the +policy (both subject and peers) are changed in the middle of an existing connection - it is +implementation defined as to whether the change will take effect for that existing connection or not. +Example: A policy is created that leads to denying a previously allowed connection, the underlying CNI +implementation is responsible for defining if that new policy will close the existing connections or not. +It is recommended not to modify policies/pods/namespaces in ways that might affect existing connections. + ## {{% heading "whatsnext" %}} - See the [Declare Network Policy](/docs/tasks/administer-cluster/declare-network-policy/) From aa7cbee28f6034137fb7710a02f1193e10d11f28 Mon Sep 17 00:00:00 2001 From: hasaki <65399555+luoxiaohi@users.noreply.github.com> Date: Tue, 17 Oct 2023 16:57:27 +0800 Subject: [PATCH 004/279] Concepts -> Configuration -> Secrets Fix a mistake --- content/en/docs/concepts/configuration/secret.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md index fb3140ca11a51..f7d7998d1233c 100644 --- a/content/en/docs/concepts/configuration/secret.md +++ b/content/en/docs/concepts/configuration/secret.md @@ -381,7 +381,7 @@ The following YAML contains an example config for a TLS Secret: The TLS Secret type is provided only for convenience. You can create an `Opaque` type for credentials used for TLS authentication. -However, using the defined and public Secret type (`kubernetes.io/ssh-auth`) +However, using the defined and public Secret type (`kubernetes.io/tls`) helps ensure the consistency of Secret format in your project. The API server verifies if the required keys are set for a Secret of this type. From 9151b93cd98c5025697c9d24e84dc1a230b95507 Mon Sep 17 00:00:00 2001 From: vaibhav2107 Date: Fri, 27 Oct 2023 00:28:20 +0530 Subject: [PATCH 005/279] Add the link of supposed example in topology-spread-constraints.md --- .../scheduling-eviction/topology-spread-constraints.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md b/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md index 3cbc5b01acd8d..a28b807152349 100644 --- a/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md +++ b/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md @@ -480,8 +480,8 @@ There are some implicit conventions worth noting here: - The scheduler bypasses any nodes that don't have any `topologySpreadConstraints[*].topologyKey` present. This implies that: - 1. any Pods located on those bypassed nodes do not impact `maxSkew` calculation - in the - above example, suppose the node `node1` does not have a label "zone", then the 2 Pods will + 1. any Pods located on those bypassed nodes do not impact `maxSkew` calculation - [in the + above example](#example-conflicting-topologyspreadconstraints), suppose the node `node1` does not have a label "zone", then the 2 Pods will be disregarded, hence the incoming Pod will be scheduled into zone `A`. 2. the incoming Pod has no chances to be scheduled onto this kind of nodes - in the above example, suppose a node `node5` has the **mistyped** label `zone-typo: zoneC` From 80483fe91f228563c03e9e545ca2d7fb562a0db2 Mon Sep 17 00:00:00 2001 From: Cruz Fernandez Date: Fri, 3 Nov 2023 13:33:32 -0300 Subject: [PATCH 006/279] Add a clarification for autoscaling on minikube Added a very small clarification on how to run this guide on `minikube`. --- .../run-application/horizontal-pod-autoscale-walkthrough.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md index 7a0f0f5a2a94d..9c0971f981704 100644 --- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md +++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md @@ -50,6 +50,12 @@ new kinds of resource that represent metric readings. To learn how to deploy the Metrics Server, see the [metrics-server documentation](https://github.com/kubernetes-sigs/metrics-server#deployment). +For enabling on minikube you can enable it with + +```shell +minikube addons enable metrics-server +``` + ## Run and expose php-apache server From 172621c93b075f1a5946b7d8216160cb37061bdb Mon Sep 17 00:00:00 2001 From: Gauravpadam <1032201077@tcetmumbai.in> Date: Tue, 24 Oct 2023 19:13:25 +0530 Subject: [PATCH 007/279] Bumped up hugo to v0.120.3 --- netlify.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netlify.toml b/netlify.toml index 00ebed217d513..c413ff623731c 100644 --- a/netlify.toml +++ b/netlify.toml @@ -8,7 +8,7 @@ command = "git submodule update --init --recursive --depth 1 && make non-product [build.environment] NODE_VERSION = "10.20.0" -HUGO_VERSION = "0.111.3" +HUGO_VERSION = "0.120.3" [context.production.environment] HUGO_BASEURL = "https://kubernetes.io/" From 369317b85511eb350ba62e4c201bdf22b6465a17 Mon Sep 17 00:00:00 2001 From: Cruz Fernandez Date: Tue, 7 Nov 2023 16:56:43 -0300 Subject: [PATCH 008/279] Rephrased with slightly better English update with comment from shubham82 . thanks a lot! --- .../run-application/horizontal-pod-autoscale-walkthrough.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md index 9c0971f981704..874fa0dc654e0 100644 --- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md +++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md @@ -50,7 +50,7 @@ new kinds of resource that represent metric readings. To learn how to deploy the Metrics Server, see the [metrics-server documentation](https://github.com/kubernetes-sigs/metrics-server#deployment). -For enabling on minikube you can enable it with +If you are running {{< glossary_tooltip term_id="minikube" >}}, run the following command to enable metrics-server: ```shell minikube addons enable metrics-server From 8ac9f2f21c629f8fecf8cbe3b16cbe8d484429d0 Mon Sep 17 00:00:00 2001 From: Satyam Soni <94950988+satyampsoni@users.noreply.github.com> Date: Tue, 14 Nov 2023 20:09:10 +0000 Subject: [PATCH 009/279] Add and use gloassary entry for replica --- .../en/docs/concepts/overview/components.md | 21 ++++++++++----- content/en/docs/reference/glossary/replica.md | 26 +++++++++++++++++++ 2 files changed, 41 insertions(+), 6 deletions(-) create mode 100644 content/en/docs/reference/glossary/replica.md diff --git a/content/en/docs/concepts/overview/components.md b/content/en/docs/concepts/overview/components.md index 6d1fface086a4..41f4ab051a486 100644 --- a/content/en/docs/concepts/overview/components.md +++ b/content/en/docs/concepts/overview/components.md @@ -24,7 +24,10 @@ a complete and working Kubernetes cluster. ## Control Plane Components -The control plane's components make global decisions about the cluster (for example, scheduling), as well as detecting and responding to cluster events (for example, starting up a new {{< glossary_tooltip text="pod" term_id="pod">}} when a deployment's `replicas` field is unsatisfied). +The control plane's components make global decisions about the cluster (for example, scheduling), +as well as detecting and responding to cluster events (for example, starting up a new +{{< glossary_tooltip text="pod" term_id="pod">}} when a Deployment's +`{{< glossary_tooltip text="replicas" term_id="replica" >}}` field is unsatisfied). Control plane components can be run on any machine in the cluster. However, for simplicity, set up scripts typically start all control plane components on @@ -102,19 +105,24 @@ see [Addons](/docs/concepts/cluster-administration/addons/). ### DNS -While the other addons are not strictly required, all Kubernetes clusters should have [cluster DNS](/docs/concepts/services-networking/dns-pod-service/), as many examples rely on it. +While the other addons are not strictly required, all Kubernetes clusters should have +[cluster DNS](/docs/concepts/services-networking/dns-pod-service/), as many examples rely on it. -Cluster DNS is a DNS server, in addition to the other DNS server(s) in your environment, which serves DNS records for Kubernetes services. +Cluster DNS is a DNS server, in addition to the other DNS server(s) in your environment, +which serves DNS records for Kubernetes services. Containers started by Kubernetes automatically include this DNS server in their DNS searches. ### Web UI (Dashboard) -[Dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard/) is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage and troubleshoot applications running in the cluster, as well as the cluster itself. +[Dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard/) is a general purpose, +web-based UI for Kubernetes clusters. It allows users to manage and troubleshoot applications +running in the cluster, as well as the cluster itself. ### Container Resource Monitoring -[Container Resource Monitoring](/docs/tasks/debug/debug-cluster/resource-usage-monitoring/) records generic time-series metrics +[Container Resource Monitoring](/docs/tasks/debug/debug-cluster/resource-usage-monitoring/) +records generic time-series metrics about containers in a central database, and provides a UI for browsing that data. ### Cluster-level Logging @@ -132,7 +140,8 @@ allocating IP addresses to pods and enabling them to communicate with each other ## {{% heading "whatsnext" %}} Learn more about the following: - * [Nodes](/docs/concepts/architecture/nodes/) and [their communication](/docs/concepts/architecture/control-plane-node-communication/) with the control plane. + * [Nodes](/docs/concepts/architecture/nodes/) and [their communication](/docs/concepts/architecture/control-plane-node-communication/) + with the control plane. * Kubernetes [controllers](/docs/concepts/architecture/controller/). * [kube-scheduler](/docs/concepts/scheduling-eviction/kube-scheduler/) which is the default scheduler for Kubernetes. * Etcd's official [documentation](https://etcd.io/docs/). diff --git a/content/en/docs/reference/glossary/replica.md b/content/en/docs/reference/glossary/replica.md new file mode 100644 index 0000000000000..6e2f1ecbc3d03 --- /dev/null +++ b/content/en/docs/reference/glossary/replica.md @@ -0,0 +1,26 @@ +--- +title: Replica +id: replica +date: 2023-06-11 +full_link: +short_description: > + Replicas are copies of pods, ensuring availability, scalability, and fault tolerance by maintaining identical instances. +aka: +tags: +- fundamental +- workload +--- +A copy or duplicate of a {{< glossary_tooltip text="Pod" term_id="pod" >}} or +a set of pods. Replicas ensure high availability, scalability, and fault tolerance +by maintaining multiple identical instances of a pod. + + +Replicas are commonly used in Kubernetes to achieve the desired application state and reliability. +They enable workload scaling and distribution across multiple nodes in a cluster. + +By defining the number of replicas in a Deployment or ReplicaSet, Kubernetes ensures that +the specified number of instances are running, automatically adjusting the count as needed. + +Replica management allows for efficient load balancing, rolling updates, and +self-healing capabilities in a Kubernetes cluster. + From 50f23e3ecb7c4abacfeed05bf7e749af2a65111d Mon Sep 17 00:00:00 2001 From: Maciej Filocha Date: Fri, 17 Nov 2023 16:53:40 +0100 Subject: [PATCH 010/279] Update README for Polish localization --- README-pl.md | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/README-pl.md b/README-pl.md index 62dc2d0ee22f3..228a4a54fde68 100644 --- a/README-pl.md +++ b/README-pl.md @@ -9,7 +9,7 @@ W tym repozytorium znajdziesz wszystko, czego potrzebujesz do zbudowania [strony ## Jak używać tego repozytorium -Możesz uruchomić serwis lokalnie poprzez Hugo (Extended version) lub ze środowiska kontenerowego. Zdecydowanie zalecamy korzystanie z kontenerów, bo dzięki temu lokalna wersja będzie spójna z tym, co jest na oficjalnej stronie. +Możesz uruchomić serwis lokalnie poprzez [Hugo (Extended version)](https://gohugo.io/) lub ze środowiska kontenerowego. Zdecydowanie zalecamy korzystanie z kontenerów, bo dzięki temu lokalna wersja będzie spójna z tym, co jest na oficjalnej stronie. ## Wymagania wstępne @@ -29,17 +29,24 @@ cd website Strona Kubernetesa używa [Docsy Hugo theme](https://github.com/google/docsy#readme). Nawet jeśli planujesz uruchomić serwis w środowisku kontenerowym, zalecamy pobranie podmodułów i innych zależności za pomocą polecenia: -```bash -# pull in the Docsy submodule +### Windows +```powershell +# aktualizuj podrzędne moduły git submodule update --init --recursive --depth 1 ``` +### Linux / inne systemy Unix +```bash +# aktualizuj podrzędne moduły +make module-init +``` + ## Uruchomienie serwisu w kontenerze Aby zbudować i uruchomić serwis wewnątrz środowiska kontenerowego, wykonaj następujące polecenia: ```bash -make container-image +# Możesz ustawić zmienną $CONTAINER_ENGINE wskazującą na dowolne narzędzie obsługujące kontenery podobnie jak Docker make container-serve ``` @@ -53,11 +60,16 @@ Upewnij się, że zainstalowałeś odpowiednią wersję Hugo "extended", określ Aby uruchomić i przetestować serwis lokalnie, wykonaj: -```bash -# install dependencies -npm ci -make serve -``` +- macOS i Linux + ```bash + npm ci + make serve + ``` +- Windows (PowerShell) + ```powershell + npm ci + hugo.exe server --buildFuture --environment development + ``` Zostanie uruchomiony lokalny serwer Hugo na porcie 1313. Otwórz w przeglądarce adres , aby obejrzeć zawartość serwisu. Po każdej zmianie plików źródłowych, Hugo automatycznie aktualizuje stronę i odświeża jej widok w przeglądarce. From 73f343c7f112d3e8c3d4b0535e62785f8d9dcc32 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Thu, 16 Nov 2023 11:46:45 +0000 Subject: [PATCH 011/279] kubernetes cluster networking types Kubernetes has a concept of cluster network, as it can be IPv4 only, IPv6 only or dual stack depending on the IP famliies configured for their Pod , Services and Node objects. Signed-off-by: Antonio Ojea --- .../cluster-administration/networking.md | 28 +++++++++++++++++++ .../images/kubernetes-cluster-network.svg | 1 + 2 files changed, 29 insertions(+) create mode 100644 content/en/docs/images/kubernetes-cluster-network.svg diff --git a/content/en/docs/concepts/cluster-administration/networking.md b/content/en/docs/concepts/cluster-administration/networking.md index 273f5ed69cbf1..9cf1579beee83 100644 --- a/content/en/docs/concepts/cluster-administration/networking.md +++ b/content/en/docs/concepts/cluster-administration/networking.md @@ -32,6 +32,34 @@ different approach. To learn about the Kubernetes networking model, see [here](/docs/concepts/services-networking/). +## Kubernetes IP address ranges + +Kubernetes clusters require to allocate non-overlapping IP addresses for Pods, Services and Nodes, +from a range of available addresses configured in the following components: + +- The network plugin is configured to assign IP addresses to Pods. +- The kube-apiserver is configured to assign IP addresses to Services. +- The kubelet or the cloud-controller-manager is configured to assign IP addresses to Nodes. + +{{< figure src="/docs/images/kubernetes-cluster-network.svg" alt="A figure illustrating the different network ranges in a kubernetes cluster" class="diagram-medium" >}} + +## Cluster networking types {#cluster-network-ipfamilies} + +Kubernetes clusters, attending to the IP families configured, can be categorized into: + +- IPv4 only: The network plugin, kube-apiserver and kubelet/cloud-controller-manager are configured to assign only IPv4 addresses. +- IPv6 only: The network plugin, kube-apiserver and kubelet/cloud-controller-manager are configured to assign only IPv6 addresses. +- IPv4/IPv6 or IPv6/IPv4 [dual-stack](/docs/concepts/services-networking/dual-stack/): + - The network plugin is configured to assign IPv4 and IPv6 addresses. + - The kube-apiserver is configured to assign IPv4 and IPv6 addresses. + - The kubelet or cloud-controller-manager is configured to assign IPv4 and IPv6 address. + - All components must agree on the configured primary IP family. + +Kubernetes clusters only consider the IP families present on the Pods, Services and Nodes objects, +independently of the existing IPs of the represented objects. Per example, a server or a pod can have multiple +IP addresses on its interfaces, but only the IP addresses in `node.status.addresses` or `pod.status.ips` are +considered for implementing the Kubernetes network model and defining the type of the cluster. + ## How to implement the Kubernetes network model The network model is implemented by the container runtime on each node. The most common container diff --git a/content/en/docs/images/kubernetes-cluster-network.svg b/content/en/docs/images/kubernetes-cluster-network.svg new file mode 100644 index 0000000000000..9fd7a49e18b44 --- /dev/null +++ b/content/en/docs/images/kubernetes-cluster-network.svg @@ -0,0 +1 @@ + \ No newline at end of file From bbf3000b8a16e90cd8473925b9d3eb42c6b0af2f Mon Sep 17 00:00:00 2001 From: vaibhav2107 Date: Fri, 24 Nov 2023 08:33:03 +0530 Subject: [PATCH 012/279] Updated topology spread constraints.md --- .../scheduling-eviction/topology-spread-constraints.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md b/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md index a28b807152349..03a0172cb2cb7 100644 --- a/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md +++ b/content/en/docs/concepts/scheduling-eviction/topology-spread-constraints.md @@ -480,8 +480,9 @@ There are some implicit conventions worth noting here: - The scheduler bypasses any nodes that don't have any `topologySpreadConstraints[*].topologyKey` present. This implies that: - 1. any Pods located on those bypassed nodes do not impact `maxSkew` calculation - [in the - above example](#example-conflicting-topologyspreadconstraints), suppose the node `node1` does not have a label "zone", then the 2 Pods will + 1. any Pods located on those bypassed nodes do not impact `maxSkew` calculation - in the + above [example](#example-conflicting-topologyspreadconstraints), suppose the node `node1` + does not have a label "zone", then the 2 Pods will be disregarded, hence the incoming Pod will be scheduled into zone `A`. 2. the incoming Pod has no chances to be scheduled onto this kind of nodes - in the above example, suppose a node `node5` has the **mistyped** label `zone-typo: zoneC` From a05312f23b91213d16d7c60fa35401d9e3e28a76 Mon Sep 17 00:00:00 2001 From: ziyi-xie Date: Thu, 30 Nov 2023 06:17:16 +0000 Subject: [PATCH 013/279] Added introduction about CSI Migration Modified the title from Type-of-volumes to In-tree volume plugin --- content/en/docs/concepts/storage/volumes.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index 08be7f60e3923..b4401b1ff0924 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -58,9 +58,15 @@ Volumes cannot mount within other volumes (but see [Using subPath](#using-subpat for a related mechanism). Also, a volume cannot contain a hard link to anything in a different volume. -## Types of volumes {#volume-types} +## In-tree volume plugins and their CSI Migration progress {#volume-types} + +Below is a list of In-tree plugins that are supported by Kubernetes and the status of their respective CSI Migrations progress. +The Container Storage Interface (CSI) was designed to help Kubernetes replace its existing, in-tree storage driver mechanisms - especially vendor specific plugins.Kubernetes support for the Container Storage Interface has been generally available since Kubernetes v1.13. For more details on CSI Migration, please refer to [Out-of-tree volume plugins](#out-of-tree-volume-plugins). + +{{< note >}} +When a Kubernetes cluster administrator updates a cluster to enable CSI migration, existing workloads that utilize PVCs which are backed by in-tree storage plugins will continue to function as they always have. Existing In trees PVs and In Tree format yaml file will still be used in the future even after the migration is completed, and will not be left unprocessed or deleted in the future. Users can still specify the following In-tree plugins in their yaml file. However, behind the scenes, Kubernetes hands control of all storage management operations (previously targeting in-tree drivers) to CSI drivers. +{{< /note >}} -Kubernetes supports several types of volumes. ### awsElasticBlockStore (removed) {#awselasticblockstore} From 6ad170bf1720c77c7119e8174054c1791cd01e3c Mon Sep 17 00:00:00 2001 From: utkarsh-singh1 Date: Thu, 30 Nov 2023 12:00:37 +0530 Subject: [PATCH 014/279] Updated kubernetes tutorials from deploy-intro.html to update-intro.html Signed-off-by: utkarsh-singh1 --- .../tutorials/kubernetes-basics/deploy-app/deploy-intro.html | 2 +- .../tutorials/kubernetes-basics/explore/explore-intro.html | 2 +- .../docs/tutorials/kubernetes-basics/expose/expose-intro.html | 4 ++-- .../docs/tutorials/kubernetes-basics/scale/scale-intro.html | 2 +- .../docs/tutorials/kubernetes-basics/update/update-intro.html | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html index 764c785d7acaa..049177359919d 100644 --- a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html @@ -153,7 +153,7 @@

View the app

- Once you're ready, move on to Viewing Pods and Nodes.

+ Once you're ready, move on to Viewing Pods and Nodes.

diff --git a/content/en/docs/tutorials/kubernetes-basics/explore/explore-intro.html b/content/en/docs/tutorials/kubernetes-basics/explore/explore-intro.html index 4fbe4f2d701ec..f830d947bea1a 100644 --- a/content/en/docs/tutorials/kubernetes-basics/explore/explore-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/explore/explore-intro.html @@ -189,7 +189,7 @@

Executing command on the container

- Once you're ready, move on to Using A Service To Expose Your App.

+ Once you're ready, move on to Using A Service To Expose Your App.

diff --git a/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html b/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html index ad24db80442f3..769dcf1de83ec 100644 --- a/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html @@ -128,7 +128,7 @@

Create a new Service

-

Step 2: Using labels

+

Using labels

The Deployment created automatically a label for our Pod. With the describe deployment subcommand you can see the name (the key) of that label:

kubectl describe deployment

@@ -166,7 +166,7 @@

Deleting a service

- Once you're ready, move on to Running Multiple Instances of Your App.

+ Once you're ready, move on to Running Multiple Instances of Your App.

diff --git a/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html b/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html index 7c6d980ef799f..dd47d267c0ba3 100644 --- a/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/scale/scale-intro.html @@ -174,7 +174,7 @@

Scale Down

- Once you're ready, move on to Performing a Rolling Update.

+ Once you're ready, move on to Performing a Rolling Update.

diff --git a/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html b/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html index 4c5cd29d968af..6b7993190d326 100644 --- a/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html @@ -140,7 +140,7 @@

Update the version of the app

-

Step 2: Verify an update

+

Verify an update

First, check that the app is running. To find the exposed IP address and port, run the describe service command:

kubectl describe services/kubernetes-bootcamp

Create an environment variable called NODE_PORT that has the value of the Node port assigned:

@@ -183,7 +183,7 @@

Roll back an update

Remember to clean up your local cluster

-

kubectl delete deployments/kubernetes-bootcamp services/kubernetes-bootcamp

+

kubectl delete deployments/kubernetes-bootcamp services/kubernetes-bootcamp

From 9fe14aa8746342f6001b76b671e7da9eda21d6b9 Mon Sep 17 00:00:00 2001 From: Arhell Date: Sat, 2 Dec 2023 11:27:43 +0200 Subject: [PATCH 015/279] [ja] Update install-kubeadm.md --- .../production-environment/tools/kubeadm/install-kubeadm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 58494bb97cc0a..0efeb9daccc43 100644 --- a/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/ja/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -126,7 +126,7 @@ kubeadmは`kubelet`や`kubectl`をインストールまたは管理**しない** ```shell sudo apt-get update - sudo apt-get install -y apt-transport-https ca-certificates curl + sudo apt-get install -y apt-transport-https ca-certificates curl gpg ``` 2. Google Cloudの公開鍵をダウンロードします: From 4a715a610d33ab8e2df10b99b364f989ae6a48c9 Mon Sep 17 00:00:00 2001 From: Junya Okabe Date: Sat, 2 Dec 2023 20:20:35 +0900 Subject: [PATCH 016/279] del: releated in milestone --- content/ja/docs/contribute/localization.md | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/content/ja/docs/contribute/localization.md b/content/ja/docs/contribute/localization.md index f75e25bcba97e..34b238f111e62 100644 --- a/content/ja/docs/contribute/localization.md +++ b/content/ja/docs/contribute/localization.md @@ -41,10 +41,6 @@ card: ### Pull Requestを送るまで -未翻訳ページの新規翻訳作業と既存ページの修正作業でそれぞれ手順が異なります。 - -既存ページへの追加修正については、後述の[マイルストーンについて](#milestones)に目を通すことをおすすめします。 - #### 新規ページを翻訳する場合の手順 {#translate-new-page} 1. `kubernetes/website`リポジトリをフォークする @@ -55,21 +51,9 @@ card: #### 既存のページの誤字脱字や古い記述を修正する場合の手順 1. `kubernetes/website`リポジトリをフォークする -2. `dev-1.18-ja.2`(最新のマイルストーンブランチに適宜読み替えること)から任意の名前でブランチを作成し、該当箇所を編集する -3. `dev-1.18-ja.2`(最新のマイルストーンブランチに適宜読み替えること)ブランチに向けてPull Requestを作成する - -### マイルストーンについて {#milestones} - -翻訳作業を集中的に管理するために、日本語を含む複数の言語ではマイルストーンを採用しています。 - -各マイルストーンでは、 - -- 最低要件のコンテンツの追加・更新(項目については[こちら](https://kubernetes.io/docs/contribute/localization/#translating-documents)を参照してください) -- バージョンに追従できていない翻訳済みコンテンツの更新 - -を行い、ドキュメントの全体的なメンテナンスを行っています。 - -マイルストーンのバージョンはOwner権限を持つメンバーが管理するものとします。 +2. `master`から任意の名前でブランチを作成する +3. `content/ja`のディレクトリから必要なファイルを編集する +4. `master`ブランチに向けてPull Requestを作成する ## 翻訳スタイルガイド From 33dfa837ecd5fcee7041aa30d4146b018a365758 Mon Sep 17 00:00:00 2001 From: Junya Okabe Date: Sat, 2 Dec 2023 20:22:32 +0900 Subject: [PATCH 017/279] sed s/master/main/g --- content/ja/docs/contribute/localization.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/ja/docs/contribute/localization.md b/content/ja/docs/contribute/localization.md index 34b238f111e62..dd41fe3e615c8 100644 --- a/content/ja/docs/contribute/localization.md +++ b/content/ja/docs/contribute/localization.md @@ -22,7 +22,7 @@ card: 翻訳作業は全て[GitHubのIssue](https://github.com/kubernetes/website/issues?q=is%3Aissue+is%3Aopen+label%3Alanguage%2Fja)によって管理されています。翻訳作業を行いたい場合は、Issueの一覧をまず最初にご確認ください。 -また、Kubernetes傘下のリポジトリでは`CLA`と呼ばれる同意書に署名しないと、Pull Requestをマージすることができません。詳しくは[英語のドキュメント](https://github.com/kubernetes/community/blob/master/CLA.md)や、[Qiitaに有志の方が書いてくださった日本語のまとめ](https://qiita.com/jlandowner/items/d14d9bc8797a62b65e67)をご覧ください。 +また、Kubernetes傘下のリポジトリでは`CLA`と呼ばれる同意書に署名しないと、Pull Requestをマージすることができません。詳しくは[英語のドキュメント](https://github.com/kubernetes/community/blob/main/CLA.md)や、[Qiitaに有志の方が書いてくださった日本語のまとめ](https://qiita.com/jlandowner/items/d14d9bc8797a62b65e67)をご覧ください。 ### 翻訳を始めるまで @@ -44,16 +44,16 @@ card: #### 新規ページを翻訳する場合の手順 {#translate-new-page} 1. `kubernetes/website`リポジトリをフォークする -2. `master`から任意の名前でブランチを作成する +2. `main`から任意の名前でブランチを作成する 3. `content/en`のディレクトリから必要なファイルを`content/ja`にコピーし、翻訳する -4. `master`ブランチに向けてPull Requestを作成する +4. `main`ブランチに向けてPull Requestを作成する #### 既存のページの誤字脱字や古い記述を修正する場合の手順 1. `kubernetes/website`リポジトリをフォークする -2. `master`から任意の名前でブランチを作成する +2. `main`から任意の名前でブランチを作成する 3. `content/ja`のディレクトリから必要なファイルを編集する -4. `master`ブランチに向けてPull Requestを作成する +4. `main`ブランチに向けてPull Requestを作成する ## 翻訳スタイルガイド From 31dc056d615095cd39555b82ac6f287610813dec Mon Sep 17 00:00:00 2001 From: Neko Ayaka Date: Fri, 17 Nov 2023 11:26:04 +0800 Subject: [PATCH 018/279] Fix varies of style issues for community page 1. Fixed overflowed line through of headings, use a better solution to achieve the same effect 2. Adjusted the font size of headings when in smaller screens, it was way too big for mobile devices and reduces readability 3. Added paddings for the Recent News section, it used to have no paddings and looks weird 4. Adjusted the navigation anchor links for sections, the button style was way too big and not harmony with the rest of the design pattern 5. Added comments for blocks 6. Make it more consistent for paddings, margins and other styles for each of the sections 7. Fixed the entangled styles with the size of view ports, make it more smoother when resizes 8. Remove hard-coded paddings and margins 9. Fixed incorrect vw unit usages, center navigation items, linted function calls 10. Added some small animation transitions for the smoother experience Signed-off-by: Neko Ayaka --- static/css/community.css | 219 ++++++++++++++++++++++++--------------- 1 file changed, 133 insertions(+), 86 deletions(-) diff --git a/static/css/community.css b/static/css/community.css index 2cec5a21dd238..2ed9c36491e0b 100644 --- a/static/css/community.css +++ b/static/css/community.css @@ -6,6 +6,7 @@ body.cid-community #banner { max-height: min(calc(2.5vw + min(24em, calc(2 * 293px))), 50vh); object-fit: cover; overflow: clip; + min-height: 240px; } body.cid-community .community-section #h2 { @@ -17,53 +18,83 @@ body.cid-community .community-section #h2 { text-transform: uppercase; } +/* ------------------------------------- + * Line through styles of Headings + ------------------------------------- */ +body.cid-community .community-section h2 { + text-align: center; + display: flex; + justify-content: center; + align-items: center; + width: 100%; + white-space: nowrap; + margin-bottom: 2rem; +} + body.cid-community .community-section h2:before, body.cid-community .community-section h2:after { - background-color: #aaaaaa; + background-color: #aaa; content: ""; display: inline-block; height: 1px; position: relative; vertical-align: middle; - width: 35%; + width: 100%; } body.cid-community .community-section h2:before { - right: 0.5em; - margin-left: -50%; + margin-right: 0.5em; } body.cid-community .community-section h2:after { - left: 0.5em; - margin-right: -50%; -} - -body.cid-community .community-section, body.cid-community #navigation-items { - max-width: min(85vw,100em); - margin-left: auto; - margin-right: auto; + margin-left: 0.5em; } +/* ------------------------------------- + * Containers and blocks of sections + ------------------------------------- */ body.cid-community .community-section { + display: flex; + flex-direction: column; + justify-content: center; + align-items: center; + align-content: space-between; + + min-height: 24em; + margin-top: 1em; margin-bottom: 1em; - padding: 0.5em 0; - justify-content: space-evenly; - align-items: baseline; - align-content: space-between; - min-height: 10em; + padding: 60px; + text-align: center; /* overridden for paragraphs */ } body.cid-community .community-section:first-child { - padding-top: max(3vh,1.5em); + padding-top: max(3vh, 1.5em); +} + +body.cid-community .community-section > * { + max-width: 1200px; +} + +/* ------------------------------------- + * Containers and blocks of sections: Navigation + ------------------------------------- */ +body.cid-community .community-section, body.cid-community #navigation-items { + margin-left: auto; + margin-right: auto; } body.cid-community #navigation-items { - padding: 0.25em; + /* + Padding on two sides = (total width - max width) / 2 + + If padding on two sides smaller then 60px, then use 60px, + otherwise uses the calculated value for padding. + */ + padding: 8px max(calc((100% - 1200px)/2), 60px); width: 100%; - max-width: initial; margin-top: 2.5em; margin-bottom: 2.5em; @@ -75,12 +106,7 @@ body.cid-community #navigation-items { display: flex; flex-direction: row; flex-wrap: wrap; -} - -/* Allow fallback if calc() fails */ -body.cid-community #navigation-items { - padding-left: calc((100vw - min(85vw,120em))/2); - padding-right: calc((100vw - min(85vw,120em))/2); + justify-content: center; } body.cid-community #navigation-items .community-nav-item { @@ -103,11 +129,18 @@ body.cid-community #navigation-items .community-nav-item { min-height: 2em; } +body.cid-community #navigation-items .community-nav-item a { + transition: color 0.2s ease; +} + body.cid-community .community-section > p:not(.community-simple) { line-height: 1.5em; text-align: initial; } +/* ------------------------------------- + * Containers and blocks of sections - Introduction + ------------------------------------- */ body.cid-community .community-section#introduction, body.cid-community .community-section#introduction > p { line-height: 1.75em; @@ -115,13 +148,19 @@ body.cid-community .community-section#introduction > p { letter-spacing: 0.04em; } +body.cid-community .community-section#introduction { + padding: 0 60px; + min-height: unset; +} + +/* ------------------------------------- + * Containers and blocks of sections - Conference gallery + ------------------------------------- */ body.cid-community #gallery { - display: flex; max-width: 100%; + display: flex; + flex-direction: row; gap: 0.75rem; - justify-content: center; - margin-left: auto; - margin-right: auto; } body.cid-community #gallery img { @@ -136,12 +175,11 @@ body.cid-community #gallery img.community-gallery-mobile { display: none; } - - - +/* ------------------------------------- + * Containers and blocks of sections - Events + ------------------------------------- */ body.cid-community .community-section#events { width: 100%; - max-width: initial; margin-bottom: 0; /* no events @@ -153,54 +191,53 @@ body.cid-community .community-section#events { display: none; } +/* ------------------------------------- + * Containers and blocks of sections - Community Values + ------------------------------------- */ body.cid-community .community-section#values { width: 100%; - max-width: initial; - background-image: url('/images/community/event-bg.jpg'); color: #fff; - padding: 2em; - margin-top: 3em; -} -body.cid-community .community-section#values { - padding-left: calc((100vw - min(75vw,120em))/2); - padding-right: calc((100vw - min(75vw,120em))/2); + background-image: url('/images/community/event-bg.jpg'); } +/* ------------------------------------- + * Containers and blocks of sections - Meetups + ------------------------------------- */ body.cid-community .community-section#meetups { width: 100%; - max-width: initial; + min-height: min(24em,50vh); margin-top: 0; - + color: #fff; background: url('/images/community/kubernetes-community-final.jpg'), url('/images/community/kubernetes-community-column.png'); background-position: 80% center, left center; background-repeat: no-repeat, repeat; background-size: auto 100%, cover; - color: #fff; - /* fallback in case calc() fails */ - padding: 5vw; - padding-bottom: 1em; - min-height: min(24em,50vh); } -body.cid-community .community-section#meetups { - padding-left: calc((100vw - min(75vw,100em))/2); - padding-right: calc((100vw - min(75vw,100em))/2); +/* ------------------------------------- + * Containers and blocks of sections - News + ------------------------------------- */ +body.cid-community .community-section#news { + padding: 12px 12px; } body.cid-community a.community-cta-button { - appearance: button; - display: inline-block; + display: inline-flex; + justify-content: center; + align-items: center; + + min-height: 3em; + min-width: max(5vw, 9em); margin: 0.75em auto 0 auto; /* gap before button */ + padding: 0.75em 1.5em; - background-color: #0662EE; color: white; - + background-color: #0662EE; border-radius: 6px; - padding: 0.75em; - min-height: 3em; - min-width: max(5vw, 9em); text-align: center; + appearance: button; + transition: background-color 0.2s ease; } body.cid-community a.community-cta-button:hover { background-color: #2357b0; } @@ -228,32 +265,26 @@ body.cid-community .fullbutton { font-weight: bold; } +/* ------------------------------------- + * Containers and blocks of sections - Videos + ------------------------------------- */ body.cid-community #videos { width: 100%; - max-width: initial; - padding: 0.5em 5vw 5% 5vw; /* fallback in case calc() fails */ background-color: #eeeeee; - margin-top: 4em; -} - -body.cid-community #videos { - padding-left: calc((100vw - min(95vw,160em))/2); - padding-right: calc((100vw - min(95vw,160em))/2); } body.cid-community #videos .container { display: flex; - flex-wrap: wrap; - gap: max(12px,2em); - max-width: 95vw; justify-content: center; + flex-wrap: wrap; + gap: max(12px, 2em); margin-left: auto; margin-right: auto; } body.cid-community .video { - width: min(80vw,max(31%, 24em)); + width: min(80vw, max(31%, 24em)); flex-basis: 31%; flex-shrink: 1; } @@ -281,15 +312,13 @@ body.cid-community .video iframe { aspect-ratio: 16 / 9; } -body.cid-community #resources { - margin-top: 5%; - margin-bottom: 3%; -} - +/* ------------------------------------- + * Containers and blocks of sections - Discussions + ------------------------------------- */ body.cid-community #resources .container { width: 100%; display: flex; - flex-wrap: none; + flex-wrap: nowrap; gap: 2em; justify-content: center; margin-left: auto; @@ -312,6 +341,7 @@ body.cid-community #resources .container > .community-resource img { body.cid-community #resources .container > .community-resource a { text-transform: uppercase; + transition: color 0.2s ease; } body.cid-community .resourcebox { @@ -319,9 +349,6 @@ body.cid-community .resourcebox { min-height: 370px; } - - - body.cid-community .community-section.community-frame { width: 100%; } @@ -376,7 +403,8 @@ body.cid-community #cncf-code-of-conduct h2:after { body.cid-community #navigation-items { justify-content: flex-start; text-align: left; - gap: min(2px,0.125em); + gap: min(2px, 0.125em); + padding: 8px 30px; } body.cid-community #navigation-items div.community-nav-item { width: 100%; @@ -390,6 +418,8 @@ body.cid-community #cncf-code-of-conduct h2:after { } body.cid-community #resources .container { flex-wrap: wrap; + flex-direction: column; + align-items: center; } body.cid-community #resources .container .community-resource { max-width: min(80vw, 24rem); @@ -397,6 +427,25 @@ body.cid-community #cncf-code-of-conduct h2:after { body.cid-community a.community-cta-button { font-size: 1.5rem; } + body.cid-community a.community-cta-button { + padding: 0.5rem 1rem; + min-height: 2rem; + min-width: 5rem; + font-size: 1rem; + } + body.cid-community .community-section { + padding: 30px; + } + body.cid-community .community-section h2 { + /* Smaller title size when screen is small */ + font-size: 24px; + } + body.cid-community .community-section#introduction { + padding: 0 30px; + } + body.cid-community .community-section#gallery { + min-height: unset; + } } @media only screen and (max-width: 1024px) { @@ -409,14 +458,12 @@ body.cid-community #cncf-code-of-conduct h2:after { height: auto; } body.cid-community .video { - flex-basis: max(30em,80vw); + flex-basis: max(30em, 80vw); max-width: max(32em, 75vw); } body.cid-community .video .videocta { padding-bottom: 0.5em; - } - } @media only screen and (min-width: 1024px) { @@ -424,7 +471,7 @@ body.cid-community #cncf-code-of-conduct h2:after { display: none; } body.cid-community .community-section:not(:first-of-type) { - min-height: max(20em,18vh); + min-height: max(20em, 18vh); } body.cid-community .community-section#meetups p:last-of-type { margin-bottom: 6em; /* extra space for background */ @@ -436,4 +483,4 @@ body.cid-community #cncf-code-of-conduct h2:after { body.cid-community .community-section h2:after { display: none; } -} \ No newline at end of file +} From d836a0cc73c81b4319a1a1134d8c938e943e5973 Mon Sep 17 00:00:00 2001 From: Junya Okabe Date: Wed, 6 Dec 2023 17:02:52 +0900 Subject: [PATCH 019/279] fix: code block --- .../tasks/administer-cluster/kubeadm/configure-cgroup-driver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md b/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md index 85c12d939d2ee..33cddc6992220 100644 --- a/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md +++ b/content/ja/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md @@ -81,7 +81,7 @@ Kubeadmはクラスター内の全ノードで同じ`KubeletConfiguration`を使 - `kubectl edit cm kubelet-config-x.yy -n kube-system`を呼び出します(`x.yy`はKubernetesのバージョンに置き換えてください)。 - 既存の`cgroupDriver`の値を修正するか、以下のような新しいフィールドを追加します。 -``yaml +```yaml cgroupDriver: systemd ``` From 81a6077759464982f2db59ef59622d26a54104d8 Mon Sep 17 00:00:00 2001 From: Aditya Samant Date: Wed, 6 Dec 2023 14:13:46 +0530 Subject: [PATCH 020/279] 43256 - Changes to consolidate and streamline Kubernetes basics tutorials to avoid redundancy and confusion --- content/en/docs/tutorials/hello-minikube.md | 9 ++++++++- .../kubernetes-basics/create-cluster/cluster-intro.html | 3 --- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/content/en/docs/tutorials/hello-minikube.md b/content/en/docs/tutorials/hello-minikube.md index d12775eb2352f..ac4ac69ad184f 100644 --- a/content/en/docs/tutorials/hello-minikube.md +++ b/content/en/docs/tutorials/hello-minikube.md @@ -28,7 +28,10 @@ The tutorial provides a container image that uses NGINX to echo back all the req This tutorial assumes that you have already set up `minikube`. -See [minikube start](https://minikube.sigs.k8s.io/docs/start/) for installation instructions. +See __Step 1__ in [minikube start](https://minikube.sigs.k8s.io/docs/start/) for installation instructions. +{{< note >}} +Only execute the instructions in __Step 1, Installation__. The rest is covered on this page. +{{< /note >}} You also need to install `kubectl`. See [Install tools](/docs/tasks/tools/#kubectl) for installation instructions. @@ -315,6 +318,10 @@ minikube delete If you want to use minikube again to learn more about Kubernetes, you don't need to delete it. +## Conclusion + +This page covered the basic aspects to get a minikube cluster up and running. You are now ready to deploy applications. + ## {{% heading "whatsnext" %}} diff --git a/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html b/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html index e8c30f627821b..6274787b9e937 100644 --- a/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html @@ -96,9 +96,6 @@

Cluster Diagram

-
-

Once you've done that, move on to Using kubectl to create a Deployment.

-
From 5d1eb2af2a9803b660f055bdb6f4295c2bd96c3e Mon Sep 17 00:00:00 2001 From: Haripriya Date: Thu, 7 Dec 2023 00:27:29 +0530 Subject: [PATCH 021/279] added note --- content/en/docs/tutorials/services/source-ip.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/en/docs/tutorials/services/source-ip.md b/content/en/docs/tutorials/services/source-ip.md index c6aeea4ac424a..1c182e8bbaa0a 100644 --- a/content/en/docs/tutorials/services/source-ip.md +++ b/content/en/docs/tutorials/services/source-ip.md @@ -56,6 +56,9 @@ The output is: deployment.apps/source-ip-app created ``` +{{< note >}} +The example image works only with AMD64 architecture. +{{< note >}} ## {{% heading "objectives" %}} From c27b829aaf8d8bce43127cecb65e36cc3d33d810 Mon Sep 17 00:00:00 2001 From: Junya Okabe <86868255+Okabe-Junya@users.noreply.github.com> Date: Thu, 7 Dec 2023 17:09:04 +0900 Subject: [PATCH 022/279] revert: L25 Co-authored-by: atoato88 --- content/ja/docs/contribute/localization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/contribute/localization.md b/content/ja/docs/contribute/localization.md index dd41fe3e615c8..c97e48d52242c 100644 --- a/content/ja/docs/contribute/localization.md +++ b/content/ja/docs/contribute/localization.md @@ -22,7 +22,7 @@ card: 翻訳作業は全て[GitHubのIssue](https://github.com/kubernetes/website/issues?q=is%3Aissue+is%3Aopen+label%3Alanguage%2Fja)によって管理されています。翻訳作業を行いたい場合は、Issueの一覧をまず最初にご確認ください。 -また、Kubernetes傘下のリポジトリでは`CLA`と呼ばれる同意書に署名しないと、Pull Requestをマージすることができません。詳しくは[英語のドキュメント](https://github.com/kubernetes/community/blob/main/CLA.md)や、[Qiitaに有志の方が書いてくださった日本語のまとめ](https://qiita.com/jlandowner/items/d14d9bc8797a62b65e67)をご覧ください。 +また、Kubernetes傘下のリポジトリでは`CLA`と呼ばれる同意書に署名しないと、Pull Requestをマージすることができません。詳しくは[英語のドキュメント](https://github.com/kubernetes/community/blob/master/CLA.md)や、[Qiitaに有志の方が書いてくださった日本語のまとめ](https://qiita.com/jlandowner/items/d14d9bc8797a62b65e67)をご覧ください。 ### 翻訳を始めるまで From a6338f8bf3250426d73a067a6e5896a2fd1a0966 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 12 Aug 2023 14:19:25 +0100 Subject: [PATCH 023/279] Revise docs for hostPath volumes - Combine warnings - Add a heading for the section about the type field - Improve readability Co-authored-by: Qiming Teng --- content/en/docs/concepts/storage/volumes.md | 108 +++++++++++++------- 1 file changed, 69 insertions(+), 39 deletions(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index 08be7f60e3923..ce6e4a29a5373 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -349,56 +349,81 @@ and then removed entirely in the v1.26 release. ### hostPath {#hostpath} +A `hostPath` volume mounts a file or directory from the host node's filesystem +into your Pod. This is not something that most Pods will need, but it offers a +powerful escape hatch for some applications. + {{< warning >}} -HostPath volumes present many security risks, and it is a best practice to avoid the use of -HostPaths when possible. When a HostPath volume must be used, it should be scoped to only the -required file or directory, and mounted as ReadOnly. +Using the `hostPath` volume type presents many security risks. +If you can avoid using a `hostPath` volume, you should. For example, +define a [`local` PersistentVolume](#local), and use that instead. + +If you are restricting access to specific directories on the node using +admission-time validation, that restriction is only effective when you +additionally require that any mounts of that `hostPath` volume are +**read only**. If you allow a read-write mount of any host path by an +untrusted Pod, the containers in that Pod may be able to subvert the +read-write host mount. + +--- -If restricting HostPath access to specific directories through AdmissionPolicy, `volumeMounts` MUST -be required to use `readOnly` mounts for the policy to be effective. +Take care when using `hostPath` volumes, whether these are mounted as read-only +or as read-write, because: + +* Access to the host filesystem can expose privileged system credentials (such as for the kubelet) or privileged APIs + (such as the container runtime socket), that can be used for container escape or to attack other + parts of the cluster. +* Pods with identical configuration (such as created from a PodTemplate) may + behave differently on different nodes due to different files on the nodes. {{< /warning >}} -A `hostPath` volume mounts a file or directory from the host node's filesystem -into your Pod. This is not something that most Pods will need, but it offers a -powerful escape hatch for some applications. +Some uses for a `hostPath` are: + +* running a container that needs access to node-level system components + (such as a container that transfers system logs to a central location, + accessing those logs using a read-only mount of `/var/log`) +* making a configuration file stored on the host system available read-only + to a {{< glossary_tooltip text="static pod" term_id="static-pod" >}}; + unlike normal Pods, static Pods cannot access ConfigMaps -For example, some uses for a `hostPath` are: +#### `hostPath` volume types -* running a container that needs access to Docker internals; use a `hostPath` - of `/var/lib/docker` -* running cAdvisor in a container; use a `hostPath` of `/sys` -* allowing a Pod to specify whether a given `hostPath` should exist prior to the - Pod running, whether it should be created, and what it should exist as +In addition to the required `path` property, you can optionally specify a +`type` for a `hostPath` volume. -In addition to the required `path` property, you can optionally specify a `type` for a `hostPath` volume. +The available values for `type` are: -The supported values for field `type` are: + | Value | Behavior | |:------|:---------| -| | Empty string (default) is for backward compatibility, which means that no checks will be performed before mounting the hostPath volume. | +| `‌""` | Empty string (default) is for backward compatibility, which means that no checks will be performed before mounting the `hostPath` volume. | | `DirectoryOrCreate` | If nothing exists at the given path, an empty directory will be created there as needed with permission set to 0755, having the same group and ownership with Kubelet. | | `Directory` | A directory must exist at the given path | | `FileOrCreate` | If nothing exists at the given path, an empty file will be created there as needed with permission set to 0644, having the same group and ownership with Kubelet. | | `File` | A file must exist at the given path | | `Socket` | A UNIX socket must exist at the given path | -| `CharDevice` | A character device must exist at the given path | -| `BlockDevice` | A block device must exist at the given path | +| `CharDevice` | _(Linux nodes only)_ A character device must exist at the given path | +| `BlockDevice` | _(Linux nodes only)_ A block device must exist at the given path | -Watch out when using this type of volume, because: +{{< caution >}} +The `FileOrCreate` mode does **not** create the parent directory of the file. If the parent directory +of the mounted file does not exist, the pod fails to start. To ensure that this mode works, +you can try to mount directories and files separately, as shown in the +[`FileOrCreate` example](#hostpath-fileorcreate-example) for `hostPath`. +{{< /caution >}} -* HostPaths can expose privileged system credentials (such as for the Kubelet) or privileged APIs - (such as container runtime socket), which can be used for container escape or to attack other - parts of the cluster. -* Pods with identical configuration (such as created from a PodTemplate) may - behave differently on different nodes due to different files on the nodes -* The files or directories created on the underlying hosts are only writable by root. You - either need to run your process as root in a - [privileged Container](/docs/tasks/configure-pod-container/security-context/) or modify the file - permissions on the host to be able to write to a `hostPath` volume +Some files or directories created on the underlying hosts might only be +accessible by root. You then either need to run your process as root in a +[privileged container](/docs/tasks/configure-pod-container/security-context/) +or modify the file permissions on the host to be able to read from +(or write to) a `hostPath` volume. #### hostPath configuration example +This manifest mounts `/data` on the host as `/test-pd` inside the +single container that runs within the `test-pd` Pod: + ```yaml apiVersion: v1 kind: Pod @@ -414,21 +439,26 @@ spec: volumes: - name: test-volume hostPath: - # directory location on host - path: /data - # this field is optional - type: Directory + path: /data # directory location on host + type: Directory # this field is optional ``` -{{< caution >}} -The `FileOrCreate` mode does not create the parent directory of the file. If the parent directory -of the mounted file does not exist, the pod fails to start. To ensure that this mode works, -you can try to mount directories and files separately, as shown in the -[`FileOrCreate`configuration](#hostpath-fileorcreate-example). -{{< /caution >}} #### hostPath FileOrCreate configuration example {#hostpath-fileorcreate-example} +The following manifest defines a Pod that mounts `/var/local/aaa` +inside the single container in the Pod. If the node does not +already have a path `/var/local/aaa`, the kubelet creates +it as a directory and then mounts it into the Pod. + +If `/var/local/aaa` already exists but is not a directory, +the Pod fails. Additionally, the kubelet attempts to make +a file named `/var/local/aaa/1.txt` inside that directory +(as seen from the host); if something already exists at +that path and isn't a regular file, the Pod fails. + +Here's the example manifest: + ```yaml apiVersion: v1 kind: Pod From ba4579ef43c86e09c4a1779d66fe28c2b0097303 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 12 Aug 2023 14:33:00 +0100 Subject: [PATCH 024/279] Add Windows examples for hostPath Allow seeing an example of hostPath on Linux and on Windows --- content/en/docs/concepts/storage/volumes.md | 65 ++++++++++++++++----- 1 file changed, 52 insertions(+), 13 deletions(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index ce6e4a29a5373..94dd3757eae2d 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -421,28 +421,64 @@ or modify the file permissions on the host to be able to read from #### hostPath configuration example -This manifest mounts `/data` on the host as `/test-pd` inside the -single container that runs within the `test-pd` Pod: - -```yaml +{{< tabs name="hostpath_examples" >}} +{{< tab name="Linux node" codelang="yaml" >}} +--- +# This manifest mounts /data/foo on the host as /foo inside the +# single container that runs within the hostpath-example-linux Pod. +# +# The mount into the container is read-only. apiVersion: v1 kind: Pod metadata: - name: test-pd + name: hostpath-example-linux spec: + os: { name: linux } + nodeSelector: + kubernetes.io/os: linux containers: - - image: registry.k8s.io/test-webserver - name: test-container + - name: example-container + image: registry.k8s.io/test-webserver volumeMounts: - - mountPath: /test-pd - name: test-volume + - mountPath: /foo + name: example-volume + readOnly: true volumes: - - name: test-volume + - name: example-volume + # mount /data/foo, but only if that directory already exists hostPath: - path: /data # directory location on host + path: /data/foo # directory location on host type: Directory # this field is optional -``` - +{{< /tab >}} +{{< tab name="Windows node" codelang="yaml" >}} +--- +# This manifest mounts C:\Data\foo on the host as C:\foo, inside the +# single container that runs within the hostpath-example-windows Pod. +# +# The mount into the container is read-only. +apiVersion: v1 +kind: Pod +metadata: + name: hostpath-example-windows +spec: + os: { name: windows } + nodeSelector: + kubernetes.io/os: windows + containers: + - name: example-container + image: microsoft/windowsservercore:1709 + volumeMounts: + - name: example-volume + mountPath: "C:\\foo" + readOnly: true + volumes: + # mount C:\Data\foo from the host, but only if that directory already exists + - name: example-volume + hostPath: + path: "C:\\Data\\foo" # directory location on host + type: Directory # this field is optional +{{< /tab >}} +{{< /tabs >}} #### hostPath FileOrCreate configuration example {#hostpath-fileorcreate-example} @@ -465,6 +501,9 @@ kind: Pod metadata: name: test-webserver spec: + os: { name: linux } + nodeSelector: + kubernetes.io/os: linux containers: - name: test-webserver image: registry.k8s.io/test-webserver:latest From eda85b8850372d4baaec4d71252610e6107d95bc Mon Sep 17 00:00:00 2001 From: windsonsea Date: Fri, 8 Dec 2023 15:56:44 +0800 Subject: [PATCH 025/279] [zh] Update kubeadm-config.v1beta3.md --- .../config-api/kubeadm-config.v1beta3.md | 185 ++++++++---------- 1 file changed, 82 insertions(+), 103 deletions(-) diff --git a/content/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3.md b/content/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3.md index 3b8ca64a42dc7..2dda92ebd1170 100644 --- a/content/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3.md +++ b/content/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3.md @@ -3,7 +3,6 @@ title: kubeadm 配置 (v1beta3) content_type: tool-reference package: kubeadm.k8s.io/v1beta3 --- -

概述

-

包 v1beta3 定义 kubeadm 配置文件格式的 v1beta3 版本。 +

v1beta3 包定义 v1beta3 版本的 kubeadm 配置文件格式。 此版本改进了 v1beta2 的格式,修复了一些小问题并添加了一些新的字段。

从 v1beta2 版本以来的变更列表:

@@ -37,13 +36,13 @@ a list of phases during kubeadm init/join command execution. -->
  • 已弃用的字段 "ClusterConfiguration.useHyperKubeImage" 现在被移除。 - kubeadm 不再支持 hyperkube 镜像。
    • -
  • 字段 "ClusterConfiguration.dns.type" 已经被移除,因为 CoreDNS 是 kubeadm 所支持 - 的唯一 DNS 服务器类型。
    • -
  • 保存私密信息的字段现在包含了 "datapolicy" 标记(tag)。 +kubeadm 不再支持 hyperkube 镜像。
    • +
  • "ClusterConfiguration.dns.type" 字段已经被移除,因为 CoreDNS 是 +kubeadm 所支持的唯一 DNS 服务器类型。
    • +
  • 保存 Secret 信息的字段现在包含了 "datapolicy" 标记(tag)。 这一标记会导致 API 结构通过 klog 打印输出时,会忽略这些字段的值。
    • -
  • 添加了 "InitConfiguration.skipPhases", "JoinConfiguration.skipPhases", -以允许在执行 kubeadm init/join 命令时略过某些阶段。
    • +
  • 添加了 "InitConfiguration.skipPhases"、"JoinConfiguration.skipPhases", +以允许在执行 kubeadm init/join 命令时略过某些阶段。
  • 添加了 "InitConfiguration.nodeRegistration.imagePullPolicy" 和 "JoinConfiguration.nodeRegistration.imagePullPolicy" -以允许在 kubeadm init 和 kubeadm join 期间指定镜像拉取策略。 +以允许在 kubeadm initkubeadm join 期间指定镜像拉取策略。 这两个字段的值必须是 "Always"、"Never" 或 "IfNotPresent" 之一。 默认值是 "IfNotPresent",也是添加此字段之前的默认行为。
    • -
  • 添加了 "InitConfiguration.patches.directory", +
  • 添加了 "InitConfiguration.patches.directory" 和 "JoinConfiguration.patches.directory" 以允许用户配置一个目录, kubeadm 将从该目录中提取组件的补丁包。
  • BootstrapToken* API 和相关的工具被从 "kubeadm" API 组中移出, @@ -76,8 +75,7 @@ BootstrapToken* 结构。

    • 从老的 kubeadm 配置版本迁移:

    • kubeadm v1.15.x 及更新的版本可以用来从 v1beta1 迁移到 v1beta2 版本;
      • -
    • kubeadm v1.22.x 及更新的版本不再支持 v1beta1 和更老的 API,但可以用来 -从 v1beta2 迁移到 v1beta3。
      • +
    • kubeadm v1.22.x 及更新的版本不再支持 v1beta1 和更老的 API,但可以用来从 v1beta2 迁移到 v1beta3。
    -

    类型 InitConfiguration 用来配置运行时设置,就 kubeadm init 命令而言,包括 -启动引导令牌以及所有与 kubeadm 所在节点相关的设置,包括:

    +

    类型 InitConfiguration 用来配置运行时设置,就 kubeadm init 命令而言, +包括启动引导令牌以及所有与 kubeadm 所在节点相关的设置,包括:

      -
    • nodeRegistration:其中包含与向集群注册新节点相关的字段;使用这个类型来 -定制节点名称、要使用的 CRI 套接字或者其他仅对当前节点起作用的设置 +
    • nodeRegistration:其中包含与向集群注册新节点相关的字段; +使用这个类型来定制节点名称、要使用的 CRI 套接字或者其他仅对当前节点起作用的设置 (例如节点 IP 地址)。
      • -
    • localAPIEndpoint:代表的是要部署到此节点上的 API 服务器示例的端点; +
    • localAPIEndpoint:代表的是要部署到此节点上的 API 服务器实例的端点; 使用这个类型可以完成定制 API 服务器公告地址这类操作。
    @@ -227,8 +222,8 @@ Pod subnet or services subnet.

    类型 ClusterConfiguration 用来定制集群范围的设置,具体包括以下设置:

      -

    • networking:其中包含集群的网络拓扑配置。使用这一部分可以定制 Pod 的 -子网或者 Service 的子网。

      +

    • networking:其中包含集群的网络拓扑配置。使用这一部分可以定制 Pod +的子网或者 Service 的子网。

    • -

      etcd:etcd 数据库的配置。例如使用这个部分可以定制本地 etcd 或者配置 API 服务器 -使用一个外部的 etcd 集群。

      +

      etcd:etcd 数据库的配置。例如使用这个部分可以定制本地 etcd 或者配置 API +服务器使用一个外部的 etcd 集群。

    • kube-apiserverkube-schedulerkube-controller-manager @@ -261,11 +256,11 @@ deployed in the cluster. If this object is not provided or provided only partial https://pkg.go.dev/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration for kube-proxy official documentation.

      --> -

      KubeProxyConfiguration 类型用来更改传递给在集群中部署的 kube-proxy 实例 -的配置。如果此对象没有提供,或者仅部分提供,kubeadm 使用默认值。

      +

      KubeProxyConfiguration 类型用来更改传递给在集群中部署的 kube-proxy 实例的配置。 +如果此对象没有提供,或者仅部分提供,kubeadm 使用默认值。

      关于 kube-proxy 的官方文档,可参阅 -https://kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-proxy/ +https://kubernetes.io/zh-cn/docs/reference/command-line-tools-reference/kube-proxy/ 或者 https://pkg.go.dev/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration。

      @@ -287,7 +282,7 @@ configuration types to be used during a kubeadm init run.

      如果此对象没有提供,或者仅部分提供,kubeadm 使用默认值。

      关于 kubelet 的官方文档,可参阅 -https://kubernetes.io/zh/docs/reference/command-line-tools-reference/kubelet/ +https://kubernetes.io/zh-cn/docs/reference/command-line-tools-reference/kubelet/ 或者 https://pkg.go.dev/k8s.io/kubelet/config/v1beta1#KubeletConfiguration。

      @@ -401,9 +396,9 @@ https://pkg.go.dev/k8s.io/kubelet/config/v1beta1#KubeletConfiguration。

      Kubeadm join configuration types

      When executing kubeadm join with the --config option, the JoinConfiguration type should be provided.

      --> -

      kubeadm join 配置类型

      +

      kubeadm join 配置类型

      -

      当带有 --config 选项来执行 kubeadm join 操作时, +

      当使用 --config 选项执行 kubeadm join 命令时, 需要提供 JoinConfiguration 类型。

      apiVersion: kubeadm.k8s.io/v1beta3
@@ -426,8 +421,8 @@ node only (e.g. the node ip).
    --> -

    JoinConfiguration 类型用来配置运行时设置,就 kubeadm join 而言包括 -用来访问集群信息的发现方法,以及所有特定于 kubeadm 执行所在节点的设置,包括:

    +

    JoinConfiguration 类型用来配置运行时设置,就 kubeadm join +而言包括用来访问集群信息的发现方法,以及所有特定于 kubeadm 执行所在节点的设置,包括:

    • nodeRegistration:其中包含向集群注册新节点相关的配置字段; @@ -458,7 +453,7 @@ node only (e.g. the node ip).

      -

      BootstrapToken 描述的是一个启动引导令牌,以 Secret 形式存储在集群中。

      +

      BootstrapToken 描述的是一个启动引导令牌,以 Secret 形式存储在集群中。

      @@ -484,7 +479,7 @@ Used for joining nodes in the cluster. description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose. --> -

      description 设置一个对人友好的消息, +

      description 设置一个对用户友好的消息, 说明为什么此令牌会存在以及其目标用途,这样其他管理员能够知道其目的。

      @@ -556,7 +551,7 @@ of view and as an authentication method for the node in the bootstrap phase of -->

      BootstrapTokenString 形式为 abcdef.abcdef0123456789 的一个令牌, 用来从加入集群的节点角度验证 API 服务器的身份,或者 "kubeadm join" -在节点启动引导是作为一种身份认证方法。 +在节点启动引导时作为一种身份认证方法。 此令牌的生命期是短暂的,并且应该如此。

      字段描述
      @@ -567,7 +562,7 @@ of view and as an authentication method for the node in the bootstrap phase of @@ -586,7 +581,7 @@ of view and as an authentication method for the node in the bootstrap phase of -

      ClusterConfiguration 包含一个 kubadm 集群的集群范围配置信息。

      +

      ClusterConfiguration 包含一个 kubeadm 集群的集群范围配置信息。

      字段描述
      - 无描述。 + 令牌的 ID。
      - [必需]
      @@ -575,7 +570,7 @@ of view and as an authentication method for the node in the bootstrap phase of       		- 无描述。 + 令牌的私密数据。
      @@ -638,8 +633,7 @@ the bindPort is used. Possible usages are:

      -->

      controlPlaneEndpoint 为控制面设置一个稳定的 IP 地址或 DNS 名称。 -取值可以是一个合法的 IP 地址或者 RFC-1123 形式的 DNS 子域名,二者均可以带一个 -可选的 TCP 端口号。 +取值可以是一个合法的 IP 地址或者 RFC-1123 形式的 DNS 子域名,二者均可以带一个可选的 TCP 端口号。 如果 controlPlaneEndpoint 未设置,则使用 advertiseAddress + bindPort。 如果设置了 controlPlaneEndpoint,但未指定 TCP 端口号,则使用 @@ -655,10 +649,8 @@ be used for assigning a stable DNS to the control plane. -->

        -
      • 在一个包含不止一个控制面实例的集群中,该字段应该设置为放置在控制面 -实例之前的外部负载均衡器的地址。
        • -
      • 在带有强制性节点回收的环境中,controlPlaneEndpoint 可以用来 -为控制面设置一个稳定的 DNS。
        • +
      • 在一个包含不止一个控制面实例的集群中,该字段应该设置为放置在控制面实例前面的外部负载均衡器的地址。
        • +
      • 在带有强制性节点回收的环境中,controlPlaneEndpoint 可以用来为控制面设置一个稳定的 DNS。
      @@ -725,7 +717,7 @@ and for kube-proxy, while registry.k8s.io will be used for all the -->

      imageRepository 设置用来拉取镜像的容器仓库。 如果此字段为空,默认使用 registry.k8s.io。 -当 Kubernetes 用来执行 CI 构造时(Kubernetes 版本以 ci/ 开头), +当 Kubernetes 用来执行 CI 构建时(Kubernetes 版本以 ci/ 开头), 将默认使用 gcr.io/k8s-staging-ci-images 来拉取控制面组件镜像, 而使用 registry.k8s.io 来拉取所有其他镜像。

      @@ -784,9 +776,8 @@ that is used by kubeadm upgrade for instance. These fields must be This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature

      -->

      bootstrapTokenskubeadm init 执行时会被用到, -其中描述了一组要创建的启动引导令牌(Bootstrap Tokens)。 -这里的信息不会被上传到 kubeadm 在集群中保存的 ConfigMap 中,部分原因是由于信息 -本身比较敏感。

      +其中描述了一组要创建的启动引导令牌(Bootstrap Tokens)。这里的信息不会被上传到 kubeadm +在集群中保存的 ConfigMap 中,部分原因是由于信息本身比较敏感。

       @@ -902,8 +892,8 @@ control-plane node to the cluster. comunications between a node and the control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". --> - caCertPath 是指向 SSL 证书机构的路径,该证书包用来加密 -节点与控制面之间的通信。默认值为 "/etc/kubernetes/pki/ca.crt"。 + caCertPath 是指向 SSL 证书机构的路径,该证书包用来加密节点与控制面之间的通信。 + 默认值为 "/etc/kubernetes/pki/ca.crt"。

      @@ -929,8 +919,8 @@ bootstrap process. controlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed. --> - controlPlane 定义要在正被加入到集群中的节点上部署的额外 -控制面实例。此字段为 null 时,不会再上面部署额外的控制面实例。 + controlPlane 定义要在正被加入到集群中的节点上部署的额外控制面实例。 + 此字段为 null 时,不会在上面部署额外的控制面实例。

      @@ -958,8 +948,7 @@ The flag --skip-phases takes precedence over this field. patches contains options related to applying patches to components deployed by kubeadm during kubeadm join. --> - 此字段包含 kubeadm join 阶段向 kubeadm 所部署的组件打补丁 -的选项。 + 此字段包含 kubeadm join 阶段向 kubeadm 所部署的组件打补丁的选项。

      @@ -974,7 +963,6 @@ by kubeadm during kubeadm join. **出现在:** - [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration) - - [JoinControlPlane](#kubeadm-k8s-io-v1beta3-JoinControlPlane)

      @@ -1056,7 +1044,7 @@ APIServer 包含集群中 API 服务器部署所必需的设置。 - certSANs 设置 API 服务器签署证书所用的额外主题替代名(Subject Alternative Name,SAN)。 + certSANs 设置 API 服务器签署证书所用的额外主体替代名(Subject Alternative Name,SAN)。

      @@ -1154,8 +1142,8 @@ object in DER-encoded ASN.1. These hashes can be calculated using, for example, via caCertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane. --> - unsafeSkipCAVerification 允许在使用基于令牌的服务发现时 -不使用 caCertHashes 来执行 CA 验证。这会弱化 kubeadm 的安全性, + unsafeSkipCAVerification 允许在使用基于令牌的服务发现时不使用 + caCertHashes 来执行 CA 验证。这会弱化 kubeadm 的安全性, 因为其他节点可以伪装成控制面。

      @@ -1242,7 +1230,7 @@ DNS defines the DNS addon that should be used in the cluster - imageMeta 允许对 DNS 组件所使用的的镜像作定制。 + imageMeta 允许对 DNS 组件所使用的镜像作定制。

      @@ -1291,8 +1279,7 @@ Discovery specifies the options for the kubelet to use during the TLS Bootstrap cluster information. bootstrapToken and file are mutually exclusive. --> - 用来设置一个文件或者 URL 路径,指向一个 kubeconfig 文件;该配置文件 -中包含集群信息。 + 用来设置一个文件或者 URL 路径,指向一个 kubeconfig 文件;该配置文件中包含集群信息。 bootstrapTokenfile 是互斥的。

      @@ -1310,8 +1297,7 @@ does not contain any other authentication information --> tlsBootstrapToken 是 TLS 启动引导过程中使用的令牌。 如果设置了 bootstrapToken,则此字段默认值为 .bootstrapToken.token,不过可以被重载。 -如果设置了 file,此字段必须被设置,以防 kubeconfig 文件 -中不包含其他身份认证信息。 +如果设置了 file,此字段必须被设置,以防 kubeconfig 文件中不包含其他身份认证信息。

      @@ -1442,7 +1428,7 @@ Required if using a TLS connection.

      keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.

      --> -

      keyFile 是一个用来加密 etcd 通信的 SSL 秘钥文件。 +

      keyFile 是一个用来加密 etcd 通信的 SSL 密钥文件。 此字段在使用 TLS 连接时为必填字段。

      @@ -1462,8 +1448,8 @@ Required if using a TLS connection.

      FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information.

      --> -

      FileDiscovery 用来指定一个文件或者 URL 路径,指向一个 kubeconfig 文件;该配置文件 -可用来加载集群信息。

      +

      FileDiscovery 用来指定一个文件或者 URL 路径,指向一个 kubeconfig 文件; +该配置文件可用来加载集群信息。

      字段描述
      nodeRegistration
      @@ -813,10 +804,9 @@ This configuration object lets you customize what IP/DNS name and port the local advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here.

      --> -

      localAPIEndpoint 所代表的的是在此控制面节点上要部署的 API 服务器 -的端点。在高可用(HA)配置中,此字段与 ClusterConfiguration.controlPlaneEndpoint -的取值不同:后者代表的是整个集群的全局端点,该端点上的请求会被负载均衡到每个 -API 服务器。 +

      localAPIEndpoint 所代表的是在此控制面节点上要部署的 API 服务器的端点。 + 在高可用(HA)配置中,此字段与 ClusterConfiguration.controlPlaneEndpoint +的取值不同:后者代表的是整个集群的全局端点,该端点上的请求会被负载均衡到每个 API 服务器。 此配置对象允许你定制本地 API 服务器所公布的、可访问的 IP/DNS 名称和端口。 默认情况下,kubeadm 会尝试自动检测默认接口上的 IP 并使用该地址。 不过,如果这种检测失败,你可以在此字段中直接设置所期望的值。

      @@ -830,8 +820,8 @@ API 服务器。

      certificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in a Secret in the cluster during the uploadcerts init phase.

      --> -

      certificateKey 用来设置一个秘钥,该秘钥将对 uploadcerts init -阶段上传到集群中某 Secret 内的秘钥和证书加密。

      +

      certificateKey 用来设置一个密钥,该密钥将对 uploadcerts init +阶段上传到集群中某 Secret 内的密钥和证书加密。
      skipPhases
      @@ -856,8 +846,8 @@ The flag "--skip-phases" takes precedence over this field.

      patches contains options related to applying patches to components deployed by kubeadm during kubeadm init.

      --> -

      patches 包含与 kubeadm init 阶段 kubeadm 所部署 -的组件上要应用的补丁相关的信息。

      +

      patches 包含与 kubeadm init 阶段 kubeadm + 所部署的组件上要应用的补丁相关的信息。
      @@ -1496,7 +1482,7 @@ file from which to load cluster information.

      -

      HostPathMount 包含从宿主节点挂载的卷的信息。 +

      HostPathMount 包含从主机节点挂载的卷的信息。

      字段描述
      @@ -1519,7 +1505,7 @@ HostPathMount contains elements describing volumes that are mounted from the hos -

      hostPath 是要在 Pod 中挂载的卷在宿主系统上的路径。

      +

      hostPath 是要在 Pod 中挂载的卷在主机系统上的路径。

       @@ -458,7 +458,7 @@ Default: nil

       From a17b89663bdbd7b5701c87a9b89f817220eee2c9 Mon Sep 17 00:00:00 2001 From: steve-hardman <132999137+steve-hardman@users.noreply.github.com> Date: Sun, 24 Dec 2023 15:39:59 +0000 Subject: [PATCH 052/279] Fix typo --- .../en/docs/concepts/containers/container-lifecycle-hooks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/containers/container-lifecycle-hooks.md b/content/en/docs/concepts/containers/container-lifecycle-hooks.md index 038121a5d0049..39236328011fb 100644 --- a/content/en/docs/concepts/containers/container-lifecycle-hooks.md +++ b/content/en/docs/concepts/containers/container-lifecycle-hooks.md @@ -50,7 +50,7 @@ A more detailed description of the termination behavior can be found in ### Hook handler implementations Containers can access a hook by implementing and registering a handler for that hook. -There are two types of hook handlers that can be implemented for Containers: +There are threetypes of hook handlers that can be implemented for Containers: * Exec - Executes a specific command, such as `pre-stop.sh`, inside the cgroups and namespaces of the Container. Resources consumed by the command are counted against the Container. From f04d1d603d2d82c6c853f2b3e5fcfe17641f3f2d Mon Sep 17 00:00:00 2001 From: mhash17 Date: Sun, 24 Dec 2023 20:47:32 +0100 Subject: [PATCH 053/279] Update networkpolicy.yaml Harmonizing indent of the yaml to be equal in formatting to other code examples in network-policies.md --- .../service/networking/networkpolicy.yaml | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/content/en/examples/service/networking/networkpolicy.yaml b/content/en/examples/service/networking/networkpolicy.yaml index e91eed2f67e4b..42df933c0cd36 100644 --- a/content/en/examples/service/networking/networkpolicy.yaml +++ b/content/en/examples/service/networking/networkpolicy.yaml @@ -8,28 +8,28 @@ spec: matchLabels: role: db policyTypes: - - Ingress - - Egress + - Ingress + - Egress ingress: - - from: - - ipBlock: - cidr: 172.17.0.0/16 - except: - - 172.17.1.0/24 - - namespaceSelector: - matchLabels: - project: myproject - - podSelector: - matchLabels: - role: frontend - ports: - - protocol: TCP - port: 6379 + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + - namespaceSelector: + matchLabels: + project: myproject + - podSelector: + matchLabels: + role: frontend + ports: + - protocol: TCP + port: 6379 egress: - - to: - - ipBlock: - cidr: 10.0.0.0/24 - ports: - - protocol: TCP - port: 5978 + - to: + - ipBlock: + cidr: 10.0.0.0/24 + ports: + - protocol: TCP + port: 5978 From d536e46dbdb49175da7c711a4b39df56b6a263de Mon Sep 17 00:00:00 2001 From: Takashiidobe Date: Sun, 24 Dec 2023 21:00:53 -0500 Subject: [PATCH 054/279] fix typos --- .../cluster-administration/system-metrics.md | 2 +- .../compute-storage-net/device-plugins.md | 4 +- content/en/docs/concepts/policy/_index.md | 2 +- .../concepts/security/security-checklist.md | 2 +- .../services-networking/endpoint-slices.md | 2 +- .../concepts/workloads/controllers/job.md | 4 +- .../workloads/controllers/replicaset.md | 2 +- .../en/docs/contribute/style/diagram-guide.md | 2 +- .../certificate-signing-requests.md | 2 +- .../service-accounts-admin.md | 2 +- .../validating-admission-policy.md | 2 +- ...ubelet-pod-resources-dynamice-resources.md | 2 +- .../command-line-tools-reference/kubelet.md | 5 +- .../config-api/apiserver-audit.v1.md | 4 +- .../config-api/kubeadm-config.v1beta4.md | 2 +- .../reference/config-api/kubeconfig.v1.md | 6 +- .../config-api/kubelet-config.v1beta1.md | 2 +- .../kubelet-credentialprovider.v1.md | 2 +- .../docs/reference/instrumentation/metrics.md | 4 +- .../cluster-resources/api-service-v1.md | 2 +- .../csi-driver-v1.md | 57 +++++++++---------- .../volume-attachment-v1.md | 2 +- .../service-resources/endpoint-slice-v1.md | 2 +- .../labels-annotations-taints/_index.md | 6 +- .../audit-annotations.md | 2 +- .../reference/node/kubelet-checkpoint-api.md | 2 +- .../generated/kubeadm_config_validate.md | 2 +- .../reference/tools/map-crictl-dockercli.md | 2 +- content/en/docs/reference/using-api/cel.md | 2 +- .../reference/using-api/server-side-apply.md | 2 +- .../kubeadm/kubeadm-certs.md | 4 +- ...oubleshooting-cni-plugin-related-errors.md | 2 +- .../verify-signed-artifacts.md | 4 +- .../configure-service-account.md | 4 +- .../pull-image-private-registry.md | 12 ++-- .../debug/debug-application/debug-pods.md | 6 +- .../docs/tasks/debug/debug-cluster/windows.md | 2 +- .../custom-resource-definitions.md | 2 +- .../socks5-proxy-access-api.md | 2 +- 39 files changed, 85 insertions(+), 87 deletions(-) diff --git a/content/en/docs/concepts/cluster-administration/system-metrics.md b/content/en/docs/concepts/cluster-administration/system-metrics.md index ff6b41bbcd0ef..84204b034b4ca 100644 --- a/content/en/docs/concepts/cluster-administration/system-metrics.md +++ b/content/en/docs/concepts/cluster-administration/system-metrics.md @@ -214,7 +214,7 @@ allow-list: Additionally, the `cardinality_enforcement_unexpected_categorizations_total` meta-metric records the count of unexpected categorizations during cardinality enforcement, that is, whenever a label value -is encountered that is not allowed with respect to the allow-list contraints. +is encountered that is not allowed with respect to the allow-list constraints. ## {{% heading "whatsnext" %}} diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md index 8dd955cdad965..6516179150e43 100644 --- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md +++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md @@ -114,7 +114,7 @@ The general workflow of a device plugin includes the following steps: // informed allocation decision when possible. rpc GetPreferredAllocation(PreferredAllocationRequest) returns (PreferredAllocationResponse) {} - // PreStartContainer is called, if indicated by Device Plugin during registeration phase, + // PreStartContainer is called, if indicated by Device Plugin during registration phase, // before each container start. Device plugin can run device specific operations // such as resetting the device before making devices available to the container. rpc PreStartContainer(PreStartContainerRequest) returns (PreStartContainerResponse) {} @@ -346,7 +346,7 @@ update and Kubelet needs to be restarted to reflect the correct resource capacit {{< /note >}} ```gRPC -// AllocatableResourcesResponses contains informations about all the devices known by the kubelet +// AllocatableResourcesResponses contains information about all the devices known by the kubelet message AllocatableResourcesResponse { repeated ContainerDevices devices = 1; repeated int64 cpu_ids = 2; diff --git a/content/en/docs/concepts/policy/_index.md b/content/en/docs/concepts/policy/_index.md index de4ebf99f82bc..0998b7ec14b04 100644 --- a/content/en/docs/concepts/policy/_index.md +++ b/content/en/docs/concepts/policy/_index.md @@ -64,5 +64,5 @@ Dynamic Admission Controllers that act as flexible policy engines are being deve ## Apply policies using Kubelet configurations Kubernetes allows configuring the Kubelet on each worker node. Some Kubelet configurations act as policies: -* [Process ID limts and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs. +* [Process ID limits and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs. * [Node Resource Managers](/docs/concepts/policy/node-resource-managers/) can manage compute, memory, and device resources for latency-critical and high-throughput workloads. diff --git a/content/en/docs/concepts/security/security-checklist.md b/content/en/docs/concepts/security/security-checklist.md index ce96812567c82..0bb3c91d4a7f1 100644 --- a/content/en/docs/concepts/security/security-checklist.md +++ b/content/en/docs/concepts/security/security-checklist.md @@ -390,7 +390,7 @@ availability state and recommended to improve your security posture: [`NodeRestriction`](/docs/reference/access-authn-authz/admission-controllers/#noderestriction) : Restricts kubelet's permissions to only modify the pods API resources they own -or the node API ressource that represent themselves. It also prevents kubelet +or the node API resource that represent themselves. It also prevents kubelet from using the `node-restriction.kubernetes.io/` annotation, which can be used by an attacker with access to the kubelet's credentials to influence pod placement to the controlled node. diff --git a/content/en/docs/concepts/services-networking/endpoint-slices.md b/content/en/docs/concepts/services-networking/endpoint-slices.md index 985e9e6c81e6c..15e38744872a2 100644 --- a/content/en/docs/concepts/services-networking/endpoint-slices.md +++ b/content/en/docs/concepts/services-networking/endpoint-slices.md @@ -210,7 +210,7 @@ perfectly full distribution of EndpointSlices. As an example, if there are 10 new endpoints to add and 2 EndpointSlices with room for 5 more endpoints each, this approach will create a new EndpointSlice instead of filling up the 2 existing EndpointSlices. In other words, a single EndpointSlice creation is -preferrable to multiple EndpointSlice updates. +preferable to multiple EndpointSlice updates. With kube-proxy running on each Node and watching EndpointSlices, every change to an EndpointSlice becomes relatively expensive since it will be transmitted to diff --git a/content/en/docs/concepts/workloads/controllers/job.md b/content/en/docs/concepts/workloads/controllers/job.md index cc51f6f84a7a0..be5775973b83d 100644 --- a/content/en/docs/concepts/workloads/controllers/job.md +++ b/content/en/docs/concepts/workloads/controllers/job.md @@ -395,7 +395,7 @@ for pod failures independently for each index. To do so, set the `.spec.backoffLimitPerIndex` to specify the maximal number of pod failures per index. -When the per-index backoff limit is exceeded for an index, Kuberentes considers the index as failed and adds it to the +When the per-index backoff limit is exceeded for an index, Kubernetes considers the index as failed and adds it to the `.status.failedIndexes` field. The succeeded indexes, those with a successfully executed pods, are recorded in the `.status.completedIndexes` field, regardless of whether you set the `backoffLimitPerIndex` field. @@ -940,7 +940,7 @@ the Job status, allowing the Pod to be removed by other controllers or users. {{< note >}} See [My pod stays terminating](/docs/tasks/debug/debug-application/debug-pods/) if you -observe that pods from a Job are stucked with the tracking finalizer. +observe that pods from a Job are stuck with the tracking finalizer. {{< /note >}} ### Elastic Indexed Jobs diff --git a/content/en/docs/concepts/workloads/controllers/replicaset.md b/content/en/docs/concepts/workloads/controllers/replicaset.md index 46306db0fe9b1..c419f98fe1a04 100644 --- a/content/en/docs/concepts/workloads/controllers/replicaset.md +++ b/content/en/docs/concepts/workloads/controllers/replicaset.md @@ -225,7 +225,7 @@ pod1 1/1 Running 0 36s pod2 1/1 Running 0 36s ``` -In this manner, a ReplicaSet can own a non-homogenous set of Pods +In this manner, a ReplicaSet can own a non-homogeneous set of Pods ## Writing a ReplicaSet manifest diff --git a/content/en/docs/contribute/style/diagram-guide.md b/content/en/docs/contribute/style/diagram-guide.md index 6a0d44828f5af..438ed5d8b0dfb 100644 --- a/content/en/docs/contribute/style/diagram-guide.md +++ b/content/en/docs/contribute/style/diagram-guide.md @@ -624,7 +624,7 @@ caption and the diagram referral. flowchart A[Diagram

      Inline Mermaid or
      SVG image files] B[Diagram Caption

      Add Figure Number. and
      Caption Text] -C[Diagram Referral

      Referenence Figure Number
      in text] +C[Diagram Referral

      Reference Figure Number
      in text] classDef box fill:#fff,stroke:#000,stroke-width:1px,color:#000; class A,B,C box diff --git a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md index ec13b0badefca..b3d0a15238c8d 100644 --- a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md +++ b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md @@ -438,7 +438,7 @@ controller in the cluster, so they have several security features: `/*`. * Signer-linked ClusterTrustBundles **must** be named with a prefix derived from their `spec.signerName` field. Slashes (`/`) are replaced with colons (`:`), - and a final colon is appended. This is followed by an arbitary name. For + and a final colon is appended. This is followed by an arbitrary name. For example, the signer `example.com/mysigner` can be linked to a ClusterTrustBundle `example.com:mysigner:`. diff --git a/content/en/docs/reference/access-authn-authz/service-accounts-admin.md b/content/en/docs/reference/access-authn-authz/service-accounts-admin.md index f2f1025701bf8..1f1fa64f60b46 100644 --- a/content/en/docs/reference/access-authn-authz/service-accounts-admin.md +++ b/content/en/docs/reference/access-authn-authz/service-accounts-admin.md @@ -166,7 +166,7 @@ purged by the control plane. If users use an invalidated auto-generated token, the token validator will 1. add an audit annotation for the key-value pair - `authentication.k8s.io/legacy-token-invalidated: /`, + `authentication.k8s.io/legacy-token-invalidated: /`, 1. increment the `invalid_legacy_auto_token_uses_total` metric count, 1. update the Secret label `kubernetes.io/legacy-token-last-used` with the new date, diff --git a/content/en/docs/reference/access-authn-authz/validating-admission-policy.md b/content/en/docs/reference/access-authn-authz/validating-admission-policy.md index 58d351c163667..f7f705aa9f59e 100644 --- a/content/en/docs/reference/access-authn-authz/validating-admission-policy.md +++ b/content/en/docs/reference/access-authn-authz/validating-admission-policy.md @@ -375,7 +375,7 @@ When an API request is validated with this admission policy, the resulting audit ``` In this example the annotation will only be included if the `spec.replicas` of the Deployment is more than -50, otherwise the CEL expression evalutes to null and the annotation will not be included. +50, otherwise the CEL expression evaluates to null and the annotation will not be included. Note that audit annotation keys are prefixed by the name of the `ValidatingAdmissionWebhook` and a `/`. If another admission controller, such as an admission webhook, uses the exact same audit annotation key, the diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md index 11a3397d7550a..bece80b822c01 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md @@ -8,5 +8,5 @@ _build: Extend the kubelet's pod resources gRPC endpoint to to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation` API. See [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources) for more details. -with informations about the allocatable resources, enabling clients to properly +with information about the allocatable resources, enabling clients to properly track the free compute resources on a node. diff --git a/content/en/docs/reference/command-line-tools-reference/kubelet.md b/content/en/docs/reference/command-line-tools-reference/kubelet.md index dbb3254ca3d81..ff53fc63b2fb4 100644 --- a/content/en/docs/reference/command-line-tools-reference/kubelet.md +++ b/content/en/docs/reference/command-line-tools-reference/kubelet.md @@ -609,7 +609,7 @@ ZeroLimitedNominalConcurrencyShares=true|false (BETA - default=false)
       - + @@ -1087,5 +1087,4 @@ Insecure values: -
      字段描述
      mountPath [必需]
      @@ -1569,8 +1555,7 @@ HostPathMount contains elements describing volumes that are mounted from the hos ImageMeta allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process --> -

      ImageMeta 用来配置来源不是 Kubernetes/kubernetes -发布过程的组件所使用的镜像。

      +

      ImageMeta 用来配置来源不是 Kubernetes/kubernetes 发布过程的组件所使用的镜像。

      @@ -1617,8 +1602,7 @@ the above components during upgrades. JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node. --> -

      JoinControlPlane 包含在正在加入集群的节点上要部署的额外的控制面组件的 -设置。

      +

      JoinControlPlane 包含在正在加入集群的节点上要部署的额外的控制面组件的设置。

      字段描述
      @@ -1632,8 +1616,7 @@ to be deployed on the joining node. localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. --> -

      localAPIEndpoint 代表的是将在此节点上部署的 API 服务器实例 -的端点。

      +

      localAPIEndpoint 代表的是将在此节点上部署的 API 服务器实例的端点。

      @@ -1693,7 +1676,7 @@ LocalEtcd describes that kubeadm should run an etcd cluster locally Defaults to "/var/lib/etcd". -->

      dataDir 是 etcd 用来存放数据的目录。 -默认值为 "/var/lib/etcd"。

      +默认值为 "/var/lib/etcd"。

      @@ -1762,7 +1744,7 @@ Networking contains elements describing cluster's networking configuration -

      serviceSubnet 是 Kubernetes 服务所使用的的子网。 +

      serviceSubnet 是 Kubernetes 服务所使用的子网。 默认值为 "10.96.0.0/12"。

      @@ -1783,7 +1765,7 @@ Networking contains elements describing cluster's networking configuration -

      dnsDomain 是 Kubernetes 服务所使用的的 DNS 域名。 +

      dnsDomain 是 Kubernetes 服务所使用的 DNS 域名。 默认值为 "cluster.local"。

      @@ -1851,8 +1833,8 @@ If you don't want to taint your control-plane node, set this field to an empty l i.e. taints: [] in the YAML file. This field is solely used for Node registration. -->

      taints 设定 Node API 对象被注册时要附带的污点。 -若未设置此字段(即字段值为 null),默认为控制平面节点添加控制平面污点。 -如果你不想污染你的控制平面节点,可以将此字段设置为空列表(即 YAML 文件中的 taints: []), +若未设置此字段(即字段值为 null),默认为控制面节点添加控制面污点。 +如果你不想为控制面节点添加污点,可以将此字段设置为空列表(即 YAML 文件中的 taints: []), 这个字段只用于节点注册。

      @@ -1870,11 +1852,9 @@ kubeadm is executing on. A key in this map is the flag name as it appears on the command line except without leading dash(es). -->

      kubeletExtraArgs 用来向 kubelet 传递额外参数。 -这里的参数会通过 kubeadm 在运行时写入的、由 kubelet 来读取的环境文件来 -传递给 kubelet 命令行。 +这里的参数会通过 kubeadm 在运行时写入的、由 kubelet 来读取的环境文件来传递给 kubelet 命令行。 这里的设置会覆盖掉 kubelet-config ConfigMap 中包含的一般性的配置。 -命令行标志在解析时优先级更高。 -这里的设置值仅作用于 kubeadm 运行所在的节点。 +命令行标志在解析时优先级更高。这里的设置值仅作用于 kubeadm 运行所在的节点。 映射中的每个键对应命令行中的一个标志参数,只是去掉了前置的连字符。

      @@ -1908,9 +1888,8 @@ images if not present on the host. -->

      imagePullPolicy 设定 "kubeadm init" 和 "kubeadm join" 操作期间的镜像拉取策略。此字段的取值可以是 "Always"、"IfNotPresent" 或 -"Never" 之一。 -若此字段未设置,则 kubeadm 使用 "IfNotPresent" 作为其默认值,换言之, -当镜像在主机上不存在时才执行拉取操作。

      +"Never" 之一。若此字段未设置,则 kubeadm 使用 "IfNotPresent" 作为其默认值, +换言之,当镜像在主机上不存在时才执行拉取操作。

      From 67ab54c25582843db04a12db3379f3ae51374aa5 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Mon, 11 Dec 2023 20:15:48 +0900 Subject: [PATCH 026/279] Update content/en/docs/concepts/storage/volumes.md --- content/en/docs/concepts/storage/volumes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index b4401b1ff0924..f211acbfbe71d 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -61,7 +61,7 @@ a different volume. ## In-tree volume plugins and their CSI Migration progress {#volume-types} Below is a list of In-tree plugins that are supported by Kubernetes and the status of their respective CSI Migrations progress. -The Container Storage Interface (CSI) was designed to help Kubernetes replace its existing, in-tree storage driver mechanisms - especially vendor specific plugins.Kubernetes support for the Container Storage Interface has been generally available since Kubernetes v1.13. For more details on CSI Migration, please refer to [Out-of-tree volume plugins](#out-of-tree-volume-plugins). +The Container Storage Interface (CSI) was designed to help Kubernetes replace its existing, in-tree storage driver mechanisms - especially vendor specific plugins. Kubernetes support for the Container Storage Interface has been generally available since Kubernetes v1.13. For more details on CSI Migration, please refer to [Out-of-tree volume plugins](#out-of-tree-volume-plugins). {{< note >}} When a Kubernetes cluster administrator updates a cluster to enable CSI migration, existing workloads that utilize PVCs which are backed by in-tree storage plugins will continue to function as they always have. Existing In trees PVs and In Tree format yaml file will still be used in the future even after the migration is completed, and will not be left unprocessed or deleted in the future. Users can still specify the following In-tree plugins in their yaml file. However, behind the scenes, Kubernetes hands control of all storage management operations (previously targeting in-tree drivers) to CSI drivers. From 18aae9cb4b8a922e09ca7319130cc5f82af5fff6 Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Mon, 11 Dec 2023 20:15:57 +0900 Subject: [PATCH 027/279] Update content/en/docs/concepts/storage/volumes.md --- content/en/docs/concepts/storage/volumes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index f211acbfbe71d..8f83b9bc2b5fd 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -64,7 +64,7 @@ Below is a list of In-tree plugins that are supported by Kubernetes and the stat The Container Storage Interface (CSI) was designed to help Kubernetes replace its existing, in-tree storage driver mechanisms - especially vendor specific plugins. Kubernetes support for the Container Storage Interface has been generally available since Kubernetes v1.13. For more details on CSI Migration, please refer to [Out-of-tree volume plugins](#out-of-tree-volume-plugins). {{< note >}} -When a Kubernetes cluster administrator updates a cluster to enable CSI migration, existing workloads that utilize PVCs which are backed by in-tree storage plugins will continue to function as they always have. Existing In trees PVs and In Tree format yaml file will still be used in the future even after the migration is completed, and will not be left unprocessed or deleted in the future. Users can still specify the following In-tree plugins in their yaml file. However, behind the scenes, Kubernetes hands control of all storage management operations (previously targeting in-tree drivers) to CSI drivers. +When a Kubernetes cluster administrator updates a cluster to enable CSI migration, existing workloads that utilize PVCs which are backed by in-tree storage plugins will continue to function as they always have. Existing in-tree PVs and in-tree format yaml file will still be used in the future even after the migration is completed, and will not be left unprocessed or deleted in the future. Users can still specify the following in-tree plugins in their yaml file. However, behind the scenes, Kubernetes hands control of all storage management operations (previously targeting in-tree drivers) to CSI drivers. {{< /note >}} From bec4fd8e2d378cfc88780721d449793c74cb675f Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Mon, 11 Dec 2023 20:16:58 +0900 Subject: [PATCH 028/279] Update content/en/docs/concepts/storage/volumes.md --- content/en/docs/concepts/storage/volumes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index 8f83b9bc2b5fd..f378495472616 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -60,7 +60,7 @@ a different volume. ## In-tree volume plugins and their CSI Migration progress {#volume-types} -Below is a list of In-tree plugins that are supported by Kubernetes and the status of their respective CSI Migrations progress. +Below is a list of in-tree plugins that are supported by Kubernetes and the status of their respective CSI Migrations progress. The Container Storage Interface (CSI) was designed to help Kubernetes replace its existing, in-tree storage driver mechanisms - especially vendor specific plugins. Kubernetes support for the Container Storage Interface has been generally available since Kubernetes v1.13. For more details on CSI Migration, please refer to [Out-of-tree volume plugins](#out-of-tree-volume-plugins). {{< note >}} From 1b1d127c8823c9d370ecb9ef6f4fc8e4a2ecbc4b Mon Sep 17 00:00:00 2001 From: windsonsea Date: Thu, 14 Dec 2023 09:17:42 +0800 Subject: [PATCH 029/279] [zh] Localize a blog: PodReadyToStartContainersCondition-in-beta.md --- ...ReadyToStartContainersCondition-in-beta.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2023-12-19-PodReadyToStartContainersCondition-in-beta.md diff --git a/content/zh-cn/blog/_posts/2023-12-19-PodReadyToStartContainersCondition-in-beta.md b/content/zh-cn/blog/_posts/2023-12-19-PodReadyToStartContainersCondition-in-beta.md new file mode 100644 index 0000000000000..38bd3c8a390f0 --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-12-19-PodReadyToStartContainersCondition-in-beta.md @@ -0,0 +1,129 @@ +--- +layout: blog +title: "Kubernetes 1.29:PodReadyToStartContainers 状况进阶至 Beta" +date: 2023-12-19 +slug: pod-ready-to-start-containers-condition-now-in-beta +--- + + + +**作者**:Zefeng Chen (independent), Kevin Hannon (Red Hat) + +**译者**:[Michael Yao](https://github.com/windsonsea) + + +随着最近发布的 Kubernetes 1.29,`PodReadyToStartContainers` +[状况](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions)默认可用。 +kubelet 在 Pod 的整个生命周期中管理该状况的值,将其存储在 Pod 的状态字段中。 +kubelet 将通过容器运行时从 Pod 沙箱创建和网络配置的角度使用 `PodReadyToStartContainers` +状况准确地展示 Pod 的初始化状态, + + +## 这个特性的动机是什么? + + +集群管理员以前没有明确且轻松访问的方式来查看 Pod 沙箱创建和初始化的完成情况。 +从 1.28 版本开始,Pod 中的 `Initialized` 状况跟踪 Init 容器的执行情况。 +然而,它在准确反映沙箱创建完成和容器准备启动的方面存在一些限制,无法适用于集群中的所有 Pod。 +在多租户集群中,这种区别尤为重要,租户拥有包括 Init 容器集合在内的 Pod 规约, +而集群管理员管理存储插件、网络插件和容器运行时处理程序。 +因此,需要改进这个机制,以便为集群管理员提供清晰和全面的 Pod 沙箱创建完成和容器就绪状态的视图。 + + +## 这个特性有什么好处? + +1. 改进可见性:集群管理员可以更清晰和全面地查看 Pod 沙箱的创建完成和容器的就绪状态。 + 这种增强的可见性使他们能够做出更明智的决策,并更有效地解决问题。 + + +2. 指标收集和监控:监控服务可以利用与 `PodReadyToStartContainers` 状况相关的字段来报告沙箱创建状态和延迟。 + 可以按照每个 Pod 的基数进行指标收集,或者根据 Pod 的各种属性进行聚合,例如 + `volumes`、`runtimeClassName`、CNI 和 IPAM 插件的自定义注解, + 以及任意标签和注解,以及 PersistentVolumeClaims 的 `storageClassName`。 + 这样可以全面监控和分析集群中 Pod 的就绪状态。 + + +3. 增强故障排查能力:通过更准确地表示 Pod 沙箱的创建和容器的就绪状态, + 集群管理员可以快速识别和解决初始化过程中可能出现的任何问题。 + 这将提高故障排查能力,并减少停机时间。 + + +### 后续事项 + +鉴于反馈和采用情况,Kubernetes 团队在 1.29 版本中将 `PodReadyToStartContainersCondition` +进阶至 Beta版。你的评论将有助于确定该状况是否继续并晋升至 GA,请针对此特性提交更多反馈! + + +### 如何了解更多? + +请查看关于 `PodReadyToStartContainersCondition` +的[文档](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/), +以了解其更多信息及其与其他 Pod 状况的关系。 + + +### 如何参与? + +该特性由 SIG Node 社区推动。请加入我们,与社区建立联系,分享你对这一特性及更多内容的想法和反馈。 +我们期待倾听你的建议! From 6165f83b980e53e156c63a7a2000c7bab862d672 Mon Sep 17 00:00:00 2001 From: Haripriya Date: Thu, 14 Dec 2023 18:26:13 +0530 Subject: [PATCH 030/279] added note --- content/en/docs/tutorials/services/source-ip.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/docs/tutorials/services/source-ip.md b/content/en/docs/tutorials/services/source-ip.md index 1c182e8bbaa0a..05a0914cef36b 100644 --- a/content/en/docs/tutorials/services/source-ip.md +++ b/content/en/docs/tutorials/services/source-ip.md @@ -48,6 +48,10 @@ the target localization. The examples use a small nginx webserver that echoes back the source IP of requests it receives through an HTTP header. You can create it as follows: +{{< note >}} +The example image below works only with AMD64 architecture. +{{< note >}} + ```shell kubectl create deployment source-ip-app --image=registry.k8s.io/echoserver:1.4 ``` @@ -56,10 +60,6 @@ The output is: deployment.apps/source-ip-app created ``` -{{< note >}} -The example image works only with AMD64 architecture. -{{< note >}} - ## {{% heading "objectives" %}} From b8c2e02763df8d0f35a291c56bc546718f41a847 Mon Sep 17 00:00:00 2001 From: Haripriya Date: Thu, 14 Dec 2023 22:38:07 +0530 Subject: [PATCH 031/279] note --- content/en/docs/tutorials/services/source-ip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tutorials/services/source-ip.md b/content/en/docs/tutorials/services/source-ip.md index 05a0914cef36b..049b3eee1e221 100644 --- a/content/en/docs/tutorials/services/source-ip.md +++ b/content/en/docs/tutorials/services/source-ip.md @@ -50,7 +50,7 @@ IP of requests it receives through an HTTP header. You can create it as follows: {{< note >}} The example image below works only with AMD64 architecture. -{{< note >}} +{{< /note >}} ```shell kubectl create deployment source-ip-app --image=registry.k8s.io/echoserver:1.4 From 0164c80caec43df4d09b445201844c6919aaba9c Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 18 Dec 2023 00:32:25 +0200 Subject: [PATCH 032/279] [it] Update KubeCon dates for 2024 --- content/it/_index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/it/_index.html b/content/it/_index.html index 177bfa5c09f3b..52400fea99081 100644 --- a/content/it/_index.html +++ b/content/it/_index.html @@ -43,12 +43,12 @@

      La sfida di migrare 150+ Microservizi su Kubernetes



      - Partecipa alla KubeCon a Valencia, Spagna + Virtual (16-20 maggio 2022) + Partecipa alla KubeCon + CloudNativeCon Europe (19-22 maggio 2024)



      - Partecipa al KubeCon a Detroit, Michigan (24-28 ottobre 2022) + Partecipa al KubeCon + CloudNativeCon, America del Nord (12-15 novembre 2022)
      From 1d8c8700ef01ef847bf64bc2ed2aae907c015959 Mon Sep 17 00:00:00 2001 From: Abel Lu Date: Sat, 9 Dec 2023 22:55:07 -0500 Subject: [PATCH 033/279] Replaced unavailable image for guestbook tutorial for issues #44190 #44415 #44224 #44277 --- .../examples/application/guestbook/frontend-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/examples/application/guestbook/frontend-deployment.yaml b/content/en/examples/application/guestbook/frontend-deployment.yaml index f97f20dab6763..b4639929ad424 100644 --- a/content/en/examples/application/guestbook/frontend-deployment.yaml +++ b/content/en/examples/application/guestbook/frontend-deployment.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: php-redis - image: gcr.io/google_samples/gb-frontend:v5 + image: us-docker.pkg.dev/google-samples/containers/gke/gb-frontend:v5 env: - name: GET_HOSTS_FROM value: "dns" @@ -26,4 +26,4 @@ spec: cpu: 100m memory: 100Mi ports: - - containerPort: 80 \ No newline at end of file + - containerPort: 80 From 1062b122e5bb5eba05ccd419ff2ee55877042c3c Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Tue, 19 Dec 2023 18:03:32 +0000 Subject: [PATCH 034/279] Move feature gates page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit covers the Japanese (日本語) language. --- .../{feature-gates.md => feature-gates/index.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename content/ja/docs/reference/command-line-tools-reference/{feature-gates.md => feature-gates/index.md} (100%) diff --git a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md b/content/ja/docs/reference/command-line-tools-reference/feature-gates/index.md similarity index 100% rename from content/ja/docs/reference/command-line-tools-reference/feature-gates.md rename to content/ja/docs/reference/command-line-tools-reference/feature-gates/index.md From eda3bed86cbf54b630a94c11fc14d702aab3f3cf Mon Sep 17 00:00:00 2001 From: Abel Lu <66392457+azn-abel@users.noreply.github.com> Date: Tue, 19 Dec 2023 13:05:40 -0500 Subject: [PATCH 035/279] Update gb-redis-follower image to Google's newer image --- .../application/guestbook/redis-follower-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/examples/application/guestbook/redis-follower-deployment.yaml b/content/en/examples/application/guestbook/redis-follower-deployment.yaml index c418cf7364f92..c32a16e46c879 100644 --- a/content/en/examples/application/guestbook/redis-follower-deployment.yaml +++ b/content/en/examples/application/guestbook/redis-follower-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: follower - image: gcr.io/google_samples/gb-redis-follower:v2 + image: us-docker.pkg.dev/google-samples/containers/gke/gb-redis-follower:v2 resources: requests: cpu: 100m From 200192734653493483a334877e63844493a904b3 Mon Sep 17 00:00:00 2001 From: ziyi-xie Date: Wed, 20 Dec 2023 04:36:45 +0000 Subject: [PATCH 036/279] Added introduction about CSIMigration --- content/en/docs/concepts/storage/volumes.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index f378495472616..95199de28dfeb 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -58,15 +58,9 @@ Volumes cannot mount within other volumes (but see [Using subPath](#using-subpat for a related mechanism). Also, a volume cannot contain a hard link to anything in a different volume. -## In-tree volume plugins and their CSI Migration progress {#volume-types} - -Below is a list of in-tree plugins that are supported by Kubernetes and the status of their respective CSI Migrations progress. -The Container Storage Interface (CSI) was designed to help Kubernetes replace its existing, in-tree storage driver mechanisms - especially vendor specific plugins. Kubernetes support for the Container Storage Interface has been generally available since Kubernetes v1.13. For more details on CSI Migration, please refer to [Out-of-tree volume plugins](#out-of-tree-volume-plugins). - -{{< note >}} -When a Kubernetes cluster administrator updates a cluster to enable CSI migration, existing workloads that utilize PVCs which are backed by in-tree storage plugins will continue to function as they always have. Existing in-tree PVs and in-tree format yaml file will still be used in the future even after the migration is completed, and will not be left unprocessed or deleted in the future. Users can still specify the following in-tree plugins in their yaml file. However, behind the scenes, Kubernetes hands control of all storage management operations (previously targeting in-tree drivers) to CSI drivers. -{{< /note >}} +## Types of volumes {#volume-types} +Kubernetes supports several types of volumes. ### awsElasticBlockStore (removed) {#awselasticblockstore} @@ -1040,6 +1034,12 @@ As a result, operators do not have to make any configuration changes to existing Storage Classes, PersistentVolumes or PersistentVolumeClaims (referring to in-tree plugins) when transitioning to a CSI driver that supersedes an in-tree plugin. +{{< note >}} +* The existing PV created by in-tree volume plugin can still be used in the future without any configuration changes even after the `CSIMigration` is completed. +* Manifests that use in-tree volume plugins will also be used in the future without modifying. +* A new PV with a manifest that uses in-tree volume plugins can still be created, even after the in-tree volume plugin is removed from Kubernetes. +{{< /note >}} + The operations and features that are supported include: provisioning/delete, attach/detach, mount/unmount and resizing of volumes. From 68b0a2045c29210dffdefb04b6c851d960e283ff Mon Sep 17 00:00:00 2001 From: ziyi-xie Date: Wed, 20 Dec 2023 05:17:42 +0000 Subject: [PATCH 037/279] Deleted the contents that have been stated in the former paragraph --- content/en/docs/concepts/storage/volumes.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index 95199de28dfeb..6c7fab528540b 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -1036,7 +1036,6 @@ configuration changes to existing Storage Classes, PersistentVolumes or Persiste {{< note >}} * The existing PV created by in-tree volume plugin can still be used in the future without any configuration changes even after the `CSIMigration` is completed. -* Manifests that use in-tree volume plugins will also be used in the future without modifying. * A new PV with a manifest that uses in-tree volume plugins can still be created, even after the in-tree volume plugin is removed from Kubernetes. {{< /note >}} From f55c69129aebebc079d0d5841ffd76b0bca3c2be Mon Sep 17 00:00:00 2001 From: Haripriya Date: Wed, 20 Dec 2023 20:22:49 +0530 Subject: [PATCH 038/279] updated note --- content/en/docs/tutorials/services/source-ip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tutorials/services/source-ip.md b/content/en/docs/tutorials/services/source-ip.md index 049b3eee1e221..6907cf891975a 100644 --- a/content/en/docs/tutorials/services/source-ip.md +++ b/content/en/docs/tutorials/services/source-ip.md @@ -49,7 +49,7 @@ The examples use a small nginx webserver that echoes back the source IP of requests it receives through an HTTP header. You can create it as follows: {{< note >}} -The example image below works only with AMD64 architecture. +The image in the following command only runs on AMD64 architectures. {{< /note >}} ```shell From 2a670f696ed92cba17ac635b35b9f258fa1f902a Mon Sep 17 00:00:00 2001 From: ziyi-xie <92832323+ziyi-xie@users.noreply.github.com> Date: Thu, 21 Dec 2023 13:02:09 +0900 Subject: [PATCH 039/279] Update content/en/docs/concepts/storage/volumes.md Co-authored-by: Akihiro Motoki --- content/en/docs/concepts/storage/volumes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index 6c7fab528540b..c940e7bbe37ed 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -1035,7 +1035,7 @@ configuration changes to existing Storage Classes, PersistentVolumes or Persiste (referring to in-tree plugins) when transitioning to a CSI driver that supersedes an in-tree plugin. {{< note >}} -* The existing PV created by in-tree volume plugin can still be used in the future without any configuration changes even after the `CSIMigration` is completed. +* Existing PVs created by in-tree volume plugin can still be used in the future without any configuration changes even after the `CSIMigration` is completed and corresponing in-tree volume plugins are deleted. * A new PV with a manifest that uses in-tree volume plugins can still be created, even after the in-tree volume plugin is removed from Kubernetes. {{< /note >}} From 3dd6d38a6bb5c644a4474b47110ccb31d5180940 Mon Sep 17 00:00:00 2001 From: ziyi-xie Date: Thu, 21 Dec 2023 04:28:57 +0000 Subject: [PATCH 040/279] Modified the introduction about new pvs to make it more precise --- content/en/docs/concepts/storage/volumes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md index c940e7bbe37ed..cc5093f093d72 100644 --- a/content/en/docs/concepts/storage/volumes.md +++ b/content/en/docs/concepts/storage/volumes.md @@ -1036,7 +1036,7 @@ configuration changes to existing Storage Classes, PersistentVolumes or Persiste {{< note >}} * Existing PVs created by in-tree volume plugin can still be used in the future without any configuration changes even after the `CSIMigration` is completed and corresponing in-tree volume plugins are deleted. -* A new PV with a manifest that uses in-tree volume plugins can still be created, even after the in-tree volume plugin is removed from Kubernetes. +* New PVs with manifests that referring to in-tree volume plugins can still be created, even after the in-tree volume plugins are removed from Kubernetes. {{< /note >}} The operations and features that are supported include: From 9e097396b9d896acf993a6d29f712f8d693b0bda Mon Sep 17 00:00:00 2001 From: Paco Xu Date: Tue, 8 Aug 2023 16:12:21 +0800 Subject: [PATCH 041/279] use image from DUMMY_SERVER in the example --- .../configure-pod-container/configure-service-account.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index 002fc3708e965..f9c6a916de77c 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -291,7 +291,7 @@ Next, verify it has been created. For example: [Specifying ImagePullSecrets on a Pod](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). ```shell - kubectl create secret docker-registry myregistrykey --docker-server=DUMMY_SERVER \ + kubectl create secret docker-registry myregistrykey --docker-server= \ --docker-username=DUMMY_USERNAME --docker-password=DUMMY_DOCKER_PASSWORD \ --docker-email=DUMMY_DOCKER_EMAIL ``` @@ -361,7 +361,7 @@ Now, when a new Pod is created in the current namespace and using the default ServiceAccount, the new Pod has its `spec.imagePullSecrets` field set automatically: ```shell -kubectl run nginx --image=nginx --restart=Never +kubectl run nginx --image=/nginx --restart=Never kubectl get pod nginx -o=jsonpath='{.spec.imagePullSecrets[0].name}{"\n"}' ``` From e5dc3ef44254219926474842790b7931cbc240cc Mon Sep 17 00:00:00 2001 From: Gauravpadam <1032201077@tcetmumbai.in> Date: Wed, 13 Dec 2023 15:45:33 +0530 Subject: [PATCH 042/279] Added documentation for metrics generation Some more fixes --- .../generate-ref-docs/metrics-reference.md | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 content/en/docs/contribute/generate-ref-docs/metrics-reference.md diff --git a/content/en/docs/contribute/generate-ref-docs/metrics-reference.md b/content/en/docs/contribute/generate-ref-docs/metrics-reference.md new file mode 100644 index 0000000000000..54a482d1a2e5d --- /dev/null +++ b/content/en/docs/contribute/generate-ref-docs/metrics-reference.md @@ -0,0 +1,95 @@ +--- +title: Generating reference documentation for metrics +content_type: task +weight: 100 +--- + + + +This page demonstrates the generation of metrics reference documentation + +## {{% heading "prerequisites" %}} + +{{< include "prerequisites-ref-docs.md" >}} + + + +## Cloning the Kubernetes repository + +The metric generation happens in the Kubernetes repository. +To clone the repository, Change directories to where you want the clone to exist. + +Then, execute the following command: + +```shell +git clone https://www.github.com/kubernetes/kubernetes +``` + +This creates a `kubernetes` folder in your current working directory. + +## Generate the metrics + +Inside the cloned Kubernetes repository, locate the +`test/instrumentation/documentation` directory. +The metrics documentation is generated in this directory. + +With each release, new metrics are added. +After you run the metrics documentation generator script, copy the +metrics documentation to the Kubernetes website and +publish the updated metrics documentation. + +To generate the latest metrics, Make sure you are in the root of the cloned Kubernetes directory. +Then, execute the following command: + +```shell +./test/instrumentation/update-documentation.sh +``` + +To check for changes, execute: + +```shell +git status +``` + +The output is similar to + +``` +./test/instrumentation/documentation/documentation.md +./test/instrumentation/documentation/documentation-list.yaml +``` + +## Copy the generated metrics documentation file to the Kubernetes website repository + +1. Set the Kubernetes website root environment variable + +Execute the following command to set the website root: + +```shell +export WEBSITE_ROOT= +``` + + +2. Copy operation + +Copy the generated metrics file to the Kubernetes website repository. + +```shell +cp ./test/instrumentation/documentation/documentation.md "${WEBSITE_ROOT}/content/en/docs/reference/instrumentation/metrics.md" +``` + +{{< note >}} +If you get an error, check that you have permission to copy the file. +You can use `chown` to change the file ownership back to your own user. +{{< /note >}} + +## Creating a pull request + +To create a pull request, Follow the instructions in [Opening a pull request](/docs/contribute/new-content/open-a-pr/) + +## {{% heading "whatsnext" %}} + +* [Contribute-upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) +* [Generating Reference Docs for Kubernetes Components and Tools](/docs/contribute/generate-ref-docs/kubernetes-components/) +* [Generating Reference Documentation for kubectl Commands](/docs/contribute/generate-ref-docs/kubectl/) + + From b90aa9e75ea5de3d11587cd231b1fd1733cff295 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Fri, 22 Dec 2023 16:37:14 +0800 Subject: [PATCH 043/279] [zh] Remove dual-hosted info about kops and kubespray --- .../setup/production-environment/_index.md | 9 +- .../production-environment/tools/_index.md | 40 ++ .../production-environment/tools/kops.md | 438 ------------------ .../production-environment/tools/kubespray.md | 313 ------------- 4 files changed, 44 insertions(+), 756 deletions(-) delete mode 100644 content/zh-cn/docs/setup/production-environment/tools/kops.md delete mode 100644 content/zh-cn/docs/setup/production-environment/tools/kubespray.md diff --git a/content/zh-cn/docs/setup/production-environment/_index.md b/content/zh-cn/docs/setup/production-environment/_index.md index 9db16d45b85d2..d245de1d1e529 100644 --- a/content/zh-cn/docs/setup/production-environment/_index.md +++ b/content/zh-cn/docs/setup/production-environment/_index.md @@ -589,13 +589,12 @@ needs of your cluster's workloads: [API 服务器](/zh-cn/docs/setup/production-environment/tools/kubeadm/ha-topology/)这些功能组件配置高可用能力。 - 选择使用 [kubeadm](/zh-cn/docs/setup/production-environment/tools/kubeadm/)、 - [kops](/zh-cn/docs/setup/production-environment/tools/kops/) 或 - [Kubespray](/zh-cn/docs/setup/production-environment/tools/kubespray/) 作为部署方法。 + [kops](https://kops.sigs.k8s.io/) 或 + [Kubespray](https://kubespray.io/) 作为部署方法。 + + +搭建你自己的 Kubernetes 生产集群有许多方法和工具。例如: + +- [kubeadm](/zh-cn/docs/setup/production-environment/tools/kubeadm/) + + +- [kops](https://kops.sigs.k8s.io/):自动化集群制备工具。 + 有关教程、最佳实践、配置选项和社区联系信息,请查阅 + [`kOps` 网站](https://kops.sigs.k8s.io/)。 + + +- [kubespray](https://kubespray.io/): + 提供了 [Ansible](https://docs.ansible.com/) Playbook、 + [清单(inventory)](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible.md#inventory)、 + 制备工具和通用 OS/Kubernetes 集群配置管理任务领域的知识。 + 你可以通过 Slack 频道 [#kubespray](https://kubernetes.slack.com/messages/kubespray/) 联系此社区。 diff --git a/content/zh-cn/docs/setup/production-environment/tools/kops.md b/content/zh-cn/docs/setup/production-environment/tools/kops.md deleted file mode 100644 index 9edfdddf13154..0000000000000 --- a/content/zh-cn/docs/setup/production-environment/tools/kops.md +++ /dev/null @@ -1,438 +0,0 @@ ---- -title: 使用 kOps 安装 Kubernetes -content_type: task -weight: 20 ---- - - - - - -本篇快速入门介绍了如何在 AWS 上轻松安装 Kubernetes 集群。 -本篇使用了一个名为 [`kOps`](https://github.com/kubernetes/kops) 的工具。 - - -`kOps` 是一个自动化的制备系统: - - -* 全自动安装流程 -* 使用 DNS 识别集群 -* 自我修复:一切都在自动扩缩组中运行 -* 支持多种操作系统(Amazon Linux、Debian、Flatcar、RHEL、Rocky 和 Ubuntu), - 参考 [images.md](https://github.com/kubernetes/kops/blob/master/docs/operations/images.md)。 -* 支持高可用,参考 - [high_availability.md](https://github.com/kubernetes/kops/blob/master/docs/operations/high_availability.md)。 -* 可以直接提供或者生成 terraform 清单,参考 - [terraform.md](https://github.com/kubernetes/kops/blob/master/docs/terraform.md)。 - -## {{% heading "prerequisites" %}} - - -* 你必须安装 [kubectl](/zh-cn/docs/tasks/tools/)。 -* 你必须安装[安装](https://github.com/kubernetes/kops#installing) `kops` - 到 64 位的(AMD64 和 Intel 64)设备架构上。 -* 你必须拥有一个 [AWS 账户](https://docs.aws.amazon.com/zh_cn/polly/latest/dg/setting-up.html), - 生成 [IAM 秘钥](https://docs.aws.amazon.com/zh_cn/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys) - 并[配置](https://docs.aws.amazon.com/zh_cn/cli/latest/userguide/cli-chap-configure.html#cli-quick-configuration) - 该秘钥。IAM 用户需要[足够的权限许可](https://github.com/kubernetes/kops/blob/master/docs/getting_started/aws.md#setup-iam-user)。 - - - - -## 创建集群 {#creating-a-cluster} - -### (1/5) 安装 kops - -#### 安装 - -从[下载页面](https://github.com/kubernetes/kops/releases)下载 kops -(从源代码构建也很方便): - -{{< tabs name="kops_installation" >}} -{{% tab name="macOS" %}} - - -使用下面的命令下载最新发布版本: - -```shell -curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-darwin-amd64 -``` - - -要下载特定版本,使用特定的 kops 版本替换下面命令中的部分: - -```shell -$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4) -``` - - -例如,要下载 kops v1.20.0,输入: - -```shell -curl -LO https://github.com/kubernetes/kops/releases/download/v1.20.0/kops-darwin-amd64 -``` - - -令 kops 二进制文件可执行: - -```shell -chmod +x kops-darwin-amd64 -``` - - -将 kops 二进制文件移到你的 PATH 下: - -```shell -sudo mv kops-darwin-amd64 /usr/local/bin/kops -``` - - -你也可以使用 [Homebrew](https://brew.sh/) 安装 kops: - -```shell -brew update && brew install kops -``` -{{% /tab %}} -{{% tab name="Linux" %}} - - -使用命令下载最新发布版本: - -```shell -curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64 -``` - - -要下载 kops 的特定版本,用特定的 kops 版本替换下面命令中的部分: - -```shell -$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4) -``` - - -例如,要下载 kops v1.20 版本,输入: - -```shell -curl -LO https://github.com/kubernetes/kops/releases/download/v1.20.0/kops-linux-amd64 -``` - - -令 kops 二进制文件可执行: - -```shell -chmod +x kops-linux-amd64 -``` - - -将 kops 二进制文件移到 PATH 下: - -```shell -sudo mv kops-linux-amd64 /usr/local/bin/kops -``` - - -你也可以使用 [Homebrew](https://docs.brew.sh/Homebrew-on-Linux) 来安装 kops。 - -```shell -brew update && brew install kops -``` - -{{% /tab %}} -{{< /tabs >}} - - -### (2/5) 为你的集群创建一个 route53 域名 - -kops 在集群内部和外部都使用 DNS 进行发现操作,这样你可以从客户端访问 -Kubernetes API 服务器。 - - -kops 对集群名称有明显的要求:它应该是有效的 DNS 名称。这样一来,你就不会再使集群混乱, -可以与同事明确共享集群,并且无需依赖记住 IP 地址即可访问集群。 - - -你可以,或许应该使用子域名来划分集群。作为示例,我们将使用域名 `useast1.dev.example.com`。 -这样,API 服务器端点域名将为 `api.useast1.dev.example.com`。 - - -Route53 托管区域可以服务子域名。你的托管区域可能是 `useast1.dev.example.com`, -还有 `dev.example.com` 甚至 `example.com`。 -kops 可以与以上任何一种配合使用,因此通常你出于组织原因选择不同的托管区域。 -例如,允许你在 `dev.example.com` 下创建记录,但不能在 `example.com` 下创建记录。 - - -假设你使用 `dev.example.com` 作为托管区域。你可以使用 -[正常流程](https://docs.aws.amazon.com/zh_cn/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html) -或者使用诸如 `aws route53 create-hosted-zone --name dev.example.com --caller-reference 1` -之类的命令来创建该托管区域。 - - -然后,你必须在父域名中设置你的 DNS 记录,以便该域名中的记录可以被解析。 -在这里,你将在 `example.com` 中为 `dev` 创建 DNS 记录。 -如果它是根域名,则可以在域名注册机构配置 DNS 记录。 -例如,你需要在购买 `example.com` 的地方配置 `example.com`。 - - -检查你的 route53 域已经被正确设置(这是导致问题的最常见原因!)。 -如果你安装了 dig 工具,则可以通过运行以下步骤再次检查集群是否配置正确: - -`dig NS dev.example.com` - - -你应该看到 Route53 分配了你的托管区域的 4 条 DNS 记录。 - - -### (3/5) 创建一个 S3 存储桶来存储集群状态 - -kops 使你即使在安装后也可以管理集群。为此,它必须跟踪已创建的集群及其配置、所使用的密钥等。 -此信息存储在 S3 存储桶中。S3 权限用于控制对存储桶的访问。 - - -多个集群可以使用同一 S3 存储桶,并且你可以在管理同一集群的同事之间共享一个 -S3 存储桶 - 这比传递 kubecfg 文件容易得多。 -但是有权访问 S3 存储桶的任何人都将拥有对所有集群的管理访问权限, -因此你不想在运营团队之外共享它。 - - -因此,通常每个运维团队都有一个 S3 存储桶(而且名称通常对应于上面托管区域的名称!) - - -在我们的示例中,我们选择 `dev.example.com` 作为托管区域,因此我们选择 -`clusters.dev.example.com` 作为 S3 存储桶名称。 - - -* 导出 `AWS_PROFILE` 文件(如果你需要选择一个配置文件用来使 AWS CLI 正常工作) -* 使用 `aws s3 mb s3://clusters.dev.example.com` 创建 S3 存储桶 -* 你可以进行 `export KOPS_STATE_STORE=s3://clusters.dev.example.com` 操作, - 然后 kops 将默认使用此位置。 - 我们建议将其放入你的 bash profile 文件或类似文件中。 - - -### (4/5) 建立你的集群配置 - -运行 `kops create cluster` 以创建你的集群配置: - -`kops create cluster --zones=us-east-1c useast1.dev.example.com` - - -kops 将为你的集群创建配置。请注意,它**仅**创建配置,实际上并没有创建云资源。 -你将在下一步中使用 `kops update cluster` 进行创建。 -这使你有机会查看配置或进行更改。 - - -它打印出可用于进一步探索的命令: - - -* 使用以下命令列出集群:`kops get cluster` -* 使用以下命令编辑该集群:`kops edit cluster useast1.dev.example.com` -* 使用以下命令编辑你的节点实例组:`kops edit ig --name = useast1.dev.example.com nodes` -* 使用以下命令编辑你的主实例组:`kops edit ig --name = useast1.dev.example.com master-us-east-1c` - - -如果这是你第一次使用 kops,请花几分钟尝试一下!实例组是一组实例,将被注册为 Kubernetes 节点。 -在 AWS 上,这是通过 auto-scaling-groups 实现的。你可以有多个实例组。 -例如,你可能想要混合了 Spot 实例和按需实例的节点,或者混合了 GPU 实例和非 GPU 实例的节点。 - - -### (5/5) 在 AWS 中创建集群 - -运行 `kops update cluster` 以在 AWS 中创建集群: - -`kops update cluster useast1.dev.example.com --yes` - - -这需要几秒钟的时间才能运行,但实际上集群可能需要几分钟才能准备就绪。 -每当更改集群配置时,都会使用 `kops update cluster` 工具。 -它将在集群中应用你对配置进行的更改,根据需要重新配置 AWS 或者 Kubernetes。 - - -例如,在你运行 `kops edit ig nodes` 之后,然后运行 `kops update cluster --yes` -应用你的配置,有时你还必须运行 `kops rolling-update cluster` 立即回滚更新配置。 - - -如果没有 `--yes` 参数,`kops update cluster` 操作将向你显示其操作的预览效果。这对于生产集群很方便! - - -### 探索其他附加组件 - -请参阅[附加组件列表](/zh-cn/docs/concepts/cluster-administration/addons/)探索其他附加组件, -包括用于 Kubernetes 集群的日志记录、监视、网络策略、可视化和控制的工具。 - - -## 清理 {#cleanup} - -* 删除集群:`kops delete cluster useast1.dev.example.com --yes` - -## {{% heading "whatsnext" %}} - - -* 了解有关 Kubernetes 的[概念](/zh-cn/docs/concepts/)和 - [`kubectl`](/zh-cn/docs/reference/kubectl/) 的更多信息。 -* 参阅 `kOps` [进阶用法](https://kops.sigs.k8s.io/) 获取教程、最佳实践和进阶配置选项。 -* 通过 Slack:[社区讨论](https://kops.sigs.k8s.io/contributing/#other-ways-to-communicate-with-the-contributors) - 参与 `kOps` 社区讨论。(访问 https://slack.k8s.io/ 获取此 Slack 工作空间的邀请) -* 通过解决或提出一个 [GitHub Issue](https://github.com/kubernetes/kops/issues) 来为 `kOps` 做贡献。 diff --git a/content/zh-cn/docs/setup/production-environment/tools/kubespray.md b/content/zh-cn/docs/setup/production-environment/tools/kubespray.md deleted file mode 100644 index 5980bed292236..0000000000000 --- a/content/zh-cn/docs/setup/production-environment/tools/kubespray.md +++ /dev/null @@ -1,313 +0,0 @@ ---- -title: 使用 Kubespray 安装 Kubernetes -content_type: concept -weight: 30 ---- - - - - - -此快速入门有助于使用 [Kubespray](https://github.com/kubernetes-sigs/kubespray) -安装在 GCE、Azure、OpenStack、AWS、vSphere、Equinix Metal(曾用名 Packet)、Oracle Cloud -Infrastructure(实验性)或 Baremetal 上托管的 Kubernetes 集群。 - - -Kubespray 是由若干 [Ansible](https://docs.ansible.com/) Playbook、 -[清单(inventory)](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible.md#inventory)、 -制备工具和通用 OS/Kubernetes 集群配置管理任务的领域知识组成的。 - -Kubespray 提供: - - -- 高可用性集群 -- 可组合属性(例如可选择网络插件) -- 支持大多数流行的 Linux 发行版 - - Flatcar Container Linux - - Debian Bullseye、Buster、Jessie、Stretch - - Ubuntu 16.04、18.04、20.04、22.04 - - CentOS/RHEL 7、8、9 - - Fedora 35、36 - - Fedora CoreOS - - openSUSE Leap 15.x/Tumbleweed - - Oracle Linux 7、8、9 - - Alma Linux 8、9 - - Rocky Linux 8、9 - - Kylin Linux Advanced Server V10 - - Amazon Linux 2 -- 持续集成测试 - - -要选择最适合你的用例的工具,请阅读 -[kubeadm](/zh-cn/docs/reference/setup-tools/kubeadm/) 和 -[kops](/zh-cn/docs/setup/production-environment/tools/kops/) -之间的[这份比较](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/comparisons.md)。 - - - - -## 创建集群 {#creating-a-cluster} - -### (1/5)满足下层设施要求 - - -按以下[要求](https://github.com/kubernetes-sigs/kubespray#requirements)来配置服务器: - - -* **Kubernetes** 的最低版本要求为 V1.22 -* **在将运行 Ansible 命令的计算机上安装 Ansible v2.11(或更高版本)、Jinja 2.11(或更高版本)和 python-netaddr** -* 目标服务器必须**能够访问 Internet** 才能拉取 Docker 镜像。否则, - 需要其他配置([请参见离线环境](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/offline-environment.md)) -* 目标服务器配置为允许 **IPv4 转发** -* 如果针对 Pod 和 Service 使用 IPv6,则目标服务器配置为允许 **IPv6 转发** -* **防火墙不是由 kubespray 管理的**。你需要根据需求设置适当的规则策略。为了避免部署过程中出现问题,可以禁用防火墙。 -* 如果从非 root 用户帐户运行 kubespray,则应在目标服务器中配置正确的特权升级方法并指定 - `ansible_become` 标志或命令参数 `--become` 或 `-b` - - -Kubespray 提供以下实用程序来帮助你设置环境: - -* 为以下云驱动提供的 [Terraform](https://www.terraform.io/) 脚本: - * [AWS](https://github.com/kubernetes-sigs/kubespray/tree/master/contrib/terraform/aws) - * [OpenStack](https://github.com/kubernetes-sigs/kubespray/tree/master/contrib/terraform/openstack) - * [Equinix Metal](https://github.com/kubernetes-sigs/kubespray/tree/master/contrib/terraform/equinix) - - -### (2/5)编写清单文件 - -设置服务器后,请创建一个 -[Ansible 的清单文件](https://docs.ansible.com/ansible/latest/network/getting_started/first_inventory.html)。 -你可以手动执行此操作,也可以通过动态清单脚本执行此操作。有关更多信息,请参阅 -“[建立你自己的清单](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting-started.md#building-your-own-inventory)”。 - -### (3/5)规划集群部署 - -Kubespray 能够自定义部署的许多方面: - - -* 选择部署模式:kubeadm 或非 kubeadm -* CNI(网络)插件 -* DNS 配置 -* 控制平面的选择:本机/可执行文件或容器化 -* 组件版本 -* Calico 路由反射器 -* 组件运行时选项 - * {{< glossary_tooltip term_id="docker" >}} - * {{< glossary_tooltip term_id="containerd" >}} - * {{< glossary_tooltip term_id="cri-o" >}} -* 证书生成方式 - - -可以修改[变量文件](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html)以进行 -Kubespray 定制。 -如果你刚刚开始使用 Kubespray,请考虑使用 Kubespray 默认设置来部署你的集群并探索 Kubernetes。 - - -### (4/5)部署集群 - -接下来,部署你的集群: - -使用 [ansible-playbook](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting-started.md#starting-custom-deployment) -进行集群部署。 - -```shell -ansible-playbook -i your/inventory/inventory.ini cluster.yml -b -v \ - --private-key=~/.ssh/private_key -``` - - -大型部署(超过 100 个节点) -可能需要[特定的调整](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/large-deployments.md), -以获得最佳效果。 - - -### (5/5)验证部署 - -Kubespray 提供了一种使用 -[Netchecker](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/netcheck.md) -验证 Pod 间连接和 DNS 解析的方法。 -Netchecker 确保 netchecker-agents Pod 可以解析 DNS 请求, -并在默认命名空间内对每个请求执行 ping 操作。 -这些 Pod 模仿其他工作负载类似的行为,并用作集群运行状况指示器。 - - -## 集群操作 {#cluster-operations} - -Kubespray 提供了其他 Playbook 来管理集群: **scale** 和 **upgrade**。 - - -### 扩展集群 {#scale-your-cluster} - -你可以通过运行 scale playbook 向集群中添加工作节点。有关更多信息, -请参见 “[添加节点](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting-started.md#adding-nodes)”。 -你可以通过运行 remove-node playbook 来从集群中删除工作节点。有关更多信息, -请参见 “[删除节点](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting-started.md#remove-nodes)”。 - - -### 升级集群 {#upgrade-your-cluster} - -你可以通过运行 upgrade-cluster Playbook 来升级集群。有关更多信息,请参见 -“[升级](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/upgrades.md)”。 - - -## 清理 {#cleanup} - -你可以通过 [reset playbook](https://github.com/kubernetes-sigs/kubespray/blob/master/reset.yml) -重置节点并清除所有与 Kubespray 一起安装的组件。 - -{{< caution >}} - -运行 reset playbook 时,请确保不要意外地将生产集群作为目标! -{{< /caution >}} - - -## 反馈 {#feedback} - -* Slack 频道:[#kubespray](https://kubernetes.slack.com/messages/kubespray/) - (你可以在[此处](https://slack.k8s.io/)获得邀请)。 -* [GitHub 问题](https://github.com/kubernetes-sigs/kubespray/issues)。 - -## {{% heading "whatsnext" %}} - - -* 查看有关 Kubespray - [路线图](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/roadmap.md)的计划工作。 -* 查阅有关 [Kubespray](https://github.com/kubernetes-sigs/kubespray) 的更多信息。 From 9f8b35d93f6b053069aadcec75ab78dee4078808 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 25 Nov 2023 18:56:38 +0000 Subject: [PATCH 044/279] Redo API encryption at rest explanation - Explain importance of protecting keys and other material that can be used to decrypt data in etcd - Revise the explanation for a non-KMS setup example --- .../tasks/administer-cluster/encrypt-data.md | 88 ++++++++++++++++--- 1 file changed, 74 insertions(+), 14 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md index 5a86d2df14c81..0da1250b76ed7 100644 --- a/content/en/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/en/docs/tasks/administer-cluster/encrypt-data.md @@ -311,7 +311,71 @@ Using envelope encryption creates dependence on the key encryption key, which is In the KMS case, an attacker who intends to get unauthorised access to the plaintext values would need to compromise etcd **and** the third-party KMS provider. -## Write an encryption configuration file +### Protection for encryption keys + +You should take appropriate measures to protect the confidential information that allows decryption, +whether that is a local encryption key, or an authentication token that allows the API server to +call KMS. + +Even when you rely on a provider to manage the use and lifecycle of the main encryption key (or keys), you are still responsible +for making sure that access controls and other security measures for the managed encryption service are +appropriate for your security needs. + +## Encrypt your data {#encrypting-your-data} + +{{< caution >}} +Storing the raw encryption key in the EncryptionConfig only moderately improves your security posture, +compared to no encryption. + +For additional secrecy, consider using the `kms` provider as this relies on keys held outside your +Kubernetes cluster. Implementations of `kms` can work with hardware security modules or with +encryption services managed by your cloud provider. +{{< /caution >}} + +### Generate the encryption key {#generate-key-no-kms} + +_These instructions explain how to set up non-KMS encryption. You can use these as a guide +to how you would configure KMS encryption; however, the specific details of that depend +on the (external) KMS integration that you are using._ + +Start by generating a new encryption key, and then encode it using base64: + +{{< tabs name="generate_encryption_key" >}} +{{% tab name="Linux" %}} +Generate a 32-byte random key and base64 encode it. You can use this command: +```shell +head -c 32 /dev/urandom | base64 +``` + +You can use `/dev/hwrng` instead of `/dev/urandom` if you want to +use your PC's built-in hardware entropy source. Not all Linux +devices provide a hardware random generator. +{{% /tab %}} +{{% tab name="macOS" %}} + +Generate a 32-byte random key and base64 encode it. You can use this command: +```shell +head -c 32 /dev/urandom | base64 +``` +{{% /tab %}} +{{% tab name="Windows" %}} +Generate a 32-byte random key and base64 encode it. You can use this command: +```powershell +# Do not run this in a session where you have set a random number +# generator seed. +[Convert]::ToBase64String((1..32|%{[byte](Get-Random -Max 256)})) +``` +{{% /tab %}} +{{< /tabs >}} + + +{{< note >}} +Keep the encryption key confidential, including whilst you generate it and +ideally even after you are no longer actively using it. +{{< /note >}} + +### Write an encryption configuration file {{< caution >}} The encryption configuration file may contain keys that can decrypt content in etcd. @@ -341,22 +405,15 @@ resources: # for example, during initial migration ``` -To create a new Secret, perform the following steps: - -1. Generate a 32-byte random key and base64 encode it. If you're on Linux or macOS, run the following command: - - ```shell - head -c 32 /dev/urandom | base64 - ``` +To create a new encryption key (that does not use KMS), see +[Generate the encryption key](#generate-key-no-kms). -1. Place that value in the `secret` field of the `EncryptionConfiguration` struct. -1. Set the `--encryption-provider-config` flag on the `kube-apiserver` to point to - the location of the config file. +### Use the new encryption configuration file - You will need to mount the new encryption config file to the `kube-apiserver` static pod. Here is an example on how to do that: +You will need to mount the new encryption config file to the `kube-apiserver` static pod. Here is an example on how to do that: - 1. Save the new encryption config file to `/etc/kubernetes/enc/enc.yaml` on the control-plane node. - 1. Edit the manifest for the `kube-apiserver` static pod: `/etc/kubernetes/manifests/kube-apiserver.yaml` similarly to this: +1. Save the new encryption config file to `/etc/kubernetes/enc/enc.yaml` on the control-plane node. +1. Edit the manifest for the `kube-apiserver` static pod: `/etc/kubernetes/manifests/kube-apiserver.yaml` so that it is similar to: ```yaml --- @@ -403,6 +460,9 @@ Your config file contains keys that can decrypt the contents in etcd, so you mus permissions on your control-plane nodes so only the user who runs the `kube-apiserver` can read it. {{< /caution >}} +You now have encryption in place for **one** control plane host. A typical +Kubernetes cluster has multiple control plane hosts, so there is more to do. + ### Reconfigure other control plane hosts {#api-server-config-update-more} If you have multiple API servers in your cluster, you should deploy the From ada845e5e1c434f5fdda74f7c9fc1571a59cdb0c Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sat, 25 Nov 2023 19:08:18 +0000 Subject: [PATCH 045/279] Link to KMS setup doc --- .../docs/tasks/administer-cluster/encrypt-data.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md index 0da1250b76ed7..4670897aba47e 100644 --- a/content/en/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/en/docs/tasks/administer-cluster/encrypt-data.md @@ -323,6 +323,8 @@ appropriate for your security needs. ## Encrypt your data {#encrypting-your-data} +### Generate the encryption key {#generate-key-no-kms} + {{< caution >}} Storing the raw encryption key in the EncryptionConfig only moderately improves your security posture, compared to no encryption. @@ -330,13 +332,12 @@ compared to no encryption. For additional secrecy, consider using the `kms` provider as this relies on keys held outside your Kubernetes cluster. Implementations of `kms` can work with hardware security modules or with encryption services managed by your cloud provider. -{{< /caution >}} -### Generate the encryption key {#generate-key-no-kms} - -_These instructions explain how to set up non-KMS encryption. You can use these as a guide -to how you would configure KMS encryption; however, the specific details of that depend -on the (external) KMS integration that you are using._ +To learn about setting +up encryption at rest using KMS, see +[Using a KMS provider for data encryption](/docs/tasks/administer-cluster/kms-provider/). +The KMS provider plugin that you use may also come with additional specific documentation. +{{< /caution >}} Start by generating a new encryption key, and then encode it using base64: From 028069c8085fba23c87be8416120a6f744d97665 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 21 Aug 2023 18:36:51 +0800 Subject: [PATCH 046/279] Add reference for kubectl command The prvious [kubectl reference](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands) has some problems to resolve and we had never had the luck invest resource into it. The issues include: - The kubectl reference is a HTML file, with its own look & feel that is different from the rest of the website. - The kubectl generator is using a container `brianpursley/brodocs:latest` which has not seen any maintenance for over severl years. ... and now, it is broken. The `make cli` command no longer works, and we don't know where the source code is. - The current kubectl reference is not suitable for browsing on small devices. A huge portion of the screen asset is occupied by the examples layer. We don't like it and we can do nothing about it. The added reference for kubectl is generated using the same generator we use for other k8s components, so the source code is in the 'kubernetes-sig/reference-docs" projects. There is no additional effort to generate them. The only thing we need to do for each release is to update it just like we do for other k8s components. --- content/en/docs/reference/kubectl/_index.md | 4 +- .../reference/kubectl/generated/_index.md | 5 + .../reference/kubectl/generated/kubectl.md | 308 +++++++++++ .../kubectl/generated/kubectl_alpha.md | 275 ++++++++++ .../kubectl/generated/kubectl_alpha_auth.md | 279 ++++++++++ .../generated/kubectl_alpha_auth_whoami.md | 320 ++++++++++++ .../kubectl/generated/kubectl_annotate.md | 427 +++++++++++++++ .../generated/kubectl_api-resources.md | 356 +++++++++++++ .../kubectl/generated/kubectl_api-versions.md | 285 ++++++++++ .../kubectl/generated/kubectl_apply.md | 469 +++++++++++++++++ .../kubectl_apply_edit-last-applied.md | 366 +++++++++++++ .../kubectl_apply_set-last-applied.md | 340 ++++++++++++ .../kubectl_apply_view-last-applied.md | 332 ++++++++++++ .../kubectl/generated/kubectl_attach.md | 331 ++++++++++++ .../kubectl/generated/kubectl_auth.md | 281 ++++++++++ .../kubectl/generated/kubectl_auth_can-i.md | 345 ++++++++++++ .../generated/kubectl_auth_reconcile.md | 363 +++++++++++++ .../kubectl/generated/kubectl_auth_whoami.md | 320 ++++++++++++ .../kubectl/generated/kubectl_autoscale.md | 388 ++++++++++++++ .../kubectl/generated/kubectl_certificate.md | 280 ++++++++++ .../generated/kubectl_certificate_approve.md | 345 ++++++++++++ .../generated/kubectl_certificate_deny.md | 343 ++++++++++++ .../kubectl/generated/kubectl_cluster-info.md | 286 ++++++++++ .../generated/kubectl_cluster-info_dump.md | 352 +++++++++++++ .../kubectl/generated/kubectl_completion.md | 342 ++++++++++++ .../kubectl/generated/kubectl_config.md | 299 +++++++++++ .../kubectl_config_current-context.md | 285 ++++++++++ .../kubectl_config_delete-cluster.md | 285 ++++++++++ .../kubectl_config_delete-context.md | 285 ++++++++++ .../generated/kubectl_config_delete-user.md | 285 ++++++++++ .../generated/kubectl_config_get-clusters.md | 285 ++++++++++ .../generated/kubectl_config_get-contexts.md | 302 +++++++++++ .../generated/kubectl_config_get-users.md | 285 ++++++++++ .../kubectl_config_rename-context.md | 291 +++++++++++ .../generated/kubectl_config_set-cluster.md | 313 +++++++++++ .../generated/kubectl_config_set-context.md | 294 +++++++++++ .../kubectl_config_set-credentials.md | 375 +++++++++++++ .../kubectl/generated/kubectl_config_set.md | 307 +++++++++++ .../kubectl/generated/kubectl_config_unset.md | 290 +++++++++++ .../generated/kubectl_config_use-context.md | 285 ++++++++++ .../kubectl/generated/kubectl_config_view.md | 349 +++++++++++++ .../kubectl/generated/kubectl_cordon.md | 299 +++++++++++ .../reference/kubectl/generated/kubectl_cp.md | 328 ++++++++++++ .../kubectl/generated/kubectl_create.md | 415 +++++++++++++++ .../generated/kubectl_create_clusterrole.md | 391 ++++++++++++++ .../kubectl_create_clusterrolebinding.md | 362 +++++++++++++ .../generated/kubectl_create_configmap.md | 387 ++++++++++++++ .../generated/kubectl_create_cronjob.md | 365 +++++++++++++ .../generated/kubectl_create_deployment.md | 371 +++++++++++++ .../generated/kubectl_create_ingress.md | 402 ++++++++++++++ .../kubectl/generated/kubectl_create_job.md | 361 +++++++++++++ .../generated/kubectl_create_namespace.md | 341 ++++++++++++ .../kubectl_create_poddisruptionbudget.md | 367 +++++++++++++ .../generated/kubectl_create_priorityclass.md | 375 +++++++++++++ .../kubectl/generated/kubectl_create_quota.md | 358 +++++++++++++ .../kubectl/generated/kubectl_create_role.md | 371 +++++++++++++ .../generated/kubectl_create_rolebinding.md | 372 +++++++++++++ .../generated/kubectl_create_secret.md | 287 ++++++++++ .../kubectl_create_secret_docker-registry.md | 397 ++++++++++++++ .../kubectl_create_secret_generic.md | 394 ++++++++++++++ .../generated/kubectl_create_secret_tls.md | 364 +++++++++++++ .../generated/kubectl_create_service.md | 282 ++++++++++ .../kubectl_create_service_clusterip.md | 358 +++++++++++++ .../kubectl_create_service_externalname.md | 357 +++++++++++++ .../kubectl_create_service_loadbalancer.md | 348 +++++++++++++ .../kubectl_create_service_nodeport.md | 355 +++++++++++++ .../kubectl_create_serviceaccount.md | 341 ++++++++++++ .../kubectl/generated/kubectl_create_token.md | 363 +++++++++++++ .../kubectl/generated/kubectl_debug.md | 428 +++++++++++++++ .../kubectl/generated/kubectl_delete.md | 438 ++++++++++++++++ .../kubectl/generated/kubectl_describe.md | 358 +++++++++++++ .../kubectl/generated/kubectl_diff.md | 375 +++++++++++++ .../kubectl/generated/kubectl_drain.md | 373 +++++++++++++ .../kubectl/generated/kubectl_edit.md | 400 ++++++++++++++ .../kubectl/generated/kubectl_events.md | 369 +++++++++++++ .../kubectl/generated/kubectl_exec.md | 347 +++++++++++++ .../kubectl/generated/kubectl_explain.md | 326 ++++++++++++ .../kubectl/generated/kubectl_expose.md | 470 +++++++++++++++++ .../kubectl/generated/kubectl_get.md | 485 +++++++++++++++++ .../kubectl/generated/kubectl_kustomize.md | 361 +++++++++++++ .../kubectl/generated/kubectl_label.md | 425 +++++++++++++++ .../kubectl/generated/kubectl_logs.md | 420 +++++++++++++++ .../kubectl/generated/kubectl_options.md | 285 ++++++++++ .../kubectl/generated/kubectl_patch.md | 402 ++++++++++++++ .../kubectl/generated/kubectl_plugin.md | 283 ++++++++++ .../kubectl/generated/kubectl_plugin_list.md | 294 +++++++++++ .../kubectl/generated/kubectl_port-forward.md | 321 ++++++++++++ .../kubectl/generated/kubectl_proxy.md | 395 ++++++++++++++ .../kubectl/generated/kubectl_replace.md | 424 +++++++++++++++ .../kubectl/generated/kubectl_rollout.md | 306 +++++++++++ .../generated/kubectl_rollout_history.md | 351 +++++++++++++ .../generated/kubectl_rollout_pause.md | 352 +++++++++++++ .../generated/kubectl_rollout_restart.md | 356 +++++++++++++ .../generated/kubectl_rollout_resume.md | 350 +++++++++++++ .../generated/kubectl_rollout_status.md | 336 ++++++++++++ .../kubectl/generated/kubectl_rollout_undo.md | 361 +++++++++++++ .../kubectl/generated/kubectl_run.md | 491 ++++++++++++++++++ .../kubectl/generated/kubectl_scale.md | 399 ++++++++++++++ .../kubectl/generated/kubectl_set.md | 286 ++++++++++ .../kubectl/generated/kubectl_set_env.md | 464 +++++++++++++++++ .../kubectl/generated/kubectl_set_image.md | 382 ++++++++++++++ .../generated/kubectl_set_resources.md | 403 ++++++++++++++ .../kubectl/generated/kubectl_set_selector.md | 365 +++++++++++++ .../generated/kubectl_set_serviceaccount.md | 369 +++++++++++++ .../kubectl/generated/kubectl_set_subject.md | 389 ++++++++++++++ .../kubectl/generated/kubectl_taint.md | 375 +++++++++++++ .../kubectl/generated/kubectl_top.md | 284 ++++++++++ .../kubectl/generated/kubectl_top_node.md | 325 ++++++++++++ .../kubectl/generated/kubectl_top_pod.md | 354 +++++++++++++ .../kubectl/generated/kubectl_uncordon.md | 299 +++++++++++ .../kubectl/generated/kubectl_version.md | 299 +++++++++++ .../kubectl/generated/kubectl_wait.md | 395 ++++++++++++++ .../en/docs/reference/kubectl/kubectl-cmds.md | 2 +- 113 files changed, 38537 insertions(+), 3 deletions(-) create mode 100644 content/en/docs/reference/kubectl/generated/_index.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_alpha.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_alpha_auth_whoami.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_annotate.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_api-resources.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_api-versions.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_apply.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_apply_edit-last-applied.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_apply_set-last-applied.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_apply_view-last-applied.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_attach.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_auth.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_auth_can-i.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_auth_reconcile.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_auth_whoami.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_autoscale.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_certificate.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_certificate_approve.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_certificate_deny.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_cluster-info.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_cluster-info_dump.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_completion.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_current-context.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_delete-cluster.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_delete-context.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_delete-user.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_get-clusters.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_get-contexts.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_get-users.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_rename-context.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_set-cluster.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_set-context.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_set-credentials.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_set.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_unset.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_use-context.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_config_view.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_cordon.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_cp.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_clusterrole.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_clusterrolebinding.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_configmap.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_cronjob.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_deployment.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_ingress.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_job.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_namespace.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_poddisruptionbudget.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_priorityclass.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_quota.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_role.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_rolebinding.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_secret.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_secret_docker-registry.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_secret_generic.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_secret_tls.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_service.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_service_clusterip.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_service_externalname.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_service_loadbalancer.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_service_nodeport.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_serviceaccount.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_create_token.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_debug.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_delete.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_describe.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_diff.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_drain.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_edit.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_events.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_exec.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_explain.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_expose.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_get.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_kustomize.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_label.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_logs.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_options.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_patch.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_plugin.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_plugin_list.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_port-forward.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_proxy.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_replace.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_rollout.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_rollout_history.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_rollout_pause.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_rollout_restart.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_rollout_resume.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_rollout_status.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_rollout_undo.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_run.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_scale.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_set.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_set_env.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_set_image.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_set_resources.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_set_selector.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_set_serviceaccount.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_set_subject.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_taint.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_top.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_top_node.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_top_pod.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_uncordon.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_version.md create mode 100644 content/en/docs/reference/kubectl/generated/kubectl_wait.md diff --git a/content/en/docs/reference/kubectl/_index.md b/content/en/docs/reference/kubectl/_index.md index f04d5edcf9d98..fa62806d94e59 100644 --- a/content/en/docs/reference/kubectl/_index.md +++ b/content/en/docs/reference/kubectl/_index.md @@ -21,7 +21,7 @@ files by setting the `KUBECONFIG` environment variable or by setting the This overview covers `kubectl` syntax, describes the command operations, and provides common examples. For details about each command, including all the supported flags and subcommands, see the -[kubectl](/docs/reference/generated/kubectl/kubectl-commands/) reference documentation. +[kubectl](/docs/reference/kubectl/generated/kubectl/) reference documentation. For installation instructions, see [Installing kubectl](/docs/tasks/tools/#kubectl); for a quick guide, see the [cheat sheet](/docs/reference/kubectl/cheatsheet/). @@ -582,7 +582,7 @@ Current user: plugins-user * Read the `kubectl` reference documentation: * the kubectl [command reference](/docs/reference/kubectl/kubectl/) - * the [command line arguments](/docs/reference/generated/kubectl/kubectl-commands/) reference + * the [command line arguments](/docs/reference/kubectl/generated/kubectl/) reference * Learn about [`kubectl` usage conventions](/docs/reference/kubectl/conventions/) * Read about [JSONPath support](/docs/reference/kubectl/jsonpath/) in kubectl * Read about how to [extend kubectl with plugins](/docs/tasks/extend-kubectl/kubectl-plugins) diff --git a/content/en/docs/reference/kubectl/generated/_index.md b/content/en/docs/reference/kubectl/generated/_index.md new file mode 100644 index 0000000000000..4d0f874a6b624 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/_index.md @@ -0,0 +1,5 @@ +--- +title: "kubectl reference" +weight: 10 +--- + diff --git a/content/en/docs/reference/kubectl/generated/kubectl.md b/content/en/docs/reference/kubectl/generated/kubectl.md new file mode 100644 index 0000000000000..750e9c196ac24 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl.md @@ -0,0 +1,308 @@ +--- +title: kubectl +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +kubectl controls the Kubernetes cluster manager. + + Find more information at: https://kubernetes.io/docs/reference/kubectl/ + +``` +kubectl [flags] +``` + +## {{% heading "options" %}} + +
      字段描述
      certificateKey
      @@ -1646,7 +1629,7 @@ they are downloaded from the secret upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration. -->

      certificateKey 是在添加新的控制面节点时用来解密所下载的 -Secret 中的证书的秘钥。对应的加密秘钥在 InitConfiguration 结构中。

      +Secret 中的证书的密钥。对应的加密密钥在 InitConfiguration 结构中。
      extraArgs
      @@ -1706,8 +1689,7 @@ inside a static Pod. A key in this map is the flag name as it appears on the command line except without leading dash(es). -->

      extraArgs 是为 etcd 可执行文件提供的额外参数,用于在静态 -Pod 中运行 etcd。映射中的每一个键对应命令行上的一个标志参数,只是去掉了 -前置的连字符。

      +Pod 中运行 etcd。映射中的每一个键对应命令行上的一个标志参数,只是去掉了前置的连字符。
      serverCertSANs
      @@ -1718,8 +1700,8 @@ Pod 中运行 etcd。映射中的每一个键对应命令行上的一个标志 serverCertSANs sets extra Subject Alternative Names (SANs) for the etcd server signing certificate. --> -

      serverCertSANs 为 etcd 服务器的签名证书设置额外的 -主体替代名(Subject Alternative Names,SAN)。

      +

      serverCertSANs 为 etcd + 服务器的签名证书设置额外的主体替代名(Subject Alternative Names,SAN)。
      peerCertSANs
      @@ -1730,8 +1712,8 @@ server signing certificate. peerCertSANs sets extra Subject Alternative Names (SANs) for the etcd peer signing certificate. --> -

      peerCertSANs 为 etcd 的对等端签名证书设置额外的 -主体替代名(Subject Alternative Names,SAN)。

      +

      peerCertSANs 为 etcd + 的对等端签名证书设置额外的主体替代名(Subject Alternative Names,SAN)。
      ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      -h, --help

      help for kubectl

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl annotate](kubectl_annotate/) - Update the annotations on a resource +* [kubectl api-resources](kubectl_api-resources/) - Print the supported API resources on the server +* [kubectl api-versions](kubectl_api-versions/) - Print the supported API versions on the server, in the form of "group/version" +* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin +* [kubectl attach](kubectl_attach/) - Attach to a running container +* [kubectl auth](kubectl_auth/) - Inspect authorization +* [kubectl autoscale](kubectl_autoscale/) - Auto-scale a deployment, replica set, stateful set, or replication controller +* [kubectl certificate](kubectl_certificate/) - Modify certificate resources +* [kubectl cluster-info](kubectl_cluster-info/) - Display cluster information +* [kubectl completion](kubectl_completion/) - Output shell completion code for the specified shell (bash, zsh, fish, or powershell) +* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl cordon](kubectl_cordon/) - Mark node as unschedulable +* [kubectl cp](kubectl_cp/) - Copy files and directories to and from containers +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl debug](kubectl_debug/) - Create debugging sessions for troubleshooting workloads and nodes +* [kubectl delete](kubectl_delete/) - Delete resources by file names, stdin, resources and names, or by resources and label selector +* [kubectl describe](kubectl_describe/) - Show details of a specific resource or group of resources +* [kubectl diff](kubectl_diff/) - Diff the live version against a would-be applied version +* [kubectl drain](kubectl_drain/) - Drain node in preparation for maintenance +* [kubectl edit](kubectl_edit/) - Edit a resource on the server +* [kubectl events](kubectl_events/) - List events +* [kubectl exec](kubectl_exec/) - Execute a command in a container +* [kubectl explain](kubectl_explain/) - Get documentation for a resource +* [kubectl expose](kubectl_expose/) - Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service +* [kubectl get](kubectl_get/) - Display one or many resources +* [kubectl kustomize](kubectl_kustomize/) - Build a kustomization target from a directory or URL +* [kubectl label](kubectl_label/) - Update the labels on a resource +* [kubectl logs](kubectl_logs/) - Print the logs for a container in a pod +* [kubectl options](kubectl_options/) - Print the list of flags inherited by all commands +* [kubectl patch](kubectl_patch/) - Update fields of a resource +* [kubectl plugin](kubectl_plugin/) - Provides utilities for interacting with plugins +* [kubectl port-forward](kubectl_port-forward/) - Forward one or more local ports to a pod +* [kubectl proxy](kubectl_proxy/) - Run a proxy to the Kubernetes API server +* [kubectl replace](kubectl_replace/) - Replace a resource by file name or stdin +* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource +* [kubectl run](kubectl_run/) - Run a particular image on the cluster +* [kubectl scale](kubectl_scale/) - Set a new size for a deployment, replica set, or replication controller +* [kubectl set](kubectl_set/) - Set specific features on objects +* [kubectl taint](kubectl_taint/) - Update the taints on one or more nodes +* [kubectl top](kubectl_top/) - Display resource (CPU/memory) usage +* [kubectl uncordon](kubectl_uncordon/) - Mark node as schedulable +* [kubectl version](kubectl_version/) - Print the client and server version information +* [kubectl wait](kubectl_wait/) - Experimental: Wait for a specific condition on one or many resources + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_alpha.md b/content/en/docs/reference/kubectl/generated/kubectl_alpha.md new file mode 100644 index 0000000000000..bf42148a97cfb --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_alpha.md @@ -0,0 +1,275 @@ +--- +title: kubectl alpha +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +These commands correspond to alpha features that are not enabled in Kubernetes clusters by default. + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for alpha

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      Print version information and quit

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager +* [kubectl alpha auth](kubectl_alpha_auth.md) - Inspect authorization + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md b/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md new file mode 100644 index 0000000000000..0a2454243c3a8 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md @@ -0,0 +1,279 @@ +--- +title: kubectl alpha auth +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Inspect authorization + +``` +kubectl alpha auth [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for auth

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      Print version information and quit

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl alpha](kubectl_alpha.md) - Commands for features in alpha +* [kubectl alpha auth whoami](kubectl_alpha_auth_whoami.md) - Experimental: Check self subject attributes + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth_whoami.md b/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth_whoami.md new file mode 100644 index 0000000000000..d9faa0bcd57d7 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth_whoami.md @@ -0,0 +1,320 @@ +--- +title: kubectl alpha auth whoami +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Experimental: Check who you are and your attributes (groups, extra). + + This command is helpful to get yourself aware of the current user attributes, + especially when dynamic authentication, e.g., token webhook, auth proxy, or OIDC provider, + is enabled in the Kubernetes cluster. + +``` +kubectl alpha auth whoami +``` + +## {{% heading "examples" %}} + +``` + # Get your subject attributes. + kubectl alpha auth whoami + + # Get your subject attributes in JSON format. + kubectl alpha auth whoami -o json +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -h, --help

      help for whoami

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      Print version information and quit

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl alpha auth](kubectl_alpha_auth.md) - Inspect authorization + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_annotate.md b/content/en/docs/reference/kubectl/generated/kubectl_annotate.md new file mode 100644 index 0000000000000..10e18cd274182 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_annotate.md @@ -0,0 +1,427 @@ +--- +title: kubectl annotate +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update the annotations on one or more resources. + + All Kubernetes objects support the ability to store additional data with the object as annotations. Annotations are key/value pairs that can be larger than labels and include arbitrary string values such as structured JSON. Tools and system extensions may use annotations to store their own data. + + Attempting to set an annotation that already exists will fail unless --overwrite is set. If --resource-version is specified and does not match the current resource version on the server the command will fail. + +Use "kubectl api-resources" for a complete list of supported resources. + +``` +kubectl annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version] +``` + +## {{% heading "examples" %}} + +``` + # Update pod 'foo' with the annotation 'description' and the value 'my frontend' + # If the same annotation is set multiple times, only the last value will be applied + kubectl annotate pods foo description='my frontend' + + # Update a pod identified by type and name in "pod.json" + kubectl annotate -f pod.json description='my frontend' + + # Update pod 'foo' with the annotation 'description' and the value 'my frontend running nginx', overwriting any existing value + kubectl annotate --overwrite pods foo description='my frontend running nginx' + + # Update all pods in the namespace + kubectl annotate pods --all description='my frontend running nginx' + + # Update pod 'foo' only if the resource is unchanged from version 1 + kubectl annotate pods foo description='my frontend running nginx' --resource-version=1 + + # Update pod 'foo' by removing an annotation named 'description' if it exists + # Does not require the --overwrite flag + kubectl annotate pods foo description- +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources, in the namespace of the specified resource types.

      -A, --all-namespaces

      If true, check the specified action in all namespaces.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-annotate"

      Name of the manager used to track field ownership.

      --field-selector string

      Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to update the annotation

      -h, --help

      help for annotate

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --list

      If true, display the annotations for a given resource.

      --local

      If true, annotation will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --overwrite

      If true, allow annotations to be overwritten, otherwise reject annotation updates that overwrite existing annotations.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --resource-version string

      If non-empty, the annotation update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_api-resources.md b/content/en/docs/reference/kubectl/generated/kubectl_api-resources.md new file mode 100644 index 0000000000000..7c54f4d0f1fbe --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_api-resources.md @@ -0,0 +1,356 @@ +--- +title: kubectl api-resources +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Print the supported API resources on the server. + +``` +kubectl api-resources [flags] +``` + +## {{% heading "examples" %}} + +``` + # Print the supported API resources + kubectl api-resources + + # Print the supported API resources with more information + kubectl api-resources -o wide + + # Print the supported API resources sorted by a column + kubectl api-resources --sort-by=name + + # Print the supported namespaced resources + kubectl api-resources --namespaced=true + + # Print the supported non-namespaced resources + kubectl api-resources --namespaced=false + + # Print the supported API resources with a specific APIGroup + kubectl api-resources --api-group=rbac.authorization.k8s.io +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --api-group string

      Limit to resources in the specified API group.

      --cached

      Use the cached list of resources if available.

      --categories strings

      Limit to resources that belong to the specified categories.

      -h, --help

      help for api-resources

      --namespaced     Default: true

      If false, non-namespaced resources will be returned, otherwise returning namespaced resources by default.

      --no-headers

      When using the default or custom-column output format, don't print headers (default print headers).

      -o, --output string

      Output format. One of: (wide, name).

      --sort-by string

      If non-empty, sort list of resources using specified field. The field can be either 'name' or 'kind'.

      --verbs strings

      Limit to resources that support the specified verbs.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_api-versions.md b/content/en/docs/reference/kubectl/generated/kubectl_api-versions.md new file mode 100644 index 0000000000000..6439051732f82 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_api-versions.md @@ -0,0 +1,285 @@ +--- +title: kubectl api-versions +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Print the supported API versions on the server, in the form of "group/version". + +``` +kubectl api-versions +``` + +## {{% heading "examples" %}} + +``` + # Print the supported API versions + kubectl api-versions +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for api-versions

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply.md b/content/en/docs/reference/kubectl/generated/kubectl_apply.md new file mode 100644 index 0000000000000..a7ea7ab281f7d --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply.md @@ -0,0 +1,469 @@ +--- +title: kubectl apply +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Apply a configuration to a resource by file name or stdin. The resource name must be specified. This resource will be created if it doesn't exist yet. To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'. + + JSON and YAML formats are accepted. + + Alpha Disclaimer: the --prune functionality is not yet complete. Do not use unless you are aware of what the current state is. See https://issues.k8s.io/34274. + +``` +kubectl apply (-f FILENAME | -k DIRECTORY) +``` + +## {{% heading "examples" %}} + +``` + # Apply the configuration in pod.json to a pod + kubectl apply -f ./pod.json + + # Apply resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml + kubectl apply -k dir/ + + # Apply the JSON passed into stdin to a pod + cat pod.json | kubectl apply -f - + + # Apply the configuration from all files that end with '.json' + kubectl apply -f '*.json' + + # Note: --prune is still in Alpha + # Apply the configuration in manifest.yaml that matches label app=nginx and delete all other resources that are not in the file and match label app=nginx + kubectl apply --prune -f manifest.yaml -l app=nginx + + # Apply the configuration in manifest.yaml and delete all the other config maps that are not in the file + kubectl apply --prune -f manifest.yaml --all --prune-allowlist=core/v1/ConfigMap +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources in the namespace of the specified resource types.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --cascade string[="background"]     Default: "background"

      Must be "background", "orphan", or "foreground". Selects the deletion cascading strategy for the dependents (e.g. Pods created by a ReplicationController). Defaults to background.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-client-side-apply"

      Name of the manager used to track field ownership.

      -f, --filename strings

      The files that contain the configurations to apply.

      --force

      If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.

      --force-conflicts

      If true, server-side apply will force the changes against conflicts.

      --grace-period int     Default: -1

      Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).

      -h, --help

      help for apply

      -k, --kustomize string

      Process a kustomization directory. This flag can't be used together with -f or -R.

      --openapi-patch     Default: true

      If true, use openapi to calculate diff when the openapi presents and the resource can be found in the openapi spec. Otherwise, fall back to use baked-in types.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --overwrite     Default: true

      Automatically resolve conflicts between the modified and live configuration by using values from the modified configuration

      --prune

      Automatically delete resource objects, that do not appear in the configs and are created by either apply or create --save-config. Should be used with either -l or --all.

      --prune-allowlist strings

      Overwrite the default allowlist with <group/version/kind> for --prune

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --server-side

      If true, apply runs in the server instead of the client.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --timeout duration

      The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --wait

      If true, wait for resources to be gone before returning. This waits for finalizers.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl apply edit-last-applied](kubectl_apply_edit-last-applied/) - Edit latest last-applied-configuration annotations of a resource/object +* [kubectl apply set-last-applied](kubectl_apply_set-last-applied/) - Set the last-applied-configuration annotation on a live object to match the contents of a file +* [kubectl apply view-last-applied](kubectl_apply_view-last-applied/) - View the latest last-applied-configuration annotations of a resource/object + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply_edit-last-applied.md b/content/en/docs/reference/kubectl/generated/kubectl_apply_edit-last-applied.md new file mode 100644 index 0000000000000..0a1c2c218e98d --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply_edit-last-applied.md @@ -0,0 +1,366 @@ +--- +title: kubectl apply edit-last-applied +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Edit the latest last-applied-configuration annotations of resources from the default editor. + + The edit-last-applied command allows you to directly edit any API resource you can retrieve via the command-line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts file names as well as command-line arguments, although the files you point to must be previously saved versions of resources. + + The default format is YAML. To edit in JSON, specify "-o json". + + The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used. + + In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version. + +``` +kubectl apply edit-last-applied (RESOURCE/NAME | -f FILENAME) +``` + +## {{% heading "examples" %}} + +``` + # Edit the last-applied-configuration annotations by type/name in YAML + kubectl apply edit-last-applied deployment/nginx + + # Edit the last-applied-configuration annotations by file in JSON + kubectl apply edit-last-applied -f deploy.yaml -o json +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --field-manager string     Default: "kubectl-client-side-apply"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files to use to edit the resource

      -h, --help

      help for edit-last-applied

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --windows-line-endings

      Defaults to the line ending native to your platform.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply_set-last-applied.md b/content/en/docs/reference/kubectl/generated/kubectl_apply_set-last-applied.md new file mode 100644 index 0000000000000..5129c8d58f0d2 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply_set-last-applied.md @@ -0,0 +1,340 @@ +--- +title: kubectl apply set-last-applied +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set the latest last-applied-configuration annotations by setting it to match the contents of a file. This results in the last-applied-configuration being updated as though 'kubectl apply -f<file> ' was run, without updating any other parts of the object. + +``` +kubectl apply set-last-applied -f FILENAME +``` + +## {{% heading "examples" %}} + +``` + # Set the last-applied-configuration of a resource to match the contents of a file + kubectl apply set-last-applied -f deploy.yaml + + # Execute set-last-applied against each configuration file in a directory + kubectl apply set-last-applied -f path/ + + # Set the last-applied-configuration of a resource to match the contents of a file; will create the annotation if it does not already exist + kubectl apply set-last-applied -f deploy.yaml --create-annotation=true +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --create-annotation

      Will create 'last-applied-configuration' annotations if current objects doesn't have one

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      -f, --filename strings

      Filename, directory, or URL to files that contains the last-applied-configuration annotations

      -h, --help

      help for set-last-applied

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply_view-last-applied.md b/content/en/docs/reference/kubectl/generated/kubectl_apply_view-last-applied.md new file mode 100644 index 0000000000000..b4b1435739387 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply_view-last-applied.md @@ -0,0 +1,332 @@ +--- +title: kubectl apply view-last-applied +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +View the latest last-applied-configuration annotations by type/name or file. + + The default output will be printed to stdout in YAML format. You can use the -o option to change the output format. + +``` +kubectl apply view-last-applied (TYPE [NAME | -l label] | TYPE/NAME | -f FILENAME) +``` + +## {{% heading "examples" %}} + +``` + # View the last-applied-configuration annotations by type/name in YAML + kubectl apply view-last-applied deployment/nginx + + # View the last-applied-configuration annotations by file in JSON + kubectl apply view-last-applied -f deploy.yaml -o json +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources in the namespace of the specified resource types

      -f, --filename strings

      Filename, directory, or URL to files that contains the last-applied-configuration annotations

      -h, --help

      help for view-last-applied

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string     Default: "yaml"

      Output format. Must be one of (yaml, json)

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_attach.md b/content/en/docs/reference/kubectl/generated/kubectl_attach.md new file mode 100644 index 0000000000000..69e88e550cd8c --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_attach.md @@ -0,0 +1,331 @@ +--- +title: kubectl attach +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Attach to a process that is already running inside an existing container. + +``` +kubectl attach (POD | TYPE/NAME) -c CONTAINER +``` + +## {{% heading "examples" %}} + +``` + # Get output from running pod mypod; use the 'kubectl.kubernetes.io/default-container' annotation + # for selecting the container to be attached or the first container in the pod will be chosen + kubectl attach mypod + + # Get output from ruby-container from pod mypod + kubectl attach mypod -c ruby-container + + # Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod + # and sends stdout/stderr from 'bash' back to the client + kubectl attach mypod -c ruby-container -i -t + + # Get output from the first pod of a replica set named nginx + kubectl attach rs/nginx +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -c, --container string

      Container name. If omitted, use the kubectl.kubernetes.io/default-container annotation for selecting the container to be attached or the first container in the pod will be chosen

      -h, --help

      help for attach

      --pod-running-timeout duration     Default: 1m0s

      The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

      -q, --quiet

      Only print output from the remote session

      -i, --stdin

      Pass stdin to the container

      -t, --tty

      Stdin is a TTY

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth.md b/content/en/docs/reference/kubectl/generated/kubectl_auth.md new file mode 100644 index 0000000000000..5005a7812eb7e --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth.md @@ -0,0 +1,281 @@ +--- +title: kubectl auth +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Inspect authorization. + +``` +kubectl auth [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for auth

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl auth can-i](kubectl_auth_can-i/) - Check whether an action is allowed +* [kubectl auth reconcile](kubectl_auth_reconcile/) - Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects +* [kubectl auth whoami](kubectl_auth_whoami/) - Experimental: Check self subject attributes + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth_can-i.md b/content/en/docs/reference/kubectl/generated/kubectl_auth_can-i.md new file mode 100644 index 0000000000000..3a8c593f7d527 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth_can-i.md @@ -0,0 +1,345 @@ +--- +title: kubectl auth can-i +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Check whether an action is allowed. + + VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL that starts with "/". NAME is the name of a particular Kubernetes resource. This command pairs nicely with impersonation. See --as global flag. + +``` +kubectl auth can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL] +``` + +## {{% heading "examples" %}} + +``` + # Check to see if I can create pods in any namespace + kubectl auth can-i create pods --all-namespaces + + # Check to see if I can list deployments in my current namespace + kubectl auth can-i list deployments.apps + + # Check to see if service account "foo" of namespace "dev" can list pods + # in the namespace "prod". + # You must be allowed to use impersonation for the global option "--as". + kubectl auth can-i list pods --as=system:serviceaccount:dev:foo -n prod + + # Check to see if I can do everything in my current namespace ("*" means all) + kubectl auth can-i '*' '*' + + # Check to see if I can get the job named "bar" in namespace "foo" + kubectl auth can-i list jobs.batch/bar -n foo + + # Check to see if I can read pod logs + kubectl auth can-i get pods --subresource=log + + # Check to see if I can access the URL /logs/ + kubectl auth can-i get /logs/ + + # List all allowed actions in namespace "foo" + kubectl auth can-i --list --namespace=foo +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -A, --all-namespaces

      If true, check the specified action in all namespaces.

      -h, --help

      help for can-i

      --list

      If true, prints all allowed actions.

      --no-headers

      If true, prints allowed actions without headers

      -q, --quiet

      If true, suppress output and just return the exit code.

      --subresource string

      SubResource such as pod/log or deployment/scale

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl auth](kubectl_auth/) - Inspect authorization + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth_reconcile.md b/content/en/docs/reference/kubectl/generated/kubectl_auth_reconcile.md new file mode 100644 index 0000000000000..7ff6f02534bbf --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth_reconcile.md @@ -0,0 +1,363 @@ +--- +title: kubectl auth reconcile +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects. + + Missing objects are created, and the containing namespace is created for namespaced objects, if required. + + Existing roles are updated to include the permissions in the input objects, and remove extra permissions if --remove-extra-permissions is specified. + + Existing bindings are updated to include the subjects in the input objects, and remove extra subjects if --remove-extra-subjects is specified. + + This is preferred to 'apply' for RBAC resources so that semantically-aware merging of rules and subjects is done. + +``` +kubectl auth reconcile -f FILENAME +``` + +## {{% heading "examples" %}} + +``` + # Reconcile RBAC resources from a file + kubectl auth reconcile -f my-rbac-rules.yaml +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to reconcile.

      -h, --help

      help for reconcile

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --remove-extra-permissions

      If true, removes extra permissions added to roles

      --remove-extra-subjects

      If true, removes extra subjects added to rolebindings

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl auth](kubectl_auth/) - Inspect authorization + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth_whoami.md b/content/en/docs/reference/kubectl/generated/kubectl_auth_whoami.md new file mode 100644 index 0000000000000..86aa6dc191f60 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth_whoami.md @@ -0,0 +1,320 @@ +--- +title: kubectl auth whoami +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Experimental: Check who you are and your attributes (groups, extra). + + This command is helpful to get yourself aware of the current user attributes, + especially when dynamic authentication, e.g., token webhook, auth proxy, or OIDC provider, + is enabled in the Kubernetes cluster. + +``` +kubectl auth whoami +``` + +## {{% heading "examples" %}} + +``` + # Get your subject attributes. + kubectl auth whoami + + # Get your subject attributes in JSON format. + kubectl auth whoami -o json +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -h, --help

      help for whoami

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl auth](kubectl_auth/) - Inspect authorization + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_autoscale.md b/content/en/docs/reference/kubectl/generated/kubectl_autoscale.md new file mode 100644 index 0000000000000..67ab30866ac34 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_autoscale.md @@ -0,0 +1,388 @@ +--- +title: kubectl autoscale +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Creates an autoscaler that automatically chooses and sets the number of pods that run in a Kubernetes cluster. + + Looks up a deployment, replica set, stateful set, or replication controller by name and creates an autoscaler that uses the given resource as a reference. An autoscaler can automatically increase or decrease number of pods deployed within the system as needed. + +``` +kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU] +``` + +## {{% heading "examples" %}} + +``` + # Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used + kubectl autoscale deployment foo --min=2 --max=10 + + # Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80% + kubectl autoscale rc foo --max=5 --cpu-percent=80 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --cpu-percent int32     Default: -1

      The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it's not specified or negative, a default autoscaling policy will be used.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-autoscale"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to autoscale.

      -h, --help

      help for autoscale

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --max int32     Default: -1

      The upper limit for the number of pods that can be set by the autoscaler. Required.

      --min int32     Default: -1

      The lower limit for the number of pods that can be set by the autoscaler. If it's not specified or negative, the server will apply a default value.

      --name string

      The name for the newly created object. If not specified, the name of the input resource will be used.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_certificate.md b/content/en/docs/reference/kubectl/generated/kubectl_certificate.md new file mode 100644 index 0000000000000..67e91135c3136 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_certificate.md @@ -0,0 +1,280 @@ +--- +title: kubectl certificate +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Modify certificate resources. + +``` +kubectl certificate SUBCOMMAND +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for certificate

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl certificate approve](kubectl_certificate_approve/) - Approve a certificate signing request +* [kubectl certificate deny](kubectl_certificate_deny/) - Deny a certificate signing request + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_certificate_approve.md b/content/en/docs/reference/kubectl/generated/kubectl_certificate_approve.md new file mode 100644 index 0000000000000..9504d5b459d15 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_certificate_approve.md @@ -0,0 +1,345 @@ +--- +title: kubectl certificate approve +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Approve a certificate signing request. + + kubectl certificate approve allows a cluster admin to approve a certificate signing request (CSR). This action tells a certificate signing controller to issue a certificate to the requester with the attributes requested in the CSR. + + SECURITY NOTICE: Depending on the requested attributes, the issued certificate can potentially grant a requester access to cluster resources or to authenticate as a requested identity. Before approving a CSR, ensure you understand what the signed certificate can do. + +``` +kubectl certificate approve (-f FILENAME | NAME) +``` + +## {{% heading "examples" %}} + +``` + # Approve CSR 'csr-sqgzp' + kubectl certificate approve csr-sqgzp +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to update

      --force

      Update the CSR even if it is already approved.

      -h, --help

      help for approve

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl certificate](kubectl_certificate/) - Modify certificate resources + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_certificate_deny.md b/content/en/docs/reference/kubectl/generated/kubectl_certificate_deny.md new file mode 100644 index 0000000000000..fc3d80ec9a78a --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_certificate_deny.md @@ -0,0 +1,343 @@ +--- +title: kubectl certificate deny +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Deny a certificate signing request. + + kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requester. + +``` +kubectl certificate deny (-f FILENAME | NAME) +``` + +## {{% heading "examples" %}} + +``` + # Deny CSR 'csr-sqgzp' + kubectl certificate deny csr-sqgzp +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to update

      --force

      Update the CSR even if it is already denied.

      -h, --help

      help for deny

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl certificate](kubectl_certificate/) - Modify certificate resources + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cluster-info.md b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info.md new file mode 100644 index 0000000000000..bab1fb38bef67 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info.md @@ -0,0 +1,286 @@ +--- +title: kubectl cluster-info +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display addresses of the control plane and services with label kubernetes.io/cluster-service=true. To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. + +``` +kubectl cluster-info [flags] +``` + +## {{% heading "examples" %}} + +``` + # Print the address of the control plane and cluster services + kubectl cluster-info +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for cluster-info

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl cluster-info dump](kubectl_cluster-info_dump/) - Dump relevant information for debugging and diagnosis + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cluster-info_dump.md b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info_dump.md new file mode 100644 index 0000000000000..a52feb97ef141 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info_dump.md @@ -0,0 +1,352 @@ +--- +title: kubectl cluster-info dump +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Dump cluster information out suitable for debugging and diagnosing cluster problems. By default, dumps everything to stdout. You can optionally specify a directory with --output-directory. If you specify a directory, Kubernetes will build a set of files in that directory. By default, only dumps things in the current namespace and 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag, or specify --all-namespaces to dump all namespaces. + + The command also dumps the logs of all of the pods in the cluster; these logs are dumped into different directories based on namespace and pod name. + +``` +kubectl cluster-info dump [flags] +``` + +## {{% heading "examples" %}} + +``` + # Dump current cluster state to stdout + kubectl cluster-info dump + + # Dump current cluster state to /path/to/cluster-state + kubectl cluster-info dump --output-directory=/path/to/cluster-state + + # Dump all namespaces to stdout + kubectl cluster-info dump --all-namespaces + + # Dump a set of namespaces to /path/to/cluster-state + kubectl cluster-info dump --namespaces default,kube-system --output-directory=/path/to/cluster-state +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -A, --all-namespaces

      If true, dump all namespaces. If true, --namespaces is ignored.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -h, --help

      help for dump

      --namespaces strings

      A comma separated list of namespaces to dump.

      -o, --output string     Default: "json"

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --output-directory string

      Where to output the files. If empty or '-' uses stdout, otherwise creates a directory hierarchy in that directory

      --pod-running-timeout duration     Default: 20s

      The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl cluster-info](kubectl_cluster-info/) - Display cluster information + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_completion.md b/content/en/docs/reference/kubectl/generated/kubectl_completion.md new file mode 100644 index 0000000000000..4b41b4ea79a35 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_completion.md @@ -0,0 +1,342 @@ +--- +title: kubectl completion +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Output shell completion code for the specified shell (bash, zsh, fish, or powershell). The shell code must be evaluated to provide interactive completion of kubectl commands. This can be done by sourcing it from the .bash_profile. + + Detailed instructions on how to do this are available here: + + for macOS: + https://kubernetes.io/docs/tasks/tools/install-kubectl-macos/#enable-shell-autocompletion + + for linux: + https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#enable-shell-autocompletion + + for windows: + https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/#enable-shell-autocompletion + + Note for zsh users: [1] zsh completions are only supported in versions of zsh >= 5.2. + +``` +kubectl completion SHELL +``` + +## {{% heading "examples" %}} + +``` + # Installing bash completion on macOS using homebrew + ## If running Bash 3.2 included with macOS + brew install bash-completion + ## or, if running Bash 4.1+ + brew install bash-completion@2 + ## If kubectl is installed via homebrew, this should start working immediately + ## If you've installed via other means, you may need add the completion to your completion directory + kubectl completion bash > $(brew --prefix)/etc/bash_completion.d/kubectl + + + # Installing bash completion on Linux + ## If bash-completion is not installed on Linux, install the 'bash-completion' package + ## via your distribution's package manager. + ## Load the kubectl completion code for bash into the current shell + source <(kubectl completion bash) + ## Write bash completion code to a file and source it from .bash_profile + kubectl completion bash > ~/.kube/completion.bash.inc + printf " + # kubectl shell completion + source '$HOME/.kube/completion.bash.inc' + " >> $HOME/.bash_profile + source $HOME/.bash_profile + + # Load the kubectl completion code for zsh[1] into the current shell + source <(kubectl completion zsh) + # Set the kubectl completion code for zsh[1] to autoload on startup + kubectl completion zsh > "${fpath[1]}/_kubectl" + + + # Load the kubectl completion code for fish[2] into the current shell + kubectl completion fish | source + # To load completions for each session, execute once: + kubectl completion fish > ~/.config/fish/completions/kubectl.fish + + # Load the kubectl completion code for powershell into the current shell + kubectl completion powershell | Out-String | Invoke-Expression + # Set kubectl completion code for powershell to run on startup + ## Save completion code to a script and execute in the profile + kubectl completion powershell > $HOME\.kube\completion.ps1 + Add-Content $PROFILE "$HOME\.kube\completion.ps1" + ## Execute completion code in the profile + Add-Content $PROFILE "if (Get-Command kubectl -ErrorAction SilentlyContinue) { + kubectl completion powershell | Out-String | Invoke-Expression + }" + ## Add completion code directly to the $PROFILE script + kubectl completion powershell >> $PROFILE +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for completion

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config.md b/content/en/docs/reference/kubectl/generated/kubectl_config.md new file mode 100644 index 0000000000000..51da8e137e93f --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config.md @@ -0,0 +1,299 @@ +--- +title: kubectl config +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Modify kubeconfig files using subcommands like "kubectl config set current-context my-context". + + The loading order follows these rules: + + 1. If the --kubeconfig flag is set, then only that file is loaded. The flag may only be set once and no merging takes place. + 2. If $KUBECONFIG environment variable is set, then it is used as a list of paths (normal path delimiting rules for your system). These paths are merged. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list. + 3. Otherwise, ${HOME}/.kube/config is used and no merging takes place. + +``` +kubectl config SUBCOMMAND +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + +
      -h, --help

      help for config

      --kubeconfig string

      use a particular kubeconfig file

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl config current-context](kubectl_config_current-context/) - Display the current-context +* [kubectl config delete-cluster](kubectl_config_delete-cluster/) - Delete the specified cluster from the kubeconfig +* [kubectl config delete-context](kubectl_config_delete-context/) - Delete the specified context from the kubeconfig +* [kubectl config delete-user](kubectl_config_delete-user/) - Delete the specified user from the kubeconfig +* [kubectl config get-clusters](kubectl_config_get-clusters/) - Display clusters defined in the kubeconfig +* [kubectl config get-contexts](kubectl_config_get-contexts/) - Describe one or many contexts +* [kubectl config get-users](kubectl_config_get-users/) - Display users defined in the kubeconfig +* [kubectl config rename-context](kubectl_config_rename-context/) - Rename a context from the kubeconfig file +* [kubectl config set](kubectl_config_set/) - Set an individual value in a kubeconfig file +* [kubectl config set-cluster](kubectl_config_set-cluster/) - Set a cluster entry in kubeconfig +* [kubectl config set-context](kubectl_config_set-context/) - Set a context entry in kubeconfig +* [kubectl config set-credentials](kubectl_config_set-credentials/) - Set a user entry in kubeconfig +* [kubectl config unset](kubectl_config_unset/) - Unset an individual value in a kubeconfig file +* [kubectl config use-context](kubectl_config_use-context/) - Set the current-context in a kubeconfig file +* [kubectl config view](kubectl_config_view/) - Display merged kubeconfig settings or a specified kubeconfig file + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_current-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config_current-context.md new file mode 100644 index 0000000000000..2336af7b97062 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_current-context.md @@ -0,0 +1,285 @@ +--- +title: kubectl config current-context +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display the current-context. + +``` +kubectl config current-context [flags] +``` + +## {{% heading "examples" %}} + +``` + # Display the current-context + kubectl config current-context +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for current-context

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-cluster.md b/content/en/docs/reference/kubectl/generated/kubectl_config_delete-cluster.md new file mode 100644 index 0000000000000..1c9cfd8d834ae --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_delete-cluster.md @@ -0,0 +1,285 @@ +--- +title: kubectl config delete-cluster +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Delete the specified cluster from the kubeconfig. + +``` +kubectl config delete-cluster NAME +``` + +## {{% heading "examples" %}} + +``` + # Delete the minikube cluster + kubectl config delete-cluster minikube +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for delete-cluster

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config_delete-context.md new file mode 100644 index 0000000000000..72a6d95420580 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_delete-context.md @@ -0,0 +1,285 @@ +--- +title: kubectl config delete-context +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Delete the specified context from the kubeconfig. + +``` +kubectl config delete-context NAME +``` + +## {{% heading "examples" %}} + +``` + # Delete the context for the minikube cluster + kubectl config delete-context minikube +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for delete-context

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-user.md b/content/en/docs/reference/kubectl/generated/kubectl_config_delete-user.md new file mode 100644 index 0000000000000..c547bec6930af --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_delete-user.md @@ -0,0 +1,285 @@ +--- +title: kubectl config delete-user +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Delete the specified user from the kubeconfig. + +``` +kubectl config delete-user NAME +``` + +## {{% heading "examples" %}} + +``` + # Delete the minikube user + kubectl config delete-user minikube +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for delete-user

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_get-clusters.md b/content/en/docs/reference/kubectl/generated/kubectl_config_get-clusters.md new file mode 100644 index 0000000000000..0e2a2bad87ee6 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_get-clusters.md @@ -0,0 +1,285 @@ +--- +title: kubectl config get-clusters +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display clusters defined in the kubeconfig. + +``` +kubectl config get-clusters [flags] +``` + +## {{% heading "examples" %}} + +``` + # List the clusters that kubectl knows about + kubectl config get-clusters +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for get-clusters

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_get-contexts.md b/content/en/docs/reference/kubectl/generated/kubectl_config_get-contexts.md new file mode 100644 index 0000000000000..c24c214119a15 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_get-contexts.md @@ -0,0 +1,302 @@ +--- +title: kubectl config get-contexts +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display one or many contexts from the kubeconfig file. + +``` +kubectl config get-contexts [(-o|--output=)name)] +``` + +## {{% heading "examples" %}} + +``` + # List all the contexts in your kubeconfig file + kubectl config get-contexts + + # Describe one context in your kubeconfig file + kubectl config get-contexts my-context +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      -h, --help

      help for get-contexts

      --no-headers

      When using the default or custom-column output format, don't print headers (default print headers).

      -o, --output string

      Output format. One of: (name).

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_get-users.md b/content/en/docs/reference/kubectl/generated/kubectl_config_get-users.md new file mode 100644 index 0000000000000..c6ab84a973060 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_get-users.md @@ -0,0 +1,285 @@ +--- +title: kubectl config get-users +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display users defined in the kubeconfig. + +``` +kubectl config get-users [flags] +``` + +## {{% heading "examples" %}} + +``` + # List the users that kubectl knows about + kubectl config get-users +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for get-users

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_rename-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config_rename-context.md new file mode 100644 index 0000000000000..9105edc9a7b5e --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_rename-context.md @@ -0,0 +1,291 @@ +--- +title: kubectl config rename-context +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Renames a context from the kubeconfig file. + + CONTEXT_NAME is the context name that you want to change. + + NEW_NAME is the new name you want to set. + + Note: If the context being renamed is the 'current-context', this field will also be updated. + +``` +kubectl config rename-context CONTEXT_NAME NEW_NAME +``` + +## {{% heading "examples" %}} + +``` + # Rename the context 'old-name' to 'new-name' in your kubeconfig file + kubectl config rename-context old-name new-name +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for rename-context

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set-cluster.md b/content/en/docs/reference/kubectl/generated/kubectl_config_set-cluster.md new file mode 100644 index 0000000000000..c571af3e0504f --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_set-cluster.md @@ -0,0 +1,313 @@ +--- +title: kubectl config set-cluster +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set a cluster entry in kubeconfig. + + Specifying a name that already exists will merge new fields on top of existing values for those fields. + +``` +kubectl config set-cluster NAME [--server=server] [--certificate-authority=path/to/certificate/authority] [--insecure-skip-tls-verify=true] [--tls-server-name=example.com] +``` + +## {{% heading "examples" %}} + +``` + # Set only the server field on the e2e cluster entry without touching other values + kubectl config set-cluster e2e --server=https://1.2.3.4 + + # Embed certificate authority data for the e2e cluster entry + kubectl config set-cluster e2e --embed-certs --certificate-authority=~/.kube/e2e/kubernetes.ca.crt + + # Disable cert checking for the e2e cluster entry + kubectl config set-cluster e2e --insecure-skip-tls-verify=true + + # Set the custom TLS server name to use for validation for the e2e cluster entry + kubectl config set-cluster e2e --tls-server-name=my-cluster-name + + # Set the proxy URL for the e2e cluster entry + kubectl config set-cluster e2e --proxy-url=https://1.2.3.4 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --certificate-authority string

      Path to certificate-authority file for the cluster entry in kubeconfig

      --embed-certs tristate[=true]

      embed-certs for the cluster entry in kubeconfig

      -h, --help

      help for set-cluster

      --insecure-skip-tls-verify tristate[=true]

      insecure-skip-tls-verify for the cluster entry in kubeconfig

      --proxy-url string

      proxy-url for the cluster entry in kubeconfig

      --server string

      server for the cluster entry in kubeconfig

      --tls-server-name string

      tls-server-name for the cluster entry in kubeconfig

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config_set-context.md new file mode 100644 index 0000000000000..c7230cc5e15d9 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_set-context.md @@ -0,0 +1,294 @@ +--- +title: kubectl config set-context +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set a context entry in kubeconfig. + + Specifying a name that already exists will merge new fields on top of existing values for those fields. + +``` +kubectl config set-context [NAME | --current] [--cluster=cluster_nickname] [--user=user_nickname] [--namespace=namespace] +``` + +## {{% heading "examples" %}} + +``` + # Set the user field on the gce context entry without touching other values + kubectl config set-context gce --user=cluster-admin +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --cluster string

      cluster for the context entry in kubeconfig

      --current

      Modify the current context

      -h, --help

      help for set-context

      --namespace string

      namespace for the context entry in kubeconfig

      --user string

      user for the context entry in kubeconfig

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set-credentials.md b/content/en/docs/reference/kubectl/generated/kubectl_config_set-credentials.md new file mode 100644 index 0000000000000..70084103258b1 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_set-credentials.md @@ -0,0 +1,375 @@ +--- +title: kubectl config set-credentials +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set a user entry in kubeconfig. + + Specifying a name that already exists will merge new fields on top of existing values. + + Client-certificate flags: + --client-certificate=certfile --client-key=keyfile + + Bearer token flags: + --token=bearer_token + + Basic auth flags: + --username=basic_user --password=basic_password + + Bearer token and basic auth are mutually exclusive. + +``` +kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name] [--auth-provider-arg=key=value] [--exec-command=exec_command] [--exec-api-version=exec_api_version] [--exec-arg=arg] [--exec-env=key=value] +``` + +## {{% heading "examples" %}} + +``` + # Set only the "client-key" field on the "cluster-admin" + # entry, without touching other values + kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key + + # Set basic auth for the "cluster-admin" entry + kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif + + # Embed client certificate data in the "cluster-admin" entry + kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true + + # Enable the Google Compute Platform auth provider for the "cluster-admin" entry + kubectl config set-credentials cluster-admin --auth-provider=gcp + + # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional arguments + kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar + + # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry + kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret- + + # Enable new exec auth plugin for the "cluster-admin" entry + kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1 + + # Define new exec auth plugin arguments for the "cluster-admin" entry + kubectl config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2 + + # Create or update exec auth plugin environment variables for the "cluster-admin" entry + kubectl config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2 + + # Remove exec auth plugin environment variables for the "cluster-admin" entry + kubectl config set-credentials cluster-admin --exec-env=var-to-remove- +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --auth-provider string

      Auth provider for the user entry in kubeconfig

      --auth-provider-arg strings

      'key=value' arguments for the auth provider

      --client-certificate string

      Path to client-certificate file for the user entry in kubeconfig

      --client-key string

      Path to client-key file for the user entry in kubeconfig

      --embed-certs tristate[=true]

      Embed client cert/key for the user entry in kubeconfig

      --exec-api-version string

      API version of the exec credential plugin for the user entry in kubeconfig

      --exec-arg strings

      New arguments for the exec credential plugin command for the user entry in kubeconfig

      --exec-command string

      Command for the exec credential plugin for the user entry in kubeconfig

      --exec-env strings

      'key=value' environment values for the exec credential plugin

      -h, --help

      help for set-credentials

      --password string

      password for the user entry in kubeconfig

      --token string

      token for the user entry in kubeconfig

      --username string

      username for the user entry in kubeconfig

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --user string

      The name of the kubeconfig user to use

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set.md b/content/en/docs/reference/kubectl/generated/kubectl_config_set.md new file mode 100644 index 0000000000000..cad2af88547a7 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_set.md @@ -0,0 +1,307 @@ +--- +title: kubectl config set +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set an individual value in a kubeconfig file. + + PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots. + + PROPERTY_VALUE is the new value you want to set. Binary fields such as 'certificate-authority-data' expect a base64 encoded string unless the --set-raw-bytes flag is used. + + Specifying an attribute name that already exists will merge new fields on top of existing values. + +``` +kubectl config set PROPERTY_NAME PROPERTY_VALUE +``` + +## {{% heading "examples" %}} + +``` + # Set the server field on the my-cluster cluster to https://1.2.3.4 + kubectl config set clusters.my-cluster.server https://1.2.3.4 + + # Set the certificate-authority-data field on the my-cluster cluster + kubectl config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -) + + # Set the cluster field in the my-context context to my-cluster + kubectl config set contexts.my-context.cluster my-cluster + + # Set the client-key-data field in the cluster-admin user using --set-raw-bytes option + kubectl config set users.cluster-admin.client-key-data cert_data_here --set-raw-bytes=true +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + +
      -h, --help

      help for set

      --set-raw-bytes tristate[=true]

      When writing a []byte PROPERTY_VALUE, write the given string directly without base64 decoding.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_unset.md b/content/en/docs/reference/kubectl/generated/kubectl_config_unset.md new file mode 100644 index 0000000000000..ee2bc74113b09 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_unset.md @@ -0,0 +1,290 @@ +--- +title: kubectl config unset +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Unset an individual value in a kubeconfig file. + + PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots. + +``` +kubectl config unset PROPERTY_NAME +``` + +## {{% heading "examples" %}} + +``` + # Unset the current-context + kubectl config unset current-context + + # Unset namespace in foo context + kubectl config unset contexts.foo.namespace +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for unset

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_use-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config_use-context.md new file mode 100644 index 0000000000000..acc619752b7e3 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_use-context.md @@ -0,0 +1,285 @@ +--- +title: kubectl config use-context +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set the current-context in a kubeconfig file. + +``` +kubectl config use-context CONTEXT_NAME +``` + +## {{% heading "examples" %}} + +``` + # Use the context for the minikube cluster + kubectl config use-context minikube +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for use-context

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_view.md b/content/en/docs/reference/kubectl/generated/kubectl_config_view.md new file mode 100644 index 0000000000000..158e6b8f818fe --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_config_view.md @@ -0,0 +1,349 @@ +--- +title: kubectl config view +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display merged kubeconfig settings or a specified kubeconfig file. + + You can use --output jsonpath={...} to extract specific values using a jsonpath expression. + +``` +kubectl config view [flags] +``` + +## {{% heading "examples" %}} + +``` + # Show merged kubeconfig settings + kubectl config view + + # Show merged kubeconfig settings, raw certificate data, and exposed secrets + kubectl config view --raw + + # Get the password for the e2e user + kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}' +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --flatten

      Flatten the resulting kubeconfig file into self-contained output (useful for creating portable kubeconfig files)

      -h, --help

      help for view

      --merge tristate[=true]     Default: true

      Merge the full hierarchy of kubeconfig files

      --minify

      Remove all information not used by current-context from the output

      -o, --output string     Default: "yaml"

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --raw

      Display raw byte data and sensitive data

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      use a particular kubeconfig file

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl config](kubectl_config/) - Modify kubeconfig files + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cordon.md b/content/en/docs/reference/kubectl/generated/kubectl_cordon.md new file mode 100644 index 0000000000000..55c06a3bead94 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_cordon.md @@ -0,0 +1,299 @@ +--- +title: kubectl cordon +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Mark node as unschedulable. + +``` +kubectl cordon NODE +``` + +## {{% heading "examples" %}} + +``` + # Mark node "foo" as unschedulable + kubectl cordon foo +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      -h, --help

      help for cordon

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cp.md b/content/en/docs/reference/kubectl/generated/kubectl_cp.md new file mode 100644 index 0000000000000..d446964bb1297 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_cp.md @@ -0,0 +1,328 @@ +--- +title: kubectl cp +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Copy files and directories to and from containers. + +``` +kubectl cp +``` + +## {{% heading "examples" %}} + +``` + # !!!Important Note!!! + # Requires that the 'tar' binary is present in your container + # image. If 'tar' is not present, 'kubectl cp' will fail. + # + # For advanced use cases, such as symlinks, wildcard expansion or + # file mode preservation, consider using 'kubectl exec'. + + # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace + tar cf - /tmp/foo | kubectl exec -i -n -- tar xf - -C /tmp/bar + + # Copy /tmp/foo from a remote pod to /tmp/bar locally + kubectl exec -n -- tar cf - /tmp/foo | tar xf - -C /tmp/bar + + # Copy /tmp/foo_dir local directory to /tmp/bar_dir in a remote pod in the default namespace + kubectl cp /tmp/foo_dir :/tmp/bar_dir + + # Copy /tmp/foo local file to /tmp/bar in a remote pod in a specific container + kubectl cp /tmp/foo :/tmp/bar -c + + # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace + kubectl cp /tmp/foo /:/tmp/bar + + # Copy /tmp/foo from a remote pod to /tmp/bar locally + kubectl cp /:/tmp/foo /tmp/bar +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -c, --container string

      Container name. If omitted, use the kubectl.kubernetes.io/default-container annotation for selecting the container to be attached or the first container in the pod will be chosen

      -h, --help

      help for cp

      --no-preserve

      The copied file/directory's ownership and permissions will not be preserved in the container

      --retries int

      Set number of retries to complete a copy operation from a container. Specify 0 to disable or any negative value for infinite retrying. The default is 0 (no retry).

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create.md b/content/en/docs/reference/kubectl/generated/kubectl_create.md new file mode 100644 index 0000000000000..1249eb73b8976 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create.md @@ -0,0 +1,415 @@ +--- +title: kubectl create +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a resource from a file or from stdin. + + JSON and YAML formats are accepted. + +``` +kubectl create -f FILENAME +``` + +## {{% heading "examples" %}} + +``` + # Create a pod using the data in pod.json + kubectl create -f ./pod.json + + # Create a pod based on the JSON passed into stdin + cat pod.json | kubectl create -f - + + # Edit the data in registry.yaml in JSON then create the resource using the edited data + kubectl create -f registry.yaml --edit -o json +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --edit

      Edit the API resource before creating

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files to use to create the resource

      -h, --help

      help for create

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --raw string

      Raw URI to POST to the server. Uses the transport specified by the kubeconfig file.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --windows-line-endings

      Only relevant if --edit=true. Defaults to the line ending native to your platform.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl create clusterrole](kubectl_create_clusterrole/) - Create a cluster role +* [kubectl create clusterrolebinding](kubectl_create_clusterrolebinding/) - Create a cluster role binding for a particular cluster role +* [kubectl create configmap](kubectl_create_configmap/) - Create a config map from a local file, directory or literal value +* [kubectl create cronjob](kubectl_create_cronjob/) - Create a cron job with the specified name +* [kubectl create deployment](kubectl_create_deployment/) - Create a deployment with the specified name +* [kubectl create ingress](kubectl_create_ingress/) - Create an ingress with the specified name +* [kubectl create job](kubectl_create_job/) - Create a job with the specified name +* [kubectl create namespace](kubectl_create_namespace/) - Create a namespace with the specified name +* [kubectl create poddisruptionbudget](kubectl_create_poddisruptionbudget/) - Create a pod disruption budget with the specified name +* [kubectl create priorityclass](kubectl_create_priorityclass/) - Create a priority class with the specified name +* [kubectl create quota](kubectl_create_quota/) - Create a quota with the specified name +* [kubectl create role](kubectl_create_role/) - Create a role with single rule +* [kubectl create rolebinding](kubectl_create_rolebinding/) - Create a role binding for a particular role or cluster role +* [kubectl create secret](kubectl_create_secret/) - Create a secret using a specified subcommand +* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand +* [kubectl create serviceaccount](kubectl_create_serviceaccount/) - Create a service account with the specified name +* [kubectl create token](kubectl_create_token/) - Request a service account token + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrole.md b/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrole.md new file mode 100644 index 0000000000000..2bc7d8bb98733 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrole.md @@ -0,0 +1,391 @@ +--- +title: kubectl create clusterrole +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a cluster role. + +``` +kubectl create clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a cluster role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods + kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods + + # Create a cluster role named "pod-reader" with ResourceName specified + kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod + + # Create a cluster role named "foo" with API Group specified + kubectl create clusterrole foo --verb=get,list,watch --resource=rs.apps + + # Create a cluster role named "foo" with SubResource specified + kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status + + # Create a cluster role name "foo" with NonResourceURL specified + kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/* + + # Create a cluster role name "monitoring" with AggregationRule specified + kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true" +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --aggregation-rule <comma-separated 'key=value' pairs>

      An aggregation label selector for combining ClusterRoles.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for clusterrole

      --non-resource-url strings

      A partial url that user should have access to.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --resource strings

      Resource that the rule applies to

      --resource-name strings

      Resource in the white list that the rule applies to, repeat this flag for multiple items

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --verb strings

      Verb that applies to the resources contained in the rule

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrolebinding.md b/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrolebinding.md new file mode 100644 index 0000000000000..15044a8b1a01e --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrolebinding.md @@ -0,0 +1,362 @@ +--- +title: kubectl create clusterrolebinding +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a cluster role binding for a particular cluster role. + +``` +kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role + kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --clusterrole string

      ClusterRole this ClusterRoleBinding should reference

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --group strings

      Groups to bind to the clusterrole. The flag can be repeated to add multiple groups.

      -h, --help

      help for clusterrolebinding

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --serviceaccount strings

      Service accounts to bind to the clusterrole, in the format <namespace>:<name>. The flag can be repeated to add multiple service accounts.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --user strings

      Usernames to bind to the clusterrole. The flag can be repeated to add multiple users.

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_configmap.md b/content/en/docs/reference/kubectl/generated/kubectl_create_configmap.md new file mode 100644 index 0000000000000..2070e69f938d1 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_configmap.md @@ -0,0 +1,387 @@ +--- +title: kubectl create configmap +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a config map based on a file, directory, or specified literal value. + + A single config map may package one or more key/value pairs. + + When creating a config map based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key. + + When creating a config map based on a directory, each file whose basename is a valid key in the directory will be packaged into the config map. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc). + +``` +kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new config map named my-config based on folder bar + kubectl create configmap my-config --from-file=path/to/bar + + # Create a new config map named my-config with specified keys instead of file basenames on disk + kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt + + # Create a new config map named my-config with key1=config1 and key2=config2 + kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2 + + # Create a new config map named my-config from the key=value pairs in the file + kubectl create configmap my-config --from-file=path/to/bar + + # Create a new config map named my-config from an env file + kubectl create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --append-hash

      Append a hash of the configmap to its name.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --from-env-file strings

      Specify the path to a file to read lines of key=val pairs to create a configmap.

      --from-file strings

      Key file can be specified using its file path, in which case file basename will be used as configmap key, or optionally with a key and file path, in which case the given key will be used. Specifying a directory will iterate each named file in the directory whose basename is a valid configmap key.

      --from-literal strings

      Specify a key and literal value to insert in configmap (i.e. mykey=somevalue)

      -h, --help

      help for configmap

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_cronjob.md b/content/en/docs/reference/kubectl/generated/kubectl_create_cronjob.md new file mode 100644 index 0000000000000..c823310aee962 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_cronjob.md @@ -0,0 +1,365 @@ +--- +title: kubectl create cronjob +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a cron job with the specified name. + +``` +kubectl create cronjob NAME --image=image --schedule='0/5 * * * ?' -- [COMMAND] [args...] [flags] +``` + +## {{% heading "examples" %}} + +``` + # Create a cron job + kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *" + + # Create a cron job with a command + kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *" -- date +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for cronjob

      --image string

      Image name to run.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --restart string

      job's restart policy. supported values: OnFailure, Never

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --schedule string

      A schedule in the Cron format the job should be run with.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_deployment.md b/content/en/docs/reference/kubectl/generated/kubectl_create_deployment.md new file mode 100644 index 0000000000000..178c8cfb9602c --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_deployment.md @@ -0,0 +1,371 @@ +--- +title: kubectl create deployment +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a deployment with the specified name. + +``` +kubectl create deployment NAME --image=image -- [COMMAND] [args...] +``` + +## {{% heading "examples" %}} + +``` + # Create a deployment named my-dep that runs the busybox image + kubectl create deployment my-dep --image=busybox + + # Create a deployment with a command + kubectl create deployment my-dep --image=busybox -- date + + # Create a deployment named my-dep that runs the nginx image with 3 replicas + kubectl create deployment my-dep --image=nginx --replicas=3 + + # Create a deployment named my-dep that runs the busybox image and expose port 5701 + kubectl create deployment my-dep --image=busybox --port=5701 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for deployment

      --image strings

      Image names to run.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --port int32     Default: -1

      The port that this container exposes.

      -r, --replicas int32     Default: 1

      Number of replicas to create. Default is 1.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_ingress.md b/content/en/docs/reference/kubectl/generated/kubectl_create_ingress.md new file mode 100644 index 0000000000000..c93c22468e989 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_ingress.md @@ -0,0 +1,402 @@ +--- +title: kubectl create ingress +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create an ingress with the specified name. + +``` +kubectl create ingress NAME --rule=host/path=service:port[,tls[=secret]] +``` + +## {{% heading "examples" %}} + +``` + # Create a single ingress called 'simple' that directs requests to foo.com/bar to svc + # svc1:8080 with a TLS secret "my-cert" + kubectl create ingress simple --rule="foo.com/bar=svc1:8080,tls=my-cert" + + # Create a catch all ingress of "/path" pointing to service svc:port and Ingress Class as "otheringress" + kubectl create ingress catch-all --class=otheringress --rule="/path=svc:port" + + # Create an ingress with two annotations: ingress.annotation1 and ingress.annotations2 + kubectl create ingress annotated --class=default --rule="foo.com/bar=svc:port" \ + --annotation ingress.annotation1=foo \ + --annotation ingress.annotation2=bla + + # Create an ingress with the same host and multiple paths + kubectl create ingress multipath --class=default \ + --rule="foo.com/=svc:port" \ + --rule="foo.com/admin/=svcadmin:portadmin" + + # Create an ingress with multiple hosts and the pathType as Prefix + kubectl create ingress ingress1 --class=default \ + --rule="foo.com/path*=svc:8080" \ + --rule="bar.com/admin*=svc2:http" + + # Create an ingress with TLS enabled using the default ingress certificate and different path types + kubectl create ingress ingtls --class=default \ + --rule="foo.com/=svc:https,tls" \ + --rule="foo.com/path/subpath*=othersvc:8080" + + # Create an ingress with TLS enabled using a specific secret and pathType as Prefix + kubectl create ingress ingsecret --class=default \ + --rule="foo.com/*=svc:8080,tls=secret1" + + # Create an ingress with a default backend + kubectl create ingress ingdefault --class=default \ + --default-backend=defaultsvc:http \ + --rule="foo.com/*=svc:8080,tls=secret1" +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --annotation strings

      Annotation to insert in the ingress object, in the format annotation=value

      --class string

      Ingress Class to be used

      --default-backend string

      Default service for backend, in format of svcname:port

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for ingress

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --rule strings

      Rule in format host/path=service:port[,tls=secretname]. Paths containing the leading character '*' are considered pathType=Prefix. tls argument is optional.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_job.md b/content/en/docs/reference/kubectl/generated/kubectl_create_job.md new file mode 100644 index 0000000000000..684f378bf2a34 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_job.md @@ -0,0 +1,361 @@ +--- +title: kubectl create job +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a job with the specified name. + +``` +kubectl create job NAME --image=image [--from=cronjob/name] -- [COMMAND] [args...] +``` + +## {{% heading "examples" %}} + +``` + # Create a job + kubectl create job my-job --image=busybox + + # Create a job with a command + kubectl create job my-job --image=busybox -- date + + # Create a job from a cron job named "a-cronjob" + kubectl create job test-job --from=cronjob/a-cronjob +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --from string

      The name of the resource to create a Job from (only cronjob is supported).

      -h, --help

      help for job

      --image string

      Image name to run.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_namespace.md b/content/en/docs/reference/kubectl/generated/kubectl_create_namespace.md new file mode 100644 index 0000000000000..b1a703d59aca7 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_namespace.md @@ -0,0 +1,341 @@ +--- +title: kubectl create namespace +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a namespace with the specified name. + +``` +kubectl create namespace NAME [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new namespace named my-namespace + kubectl create namespace my-namespace +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for namespace

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_poddisruptionbudget.md b/content/en/docs/reference/kubectl/generated/kubectl_create_poddisruptionbudget.md new file mode 100644 index 0000000000000..81174a8271d63 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_poddisruptionbudget.md @@ -0,0 +1,367 @@ +--- +title: kubectl create poddisruptionbudget +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a pod disruption budget with the specified name, selector, and desired minimum available pods. + +``` +kubectl create poddisruptionbudget NAME --selector=SELECTOR --min-available=N [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a pod disruption budget named my-pdb that will select all pods with the app=rails label + # and require at least one of them being available at any point in time + kubectl create poddisruptionbudget my-pdb --selector=app=rails --min-available=1 + + # Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label + # and require at least half of the pods selected to be available at any point in time + kubectl create pdb my-pdb --selector=app=nginx --min-available=50% +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for poddisruptionbudget

      --max-unavailable string

      The maximum number or percentage of unavailable pods this budget requires.

      --min-available string

      The minimum number or percentage of available pods this budget requires.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --selector string

      A label selector to use for this budget. Only equality-based selector requirements are supported.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_priorityclass.md b/content/en/docs/reference/kubectl/generated/kubectl_create_priorityclass.md new file mode 100644 index 0000000000000..db01798857ce9 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_priorityclass.md @@ -0,0 +1,375 @@ +--- +title: kubectl create priorityclass +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a priority class with the specified name, value, globalDefault and description. + +``` +kubectl create priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a priority class named high-priority + kubectl create priorityclass high-priority --value=1000 --description="high priority" + + # Create a priority class named default-priority that is considered as the global default priority + kubectl create priorityclass default-priority --value=1000 --global-default=true --description="default priority" + + # Create a priority class named high-priority that cannot preempt pods with lower priority + kubectl create priorityclass high-priority --value=1000 --description="high priority" --preemption-policy="Never" +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --description string

      description is an arbitrary string that usually provides guidelines on when this priority class should be used.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --global-default

      global-default specifies whether this PriorityClass should be considered as the default priority.

      -h, --help

      help for priorityclass

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --preemption-policy string     Default: "PreemptLowerPriority"

      preemption-policy is the policy for preempting pods with lower priority.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --value int32

      the value of this priority class.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_quota.md b/content/en/docs/reference/kubectl/generated/kubectl_create_quota.md new file mode 100644 index 0000000000000..d323b752d81a6 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_quota.md @@ -0,0 +1,358 @@ +--- +title: kubectl create quota +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a resource quota with the specified name, hard limits, and optional scopes. + +``` +kubectl create quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new resource quota named my-quota + kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10 + + # Create a new resource quota named best-effort + kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --hard string

      A comma-delimited set of resource=quantity pairs that define a hard limit.

      -h, --help

      help for quota

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --scopes string

      A comma-delimited set of quota scopes that must all match each object tracked by the quota.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_role.md b/content/en/docs/reference/kubectl/generated/kubectl_create_role.md new file mode 100644 index 0000000000000..2b30ec5267dc5 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_role.md @@ -0,0 +1,371 @@ +--- +title: kubectl create role +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a role with single rule. + +``` +kubectl create role NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods + kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods + + # Create a role named "pod-reader" with ResourceName specified + kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod + + # Create a role named "foo" with API Group specified + kubectl create role foo --verb=get,list,watch --resource=rs.apps + + # Create a role named "foo" with SubResource specified + kubectl create role foo --verb=get,list,watch --resource=pods,pods/status +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for role

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --resource strings

      Resource that the rule applies to

      --resource-name strings

      Resource in the white list that the rule applies to, repeat this flag for multiple items

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --verb strings

      Verb that applies to the resources contained in the rule

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_rolebinding.md b/content/en/docs/reference/kubectl/generated/kubectl_create_rolebinding.md new file mode 100644 index 0000000000000..01901d3865687 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_rolebinding.md @@ -0,0 +1,372 @@ +--- +title: kubectl create rolebinding +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a role binding for a particular role or cluster role. + +``` +kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a role binding for user1, user2, and group1 using the admin cluster role + kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1 + + # Create a role binding for serviceaccount monitoring:sa-dev using the admin role + kubectl create rolebinding admin-binding --role=admin --serviceaccount=monitoring:sa-dev +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --clusterrole string

      ClusterRole this RoleBinding should reference

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --group strings

      Groups to bind to the role. The flag can be repeated to add multiple groups.

      -h, --help

      help for rolebinding

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --role string

      Role this RoleBinding should reference

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --serviceaccount strings

      Service accounts to bind to the role, in the format <namespace>:<name>. The flag can be repeated to add multiple service accounts.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --user strings

      Usernames to bind to the role. The flag can be repeated to add multiple users.

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret.md b/content/en/docs/reference/kubectl/generated/kubectl_create_secret.md new file mode 100644 index 0000000000000..52996ade05238 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_secret.md @@ -0,0 +1,287 @@ +--- +title: kubectl create secret +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a secret with specified type. + + A docker-registry type secret is for accessing a container registry. + + A generic type secret indicate an Opaque secret type. + + A tls type secret holds TLS certificate and its associated key. + +``` +kubectl create secret (docker-registry | generic | tls) +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for secret

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create secret docker-registry](kubectl_create_secret_docker-registry/) - Create a secret for use with a Docker registry +* [kubectl create secret generic](kubectl_create_secret_generic/) - Create a secret from a local file, directory, or literal value +* [kubectl create secret tls](kubectl_create_secret_tls/) - Create a TLS secret + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_docker-registry.md b/content/en/docs/reference/kubectl/generated/kubectl_create_secret_docker-registry.md new file mode 100644 index 0000000000000..822b641a68bc3 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_secret_docker-registry.md @@ -0,0 +1,397 @@ +--- +title: kubectl create secret docker-registry +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a new secret for use with Docker registries. + + Dockercfg secrets are used to authenticate against Docker registries. + + When using the Docker command line to push images, you can authenticate to a given registry by running: + '$ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'. + + That produces a ~/.dockercfg file that is used by subsequent 'docker push' and 'docker pull' commands to authenticate to the registry. The email address is optional. + + When creating applications, you may have a Docker registry that requires authentication. In order for the + nodes to pull images on your behalf, they must have the credentials. You can provide this information + by creating a dockercfg secret and attaching it to your service account. + +``` +kubectl create secret docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-file=[key=]source] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # If you do not already have a .dockercfg file, create a dockercfg secret directly + kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL + + # Create a new secret named my-secret from ~/.docker/config.json + kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --append-hash

      Append a hash of the secret to its name.

      --docker-email string

      Email for Docker registry

      --docker-password string

      Password for Docker registry authentication

      --docker-server string     Default: "https://index.docker.io/v1/"

      Server location for Docker registry

      --docker-username string

      Username for Docker registry authentication

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --from-file strings

      Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.

      -h, --help

      help for docker-registry

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create secret](kubectl_create_secret/) - Create a secret using a specified subcommand + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_generic.md b/content/en/docs/reference/kubectl/generated/kubectl_create_secret_generic.md new file mode 100644 index 0000000000000..d619e3e12acf7 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_secret_generic.md @@ -0,0 +1,394 @@ +--- +title: kubectl create secret generic +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a secret based on a file, directory, or specified literal value. + + A single secret may package one or more key/value pairs. + + When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key or you wish to chose your own, you may specify an alternate key. + + When creating a secret based on a directory, each file whose basename is a valid key in the directory will be packaged into the secret. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc). + +``` +kubectl create secret generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new secret named my-secret with keys for each file in folder bar + kubectl create secret generic my-secret --from-file=path/to/bar + + # Create a new secret named my-secret with specified keys instead of names on disk + kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub + + # Create a new secret named my-secret with key1=supersecret and key2=topsecret + kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret + + # Create a new secret named my-secret using a combination of a file and a literal + kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret + + # Create a new secret named my-secret from env files + kubectl create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --append-hash

      Append a hash of the secret to its name.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      --from-env-file strings

      Specify the path to a file to read lines of key=val pairs to create a secret.

      --from-file strings

      Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.

      --from-literal strings

      Specify a key and literal value to insert in secret (i.e. mykey=somevalue)

      -h, --help

      help for generic

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --type string

      The type of secret to create

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create secret](kubectl_create_secret/) - Create a secret using a specified subcommand + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_tls.md b/content/en/docs/reference/kubectl/generated/kubectl_create_secret_tls.md new file mode 100644 index 0000000000000..f06b8f6df12b3 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_secret_tls.md @@ -0,0 +1,364 @@ +--- +title: kubectl create secret tls +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a TLS secret from the given public/private key pair. + + The public/private key pair must exist beforehand. The public key certificate must be .PEM encoded and match the given private key. + +``` +kubectl create secret tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new TLS secret named tls-secret with the given key pair + kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --append-hash

      Append a hash of the secret to its name.

      --cert string

      Path to PEM encoded public key certificate.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for tls

      --key string

      Path to private key associated with given certificate.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create secret](kubectl_create_secret/) - Create a secret using a specified subcommand + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service.md b/content/en/docs/reference/kubectl/generated/kubectl_create_service.md new file mode 100644 index 0000000000000..3635b026f29ac --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_service.md @@ -0,0 +1,282 @@ +--- +title: kubectl create service +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a service using a specified subcommand. + +``` +kubectl create service [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for service

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create service clusterip](kubectl_create_service_clusterip/) - Create a ClusterIP service +* [kubectl create service externalname](kubectl_create_service_externalname/) - Create an ExternalName service +* [kubectl create service loadbalancer](kubectl_create_service_loadbalancer/) - Create a LoadBalancer service +* [kubectl create service nodeport](kubectl_create_service_nodeport/) - Create a NodePort service + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_clusterip.md b/content/en/docs/reference/kubectl/generated/kubectl_create_service_clusterip.md new file mode 100644 index 0000000000000..5e362b9e25b63 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_service_clusterip.md @@ -0,0 +1,358 @@ +--- +title: kubectl create service clusterip +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a ClusterIP service with the specified name. + +``` +kubectl create service clusterip NAME [--tcp=:] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new ClusterIP service named my-cs + kubectl create service clusterip my-cs --tcp=5678:8080 + + # Create a new ClusterIP service named my-cs (in headless mode) + kubectl create service clusterip my-cs --clusterip="None" +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --clusterip string

      Assign your own ClusterIP or set to 'None' for a 'headless' service (no loadbalancing).

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for clusterip

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --tcp strings

      Port pairs can be specified as '<port>:<targetPort>'.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_externalname.md b/content/en/docs/reference/kubectl/generated/kubectl_create_service_externalname.md new file mode 100644 index 0000000000000..ea640b7ddb3ef --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_service_externalname.md @@ -0,0 +1,357 @@ +--- +title: kubectl create service externalname +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create an ExternalName service with the specified name. + + ExternalName service references to an external DNS address instead of only pods, which will allow application authors to reference services that exist off platform, on other clusters, or locally. + +``` +kubectl create service externalname NAME --external-name external.name [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new ExternalName service named my-ns + kubectl create service externalname my-ns --external-name bar.com +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --external-name string

      External name of service

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for externalname

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --tcp strings

      Port pairs can be specified as '<port>:<targetPort>'.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_loadbalancer.md b/content/en/docs/reference/kubectl/generated/kubectl_create_service_loadbalancer.md new file mode 100644 index 0000000000000..4cfe37099907a --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_service_loadbalancer.md @@ -0,0 +1,348 @@ +--- +title: kubectl create service loadbalancer +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a LoadBalancer service with the specified name. + +``` +kubectl create service loadbalancer NAME [--tcp=port:targetPort] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new LoadBalancer service named my-lbs + kubectl create service loadbalancer my-lbs --tcp=5678:8080 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for loadbalancer

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --tcp strings

      Port pairs can be specified as '<port>:<targetPort>'.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_nodeport.md b/content/en/docs/reference/kubectl/generated/kubectl_create_service_nodeport.md new file mode 100644 index 0000000000000..faec01c56b4b7 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_service_nodeport.md @@ -0,0 +1,355 @@ +--- +title: kubectl create service nodeport +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a NodePort service with the specified name. + +``` +kubectl create service nodeport NAME [--tcp=port:targetPort] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new NodePort service named my-ns + kubectl create service nodeport my-ns --tcp=5678:8080 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for nodeport

      --node-port int

      Port used to expose the service on each node in a cluster.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --tcp strings

      Port pairs can be specified as '<port>:<targetPort>'.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_serviceaccount.md b/content/en/docs/reference/kubectl/generated/kubectl_create_serviceaccount.md new file mode 100644 index 0000000000000..2bfdaf9b404dd --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_serviceaccount.md @@ -0,0 +1,341 @@ +--- +title: kubectl create serviceaccount +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create a service account with the specified name. + +``` +kubectl create serviceaccount NAME [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Create a new service account named my-service-account + kubectl create serviceaccount my-service-account +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-create"

      Name of the manager used to track field ownership.

      -h, --help

      help for serviceaccount

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_token.md b/content/en/docs/reference/kubectl/generated/kubectl_create_token.md new file mode 100644 index 0000000000000..a526aff8155a9 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_create_token.md @@ -0,0 +1,363 @@ +--- +title: kubectl create token +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Request a service account token. + +``` +kubectl create token SERVICE_ACCOUNT_NAME +``` + +## {{% heading "examples" %}} + +``` + # Request a token to authenticate to the kube-apiserver as the service account "myapp" in the current namespace + kubectl create token myapp + + # Request a token for a service account in a custom namespace + kubectl create token myapp --namespace myns + + # Request a token with a custom expiration + kubectl create token myapp --duration 10m + + # Request a token with a custom audience + kubectl create token myapp --audience https://example.com + + # Request a token bound to an instance of a Secret object + kubectl create token myapp --bound-object-kind Secret --bound-object-name mysecret + + # Request a token bound to an instance of a Secret object with a specific UID + kubectl create token myapp --bound-object-kind Secret --bound-object-name mysecret --bound-object-uid 0d4691ed-659b-4935-a832-355f77ee47cc +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --audience strings

      Audience of the requested token. If unset, defaults to requesting a token for use with the Kubernetes API server. May be repeated to request a token valid for multiple audiences.

      --bound-object-kind string

      Kind of an object to bind the token to. Supported kinds are Pod, Secret. If set, --bound-object-name must be provided.

      --bound-object-name string

      Name of an object to bind the token to. The token will expire when the object is deleted. Requires --bound-object-kind.

      --bound-object-uid string

      UID of an object to bind the token to. Requires --bound-object-kind and --bound-object-name. If unset, the UID of the existing object is used.

      --duration duration

      Requested lifetime of the issued token. The server may return a token with a longer or shorter lifetime.

      -h, --help

      help for token

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_debug.md b/content/en/docs/reference/kubectl/generated/kubectl_debug.md new file mode 100644 index 0000000000000..0d6e15b02074d --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_debug.md @@ -0,0 +1,428 @@ +--- +title: kubectl debug +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Debug cluster resources using interactive debugging containers. + + 'debug' provides automation for common debugging tasks for cluster objects identified by resource and name. Pods will be used by default if no resource is specified. + + The action taken by 'debug' varies depending on what resource is specified. Supported actions include: + + * Workload: Create a copy of an existing pod with certain attributes changed, for example changing the image tag to a new version. + * Workload: Add an ephemeral container to an already running pod, for example to add debugging utilities without restarting the pod. + * Node: Create a new pod that runs in the node's host namespaces and can access the node's filesystem. + +``` +kubectl debug (POD | TYPE[[.VERSION].GROUP]/NAME) [ -- COMMAND [args...] ] +``` + +## {{% heading "examples" %}} + +``` + # Create an interactive debugging session in pod mypod and immediately attach to it. + kubectl debug mypod -it --image=busybox + + # Create an interactive debugging session for the pod in the file pod.yaml and immediately attach to it. + # (requires the EphemeralContainers feature to be enabled in the cluster) + kubectl debug -f pod.yaml -it --image=busybox + + # Create a debug container named debugger using a custom automated debugging image. + kubectl debug --image=myproj/debug-tools -c debugger mypod + + # Create a copy of mypod adding a debug container and attach to it + kubectl debug mypod -it --image=busybox --copy-to=my-debugger + + # Create a copy of mypod changing the command of mycontainer + kubectl debug mypod -it --copy-to=my-debugger --container=mycontainer -- sh + + # Create a copy of mypod changing all container images to busybox + kubectl debug mypod --copy-to=my-debugger --set-image=*=busybox + + # Create a copy of mypod adding a debug container and changing container images + kubectl debug mypod -it --copy-to=my-debugger --image=debian --set-image=app=app:debug,sidecar=sidecar:debug + + # Create an interactive debugging session on a node and immediately attach to it. + # The container will run in the host namespaces and the host's filesystem will be mounted at /host + kubectl debug node/mynode -it --image=busybox +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --arguments-only

      If specified, everything after -- will be passed to the new container as Args instead of Command.

      --attach

      If true, wait for the container to start running, and then attach as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true.

      -c, --container string

      Container name to use for debug container.

      --copy-to string

      Create a copy of the target Pod with this name.

      --env stringToString     Default: []

      Environment variables to set in the container.

      -f, --filename strings

      identifying the resource to debug

      -h, --help

      help for debug

      --image string

      Container image to use for debug container.

      --image-pull-policy string

      The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server.

      --profile string     Default: "legacy"

      Debugging profile. Options are "legacy", "general", "baseline", "netadmin", or "restricted".

      -q, --quiet

      If true, suppress informational messages.

      --replace

      When used with '--copy-to', delete the original Pod.

      --same-node

      When used with '--copy-to', schedule the copy of target Pod on the same node.

      --set-image stringToString     Default: []

      When used with '--copy-to', a list of name=image pairs for changing container images, similar to how 'kubectl set image' works.

      --share-processes     Default: true

      When used with '--copy-to', enable process namespace sharing in the copy.

      -i, --stdin

      Keep stdin open on the container(s) in the pod, even if nothing is attached.

      --target string

      When using an ephemeral container, target processes in this container name.

      -t, --tty

      Allocate a TTY for the debugging container.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_delete.md b/content/en/docs/reference/kubectl/generated/kubectl_delete.md new file mode 100644 index 0000000000000..ee3f0393ced33 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_delete.md @@ -0,0 +1,438 @@ +--- +title: kubectl delete +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Delete resources by file names, stdin, resources and names, or by resources and label selector. + + JSON and YAML formats are accepted. Only one type of argument may be specified: file names, resources and names, or resources and label selector. + + Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must specify the --force flag. Note: only a subset of resources support graceful deletion. In absence of the support, the --grace-period flag is ignored. + + IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods, the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately. + + Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource right when you submit a delete, their update will be lost along with the rest of the resource. + + After a CustomResourceDefinition is deleted, invalidation of discovery cache may take up to 6 hours. If you don't want to wait, you might want to run "kubectl api-resources" to refresh the discovery cache. + +``` +kubectl delete ([-f FILENAME] | [-k DIRECTORY] | TYPE [(NAME | -l label | --all)]) +``` + +## {{% heading "examples" %}} + +``` + # Delete a pod using the type and name specified in pod.json + kubectl delete -f ./pod.json + + # Delete resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml + kubectl delete -k dir + + # Delete resources from all files that end with '.json' + kubectl delete -f '*.json' + + # Delete a pod based on the type and name in the JSON passed into stdin + cat pod.json | kubectl delete -f - + + # Delete pods and services with same names "baz" and "foo" + kubectl delete pod,service baz foo + + # Delete pods and services with label name=myLabel + kubectl delete pods,services -l name=myLabel + + # Delete a pod with minimal delay + kubectl delete pod foo --now + + # Force delete a pod on a dead node + kubectl delete pod foo --force + + # Delete all pods + kubectl delete pods --all +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Delete all resources, in the namespace of the specified resource types.

      -A, --all-namespaces

      If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.

      --cascade string[="background"]     Default: "background"

      Must be "background", "orphan", or "foreground". Selects the deletion cascading strategy for the dependents (e.g. Pods created by a ReplicationController). Defaults to background.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-selector string

      Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.

      -f, --filename strings

      containing the resource to delete.

      --force

      If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.

      --grace-period int     Default: -1

      Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).

      -h, --help

      help for delete

      --ignore-not-found

      Treat "resource not found" as a successful delete. Defaults to "true" when --all is specified.

      -k, --kustomize string

      Process a kustomization directory. This flag can't be used together with -f or -R.

      --now

      If true, resources are signaled for immediate shutdown (same as --grace-period=1).

      -o, --output string

      Output mode. Use "-o name" for shorter output (resource/name).

      --raw string

      Raw URI to DELETE to the server. Uses the transport specified by the kubeconfig file.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --timeout duration

      The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object

      --wait     Default: true

      If true, wait for resources to be gone before returning. This waits for finalizers.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_describe.md b/content/en/docs/reference/kubectl/generated/kubectl_describe.md new file mode 100644 index 0000000000000..ac5a2d0ef971f --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_describe.md @@ -0,0 +1,358 @@ +--- +title: kubectl describe +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Show details of a specific resource or group of resources. + + Print a detailed description of the selected resources, including related resources such as events or controllers. You may select a single object by name, all objects of that type, provide a name prefix, or label selector. For example: + + $ kubectl describe TYPE NAME_PREFIX + + will first check for an exact match on TYPE and NAME_PREFIX. If no such resource exists, it will output details for every resource that has a name prefixed with NAME_PREFIX. + +Use "kubectl api-resources" for a complete list of supported resources. + +``` +kubectl describe (-f FILENAME | TYPE [NAME_PREFIX | -l label] | TYPE/NAME) +``` + +## {{% heading "examples" %}} + +``` + # Describe a node + kubectl describe nodes kubernetes-node-emt8.c.myproject.internal + + # Describe a pod + kubectl describe pods/nginx + + # Describe a pod identified by type and name in "pod.json" + kubectl describe -f pod.json + + # Describe all pods + kubectl describe pods + + # Describe pods by label name=myLabel + kubectl describe pods -l name=myLabel + + # Describe all pods managed by the 'frontend' replication controller + # (rc-created pods get the name of the rc as a prefix in the pod name) + kubectl describe pods frontend +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -A, --all-namespaces

      If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.

      --chunk-size int     Default: 500

      Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.

      -f, --filename strings

      Filename, directory, or URL to files containing the resource to describe

      -h, --help

      help for describe

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-events     Default: true

      If true, display events related to the described object.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_diff.md b/content/en/docs/reference/kubectl/generated/kubectl_diff.md new file mode 100644 index 0000000000000..371f759542e53 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_diff.md @@ -0,0 +1,375 @@ +--- +title: kubectl diff +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Diff configurations specified by file name or stdin between the current online configuration, and the configuration as it would be if applied. + + The output is always YAML. + + KUBECTL_EXTERNAL_DIFF environment variable can be used to select your own diff command. Users can use external commands with params too, example: KUBECTL_EXTERNAL_DIFF="colordiff -N -u" + + By default, the "diff" command available in your path will be run with the "-u" (unified diff) and "-N" (treat absent files as empty) options. + + Exit status: 0 No differences were found. 1 Differences were found. >1 Kubectl or diff failed with an error. + + Note: KUBECTL_EXTERNAL_DIFF, if used, is expected to follow that convention. + +``` +kubectl diff -f FILENAME +``` + +## {{% heading "examples" %}} + +``` + # Diff resources included in pod.json + kubectl diff -f pod.json + + # Diff file read from stdin + cat service.yaml | kubectl diff -f - +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --concurrency int     Default: 1

      Number of objects to process in parallel when diffing against the live version. Larger number = faster, but more memory, I/O and CPU over that shorter period of time.

      --field-manager string     Default: "kubectl-client-side-apply"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files contains the configuration to diff

      --force-conflicts

      If true, server-side apply will force the changes against conflicts.

      -h, --help

      help for diff

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --prune

      Include resources that would be deleted by pruning. Can be used with -l and default shows all resources would be pruned

      --prune-allowlist strings

      Overwrite the default whitelist with <group/version/kind> for --prune

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --server-side

      If true, apply runs in the server instead of the client.

      --show-managed-fields

      If true, include managed fields in the diff.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_drain.md b/content/en/docs/reference/kubectl/generated/kubectl_drain.md new file mode 100644 index 0000000000000..c9e734fe9ddde --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_drain.md @@ -0,0 +1,373 @@ +--- +title: kubectl drain +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Drain node in preparation for maintenance. + + The given node will be marked unschedulable to prevent new pods from arriving. 'drain' evicts the pods if the API server supports https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ eviction https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ . Otherwise, it will use normal DELETE to delete the pods. The 'drain' evicts or deletes all pods except mirror pods (which cannot be deleted through the API server). If there are daemon set-managed pods, drain will not proceed without --ignore-daemonsets, and regardless it will not delete any daemon set-managed pods, because those pods would be immediately replaced by the daemon set controller, which ignores unschedulable markings. If there are any pods that are neither mirror pods nor managed by a replication controller, replica set, daemon set, stateful set, or job, then drain will not delete any pods unless you use --force. --force will also allow deletion to proceed if the managing resource of one or more pods is missing. + + 'drain' waits for graceful termination. You should not operate on the machine until the command completes. + + When you are ready to put the node back into service, use kubectl uncordon, which will make the node schedulable again. + +https://kubernetes.io/images/docs/kubectl_drain.svg Workflowhttps://kubernetes.io/images/docs/kubectl_drain.svg + +``` +kubectl drain NODE +``` + +## {{% heading "examples" %}} + +``` + # Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set, or stateful set on it + kubectl drain foo --force + + # As above, but abort if there are pods not managed by a replication controller, replica set, job, daemon set, or stateful set, and use a grace period of 15 minutes + kubectl drain foo --grace-period=900 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --chunk-size int     Default: 500

      Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.

      --delete-emptydir-data

      Continue even if there are pods using emptyDir (local data that will be deleted when the node is drained).

      --disable-eviction

      Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, use with caution.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --force

      Continue even if there are pods that do not declare a controller.

      --grace-period int     Default: -1

      Period of time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used.

      -h, --help

      help for drain

      --ignore-daemonsets

      Ignore DaemonSet-managed pods.

      --pod-selector string

      Label selector to filter pods on the node

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --skip-wait-for-delete-timeout int

      If pod DeletionTimestamp older than N seconds, skip waiting for the pod. Seconds must be greater than 0 to skip.

      --timeout duration

      The length of time to wait before giving up, zero means infinite

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_edit.md b/content/en/docs/reference/kubectl/generated/kubectl_edit.md new file mode 100644 index 0000000000000..fa53f1a94bc3d --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_edit.md @@ -0,0 +1,400 @@ +--- +title: kubectl edit +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Edit a resource from the default editor. + + The edit command allows you to directly edit any API resource you can retrieve via the command-line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. When attempting to open the editor, it will first attempt to use the shell that has been defined in the 'SHELL' environment variable. If this is not defined, the default shell will be used, which is '/bin/bash' for Linux or 'cmd' for Windows. + + You can edit multiple objects, although changes are applied one at a time. The command accepts file names as well as command-line arguments, although the files you point to must be previously saved versions of resources. + + Editing is done with the API version used to fetch the resource. To edit using a specific API version, fully-qualify the resource, version, and group. + + The default format is YAML. To edit in JSON, specify "-o json". + + The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used. + + In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version. + +``` +kubectl edit (RESOURCE/NAME | -f FILENAME) +``` + +## {{% heading "examples" %}} + +``` + # Edit the service named 'registry' + kubectl edit svc/registry + + # Use an alternative editor + KUBE_EDITOR="nano" kubectl edit svc/registry + + # Edit the job 'myjob' in JSON using the v1 API format + kubectl edit job.v1.batch/myjob -o json + + # Edit the deployment 'mydeployment' in YAML and save the modified config in its annotation + kubectl edit deployment/mydeployment -o yaml --save-config + + # Edit the 'status' subresource for the 'mydeployment' deployment + kubectl edit deployment mydeployment --subresource='status' +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --field-manager string     Default: "kubectl-edit"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files to use to edit the resource

      -h, --help

      help for edit

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --output-patch

      Output the patch if the resource is edited.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --subresource string

      If specified, edit will operate on the subresource of the requested object. Must be one of [status]. This flag is beta and may change in the future.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --windows-line-endings

      Defaults to the line ending native to your platform.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_events.md b/content/en/docs/reference/kubectl/generated/kubectl_events.md new file mode 100644 index 0000000000000..3bd84dd561d42 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_events.md @@ -0,0 +1,369 @@ +--- +title: kubectl events +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display events. + + Prints a table of the most important information about events. You can request events for a namespace, for all namespace, or filtered to only those pertaining to a specified resource. + +``` +kubectl events [(-o|--output=)json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file] [--for TYPE/NAME] [--watch] [--event=Normal,Warning] +``` + +## {{% heading "examples" %}} + +``` + # List recent events in the default namespace + kubectl events + + # List recent events in all namespaces + kubectl events --all-namespaces + + # List recent events for the specified pod, then wait for more events and list them as they arrive + kubectl events --for pod/web-pod-13je7 --watch + + # List recent events in YAML format + kubectl events -oyaml + + # List recent only events of type 'Warning' or 'Normal' + kubectl events --types=Warning,Normal +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -A, --all-namespaces

      If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --chunk-size int     Default: 500

      Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.

      --for string

      Filter events to only those pertaining to the specified resource.

      -h, --help

      help for events

      --no-headers

      When using the default output format, don't print headers.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --types strings

      Output only events of given types.

      -w, --watch

      After listing the requested events, watch for more events.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_exec.md b/content/en/docs/reference/kubectl/generated/kubectl_exec.md new file mode 100644 index 0000000000000..14570040c3025 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_exec.md @@ -0,0 +1,347 @@ +--- +title: kubectl exec +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Execute a command in a container. + +``` +kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...] +``` + +## {{% heading "examples" %}} + +``` + # Get output from running the 'date' command from pod mypod, using the first container by default + kubectl exec mypod -- date + + # Get output from running the 'date' command in ruby-container from pod mypod + kubectl exec mypod -c ruby-container -- date + + # Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod + # and sends stdout/stderr from 'bash' back to the client + kubectl exec mypod -c ruby-container -i -t -- bash -il + + # List contents of /usr from the first container of pod mypod and sort by modification time + # If the command you want to execute in the pod has any flags in common (e.g. -i), + # you must use two dashes (--) to separate your command's flags/arguments + # Also note, do not surround your command and its flags/arguments with quotes + # unless that is how you would execute it normally (i.e., do ls -t /usr, not "ls -t /usr") + kubectl exec mypod -i -t -- ls -t /usr + + # Get output from running 'date' command from the first pod of the deployment mydeployment, using the first container by default + kubectl exec deploy/mydeployment -- date + + # Get output from running 'date' command from the first pod of the service myservice, using the first container by default + kubectl exec svc/myservice -- date +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -c, --container string

      Container name. If omitted, use the kubectl.kubernetes.io/default-container annotation for selecting the container to be attached or the first container in the pod will be chosen

      -f, --filename strings

      to use to exec into the resource

      -h, --help

      help for exec

      --pod-running-timeout duration     Default: 1m0s

      The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

      -q, --quiet

      Only print output from the remote session

      -i, --stdin

      Pass stdin to the container

      -t, --tty

      Stdin is a TTY

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_explain.md b/content/en/docs/reference/kubectl/generated/kubectl_explain.md new file mode 100644 index 0000000000000..31d88afccd0c0 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_explain.md @@ -0,0 +1,326 @@ +--- +title: kubectl explain +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Describe fields and structure of various resources. + + This command describes the fields associated with each supported API resource. Fields are identified via a simple JSONPath identifier: + + <type>.<fieldName>[.<fieldName>] + + Information about each field is retrieved from the server in OpenAPI format. + +Use "kubectl api-resources" for a complete list of supported resources. + +``` +kubectl explain TYPE [--recursive=FALSE|TRUE] [--api-version=api-version-group] [--output=plaintext|plaintext-openapiv2] +``` + +## {{% heading "examples" %}} + +``` + # Get the documentation of the resource and its fields + kubectl explain pods + + # Get all the fields in the resource + kubectl explain pods --recursive + + # Get the explanation for deployment in supported api versions + kubectl explain deployments --api-version=apps/v1 + + # Get the documentation of a specific field of a resource + kubectl explain pods.spec.containers + + # Get the documentation of resources in different format + kubectl explain deployment --output=plaintext-openapiv2 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --api-version string

      Use given api-version (group/version) of the resource.

      -h, --help

      help for explain

      --output string     Default: "plaintext"

      Format in which to render the schema. Valid values are: (plaintext, plaintext-openapiv2).

      --recursive

      When true, print the name of all the fields recursively. Otherwise, print the available fields with their description.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_expose.md b/content/en/docs/reference/kubectl/generated/kubectl_expose.md new file mode 100644 index 0000000000000..b6120802bab2d --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_expose.md @@ -0,0 +1,470 @@ +--- +title: kubectl expose +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Expose a resource as a new Kubernetes service. + + Looks up a deployment, service, replica set, replication controller or pod by name and uses the selector for that resource as the selector for a new service on the specified port. A deployment or replica set will be exposed as a service only if its selector is convertible to a selector that service supports, i.e. when the selector contains only the matchLabels component. Note that if no port is specified via --port and the exposed resource has multiple ports, all will be re-used by the new service. Also if no labels are specified, the new service will re-use the labels from the resource it exposes. + + Possible resources include (case insensitive): + + pod (po), service (svc), replicationcontroller (rc), deployment (deploy), replicaset (rs) + +``` +kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] +``` + +## {{% heading "examples" %}} + +``` + # Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000 + kubectl expose rc nginx --port=80 --target-port=8000 + + # Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000 + kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000 + + # Create a service for a pod valid-pod, which serves on port 444 with the name "frontend" + kubectl expose pod valid-pod --port=444 --name=frontend + + # Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https" + kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https + + # Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'. + kubectl expose rc streamer --port=4100 --protocol=UDP --name=video-stream + + # Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000 + kubectl expose rs nginx --port=80 --target-port=8000 + + # Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000 + kubectl expose deployment nginx --port=80 --target-port=8000 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --cluster-ip string

      ClusterIP to be assigned to the service. Leave empty to auto-allocate, or set to 'None' to create a headless service.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --external-ip string

      Additional external IP address (not managed by Kubernetes) to accept for the service. If this IP is routed to a node, the service can be accessed by this IP in addition to its generated service IP.

      --field-manager string     Default: "kubectl-expose"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to expose a service

      -h, --help

      help for expose

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -l, --labels string

      Labels to apply to the service created by this call.

      --load-balancer-ip string

      IP to assign to the LoadBalancer. If empty, an ephemeral IP will be created and used (cloud-provider specific).

      --name string

      The name for the newly created object.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --override-type string     Default: "merge"

      The method used to override the generated object: json, merge, or strategic.

      --overrides string

      An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.

      --port string

      The port that the service should serve on. Copied from the resource being exposed, if unspecified

      --protocol string

      The network protocol for the service to be created. Default is 'TCP'.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --selector string

      A label selector to use for this service. Only equality-based selector requirements are supported. If empty (the default) infer the selector from the replication controller or replica set.)

      --session-affinity string

      If non-empty, set the session affinity for the service to this; legal values: 'None', 'ClientIP'

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --target-port string

      Name or number for the port on the container that the service should direct traffic to. Optional.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --type string

      Type for this service: ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_get.md b/content/en/docs/reference/kubectl/generated/kubectl_get.md new file mode 100644 index 0000000000000..1308f2f6c9f13 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_get.md @@ -0,0 +1,485 @@ +--- +title: kubectl get +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display one or many resources. + + Prints a table of the most important information about the specified resources. You can filter the list using a label selector and the --selector flag. If the desired resource type is namespaced you will only see results in your current namespace unless you pass --all-namespaces. + + By specifying the output as 'template' and providing a Go template as the value of the --template flag, you can filter the attributes of the fetched resources. + +Use "kubectl api-resources" for a complete list of supported resources. + +``` +kubectl get [(-o|--output=)json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file|custom-columns|custom-columns-file|wide] (TYPE[.VERSION][.GROUP] [NAME | -l label] | TYPE[.VERSION][.GROUP]/NAME ...) [flags] +``` + +## {{% heading "examples" %}} + +``` + # List all pods in ps output format + kubectl get pods + + # List all pods in ps output format with more information (such as node name) + kubectl get pods -o wide + + # List a single replication controller with specified NAME in ps output format + kubectl get replicationcontroller web + + # List deployments in JSON output format, in the "v1" version of the "apps" API group + kubectl get deployments.v1.apps -o json + + # List a single pod in JSON output format + kubectl get -o json pod web-pod-13je7 + + # List a pod identified by type and name specified in "pod.yaml" in JSON output format + kubectl get -f pod.yaml -o json + + # List resources from a directory with kustomization.yaml - e.g. dir/kustomization.yaml + kubectl get -k dir/ + + # Return only the phase value of the specified pod + kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}} + + # List resource information in custom columns + kubectl get pod test-pod -o custom-columns=CONTAINER:.spec.containers[0].name,IMAGE:.spec.containers[0].image + + # List all replication controllers and services together in ps output format + kubectl get rc,services + + # List one or more resources by their type and names + kubectl get rc/web service/frontend pods/web-pod-13je7 + + # List the 'status' subresource for a single pod + kubectl get pod web-pod-13je7 --subresource status +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -A, --all-namespaces

      If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --chunk-size int     Default: 500

      Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.

      --field-selector string

      Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for get

      --ignore-not-found

      If the requested object does not exist the command will return exit code 0.

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -L, --label-columns strings

      Accepts a comma separated list of labels that are going to be presented as columns. Names are case-sensitive. You can also use multiple flag options like -L label1 -L label2...

      --no-headers

      When using the default or custom-column output format, don't print headers (default print headers).

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file, custom-columns, custom-columns-file, wide). See custom columns [https://kubernetes.io/docs/reference/kubectl/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [https://kubernetes.io/docs/reference/kubectl/jsonpath/].

      --output-watch-events

      Output watch event objects when --watch or --watch-only is used. Existing objects are output as initial ADDED events.

      --raw string

      Raw URI to request from the server. Uses the transport specified by the kubeconfig file.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --server-print     Default: true

      If true, have the server return the appropriate table output. Supports extension APIs and CRDs.

      --show-kind

      If present, list the resource type for the requested object(s).

      --show-labels

      When printing, show all labels as the last column (default hide labels column)

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --sort-by string

      If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.

      --subresource string

      If specified, gets the subresource of the requested object. Must be one of [status scale]. This flag is beta and may change in the future.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      -w, --watch

      After listing/getting the requested object, watch for changes.

      --watch-only

      Watch for changes to the requested object(s), without listing/getting first.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_kustomize.md b/content/en/docs/reference/kubectl/generated/kubectl_kustomize.md new file mode 100644 index 0000000000000..bcdb4c68ab90c --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_kustomize.md @@ -0,0 +1,361 @@ +--- +title: kubectl kustomize +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Build a set of KRM resources using a 'kustomization.yaml' file. The DIR argument must be a path to a directory containing 'kustomization.yaml', or a git repository URL with a path suffix specifying same with respect to the repository root. If DIR is omitted, '.' is assumed. + +``` +kubectl kustomize DIR [flags] +``` + +## {{% heading "examples" %}} + +``` + # Build the current working directory + kubectl kustomize + + # Build some shared configuration directory + kubectl kustomize /home/config/production + + # Build from github + kubectl kustomize https://github.com/kubernetes-sigs/kustomize.git/examples/helloWorld?ref=v1.0.6 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as-current-user

      use the uid and gid of the command executor to run the function in the container

      --enable-alpha-plugins

      enable kustomize plugins

      --enable-helm

      Enable use of the Helm chart inflator generator.

      -e, --env strings

      a list of environment variables to be used by functions

      --helm-command string     Default: "helm"

      helm command (path to executable)

      -h, --help

      help for kustomize

      --load-restrictor string     Default: "LoadRestrictionsRootOnly"

      if set to 'LoadRestrictionsNone', local kustomizations may load files from outside their root. This does, however, break the relocatability of the kustomization.

      --mount strings

      a list of storage options read from the filesystem

      --network

      enable network access for functions that declare it

      --network-name string     Default: "bridge"

      the docker network to run the container in

      -o, --output string

      If specified, write output to this path.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_label.md b/content/en/docs/reference/kubectl/generated/kubectl_label.md new file mode 100644 index 0000000000000..ada2cce8307a9 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_label.md @@ -0,0 +1,425 @@ +--- +title: kubectl label +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update the labels on a resource. + + * A label key and value must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters each. + * Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app. + * If --overwrite is true, then existing labels can be overwritten, otherwise attempting to overwrite a label will result in an error. + * If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used. + +``` +kubectl label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version] +``` + +## {{% heading "examples" %}} + +``` + # Update pod 'foo' with the label 'unhealthy' and the value 'true' + kubectl label pods foo unhealthy=true + + # Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value + kubectl label --overwrite pods foo status=unhealthy + + # Update all pods in the namespace + kubectl label pods --all status=unhealthy + + # Update a pod identified by the type and name in "pod.json" + kubectl label -f pod.json status=unhealthy + + # Update pod 'foo' only if the resource is unchanged from version 1 + kubectl label pods foo status=unhealthy --resource-version=1 + + # Update pod 'foo' by removing a label named 'bar' if it exists + # Does not require the --overwrite flag + kubectl label pods foo bar- +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources, in the namespace of the specified resource types

      -A, --all-namespaces

      If true, check the specified action in all namespaces.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-label"

      Name of the manager used to track field ownership.

      --field-selector string

      Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to update the labels

      -h, --help

      help for label

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --list

      If true, display the labels for a given resource.

      --local

      If true, label will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --overwrite

      If true, allow labels to be overwritten, otherwise reject label updates that overwrite existing labels.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --resource-version string

      If non-empty, the labels update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_logs.md b/content/en/docs/reference/kubectl/generated/kubectl_logs.md new file mode 100644 index 0000000000000..d4ff82c762c71 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_logs.md @@ -0,0 +1,420 @@ +--- +title: kubectl logs +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Print the logs for a container in a pod or specified resource. If the pod has only one container, the container name is optional. + +``` +kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] +``` + +## {{% heading "examples" %}} + +``` + # Return snapshot logs from pod nginx with only one container + kubectl logs nginx + + # Return snapshot logs from pod nginx with multi containers + kubectl logs nginx --all-containers=true + + # Return snapshot logs from all containers in pods defined by label app=nginx + kubectl logs -l app=nginx --all-containers=true + + # Return snapshot of previous terminated ruby container logs from pod web-1 + kubectl logs -p -c ruby web-1 + + # Begin streaming the logs of the ruby container in pod web-1 + kubectl logs -f -c ruby web-1 + + # Begin streaming the logs from all containers in pods defined by label app=nginx + kubectl logs -f -l app=nginx --all-containers=true + + # Display only the most recent 20 lines of output in pod nginx + kubectl logs --tail=20 nginx + + # Show all logs from pod nginx written in the last hour + kubectl logs --since=1h nginx + + # Show logs from a kubelet with an expired serving certificate + kubectl logs --insecure-skip-tls-verify-backend nginx + + # Return snapshot logs from first container of a job named hello + kubectl logs job/hello + + # Return snapshot logs from container nginx-1 of a deployment named nginx + kubectl logs deployment/nginx -c nginx-1 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all-containers

      Get all containers' logs in the pod(s).

      -c, --container string

      Print the logs of this container

      -f, --follow

      Specify if the logs should be streamed.

      -h, --help

      help for logs

      --ignore-errors

      If watching / following pod logs, allow for any errors that occur to be non-fatal

      --insecure-skip-tls-verify-backend

      Skip verifying the identity of the kubelet that logs are requested from. In theory, an attacker could provide invalid log content back. You might want to use this if your kubelet serving certificates have expired.

      --limit-bytes int

      Maximum bytes of logs to return. Defaults to no limit.

      --max-log-requests int     Default: 5

      Specify maximum number of concurrent logs to follow when using by a selector. Defaults to 5.

      --pod-running-timeout duration     Default: 20s

      The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

      --prefix

      Prefix each log line with the log source (pod name and container name)

      -p, --previous

      If true, print the logs for the previous instance of the container in a pod if it exists.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --since duration

      Only return logs newer than a relative duration like 5s, 2m, or 3h. Defaults to all logs. Only one of since-time / since may be used.

      --since-time string

      Only return logs after a specific date (RFC3339). Defaults to all logs. Only one of since-time / since may be used.

      --tail int     Default: -1

      Lines of recent log file to display. Defaults to -1 with no selector, showing all log lines otherwise 10, if a selector is provided.

      --timestamps

      Include timestamps on each line in the log output

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_options.md b/content/en/docs/reference/kubectl/generated/kubectl_options.md new file mode 100644 index 0000000000000..e478a1625bd39 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_options.md @@ -0,0 +1,285 @@ +--- +title: kubectl options +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Print the list of flags inherited by all commands + +``` +kubectl options [flags] +``` + +## {{% heading "examples" %}} + +``` + # Print flags inherited by all commands + kubectl options +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for options

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_patch.md b/content/en/docs/reference/kubectl/generated/kubectl_patch.md new file mode 100644 index 0000000000000..b0b4d204aac2d --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_patch.md @@ -0,0 +1,402 @@ +--- +title: kubectl patch +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update fields of a resource using strategic merge patch, a JSON merge patch, or a JSON patch. + + JSON and YAML formats are accepted. + + Note: Strategic merge patch is not supported for custom resources. + +``` +kubectl patch (-f FILENAME | TYPE NAME) [-p PATCH|--patch-file FILE] +``` + +## {{% heading "examples" %}} + +``` + # Partially update a node using a strategic merge patch, specifying the patch as JSON + kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}' + + # Partially update a node using a strategic merge patch, specifying the patch as YAML + kubectl patch node k8s-node-1 -p $'spec:\n unschedulable: true' + + # Partially update a node identified by the type and name specified in "node.json" using strategic merge patch + kubectl patch -f node.json -p '{"spec":{"unschedulable":true}}' + + # Update a container's image; spec.containers[*].name is required because it's a merge key + kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}' + + # Update a container's image using a JSON patch with positional arrays + kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]' + + # Update a deployment's replicas through the 'scale' subresource using a merge patch + kubectl patch deployment nginx-deployment --subresource='scale' --type='merge' -p '{"spec":{"replicas":2}}' +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-patch"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to update

      -h, --help

      help for patch

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --local

      If true, patch will operate on the content of the file, not the server-side resource.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -p, --patch string

      The patch to be applied to the resource JSON file.

      --patch-file string

      A file containing a patch to be applied to the resource.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --subresource string

      If specified, patch will operate on the subresource of the requested object. Must be one of [status scale]. This flag is beta and may change in the future.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --type string     Default: "strategic"

      The type of patch being provided; one of [json merge strategic]

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_plugin.md b/content/en/docs/reference/kubectl/generated/kubectl_plugin.md new file mode 100644 index 0000000000000..2cc9b2bd13061 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_plugin.md @@ -0,0 +1,283 @@ +--- +title: kubectl plugin +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Provides utilities for interacting with plugins. + + Plugins provide extended functionality that is not part of the major command-line distribution. Please refer to the documentation and examples for more information about how write your own plugins. + + The easiest way to discover and install plugins is via the kubernetes sub-project krew. To install krew, visit https://krew.sigs.k8s.io/docs/user-guide/setup/install/ krew.sigs.k8s.io https://krew.sigs.k8s.io/docs/user-guide/setup/install/ + +``` +kubectl plugin [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for plugin

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl plugin list](kubectl_plugin_list/) - List all visible plugin executables on a user's PATH + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_plugin_list.md b/content/en/docs/reference/kubectl/generated/kubectl_plugin_list.md new file mode 100644 index 0000000000000..8e830b4740414 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_plugin_list.md @@ -0,0 +1,294 @@ +--- +title: kubectl plugin list +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +List all available plugin files on a user's PATH. + + Available plugin files are those that are: - executable - anywhere on the user's PATH - begin with "kubectl-" + +``` +kubectl plugin list [flags] +``` + +## {{% heading "examples" %}} + +``` + # List all available plugins + kubectl plugin list +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + +
      -h, --help

      help for list

      --name-only

      If true, display only the binary name of each plugin, rather than its full path

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl plugin](kubectl_plugin/) - Provides utilities for interacting with plugins + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_port-forward.md b/content/en/docs/reference/kubectl/generated/kubectl_port-forward.md new file mode 100644 index 0000000000000..11fb01c56ba02 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_port-forward.md @@ -0,0 +1,321 @@ +--- +title: kubectl port-forward +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Forward one or more local ports to a pod. + + Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted. + + If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends when the selected pod terminates, and a rerun of the command is needed to resume forwarding. + +``` +kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N] +``` + +## {{% heading "examples" %}} + +``` + # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod + kubectl port-forward pod/mypod 5000 6000 + + # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the deployment + kubectl port-forward deployment/mydeployment 5000 6000 + + # Listen on port 8443 locally, forwarding to the targetPort of the service's port named "https" in a pod selected by the service + kubectl port-forward service/myservice 8443:https + + # Listen on port 8888 locally, forwarding to 5000 in the pod + kubectl port-forward pod/mypod 8888:5000 + + # Listen on port 8888 on all addresses, forwarding to 5000 in the pod + kubectl port-forward --address 0.0.0.0 pod/mypod 8888:5000 + + # Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod + kubectl port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000 + + # Listen on a random port locally, forwarding to 5000 in the pod + kubectl port-forward pod/mypod :5000 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      --address strings     Default: "localhost"

      Addresses to listen on (comma separated). Only accepts IP addresses or localhost as a value. When localhost is supplied, kubectl will try to bind on both 127.0.0.1 and ::1 and will fail if neither of these addresses are available to bind.

      -h, --help

      help for port-forward

      --pod-running-timeout duration     Default: 1m0s

      The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_proxy.md b/content/en/docs/reference/kubectl/generated/kubectl_proxy.md new file mode 100644 index 0000000000000..29bc8155bb0d3 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_proxy.md @@ -0,0 +1,395 @@ +--- +title: kubectl proxy +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Creates a proxy server or application-level gateway between localhost and the Kubernetes API server. It also allows serving static content over specified HTTP path. All incoming data enters through one port and gets forwarded to the remote Kubernetes API server port, except for the path matching the static content path. + +``` +kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] +``` + +## {{% heading "examples" %}} + +``` + # To proxy all of the Kubernetes API and nothing else + kubectl proxy --api-prefix=/ + + # To proxy only part of the Kubernetes API and also some static files + # You can get pods info with 'curl localhost:8001/api/v1/pods' + kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/ + + # To proxy the entire Kubernetes API at a different root + # You can get pods info with 'curl localhost:8001/custom/api/v1/pods' + kubectl proxy --api-prefix=/custom/ + + # Run a proxy to the Kubernetes API server on port 8011, serving static content from ./local/www/ + kubectl proxy --port=8011 --www=./local/www/ + + # Run a proxy to the Kubernetes API server on an arbitrary local port + # The chosen port for the server will be output to stdout + kubectl proxy --port=0 + + # Run a proxy to the Kubernetes API server, changing the API prefix to k8s-api + # This makes e.g. the pods API available at localhost:8001/k8s-api/v1/pods/ + kubectl proxy --api-prefix=/k8s-api +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --accept-hosts string     Default: "^localhost$,^127\.0\.0\.1$,^\[::1\]$"

      Regular expression for hosts that the proxy should accept.

      --accept-paths string     Default: "^.*"

      Regular expression for paths that the proxy should accept.

      --address string     Default: "127.0.0.1"

      The IP address on which to serve on.

      --api-prefix string     Default: "/"

      Prefix to serve the proxied API under.

      --append-server-path

      If true, enables automatic path appending of the kube context server path to each request.

      --disable-filter

      If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.

      -h, --help

      help for proxy

      --keepalive duration

      keepalive specifies the keep-alive period for an active network connection. Set to 0 to disable keepalive.

      -p, --port int     Default: 8001

      The port on which to run the proxy. Set to 0 to pick a random port.

      --reject-methods string     Default: "^$"

      Regular expression for HTTP methods that the proxy should reject (example --reject-methods='POST,PUT,PATCH').

      --reject-paths string     Default: "^/api/.*/pods/.*/exec,
      ^/api/.*/pods/.*/attach"

      Regular expression for paths that the proxy should reject. Paths specified here will be rejected even accepted by --accept-paths.

      -u, --unix-socket string

      Unix socket on which to run the proxy.

      -w, --www string

      Also serve static files from the given directory under the specified prefix.

      -P, --www-prefix string     Default: "/static/"

      Prefix to serve static files under, if static file directory is specified.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_replace.md b/content/en/docs/reference/kubectl/generated/kubectl_replace.md new file mode 100644 index 0000000000000..6bcd289482ae4 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_replace.md @@ -0,0 +1,424 @@ +--- +title: kubectl replace +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Replace a resource by file name or stdin. + + JSON and YAML formats are accepted. If replacing an existing resource, the complete resource spec must be provided. This can be obtained by + + $ kubectl get TYPE NAME -o yaml + +``` +kubectl replace -f FILENAME +``` + +## {{% heading "examples" %}} + +``` + # Replace a pod using the data in pod.json + kubectl replace -f ./pod.json + + # Replace a pod based on the JSON passed into stdin + cat pod.json | kubectl replace -f - + + # Update a single-container pod's image version (tag) to v4 + kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f - + + # Force replace, delete and then re-create the resource + kubectl replace --force -f ./pod.json +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --cascade string[="background"]     Default: "background"

      Must be "background", "orphan", or "foreground". Selects the deletion cascading strategy for the dependents (e.g. Pods created by a ReplicationController). Defaults to background.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-replace"

      Name of the manager used to track field ownership.

      -f, --filename strings

      The files that contain the configurations to replace.

      --force

      If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.

      --grace-period int     Default: -1

      Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).

      -h, --help

      help for replace

      -k, --kustomize string

      Process a kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --raw string

      Raw URI to PUT to the server. Uses the transport specified by the kubeconfig file.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --subresource string

      If specified, replace will operate on the subresource of the requested object. Must be one of [status scale]. This flag is beta and may change in the future.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --timeout duration

      The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      --wait

      If true, wait for resources to be gone before returning. This waits for finalizers.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout.md new file mode 100644 index 0000000000000..7d5c1ccef7434 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout.md @@ -0,0 +1,306 @@ +--- +title: kubectl rollout +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Manage the rollout of one or many resources. + + Valid resource types include: + + * deployments + * daemonsets + * statefulsets + +``` +kubectl rollout SUBCOMMAND +``` + +## {{% heading "examples" %}} + +``` + # Rollback to the previous deployment + kubectl rollout undo deployment/abc + + # Check the rollout status of a daemonset + kubectl rollout status daemonset/foo + + # Restart a deployment + kubectl rollout restart deployment/abc + + # Restart deployments with the 'app=nginx' label + kubectl rollout restart deployment --selector=app=nginx +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for rollout

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl rollout history](kubectl_rollout_history/) - View rollout history +* [kubectl rollout pause](kubectl_rollout_pause/) - Mark the provided resource as paused +* [kubectl rollout restart](kubectl_rollout_restart/) - Restart a resource +* [kubectl rollout resume](kubectl_rollout_resume/) - Resume a paused resource +* [kubectl rollout status](kubectl_rollout_status/) - Show the status of the rollout +* [kubectl rollout undo](kubectl_rollout_undo/) - Undo a previous rollout + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_history.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout_history.md new file mode 100644 index 0000000000000..b4f6f42eb1836 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout_history.md @@ -0,0 +1,351 @@ +--- +title: kubectl rollout history +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +View previous rollout revisions and configurations. + +``` +kubectl rollout history (TYPE NAME | TYPE/NAME) [flags] +``` + +## {{% heading "examples" %}} + +``` + # View the rollout history of a deployment + kubectl rollout history deployment/abc + + # View the details of daemonset revision 3 + kubectl rollout history daemonset/abc --revision=3 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for history

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --revision int

      See the details, including podTemplate of the revision specified

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_pause.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout_pause.md new file mode 100644 index 0000000000000..8e3fbd2a6d926 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout_pause.md @@ -0,0 +1,352 @@ +--- +title: kubectl rollout pause +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Mark the provided resource as paused. + + Paused resources will not be reconciled by a controller. Use "kubectl rollout resume" to resume a paused resource. Currently only deployments support being paused. + +``` +kubectl rollout pause RESOURCE +``` + +## {{% heading "examples" %}} + +``` + # Mark the nginx deployment as paused + # Any current state of the deployment will continue its function; new updates + # to the deployment will not have an effect as long as the deployment is paused + kubectl rollout pause deployment/nginx +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --field-manager string     Default: "kubectl-rollout"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for pause

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_restart.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout_restart.md new file mode 100644 index 0000000000000..b611531bdbdaa --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout_restart.md @@ -0,0 +1,356 @@ +--- +title: kubectl rollout restart +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Restart a resource. + + Resource rollout will be restarted. + +``` +kubectl rollout restart RESOURCE +``` + +## {{% heading "examples" %}} + +``` + # Restart a deployment + kubectl rollout restart deployment/nginx + + # Restart a daemon set + kubectl rollout restart daemonset/abc + + # Restart deployments with the app=nginx label + kubectl rollout restart deployment --selector=app=nginx +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --field-manager string     Default: "kubectl-rollout"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for restart

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_resume.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout_resume.md new file mode 100644 index 0000000000000..c26c4b407534a --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout_resume.md @@ -0,0 +1,350 @@ +--- +title: kubectl rollout resume +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Resume a paused resource. + + Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed. + +``` +kubectl rollout resume RESOURCE +``` + +## {{% heading "examples" %}} + +``` + # Resume an already paused deployment + kubectl rollout resume deployment/nginx +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --field-manager string     Default: "kubectl-rollout"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for resume

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_status.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout_status.md new file mode 100644 index 0000000000000..4f342be6161a6 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout_status.md @@ -0,0 +1,336 @@ +--- +title: kubectl rollout status +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Show the status of the rollout. + + By default 'rollout status' will watch the status of the latest rollout until it's done. If you don't want to wait for the rollout to finish then you can use --watch=false. Note that if a new rollout starts in-between, then 'rollout status' will continue watching the latest revision. If you want to pin to a specific revision and abort if it is rolled over by another revision, use --revision=N where N is the revision you need to watch for. + +``` +kubectl rollout status (TYPE NAME | TYPE/NAME) [flags] +``` + +## {{% heading "examples" %}} + +``` + # Watch the rollout status of a deployment + kubectl rollout status deployment/nginx +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for status

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --revision int

      Pin to a specific revision for showing its status. Defaults to 0 (last revision).

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --timeout duration

      The length of time to wait before ending watch, zero means never. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).

      -w, --watch     Default: true

      Watch the status of the rollout until it's done.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_undo.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout_undo.md new file mode 100644 index 0000000000000..5c9f60a2f87ea --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout_undo.md @@ -0,0 +1,361 @@ +--- +title: kubectl rollout undo +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Roll back to a previous rollout. + +``` +kubectl rollout undo (TYPE NAME | TYPE/NAME) [flags] +``` + +## {{% heading "examples" %}} + +``` + # Roll back to the previous deployment + kubectl rollout undo deployment/abc + + # Roll back to daemonset revision 3 + kubectl rollout undo daemonset/abc --to-revision=3 + + # Roll back to the previous deployment with dry-run + kubectl rollout undo --dry-run=server deployment/abc +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for undo

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --to-revision int

      The revision to rollback to. Default to 0 (last revision).

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_run.md b/content/en/docs/reference/kubectl/generated/kubectl_run.md new file mode 100644 index 0000000000000..3869443e1a5b4 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_run.md @@ -0,0 +1,491 @@ +--- +title: kubectl run +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Create and run a particular image in a pod. + +``` +kubectl run NAME --image=image [--env="key=value"] [--port=port] [--dry-run=server|client] [--overrides=inline-json] [--command] -- [COMMAND] [args...] +``` + +## {{% heading "examples" %}} + +``` + # Start a nginx pod + kubectl run nginx --image=nginx + + # Start a hazelcast pod and let the container expose port 5701 + kubectl run hazelcast --image=hazelcast/hazelcast --port=5701 + + # Start a hazelcast pod and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container + kubectl run hazelcast --image=hazelcast/hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default" + + # Start a hazelcast pod and set labels "app=hazelcast" and "env=prod" in the container + kubectl run hazelcast --image=hazelcast/hazelcast --labels="app=hazelcast,env=prod" + + # Dry run; print the corresponding API objects without creating them + kubectl run nginx --image=nginx --dry-run=client + + # Start a nginx pod, but overload the spec with a partial set of values parsed from JSON + kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }' + + # Start a busybox pod and keep it in the foreground, don't restart it if it exits + kubectl run -i -t busybox --image=busybox --restart=Never + + # Start the nginx pod using the default command, but use custom arguments (arg1 .. argN) for that command + kubectl run nginx --image=nginx -- ... + + # Start the nginx pod using a different command and custom arguments + kubectl run nginx --image=nginx --command -- ... +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --annotations strings

      Annotations to apply to the pod.

      --attach

      If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned.

      --command

      If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --env strings

      Environment variables to set in the container.

      --expose --port

      If true, create a ClusterIP service associated with the pod. Requires --port.

      --field-manager string     Default: "kubectl-run"

      Name of the manager used to track field ownership.

      -h, --help

      help for run

      --image string

      The image for the container to run.

      --image-pull-policy string

      The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server.

      -l, --labels string

      Comma separated labels to apply to the pod. Will override previous values.

      --leave-stdin-open

      If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --override-type string     Default: "merge"

      The method used to override the generated object: json, merge, or strategic.

      --overrides string

      An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.

      --pod-running-timeout duration     Default: 1m0s

      The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

      --port string

      The port that this container exposes.

      --privileged

      If true, run the container in privileged mode.

      -q, --quiet

      If true, suppress prompt messages.

      --restart string     Default: "Always"

      The restart policy for this Pod. Legal values [Always, OnFailure, Never].

      --rm

      If true, delete the pod after it exits. Only valid when attaching to the container, e.g. with '--attach' or with '-i/--stdin'.

      --save-config

      If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      -i, --stdin

      Keep stdin open on the container in the pod, even if nothing is attached.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      -t, --tty

      Allocate a TTY for the container in the pod.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_scale.md b/content/en/docs/reference/kubectl/generated/kubectl_scale.md new file mode 100644 index 0000000000000..4ad2845005a92 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_scale.md @@ -0,0 +1,399 @@ +--- +title: kubectl scale +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set a new size for a deployment, replica set, replication controller, or stateful set. + + Scale also allows users to specify one or more preconditions for the scale action. + + If --current-replicas or --resource-version is specified, it is validated before the scale is attempted, and it is guaranteed that the precondition holds true when the scale is sent to the server. + +``` +kubectl scale [--resource-version=version] [--current-replicas=count] --replicas=COUNT (-f FILENAME | TYPE NAME) +``` + +## {{% heading "examples" %}} + +``` + # Scale a replica set named 'foo' to 3 + kubectl scale --replicas=3 rs/foo + + # Scale a resource identified by type and name specified in "foo.yaml" to 3 + kubectl scale --replicas=3 -f foo.yaml + + # If the deployment named mysql's current size is 2, scale mysql to 3 + kubectl scale --current-replicas=2 --replicas=3 deployment/mysql + + # Scale multiple replication controllers + kubectl scale --replicas=5 rc/example1 rc/example2 rc/example3 + + # Scale stateful set named 'web' to 3 + kubectl scale --replicas=3 statefulset/web +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources in the namespace of the specified resource types

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --current-replicas int     Default: -1

      Precondition for current size. Requires that the current size of the resource match this value in order to scale. -1 (default) for no condition.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to set a new size

      -h, --help

      help for scale

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --replicas int

      The new desired number of replicas. Required.

      --resource-version string

      Precondition for resource version. Requires that the current resource version match this value in order to scale.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --timeout duration

      The length of time to wait before giving up on a scale operation, zero means don't wait. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set.md b/content/en/docs/reference/kubectl/generated/kubectl_set.md new file mode 100644 index 0000000000000..a09bbcfb93299 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_set.md @@ -0,0 +1,286 @@ +--- +title: kubectl set +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Configure application resources. + + These commands help you make changes to existing application resources. + +``` +kubectl set SUBCOMMAND +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for set

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl set env](kubectl_set_env/) - Update environment variables on a pod template +* [kubectl set image](kubectl_set_image/) - Update the image of a pod template +* [kubectl set resources](kubectl_set_resources/) - Update resource requests/limits on objects with pod templates +* [kubectl set selector](kubectl_set_selector/) - Set the selector on a resource +* [kubectl set serviceaccount](kubectl_set_serviceaccount/) - Update the service account of a resource +* [kubectl set subject](kubectl_set_subject/) - Update the user, group, or service account in a role binding or cluster role binding + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_env.md b/content/en/docs/reference/kubectl/generated/kubectl_set_env.md new file mode 100644 index 0000000000000..1eec0c35c41c1 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_set_env.md @@ -0,0 +1,464 @@ +--- +title: kubectl set env +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update environment variables on a pod template. + + List environment variable definitions in one or more pods, pod templates. Add, update, or remove container environment variable definitions in one or more pod templates (within replication controllers or deployment configurations). View or modify the environment variable definitions on all containers in the specified pods or pod templates, or just those that match a wildcard. + + If "--env -" is passed, environment variables can be read from STDIN using the standard env syntax. + + Possible resources include (case insensitive): + + pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), statefulset (sts), cronjob (cj), replicaset (rs) + +``` +kubectl set env RESOURCE/NAME KEY_1=VAL_1 ... KEY_N=VAL_N +``` + +## {{% heading "examples" %}} + +``` + # Update deployment 'registry' with a new environment variable + kubectl set env deployment/registry STORAGE_DIR=/local + + # List the environment variables defined on a deployments 'sample-build' + kubectl set env deployment/sample-build --list + + # List the environment variables defined on all pods + kubectl set env pods --all --list + + # Output modified deployment in YAML, and does not alter the object on the server + kubectl set env deployment/sample-build STORAGE_DIR=/data -o yaml + + # Update all containers in all replication controllers in the project to have ENV=prod + kubectl set env rc --all ENV=prod + + # Import environment from a secret + kubectl set env --from=secret/mysecret deployment/myapp + + # Import environment from a config map with a prefix + kubectl set env --from=configmap/myconfigmap --prefix=MYSQL_ deployment/myapp + + # Import specific keys from a config map + kubectl set env --keys=my-example-key --from=configmap/myconfigmap deployment/myapp + + # Remove the environment variable ENV from container 'c1' in all deployment configs + kubectl set env deployments --all --containers="c1" ENV- + + # Remove the environment variable ENV from a deployment definition on disk and + # update the deployment config on the server + kubectl set env -f deploy.json ENV- + + # Set some of the local shell environment into a deployment config on the server + env | grep RAILS_ | kubectl set env -e - deployment/registry +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      If true, select all resources in the namespace of the specified resource types

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -c, --containers string     Default: "*"

      The names of containers in the selected pod templates to change - may use wildcards

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      -e, --env strings

      Specify a key-value pair for an environment variable to set into each container.

      --field-manager string     Default: "kubectl-set"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files the resource to update the env

      --from string

      The name of a resource from which to inject environment variables

      -h, --help

      help for env

      --keys strings

      Comma-separated list of keys to import from specified resource

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --list

      If true, display the environment and any changes in the standard format. this flag will removed when we have kubectl view env.

      --local

      If true, set env will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --overwrite     Default: true

      If true, allow environment to be overwritten, otherwise reject updates that overwrite existing environment.

      --prefix string

      Prefix to append to variable names

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --resolve

      If true, show secret or configmap references when listing variables

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl set](kubectl_set/) - Set specific features on objects + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_image.md b/content/en/docs/reference/kubectl/generated/kubectl_set_image.md new file mode 100644 index 0000000000000..9e8a13a37808c --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_set_image.md @@ -0,0 +1,382 @@ +--- +title: kubectl set image +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update existing container image(s) of resources. + + Possible resources include (case insensitive): + + pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), statefulset (sts), cronjob (cj), replicaset (rs) + +``` +kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N +``` + +## {{% heading "examples" %}} + +``` + # Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox' + kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1 + + # Update all deployments' and rc's nginx container's image to 'nginx:1.9.1' + kubectl set image deployments,rc nginx=nginx:1.9.1 --all + + # Update image of all containers of daemonset abc to 'nginx:1.9.1' + kubectl set image daemonset abc *=nginx:1.9.1 + + # Print result (in yaml format) of updating nginx container image from local file, without hitting the server + kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources, in the namespace of the specified resource types

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-set"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for image

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --local

      If true, set image will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl set](kubectl_set/) - Set specific features on objects + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_resources.md b/content/en/docs/reference/kubectl/generated/kubectl_set_resources.md new file mode 100644 index 0000000000000..5d3fa8ba00e54 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_set_resources.md @@ -0,0 +1,403 @@ +--- +title: kubectl set resources +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Specify compute resource requirements (CPU, memory) for any resource that defines a pod template. If a pod is successfully scheduled, it is guaranteed the amount of resource requested, but may burst up to its specified limits. + + For each compute resource, if a limit is specified and a request is omitted, the request will default to the limit. + + Possible resources include (case insensitive): Use "kubectl api-resources" for a complete list of supported resources.. + +``` +kubectl set resources (-f FILENAME | TYPE NAME) ([--limits=LIMITS & --requests=REQUESTS] +``` + +## {{% heading "examples" %}} + +``` + # Set a deployments nginx container cpu limits to "200m" and memory to "512Mi" + kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi + + # Set the resource request and limits for all containers in nginx + kubectl set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi + + # Remove the resource requests for resources on containers in nginx + kubectl set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0 + + # Print the result (in yaml format) of updating nginx container limits from a local, without hitting the server + kubectl set resources -f path/to/file.yaml --limits=cpu=200m,memory=512Mi --local -o yaml +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources, in the namespace of the specified resource types

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -c, --containers string     Default: "*"

      The names of containers in the selected pod templates to change, all containers are selected by default - may use wildcards

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-set"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for resources

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --limits string

      The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.

      --local

      If true, set resources will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --requests string

      The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl set](kubectl_set/) - Set specific features on objects + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_selector.md b/content/en/docs/reference/kubectl/generated/kubectl_set_selector.md new file mode 100644 index 0000000000000..dc461d528bc63 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_set_selector.md @@ -0,0 +1,365 @@ +--- +title: kubectl set selector +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Set the selector on a resource. Note that the new selector will overwrite the old selector if the resource had one prior to the invocation of 'set selector'. + + A selector must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters. If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used. Note: currently selectors can only be set on Service objects. + +``` +kubectl set selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=version] +``` + +## {{% heading "examples" %}} + +``` + # Set the labels and selector before creating a deployment/service pair + kubectl create service clusterip my-svc --clusterip="None" -o yaml --dry-run=client | kubectl set selector --local -f - 'environment=qa' -o yaml | kubectl create -f - + kubectl create deployment my-dep -o yaml --dry-run=client | kubectl label --local -f - environment=qa -o yaml | kubectl create -f - +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources in the namespace of the specified resource types

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-set"

      Name of the manager used to track field ownership.

      -f, --filename strings

      identifying the resource.

      -h, --help

      help for selector

      --local

      If true, annotation will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive     Default: true

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --resource-version string

      If non-empty, the selectors update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl set](kubectl_set/) - Set specific features on objects + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_serviceaccount.md b/content/en/docs/reference/kubectl/generated/kubectl_set_serviceaccount.md new file mode 100644 index 0000000000000..c5507b3f05a64 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_set_serviceaccount.md @@ -0,0 +1,369 @@ +--- +title: kubectl set serviceaccount +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update the service account of pod template resources. + + Possible resources (case insensitive) can be: + + replicationcontroller (rc), deployment (deploy), daemonset (ds), job, replicaset (rs), statefulset + +``` +kubectl set serviceaccount (-f FILENAME | TYPE NAME) SERVICE_ACCOUNT +``` + +## {{% heading "examples" %}} + +``` + # Set deployment nginx-deployment's service account to serviceaccount1 + kubectl set serviceaccount deployment nginx-deployment serviceaccount1 + + # Print the result (in YAML format) of updated nginx deployment with the service account from local file, without hitting the API server + kubectl set sa -f nginx-deployment.yaml serviceaccount1 --local --dry-run=client -o yaml +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources, in the namespace of the specified resource types

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-set"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files identifying the resource to get from a server.

      -h, --help

      help for serviceaccount

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --local

      If true, set serviceaccount will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl set](kubectl_set/) - Set specific features on objects + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_subject.md b/content/en/docs/reference/kubectl/generated/kubectl_set_subject.md new file mode 100644 index 0000000000000..0d00f9658f0a9 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_set_subject.md @@ -0,0 +1,389 @@ +--- +title: kubectl set subject +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update the user, group, or service account in a role binding or cluster role binding. + +``` +kubectl set subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + +``` + # Update a cluster role binding for serviceaccount1 + kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1 + + # Update a role binding for user1, user2, and group1 + kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1 + + # Print the result (in YAML format) of updating rolebinding subjects from a local, without hitting the server + kubectl create rolebinding admin --role=admin --user=admin -o yaml --dry-run=client | kubectl set subject --local -f - --user=foo -o yaml +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources, in the namespace of the specified resource types

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-set"

      Name of the manager used to track field ownership.

      -f, --filename strings

      Filename, directory, or URL to files the resource to update the subjects

      --group strings

      Groups to bind to the role

      -h, --help

      help for subject

      -k, --kustomize string

      Process the kustomization directory. This flag can't be used together with -f or -R.

      --local

      If true, set subject will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --serviceaccount strings

      Service accounts to bind to the role

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --user strings

      Usernames to bind to the role

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl set](kubectl_set/) - Set specific features on objects + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_taint.md b/content/en/docs/reference/kubectl/generated/kubectl_taint.md new file mode 100644 index 0000000000000..62b8240b3f821 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_taint.md @@ -0,0 +1,375 @@ +--- +title: kubectl taint +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Update the taints on one or more nodes. + + * A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect. + * The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters. + * Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app. + * The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters. + * The effect must be NoSchedule, PreferNoSchedule or NoExecute. + * Currently taint can only apply to node. + +``` +kubectl taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N +``` + +## {{% heading "examples" %}} + +``` + # Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule' + # If a taint with that key and effect already exists, its value is replaced as specified + kubectl taint nodes foo dedicated=special-user:NoSchedule + + # Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists + kubectl taint nodes foo dedicated:NoSchedule- + + # Remove from node 'foo' all the taints with key 'dedicated' + kubectl taint nodes foo dedicated- + + # Add a taint with key 'dedicated' on nodes having label myLabel=X + kubectl taint node -l myLabel=X dedicated=foo:PreferNoSchedule + + # Add to node 'foo' a taint with key 'bar' and no value + kubectl taint nodes foo bar:NoSchedule +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all nodes in the cluster

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      --field-manager string     Default: "kubectl-taint"

      Name of the manager used to track field ownership.

      -h, --help

      help for taint

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      --overwrite

      If true, allow taints to be overwritten, otherwise reject taint updates that overwrite existing taints.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --validate string[="strict"]     Default: "strict"

      Must be one of: strict (or true), warn, ignore (or false).
      "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.
      "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.
      "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_top.md b/content/en/docs/reference/kubectl/generated/kubectl_top.md new file mode 100644 index 0000000000000..c9b09dab342a8 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_top.md @@ -0,0 +1,284 @@ +--- +title: kubectl top +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display resource (CPU/memory) usage. + + The top command allows you to see the resource consumption for nodes or pods. + + This command requires Metrics Server to be correctly configured and working on the server. + +``` +kubectl top [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
      -h, --help

      help for top

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl top node](kubectl_top_node/) - Display resource (CPU/memory) usage of nodes +* [kubectl top pod](kubectl_top_pod/) - Display resource (CPU/memory) usage of pods + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_top_node.md b/content/en/docs/reference/kubectl/generated/kubectl_top_node.md new file mode 100644 index 0000000000000..6a7b83d8020c0 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_top_node.md @@ -0,0 +1,325 @@ +--- +title: kubectl top node +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display resource (CPU/memory) usage of nodes. + + The top-node command allows you to see the resource consumption of nodes. + +``` +kubectl top node [NAME | -l label] +``` + +## {{% heading "examples" %}} + +``` + # Show metrics for all nodes + kubectl top node + + # Show metrics for a given node + kubectl top node NODE_NAME +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -h, --help

      help for node

      --no-headers

      If present, print output without headers

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --show-capacity

      Print node resources based on Capacity instead of Allocatable(default) of the nodes.

      --sort-by string

      If non-empty, sort nodes list using specified field. The field can be either 'cpu' or 'memory'.

      --use-protocol-buffers     Default: true

      Enables using protocol-buffers to access Metrics API.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl top](kubectl_top/) - Display resource (CPU/memory) usage + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_top_pod.md b/content/en/docs/reference/kubectl/generated/kubectl_top_pod.md new file mode 100644 index 0000000000000..4f1eca2153e71 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_top_pod.md @@ -0,0 +1,354 @@ +--- +title: kubectl top pod +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Display resource (CPU/memory) usage of pods. + + The 'top pod' command allows you to see the resource consumption of pods. + + Due to the metrics pipeline delay, they may be unavailable for a few minutes since pod creation. + +``` +kubectl top pod [NAME | -l label] +``` + +## {{% heading "examples" %}} + +``` + # Show metrics for all pods in the default namespace + kubectl top pod + + # Show metrics for all pods in the given namespace + kubectl top pod --namespace=NAMESPACE + + # Show metrics for a given pod and its containers + kubectl top pod POD_NAME --containers + + # Show metrics for the pods defined by label name=myLabel + kubectl top pod -l name=myLabel +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      -A, --all-namespaces

      If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.

      --containers

      If present, print usage of containers within a pod.

      --field-selector string

      Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.

      -h, --help

      help for pod

      --no-headers

      If present, print output without headers.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      --sort-by string

      If non-empty, sort pods list using specified field. The field can be either 'cpu' or 'memory'.

      --sum

      Print the sum of the resource usage

      --use-protocol-buffers     Default: true

      Enables using protocol-buffers to access Metrics API.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl top](kubectl_top/) - Display resource (CPU/memory) usage + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_uncordon.md b/content/en/docs/reference/kubectl/generated/kubectl_uncordon.md new file mode 100644 index 0000000000000..64ee119690099 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_uncordon.md @@ -0,0 +1,299 @@ +--- +title: kubectl uncordon +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Mark node as schedulable. + +``` +kubectl uncordon NODE +``` + +## {{% heading "examples" %}} + +``` + # Mark node "foo" as schedulable + kubectl uncordon foo +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      --dry-run string[="unchanged"]     Default: "none"

      Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.

      -h, --help

      help for uncordon

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_version.md b/content/en/docs/reference/kubectl/generated/kubectl_version.md new file mode 100644 index 0000000000000..b7241e2244903 --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_version.md @@ -0,0 +1,299 @@ +--- +title: kubectl version +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Print the client and server version information for the current context. + +``` +kubectl version [flags] +``` + +## {{% heading "examples" %}} + +``` + # Print the client and server versions for the current context + kubectl version +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      --client

      If true, shows client version only (no server required).

      -h, --help

      help for version

      -o, --output string

      One of 'yaml' or 'json'.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/generated/kubectl_wait.md b/content/en/docs/reference/kubectl/generated/kubectl_wait.md new file mode 100644 index 0000000000000..aa9f8bf0b069e --- /dev/null +++ b/content/en/docs/reference/kubectl/generated/kubectl_wait.md @@ -0,0 +1,395 @@ +--- +title: kubectl wait +content_type: tool-reference +weight: 30 +auto_generated: true +--- + + + + + +## {{% heading "synopsis" %}} + + +Experimental: Wait for a specific condition on one or many resources. + + The command takes multiple resources and waits until the specified condition is seen in the Status field of every given resource. + + Alternatively, the command can wait for the given set of resources to be deleted by providing the "delete" keyword as the value to the --for flag. + + A successful message will be printed to stdout indicating when the specified condition has been met. You can use -o option to change to output destination. + +``` +kubectl wait ([-f FILENAME] | resource.group/resource.name | resource.group [(-l label | --all)]) [--for=delete|--for condition=available|--for=jsonpath='{}'[=value]] +``` + +## {{% heading "examples" %}} + +``` + # Wait for the pod "busybox1" to contain the status condition of type "Ready" + kubectl wait --for=condition=Ready pod/busybox1 + + # The default value of status condition is true; you can wait for other targets after an equal delimiter (compared after Unicode simple case folding, which is a more general form of case-insensitivity) + kubectl wait --for=condition=Ready=false pod/busybox1 + + # Wait for the pod "busybox1" to contain the status phase to be "Running" + kubectl wait --for=jsonpath='{.status.phase}'=Running pod/busybox1 + + # Wait for the service "loadbalancer" to have ingress. + kubectl wait --for=jsonpath='{.status.loadBalancer.ingress}' service/loadbalancer + + # Wait for the pod "busybox1" to be deleted, with a timeout of 60s, after having issued the "delete" command + kubectl delete pod/busybox1 + kubectl wait --for=delete pod/busybox1 --timeout=60s +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --all

      Select all resources in the namespace of the specified resource types

      -A, --all-namespaces

      If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --field-selector string

      Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.

      -f, --filename strings

      identifying the resource.

      --for string

      The condition to wait on: [delete|condition=condition-name[=condition-value]|jsonpath='{JSONPath expression}'=[JSONPath value]]. The default condition-value is true. Condition values are compared after Unicode simple case folding, which is a more general form of case-insensitivity.

      -h, --help

      help for wait

      --local

      If true, annotation will NOT contact api-server but run locally.

      -o, --output string

      Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

      -R, --recursive     Default: true

      Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

      -l, --selector string

      Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      --template string

      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

      --timeout duration     Default: 30s

      The length of time to wait before giving up. Zero means check once and don't wait, negative means wait for a week.

      + + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      --as string

      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

      --as-group strings

      Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

      --as-uid string

      UID to impersonate for the operation.

      --azure-container-registry-config string

      Path to the file containing Azure container registry configuration information.

      --cache-dir string     Default: "$HOME/.kube/cache"

      Default cache directory

      --certificate-authority string

      Path to a cert file for the certificate authority

      --client-certificate string

      Path to a client certificate file for TLS

      --client-key string

      Path to a client key file for TLS

      --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

      --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

      CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

      --cluster string

      The name of the kubeconfig cluster to use

      --context string

      The name of the kubeconfig context to use

      --default-not-ready-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

      --default-unreachable-toleration-seconds int     Default: 300

      Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

      --disable-compression

      If true, opt-out of response compression for all requests to the server

      --insecure-skip-tls-verify

      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

      --kubeconfig string

      Path to the kubeconfig file to use for CLI requests.

      --match-server-version

      Require server version to match client version

      -n, --namespace string

      If present, the namespace scope for this CLI request

      --password string

      Password for basic authentication to the API server

      --profile string     Default: "none"

      Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

      --profile-output string     Default: "profile.pprof"

      Name of the file to write the profile to

      --request-timeout string     Default: "0"

      The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

      -s, --server string

      The address and port of the Kubernetes API server

      --tls-server-name string

      Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

      --token string

      Bearer token for authentication to the API server

      --user string

      The name of the kubeconfig user to use

      --username string

      Username for basic authentication to the API server

      --version version[=true]

      --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

      --warnings-as-errors

      Treat warnings received from the server as errors and exit with a non-zero exit code

      + + + +## {{% heading "seealso" %}} + +* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager + diff --git a/content/en/docs/reference/kubectl/kubectl-cmds.md b/content/en/docs/reference/kubectl/kubectl-cmds.md index ecb8b87c3b3a9..4230b9de3d171 100644 --- a/content/en/docs/reference/kubectl/kubectl-cmds.md +++ b/content/en/docs/reference/kubectl/kubectl-cmds.md @@ -3,4 +3,4 @@ title: kubectl Commands weight: 20 --- -[kubectl Command Reference](/docs/reference/generated/kubectl/kubectl-commands/) +[kubectl Command Reference](/docs/reference/kubectl/generated/kubectl/) From eaa2f53324918e60b26be348f20eaffc30a12dc0 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Tue, 19 Dec 2023 15:04:21 +0000 Subject: [PATCH 047/279] Add shortcode for Feature gate table --- data/i18n/en/en.toml | 33 ++++++ layouts/shortcodes/feature-gate-table.html | 114 +++++++++++++++++++++ 2 files changed, 147 insertions(+) create mode 100644 layouts/shortcodes/feature-gate-table.html diff --git a/data/i18n/en/en.toml b/data/i18n/en/en.toml index 3ebe1b5610ed9..4ada028a4737a 100644 --- a/data/i18n/en/en.toml +++ b/data/i18n/en/en.toml @@ -115,6 +115,39 @@ other = "Were you looking for:" [examples_heading] other = "Examples" +[feature_gate_stage_alpha] +other = "Alpha" + +[feature_gate_stage_beta] +other = "Beta" + +[feature_gate_stage_stable] +other = "GA" + +[feature_gate_stage_deprecated] +other = "Deprecated" + +[feature_gate_table_header_default] +other = "Default" + +[feature_gate_table_header_feature] +other = "Feature" + +[feature_gate_table_header_from] +other = "From" + +[feature_gate_table_header_since] +other = "Since" + +[feature_gate_table_header_stage] +other = "Stage" + +[feature_gate_table_header_to] +other = "To" + +[feature_gate_table_header_until] +other = "Until" + [feature_state] other = "FEATURE STATE:" diff --git a/layouts/shortcodes/feature-gate-table.html b/layouts/shortcodes/feature-gate-table.html new file mode 100644 index 0000000000000..325f2f7421193 --- /dev/null +++ b/layouts/shortcodes/feature-gate-table.html @@ -0,0 +1,114 @@ +{{- $featureDataFiles := .Site.GetPage "page" "docs/reference/command-line-tools-reference/feature-gates" -}} + + +{{- $removedFeatureGateRequested := .Get "show-removed" -}} + + +{{- $includeValues := .Get "include" -}} + + +{{- $sortedFeatureGates := sort ($featureDataFiles.Resources.ByType "page") -}} + + + + + + + + + + + + + + {{- range $featureGateFile := $sortedFeatureGates -}} + + + {{- $featureGateName := $featureGateFile.Params.Title -}} + + + {{- $removedStatusForFeature := index $featureGateFile.Params.Removed -}} + + + {{- if not (isSet $featureGateFile.Params "stages") -}} + {{- warnf "Stages parameter is missing in the front matter for %s in %s" $featureGateName (print $featureGateFile.File.Lang "/" $featureGateFile.File.Path) -}} + + {{- else -}} + {{- if not $removedFeatureGateRequested -}} + + + {{- if $removedStatusForFeature -}} + {{- continue -}} + {{- end -}} + + + {{- $onlyDisplayAlphaBetaFeature := or (in $includeValues "alpha") (in $includeValues "beta") -}} + {{- $graduatedOrDeprecatedFlag := false -}} + + + {{- range $stage := $featureGateFile.Params.stages -}} + {{- if or (eq ($stage).stage "stable") (eq ($stage).stage "deprecated") -}} + {{- $graduatedOrDeprecatedFlag = true -}} + {{- end -}} + {{- end -}} + + {{- if eq $onlyDisplayAlphaBetaFeature $graduatedOrDeprecatedFlag -}} + {{- continue -}} + {{- end -}} + + {{- else -}} + + {{- if not $removedStatusForFeature -}} + {{- continue -}} + {{- end -}} + {{- end -}} + + {{- range $featureGate := $featureGateFile.Params.stages -}} + + {{- $validStages := slice "alpha" "beta" "stable" "deprecated" -}} + {{- $isValidStage := in $validStages $featureGate.stage -}} + {{- if not $isValidStage -}} + {{- errorf "Invalid 'stage' value '%s' specified for feature gate '%s' in %s (Valid values are: %s)" $featureGate.stage $featureGateName (print $featureGateFile.File.Lang "/" $featureGateFile.File.Path) $validStages -}} + {{- end -}} + + + {{- $formattedFromVersion := printf "%s" $featureGate.fromVersion | replaceRE "(\\d+\\.\\d+(?:\\.\\d+)?)?.*" "$1" -}} + {{- $formattedToVersion := printf "%s" $featureGate.toVersion | replaceRE "(\\d+\\.\\d+(?:\\.\\d+)?)?.*" "$1" -}} + + + {{- if not (eq (printf "%s" $featureGate.fromVersion) $formattedFromVersion) -}} + {{- errorf "Invalid 'fromVersion' value '%s' specified for feature gate '%s' in %s" $featureGate.fromVersion $featureGateName (print $featureGateFile.File.Lang "/" $featureGateFile.File.Path) -}} + {{- end -}} + + + {{- if and $featureGate.toVersion (not (eq (printf "%s" $featureGate.toVersion) $formattedToVersion)) -}} + {{- errorf "Invalid 'toVersion' value '%s' specified for feature gate '%s' in %s" $featureGate.toVersion $featureGateName (print $featureGateFile.File.Lang "/" $featureGateFile.File.Path) -}} + {{- end -}} + + + + + + + + + + {{- end -}} + {{- end -}} + {{- end -}} + +
      + {{- .Get "caption" -}} +
      {{- T "feature_gate_table_header_feature" -}}{{- T "feature_gate_table_header_default" -}}{{- T "feature_gate_table_header_stage" -}} + {{- if $removedFeatureGateRequested -}} + {{- T "feature_gate_table_header_from" -}} + {{- else -}} + {{- T "feature_gate_table_header_since" -}} + {{- end -}} + + {{- if $removedFeatureGateRequested -}} + {{- T "feature_gate_table_header_to" -}} + {{- else -}} + {{- T "feature_gate_table_header_until" -}} + {{- end -}} +
      {{- $featureGateName -}}{{- if isSet $featureGate "defaultValue" -}}{{- $featureGate.defaultValue -}}{{- else -}}–{{- end -}}{{- T (printf "feature_gate_stage_%s" $featureGate.stage) -}}{{- $featureGate.fromVersion -}}{{- if isSet $featureGate "toVersion" -}}{{- $featureGate.toVersion -}}{{- else -}}–{{- end -}}
      \ No newline at end of file From 925881c2472f6163e2e6be70b5625e672933d071 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Sat, 23 Dec 2023 19:07:01 +0000 Subject: [PATCH 048/279] Add the new metadata to all the feature gate files --- .../feature-gates/accelerators.md | 11 ++++++++++ .../admission-webhook-match-conditions.md | 9 +++++++++ .../feature-gates/advanced-auditing.md | 16 +++++++++++++++ .../feature-gates/affinity-in-annotations.md | 11 ++++++++++ .../aggregated-discovery-endpoint.md | 9 +++++++++ .../allow-ext-traffic-local-endpoints.md | 12 +++++++++++ .../allow-insecure-backend-proxy.md | 12 +++++++++++ .../allow-service-lb-status-on-non-lb.md | 5 +++++ .../feature-gates/any-volume-data-source.md | 9 +++++++++ .../feature-gates/api-list-chunking.md | 13 ++++++++++++ .../api-priority-and-fairness.md | 13 ++++++++++++ .../feature-gates/api-response-compression.md | 9 +++++++++ .../feature-gates/api-self-subject-review.md | 13 ++++++++++++ .../feature-gates/api-server-identity.md | 9 +++++++++ .../feature-gates/api-server-tracing.md | 9 +++++++++ .../feature-gates/apparmor.md | 5 +++++ .../feature-gates/attach-volume-limit.md | 16 +++++++++++++++ .../balance-attached-node-volumes.md | 12 +++++++++++ .../feature-gates/block-volume.md | 16 +++++++++++++++ .../bound-service-account-token-volume.md | 16 +++++++++++++++ .../cloud-controller-manager-webhook.md | 5 +++++ .../cloud-dual-stack-node-ips.md | 9 +++++++++ .../cluster-trust-bundle-projection.md | 5 +++++ .../feature-gates/cluster-trust-bundle.md | 5 +++++ .../feature-gates/component-slis.md | 9 +++++++++ .../configurable-fs-group-policy.md | 16 +++++++++++++++ .../consistent-http-get-handlers.md | 5 +++++ .../consistent-list-from-cache.md | 5 +++++ .../feature-gates/container-checkpoint.md | 5 +++++ .../feature-gates/contextual-logging.md | 5 +++++ .../controller-manager-leader-migration.md | 16 +++++++++++++++ .../cpu-manager-policy-alpha-options.md | 5 +++++ .../cpu-manager-policy-beta-options.md | 5 +++++ .../cpu-manager-policy-options.md | 9 +++++++++ .../feature-gates/cpu-manager.md | 13 ++++++++++++ .../crd-validation-ratcheting.md | 5 +++++ .../cri-container-log-rotation.md | 16 +++++++++++++++ .../feature-gates/cron-job-controller-v2.md | 16 +++++++++++++++ .../feature-gates/cron-job-time-zone.md | 16 +++++++++++++++ .../cron-jobs-scheduled-annotation.md | 5 +++++ .../cross-namespace-volume-data-source.md | 5 +++++ .../feature-gates/csi-block-volume.md | 16 +++++++++++++++ .../feature-gates/csi-driver-registry.md | 16 +++++++++++++++ .../feature-gates/csi-inline-volume.md | 16 +++++++++++++++ .../csi-migration-aws-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-aws.md | 20 +++++++++++++++++++ .../csi-migration-azure-disk-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-azure-disk.md | 20 +++++++++++++++++++ .../csi-migration-azure-file-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-azure-file.md | 17 ++++++++++++++++ .../csi-migration-gce-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-gce.md | 20 +++++++++++++++++++ .../csi-migration-open-stack-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-open-stack.md | 16 +++++++++++++++ .../feature-gates/csi-migration-portworx.md | 9 +++++++++ .../feature-gates/csi-migration-rbd.md | 9 +++++++++ .../feature-gates/csi-migration.md | 16 +++++++++++++++ .../csi-migrationv-sphere-complete.md | 11 ++++++++++ .../feature-gates/csi-migrationv-sphere.md | 20 +++++++++++++++++++ .../feature-gates/csi-node-expand-secret.md | 13 ++++++++++++ .../feature-gates/csi-node-info.md | 16 +++++++++++++++ .../feature-gates/csi-persistent-volume.md | 16 +++++++++++++++ .../csi-service-account-token.md | 16 +++++++++++++++ .../feature-gates/csi-storage-capacity.md | 16 +++++++++++++++ .../csi-volume-fs-group-policy.md | 16 +++++++++++++++ .../feature-gates/csi-volume-health.md | 5 +++++ .../feature-gates/csr-duration.md | 12 +++++++++++ .../custom-cpu-cfs-quota-period.md | 5 +++++ .../feature-gates/custom-pod-dns.md | 16 +++++++++++++++ .../custom-resource-defaulting.md | 16 +++++++++++++++ .../custom-resource-publish-open-api.md | 16 +++++++++++++++ .../custom-resource-subresources.md | 16 +++++++++++++++ .../custom-resource-validation-expressions.md | 13 ++++++++++++ .../custom-resource-validation.md | 16 +++++++++++++++ .../custom-resource-webhook-conversion.md | 16 +++++++++++++++ .../feature-gates/daemon-set-update-surge.md | 16 +++++++++++++++ ...ult-host-network-ports-in-pod-templates.md | 5 +++++ .../default-pod-topology-spread.md | 16 +++++++++++++++ .../delegate-fs-group-to-csi-driver.md | 16 +++++++++++++++ .../device-plugin-cdi-devices.md | 10 ++++++++++ .../feature-gates/device-plugins.md | 16 +++++++++++++++ .../disable-accelerator-usage-metrics.md | 16 +++++++++++++++ .../feature-gates/disable-cloud-providers.md | 9 +++++++++ ...able-kubelet-cloud-credential-providers.md | 9 +++++++++ .../disable-node-kube-proxy-version.md | 5 +++++ .../feature-gates/downward-api-huge-pages.md | 20 +++++++++++++++++++ .../feature-gates/dry-run.md | 16 +++++++++++++++ .../feature-gates/dynamic-auditing.md | 11 ++++++++++ .../feature-gates/dynamic-kubelet-config.md | 16 +++++++++++++++ .../dynamic-provisioning-scheduling.md | 10 ++++++++++ .../dynamic-resource-allocation.md | 5 +++++ .../dynamic-volume-provisioning.md | 12 +++++++++++ .../efficient-watch-resumption.md | 13 ++++++++++++ .../feature-gates/elastic-indexed-job.md | 5 +++++ .../enable-aggregated-discovery-timeout.md | 9 +++++++++ .../enable-equivalence-class-cache.md | 11 ++++++++++ .../feature-gates/endpoint-slice-node-name.md | 12 +++++++++++ .../feature-gates/endpoint-slice-proxying.md | 16 +++++++++++++++ .../endpoint-slice-terminating-condition.md | 16 +++++++++++++++ .../feature-gates/endpoint-slice.md | 20 +++++++++++++++++++ .../feature-gates/ephemeral-containers.md | 16 +++++++++++++++ .../feature-gates/even-pods-spread.md | 16 +++++++++++++++ .../feature-gates/evented-pleg.md | 9 +++++++++ .../feature-gates/exec-probe-timeout.md | 5 +++++ .../feature-gates/expand-csi-volumes.md | 16 +++++++++++++++ .../expand-in-use-persistent-volumes.md | 16 +++++++++++++++ .../expand-persistent-volumes.md | 16 +++++++++++++++ .../feature-gates/expanded-dns-config.md | 13 ++++++++++++ .../experimental-critical-pod-annotation.md | 12 +++++++++++ ...rimental-host-user-namespace-defaulting.md | 9 +++++++++ .../external-policy-for-external-ip.md | 8 ++++++++ .../gce-regional-persistent-disk.md | 12 +++++++++++ .../feature-gates/generic-ephemeral-volume.md | 16 +++++++++++++++ ...ful-node-shutdown-based-on-pod-priority.md | 9 +++++++++ .../feature-gates/graceful-node-shutdown.md | 9 +++++++++ .../feature-gates/grpc-container-probe.md | 16 +++++++++++++++ .../feature-gates/honor-pv-reclaim-policy.md | 5 +++++ .../feature-gates/hpa-container-metrics.md | 9 +++++++++ .../feature-gates/hpa-scale-to-zero.md | 5 +++++ .../huge-page-storage-medium-size.md | 16 +++++++++++++++ .../feature-gates/huge-pages.md | 16 +++++++++++++++ .../feature-gates/hyper-v-container.md | 12 +++++++++++ .../feature-gates/identify-pod-os.md | 16 +++++++++++++++ .../feature-gates/image-maximum-gc-age.md | 5 +++++ .../immutable-ephemeral-volumes.md | 16 +++++++++++++++ .../in-place-pod-vertical-scaling.md | 5 +++++ .../in-tree-plugin-aws-unregister.md | 5 +++++ .../in-tree-plugin-azure-disk-unregister.md | 5 +++++ .../in-tree-plugin-azure-file-unregister.md | 5 +++++ .../in-tree-plugin-gce-unregister.md | 5 +++++ .../in-tree-plugin-openstack-unregister.md | 5 +++++ .../in-tree-plugin-portworx-unregister.md | 5 +++++ .../in-tree-plugin-rbd-unregister.md | 9 +++++++++ .../in-tree-plugin-vsphere-unregister.md | 5 +++++ .../feature-gates/indexed-job.md | 16 +++++++++++++++ .../ingress-class-namespaced-params.md | 16 +++++++++++++++ .../feature-gates/initializers.md | 11 ++++++++++ .../ip-tables-ownership-cleanup.md | 13 ++++++++++++ .../feature-gates/ipv6-dual-stack.md | 16 +++++++++++++++ .../job-backoff-limit-per-index.md | 9 +++++++++ .../job-mutable-node-scheduling-directives.md | 12 +++++++++++ .../feature-gates/job-pod-failure-policy.md | 9 +++++++++ .../job-pod-replacement-policy.md | 9 +++++++++ .../feature-gates/job-ready-pods.md | 13 ++++++++++++ .../job-tracking-with-finalizers.md | 20 +++++++++++++++++++ .../feature-gates/kmsv1.md | 10 ++++++++++ .../feature-gates/kmsv2-kdf.md | 9 +++++++++ .../feature-gates/kmsv2.md | 13 ++++++++++++ .../kube-proxy-draining-terminating-nodes.md | 5 +++++ .../kubelet-cgroup-driver-from-cri.md | 5 +++++ .../feature-gates/kubelet-config-file.md | 11 ++++++++++ .../kubelet-credential-providers.md | 16 +++++++++++++++ .../kubelet-in-user-namespace.md | 5 +++++ .../feature-gates/kubelet-plugins-watcher.md | 16 +++++++++++++++ ...ubelet-pod-resources-dynamice-resources.md | 5 +++++ .../kubelet-pod-resources-get-allocatable.md | 13 ++++++++++++ .../kubelet-pod-resources-get.md | 5 +++++ .../feature-gates/kubelet-pod-resources.md | 13 ++++++++++++ .../feature-gates/kubelet-separate-disk-gc.md | 5 +++++ .../feature-gates/kubelet-tracing.md | 9 +++++++++ .../legacy-node-role-behavior.md | 16 +++++++++++++++ .../legacy-service-account-token-clean-up.md | 9 +++++++++ ...ervice-account-token-no-auto-generation.md | 12 +++++++++++ .../legacy-service-account-token-tracking.md | 14 +++++++++++++ .../feature-gates/load-balancer-ip-mode.md | 5 +++++ ...-capacity-isolation-fs-quota-monitoring.md | 5 +++++ .../local-storage-capacity-isolation.md | 16 +++++++++++++++ .../feature-gates/logarithmic-scale-down.md | 9 +++++++++ .../feature-gates/logging-alpha-options.md | 5 +++++ .../feature-gates/logging-beta-options.md | 5 +++++ .../match-label-keys-in-pod-affinity.md | 5 +++++ ...match-label-keys-in-pod-topology-spread.md | 9 +++++++++ .../max-unavailable-stateful-set.md | 5 +++++ .../feature-gates/memory-manager.md | 9 +++++++++ .../feature-gates/memory-qos.md | 5 +++++ .../min-domains-in-pod-topology-spread.md | 13 ++++++++++++ .../minimize-ip-tables-restore.md | 13 ++++++++++++ .../mixed-protocol-lb-service.md | 16 +++++++++++++++ .../feature-gates/mount-containers.md | 12 +++++++++++ .../feature-gates/mount-propagation.md | 16 +++++++++++++++ .../multi-cidr-range-allocator.md | 8 ++++++++ .../multi-cidr-service-allocator.md | 5 +++++ .../namespace-default-label-name.md | 12 +++++++++++ .../feature-gates/network-policy-end-port.md | 16 +++++++++++++++ .../feature-gates/network-policy-status.md | 8 ++++++++ .../new-volume-manager-reconstruction.md | 9 +++++++++ .../feature-gates/nftables-proxy-mode.md | 5 +++++ .../node-disruption-exclusion.md | 16 +++++++++++++++ ...inclusion-policy-in-pod-topology-spread.md | 9 +++++++++ .../feature-gates/node-lease.md | 16 +++++++++++++++ .../feature-gates/node-log-query.md | 5 +++++ .../node-out-of-service-volume-detach.md | 13 ++++++++++++ .../feature-gates/node-swap.md | 9 +++++++++ .../feature-gates/non-preempting-priority.md | 16 +++++++++++++++ .../feature-gates/openapi-enums.md | 9 +++++++++ .../feature-gates/openapiv3.md | 15 ++++++++++++++ .../pdb-unhealthy-pod-eviction-policy.md | 9 +++++++++ .../feature-gates/persistent-local-volumes.md | 16 +++++++++++++++ ...stent-volume-last-phase-transition-time.md | 9 +++++++++ .../pod-affinity-namespace-selector.md | 16 +++++++++++++++ .../pod-and-container-stats-from-cri.md | 5 +++++ .../feature-gates/pod-deletion-cost.md | 9 +++++++++ .../feature-gates/pod-disruption-budget.md | 16 +++++++++++++++ .../pod-disruption-conditions.md | 9 +++++++++ .../pod-has-network-condition.md | 8 ++++++++ .../feature-gates/pod-host-ips.md | 9 +++++++++ .../feature-gates/pod-index-label.md | 5 +++++ .../pod-lifecycle-sleep-action.md | 5 +++++ .../feature-gates/pod-overhead.md | 16 +++++++++++++++ .../feature-gates/pod-priority.md | 16 +++++++++++++++ .../feature-gates/pod-readiness-gates.md | 16 +++++++++++++++ .../pod-ready-to-start-containers.md | 9 +++++++++ .../feature-gates/pod-scheduling-readiness.md | 9 +++++++++ .../feature-gates/pod-security.md | 16 +++++++++++++++ .../pod-share-process-namespace.md | 16 +++++++++++++++ .../feature-gates/prefer-nominated-node.md | 16 +++++++++++++++ .../probe-termination-grace-period.md | 20 +++++++++++++++++++ .../feature-gates/proc-mount-type.md | 5 +++++ .../proxy-terminating-endpoints.md | 13 ++++++++++++ .../feature-gates/pvc-protection.md | 11 ++++++++++ .../feature-gates/qos-reserved.md | 5 +++++ .../feature-gates/read-write-once-pod.md | 13 ++++++++++++ .../recover-volume-expansion-failure.md | 5 +++++ .../feature-gates/remaining-item-count.md | 13 ++++++++++++ .../feature-gates/remove-self-link.md | 13 ++++++++++++ .../feature-gates/request-management.md | 11 ++++++++++ .../resource-limits-priority-function.md | 11 ++++++++++ .../resource-quota-scope-selectors.md | 16 +++++++++++++++ .../retroactive-default-storage-class.md | 16 +++++++++++++++ .../feature-gates/root-ca-config-map.md | 16 +++++++++++++++ .../rotate-kubelet-client-certificate.md | 12 +++++++++++ .../rotate-kubelet-server-certificate.md | 9 +++++++++ .../feature-gates/run-as-group.md | 12 +++++++++++ .../runtime-class-in-image-cri-api.md | 5 +++++ .../feature-gates/runtime-class.md | 16 +++++++++++++++ .../feature-gates/schedule-daemon-set-pods.md | 16 +++++++++++++++ .../feature-gates/scheduler-queueing-hints.md | 9 +++++++++ .../feature-gates/sctp-support.md | 16 +++++++++++++++ .../feature-gates/seccomp-default.md | 16 +++++++++++++++ .../feature-gates/security-context-deny.md | 5 +++++ .../feature-gates/selector-index.md | 16 +++++++++++++++ .../selinux-mount-read-write-once-pod.md | 13 ++++++++++++ .../separate-taint-eviction-controller.md | 5 +++++ .../feature-gates/server-side-apply.md | 13 ++++++++++++ .../server-side-field-validation.md | 13 ++++++++++++ .../service-account-issuer-discovery.md | 16 +++++++++++++++ .../service-account-token-jti.md | 5 +++++ ...e-account-token-node-binding-validation.md | 5 +++++ .../service-account-token-node-binding.md | 5 +++++ .../service-account-token-pod-node-info.md | 5 +++++ .../feature-gates/service-app-protocol.md | 16 +++++++++++++++ .../service-internal-traffic-policy.md | 16 +++++++++++++++ .../service-ip-static-subrange.md | 16 +++++++++++++++ .../service-lb-node-port-control.md | 16 +++++++++++++++ .../service-load-balancer-class.md | 16 +++++++++++++++ .../service-load-balancer-finalizer.md | 16 +++++++++++++++ .../feature-gates/service-node-exclusion.md | 16 +++++++++++++++ .../service-nodeport-static-subrange.md | 13 ++++++++++++ .../feature-gates/service-topology.md | 12 +++++++++++ .../feature-gates/set-hostname-as-fqdn.md | 16 +++++++++++++++ .../feature-gates/sidecar-containers.md | 9 +++++++++ .../size-memory-backed-volumes.md | 9 +++++++++ .../skip-read-only-validation-gce.md | 9 +++++++++ .../stable-load-balancer-node-set.md | 5 +++++ .../feature-gates/startup-probe.md | 16 +++++++++++++++ .../stateful-set-auto-delete-pvc.md | 9 +++++++++ .../stateful-set-min-ready-seconds.md | 16 +++++++++++++++ .../stateful-set-start-ordinal.md | 9 +++++++++ .../storage-object-in-use-protection.md | 12 +++++++++++ .../feature-gates/storage-version-api.md | 5 +++++ .../feature-gates/storage-version-hash.md | 9 +++++++++ .../streaming-proxy-redirects.md | 20 +++++++++++++++++++ ...structured-authentication-configuration.md | 5 +++++ .../structured-authorization-configuration.md | 5 +++++ .../feature-gates/support-ipvs-proxy-mode.md | 20 +++++++++++++++++++ .../feature-gates/support-node-pids-limit.md | 16 +++++++++++++++ .../feature-gates/support-pod-pids-limit.md | 16 +++++++++++++++ .../feature-gates/suspend-job.md | 16 +++++++++++++++ .../feature-gates/sysctls.md | 12 +++++++++++ .../feature-gates/taint-based-evictions.md | 16 +++++++++++++++ .../feature-gates/taint-nodes-by-condition.md | 16 +++++++++++++++ .../feature-gates/token-request-projection.md | 16 +++++++++++++++ .../feature-gates/token-request.md | 16 +++++++++++++++ .../feature-gates/topology-aware-hints.md | 13 ++++++++++++ .../topology-manager-policy-alpha-options.md | 5 +++++ .../topology-manager-policy-beta-options.md | 9 +++++++++ .../topology-manager-policy-options.md | 9 +++++++++ .../feature-gates/topology-manager.md | 16 +++++++++++++++ ...anslate-stream-close-websocket-requests.md | 5 +++++ .../feature-gates/ttl-after-finished.md | 16 +++++++++++++++ .../unauthenticated-http2-dos-mitigation.md | 9 +++++++++ .../unknown-version-interoperability-proxy.md | 5 +++++ .../user-namespaces-pod-security-standards.md | 5 +++++ .../user-namespaces-stateless-pods-support.md | 8 ++++++++ .../feature-gates/user-namespaces-support.md | 5 +++++ .../feature-gates/validate-proxy-redirects.md | 16 +++++++++++++++ .../validating-admission-policy.md | 9 +++++++++ .../feature-gates/volume-attributes-class.md | 5 +++++ .../feature-gates/volume-capacity-priority.md | 5 +++++ .../feature-gates/volume-pvc-data-source.md | 16 +++++++++++++++ .../feature-gates/volume-scheduling.md | 16 +++++++++++++++ .../volume-snapshot-data-source.md | 16 +++++++++++++++ .../volume-subpath-env-expansion.md | 16 +++++++++++++++ .../feature-gates/volume-subpath.md | 8 ++++++++ .../feature-gates/warning-headers.md | 12 +++++++++++ .../feature-gates/watch-bookmark.md | 13 ++++++++++++ .../feature-gates/watch-list.md | 5 +++++ .../feature-gates/win-dsr.md | 5 +++++ .../feature-gates/win-overlay.md | 9 +++++++++ .../windows-endpoint-slice-proxying.md | 16 +++++++++++++++ .../feature-gates/windows-gmsa.md | 16 +++++++++++++++ .../feature-gates/windows-host-network.md | 5 +++++ .../windows-host-process-containers.md | 16 +++++++++++++++ .../feature-gates/windows-run-as-user-name.md | 16 +++++++++++++++ ...zero-limited-nominal-concurrency-shares.md | 5 +++++ 315 files changed, 3576 insertions(+) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/accelerators.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/accelerators.md index 99e64dc464bd9..cc67679676bfd 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/accelerators.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/accelerators.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.6" + toVersion: "1.10" + - stage: deprecated + fromVersion: "1.11" + toVersion: "1.11" + +removed: true --- Provided an early form of plugin to enable Nvidia GPU support when using Docker Engine; no longer available. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/admission-webhook-match-conditions.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/admission-webhook-match-conditions.md index 26e50d79cfdb0..f213c21af4568 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/admission-webhook-match-conditions.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/admission-webhook-match-conditions.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" --- Enable [match conditions](/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchconditions) on mutating & validating admission webhooks. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/advanced-auditing.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/advanced-auditing.md index a483990e6be48..6706eac25085f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/advanced-auditing.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/advanced-auditing.md @@ -4,5 +4,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.7" + toVersion: "1.7" + - stage: beta + defaultValue: true + fromVersion: "1.8" + toVersion: "1.11" + - stage: stable + defaultValue: true + fromVersion: "1.12" + toVersion: "1.27" + +removed: true --- Enable [advanced auditing](/docs/tasks/debug/debug-cluster/audit/#advanced-audit) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/affinity-in-annotations.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/affinity-in-annotations.md index 712bac66296e6..1e0e0835c237e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/affinity-in-annotations.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/affinity-in-annotations.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.6" + toVersion: "1.7" + - stage: deprecated + fromVersion: "1.8" + toVersion: "1.8" + +removed: true --- Enable setting [Pod affinity or anti-affinity](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/aggregated-discovery-endpoint.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/aggregated-discovery-endpoint.md index 9b01ba25103d5..1b82dec7618e3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/aggregated-discovery-endpoint.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/aggregated-discovery-endpoint.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enable a single HTTP endpoint `/discovery/` which supports native HTTP caching with ETags containing all APIResources known to the API server. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-ext-traffic-local-endpoints.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-ext-traffic-local-endpoints.md index 22e1a731cb172..abb1d75aa1f6b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-ext-traffic-local-endpoints.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-ext-traffic-local-endpoints.md @@ -6,5 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.4" + toVersion: "1.6" + - stage: stable + defaultValue: true + fromVersion: "1.7" + toVersion: "1.9" + +removed: true --- Enable a service to route external requests to node local endpoints. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-insecure-backend-proxy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-insecure-backend-proxy.md index df3bc91001c19..66d9e6be3dfd9 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-insecure-backend-proxy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-insecure-backend-proxy.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.17" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.25" + +removed: true --- Enable the users to skip TLS verification of kubelets on Pod log requests. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-service-lb-status-on-non-lb.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-service-lb-status-on-non-lb.md index 2f76145a25042..da1e64bdf5ee4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-service-lb-status-on-non-lb.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/allow-service-lb-status-on-non-lb.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: deprecated + defaultValue: false + fromVersion: "1.29" --- Enables `.status.ingress.loadBalancer` to be set on Services of types other than `LoadBalancer`. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/any-volume-data-source.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/any-volume-data-source.md index 6ccfbd121f1ae..4fdef63d25217 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/any-volume-data-source.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/any-volume-data-source.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" --- Enable use of any custom resource as the `DataSource` of a {{< glossary_tooltip text="PVC" term_id="persistent-volume-claim" >}}. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-list-chunking.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-list-chunking.md index f0883ad53e506..0a1e5c748b6fe 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-list-chunking.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-list-chunking.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.8" + - stage: beta + defaultValue: true + fromVersion: "1.9" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enable the API clients to retrieve (`LIST` or `GET`) resources from API server in chunks. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-priority-and-fairness.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-priority-and-fairness.md index 1585d0561f06f..0c5f79a9c62a1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-priority-and-fairness.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-priority-and-fairness.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enable managing request concurrency with prioritization and fairness at each server. (Renamed from `RequestManagement`) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-response-compression.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-response-compression.md index b106d6bcaad33..e197d69627372 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-response-compression.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-response-compression.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: "alpha" + defaultValue: false + fromVersion: "1.7" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" --- Compress the API responses for `LIST` or `GET` requests. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md index 98de6394b3efb..fd65f9919f866 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- Activate the `SelfSubjectReview` API which allows users to see the requesting subject's authentication information. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-identity.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-identity.md index d232b7456d9af..9c3829281d3b3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-identity.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-identity.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" --- Assign each API server an ID in a cluster, using a [Lease](/docs/concepts/architecture/leases). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-tracing.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-tracing.md index c532d60d167f9..b330d851454f9 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-tracing.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-server-tracing.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Add support for distributed tracing in the API server. See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/system-traces) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/apparmor.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/apparmor.md index b6abcab362e97..005105630bf0e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/apparmor.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/apparmor.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.4" --- Enable use of AppArmor mandatory access control for Pods running on Linux nodes. See [AppArmor Tutorial](/docs/tutorials/security/apparmor/) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/attach-volume-limit.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/attach-volume-limit.md index c2a84d7ac619a..6593e54393856 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/attach-volume-limit.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/attach-volume-limit.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.21" + +removed: true --- Enable volume plugins to report limits on number of volumes that can be attached to a node. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/balance-attached-node-volumes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/balance-attached-node-volumes.md index 00644f7ff7b05..8701aa402f664 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/balance-attached-node-volumes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/balance-attached-node-volumes.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.21" + - stage: deprecated + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + +removed: true --- Include volume count on node to be considered for balanced resource allocation while scheduling. A node which has closer CPU, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/block-volume.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/block-volume.md index d4a49752edab3..2a681f7a9df64 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/block-volume.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/block-volume.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.12" + - stage: beta + defaultValue: true + fromVersion: "1.13" + toVersion: "1.17" + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.21" + +removed: true --- Enable the definition and consumption of raw block devices in Pods. See [Raw Block Volume Support](/docs/concepts/storage/persistent-volumes/#raw-block-volume-support) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/bound-service-account-token-volume.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/bound-service-account-token-volume.md index 0c5a322c31a2e..e1f78c4ac945e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/bound-service-account-token-volume.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/bound-service-account-token-volume.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.13" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + +removed: true --- Migrate ServiceAccount volumes to use a projected volume consisting of a ServiceAccountTokenVolumeProjection. Cluster admins can use metric diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md index efc3253049ddd..67fc4f21f38ec 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Enable webhooks in cloud controller manager. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-dual-stack-node-ips.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-dual-stack-node-ips.md index 648cc8cb7a4b6..4a850e6135557 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-dual-stack-node-ips.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cloud-dual-stack-node-ips.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Enables dual-stack `kubelet --node-ip` with external cloud providers. See [Configure IPv4/IPv6 dual-stack](/docs/concepts/services-networking/dual-stack/#configure-ipv4-ipv6-dual-stack) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle-projection.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle-projection.md index 12d4e0104fd37..bbc8ab4ef7815 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle-projection.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle-projection.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- [`clusterTrustBundle` projected volume sources](/docs/concepts/storage/projected-volumes#clustertrustbundle). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle.md index 1a0453a20a0cc..8874d81b4c9f8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cluster-trust-bundle.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Enable ClusterTrustBundle objects and kubelet integration. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/component-slis.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/component-slis.md index ea98167a6e247..b1b899a8620e0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/component-slis.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/component-slis.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enable the `/metrics/slis` endpoint on Kubernetes components like kubelet, kube-scheduler, kube-proxy, kube-controller-manager, cloud-controller-manager diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/configurable-fs-group-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/configurable-fs-group-policy.md index ace47535d09ac..4f29f35c55e19 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/configurable-fs-group-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/configurable-fs-group-policy.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.22" + - stage: stable + defaultValue: true + fromVersion: "1.23" + toVersion: "1.25" + +removed: true --- Allows user to configure volume permission change policy for fsGroups when mounting a volume in a Pod. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-http-get-handlers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-http-get-handlers.md index 9a686ab91a40a..702bebe15e999 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-http-get-handlers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-http-get-handlers.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: stable + defaultValue: true + fromVersion: "1.25" --- Normalize HTTP get URL and Header passing for lifecycle handlers with probers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-list-from-cache.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-list-from-cache.md index 8007517673f4a..d08f57ee91bb9 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-list-from-cache.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/consistent-list-from-cache.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" --- Allow the API server to serve consistent lists from cache. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/container-checkpoint.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/container-checkpoint.md index 834598e163c29..93327426749fb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/container-checkpoint.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/container-checkpoint.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" --- Enables the kubelet `checkpoint` API. See [Kubelet Checkpoint API](/docs/reference/node/kubelet-checkpoint-api/) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/contextual-logging.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/contextual-logging.md index a36db7b0f1d0d..9ae5102d64a3e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/contextual-logging.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/contextual-logging.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" --- When you enable this feature gate, Kubernetes components that support contextual logging add extra detail to log output. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/controller-manager-leader-migration.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/controller-manager-leader-migration.md index 3426337645ed4..c8719996b3e50 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/controller-manager-leader-migration.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/controller-manager-leader-migration.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true --- Enables Leader Migration for [kube-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) and diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-alpha-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-alpha-options.md index a25106775540a..42db64a02c75f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-alpha-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-alpha-options.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" --- This allows fine-tuning of CPUManager policies, experimental, Alpha-quality options diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-beta-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-beta-options.md index e930cd701044b..81f6f12decf3b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-beta-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-beta-options.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.23" --- This allows fine-tuning of CPUManager policies, experimental, Beta-quality options diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-options.md index 9875b4ecd1594..a8aa227f3a2b7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager-policy-options.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" --- Allow fine-tuning of CPUManager policies. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager.md index 732898d0af3e2..47cf7666028a2 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cpu-manager.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" --- Enable container level CPU affinity support, see [CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/crd-validation-ratcheting.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/crd-validation-ratcheting.md index f0906090bcbd5..165c3f1b5c35f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/crd-validation-ratcheting.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/crd-validation-ratcheting.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" --- Enable updates to custom resources to contain violations of their OpenAPI schema if the offending portions of the resource diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cri-container-log-rotation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cri-container-log-rotation.md index 46c954e7fbc8c..259126ab20a8a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cri-container-log-rotation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cri-container-log-rotation.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.10" + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true --- Enable container log rotation for CRI container runtime. The default max size of a log file is 10MB and the default max number of diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-controller-v2.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-controller-v2.md index 9136202d5970d..10786c31850bb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-controller-v2.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-controller-v2.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + +removed: true --- Use an alternative implementation of the {{< glossary_tooltip text="CronJob" term_id="cronjob" >}} controller. Otherwise, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-time-zone.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-time-zone.md index 523b96bd87c9a..940b1cddafb0b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-time-zone.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-job-time-zone.md @@ -4,5 +4,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true --- Allow the use of the `timeZone` optional field in [CronJobs](/docs/concepts/workloads/controllers/cron-jobs/) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-jobs-scheduled-annotation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-jobs-scheduled-annotation.md index 0f07c62d0776c..db6c450923338 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-jobs-scheduled-annotation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cron-jobs-scheduled-annotation.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.28" --- Set the scheduled job time as an {{< glossary_tooltip text="annotation" term_id="annotation" >}} on Jobs that were created diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/cross-namespace-volume-data-source.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/cross-namespace-volume-data-source.md index fc871f5b49c0d..c929b53999b40 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/cross-namespace-volume-data-source.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/cross-namespace-volume-data-source.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" --- Enable the usage of cross namespace volume data source to allow you to specify a source namespace in the `dataSourceRef` field of a diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-block-volume.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-block-volume.md index 5ba4b057fabf5..00c33d98c33b6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-block-volume.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-block-volume.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.17" + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.21" + +removed: true --- Enable external CSI volume drivers to support block storage. See [`csi` raw block volume support](/docs/concepts/storage/volumes/#csi-raw-block-volume-support) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-driver-registry.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-driver-registry.md index 8f05346580d12..c3324c1915e95 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-driver-registry.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-driver-registry.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.17" + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.21" + +removed: true --- Enable all logic related to the CSIDriver API object in `csi.storage.k8s.io`. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-inline-volume.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-inline-volume.md index 64dcdc3a9412e..051febf343c56 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-inline-volume.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-inline-volume.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Enable CSI Inline volumes support for pods. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws-complete.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws-complete.md index 59ca910f6c5e7..0518aa4350c5e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws-complete.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws-complete.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.17" + toVersion: "1.20" + - stage: deprecated + fromVersion: "1.21" + toVersion: "1.21" + +removed: true --- Stops registering the EBS in-tree plugin in kubelet and volume controllers and enables shims and translation logic to diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws.md index 2659f5764032c..98e30544a99c5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-aws.md @@ -6,6 +6,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.16" + - stage: beta + defaultValue: false + fromVersion: "1.17" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Enables shims and translation logic to route volume operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Supports diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk-complete.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk-complete.md index a9d653dedd1a0..a092e343e9099 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk-complete.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk-complete.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.17" + toVersion: "1.20" + - stage: deprecated + fromVersion: "1.21" + toVersion: "1.21" + +removed: true --- Stops registering the Azure-Disk in-tree plugin in kubelet and volume controllers and enables shims and translation diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk.md index 100683eb5627a..7aa2578de8e6d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-disk.md @@ -6,6 +6,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.18" + - stage: beta + defaultValue: false + fromVersion: "1.19" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true --- Enables shims and translation logic to route volume operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file-complete.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file-complete.md index 83ee952f9a7e8..6c76ec3561b6e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file-complete.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file-complete.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.17" + toVersion: "1.20" + - stage: deprecated + fromVersion: "1.21" + toVersion: "1.21" + +removed: true --- Stops registering the Azure-File in-tree plugin in kubelet and volume controllers and enables shims and translation diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md index b9d3405d4827b..0b7b4550600e8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md @@ -4,6 +4,23 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.20" + - stage: beta + defaultValue: false + fromVersion: "1.21" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" --- Enables shims and translation logic to route volume operations from the Azure-File in-tree plugin to AzureFile CSI plugin. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce-complete.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce-complete.md index fda56a6cd0f57..a27894b352a83 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce-complete.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce-complete.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.17" + toVersion: "1.20" + - stage: deprecated + fromVersion: "1.21" + toVersion: "1.21" + +removed: true --- Stops registering the GCE-PD in-tree plugin in kubelet and volume controllers and enables shims and translation logic to diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce.md index e28c626b6e998..e509cbfe9a371 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-gce.md @@ -4,6 +4,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.16" + - stage: beta + defaultValue: false + fromVersion: "1.17" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.27" + +removed: true --- Enables shims and translation logic to route volume operations from the GCE-PD in-tree plugin to PD CSI plugin. Supports falling diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack-complete.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack-complete.md index 530a5386d72d2..aa5c81efa14a1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack-complete.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack-complete.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.17" + toVersion: "1.20" + - stage: deprecated + fromVersion: "1.21" + toVersion: "1.21" + +removed: true --- Stops registering the Cinder in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack.md index 224d719357808..f29233d5c4155 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-open-stack.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enables shims and translation logic to route volume operations from the Cinder in-tree plugin to Cinder CSI plugin. Supports diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-portworx.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-portworx.md index 92739e96afc45..a74beba473fa4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-portworx.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-portworx.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.24" + - stage: beta + defaultValue: false + fromVersion: "1.25" --- Enables shims and translation logic to route volume operations from the Portworx in-tree plugin to Portworx CSI plugin. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-rbd.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-rbd.md index f086872827832..a416c67c1e26e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-rbd.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-rbd.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.27" + - stage: deprecated + defaultValue: false + fromVersion: "1.28" --- Enables shims and translation logic to route volume operations from the RBD in-tree plugin to Ceph RBD CSI plugin. Requires diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration.md index 6bb8b797d13e7..f530b53e2f4ed 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.16" + - stage: beta + defaultValue: true + fromVersion: "1.17" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Enables shims and translation logic to route volume operations from in-tree plugins to corresponding pre-installed CSI plugins diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere-complete.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere-complete.md index 632066594db60..79bc2d2a5cb2a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere-complete.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere-complete.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.19" + toVersion: "1.21" + - stage: deprecated + fromVersion: "1.22" + toVersion: "1.22" + +removed: true --- Stops registering the vSphere in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere.md index 630217b89a78f..5a33231ae39c6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migrationv-sphere.md @@ -4,6 +4,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: false + fromVersion: "1.19" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.28" + +removed: true --- Enables shims and translation logic to route volume operations from the vSphere in-tree plugin to vSphere CSI plugin. Supports falling back diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-expand-secret.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-expand-secret.md index 31c55b4a3d7bd..f1d22919158d2 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-expand-secret.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-expand-secret.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enable passing secret authentication data to a CSI driver for use during a `NodeExpandVolume` CSI operation. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-info.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-info.md index 1c9665da135b7..1111ed582e7f4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-info.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-node-info.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.22" + +removed: true --- Enable all logic related to the CSINodeInfo API object in `csi.storage.k8s.io`. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-persistent-volume.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-persistent-volume.md index 2b1a6f3feb520..96ef84062e965 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-persistent-volume.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-persistent-volume.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.12" + - stage: stable + defaultValue: true + fromVersion: "1.13" + toVersion: "1.16" + +removed: true --- Enable discovering and mounting volumes provisioned through a [CSI (Container Storage Interface)](https://git.k8s.io/design-proposals-archive/storage/container-storage-interface.md) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-service-account-token.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-service-account-token.md index fc9118df0ad65..fb6a2a2771eb8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-service-account-token.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-service-account-token.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- Enable CSI drivers to receive the pods' service account token that they mount volumes for. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-storage-capacity.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-storage-capacity.md index f979e042866cf..46a50b7167b21 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-storage-capacity.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-storage-capacity.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.27" + +removed: true --- Enables CSI drivers to publish storage capacity information and the Kubernetes scheduler to use that information when scheduling pods. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-fs-group-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-fs-group-policy.md index 0d044f11e7345..5b5bad0e6a608 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-fs-group-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-fs-group-policy.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.22" + - stage: stable + defaultValue: true + fromVersion: "1.23" + toVersion: "1.25" + +removed: true --- Allows CSIDrivers to use the `fsGroupPolicy` field. This field controls whether volumes created by a CSIDriver support volume ownership diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-health.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-health.md index 3ba35cc866685..6f0213b42adc1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-health.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-volume-health.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Enable support for CSI volume health monitoring on node. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csr-duration.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csr-duration.md index 1788e2bb21615..a204817a59bb7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csr-duration.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csr-duration.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Allows clients to request a duration for certificates issued via the Kubernetes CSR API. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-cpu-cfs-quota-period.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-cpu-cfs-quota-period.md index 5860d7f0d927a..5fbfc456d00e4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-cpu-cfs-quota-period.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-cpu-cfs-quota-period.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" --- Enable nodes to change `cpuCFSQuotaPeriod` in [kubelet config](/docs/tasks/administer-cluster/kubelet-config-file/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-pod-dns.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-pod-dns.md index e02d8b22950c2..407bde6ee9092 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-pod-dns.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-pod-dns.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + +removed: true --- Enable customizing the DNS settings for a Pod using its `dnsConfig` property. Check [Pod's DNS Config](/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-defaulting.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-defaulting.md index 072f55e72f6b7..dfe1ab0f320cb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-defaulting.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-defaulting.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.18" + +removed: true --- Enable CRD support for default values in OpenAPI v3 validation schemas. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-publish-open-api.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-publish-open-api.md index 8b00ad4e40fa8..59b7266f1306a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-publish-open-api.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-publish-open-api.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.15" + - stage: stable + defaultValue: true + fromVersion: "1.16" + toVersion: "1.18" + +removed: true --- Enables publishing of CRD OpenAPI specs. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-subresources.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-subresources.md index 2823a82a3ed17..5759491532662 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-subresources.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-subresources.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.10" + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.15" + - stage: stable + defaultValue: true + fromVersion: "1.16" + toVersion: "1.18" + +removed: true --- Enable `/status` and `/scale` subresources on resources created from [CustomResourceDefinition](/docs/concepts/extend-kubernetes/api-extension/custom-resources/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation-expressions.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation-expressions.md index ca1dee7c2869a..a7546388c932a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation-expressions.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation-expressions.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enable expression language validation in CRD which will validate customer resource based on validation rules written in diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation.md index fa155be0af7c3..71aebe23047c7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-validation.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.8" + - stage: beta + defaultValue: true + fromVersion: "1.9" + toVersion: "1.15" + - stage: stable + defaultValue: true + fromVersion: "1.16" + toVersion: "1.18" + +removed: true --- Enable schema based validation on resources created from [CustomResourceDefinition](/docs/concepts/extend-kubernetes/api-extension/custom-resources/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-webhook-conversion.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-webhook-conversion.md index d142e85cd789b..7cfae0fed5c86 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-webhook-conversion.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/custom-resource-webhook-conversion.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.13" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.15" + - stage: stable + defaultValue: true + fromVersion: "1.16" + toVersion: "1.18" + +removed: true --- Enable webhook-based conversion on resources created from [CustomResourceDefinition](/docs/concepts/extend-kubernetes/api-extension/custom-resources/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md index 0e5f8be42ae04..1a6316240922a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md @@ -5,6 +5,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.28" + +removed: true --- Enables the DaemonSet workloads to maintain availability during update per node. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/default-host-network-ports-in-pod-templates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/default-host-network-ports-in-pod-templates.md index d2b2395617436..7fb7d0e432768 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/default-host-network-ports-in-pod-templates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/default-host-network-ports-in-pod-templates.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: deprecated + defaultValue: false + fromVersion: "1.28" --- Changes when the default value of `PodSpec.containers[*].ports[*].hostPort` diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/default-pod-topology-spread.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/default-pod-topology-spread.md index f8dd08b72d4cf..db0a5b87907e2 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/default-pod-topology-spread.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/default-pod-topology-spread.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enables the use of `PodTopologySpread` scheduling plugin to do [default spreading](/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/delegate-fs-group-to-csi-driver.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/delegate-fs-group-to-csi-driver.md index 2ddbc1d067cd6..695c40a214f44 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/delegate-fs-group-to-csi-driver.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/delegate-fs-group-to-csi-driver.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true --- If supported by the CSI driver, delegates the role of applying `fsGroup` from a Pod's `securityContext` to the driver by diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugin-cdi-devices.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugin-cdi-devices.md index 3cd9f6ae1600f..4af3ec4c84bae 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugin-cdi-devices.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugin-cdi-devices.md @@ -4,6 +4,16 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" + --- Enable support to CDI device IDs in the [Device Plugin](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/) API. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugins.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugins.md index 81ec3fe2ccf61..19c56fc11add3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugins.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/device-plugins.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true --- Enable the [device-plugins](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/) based resource provisioning on nodes. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-accelerator-usage-metrics.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-accelerator-usage-metrics.md index 75c5ab82854b9..f9fc601706e1f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-accelerator-usage-metrics.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-accelerator-usage-metrics.md @@ -4,5 +4,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.27" + +removed: true --- [Disable accelerator metrics collected by the kubelet](/docs/concepts/cluster-administration/system-metrics/#disable-accelerator-metrics). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-cloud-providers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-cloud-providers.md index fa9336b7aadd4..f8a57c97f7150 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-cloud-providers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-cloud-providers.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Disables any functionality in `kube-apiserver`, `kube-controller-manager` and `kubelet` related to the `--cloud-provider` diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-kubelet-cloud-credential-providers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-kubelet-cloud-credential-providers.md index cbdca7708412b..2d57da9f1b90c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-kubelet-cloud-credential-providers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-kubelet-cloud-credential-providers.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Disable the in-tree functionality in kubelet to authenticate to a cloud provider container registry for image pull credentials. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-node-kube-proxy-version.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-node-kube-proxy-version.md index 849dc08ab8395..e532d107e4d0e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-node-kube-proxy-version.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/disable-node-kube-proxy-version.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Disable setting the `kubeProxyVersion` field of the Node. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/downward-api-huge-pages.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/downward-api-huge-pages.md index 7262abcbbe714..6223adac53348 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/downward-api-huge-pages.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/downward-api-huge-pages.md @@ -4,6 +4,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: beta + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true --- Enables usage of hugepages in [downward API](/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/dry-run.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/dry-run.md index f0c068d08aa31..f175cccecfe60 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/dry-run.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/dry-run.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.12" + - stage: beta + defaultValue: true + fromVersion: "1.13" + toVersion: "1.18" + - stage: stable + defaultValue: true + fromVersion: "1.19" + toVersion: "1.27" + +removed: true --- Enable server-side [dry run](/docs/reference/using-api/api-concepts/#dry-run) requests so that validation, merging, and mutation can be tested without committing. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-auditing.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-auditing.md index d7abbd52123b8..f89e8c416befa 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-auditing.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-auditing.md @@ -6,5 +6,16 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.13" + toVersion: "1.18" + - stage: deprecated + fromVersion: "1.19" + toVersion: "1.19" + +removed: true --- Used to enable dynamic auditing before v1.19. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-kubelet-config.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-kubelet-config.md index 84360ca421c42..6b8a59f203fcd 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-kubelet-config.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-kubelet-config.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.4" + toVersion: "1.10" + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.21" + - stage: deprecated + defaultValue: false + fromVersion: "1.22" + toVersion: "1.25" + +removed: true --- Enable the dynamic configuration of kubelet. The feature is no longer supported outside of supported skew policy. The feature diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-provisioning-scheduling.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-provisioning-scheduling.md index 912036aca1712..f17d0bcf2a9ac 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-provisioning-scheduling.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-provisioning-scheduling.md @@ -6,6 +6,16 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: deprecated + fromVersion: "1.12" + +removed: true --- Extend the default scheduler to be aware of volume topology and handle PV provisioning. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-resource-allocation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-resource-allocation.md index 3510967e12e26..d0e3d0ea0630b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-resource-allocation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-resource-allocation.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" --- Enables support for resources with custom parameters and a lifecycle that is independent of a Pod. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-volume-provisioning.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-volume-provisioning.md index 196675e4f8bd0..0c7df38408d75 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-volume-provisioning.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/dynamic-volume-provisioning.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: true + fromVersion: "1.3" + toVersion: "1.7" + - stage: stable + defaultValue: true + fromVersion: "1.8" + toVersion: "1.12" + +removed: true --- Enable the [dynamic provisioning](/docs/concepts/storage/dynamic-provisioning/) of persistent volumes to Pods. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md index ec6f524e84aed..a5b3f837a0428 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" --- Allows for storage-originated bookmark (progress notify) events to be delivered to the users. This is only applied to watch operations. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md index 8370e6fef29a9..b1238b3e99a57 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enables Indexed Jobs to be scaled up or down by mutating both `spec.completions` and `spec.parallelism` together such that `spec.completions == spec.parallelism`. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md index 44453f6d8c7a0..030728843bac4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md @@ -6,6 +6,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: deprecated + defaultValue: true + fromVersion: "1.16" + toVersion: "1.17" + +removed: true + --- Enable the five second timeout on aggregated discovery calls. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md index 87471bc245bb5..31e122e4b3e67 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.12" + - stage: deprecated + fromVersion: "1.13" + toVersion: "1.23" + +removed: true --- Enable the scheduler to cache equivalence of nodes when scheduling Pods. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md index c0433abb9c413..fde4b9d0aae18 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md @@ -6,5 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.24" + +removed: true --- Enables EndpointSlice `nodeName` field. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md index b1f048517b38b..66803c2dad779 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- When enabled, kube-proxy running on Linux will use EndpointSlices as the primary data source instead of diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md index b5c71ac20e642..9ab63778a30ca 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true --- Enables EndpointSlice `terminating` and `serving` condition fields. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md index e912c594afd91..db417431b9a80 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md @@ -6,6 +6,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.16" + - stage: beta + defaultValue: false + fromVersion: "1.17" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.24" + +removed: true --- Enables EndpointSlices for more scalable and extensible network endpoints. See [Enabling EndpointSlices](/docs/concepts/services-networking/endpoint-slices/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md index 03e79e76d362d..e8aaa2fc76513 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Enable the ability to add {{< glossary_tooltip text="ephemeral containers" term_id="ephemeral-container" >}} diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md index 5a0b4a87f22b3..2de1193970d3f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.18" + - stage: stable + defaultValue: true + fromVersion: "1.19" + toVersion: "1.21" + +removed: true --- Enable pods to be scheduled evenly across topology domains. See [Pod Topology Spread Constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md index 01721ccdf12ca..f905dceda6b44 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: false + fromVersion: "1.27" --- Enable support for the kubelet to receive container life cycle events from the {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}} via diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md index a742a10b4ffdf..c7e5e7e4d8312 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: stable + defaultValue: true + fromVersion: "1.20" --- Ensure kubelet respects exec probe timeouts. This feature gate exists in case any of your existing workloads depend on a diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md index 78c9c9ab585f9..b8e694a30d1fe 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true --- Enable the expanding of CSI volumes. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md index 75bc6788b51ed..5a3ae14e8b362 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true --- Enable expanding in-use PVCs. See [Resizing an in-use PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md index 83f5f5a22d178..33e1311f4d986 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.10" + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true --- Enable the expanding of persistent volumes. See [Expanding Persistent Volumes Claims](/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md index 7e1e83f2a6b95..eb2adb3b4d068 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- Enable kubelet and kube-apiserver to allow more DNS search paths and longer list of DNS search paths. This feature requires container diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md index 6d3c4835f44b0..d90351ea06dbf 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.5" + toVersion: "1.12" + - stage: deprecated + defaultValue: false + fromVersion: "1.13" + toVersion: "1.16" + +removed: true --- Enable annotating specific pods as *critical* so that their [scheduling is guaranteed](/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md index 802c59317f7a7..ceab94cb9e1a6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.5" + toVersion: "1.27" + - stage: deprecated + defaultValue: false + fromVersion: "1.28" --- Enabling the defaulting user namespace to host. This is for containers that are using other host namespaces, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md index cfd0fd3ddb5a2..c1752af8815a0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md @@ -6,6 +6,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.22" + +removed: true --- Fix a bug where ExternalTrafficPolicy is not applied to Service ExternalIPs. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/gce-regional-persistent-disk.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/gce-regional-persistent-disk.md index b8738d7232074..f9447c603f738 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/gce-regional-persistent-disk.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/gce-regional-persistent-disk.md @@ -6,5 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.12" + - stage: stable + defaultValue: true + fromVersion: "1.13" + toVersion: "1.16" + +removed: true --- Enable the regional PD feature on GCE. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/generic-ephemeral-volume.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/generic-ephemeral-volume.md index 8fd4f225c7039..99eee9f97d76e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/generic-ephemeral-volume.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/generic-ephemeral-volume.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + - stage: stable + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + +removed: true --- Enables ephemeral, inline volumes that support all features of normal volumes (can be provided by third-party storage vendors, storage capacity tracking, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown-based-on-pod-priority.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown-based-on-pod-priority.md index dead74438a61c..4b63d58871684 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown-based-on-pod-priority.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown-based-on-pod-priority.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" --- Enables the kubelet to check Pod priorities when shutting down a node gracefully. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown.md index ed301a27bb7e5..21f904d742b9e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/graceful-node-shutdown.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" --- Enables support for graceful shutdown in kubelet. During a system shutdown, kubelet will attempt to detect the shutdown event diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/grpc-container-probe.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/grpc-container-probe.md index 6960e40de7cd7..dcc299eff1798 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/grpc-container-probe.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/grpc-container-probe.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true --- Enables the gRPC probe method for {Liveness,Readiness,Startup}Probe. See [Configure Liveness, Readiness and Startup Probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-grpc-liveness-probe). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md index bffd6877df9d2..88d599eca6808 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" --- Honor persistent volume reclaim policy when it is `Delete` irrespective of PV-PVC deletion ordering. For more details, check the diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-container-metrics.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-container-metrics.md index 003a1354b265f..0beb5c474dfdd 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-container-metrics.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-container-metrics.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enable the `HorizontalPodAutoscaler` to scale based on metrics from individual containers in target pods. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-scale-to-zero.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-scale-to-zero.md index 4f200af8eeb3d..3047a243bbe43 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-scale-to-zero.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/hpa-scale-to-zero.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" --- Enables setting `minReplicas` to 0 for `HorizontalPodAutoscaler` resources when using custom or external metrics. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-page-storage-medium-size.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-page-storage-medium-size.md index 0e01d8ca4846e..adef7ded11777 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-page-storage-medium-size.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-page-storage-medium-size.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- Enable support for multiple sizes pre-allocated [huge pages](/docs/tasks/manage-hugepages/scheduling-hugepages/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-pages.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-pages.md index cf8e10bfd4850..f9eefe7ff5ed3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-pages.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/huge-pages.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + +removed: true --- Enable the allocation and consumption of pre-allocated [huge pages](/docs/tasks/manage-hugepages/scheduling-hugepages/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/hyper-v-container.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/hyper-v-container.md index cb768d465b0d3..20f4598b1ea1e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/hyper-v-container.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/hyper-v-container.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.19" + - stage: deprecated + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + +removed: true --- Enable [Hyper-V isolation](https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md index 34a5d9d71f931..91e38d57d785c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Allows the Pod OS field to be specified. This helps in identifying the OS of the pod authoritatively during the API server admission time. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/image-maximum-gc-age.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/image-maximum-gc-age.md index f463f473ee61c..5860765283dbd 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/image-maximum-gc-age.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/image-maximum-gc-age.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enables the kubelet configuration field `imageMaximumGCAge`, allowing an administrator to specify the age after which an image will be garbage collected. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/immutable-ephemeral-volumes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/immutable-ephemeral-volumes.md index ae6a98d2392f2..767da6a36a0f8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/immutable-ephemeral-volumes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/immutable-ephemeral-volumes.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.24" + +removed: true --- Allows for marking individual Secrets and ConfigMaps as immutable for better safety and performance. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-place-pod-vertical-scaling.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-place-pod-vertical-scaling.md index 13ef2960d101f..87e402385f692 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-place-pod-vertical-scaling.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-place-pod-vertical-scaling.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Enables in-place Pod vertical scaling. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md index fd35a7c40d17e..99308e36f5357 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Stops registering the aws-ebs in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-disk-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-disk-unregister.md index 380fe220bd4cc..e408a4a183dd7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-disk-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-disk-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Stops registering the azuredisk in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-file-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-file-unregister.md index b4ae8e593a802..48734f545acd5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-file-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-azure-file-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Stops registering the azurefile in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-gce-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-gce-unregister.md index 229bd7acc567f..358582ffd0351 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-gce-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-gce-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Stops registering the gce-pd in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-openstack-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-openstack-unregister.md index 038112c8ff253..d4c6d008de7bb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-openstack-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-openstack-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Stops registering the OpenStack cinder in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-portworx-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-portworx-unregister.md index 86551fcbe99dc..917f2b1806b73 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-portworx-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-portworx-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" --- Stops registering the Portworx in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-rbd-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-rbd-unregister.md index d53ae0165d40a..0e6a37a350961 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-rbd-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-rbd-unregister.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.27" + - stage: deprecated + defaultValue: false + fromVersion: "1.28" --- Stops registering the RBD in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-vsphere-unregister.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-vsphere-unregister.md index 4e0e5fe2e307c..cd4fde558d59e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-vsphere-unregister.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-vsphere-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Stops registering the vSphere in-tree plugin in kubelet and volume controllers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/indexed-job.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/indexed-job.md index e2d2ed3819a9a..b242c145f9b4a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/indexed-job.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/indexed-job.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Allows the [Job](/docs/concepts/workloads/controllers/job/) controller to manage Pod completions per completion index. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/ingress-class-namespaced-params.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/ingress-class-namespaced-params.md index 8ffb5effcb4b5..93e6d26cfd72e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/ingress-class-namespaced-params.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/ingress-class-namespaced-params.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.22" + - stage: stable + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + +removed: true --- Allow namespace-scoped parameters reference in `IngressClass` resource. This feature adds two fields - `Scope` and `Namespace` diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/initializers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/initializers.md index 0d8bc630c5645..db29be3a7de4e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/initializers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/initializers.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.7" + toVersion: "1.13" + - stage: deprecated + fromVersion: "1.14" + toVersion: "1.14" + +removed: true --- Allow asynchronous coordination of object creation using the Initializers admission plugin. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md index e3975b4e0083a..9144f61e407e7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md @@ -4,5 +4,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- This causes kubelet to no longer create legacy iptables rules. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/ipv6-dual-stack.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/ipv6-dual-stack.md index 98bdbbbeb956e..58c276e53bdbd 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/ipv6-dual-stack.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/ipv6-dual-stack.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + - stage: stable + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + +removed: true --- Enable [dual stack](/docs/concepts/services-networking/dual-stack/) support for IPv6. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-backoff-limit-per-index.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-backoff-limit-per-index.md index 1b1206077d332..50bf2af0729d9 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-backoff-limit-per-index.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-backoff-limit-per-index.md @@ -5,6 +5,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Allows specifying the maximal number of pod retries per index in Indexed jobs. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-mutable-node-scheduling-directives.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-mutable-node-scheduling-directives.md index 2e02cc251a668..6169e68c23e70 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-mutable-node-scheduling-directives.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-mutable-node-scheduling-directives.md @@ -4,6 +4,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true --- Allows updating node scheduling directives in the pod template of [Job](/docs/concepts/workloads/controllers/job). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-failure-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-failure-policy.md index a6681ad7cd052..4200f4b349548 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-failure-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-failure-policy.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" --- Allow users to specify handling of pod failures based on container exit codes and pod conditions. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-replacement-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-replacement-policy.md index bbee9df31eb83..1a6f62f5c68c7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-replacement-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-pod-replacement-policy.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Allows you to specify pod replacement for terminating pods in a [Job](/docs/concepts/workloads/controllers/job) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-ready-pods.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-ready-pods.md index e8c19f539f321..39f3c6f6c1d3c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-ready-pods.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-ready-pods.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enables tracking the number of Pods that have a `Ready` [condition](/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-tracking-with-finalizers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-tracking-with-finalizers.md index 9c622998c6ece..b05d6695f356a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/job-tracking-with-finalizers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/job-tracking-with-finalizers.md @@ -4,6 +4,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: false + fromVersion: "1.23" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.28" + +removed: true --- Enables tracking [Job](/docs/concepts/workloads/controllers/job) completions without relying on Pods remaining in the cluster indefinitely. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md index 85542c5a9d7a0..eaf26cbd27b6b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md @@ -4,5 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: deprecated + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + - stage: deprecated + defaultValue: false + fromVersion: "1.29" + --- Enables KMS v1 API for encryption at rest. See [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md index 698df0e82b1e5..213c9a664cb4d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enables KMS v2 to generate single use data encryption keys. See [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md index b0994792dc4d3..52ce6b7b6ab5e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md @@ -4,5 +4,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enables KMS v2 API for encryption at rest. See [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kube-proxy-draining-terminating-nodes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kube-proxy-draining-terminating-nodes.md index ff16161469096..e9628a85998eb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kube-proxy-draining-terminating-nodes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kube-proxy-draining-terminating-nodes.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" --- Implement connection draining for terminating nodes for `externalTrafficPolicy: Cluster` services. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md index c837c454f5455..8de9e1a118b0c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" --- Enable detection of the kubelet cgroup driver configuration option from the {{}}. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md index a1da303c4ace5..c8a59e30afac6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.9" + - stage: deprecated + fromVersion: "1.10" + toVersion: "1.10" + +removed: true --- Enable loading kubelet configuration from a file specified using a config file. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md index 3c777ba57be0a..264c029760357 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.28" + +removed: true --- Enable kubelet exec credential providers for image pull credentials. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md index bca920fc43806..342f0422216c1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" --- Enables support for running kubelet in a {{}}. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-plugins-watcher.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-plugins-watcher.md index 5d94abac81b06..cea4bec72c02a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-plugins-watcher.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-plugins-watcher.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.12" + - stage: stable + defaultValue: true + fromVersion: "1.13" + toVersion: "1.16" + +removed: true --- Enable probe-based plugin watcher utility to enable kubelet to discover plugins such as [CSI volume drivers](/docs/concepts/storage/volumes/#csi). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md index 11a3397d7550a..e73b3a4e10f63 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Extend the kubelet's pod resources gRPC endpoint to to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation` API. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md index b6e389921112f..4ab61fbec8b26 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- Enable the kubelet's pod resources `GetAllocatableResources` functionality. This API augments the diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get.md index 1f708b4ab017d..7a9c5da8c1b5b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Enable the `Get` gRPC endpoint on kubelet's for Pod resources. This API augments the [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md index b668d43f19bef..80c3f1a35c761 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.13" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- Enable the kubelet's pod resources gRPC endpoint. See [Support Device Monitoring](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/606-compute-device-assignment/README.md) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-separate-disk-gc.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-separate-disk-gc.md index c395f47d6393d..e484ac227bcde 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-separate-disk-gc.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-separate-disk-gc.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enable kubelet to garbage collect container images and containers even when those are on a separate filesystem. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-tracing.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-tracing.md index 891935144a91b..241297b35a8fe 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-tracing.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-tracing.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Add support for distributed tracing in the kubelet. When enabled, kubelet CRI interface and authenticated http servers are instrumented to generate diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md index e234069b5f5b2..395c3570a33b5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.20" + - stage: stable + defaultValue: false + fromVersion: "1.21" + toVersion: "1.22" + +removed: true --- When disabled, legacy behavior in service load balancers and node disruption will ignore the `node-role.kubernetes.io/master` label in favor of the diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md index 43c89cb2c3da2..698e25067f9a4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Enable cleaning up Secret-based [service account tokens](/docs/concepts/security/service-accounts/#get-a-token) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md index e966870ec27b7..4e80d7222db94 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md @@ -4,6 +4,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.28" + +removed: true --- Stop auto-generation of Secret-based [service account tokens](/docs/concepts/security/service-accounts/#get-a-token). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md index 45df199371aa5..26a4af593051f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md @@ -4,6 +4,20 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" + --- Track usage of Secret-based [service account tokens](/docs/concepts/security/service-accounts/#get-a-token). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md index 3d41588813029..1a46538eb7dec 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Allows setting `ipMode` for Services where `type` is set to `LoadBalancer`. See [Specifying IPMode of load balancer status](/docs/concepts/services-networking/service/#load-balancer-ip-mode) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md index b64b78978f03e..ee25d6ed424e6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" --- When `LocalStorageCapacityIsolation` is enabled for diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md index 7d2e6d0885c36..65f01d5d3b1af 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.7" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Enable the consumption of [local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md index bdd67042fd61e..434233e84a066 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" --- Enable semi-random selection of pods to evict on controller scaledown based on logarithmic bucketing of pod timestamps. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md index 67167f975d81e..ae187993d17fe 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" --- Allow fine-tuing of experimental, alpha-quality logging options. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md index b83a4b833aaa0..d70065c1f345e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.24" --- Allow fine-tuing of experimental, beta-quality logging options. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md index 0d5f572d4f448..196c48551efc0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enable the `matchLabelKeys` and `mismatchLabelKeys` field for [pod (anti)affinity](/docs/concepts/scheduling-eviction/assign-pod-node/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-topology-spread.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-topology-spread.md index a00108bbb8b75..2706a005b07d0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-topology-spread.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-topology-spread.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enable the `matchLabelKeys` field for [Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/max-unavailable-stateful-set.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/max-unavailable-stateful-set.md index 7d9a9689c4f1d..e36ed4f1cbc61 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/max-unavailable-stateful-set.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/max-unavailable-stateful-set.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" --- Enables setting the `maxUnavailable` field for the [rolling update strategy](/docs/concepts/workloads/controllers/statefulset/#rolling-updates) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-manager.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-manager.md index 81ed0974f8b3f..e9db5c4021155 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-manager.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-manager.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" --- Allows setting memory affinity for a container based on NUMA topology. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-qos.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-qos.md index 49c74b6d3d1d9..4a08e22d16192 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-qos.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/memory-qos.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" --- Enable memory protection and usage throttle on pod / container using cgroup v2 memory controller. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/min-domains-in-pod-topology-spread.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/min-domains-in-pod-topology-spread.md index 82b7572cf8839..a971222564b77 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/min-domains-in-pod-topology-spread.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/min-domains-in-pod-topology-spread.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.24" + - stage: beta + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enable `minDomains` in [Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md index c9d8dabae063f..0e8f0c7d1fb3e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- Enables new performance improvement logics in the kube-proxy iptables mode. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/mixed-protocol-lb-service.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/mixed-protocol-lb-service.md index b994ef582dd29..12050fc2fa4b1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/mixed-protocol-lb-service.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/mixed-protocol-lb-service.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true --- Enable using different protocols in the same `LoadBalancer` type Service instance. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-containers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-containers.md index 79525c5738022..0679f18880128 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-containers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-containers.md @@ -6,5 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.16" + - stage: deprecated + defaultValue: false + fromVersion: "1.17" + toVersion: "1.17" + +removed: true --- Enable using utility containers on host as the volume mounter. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-propagation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-propagation.md index def95eba40419..8b700da53d88f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-propagation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/mount-propagation.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.11" + - stage: stable + defaultValue: true + fromVersion: "1.12" + toVersion: "1.14" + +removed: true --- Enable sharing volume mounted by one container to other containers or pods. For more details, please see [mount propagation](/docs/concepts/storage/volumes/#mount-propagation). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-range-allocator.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-range-allocator.md index 29723d1726978..f29bf3ab3d58d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-range-allocator.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-range-allocator.md @@ -4,5 +4,13 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.28" + +removed: true --- Enables the MultiCIDR range allocator. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-service-allocator.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-service-allocator.md index a6bcaf5dcf13f..278ef255911e3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-service-allocator.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/multi-cidr-service-allocator.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Track IP address allocations for Service cluster IPs using IPAddress objects. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md index 81d0510ac26b7..9527a70286b18 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + +removed: true --- Configure the API Server to set an immutable {{< glossary_tooltip text="label" term_id="label" >}} `kubernetes.io/metadata.name` diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md index 0fb007971ea09..1766a6898814d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Allows you to define ports in a [NetworkPolicy](docs/concepts/services-networking/network-policies/) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md index 6744409f9ae67..9dce693040507 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md @@ -4,5 +4,13 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.27" + +removed: true --- Enable the `status` subresource for NetworkPolicy objects. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md index 5d54e860808fa..f9242f0050912 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.27" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" --- Enables improved discovery of mounted volumes during kubelet startup. Since this code has been significantly refactored, we allow to opt-out in case kubelet diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md index 3b4f846a72f8f..de2cf6bf7b2a5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Allow running kube-proxy with in [nftables mode](/docs/reference/networking/virtual-ips/#proxy-mode-nftables). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md index 78c83f586b02b..24ddcc75ef9ef 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true --- Enable use of the Node label `node.kubernetes.io/exclude-disruption` which prevents nodes from being evacuated during zone failures. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md index 4f30224da53e9..146a4dd8d81c4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" --- Enable using `nodeAffinityPolicy` and `nodeTaintsPolicy` in [Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-lease.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-lease.md index 381fbf7b2a269..9dd4a9bdfd351 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-lease.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-lease.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.23" + +removed: true --- Enable the new Lease API to report node heartbeats, which could be used as a node health signal. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md index f66e858fd26f8..efdc9bdc45ba1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Enables querying logs of node services using the `/logs` endpoint. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md index 695ddc5b28b16..e3f0998d80799 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- When a Node is marked out-of-service using the `node.kubernetes.io/out-of-service` taint, Pods on the node will be forcefully deleted diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-swap.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-swap.md index 16f7cbf522312..c48e1c5c8bfd4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/node-swap.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/node-swap.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.27" + - stage: beta + defaultValue: false + fromVersion: "1.28" --- Enable the kubelet to allocate swap memory for Kubernetes workloads on a node. Must be used with `KubeletConfiguration.failSwapOn` set to false. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md index 44e72e755e5d2..3118f8c37fe10 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enable `preemptionPolicy` field for PriorityClass and Pod. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md index ba60f93893258..236e064b5e07c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" --- Enables populating "enum" fields of OpenAPI schemas in the spec returned from the API server. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md index 03655a75ca3ce..10352c719e118 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md @@ -4,5 +4,20 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" +removed: true --- Enables the API server to publish OpenAPI v3. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md index 34d2f9a1dd54f..d48bace0b1af4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enables the `unhealthyPodEvictionPolicy` field of a `PodDisruptionBudget`. This specifies when unhealthy pods should be considered for eviction. Please see [Unhealthy Pod Eviction Policy](/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md index e047d3dbf87c1..fe9692e09e354 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.7" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + +removed: true --- Enable the usage of `local` volume type in Pods. Pod affinity has to be specified if requesting a `local` volume. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md index 2a710c85db61b..4c2900c978c18 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Adds a new field to PersistentVolume which holds a timestamp of when the volume last transitioned its phase. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md index 84c95c8763a84..5594d10491370 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enable the [Pod Affinity Namespace Selector](/docs/concepts/scheduling-eviction/assign-pod-node/#namespace-selector) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md index ed083c73863c3..1d3efa6cc8776 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" --- Configure the kubelet to gather container and pod stats from the CRI container runtime rather than gathering them from cAdvisor. As of 1.26, this also includes gathering metrics from CRI and emitting them over `/metrics/cadvisor` (rather than having cAdvisor emit them directly). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md index 7837cd832c1c8..8b952afc68cd5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" --- Enable the [Pod Deletion Cost](/docs/concepts/workloads/controllers/replicaset/#pod-deletion-cost) feature which allows users to influence ReplicaSet downscaling order. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md index 6dbcb9f98abe8..3ae4cb4975ead 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.3" + toVersion: "1.4" + - stage: beta + defaultValue: true + fromVersion: "1.5" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.25" + +removed: true --- Enable the [PodDisruptionBudget](/docs/tasks/run-application/configure-pdb/) feature. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md index ae268f72f54a4..3b259ffd86b0e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" --- Enables support for appending a dedicated pod condition indicating that the pod is being deleted due to a disruption. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md index a71f647fe40e5..9775443a60779 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md @@ -4,6 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.27" + +removed: true --- Enable the kubelet to mark the [PodHasNetwork](/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) condition on pods. This was renamed to `PodReadyToStartContainersCondition` in 1.28. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md index 27698fd9c8129..81e919aa6f069 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Enable the `status.hostIPs` field for pods and the {{< glossary_tooltip term_id="downward-api" text="downward API" >}}. The field lets you expose host IP addresses to workloads. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md index 357a2dcc4c321..be509292c662d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.28" --- Enables the Job controller and StatefulSet controller to add the pod index as a label when creating new pods. See [Job completion mode docs](/docs/concepts/workloads/controllers/job#completion-mode) and [StatefulSet pod index label docs](/docs/concepts/workloads/controllers/statefulset/#pod-index-label) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md index e0e528b2383b8..42509131ebaa8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enables the `sleep` action in Container lifecycle hooks. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md index 05712565fef1b..d58011e6f2f80 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enable the [PodOverhead](/docs/concepts/scheduling-eviction/pod-overhead/) feature to account for pod overheads. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md index d09e9eb8c77c0..b17774b58bf02 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.10" + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.18" + +removed: true --- Enable the descheduling and preemption of Pods based on their [priorities](/docs/concepts/scheduling-eviction/pod-priority-preemption/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md index fe24af132540b..ed3bd52ebb766 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + +removed: true --- Enable the setting of `PodReadinessGate` field for extending Pod readiness evaluation. See [Pod readiness gate](/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-ready-to-start-containers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-ready-to-start-containers.md index df9d38bcb6c37..d51762d839c52 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-ready-to-start-containers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-ready-to-start-containers.md @@ -6,6 +6,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Enable the kubelet to mark the [PodReadyToStartContainers](/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) condition on pods. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-scheduling-readiness.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-scheduling-readiness.md index c8778cf2b4320..8b03ffb2daef1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-scheduling-readiness.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-scheduling-readiness.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enable setting `schedulingGates` field to control a Pod's [scheduling readiness](/docs/concepts/scheduling-eviction/pod-scheduling-readiness). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-security.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-security.md index 7a2a3efa0108a..bb1db8b1cd83f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-security.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-security.md @@ -5,5 +5,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.27" + +removed: true --- Enables the `PodSecurity` admission plugin. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-share-process-namespace.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-share-process-namespace.md index 42eb71c5c2677..e1529791394e4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-share-process-namespace.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pod-share-process-namespace.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.19" + +removed: true --- Enable the setting of `shareProcessNamespace` in a Pod for sharing a single process namespace between containers running in a pod. More details can be found in diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/prefer-nominated-node.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/prefer-nominated-node.md index ad999617077cd..e9b7b71901a3b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/prefer-nominated-node.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/prefer-nominated-node.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- This flag tells the scheduler whether the nominated nodes will be checked first before looping through all the other nodes in diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/probe-termination-grace-period.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/probe-termination-grace-period.md index 930dadf06fd5a..b4aac7bb507e3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/probe-termination-grace-period.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/probe-termination-grace-period.md @@ -4,6 +4,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: false + fromVersion: "1.22" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + +removed: true --- Enable [setting probe-level `terminationGracePeriodSeconds`](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#probe-level-terminationgraceperiodseconds) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/proc-mount-type.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/proc-mount-type.md index 73a3173eaec8e..151223fb45a54 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/proc-mount-type.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/proc-mount-type.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" --- Enables control over the type proc mounts for containers by setting the `procMount` field of a SecurityContext. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md index a0672b3ca1c46..debb78efafcdf 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" --- Enable the kube-proxy to handle terminating endpoints when `ExternalTrafficPolicy=Local`. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/pvc-protection.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/pvc-protection.md index d64d7951051df..4cbcd073e60e6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/pvc-protection.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/pvc-protection.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.9" + - stage: deprecated + fromVersion: "1.10" + toVersion: "1.10" + +removed: true --- Enable the prevention of a PersistentVolumeClaim (PVC) from being deleted when it is still used by any Pod. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md index 7db6ba5543171..1681de29f1518 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" --- Allows resource reservations at the QoS level preventing pods at lower QoS levels from bursting into resources requested at higher QoS levels diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md index 5dd15edfbe73b..10dfb7f7b2d75 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enables the usage of `ReadWriteOncePod` PersistentVolume access mode. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md index fd9720abfa07a..5c5afb86939cb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" --- Enables users to edit their PVCs to smaller sizes so as they can recover from previously issued volume expansion failures. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md index e3238a2e1ea17..9058d4ff0aea7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Allow the API servers to show a count of remaining items in the response to a diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md index 25e4e977d3aa0..ff8b45a51e7a6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" --- Sets the `.metadata.selfLink` field to blank (empty string) for all objects and collections. This field has been deprecated since the Kubernetes v1.16 diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/request-management.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/request-management.md index 3c147f36b6d8e..b390fd4d771b5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/request-management.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/request-management.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.16" + - stage: deprecated + fromVersion: "1.17" + toVersion: "1.17" + +removed: true --- Enables managing request concurrency with prioritization and fairness at each API server. Deprecated by `APIPriorityAndFairness` since 1.17. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md index 256f59d412668..eced821d5f2f3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.18" + - stage: deprecated + fromVersion: "1.19" + toVersion: "1.19" + +removed: true --- Enable a scheduler priority function that assigns a lowest possible score of 1 to a node that satisfies at least one of diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md index 306be747fb218..07ecb8e180847 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.18" + +removed: true --- Enable resource quota scope selectors. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/retroactive-default-storage-class.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/retroactive-default-storage-class.md index 36298a5f39a83..d16786c0aaae0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/retroactive-default-storage-class.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/retroactive-default-storage-class.md @@ -4,5 +4,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + +removed: true --- Allow assigning StorageClass to unbound PVCs retroactively. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/root-ca-config-map.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/root-ca-config-map.md index 8611ac90c6d92..4601b6b5a8f3c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/root-ca-config-map.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/root-ca-config-map.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.13" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true --- Configure the `kube-controller-manager` to publish a {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} named `kube-root-ca.crt` diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-client-certificate.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-client-certificate.md index 0d5c80fa5b5e3..0a475d32776c2 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-client-certificate.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-client-certificate.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.8" + toVersion: "1.18" + - stage: stable + defaultValue: true + fromVersion: "1.19" + toVersion: "1.21" + +removed: true --- Enable the rotation of the client TLS certificate on the kubelet. See [kubelet configuration](/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#kubelet-configuration) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-server-certificate.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-server-certificate.md index b828830ab0df5..f8a7e55947752 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-server-certificate.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/rotate-kubelet-server-certificate.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.7" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" --- Enable the rotation of the server TLS certificate on the kubelet. See [kubelet configuration](/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#kubelet-configuration) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/run-as-group.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/run-as-group.md index 7e2927906224c..4c9f24e084dc3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/run-as-group.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/run-as-group.md @@ -6,5 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true --- Enable control over the primary group ID set on the init processes of containers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class-in-image-cri-api.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class-in-image-cri-api.md index 88abe4473158e..44628348839be 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class-in-image-cri-api.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class-in-image-cri-api.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enables images to be pulled based on the [runtime class] (/docs/concepts/containers/runtime-class/) of the pods that reference them. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class.md index c028f713d9ec9..8c98029d7d1d5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/runtime-class.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.24" + +removed: true --- Enable the [RuntimeClass](/docs/concepts/containers/runtime-class/) feature for selecting container runtime configurations. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md index fba999d571c02..2c2d585261387 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.18" + +removed: true --- Enable DaemonSet Pods to be scheduled by the default scheduler instead of the DaemonSet controller. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md index b2beaddec6b42..b60c4ddc506c9 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: false + fromVersion: "1.29" --- Enables [the scheduler's _queueing hints_ enhancement](https://github.com/kubernetes/enhancements/blob/master/keps/sig-scheduling/4247-queueinghint/README.md), which benefits to reduce the useless requeueing. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md index 8c7a54937ece3..b1d0d2655c661 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.22" + +removed: true --- Enables the _SCTP_ `protocol` value in Pod, Service, Endpoints, EndpointSlice, and NetworkPolicy definitions. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md index dea1497b38aeb..d1d156497e0e8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true --- Enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md index b304808b38720..d4947c6d41a4f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- This gate signals that the `SecurityContextDeny` admission controller is deprecated. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/selector-index.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/selector-index.md index 7e9423696f6df..f5c915caa9cd7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/selector-index.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/selector-index.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.25" + +removed: true --- Allows label and field based indexes in API server watch cache to accelerate list operations. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md index 65bd39aa4a4cc..47107b97bf3bf 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: false + fromVersion: "1.27" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" --- Speeds up container startup by allowing kubelet to mount volumes for a Pod directly with the correct SELinux label instead of changing each file on the volumes diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md index 29c989b2fac7f..2b2d0c94ac1b7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Enables running `TaintEvictionController`, that performs [Taint-based Evictions](/docs/concepts/scheduling-eviction/taint-and-toleration/#taint-based-evictions), diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md index 2d8b66cff5169..8decb8b3c69a2 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" --- Enables the [Sever Side Apply (SSA)](/docs/reference/using-api/server-side-apply/) feature on the API Server. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md index b97cbdbdebfbf..91849ecb76b49 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" --- Enables server-side field validation. This means the validation of resource schema is performed at the API server side rather than the client side diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md index 581179575b31d..d0f95939f19dd 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.23" + +removed: true --- Enable OIDC discovery endpoints (issuer and JWKS URLs) for the service account issuer in the API server. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md index abc66d675b4a7..f4e9243184872 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Controls whether JTIs (UUIDs) are embedded into generated service account tokens, and whether these JTIs are recorded into the Kubernetes audit log for future requests made by these tokens. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md index 7a4c77ff1731d..fbdff26fd005a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Controls whether the apiserver will validate a Node reference in service account tokens. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md index 4fd31b624abe0..28e2ce6a7ed4c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Controls whether the apiserver allows binding service account tokens to Node objects. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md index 3eec66d02aecf..da5410122dd10 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Controls whether the apiserver embeds the node name and uid for the associated node when issuing service account tokens bound to Pod objects. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md index 53a78a8cb8ee6..6e46d2b9658dd 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.22" + +removed: true --- Enables the `appProtocol` field on Services and Endpoints. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md index cd3e53a53d0b4..99d706ab72087 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md @@ -4,5 +4,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true --- Enables the `internalTrafficPolicy` field on Services diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md index a65651f27bf6f..02fa7b7a7a3f0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true --- Enables a strategy for Services ClusterIP allocations, whereby the ClusterIP range is subdivided. Dynamic allocated ClusterIP addresses will be allocated preferently diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md index 0273c908c9454..2c9bac4b3217a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enables the `allocateLoadBalancerNodePorts` field on Services. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md index e9b4a6383fe8b..1b38ca1887dd8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enables the `loadBalancerClass` field on Services. See [Specifying class of load balancer implementation](/docs/concepts/services-networking/service/#load-balancer-class) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md index 9c7594ba75fd2..d3383eb4bbfc3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.20" + +removed: true --- Enable finalizer protection for Service load balancers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md index 67037b040cefb..9714aae5183c7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true --- Enable the exclusion of nodes from load balancers created by a cloud provider. A node is eligible for exclusion if labelled with "`node.kubernetes.io/exclude-from-external-load-balancers`". diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md index 8241ca5aad115..9226d1c903690 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" --- Enables the use of different port allocation strategies for NodePort Services. For more details, see diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-topology.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-topology.md index 52ed1bc7e2769..92161484592e4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-topology.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-topology.md @@ -6,5 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.17" + toVersion: "1.19" + - stage: deprecated + defaultValue: false + fromVersion: "1.20" + toVersion: "1.22" + +removed: true --- Enable service to route traffic based upon the Node topology of the cluster. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md index a816c884ae41d..4f4b1a0398776 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- Enable the ability of setting Fully Qualified Domain Name(FQDN) as the hostname of a pod. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md index 803f2d9797565..a7abb4461a5eb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Allow setting the `restartPolicy` of an init container to `Always` so that the container becomes a sidecar container (restartable init containers). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md index 7ed5db157671d..ea6ea9a4c5cce 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" --- Enable kubelets to determine the size limit for memory-backed volumes (mainly `emptyDir` volumes). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md index 9f84e5ac7c430..b1fefecf443f2 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: deprecated + defaultValue: true + fromVersion: "1.29" --- Skip validation for GCE, will enable in the next version. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md index 16a3451ba1093..faaa09e420011 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Enables less load balancer re-configurations by the service controller (KCCM) as an effect of changing node state. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md index 365423cfd48be..8e33c40be7322 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + +removed: true --- Enable the [startup](/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-startup-probe) probe in the kubelet. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md index 3d5de8c1e40cb..9075c90ea1c50 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md @@ -5,6 +5,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.26" + - stage: beta + defaultValue: false + fromVersion: "1.27" --- Allows the use of the optional `.spec.persistentVolumeClaimRetentionPolicy` field, providing control over the deletion of PVCs in a StatefulSet's lifecycle. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md index a3a5a6b1565a9..0bc7bb25f07b0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true --- Allows `minReadySeconds` to be respected by the StatefulSet controller. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md index fd0276f6f4fe5..4bd6b41061841 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" --- Allow configuration of the start ordinal in a StatefulSet. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md index 298c499473c50..5e212524b0716 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.10" + - stage: stable + defaultValue: true + fromVersion: "1.11" + toVersion: "1.24" + +removed: true --- Postpone the deletion of PersistentVolume or PersistentVolumeClaim objects if they are still being used. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md index 4797309247df5..93bba358ab872 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" --- Enable the [storage version API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#storageversion-v1alpha1-internal-apiserver-k8s-io). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md index 0f8ee3b73f97d..ebbb3fb970374 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" --- Allow API servers to expose the storage version hash in the discovery. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md index 51d4d5e4b3844..b30d6a553b77e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md @@ -6,6 +6,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.5" + toVersion: "1.5" + - stage: beta + defaultValue: true + fromVersion: "1.6" + toVersion: "1.17" + - stage: deprecated + defaultValue: true + fromVersion: "1.18" + toVersion: "1.21" + - stage: deprecated + defaultValue: false + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- Instructs the API server to intercept (and follow) redirects from the backend (kubelet) for streaming requests. Examples of streaming requests include the `exec`, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md index 23e25dbb94993..76836a9425872 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enable [structured authentication configuration](/docs/reference/access-authn-authz/authentication/#configuring-the-api-server) for the API server. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md index ebd2ee8cfa9b4..cad2cbb6415c3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enable structured authorization configuration, so that cluster administrators can specify more than one [authorization webhook](/docs/reference/access-authn-authz/webhook/) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md index 80afa61d62e91..cc3d1aaa150f9 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md @@ -6,6 +6,26 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.8" + - stage: beta + defaultValue: false + fromVersion: "1.9" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.10" + - stage: stable + defaultValue: true + fromVersion: "1.11" + toVersion: "1.20" + +removed: true --- Enable providing in-cluster service load balancing using IPVS. See [service proxies](/docs/reference/networking/virtual-ips/) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md index 185bbaa4ae49d..adf9352db26bb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + +removed: true --- Enable the support to limiting PIDs on the Node. The parameter `pid=` in the `--system-reserved` and `--kube-reserved` options can be specified to diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md index df1a73b597b64..8388c43633c2d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + +removed: true --- Enable the support to limiting PIDs in Pods. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md index ceab5000369f6..4715f4d0c9a4f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true --- Enable support to suspend and resume Jobs. For more details, see [the Jobs docs](/docs/concepts/workloads/controllers/job/). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/sysctls.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/sysctls.md index 2d3ec087bbb79..62d386cb50a83 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/sysctls.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/sysctls.md @@ -6,6 +6,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true --- Enable support for namespaced kernel parameters (sysctls) that can be set for each pod. See [sysctls](/docs/tasks/administer-cluster/sysctl-cluster/) for more details. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-based-evictions.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-based-evictions.md index 814546565320b..8471e3efacb4d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-based-evictions.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-based-evictions.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.6" + toVersion: "1.12" + - stage: beta + defaultValue: true + fromVersion: "1.13" + toVersion: "1.17" + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.20" + +removed: true --- Enable evicting pods from nodes based on taints on Nodes and tolerations on Pods. See [taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-nodes-by-condition.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-nodes-by-condition.md index 34b17e6de653f..32be4136dc5f7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-nodes-by-condition.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/taint-nodes-by-condition.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.18" + +removed: true --- Enable automatic tainting nodes based on [node conditions](/docs/concepts/architecture/nodes/#condition). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request-projection.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request-projection.md index 996d3dabee265..7ca504050e04c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request-projection.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request-projection.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.21" + +removed: true --- Enable the injection of service account tokens into a Pod through a [`projected` volume](/docs/concepts/storage/volumes/#projected). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request.md index 3fc2a510b6f4a..ac40a66330725 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/token-request.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.21" + +removed: true --- Enable the `TokenRequest` endpoint on service account resources. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md index accc97690be95..d4616b2bf154b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md @@ -4,6 +4,19 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.22" + - stage: beta + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" --- Enables topology aware routing based on topology hints in EndpointSlices. See [Topology Aware diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-alpha-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-alpha-options.md index 1cc5e5c4b6216..e3b159762e6d5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-alpha-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-alpha-options.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" --- Allow fine-tuning of topology manager policies, experimental, Alpha-quality options. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-beta-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-beta-options.md index 5e98776027fb3..c0e2f7871c0c8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-beta-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-beta-options.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.26" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" --- Allow fine-tuning of topology manager policies, experimental, Beta-quality options. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md index 52deabc2cb259..5ca3237b88b50 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" --- Allow fine-tuning of topology manager policies, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager.md index bece6d3dcb626..63c685c304d12 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager.md @@ -4,6 +4,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true --- Enable a mechanism to coordinate fine-grained hardware resource assignments for different components in Kubernetes. See diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/translate-stream-close-websocket-requests.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/translate-stream-close-websocket-requests.md index f7c1d80734721..08be9d219e2cb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/translate-stream-close-websocket-requests.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/translate-stream-close-websocket-requests.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Allow WebSocket streaming of the remote command sub-protocol (`exec`, `cp`, `attach`) from clients requesting diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/ttl-after-finished.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/ttl-after-finished.md index af0feaeb6587b..6c8f3dc9c026b 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/ttl-after-finished.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/ttl-after-finished.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + - stage: stable + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + +removed: true --- Allow a [TTL controller](/docs/concepts/workloads/controllers/ttlafterfinished/) to clean up resources after they finish execution. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/unauthenticated-http2-dos-mitigation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/unauthenticated-http2-dos-mitigation.md index 1477f7ac4ee6c..e6c04e9609cfb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/unauthenticated-http2-dos-mitigation.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/unauthenticated-http2-dos-mitigation.md @@ -4,6 +4,15 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" --- Enables HTTP/2 Denial of Service (DoS) mitigations for unauthenticated clients. Kubernetes v1.28.0 through v1.28.2 do not include this feature gate. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/unknown-version-interoperability-proxy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/unknown-version-interoperability-proxy.md index 69d3b8691efee..3d017657e2322 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/unknown-version-interoperability-proxy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/unknown-version-interoperability-proxy.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" --- Proxy resource requests to the correct peer kube-apiserver when multiple kube-apiservers exist at varied versions. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-pod-security-standards.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-pod-security-standards.md index 1a1fee0058a6e..76a8920ee9b50 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-pod-security-standards.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-pod-security-standards.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enable Pod Security Standards policies relaxation for pods that run with namespaces. You must set the value of this feature gate consistently across all nodes in diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-stateless-pods-support.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-stateless-pods-support.md index 32a08177d0799..99b530db3b303 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-stateless-pods-support.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-stateless-pods-support.md @@ -4,6 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.27" + +removed: true --- Enable user namespace support for stateless Pods. This feature gate was superseded by the `UserNamespacesSupport` feature gate in the Kubernetes v1.28 release. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-support.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-support.md index e6d1032b4325f..0e46c3e3158aa 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-support.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-support.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" --- Enable user namespace support for Pods. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/validate-proxy-redirects.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/validate-proxy-redirects.md index 513fd911e902f..d241fb9f0b443 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/validate-proxy-redirects.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/validate-proxy-redirects.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.21" + - stage: deprecated + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- This flag controls whether the API server should validate that redirects are only followed to the same host. Only used if the `StreamingProxyRedirects` flag is enabled. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/validating-admission-policy.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/validating-admission-policy.md index ee5bfbcdc4e7d..197422115d265 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/validating-admission-policy.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/validating-admission-policy.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.27" + - stage: beta + defaultValue: false + fromVersion: "1.28" --- Enable [ValidatingAdmissionPolicy](/docs/reference/access-authn-authz/validating-admission-policy/) support for CEL validations be used in Admission Control. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-attributes-class.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-attributes-class.md index e97a870f2ae6d..b4d5f49946918 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-attributes-class.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-attributes-class.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- Enable support for VolumeAttributesClasses. See [Volume Attributes Classes](/docs/concepts/storage/volume-attributes-classes/) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-capacity-priority.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-capacity-priority.md index 3cc62ee723e35..d1bfcf30428b8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-capacity-priority.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-capacity-priority.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- Enable support for prioritizing nodes in different topologies based on available PV capacity. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-pvc-data-source.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-pvc-data-source.md index 5b1ea196f496d..2ed353beb1f6c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-pvc-data-source.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-pvc-data-source.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.17" + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.21" + +removed: true --- Enable support for specifying an existing PVC as a DataSource. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-scheduling.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-scheduling.md index 9c6dd67abaa1b..3f262bbf90ff7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-scheduling.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-scheduling.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.12" + - stage: stable + defaultValue: true + fromVersion: "1.13" + toVersion: "1.16" + +removed: true --- Enable volume topology aware scheduling and make the PersistentVolumeClaim (PVC) binding aware of scheduling decisions. It also enables the usage of diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-snapshot-data-source.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-snapshot-data-source.md index bb3238b87d0f5..f9dec1140e1a0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-snapshot-data-source.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-snapshot-data-source.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.16" + - stage: beta + defaultValue: true + fromVersion: "1.17" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.22" + +removed: true --- Enable volume snapshot data source support. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath-env-expansion.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath-env-expansion.md index 7be67bcea50e2..bd37447c022e7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath-env-expansion.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath-env-expansion.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.24" + +removed: true --- Enable `subPathExpr` field for expanding environment variables into a `subPath`. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath.md index 6122f6649633f..b57df2cbff4c1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/volume-subpath.md @@ -6,5 +6,13 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: stable + defaultValue: true + fromVersion: "1.10" + toVersion: "1.24" + +removed: true --- Allow mounting a subpath of a volume in a container. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/warning-headers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/warning-headers.md index 3ff9a7880fc0d..4b576cce8a655 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/warning-headers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/warning-headers.md @@ -6,5 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- Allow sending warning headers in API responses. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-bookmark.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-bookmark.md index 0f087a17e00e0..844aa034d4125 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-bookmark.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-bookmark.md @@ -4,5 +4,18 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" --- Enable support for watch bookmark events. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-list.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-list.md index c3754662b5d1a..cd258d1afd54a 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-list.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/watch-list.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- Enable support for [streaming initial state of objects in watch requests](/docs/reference/using-api/api-concepts/#streaming-lists). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/win-dsr.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/win-dsr.md index c5db941441cb3..c3dbd191eb03f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/win-dsr.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/win-dsr.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" --- Allows kube-proxy to create DSR loadbalancers for Windows. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/win-overlay.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/win-overlay.md index 8f68d64eaeb1f..ba1b0c39b781c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/win-overlay.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/win-overlay.md @@ -4,5 +4,14 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" --- Allows kube-proxy to run in overlay mode for Windows. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-endpoint-slice-proxying.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-endpoint-slice-proxying.md index 7270269fe8563..128f9639912cb 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-endpoint-slice-proxying.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-endpoint-slice-proxying.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true --- When enabled, kube-proxy running on Windows will use EndpointSlices as the primary data source instead of Endpoints, enabling scalability and diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-gmsa.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-gmsa.md index 4047fdf9fa9d9..0e07a40746c61 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-gmsa.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-gmsa.md @@ -6,5 +6,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.17" + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.20" + +removed: true --- Enables passing of GMSA credential specs from pods to container runtimes. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-network.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-network.md index 1c47419f0b841..3a75bcc055f70 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-network.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-network.md @@ -4,5 +4,10 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: true + fromVersion: "1.26" --- Enables support for joining Windows containers to a hosts' network namespace. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-process-containers.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-process-containers.md index 16e956999ca22..b6f8ae2ed3ef1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-process-containers.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-host-process-containers.md @@ -4,5 +4,21 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true --- Enables support for Windows HostProcess containers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-run-as-user-name.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-run-as-user-name.md index 012f490297fab..c535e4ef0d7e9 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-run-as-user-name.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/windows-run-as-user-name.md @@ -6,6 +6,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.16" + - stage: beta + defaultValue: true + fromVersion: "1.17" + toVersion: "1.17" + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.20" + +removed: true --- Enable support for running applications in Windows containers with as a non-default user. See [Configuring RunAsUserName](/docs/tasks/configure-pod-container/configure-runasusername) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md index 1e6ed4d9ea940..f088c029b7bca 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.29" --- Allow [Priority & Fairness](/docs/concepts/cluster-administration/flow-control/) in the API server to use a zero value for the `nominalConcurrencyShares field of From b1873fc9ea4c736000a08650a5f5dcc209b797a2 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Sat, 23 Dec 2023 19:10:26 +0000 Subject: [PATCH 049/279] Replace the existing tables with the shortcode --- .../feature-gates-removed/index.md | 439 +----------------- .../feature-gates/index.md | 284 +---------- layouts/partials/head.html | 2 +- 3 files changed, 7 insertions(+), 718 deletions(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md b/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md index 9e37d0eb09692..47e73f8851fc8 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md @@ -26,443 +26,8 @@ In the following table: you can still use a feature gate. If the feature stage is either "Deprecated" or "GA", the "To" column is the Kubernetes release when the feature is removed. -{{< table caption="Feature Gates Removed" >}} - -| Feature | Default | Stage | From | To | -|---------|---------|-------|-------|-------| -| `Accelerators` | `false` | Alpha | 1.6 | 1.10 | -| `Accelerators` | - | Deprecated | 1.11 | 1.11 | -| `AdvancedAuditing` | `false` | Alpha | 1.7 | 1.7 | -| `AdvancedAuditing` | `true` | Beta | 1.8 | 1.11 | -| `AdvancedAuditing` | `true` | GA | 1.12 | 1.27 | -| `AffinityInAnnotations` | `false` | Alpha | 1.6 | 1.7 | -| `AffinityInAnnotations` | - | Deprecated | 1.8 | 1.8 | -| `AllowExtTrafficLocalEndpoints` | `false` | Beta | 1.4 | 1.6 | -| `AllowExtTrafficLocalEndpoints` | `true` | GA | 1.7 | 1.9 | -| `AllowInsecureBackendProxy` | `true` | Beta | 1.17 | 1.20 | -| `AllowInsecureBackendProxy` | `true` | GA | 1.21 | 1.25 | -| `AttachVolumeLimit` | `false` | Alpha | 1.11 | 1.11 | -| `AttachVolumeLimit` | `true` | Beta | 1.12 | 1.16 | -| `AttachVolumeLimit` | `true` | GA | 1.17 | 1.21 | -| `BalanceAttachedNodeVolumes` | `false` | Alpha | 1.11 | 1.21 | -| `BalanceAttachedNodeVolumes` | `false` | Deprecated | 1.22 | 1.22 | -| `BlockVolume` | `false` | Alpha | 1.9 | 1.12 | -| `BlockVolume` | `true` | Beta | 1.13 | 1.17 | -| `BlockVolume` | `true` | GA | 1.18 | 1.21 | -| `BoundServiceAccountTokenVolume` | `false` | Alpha | 1.13 | 1.20 | -| `BoundServiceAccountTokenVolume` | `true` | Beta | 1.21 | 1.21 | -| `BoundServiceAccountTokenVolume` | `true` | GA | 1.22 | 1.23 | -| `CRIContainerLogRotation` | `false` | Alpha | 1.10 | 1.10 | -| `CRIContainerLogRotation` | `true` | Beta | 1.11 | 1.20 | -| `CRIContainerLogRotation` | `true` | GA | 1.21 | 1.22 | -| `CSIBlockVolume` | `false` | Alpha | 1.11 | 1.13 | -| `CSIBlockVolume` | `true` | Beta | 1.14 | 1.17 | -| `CSIBlockVolume` | `true` | GA | 1.18 | 1.21 | -| `CSIDriverRegistry` | `false` | Alpha | 1.12 | 1.13 | -| `CSIDriverRegistry` | `true` | Beta | 1.14 | 1.17 | -| `CSIDriverRegistry` | `true` | GA | 1.18 | 1.21 | -| `CSIInlineVolume` | `false` | Alpha | 1.15 | 1.15 | -| `CSIInlineVolume` | `true` | Beta | 1.16 | 1.24 | -| `CSIInlineVolume` | `true` | GA | 1.25 | 1.26 | -| `CSIMigration` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigration` | `true` | Beta | 1.17 | 1.24 | -| `CSIMigration` | `true` | GA | 1.25 | 1.26 | -| `CSIMigrationAWS` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigrationAWS` | `false` | Beta | 1.17 | 1.22 | -| `CSIMigrationAWS` | `true` | Beta | 1.23 | 1.24 | -| `CSIMigrationAWS` | `true` | GA | 1.25 | 1.26 | -| `CSIMigrationAWSComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationAWSComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationAzureDisk` | `false` | Alpha | 1.15 | 1.18 | -| `CSIMigrationAzureDisk` | `false` | Beta | 1.19 | 1.22 | -| `CSIMigrationAzureDisk` | `true` | Beta | 1.23 | 1.23 | -| `CSIMigrationAzureDisk` | `true` | GA | 1.24 | 1.26 | -| `CSIMigrationAzureDiskComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationAzureDiskComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationAzureFileComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationAzureFileComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationGCE` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigrationGCE` | `false` | Beta | 1.17 | 1.22 | -| `CSIMigrationGCE` | `true` | Beta | 1.23 | 1.24 | -| `CSIMigrationGCE` | `true` | GA | 1.25 | 1.27 | -| `CSIMigrationGCEComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationGCEComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationOpenStack` | `false` | Alpha | 1.14 | 1.17 | -| `CSIMigrationOpenStack` | `true` | Beta | 1.18 | 1.23 | -| `CSIMigrationOpenStack` | `true` | GA | 1.24 | 1.25 | -| `CSIMigrationOpenStackComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationOpenStackComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationvSphere` | `false` | Alpha | 1.18 | 1.18 | -| `CSIMigrationvSphere` | `false` | Beta | 1.19 | 1.24 | -| `CSIMigrationvSphere` | `true` | Beta | 1.25 | 1.25 | -| `CSIMigrationvSphere` | `true` | GA | 1.26 | 1.28 | -| `CSIMigrationvSphereComplete` | `false` | Beta | 1.19 | 1.21 | -| `CSIMigrationvSphereComplete` | - | Deprecated | 1.22 | 1.22 | -| `CSINodeInfo` | `false` | Alpha | 1.12 | 1.13 | -| `CSINodeInfo` | `true` | Beta | 1.14 | 1.16 | -| `CSINodeInfo` | `true` | GA | 1.17 | 1.22 | -| `CSIPersistentVolume` | `false` | Alpha | 1.9 | 1.9 | -| `CSIPersistentVolume` | `true` | Beta | 1.10 | 1.12 | -| `CSIPersistentVolume` | `true` | GA | 1.13 | 1.16 | -| `CSIServiceAccountToken` | `false` | Alpha | 1.20 | 1.20 | -| `CSIServiceAccountToken` | `true` | Beta | 1.21 | 1.21 | -| `CSIServiceAccountToken` | `true` | GA | 1.22 | 1.24 | -| `CSIStorageCapacity` | `false` | Alpha | 1.19 | 1.20 | -| `CSIStorageCapacity` | `true` | Beta | 1.21 | 1.23 | -| `CSIStorageCapacity` | `true` | GA | 1.24 | 1.27 | -| `CSIVolumeFSGroupPolicy` | `false` | Alpha | 1.19 | 1.19 | -| `CSIVolumeFSGroupPolicy` | `true` | Beta | 1.20 | 1.22 | -| `CSIVolumeFSGroupPolicy` | `true` | GA | 1.23 | 1.25 | -| `CSRDuration` | `true` | Beta | 1.22 | 1.23 | -| `CSRDuration` | `true` | GA | 1.24 | 1.25 | -| `ConfigurableFSGroupPolicy` | `false` | Alpha | 1.18 | 1.19 | -| `ConfigurableFSGroupPolicy` | `true` | Beta | 1.20 | 1.22 | -| `ConfigurableFSGroupPolicy` | `true` | GA | 1.23 | 1.25 | -| `ControllerManagerLeaderMigration` | `false` | Alpha | 1.21 | 1.21 | -| `ControllerManagerLeaderMigration` | `true` | Beta | 1.22 | 1.23 | -| `ControllerManagerLeaderMigration` | `true` | GA | 1.24 | 1.26 | -| `CronJobControllerV2` | `false` | Alpha | 1.20 | 1.20 | -| `CronJobControllerV2` | `true` | Beta | 1.21 | 1.21 | -| `CronJobControllerV2` | `true` | GA | 1.22 | 1.23 | -| `CronJobTimeZone` | `false` | Alpha | 1.24 | 1.24 | -| `CronJobTimeZone` | `true` | Beta | 1.25 | 1.26 | -| `CronJobTimeZone` | `true` | GA | 1.27 | 1.28 | -| `CustomPodDNS` | `false` | Alpha | 1.9 | 1.9 | -| `CustomPodDNS` | `true` | Beta| 1.10 | 1.13 | -| `CustomPodDNS` | `true` | GA | 1.14 | 1.16 | -| `CustomResourceDefaulting` | `false` | Alpha| 1.15 | 1.15 | -| `CustomResourceDefaulting` | `true` | Beta | 1.16 | 1.16 | -| `CustomResourceDefaulting` | `true` | GA | 1.17 | 1.18 | -| `CustomResourcePublishOpenAPI` | `false` | Alpha| 1.14 | 1.14 | -| `CustomResourcePublishOpenAPI` | `true` | Beta| 1.15 | 1.15 | -| `CustomResourcePublishOpenAPI` | `true` | GA | 1.16 | 1.18 | -| `CustomResourceSubresources` | `false` | Alpha | 1.10 | 1.10 | -| `CustomResourceSubresources` | `true` | Beta | 1.11 | 1.15 | -| `CustomResourceSubresources` | `true` | GA | 1.16 | 1.18 | -| `CustomResourceValidation` | `false` | Alpha | 1.8 | 1.8 | -| `CustomResourceValidation` | `true` | Beta | 1.9 | 1.15 | -| `CustomResourceValidation` | `true` | GA | 1.16 | 1.18 | -| `CustomResourceWebhookConversion` | `false` | Alpha | 1.13 | 1.14 | -| `CustomResourceWebhookConversion` | `true` | Beta | 1.15 | 1.15 | -| `CustomResourceWebhookConversion` | `true` | GA | 1.16 | 1.18 | -| `DaemonSetUpdateSurge` | `false` | Alpha | 1.21 | 1.21 | -| `DaemonSetUpdateSurge` | `true` | Beta | 1.22 | 1.24 | -| `DaemonSetUpdateSurge` | `true` | GA | 1.25 | 1.28 | -| `DefaultPodTopologySpread` | `false` | Alpha | 1.19 | 1.19 | -| `DefaultPodTopologySpread` | `true` | Beta | 1.20 | 1.23 | -| `DefaultPodTopologySpread` | `true` | GA | 1.24 | 1.25 | -| `DelegateFSGroupToCSIDriver` | `false` | Alpha | 1.22 | 1.22 | -| `DelegateFSGroupToCSIDriver` | `true` | Beta | 1.23 | 1.25 | -| `DelegateFSGroupToCSIDriver` | `true` | GA | 1.26 | 1.27 | -| `DevicePlugins` | `false` | Alpha | 1.8 | 1.9 | -| `DevicePlugins` | `true` | Beta | 1.10 | 1.25 | -| `DevicePlugins` | `true` | GA | 1.26 | 1.27 | -| `DisableAcceleratorUsageMetrics` | `false` | Alpha | 1.19 | 1.19 | -| `DisableAcceleratorUsageMetrics` | `true` | Beta | 1.20 | 1.24 | -| `DisableAcceleratorUsageMetrics` | `true` | GA | 1.25 | 1.27 | -| `DownwardAPIHugePages` | `false` | Alpha | 1.20 | 1.20 | -| `DownwardAPIHugePages` | `false` | Beta | 1.21 | 1.21 | -| `DownwardAPIHugePages` | `true` | Beta | 1.22 | 1.26 | -| `DownwardAPIHugePages` | `true` | GA | 1.27 | 1.28 | -| `DryRun` | `false` | Alpha | 1.12 | 1.12 | -| `DryRun` | `true` | Beta | 1.13 | 1.18 | -| `DryRun` | `true` | GA | 1.19 | 1.27 | -| `DynamicAuditing` | `false` | Alpha | 1.13 | 1.18 | -| `DynamicAuditing` | - | Deprecated | 1.19 | 1.19 | -| `DynamicKubeletConfig` | `false` | Alpha | 1.4 | 1.10 | -| `DynamicKubeletConfig` | `true` | Beta | 1.11 | 1.21 | -| `DynamicKubeletConfig` | `false` | Deprecated | 1.22 | 1.25 | -| `DynamicProvisioningScheduling` | `false` | Alpha | 1.11 | 1.11 | -| `DynamicProvisioningScheduling` | - | Deprecated| 1.12 | - | -| `DynamicVolumeProvisioning` | `true` | Alpha | 1.3 | 1.7 | -| `DynamicVolumeProvisioning` | `true` | GA | 1.8 | 1.12 | -| `EnableAggregatedDiscoveryTimeout` | `true` | Deprecated | 1.16 | 1.17 | -| `EnableEquivalenceClassCache` | `false` | Alpha | 1.8 | 1.12 | -| `EnableEquivalenceClassCache` | - | Deprecated | 1.13 | 1.23 | -| `EndpointSlice` | `false` | Alpha | 1.16 | 1.16 | -| `EndpointSlice` | `false` | Beta | 1.17 | 1.17 | -| `EndpointSlice` | `true` | Beta | 1.18 | 1.20 | -| `EndpointSlice` | `true` | GA | 1.21 | 1.24 | -| `EndpointSliceNodeName` | `false` | Alpha | 1.20 | 1.20 | -| `EndpointSliceNodeName` | `true` | GA | 1.21 | 1.24 | -| `EndpointSliceProxying` | `false` | Alpha | 1.18 | 1.18 | -| `EndpointSliceProxying` | `true` | Beta | 1.19 | 1.21 | -| `EndpointSliceProxying` | `true` | GA | 1.22 | 1.24 | -| `EndpointSliceTerminatingCondition` | `false` | Alpha | 1.20 | 1.21 | -| `EndpointSliceTerminatingCondition` | `true` | Beta | 1.22 | 1.25 | -| `EndpointSliceTerminatingCondition` | `true` | GA | 1.26 | 1.27 | -| `EphemeralContainers` | `false` | Alpha | 1.16 | 1.22 | -| `EphemeralContainers` | `true` | Beta | 1.23 | 1.24 | -| `EphemeralContainers` | `true` | GA | 1.25 | 1.26 | -| `EvenPodsSpread` | `false` | Alpha | 1.16 | 1.17 | -| `EvenPodsSpread` | `true` | Beta | 1.18 | 1.18 | -| `EvenPodsSpread` | `true` | GA | 1.19 | 1.21 | -| `ExpandCSIVolumes` | `false` | Alpha | 1.14 | 1.15 | -| `ExpandCSIVolumes` | `true` | Beta | 1.16 | 1.23 | -| `ExpandCSIVolumes` | `true` | GA | 1.24 | 1.26 | -| `ExpandInUsePersistentVolumes` | `false` | Alpha | 1.11 | 1.14 | -| `ExpandInUsePersistentVolumes` | `true` | Beta | 1.15 | 1.23 | -| `ExpandInUsePersistentVolumes` | `true` | GA | 1.24 | 1.26 | -| `ExpandPersistentVolumes` | `false` | Alpha | 1.8 | 1.10 | -| `ExpandPersistentVolumes` | `true` | Beta | 1.11 | 1.23 | -| `ExpandPersistentVolumes` | `true` | GA | 1.24 | 1.26 | -| `ExperimentalCriticalPodAnnotation` | `false` | Alpha | 1.5 | 1.12 | -| `ExperimentalCriticalPodAnnotation` | `false` | Deprecated | 1.13 | 1.16 | -| `ExternalPolicyForExternalIP` | `true` | GA | 1.18 | 1.22 | -| `GCERegionalPersistentDisk` | `true` | Beta | 1.10 | 1.12 | -| `GCERegionalPersistentDisk` | `true` | GA | 1.13 | 1.16 | -| `GRPCContainerProbe` | `false` | Alpha | 1.23 | 1.23 | -| `GRPCContainerProbe` | `true` | Beta | 1.24 | 1.26 | -| `GRPCContainerProbe` | `true` | GA | 1.27 | 1.28 | -| `GenericEphemeralVolume` | `false` | Alpha | 1.19 | 1.20 | -| `GenericEphemeralVolume` | `true` | Beta | 1.21 | 1.22 | -| `GenericEphemeralVolume` | `true` | GA | 1.23 | 1.24 | -| `HugePageStorageMediumSize` | `false` | Alpha | 1.18 | 1.18 | -| `HugePageStorageMediumSize` | `true` | Beta | 1.19 | 1.21 | -| `HugePageStorageMediumSize` | `true` | GA | 1.22 | 1.24 | -| `HugePages` | `false` | Alpha | 1.8 | 1.9 | -| `HugePages` | `true` | Beta| 1.10 | 1.13 | -| `HugePages` | `true` | GA | 1.14 | 1.16 | -| `HyperVContainer` | `false` | Alpha | 1.10 | 1.19 | -| `HyperVContainer` | `false` | Deprecated | 1.20 | 1.20 | -| `IPv6DualStack` | `false` | Alpha | 1.15 | 1.20 | -| `IPv6DualStack` | `true` | Beta | 1.21 | 1.22 | -| `IPv6DualStack` | `true` | GA | 1.23 | 1.24 | -| `IdentifyPodOS` | `false` | Alpha | 1.23 | 1.23 | -| `IdentifyPodOS` | `true` | Beta | 1.24 | 1.24 | -| `IdentifyPodOS` | `true` | GA | 1.25 | 1.26 | -| `ImmutableEphemeralVolumes` | `false` | Alpha | 1.18 | 1.18 | -| `ImmutableEphemeralVolumes` | `true` | Beta | 1.19 | 1.20 | -| `ImmutableEphemeralVolumes` | `true` | GA | 1.21 | 1.24 | -| `IndexedJob` | `false` | Alpha | 1.21 | 1.21 | -| `IndexedJob` | `true` | Beta | 1.22 | 1.23 | -| `IndexedJob` | `true` | GA | 1.24 | 1.25 | -| `IngressClassNamespacedParams` | `false` | Alpha | 1.21 | 1.21 | -| `IngressClassNamespacedParams` | `true` | Beta | 1.22 | 1.22 | -| `IngressClassNamespacedParams` | `true` | GA | 1.23 | 1.24 | -| `Initializers` | `false` | Alpha | 1.7 | 1.13 | -| `Initializers` | - | Deprecated | 1.14 | 1.14 | -| `JobMutableNodeSchedulingDirectives` | `true` | Beta | 1.23 | 1.26 | -| `JobMutableNodeSchedulingDirectives` | `true` | GA | 1.27 | 1.28 | -| `JobTrackingWithFinalizers` | `false` | Alpha | 1.22 | 1.22 | -| `JobTrackingWithFinalizers` | `false` | Beta | 1.23 | 1.24 | -| `JobTrackingWithFinalizers` | `true` | Beta | 1.25 | 1.25 | -| `JobTrackingWithFinalizers` | `true` | GA | 1.26 | 1.28 | -| `KubeletConfigFile` | `false` | Alpha | 1.8 | 1.9 | -| `KubeletConfigFile` | - | Deprecated | 1.10 | 1.10 | -| `KubeletCredentialProviders` | `false` | Alpha | 1.20 | 1.23 | -| `KubeletCredentialProviders` | `true` | Beta | 1.24 | 1.25 | -| `KubeletCredentialProviders` | `true` | GA | 1.26 | 1.28 | -| `KubeletPluginsWatcher` | `false` | Alpha | 1.11 | 1.11 | -| `KubeletPluginsWatcher` | `true` | Beta | 1.12 | 1.12 | -| `KubeletPluginsWatcher` | `true` | GA | 1.13 | 1.16 | -| `LegacyNodeRoleBehavior` | `false` | Alpha | 1.16 | 1.18 | -| `LegacyNodeRoleBehavior` | `true` | Beta | 1.19 | 1.20 | -| `LegacyNodeRoleBehavior` | `false` | GA | 1.21 | 1.22 | -| `LegacyServiceAccountTokenNoAutoGeneration` | `true` | Beta | 1.24 | 1.25 | -| `LegacyServiceAccountTokenNoAutoGeneration` | `true` | GA | 1.26 | 1.28 | -| `LocalStorageCapacityIsolation` | `false` | Alpha | 1.7 | 1.9 | -| `LocalStorageCapacityIsolation` | `true` | Beta | 1.10 | 1.24 | -| `LocalStorageCapacityIsolation` | `true` | GA | 1.25 | 1.26 | -| `MixedProtocolLBService` | `false` | Alpha | 1.20 | 1.23 | -| `MixedProtocolLBService` | `true` | Beta | 1.24 | 1.25 | -| `MixedProtocolLBService` | `true` | GA | 1.26 | 1.27 | -| `MountContainers` | `false` | Alpha | 1.9 | 1.16 | -| `MountContainers` | `false` | Deprecated | 1.17 | 1.17 | -| `MountPropagation` | `false` | Alpha | 1.8 | 1.9 | -| `MountPropagation` | `true` | Beta | 1.10 | 1.11 | -| `MountPropagation` | `true` | GA | 1.12 | 1.14 | -| `MultiCIDRRangeAllocator` | `false` | Alpha | 1.25 | 1.28 | -| `NamespaceDefaultLabelName` | `true` | Beta | 1.21 | 1.21 | -| `NamespaceDefaultLabelName` | `true` | GA | 1.22 | 1.23 | -| `NetworkPolicyEndPort` | `false` | Alpha | 1.21 | 1.21 | -| `NetworkPolicyEndPort` | `true` | Beta | 1.22 | 1.24 | -| `NetworkPolicyEndPort` | `true` | GA | 1.25 | 1.26 | -| `NetworkPolicyStatus` | `false` | Alpha | 1.24 | 1.27 | -| `NodeDisruptionExclusion` | `false` | Alpha | 1.16 | 1.18 | -| `NodeDisruptionExclusion` | `true` | Beta | 1.19 | 1.20 | -| `NodeDisruptionExclusion` | `true` | GA | 1.21 | 1.22 | -| `NodeLease` | `false` | Alpha | 1.12 | 1.13 | -| `NodeLease` | `true` | Beta | 1.14 | 1.16 | -| `NodeLease` | `true` | GA | 1.17 | 1.23 | -| `NonPreemptingPriority` | `false` | Alpha | 1.15 | 1.18 | -| `NonPreemptingPriority` | `true` | Beta | 1.19 | 1.23 | -| `NonPreemptingPriority` | `true` | GA | 1.24 | 1.25 | -| `OpenAPIV3` | `false` | Alpha | 1.23 | 1.23 | -| `OpenAPIV3` | `true` | Beta | 1.24 | 1.26 | -| `OpenAPIV3` | `true` | GA | 1.27 | 1.28 | -| `PVCProtection` | `false` | Alpha | 1.9 | 1.9 | -| `PVCProtection` | - | Deprecated | 1.10 | 1.10 | -| `PersistentLocalVolumes` | `false` | Alpha | 1.7 | 1.9 | -| `PersistentLocalVolumes` | `true` | Beta | 1.10 | 1.13 | -| `PersistentLocalVolumes` | `true` | GA | 1.14 | 1.16 | -| `PodAffinityNamespaceSelector` | `false` | Alpha | 1.21 | 1.21 | -| `PodAffinityNamespaceSelector` | `true` | Beta | 1.22 | 1.23 | -| `PodAffinityNamespaceSelector` | `true` | GA | 1.24 | 1.25 | -| `PodDisruptionBudget` | `false` | Alpha | 1.3 | 1.4 | -| `PodDisruptionBudget` | `true` | Beta | 1.5 | 1.20 | -| `PodDisruptionBudget` | `true` | GA | 1.21 | 1.25 | -| `PodHasNetworkCondition` | `false` | Alpha | 1.25 | 1.27 | -| `PodOverhead` | `false` | Alpha | 1.16 | 1.17 | -| `PodOverhead` | `true` | Beta | 1.18 | 1.23 | -| `PodOverhead` | `true` | GA | 1.24 | 1.25 | -| `PodPriority` | `false` | Alpha | 1.8 | 1.10 | -| `PodPriority` | `true` | Beta | 1.11 | 1.13 | -| `PodPriority` | `true` | GA | 1.14 | 1.18 | -| `PodReadinessGates` | `false` | Alpha | 1.11 | 1.11 | -| `PodReadinessGates` | `true` | Beta | 1.12 | 1.13 | -| `PodReadinessGates` | `true` | GA | 1.14 | 1.16 | -| `PodSecurity` | `false` | Alpha | 1.22 | 1.22 | -| `PodSecurity` | `true` | Beta | 1.23 | 1.24 | -| `PodSecurity` | `true` | GA | 1.25 | 1.27 | -| `PodShareProcessNamespace` | `false` | Alpha | 1.10 | 1.11 | -| `PodShareProcessNamespace` | `true` | Beta | 1.12 | 1.16 | -| `PodShareProcessNamespace` | `true` | GA | 1.17 | 1.19 | -| `PreferNominatedNode` | `false` | Alpha | 1.21 | 1.21 | -| `PreferNominatedNode` | `true` | Beta | 1.22 | 1.23 | -| `PreferNominatedNode` | `true` | GA | 1.24 | 1.25 | -| `ProbeTerminationGracePeriod` | `false` | Alpha | 1.21 | 1.21 | -| `ProbeTerminationGracePeriod` | `false` | Beta | 1.22 | 1.24 | -| `ProbeTerminationGracePeriod` | `true` | Beta | 1.25 | 1.27 | -| `ProbeTerminationGracePeriod` | `true` | GA | 1.28 | 1.28 | -| `RequestManagement` | `false` | Alpha | 1.15 | 1.16 | -| `RequestManagement` | - | Deprecated | 1.17 | 1.17 | -| `ResourceLimitsPriorityFunction` | `false` | Alpha | 1.9 | 1.18 | -| `ResourceLimitsPriorityFunction` | - | Deprecated | 1.19 | 1.19 | -| `ResourceQuotaScopeSelectors` | `false` | Alpha | 1.11 | 1.11 | -| `ResourceQuotaScopeSelectors` | `true` | Beta | 1.12 | 1.16 | -| `ResourceQuotaScopeSelectors` | `true` | GA | 1.17 | 1.18 | -| `RetroactiveDefaultStorageClass` | `false` | Alpha | 1.25 | 1.25 | -| `RetroactiveDefaultStorageClass` | `true` | Beta | 1.26 | 1.27 | -| `RetroactiveDefaultStorageClass` | `true` | GA | 1.28 | 1.28 | -| `RootCAConfigMap` | `false` | Alpha | 1.13 | 1.19 | -| `RootCAConfigMap` | `true` | Beta | 1.20 | 1.20 | -| `RootCAConfigMap` | `true` | GA | 1.21 | 1.22 | -| `RotateKubeletClientCertificate` | `true` | Beta | 1.8 | 1.18 | -| `RotateKubeletClientCertificate` | `true` | GA | 1.19 | 1.21 | -| `RunAsGroup` | `true` | Beta | 1.14 | 1.20 | -| `RunAsGroup` | `true` | GA | 1.21 | 1.22 | -| `RuntimeClass` | `false` | Alpha | 1.12 | 1.13 | -| `RuntimeClass` | `true` | Beta | 1.14 | 1.19 | -| `RuntimeClass` | `true` | GA | 1.20 | 1.24 | -| `SCTPSupport` | `false` | Alpha | 1.12 | 1.18 | -| `SCTPSupport` | `true` | Beta | 1.19 | 1.19 | -| `SCTPSupport` | `true` | GA | 1.20 | 1.22 | -| `ScheduleDaemonSetPods` | `false` | Alpha | 1.11 | 1.11 | -| `ScheduleDaemonSetPods` | `true` | Beta | 1.12 | 1.16 | -| `ScheduleDaemonSetPods` | `true` | GA | 1.17 | 1.18 | -| `SeccompDefault` | `false` | Alpha | 1.22 | 1.24 | -| `SeccompDefault` | `true` | Beta | 1.25 | 1.26 | -| `SeccompDefault` | `true` | GA | 1.27 | 1.28 | -| `SelectorIndex` | `false` | Alpha | 1.18 | 1.18 | -| `SelectorIndex` | `true` | Beta | 1.19 | 1.19 | -| `SelectorIndex` | `true` | GA | 1.20 | 1.25 | -| `ServiceAccountIssuerDiscovery` | `false` | Alpha | 1.18 | 1.19 | -| `ServiceAccountIssuerDiscovery` | `true` | Beta | 1.20 | 1.20 | -| `ServiceAccountIssuerDiscovery` | `true` | GA | 1.21 | 1.23 | -| `ServiceAppProtocol` | `false` | Alpha | 1.18 | 1.18 | -| `ServiceAppProtocol` | `true` | Beta | 1.19 | 1.19 | -| `ServiceAppProtocol` | `true` | GA | 1.20 | 1.22 | -| `ServiceIPStaticSubrange` | `false` | Alpha | 1.24 | 1.24 | -| `ServiceIPStaticSubrange` | `true` | Beta | 1.25 | 1.25 | -| `ServiceIPStaticSubrange` | `true` | GA | 1.26 | 1.27 | -| `ServiceInternalTrafficPolicy` | `false` | Alpha | 1.21 | 1.21 | -| `ServiceInternalTrafficPolicy` | `true` | Beta | 1.22 | 1.25 | -| `ServiceInternalTrafficPolicy` | `true` | GA | 1.26 | 1.27 | -| `ServiceLBNodePortControl` | `false` | Alpha | 1.20 | 1.21 | -| `ServiceLBNodePortControl` | `true` | Beta | 1.22 | 1.23 | -| `ServiceLBNodePortControl` | `true` | GA | 1.24 | 1.25 | -| `ServiceLoadBalancerClass` | `false` | Alpha | 1.21 | 1.21 | -| `ServiceLoadBalancerClass` | `true` | Beta | 1.22 | 1.23 | -| `ServiceLoadBalancerClass` | `true` | GA | 1.24 | 1.25 | -| `ServiceLoadBalancerFinalizer` | `false` | Alpha | 1.15 | 1.15 | -| `ServiceLoadBalancerFinalizer` | `true` | Beta | 1.16 | 1.16 | -| `ServiceLoadBalancerFinalizer` | `true` | GA | 1.17 | 1.20 | -| `ServiceNodeExclusion` | `false` | Alpha | 1.8 | 1.18 | -| `ServiceNodeExclusion` | `true` | Beta | 1.19 | 1.20 | -| `ServiceNodeExclusion` | `true` | GA | 1.21 | 1.22 | -| `ServiceTopology` | `false` | Alpha | 1.17 | 1.19 | -| `ServiceTopology` | `false` | Deprecated | 1.20 | 1.22 | -| `SetHostnameAsFQDN` | `false` | Alpha | 1.19 | 1.19 | -| `SetHostnameAsFQDN` | `true` | Beta | 1.20 | 1.21 | -| `SetHostnameAsFQDN` | `true` | GA | 1.22 | 1.24 | -| `StartupProbe` | `false` | Alpha | 1.16 | 1.17 | -| `StartupProbe` | `true` | Beta | 1.18 | 1.19 | -| `StartupProbe` | `true` | GA | 1.20 | 1.23 | -| `StatefulSetMinReadySeconds` | `false` | Alpha | 1.22 | 1.22 | -| `StatefulSetMinReadySeconds` | `true` | Beta | 1.23 | 1.24 | -| `StatefulSetMinReadySeconds` | `true` | GA | 1.25 | 1.26 | -| `StorageObjectInUseProtection` | `true` | Beta | 1.10 | 1.10 | -| `StorageObjectInUseProtection` | `true` | GA | 1.11 | 1.24 | -| `StreamingProxyRedirects` | `false` | Beta | 1.5 | 1.5 | -| `StreamingProxyRedirects` | `true` | Beta | 1.6 | 1.17 | -| `StreamingProxyRedirects` | `true` | Deprecated | 1.18 | 1.21 | -| `StreamingProxyRedirects` | `false` | Deprecated | 1.22 | 1.24 | -| `SupportIPVSProxyMode` | `false` | Alpha | 1.8 | 1.8 | -| `SupportIPVSProxyMode` | `false` | Beta | 1.9 | 1.9 | -| `SupportIPVSProxyMode` | `true` | Beta | 1.10 | 1.10 | -| `SupportIPVSProxyMode` | `true` | GA | 1.11 | 1.20 | -| `SupportNodePidsLimit` | `false` | Alpha | 1.14 | 1.14 | -| `SupportNodePidsLimit` | `true` | Beta | 1.15 | 1.19 | -| `SupportNodePidsLimit` | `true` | GA | 1.20 | 1.23 | -| `SupportPodPidsLimit` | `false` | Alpha | 1.10 | 1.13 | -| `SupportPodPidsLimit` | `true` | Beta | 1.14 | 1.19 | -| `SupportPodPidsLimit` | `true` | GA | 1.20 | 1.23 | -| `SuspendJob` | `false` | Alpha | 1.21 | 1.21 | -| `SuspendJob` | `true` | Beta | 1.22 | 1.23 | -| `SuspendJob` | `true` | GA | 1.24 | 1.25 | -| `Sysctls` | `true` | Beta | 1.11 | 1.20 | -| `Sysctls` | `true` | GA | 1.21 | 1.22 | -| `TTLAfterFinished` | `false` | Alpha | 1.12 | 1.20 | -| `TTLAfterFinished` | `true` | Beta | 1.21 | 1.22 | -| `TTLAfterFinished` | `true` | GA | 1.23 | 1.24 | -| `TaintBasedEvictions` | `false` | Alpha | 1.6 | 1.12 | -| `TaintBasedEvictions` | `true` | Beta | 1.13 | 1.17 | -| `TaintBasedEvictions` | `true` | GA | 1.18 | 1.20 | -| `TaintNodesByCondition` | `false` | Alpha | 1.8 | 1.11 | -| `TaintNodesByCondition` | `true` | Beta | 1.12 | 1.16 | -| `TaintNodesByCondition` | `true` | GA | 1.17 | 1.18 | -| `TokenRequest` | `false` | Alpha | 1.10 | 1.11 | -| `TokenRequest` | `true` | Beta | 1.12 | 1.19 | -| `TokenRequest` | `true` | GA | 1.20 | 1.21 | -| `TokenRequestProjection` | `false` | Alpha | 1.11 | 1.11 | -| `TokenRequestProjection` | `true` | Beta | 1.12 | 1.19 | -| `TokenRequestProjection` | `true` | GA | 1.20 | 1.21 | -| `TopologyManager` | `false` | Alpha | 1.16 | 1.17 | -| `TopologyManager` | `true` | Beta | 1.18 | 1.26 | -| `TopologyManager` | `true` | GA | 1.27 | 1.28 | -| `UserNamespacesStatelessPodsSupport` | `false` | Alpha | 1.25 | 1.27 | -| `ValidateProxyRedirects` | `false` | Alpha | 1.12 | 1.13 | -| `ValidateProxyRedirects` | `true` | Beta | 1.14 | 1.21 | -| `ValidateProxyRedirects` | `true` | Deprecated | 1.22 | 1.24 | -| `VolumePVCDataSource` | `false` | Alpha | 1.15 | 1.15 | -| `VolumePVCDataSource` | `true` | Beta | 1.16 | 1.17 | -| `VolumePVCDataSource` | `true` | GA | 1.18 | 1.21 | -| `VolumeScheduling` | `false` | Alpha | 1.9 | 1.9 | -| `VolumeScheduling` | `true` | Beta | 1.10 | 1.12 | -| `VolumeScheduling` | `true` | GA | 1.13 | 1.16 | -| `VolumeSnapshotDataSource` | `false` | Alpha | 1.12 | 1.16 | -| `VolumeSnapshotDataSource` | `true` | Beta | 1.17 | 1.19 | -| `VolumeSnapshotDataSource` | `true` | GA | 1.20 | 1.22 | -| `VolumeSubpath` | `true` | GA | 1.10 | 1.24 | -| `VolumeSubpathEnvExpansion` | `false` | Alpha | 1.14 | 1.14 | -| `VolumeSubpathEnvExpansion` | `true` | Beta | 1.15 | 1.16 | -| `VolumeSubpathEnvExpansion` | `true` | GA | 1.17 | 1.24 | -| `WarningHeaders` | `true` | Beta | 1.19 | 1.21 | -| `WarningHeaders` | `true` | GA | 1.22 | 1.24 | -| `WindowsEndpointSliceProxying` | `false` | Alpha | 1.19 | 1.20 | -| `WindowsEndpointSliceProxying` | `true` | Beta | 1.21 | 1.21 | -| `WindowsEndpointSliceProxying` | `true` | GA | 1.22| 1.24 | -| `WindowsGMSA` | `false` | Alpha | 1.14 | 1.15 | -| `WindowsGMSA` | `true` | Beta | 1.16 | 1.17 | -| `WindowsGMSA` | `true` | GA | 1.18 | 1.20 | -| `WindowsHostProcessContainers` | `false` | Alpha | 1.22 | 1.22 | -| `WindowsHostProcessContainers` | `true` | Beta | 1.23 | 1.25 | -| `WindowsHostProcessContainers` | `true` | GA | 1.26 | 1.27 | -| `WindowsRunAsUserName` | `false` | Alpha | 1.16 | 1.16 | -| `WindowsRunAsUserName` | `true` | Beta | 1.17 | 1.17 | -| `WindowsRunAsUserName` | `true` | GA | 1.18 | 1.20 | -{{< /table >}} + +{{< feature-gate-table show-removed="true" caption="Feature Gates Removed" sortable="true" >}} ## Descriptions for removed feature gates diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md index dcd2772b099b0..a745776b2da08 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md @@ -50,291 +50,15 @@ For a reference to old feature gates that are removed, please refer to [feature gates removed](/docs/reference/command-line-tools-reference/feature-gates-removed/). {{< /note >}} + ### Feature gates for Alpha or Beta features -{{< table caption="Feature gates for features in Alpha or Beta states" sortable="true" >}} - -| Feature | Default | Stage | Since | Until | -|---------|---------|-------|-------|-------| -| `APIResponseCompression` | `false` | Alpha | 1.7 | 1.15 | -| `APIResponseCompression` | `true` | Beta | 1.16 | | -| `APIServerIdentity` | `false` | Alpha | 1.20 | 1.25 | -| `APIServerIdentity` | `true` | Beta | 1.26 | | -| `APIServerTracing` | `false` | Alpha | 1.22 | 1.26 | -| `APIServerTracing` | `true` | Beta | 1.27 | | -| `AdmissionWebhookMatchConditions` | `false` | Alpha | 1.27 | 1.27 | -| `AdmissionWebhookMatchConditions` | `true` | Beta | 1.28 | | -| `AggregatedDiscoveryEndpoint` | `false` | Alpha | 1.26 | 1.26 | -| `AggregatedDiscoveryEndpoint` | `true` | Beta | 1.27 | | -| `AnyVolumeDataSource` | `false` | Alpha | 1.18 | 1.23 | -| `AnyVolumeDataSource` | `true` | Beta | 1.24 | | -| `AppArmor` | `true` | Beta | 1.4 | | -| `CPUManagerPolicyAlphaOptions` | `false` | Alpha | 1.23 | | -| `CPUManagerPolicyBetaOptions` | `true` | Beta | 1.23 | | -| `CPUManagerPolicyOptions` | `false` | Alpha | 1.22 | 1.22 | -| `CPUManagerPolicyOptions` | `true` | Beta | 1.23 | | -| `CRDValidationRatcheting` | `false` | Alpha | 1.28 | | -| `CSIMigrationPortworx` | `false` | Alpha | 1.23 | 1.24 | -| `CSIMigrationPortworx` | `false` | Beta | 1.25 | | -| `CSIVolumeHealth` | `false` | Alpha | 1.21 | | -| `CloudControllerManagerWebhook` | `false` | Alpha | 1.27 | | -| `CloudDualStackNodeIPs` | `false` | Alpha | 1.27 | 1.28 | -| `CloudDualStackNodeIPs` | `true` | Beta | 1.29 | | -| `ClusterTrustBundle` | false | Alpha | 1.27 | | -| `ClusterTrustBundleProjection` | `false` | Alpha | 1.29 | | -| `ComponentSLIs` | `false` | Alpha | 1.26 | 1.26 | -| `ComponentSLIs` | `true` | Beta | 1.27 | | -| `ConsistentListFromCache` | `false` | Alpha | 1.28 | | -| `ContainerCheckpoint` | `false` | Alpha | 1.25 | | -| `ContextualLogging` | `false` | Alpha | 1.24 | | -| `CronJobsScheduledAnnotation` | `true` | Beta | 1.28 | | -| `CrossNamespaceVolumeDataSource` | `false` | Alpha| 1.26 | | -| `CustomCPUCFSQuotaPeriod` | `false` | Alpha | 1.12 | | -| `DevicePluginCDIDevices` | `false` | Alpha | 1.28 | 1.28 | -| `DevicePluginCDIDevices` | `true` | Beta | 1.29 | | -| `DisableCloudProviders` | `false` | Alpha | 1.22 | 1.28 | -| `DisableCloudProviders` | `true` | Beta | 1.29 | | -| `DisableKubeletCloudCredentialProviders` | `false` | Alpha | 1.23 | 1.28 | -| `DisableKubeletCloudCredentialProviders` | `true` | Beta | 1.29 | | -| `DisableNodeKubeProxyVersion` | `false` | Alpha | 1.29 | | -| `DynamicResourceAllocation` | `false` | Alpha | 1.26 | | -| `ElasticIndexedJob` | `true` | Beta | 1.27 | | -| `EventedPLEG` | `false` | Alpha | 1.26 | 1.26 | -| `EventedPLEG` | `false` | Beta | 1.27 | | -| `GracefulNodeShutdown` | `false` | Alpha | 1.20 | 1.20 | -| `GracefulNodeShutdown` | `true` | Beta | 1.21 | | -| `GracefulNodeShutdownBasedOnPodPriority` | `false` | Alpha | 1.23 | 1.23 | -| `GracefulNodeShutdownBasedOnPodPriority` | `true` | Beta | 1.24 | | -| `HPAContainerMetrics` | `false` | Alpha | 1.20 | 1.26 | -| `HPAContainerMetrics` | `true` | Beta | 1.27 | | -| `HPAScaleToZero` | `false` | Alpha | 1.16 | | -| `HonorPVReclaimPolicy` | `false` | Alpha | 1.23 | | -| `ImageMaximumGCAge` | `false` | Alpha | 1.29 | | -| `InPlacePodVerticalScaling` | `false` | Alpha | 1.27 | | -| `InTreePluginAWSUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginAzureDiskUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginAzureFileUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginGCEUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginOpenStackUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginPortworxUnregister` | `false` | Alpha | 1.23 | | -| `InTreePluginvSphereUnregister` | `false` | Alpha | 1.21 | | -| `JobBackoffLimitPerIndex` | `false` | Alpha | 1.28 | 1.28 | -| `JobBackoffLimitPerIndex` | `true` | Beta | 1.29 | | -| `JobPodFailurePolicy` | `false` | Alpha | 1.25 | 1.25 | -| `JobPodFailurePolicy` | `true` | Beta | 1.26 | | -| `JobPodReplacementPolicy` | `false` | Alpha | 1.28 | 1.28 | -| `JobPodReplacementPolicy` | `true` | Beta | 1.29 | | -| `KubeProxyDrainingTerminatingNodes` | `false` | Alpha | 1.28 | | -| `KubeletCgroupDriverFromCRI` | `false` | Alpha | 1.28 | | -| `KubeletInUserNamespace` | `false` | Alpha | 1.22 | | -| `KubeletPodResourcesDynamicResources` | `false` | Alpha | 1.27 | | -| `KubeletPodResourcesGet` | `false` | Alpha | 1.27 | | -| `KubeletSeparateDiskGC` | `false` | Alpha | 1.29 | | -| `KubeletTracing` | `false` | Alpha | 1.25 | 1.26 | -| `KubeletTracing` | `true` | Beta | 1.27 | | -| `LegacyServiceAccountTokenCleanUp` | `false` | Alpha | 1.28 | 1.28 | -| `LegacyServiceAccountTokenCleanUp` | `true` | Beta | 1.29 | | -| `LoadBalancerIPMode` | `false` | Alpha | 1.29 | | -| `LocalStorageCapacityIsolationFSQuotaMonitoring` | `false` | Alpha | 1.15 | - | -| `LogarithmicScaleDown` | `false` | Alpha | 1.21 | 1.21 | -| `LogarithmicScaleDown` | `true` | Beta | 1.22 | | -| `LoggingAlphaOptions` | `false` | Alpha | 1.24 | - | -| `LoggingBetaOptions` | `true` | Beta | 1.24 | - | -| `MatchLabelKeysInPodAffinity` | `false` | Alpha | 1.29 | - | -| `MatchLabelKeysInPodTopologySpread` | `false` | Alpha | 1.25 | 1.26 | -| `MatchLabelKeysInPodTopologySpread` | `true` | Beta | 1.27 | - | -| `MaxUnavailableStatefulSet` | `false` | Alpha | 1.24 | | -| `MemoryManager` | `false` | Alpha | 1.21 | 1.21 | -| `MemoryManager` | `true` | Beta | 1.22 | | -| `MemoryQoS` | `false` | Alpha | 1.22 | | -| `MinDomainsInPodTopologySpread` | `false` | Alpha | 1.24 | 1.24 | -| `MinDomainsInPodTopologySpread` | `false` | Beta | 1.25 | 1.26 | -| `MinDomainsInPodTopologySpread` | `true` | Beta | 1.27 | | -| `MultiCIDRServiceAllocator` | `false` | Alpha | 1.27 | | -| `NFTablesProxyMode` | `false` | Alpha | 1.29 | | -| `NewVolumeManagerReconstruction` | `false` | Beta | 1.27 | 1.27 | -| `NewVolumeManagerReconstruction` | `true` | Beta | 1.28 | | -| `NodeInclusionPolicyInPodTopologySpread` | `false` | Alpha | 1.25 | 1.25 | -| `NodeInclusionPolicyInPodTopologySpread` | `true` | Beta | 1.26 | | -| `NodeLogQuery` | `false` | Alpha | 1.27 | | -| `NodeSwap` | `false` | Alpha | 1.22 | 1.27 | -| `NodeSwap` | `false` | Beta | 1.28 | | -| `OpenAPIEnums` | `false` | Alpha | 1.23 | 1.23 | -| `OpenAPIEnums` | `true` | Beta | 1.24 | | -| `PDBUnhealthyPodEvictionPolicy` | `false` | Alpha | 1.26 | 1.26 | -| `PDBUnhealthyPodEvictionPolicy` | `true` | Beta | 1.27 | | -| `PersistentVolumeLastPhaseTransitionTime` | `false` | Alpha | 1.28 | 1.28 | -| `PersistentVolumeLastPhaseTransitionTime` | `true` | Beta | 1.29 | | -| `PodAndContainerStatsFromCRI` | `false` | Alpha | 1.23 | | -| `PodDeletionCost` | `false` | Alpha | 1.21 | 1.21 | -| `PodDeletionCost` | `true` | Beta | 1.22 | | -| `PodDisruptionConditions` | `false` | Alpha | 1.25 | 1.25 | -| `PodDisruptionConditions` | `true` | Beta | 1.26 | | -| `PodHostIPs` | `false` | Alpha | 1.28 | 1.28 | -| `PodHostIPs` | `true` | Beta | 1.29 | | -| `PodIndexLabel` | `true` | Beta | 1.28 | | -| `PodLifecycleSleepAction` | `false` | Alpha | 1.29 | | -| `PodReadyToStartContainersCondition` | `false` | Alpha | 1.28 | 1.28 | -| `PodReadyToStartContainersCondition` | `true` | Beta | 1.29 | | -| `PodSchedulingReadiness` | `false` | Alpha | 1.26 | 1.26 | -| `PodSchedulingReadiness` | `true` | Beta | 1.27 | | -| `ProcMountType` | `false` | Alpha | 1.12 | | -| `QOSReserved` | `false` | Alpha | 1.11 | | -| `RecoverVolumeExpansionFailure` | `false` | Alpha | 1.23 | | -| `RotateKubeletServerCertificate` | `false` | Alpha | 1.7 | 1.11 | -| `RotateKubeletServerCertificate` | `true` | Beta | 1.12 | | -| `RuntimeClassInImageCriApi` | `false` | Alpha | 1.29 | | -| `SELinuxMountReadWriteOncePod` | `false` | Alpha | 1.25 | 1.26 | -| `SELinuxMountReadWriteOncePod` | `false` | Beta | 1.27 | 1.27 | -| `SELinuxMountReadWriteOncePod` | `true` | Beta | 1.28 | | -| `SchedulerQueueingHints` | `true` | Beta | 1.28 | 1.28 | -| `SchedulerQueueingHints` | `false` | Beta | 1.29 | | -| `SecurityContextDeny` | `false` | Alpha | 1.27 | | -| `SeparateTaintEvictionController` | `true` | Beta | 1.29 | | -| `ServiceAccountTokenJTI` | `false` | Alpha | 1.29 | | -| `ServiceAccountTokenNodeBinding` | `false` | Alpha | 1.29 | | -| `ServiceAccountTokenNodeBindingValidation` | `false` | Alpha | 1.29 | | -| `ServiceAccountTokenPodNodeInfo` | `false` | Alpha | 1.29 | | -| `SidecarContainers` | `false` | Alpha | 1.28 | 1.28 | -| `SidecarContainers` | `true` | Beta | 1.29 | | -| `SizeMemoryBackedVolumes` | `false` | Alpha | 1.20 | 1.21 | -| `SizeMemoryBackedVolumes` | `true` | Beta | 1.22 | | -| `StableLoadBalancerNodeSet` | `true` | Beta | 1.27 | | -| `StatefulSetAutoDeletePVC` | `false` | Alpha | 1.23 | 1.26 | -| `StatefulSetAutoDeletePVC` | `false` | Beta | 1.27 | | -| `StatefulSetStartOrdinal` | `false` | Alpha | 1.26 | 1.26 | -| `StatefulSetStartOrdinal` | `true` | Beta | 1.27 | | -| `StorageVersionAPI` | `false` | Alpha | 1.20 | | -| `StorageVersionHash` | `false` | Alpha | 1.14 | 1.14 | -| `StorageVersionHash` | `true` | Beta | 1.15 | | -| `StructuredAuthenticationConfiguration` | `false` | Alpha | 1.29 | | -| `StructuredAuthorizationConfiguration` | `false` | Alpha | 1.29 | | -| `TopologyAwareHints` | `false` | Alpha | 1.21 | 1.22 | -| `TopologyAwareHints` | `false` | Beta | 1.23 | 1.23 | -| `TopologyAwareHints` | `true` | Beta | 1.24 | | -| `TopologyManagerPolicyAlphaOptions` | `false` | Alpha | 1.26 | | -| `TopologyManagerPolicyBetaOptions` | `false` | Beta | 1.26 | 1.27 | -| `TopologyManagerPolicyBetaOptions` | `true` | Beta | 1.28 | | -| `TopologyManagerPolicyOptions` | `false` | Alpha | 1.26 | 1.27 | -| `TopologyManagerPolicyOptions` | `true` | Beta | 1.28 | | -| `TranslateStreamCloseWebsocketRequests` | `false` | Alpha | 1.29 | | -| `UnauthenticatedHTTP2DOSMitigation` | `false` | Beta | 1.28 | 1.28 | -| `UnauthenticatedHTTP2DOSMitigation` | `true` | Beta | 1.29 | | -| `UnknownVersionInteroperabilityProxy` | `false` | Alpha | 1.28 | | -| `UserNamespacesPodSecurityStandards` | `false` | Alpha | 1.29 | | -| `UserNamespacesSupport` | `false` | Alpha | 1.28 | | -| `ValidatingAdmissionPolicy` | `false` | Alpha | 1.26 | 1.27 | -| `ValidatingAdmissionPolicy` | `false` | Beta | 1.28 | | -| `VolumeAttributesClass` | `false` | Alpha | 1.29 | | -| `VolumeCapacityPriority` | `false` | Alpha | 1.21 | | -| `WatchList` | `false` | Alpha | 1.27 | | -| `WinDSR` | `false` | Alpha | 1.14 | | -| `WinOverlay` | `false` | Alpha | 1.14 | 1.19 | -| `WinOverlay` | `true` | Beta | 1.20 | | -| `WindowsHostNetwork` | `true` | Alpha | 1.26 | | -| `ZeroLimitedNominalConcurrencyShares` | `false` | Beta | 1.29 | | - -{{< /table >}} +{{< feature-gate-table include="alpha,beta" caption="Feature gates for features in Alpha or Beta states" >}} + ### Feature gates for graduated or deprecated features -{{< table caption="Feature Gates for Graduated or Deprecated Features" sortable="true">}} - -| Feature | Default | Stage | Since | Until | -|---------|---------|-------|-------|-------| -| `APIListChunking` | `false` | Alpha | 1.8 | 1.8 | -| `APIListChunking` | `true` | Beta | 1.9 | 1.28 | -| `APIListChunking` | `true` | GA | 1.29 | - | -| `APIPriorityAndFairness` | `false` | Alpha | 1.18 | 1.19 | -| `APIPriorityAndFairness` | `true` | Beta | 1.20 | 1.28 | -| `APIPriorityAndFairness` | `true` | GA | 1.29 | - | -| `APISelfSubjectReview` | `false` | Alpha | 1.26 | 1.26 | -| `APISelfSubjectReview` | `true` | Beta | 1.27 | 1.27 | -| `APISelfSubjectReview` | `true` | GA | 1.28 | - | -| `AllowServiceLBStatusOnNonLB` | `false` | Deprecated | 1.29 | | -| `CPUManager` | `false` | Alpha | 1.8 | 1.9 | -| `CPUManager` | `true` | Beta | 1.10 | 1.25 | -| `CPUManager` | `true` | GA | 1.26 | - | -| `CSIMigrationAzureFile` | `false` | Alpha | 1.15 | 1.20 | -| `CSIMigrationAzureFile` | `false` | Beta | 1.21 | 1.23 | -| `CSIMigrationAzureFile` | `true` | Beta | 1.24 | 1.25 | -| `CSIMigrationAzureFile` | `true` | GA | 1.26 | | -| `CSIMigrationRBD` | `false` | Alpha | 1.23 | 1.27 | -| `CSIMigrationRBD` | `false` | Deprecated | 1.28 | | -| `CSINodeExpandSecret` | `false` | Alpha | 1.25 | 1.26 | -| `CSINodeExpandSecret` | `true` | Beta | 1.27 | 1.28 | -| `CSINodeExpandSecret` | `true` | GA | 1.29 | | -| `ConsistentHTTPGetHandlers` | `true` | GA | 1.25 | - | -| `CustomResourceValidationExpressions` | `false` | Alpha | 1.23 | 1.24 | -| `CustomResourceValidationExpressions` | `true` | Beta | 1.25 | 1.28 | -| `CustomResourceValidationExpressions` | `true` | GA | 1.29 | - | -| `DefaultHostNetworkHostPortsInPodTemplates` | `false` | Deprecated | 1.28 | | -| `EfficientWatchResumption` | `false` | Alpha | 1.20 | 1.20 | -| `EfficientWatchResumption` | `true` | Beta | 1.21 | 1.23 | -| `EfficientWatchResumption` | `true` | GA | 1.24 | | -| `ExecProbeTimeout` | `true` | GA | 1.20 | | -| `ExpandedDNSConfig` | `false` | Alpha | 1.22 | 1.25 | -| `ExpandedDNSConfig` | `true` | Beta | 1.26 | 1.27 | -| `ExpandedDNSConfig` | `true` | GA | 1.28 | | -| `ExperimentalHostUserNamespaceDefaulting` | `false` | Beta | 1.5 | 1.27 | -| `ExperimentalHostUserNamespaceDefaulting` | `false` | Deprecated | 1.28 | | -| `IPTablesOwnershipCleanup` | `false` | Alpha | 1.25 | 1.26 | -| `IPTablesOwnershipCleanup` | `true` | Beta | 1.27 | 1.27 | -| `IPTablesOwnershipCleanup` | `true` | GA | 1.28 | | -| `InTreePluginRBDUnregister` | `false` | Alpha | 1.23 | 1.27 | -| `InTreePluginRBDUnregister` | `false` | Deprecated | 1.28 | | -| `JobReadyPods` | `false` | Alpha | 1.23 | 1.23 | -| `JobReadyPods` | `true` | Beta | 1.24 | 1.28 | -| `JobReadyPods` | `true` | GA | 1.29 | | -| `KMSv1` | `true` | Deprecated | 1.28 | 1.28 | -| `KMSv1` | `false` | Deprecated | 1.29 | | -| `KMSv2` | `false` | Alpha | 1.25 | 1.26 | -| `KMSv2` | `true` | Beta | 1.27 | 1.28 | -| `KMSv2` | `true` | GA | 1.29 | | -| `KMSv2KDF` | `false` | Beta | 1.28 | 1.28 | -| `KMSv2KDF` | `true` | GA | 1.29 | | -| `KubeletPodResources` | `false` | Alpha | 1.13 | 1.14 | -| `KubeletPodResources` | `true` | Beta | 1.15 | 1.27 | -| `KubeletPodResources` | `true` | GA | 1.28 | | -| `KubeletPodResourcesGetAllocatable` | `false` | Alpha | 1.21 | 1.22 | -| `KubeletPodResourcesGetAllocatable` | `true` | Beta | 1.23 | 1.27 | -| `KubeletPodResourcesGetAllocatable` | `true` | GA | 1.28 | | -| `LegacyServiceAccountTokenTracking` | `false` | Alpha | 1.26 | 1.26 | -| `LegacyServiceAccountTokenTracking` | `true` | Beta | 1.27 | 1.27 | -| `LegacyServiceAccountTokenTracking` | `true` | GA | 1.28 | | -| `MinimizeIPTablesRestore` | `false` | Alpha | 1.26 | 1.26 | -| `MinimizeIPTablesRestore` | `true` | Beta | 1.27 | 1.27 | -| `MinimizeIPTablesRestore` | `true` | GA | 1.28 | | -| `NodeOutOfServiceVolumeDetach` | `false` | Alpha | 1.24 | 1.25 | -| `NodeOutOfServiceVolumeDetach` | `true` | Beta | 1.26 | 1.27 | -| `NodeOutOfServiceVolumeDetach` | `true` | GA | 1.28 | | -| `ProxyTerminatingEndpoints` | `false` | Alpha | 1.22 | 1.25 | -| `ProxyTerminatingEndpoints` | `true` | Beta | 1.26 | 1.27 | -| `ProxyTerminatingEndpoints` | `true` | GA | 1.28 | | -| `ReadWriteOncePod` | `false` | Alpha | 1.22 | 1.26 | -| `ReadWriteOncePod` | `true` | Beta | 1.27 | 1.28 | -| `ReadWriteOncePod` | `true` | GA | 1.29 | | -| `RemainingItemCount` | `false` | Alpha | 1.15 | 1.15 | -| `RemainingItemCount` | `true` | Beta | 1.16 | 1.28 | -| `RemainingItemCount` | `true` | GA | 1.29 | | -| `RemoveSelfLink` | `false` | Alpha | 1.16 | 1.19 | -| `RemoveSelfLink` | `true` | Beta | 1.20 | 1.23 | -| `RemoveSelfLink` | `true` | GA | 1.24 | | -| `ServerSideApply` | `false` | Alpha | 1.14 | 1.15 | -| `ServerSideApply` | `true` | Beta | 1.16 | 1.21 | -| `ServerSideApply` | `true` | GA | 1.22 | - | -| `ServerSideFieldValidation` | `false` | Alpha | 1.23 | 1.24 | -| `ServerSideFieldValidation` | `true` | Beta | 1.25 | 1.26 | -| `ServerSideFieldValidation` | `true` | GA | 1.27 | - | -| `ServiceNodePortStaticSubrange` | `false` | Alpha | 1.27 | 1.27 | -| `ServiceNodePortStaticSubrange` | `true` | Beta | 1.28 | 1.28 | -| `ServiceNodePortStaticSubrange` | `true` | GA | 1.29 | - | -| `SkipReadOnlyValidationGCE` | `false` | Alpha | 1.28 | 1.28 | -| `SkipReadOnlyValidationGCE` | `true` | Deprecated | 1.29 | | -| `WatchBookmark` | `false` | Alpha | 1.15 | 1.15 | -| `WatchBookmark` | `true` | Beta | 1.16 | 1.16 | -| `WatchBookmark` | `true` | GA | 1.17 | - | -{{< /table >}} +{{< feature-gate-table include="ga,deprecated" caption="Feature Gates for Graduated or Deprecated Features" >}} ## Using a feature diff --git a/layouts/partials/head.html b/layouts/partials/head.html index b859238768c68..addf0a098fe06 100644 --- a/layouts/partials/head.html +++ b/layouts/partials/head.html @@ -83,7 +83,7 @@ -{{- if .HasShortcode "table" -}} +{{- if or (.HasShortcode "table") (.HasShortcode "feature-gate-table") -}} {{- end -}} From 86c6b62c136088779377cf1c6a9e9a5f21040dc3 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Sat, 23 Dec 2023 19:13:08 +0000 Subject: [PATCH 050/279] Document how to use new metadata in feature gate description file --- .../contribute/new-content/new-features.md | 59 ++++++++++++++++--- 1 file changed, 50 insertions(+), 9 deletions(-) diff --git a/content/en/docs/contribute/new-content/new-features.md b/content/en/docs/contribute/new-content/new-features.md index 2d670a3c56dbc..dc7fe07ada974 100644 --- a/content/en/docs/contribute/new-content/new-features.md +++ b/content/en/docs/contribute/new-content/new-features.md @@ -129,8 +129,28 @@ content is not received, the feature may be removed from the milestone. #### Feature gates {#ready-for-review-feature-gates} If your feature is an Alpha or Beta feature and is behind a feature gate, -make sure you add it to [Alpha/Beta Feature gates](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features) -table as part of your pull request. With net new feature gates, a separate +you need a feature gate file for it inside +`content/en/docs/reference/command-line-tools-reference/feature-gates/`. +The name of the file should be the feature gate, converted from `UpperCamelCase` +to `kebab-case`, with `.md` as the suffix. +You can look at other files already in the same directory for a hint about what yours +should look like. Usually a single paragraph is enough; for longer explanations, +add documentation elsewhere and link to that. + +Also, +to ensure your feature gate appears in the [Alpha/Beta Feature gates](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features) table, include the following details +in the [front matter](https://gohugo.io/content-management/front-matter/) of your Markdown +description file: + +```yaml +stages: + - stage: # Specify the development stage of the feature gate + defaultValue: # Set to true if enabled by default, false otherwise + fromVersion: # Version from which the feature gate is available + toVersion: # (Optional) The version until which the feature gate is available +``` + +With net new feature gates, a separate description of the feature gate is also required; create a new Markdown file inside `content/en/docs/reference/command-line-tools-reference/feature-gates/` (use other files as a template). @@ -147,14 +167,35 @@ feature gates). Watch out for language such as ”The `exampleSetting` field is a beta field and disabled by default. You can enable it by enabling the `ProcessExampleThings` feature gate.” -If your feature is GA'ed or deprecated, make sure to move it from the +If your feature is GA'ed or deprecated, +include an additional `stage` entry within the `stages` block in the description file. +Ensure that the Alpha and Beta stages remain intact. +This step transitions the feature gate from the [Feature gates for Alpha/Feature](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features) table -to [Feature gates for graduated or deprecated features](/docs/reference/command-line-tools-reference/feature-gates-removed/#feature-gates-that-are-removed) -table with Alpha and Beta history intact. - -Eventually, Kubernetes will stop including the feature gate at all. -In that case, you move it from [Feature gates for graduated or deprecated features](/docs/reference/command-line-tools-reference/feature-gates-removed/#feature-gates-that-are-removed) -and into a separate page, [Feature Gates (removed)](/docs/reference/command-line-tools-reference/feature-gates-removed/). +to [Feature gates for graduated or deprecated features](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-graduated-or-deprecated-features) table. For example: + +{{< highlight yaml "linenos=false,hl_lines=10-15" >}} +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.12" + - stage: beta + defaultValue: true + fromVersion: "1.13" + toVersion: "1.18" + # Added 'stable' stage block to existing stages. + - stage: stable + defaultValue: true + fromVersion: "1.19" + toVersion: "1.27" +{{< / highlight >}} + +Eventually, Kubernetes will stop including the feature gate at all. To signify the removal of a feature gate, +include `removed: true` in the front matter of the respective description file. +This action triggers the transition of the feature gate +from [Feature gates for graduated or deprecated features](/docs/reference/command-line-tools-reference/feature-gates-removed/#feature-gates-that-are-removed) section to a dedicated page titled +[Feature Gates (removed)](/docs/reference/command-line-tools-reference/feature-gates-removed/). Also make sure to move the relevant list entry and [`feature-gate-description` shortcode](/docs/contribute/style/hugo-shortcodes/#feature-gate-description) into the From 1693f148c9d99c63673f00b4b36d7bd0b14e6df6 Mon Sep 17 00:00:00 2001 From: Arhell Date: Sun, 24 Dec 2023 00:39:55 +0200 Subject: [PATCH 051/279] [en] Update go lang link kubelet-config.v1beta1.md --- .../en/docs/reference/config-api/kubelet-config.v1beta1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md index 5751831a8393a..2975657ccfd19 100644 --- a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md +++ b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md @@ -449,7 +449,7 @@ Default: ""

      tlsCipherSuites is the list of allowed cipher suites for the server. Note that TLS 1.3 ciphersuites are not configurable. -Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). +Values are from tls package constants (https://pkg.go.dev/crypto/tls#pkg-constants). Default: nil

      tlsMinVersion is the minimum TLS version supported. -Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). +Values are from tls package constants (https://pkg.go.dev/crypto/tls#pkg-constants). Default: ""
      --kube-reserved strings     Default: <None>
      A set of <resource name>=<resource quantity> (e.g. "cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'&auot;) pairs that describe resources reserved for kubernetes system components. Currently cpu, memory and local ephemeral-storage for root file system are supported. See here for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config flag. See kubelet-config-file for more information.)A set of <resource name>=<resource quantity> (e.g. "cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'") pairs that describe resources reserved for kubernetes system components. Currently cpu, memory and local ephemeral-storage for root file system are supported. See here for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config flag. See kubelet-config-file for more information.)
      Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes. To disable volume calculations, set to a negative number. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config flag. See kubelet-config-file for more information.)
      - + \ No newline at end of file diff --git a/content/en/docs/reference/config-api/apiserver-audit.v1.md b/content/en/docs/reference/config-api/apiserver-audit.v1.md index 7f9314292b94d..f2d38f1a675a5 100644 --- a/content/en/docs/reference/config-api/apiserver-audit.v1.md +++ b/content/en/docs/reference/config-api/apiserver-audit.v1.md @@ -253,7 +253,7 @@ be specified per rule in which case the union of both are omitted.

      OmitManagedFields indicates whether to omit the managed fields of the request and response bodies from being written to the API audit log. -This is used as a global default - a value of 'true' will omit the managed fileds, +This is used as a global default - a value of 'true' will omit the managed fields, otherwise the managed fields will be included in the API audit log. Note that this can also be specified per rule in which case the value specified in a rule will override the global default.

      @@ -527,7 +527,7 @@ An empty list means no restrictions will apply.

      and response bodies from being written to the API audit log.

      • a value of 'true' will drop the managed fields from the API audit log
        • -
      • a value of 'false' indicates that the managed fileds should be included +
      • a value of 'false' indicates that the managed fields should be included in the API audit log Note that the value, if specified, in this rule will override the global default If a value is not specified then the global default specified in diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md index c194ccacd1280..d92bcf2234113 100644 --- a/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md +++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md @@ -16,7 +16,7 @@ Use APIServer.ExtraEnvs, ControllerManager.ExtraEnvs, Etcd.Local.ExtraEnvs.
      • The ResetConfiguration API type is now supported in v1beta4. Users are able to reset a node by passing a --config file to kubeadm reset.
        • -
      • dry-run mode is now configureable in InitConfiguration and JoinConfiguration config files.
        • +
      • dry-run mode is now configurable in InitConfiguration and JoinConfiguration config files.
      • Replace the existing string/string extra argument maps with structured extra arguments that support duplicates. The change applies to ClusterConfiguration - APIServer.ExtraArgs, ControllerManager.ExtraArgs, Scheduler.ExtraArgs. Also to NodeRegistrationOptions.KubeletExtraArgs.
        • diff --git a/content/en/docs/reference/config-api/kubeconfig.v1.md b/content/en/docs/reference/config-api/kubeconfig.v1.md index 72a5c63358ce8..6ec5b00ae437e 100644 --- a/content/en/docs/reference/config-api/kubeconfig.v1.md +++ b/content/en/docs/reference/config-api/kubeconfig.v1.md @@ -55,21 +55,21 @@ TODO(jlowdermilk): remove this after eliminating downstream dependencies.

        []NamedCluster -

        Clusters is a map of referencable names to cluster configs

        +

        Clusters is a map of referenceable names to cluster configs

        users [Required]
        []NamedAuthInfo -

        AuthInfos is a map of referencable names to user configs

        +

        AuthInfos is a map of referenceable names to user configs

        contexts [Required]
        []NamedContext -

        Contexts is a map of referencable names to context configs

        +

        Contexts is a map of referenceable names to context configs

        current-context [Required]
        diff --git a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md index 5751831a8393a..d872f892039da 100644 --- a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md +++ b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md @@ -545,7 +545,7 @@ Default: 50

        eventBurst is the maximum size of a burst of event creations, temporarily allows event creations to burst to this number, while still not exceeding -eventRecordQPS. This field canot be a negative number and it is only used +eventRecordQPS. This field cannot be a negative number and it is only used when eventRecordQPS > 0. Default: 100

        diff --git a/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md b/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md index 8575b92303461..9ad1c310cd9cc 100644 --- a/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md +++ b/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md @@ -63,7 +63,7 @@ This response should be set to the same apiVersion as CredentialProviderRequest. PluginCacheKeyType -

        cacheKeyType indiciates the type of caching key to use based on the image provided +

        cacheKeyType indicates the type of caching key to use based on the image provided in the request. There are three valid values for the cache key type: Image, Registry, and Global. If an invalid value is specified, the response will NOT be used by the kubelet.

        diff --git a/content/en/docs/reference/instrumentation/metrics.md b/content/en/docs/reference/instrumentation/metrics.md index 0bc4338b60431..f90ebc22dd042 100644 --- a/content/en/docs/reference/instrumentation/metrics.md +++ b/content/en/docs/reference/instrumentation/metrics.md @@ -1482,14 +1482,14 @@ Alpha metrics do not have any API guarantees. These metrics must be used at your
ephemeral_volume_controller_create_failures_total
-
Number of PersistenVolumeClaims creation requests
+
Number of PersistentVolumeClaims creation requests
  • ALPHA
  • Counter
ephemeral_volume_controller_create_total
-
Number of PersistenVolumeClaims creation requests
+
Number of PersistentVolumeClaims creation requests
  • ALPHA
  • Counter
    • diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md index 59df5a5e0e670..e2a395017efce 100644 --- a/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md +++ b/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md @@ -62,7 +62,7 @@ APIServiceSpec contains information for locating and communicating with a server - **groupPriorityMinimum** (int32), required - GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s + GroupPriorityMinimum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMinimum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s - **versionPriority** (int32), required diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md index 8f331c62bd097..2749f96647616 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md @@ -15,7 +15,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -59,60 +59,60 @@ CSIDriverSpec is the specification of a CSIDriver. - **attachRequired** (boolean) attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called. - + This field is immutable. - **fsGroupPolicy** (string) fsGroupPolicy defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. - + This field is immutable. - + Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce. - **podInfoOnMount** (boolean) podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations, if set to true. If set to false, pod information will not be passed on mount. Default is false. - + The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. - - The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume + + The following VolumeContext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume defined by a CSIVolumeSource, otherwise "false" - + "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver. - + This field is immutable. - **requiresRepublish** (boolean) requiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false. - + Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container. - **seLinuxMount** (boolean) seLinuxMount specifies if the CSI driver supports "-o context" mount option. - + When "true", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context. - + When "false", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem. - + Default is "false". - **storageCapacity** (boolean) storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information, if set to true. - + The check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object. - + Alternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published. - + This field was immutable in Kubernetes \<= 1.22 and now is mutable. - **tokenRequests** ([]TokenRequest) *Atomic: will be replaced during a merge* - + tokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": { "\": { "token": \, @@ -120,7 +120,7 @@ CSIDriverSpec is the specification of a CSIDriver. }, ... } - + Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically. @@ -137,13 +137,13 @@ CSIDriverSpec is the specification of a CSIDriver. - **volumeLifecycleModes** ([]string) *Set: unique values will be kept during a merge* - + volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. - + The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. - + For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future. - + This field is beta. This field is immutable. @@ -297,7 +297,7 @@ POST /apis/storage.k8s.io/v1/csidrivers - **body**: }}">CSIDriver, required - + - **dryRun** (*in query*): string @@ -349,7 +349,7 @@ PUT /apis/storage.k8s.io/v1/csidrivers/{name} - **body**: }}">CSIDriver, required - + - **dryRun** (*in query*): string @@ -399,7 +399,7 @@ PATCH /apis/storage.k8s.io/v1/csidrivers/{name} - **body**: }}">Patch, required - + - **dryRun** (*in query*): string @@ -454,7 +454,7 @@ DELETE /apis/storage.k8s.io/v1/csidrivers/{name} - **body**: }}">DeleteOptions - + - **dryRun** (*in query*): string @@ -499,7 +499,7 @@ DELETE /apis/storage.k8s.io/v1/csidrivers - **body**: }}">DeleteOptions - + - **continue** (*in query*): string @@ -568,5 +568,4 @@ DELETE /apis/storage.k8s.io/v1/csidrivers 200 (}}">Status): OK -401: Unauthorized - +401: Unauthorized \ No newline at end of file diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md index bc8d3629dcbd9..df462802f4709 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md @@ -75,7 +75,7 @@ VolumeAttachmentSpec is the specification of a VolumeAttachment request. source represents the volume that should be attached. - *VolumeAttachmentSource represents a volume that should be attached. Right now only PersistenVolumes can be attached via external attacher, in future we may allow also inline volumes in pods. Exactly one member can be set.* + *VolumeAttachmentSource represents a volume that should be attached. Right now only PersistentVolumes can be attached via external attacher, in future we may allow also inline volumes in pods. Exactly one member can be set.* - **source.inlineVolumeSpec** (}}">PersistentVolumeSpec) diff --git a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md index 92a773bcec541..cb16ea14a1026 100644 --- a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md +++ b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md @@ -139,7 +139,7 @@ EndpointSlice represents a subset of the endpoints that implement a service. For - **ports.name** (string) - name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string. + name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is derived from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string. - **ports.appProtocol** (string) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index 04cb002f47bfa..7c12db03205aa 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -898,7 +898,7 @@ This is achieved via _SelectorSpreadPriority_. _SelectorSpreadPriority_ is a best effort placement. If the zones in your cluster are heterogeneous (for example: different numbers of nodes, different types of nodes, or different pod resource requirements), this placement might prevent equal spreading of your Pods across zones. -If desired, you can use homogenous zones (same number and types of nodes) to reduce the probability +If desired, you can use homogeneous zones (same number and types of nodes) to reduce the probability of unequal spreading. The scheduler (through the _VolumeZonePredicate_ predicate) also will ensure that Pods, @@ -1375,7 +1375,7 @@ Example: `batch.kubernetes.io/controller-uid: "$UID"` Used on: Jobs and Pods controlled by Jobs This label is used as a programmatic way to get all Pods corresponding to a Job. -The `controller-uid` is a unique identifer that gets set in the `selector` field so the Job +The `controller-uid` is a unique identifier that gets set in the `selector` field so the Job controller can get all the corresponding Pods. ### scheduler.alpha.kubernetes.io/defaultTolerations {#scheduleralphakubernetesio-defaulttolerations} @@ -1948,7 +1948,7 @@ Example: `service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-53fa Used on: Service -The AWS load balancer controller uses this annotation to specify a comma seperated list +The AWS load balancer controller uses this annotation to specify a comma separated list of security groups you want to attach to an AWS load balancer. Both name and ID of security are supported where name matches a `Name` tag, not the `groupName` attribute. diff --git a/content/en/docs/reference/labels-annotations-taints/audit-annotations.md b/content/en/docs/reference/labels-annotations-taints/audit-annotations.md index 7c076132058fb..94a099cd927ba 100644 --- a/content/en/docs/reference/labels-annotations-taints/audit-annotations.md +++ b/content/en/docs/reference/labels-annotations-taints/audit-annotations.md @@ -115,7 +115,7 @@ Example: `validation.policy.admission.k8s.io/validation_failure: '[{"message": " Used by Kubernetes version v1.27 and later. -This annotation indicates that a admission policy validation evaluted to false +This annotation indicates that a admission policy validation evaluated to false for an API request, or that the validation resulted in an error while the policy was configured with `failurePolicy: Fail`. diff --git a/content/en/docs/reference/node/kubelet-checkpoint-api.md b/content/en/docs/reference/node/kubelet-checkpoint-api.md index e93464141c652..97effdff29693 100644 --- a/content/en/docs/reference/node/kubelet-checkpoint-api.md +++ b/content/en/docs/reference/node/kubelet-checkpoint-api.md @@ -68,7 +68,7 @@ POST /checkpoint/{namespace}/{pod}/{container} - **timeout** (*in query*): integer Timeout in seconds to wait until the checkpoint creation is finished. - If zero or no timeout is specfied the default {{}} timeout value will be used. Checkpoint creation time depends directly on the used memory of the container. The more memory a container uses the more time is required to create diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md index 9a65b7e6930da..69a92868c27de 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md @@ -18,7 +18,7 @@ Read a file containing the kubeadm configuration API and report any validation p This command lets you validate a kubeadm configuration API file and report any warnings and errors. If there are no errors the exit status will be zero, otherwise it will be non-zero. -Any unmarshaling problems such as unknown API fields will trigger errors. Unknown API versions and +Any unmarshalling problems such as unknown API fields will trigger errors. Unknown API versions and fields with invalid values will also trigger errors. Any other errors or warnings may be reported depending on contents of the input file. diff --git a/content/en/docs/reference/tools/map-crictl-dockercli.md b/content/en/docs/reference/tools/map-crictl-dockercli.md index c95836f2f6d36..5b35988a45331 100644 --- a/content/en/docs/reference/tools/map-crictl-dockercli.md +++ b/content/en/docs/reference/tools/map-crictl-dockercli.md @@ -70,4 +70,4 @@ crictl | Description `runp` | Run a new pod `rmp` | Remove one or more pods `stopp` | Stop one or more running pods -{{< /table >}} +{{< /table >}} \ No newline at end of file diff --git a/content/en/docs/reference/using-api/cel.md b/content/en/docs/reference/using-api/cel.md index 06b1c793826b0..694bce6b33e9c 100644 --- a/content/en/docs/reference/using-api/cel.md +++ b/content/en/docs/reference/using-api/cel.md @@ -192,7 +192,7 @@ Rules](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition are fully type checked. Some Kubernetes API fields contain partially type checked CEL expressions. A -partially type checked expression is an experessions where some of the variables +partially type checked expression is an expressions where some of the variables are statically typed but others are dynamically typed. For example, in the CEL expressions of [ValidatingAdmissionPolicies](/docs/reference/access-authn-authz/validating-admission-policy/) diff --git a/content/en/docs/reference/using-api/server-side-apply.md b/content/en/docs/reference/using-api/server-side-apply.md index 830a09133466f..7db7120b7be79 100644 --- a/content/en/docs/reference/using-api/server-side-apply.md +++ b/content/en/docs/reference/using-api/server-side-apply.md @@ -135,7 +135,7 @@ request fails. It is however possible to change `.metadata.managedFields` through an **update**, or through a **patch** operation that does not use Server-Side Apply. Doing so is highly discouraged, but might be a reasonable option to try if, -for example, the `.metatadata.managedFields` get into an inconsistent state +for example, the `.metadata.managedFields` get into an inconsistent state (which should not happen in normal operations). The format of `managedFields` is [described](/docs/reference/kubernetes-api/common-definitions/object-meta/#System) diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md index b745a22792c75..b9978eb380309 100644 --- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md +++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md @@ -445,7 +445,7 @@ a new `kubelet.conf.csr`, sign the certificate, embed it in `kubelet.conf` and restart the kubelet. If this does not apply to your setup, you can skip processing the `kubelet.conf.csr` -on secondary control plane and on workers nodes (all nodes tha call `kubeadm join ...`). +on secondary control plane and on workers nodes (all nodes that call `kubeadm join ...`). That is because the active kube-controller-manager will be responsible for signing new kubelet client certificates. @@ -598,4 +598,4 @@ Once CSR files have been signed and required certificates are in place on the ho you want to use as nodes, you can use the commands `kubeadm init` and `kubeadm join` to create a Kubernetes cluster from these nodes. During `init` and `join`, kubeadm uses existing certificates, encryption keys and kubeconfig files that it finds in the -`/etc/kubernetes` tree on the host's local filesystem. +`/etc/kubernetes` tree on the host's local filesystem. \ No newline at end of file diff --git a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md index 5dd0453648d7e..3a8534889fb1a 100644 --- a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md +++ b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md @@ -42,7 +42,7 @@ If the version of the plugin is missing in the CNI plugin config, the pod may run. However, stopping the pod generates an error similar to: ``` -ERRO[2022-04-26T00:43:24.518165483Z] StopPodSandbox for "b" failed +ERROR[2022-04-26T00:43:24.518165483Z] StopPodSandbox for "b" failed error="failed to destroy network for sandbox \"bbc85f891eaf060c5a879e27bba9b6b06450210161dfdecfbb2732959fb6500a\": invalid version \"\": the version is empty" ``` diff --git a/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md b/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md index f1f8a232a1b17..e2815b3b65dd4 100644 --- a/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md +++ b/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md @@ -55,7 +55,7 @@ To learn more about keyless signing, please refer to [Keyless Signatures](https: Previous versions of Cosign required that you set `COSIGN_EXPERIMENTAL=1`. -For additional information, plase refer to the [sigstore Blog](https://blog.sigstore.dev/cosign-2-0-released/) +For additional information, please refer to the [sigstore Blog](https://blog.sigstore.dev/cosign-2-0-released/) {{< /note >}} ## Verifying image signatures @@ -144,4 +144,4 @@ cosign verify-blob \ --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com \ --certificate-oidc-issuer https://accounts.google.com \ "$VERSION.spdx" -``` +``` \ No newline at end of file diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index 002fc3708e965..fe3b6f5abb015 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -185,14 +185,14 @@ command line argument to `kubectl create token` (the actual duration of the issu token might be shorter, or could even be longer). When the `ServiceAccountTokenNodeBinding` and `ServiceAccountTokenNodeBindingValidation` -features are enabled and the `KUBECTL_NODE_BOUND_TOKENS` enviroment variable is set to `true`, +features are enabled and the `KUBECTL_NODE_BOUND_TOKENS` environment variable is set to `true`, it is possible to create a service account token that is directly bound to a `Node`: ```shell KUBECTL_NODE_BOUND_TOKENS=true kubectl create token build-robot --bound-object-kind Node --bound-object-name node-001 --bound-object-uid 123...456 ``` -The token will be valid until it expires or either the assocaited `Node` or service account are deleted. +The token will be valid until it expires or either the associated `Node` or service account are deleted. {{< note >}} Versions of Kubernetes before v1.22 automatically created long term credentials for diff --git a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md index fe973d912f67c..235bf1187d484 100644 --- a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md +++ b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md @@ -6,8 +6,8 @@ weight: 130 This page shows how to create a Pod that uses a -{{< glossary_tooltip text="Secret" term_id="secret" >}} to pull an image -from a private container image registry or repository. There are many private +{{< glossary_tooltip text="Secret" term_id="secret" >}} to pull an image +from a private container image registry or repository. There are many private registries in use. This task uses [Docker Hub](https://www.docker.com/products/docker-hub) as an example registry. @@ -19,8 +19,8 @@ as an example registry. * To do this exercise, you need the `docker` command line tool, and a [Docker ID](https://docs.docker.com/docker-id/) for which you know the password. -* If you are using a different private container registry, you need the command - line tool for that registry and any login information for the registry. +* If you are using a different private container registry, you need the command + line tool for that registry and any login information for the registry. @@ -39,7 +39,7 @@ When prompted, enter your Docker ID, and then the credential you want to use (ac or the password for your Docker ID). The login process creates or updates a `config.json` file that holds an authorization token. -Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json). +Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json). View the `config.json` file: @@ -245,4 +245,4 @@ Events: * Learn more about [using a private registry](/docs/concepts/containers/images/#using-a-private-registry). * Learn more about [adding image pull secrets to a service account](/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account). * See [kubectl create secret docker-registry](/docs/reference/generated/kubectl/kubectl-commands/#-em-secret-docker-registry-em-). -* See the `imagePullSecrets` field within the [container definitions](/docs/reference/kubernetes-api/workload-resources/pod-v1/#containers) of a Pod +* See the `imagePullSecrets` field within the [container definitions](/docs/reference/kubernetes-api/workload-resources/pod-v1/#containers) of a Pod \ No newline at end of file diff --git a/content/en/docs/tasks/debug/debug-application/debug-pods.md b/content/en/docs/tasks/debug/debug-application/debug-pods.md index 7723a5c79097f..3f42ddae84508 100644 --- a/content/en/docs/tasks/debug/debug-application/debug-pods.md +++ b/content/en/docs/tasks/debug/debug-application/debug-pods.md @@ -109,15 +109,15 @@ If your pod is not behaving as you expected, it may be that there was an error i pod description (e.g. `mypod.yaml` file on your local machine), and that the error was silently ignored when you created the pod. Often a section of the pod description is nested incorrectly, or a key name is typed incorrectly, and so the key is ignored. -For example, if you misspelled `command` as `commnd` then the pod will be created but +For example, if you misspelled `command` as `command` then the pod will be created but will not use the command line you intended it to use. The first thing to do is to delete your pod and try creating it again with the `--validate` option. For example, run `kubectl apply --validate -f mypod.yaml`. -If you misspelled `command` as `commnd` then will give an error like this: +If you misspelled `command` as `command` then will give an error like this: ```shell -I0805 10:43:25.129850 46757 schema.go:126] unknown field: commnd +I0805 10:43:25.129850 46757 schema.go:126] unknown field: command I0805 10:43:25.129973 46757 schema.go:129] this may be a false alarm, see https://github.com/kubernetes/kubernetes/issues/6842 pods/mypod ``` diff --git a/content/en/docs/tasks/debug/debug-cluster/windows.md b/content/en/docs/tasks/debug/debug-cluster/windows.md index a7315e4f03cfc..d47fb31b7b4d3 100644 --- a/content/en/docs/tasks/debug/debug-cluster/windows.md +++ b/content/en/docs/tasks/debug/debug-cluster/windows.md @@ -22,7 +22,7 @@ content_type: concept {{< note >}} If using containerd as your container runtime the pause image is specified in the - `plugins.plugins.cri.sandbox_image` field of the of config.toml configration file. + `plugins.plugins.cri.sandbox_image` field of the of config.toml configuration file. {{< /note >}} 1. My pods show status as `ErrImgPull` or `ImagePullBackOff` diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md index 6e665427cb1bb..f2e3e5d1e0ae2 100644 --- a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md +++ b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md @@ -394,7 +394,7 @@ would be sent to the API server. #### Controlling pruning By default, all unspecified fields for a custom resource, across all versions, are pruned. It is possible though to -opt-out of that for specifc sub-trees of fields by adding `x-kubernetes-preserve-unknown-fields: true` in the +opt-out of that for specific sub-trees of fields by adding `x-kubernetes-preserve-unknown-fields: true` in the [structural OpenAPI v3 validation schema](#specifying-a-structural-schema). For example: diff --git a/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md b/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md index 2de5a39c522af..3e607a9cbaa38 100644 --- a/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md +++ b/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md @@ -91,7 +91,7 @@ apiVersion: v1 clusters: - cluster: certificate-authority-data: LRMEMMW2 # shortened for readability - server: https://:6443 # the "Kubernetes API" server, in other words the IP address of kubernetes-remote-server.example + server: https://:6443 # the "Kubernetes API" server, in other words the IP address of kubernetes-remote-server.example proxy-url: socks5://localhost:1080 # the "SSH SOCKS5 proxy" in the diagram above name: default contexts: From fc8e79b96c04580fd11a6e10983885673fbcd179 Mon Sep 17 00:00:00 2001 From: hunshcn Date: Mon, 25 Dec 2023 10:47:54 +0800 Subject: [PATCH 055/279] update safe sysctl Signed-off-by: hunshcn --- .../concepts/security/pod-security-standards.md | 4 ++++ .../tasks/administer-cluster/sysctl-cluster.md | 16 ++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/content/en/docs/concepts/security/pod-security-standards.md b/content/en/docs/concepts/security/pod-security-standards.md index 15b64e001a0fb..886137f0f75d9 100644 --- a/content/en/docs/concepts/security/pod-security-standards.md +++ b/content/en/docs/concepts/security/pod-security-standards.md @@ -272,6 +272,10 @@ fail validation.
  • net.ipv4.tcp_syncookies
  • net.ipv4.ping_group_range
  • net.ipv4.ip_local_reserved_ports (since Kubernetes 1.27)
    • +
  • net.ipv4.tcp_keepalive_time (since Kubernetes 1.29)
    • +
  • net.ipv4.tcp_fin_timeout (since Kubernetes 1.29)
    • +
  • net.ipv4.tcp_keepalive_intvl (since Kubernetes 1.29)
    • +
  • net.ipv4.tcp_keepalive_probes (since Kubernetes 1.29)
diff --git a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md index cccf4b8350a41..a235280dcf0ae 100644 --- a/content/en/docs/tasks/administer-cluster/sysctl-cluster.md +++ b/content/en/docs/tasks/administer-cluster/sysctl-cluster.md @@ -71,12 +71,16 @@ same node. This means that setting a _safe_ sysctl for one pod By far, most of the _namespaced_ sysctls are not necessarily considered _safe_. The following sysctls are supported in the _safe_ set: -- `kernel.shm_rmid_forced`, -- `net.ipv4.ip_local_port_range`, -- `net.ipv4.tcp_syncookies`, -- `net.ipv4.ping_group_range` (since Kubernetes 1.18), -- `net.ipv4.ip_unprivileged_port_start` (since Kubernetes 1.22). -- `net.ipv4.ip_local_reserved_ports` (since Kubernetes 1.27). +- `kernel.shm_rmid_forced`; +- `net.ipv4.ip_local_port_range`; +- `net.ipv4.tcp_syncookies`; +- `net.ipv4.ping_group_range` (since Kubernetes 1.18); +- `net.ipv4.ip_unprivileged_port_start` (since Kubernetes 1.22); +- `net.ipv4.ip_local_reserved_ports` (since Kubernetes 1.27, needs kernel 3.16+); +- `net.ipv4.tcp_keepalive_time` (since Kubernetes 1.29, needs kernel 4.5+); +- `net.ipv4.tcp_fin_timeout` (since Kubernetes 1.29, needs kernel 4.6+); +- `net.ipv4.tcp_keepalive_intvl` (since Kubernetes 1.29, needs kernel 4.5+); +- `net.ipv4.tcp_keepalive_probes` (since Kubernetes 1.29, needs kernel 4.5+). {{< note >}} There are some exceptions to the set of safe sysctls: From 101135ed3da96d3ad9d312d84d4ebb695c931084 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 25 Dec 2023 15:30:06 +0800 Subject: [PATCH 056/279] Update go mod for examples test (1.29) --- go.mod | 148 +++++++------- go.sum | 623 +++++++++++++-------------------------------------------- 2 files changed, 215 insertions(+), 556 deletions(-) diff --git a/go.mod b/go.mod index d923ea394f315..a08b347a76f3c 100644 --- a/go.mod +++ b/go.mod @@ -1,9 +1,9 @@ module k8s.io/website -go 1.20 +go 1.21 require ( - k8s.io/apimachinery v0.28.0 + k8s.io/apimachinery v0.29.0 k8s.io/kubernetes v0.0.0 ) @@ -18,12 +18,12 @@ require ( github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/distribution/reference v0.5.0 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -31,13 +31,13 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/cel-go v0.16.0 // indirect + github.com/google/cel-go v0.17.7 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.5.9 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/imdario/mergo v0.3.6 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -57,87 +57,85 @@ require ( github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stoewer/go-strcase v1.2.0 // indirect - go.etcd.io/etcd/api/v3 v3.5.9 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.9 // indirect - go.etcd.io/etcd/client/v3 v3.5.9 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 // indirect - go.opentelemetry.io/otel v1.10.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 // indirect - go.opentelemetry.io/otel/metric v0.31.0 // indirect - go.opentelemetry.io/otel/sdk v1.10.0 // indirect - go.opentelemetry.io/otel/trace v1.10.0 // indirect - go.opentelemetry.io/proto/otlp v0.19.0 // indirect - go.uber.org/atomic v1.10.0 // indirect + go.etcd.io/etcd/api/v3 v3.5.10 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect + go.etcd.io/etcd/client/v3 v3.5.10 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // indirect + go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.19.0 // indirect + go.opentelemetry.io/otel/sdk v1.19.0 // indirect + go.opentelemetry.io/otel/trace v1.19.0 // indirect + go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.19.0 // indirect - golang.org/x/crypto v0.11.0 // indirect + go.uber.org/zap v1.26.0 // indirect + golang.org/x/crypto v0.16.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect - golang.org/x/net v0.13.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect - golang.org/x/sync v0.2.0 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/term v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/oauth2 v0.10.0 // indirect + golang.org/x/sync v0.5.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect - google.golang.org/grpc v1.54.0 // indirect - google.golang.org/protobuf v1.30.0 // indirect + google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/grpc v1.58.3 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.28.0 // indirect + k8s.io/api v0.29.0 // indirect k8s.io/apiextensions-apiserver v0.0.0 // indirect - k8s.io/apiserver v0.28.0 // indirect - k8s.io/client-go v0.28.0 // indirect + k8s.io/apiserver v0.29.0 // indirect + k8s.io/client-go v0.29.0 // indirect k8s.io/cloud-provider v0.0.0 // indirect - k8s.io/component-base v0.28.0 // indirect - k8s.io/component-helpers v0.28.0 // indirect - k8s.io/controller-manager v0.28.0 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kms v0.28.0 // indirect - k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/component-base v0.29.0 // indirect + k8s.io/component-helpers v0.29.0 // indirect + k8s.io/controller-manager v0.29.0 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kms v0.29.0 // indirect + k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e // indirect k8s.io/kubelet v0.0.0 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) replace ( - k8s.io/api => k8s.io/api v0.28.0 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.0 - k8s.io/apimachinery => k8s.io/apimachinery v0.28.0 - k8s.io/apiserver => k8s.io/apiserver v0.28.0 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.28.0 - k8s.io/client-go => k8s.io/client-go v0.28.0 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.28.0 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.28.0 - k8s.io/code-generator => k8s.io/code-generator v0.28.0 - k8s.io/component-base => k8s.io/component-base v0.28.0 - k8s.io/component-helpers => k8s.io/component-helpers v0.28.0 - k8s.io/controller-manager => k8s.io/controller-manager v0.28.0 - k8s.io/cri-api => k8s.io/cri-api v0.28.0 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.28.0 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.28.0 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.28.0 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.28.0 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.28.0 - k8s.io/kubectl => k8s.io/kubectl v0.28.0 - k8s.io/kubelet => k8s.io/kubelet v0.28.0 + k8s.io/api => k8s.io/api v0.29.0 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.29.0 + k8s.io/apimachinery => k8s.io/apimachinery v0.29.0 + k8s.io/apiserver => k8s.io/apiserver v0.29.0 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.29.0 + k8s.io/client-go => k8s.io/client-go v0.29.0 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.29.0 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.29.0 + k8s.io/code-generator => k8s.io/code-generator v0.29.0 + k8s.io/component-base => k8s.io/component-base v0.29.0 + k8s.io/component-helpers => k8s.io/component-helpers v0.29.0 + k8s.io/controller-manager => k8s.io/controller-manager v0.29.0 + k8s.io/cri-api => k8s.io/cri-api v0.29.0 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.29.0 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.29.0 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.29.0 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.29.0 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.29.0 + k8s.io/kubectl => k8s.io/kubectl v0.29.0 + k8s.io/kubelet => k8s.io/kubelet v0.29.0 k8s.io/kubernetes => ../kubernetes - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.28.0 - k8s.io/metrics => k8s.io/metrics v0.28.0 - k8s.io/mount-utils => k8s.io/mount-utils v0.28.0 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.28.0 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.28.0 - k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.28.0 - k8s.io/sample-controller => k8s.io/sample-controller v0.28.0 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.29.0 + k8s.io/metrics => k8s.io/metrics v0.29.0 + k8s.io/mount-utils => k8s.io/mount-utils v0.29.0 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.29.0 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.29.0 + k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.29.0 + k8s.io/sample-controller => k8s.io/sample-controller v0.29.0 ) diff --git a/go.sum b/go.sum index f1956f41ff6ce..e147e0cd35f6e 100644 --- a/go.sum +++ b/go.sum @@ -1,73 +1,24 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ= +cloud.google.com/go v0.110.6 h1:8uYAkj3YHTP/1iwReuHPxLSbdcyc+dSBbzFMrVwDR6Q= +cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= +cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -77,35 +28,27 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= +github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= -github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= -github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= +github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= @@ -113,107 +56,63 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/cel-go v0.16.0 h1:DG9YQ8nFCFXAs/FDDwBxmL1tpKNrdlGUM9U3537bX/Y= -github.com/google/cel-go v0.16.0/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ= +github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= +github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= +github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -229,18 +128,18 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= +github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs= +github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= @@ -249,13 +148,13 @@ github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+Pymzi github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -266,405 +165,167 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= +github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= -go.etcd.io/etcd/api/v3 v3.5.9 h1:4wSsluwyTbGGmyjJktOf3wFQoTBIURXHnq9n/G/JQHs= -go.etcd.io/etcd/api/v3 v3.5.9/go.mod h1:uyAal843mC8uUVSLWz6eHa/d971iDGnCRpmKd2Z+X8k= -go.etcd.io/etcd/client/pkg/v3 v3.5.9 h1:oidDC4+YEuSIQbsR94rY9gur91UPL6DnxDCIYd2IGsE= -go.etcd.io/etcd/client/pkg/v3 v3.5.9/go.mod h1:y+CzeSmkMpWN2Jyu1npecjB9BBnABxGM4pN8cGuJeL4= -go.etcd.io/etcd/client/v2 v2.305.9 h1:YZ2OLi0OvR0H75AcgSUajjd5uqKDKocQUqROTG11jIo= -go.etcd.io/etcd/client/v3 v3.5.9 h1:r5xghnU7CwbUxD/fbUtRyJGaYNfDun8sp/gTr1hew6E= -go.etcd.io/etcd/client/v3 v3.5.9/go.mod h1:i/Eo5LrZ5IKqpbtpPDuaUnDOUv471oDg8cjQaUr2MbA= -go.etcd.io/etcd/pkg/v3 v3.5.9 h1:6R2jg/aWd/zB9+9JxmijDKStGJAPFsX3e6BeJkMi6eQ= -go.etcd.io/etcd/raft/v3 v3.5.9 h1:ZZ1GIHoUlHsn0QVqiRysAm3/81Xx7+i2d7nSdWxlOiI= -go.etcd.io/etcd/server/v3 v3.5.9 h1:vomEmmxeztLtS5OEH7d0hBAg4cjVIu9wXuNzUZx2ZA0= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 h1:xFSRQBbXF6VvYRf2lqMJXxoB72XI1K/azav8TekHHSw= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 h1:sxoY9kG1s1WpSYNyzm24rlwH4lnRYFXUVVBmKMBfRgw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= -go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4= -go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 h1:TaB+1rQhddO1sF71MpZOZAuSPW1klK2M8XxfrBMfK7Y= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 h1:pDDYmo0QadUPal5fwXoY1pmMpFcdyhXOmL5drCrI3vU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 h1:KtiUEhQmj/Pa874bVYKGNVdq8NPKiacPbaRRtgXi+t4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h1:OfUCyyIiDvNXHWpcWgbF+MWvqPZiNa3YDEnivcnYsV0= -go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs= -go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= -go.opentelemetry.io/otel/sdk v1.10.0 h1:jZ6K7sVn04kk/3DNUdJ4mqRlGDiXAVuIG+MMENpTNdY= -go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE= -go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E= -go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= -go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= -go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= +go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= +go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/etcd/api/v3 v3.5.10 h1:szRajuUUbLyppkhs9K6BRtjY37l66XQQmw7oZRANE4k= +go.etcd.io/etcd/api/v3 v3.5.10/go.mod h1:TidfmT4Uycad3NM/o25fG3J07odo4GBB9hoxaodFCtI= +go.etcd.io/etcd/client/pkg/v3 v3.5.10 h1:kfYIdQftBnbAq8pUWFXfpuuxFSKzlmM5cSn76JByiT0= +go.etcd.io/etcd/client/pkg/v3 v3.5.10/go.mod h1:DYivfIviIuQ8+/lCq4vcxuseg2P2XbHygkKwFo9fc8U= +go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= +go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= +go.etcd.io/etcd/client/v3 v3.5.10 h1:W9TXNZ+oB3MCd/8UjxHTWK5J9Nquw9fQBLJd5ne5/Ao= +go.etcd.io/etcd/client/v3 v3.5.10/go.mod h1:RVeBnDz2PUEZqTpgqwAtUd8nAPf5kjyFyND7P1VkOKc= +go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= +go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= +go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= +go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc= +go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg= +go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 h1:KfYpVmrjI7JuToy5k8XV3nkapjWx48k4E4JOtVstzQI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48= +go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= +go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= +go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= +go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= +go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= +go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= +go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= -golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 h1:9NWlQfY2ePejTmfwUH1OWwmznFa+0kKcHGPDvcPza9M= -google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= -google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 h1:m8v1xLLLzMe1m5P+gCTF8nJB9epwZQUBERm20Oy1poQ= -google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= -google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= +google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e h1:z3vDksarJxsAKM5dmEGv0GHwE2hKJ096wZra71Vs4sw= +google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= +google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.28.0 h1:3j3VPWmN9tTDI68NETBWlDiA9qOiGJ7sdKeufehBYsM= -k8s.io/api v0.28.0/go.mod h1:0l8NZJzB0i/etuWnIXcwfIv+xnDOhL3lLW919AWYDuY= -k8s.io/apiextensions-apiserver v0.28.0 h1:CszgmBL8CizEnj4sj7/PtLGey6Na3YgWyGCPONv7E9E= -k8s.io/apiextensions-apiserver v0.28.0/go.mod h1:uRdYiwIuu0SyqJKriKmqEN2jThIJPhVmOWETm8ud1VE= -k8s.io/apimachinery v0.28.0 h1:ScHS2AG16UlYWk63r46oU3D5y54T53cVI5mMJwwqFNA= -k8s.io/apimachinery v0.28.0/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw= -k8s.io/apiserver v0.28.0 h1:wVh7bK6Xj7hq+5ntInysTeQRAOqqFoKGUOW2yj8DXrY= -k8s.io/apiserver v0.28.0/go.mod h1:MvLmtxhQ0Tb1SZk4hfJBjs8iqr5nhYeaFSaoEcz7Lk4= -k8s.io/client-go v0.28.0 h1:ebcPRDZsCjpj62+cMk1eGNX1QkMdRmQ6lmz5BLoFWeM= -k8s.io/client-go v0.28.0/go.mod h1:0Asy9Xt3U98RypWJmU1ZrRAGKhP6NqDPmptlAzK2kMc= -k8s.io/cloud-provider v0.28.0 h1:BTIW7b757T+VXB5yqJeajPXsNOmeooopUgfzQueiWvk= -k8s.io/cloud-provider v0.28.0/go.mod h1:u0MGqdlutkTmCJyNrCzIMJ+OhrwQE9x5X8mBTN0R7us= -k8s.io/component-base v0.28.0 h1:HQKy1enJrOeJlTlN4a6dU09wtmXaUvThC0irImfqyxI= -k8s.io/component-base v0.28.0/go.mod h1:Yyf3+ZypLfMydVzuLBqJ5V7Kx6WwDr/5cN+dFjw1FNk= -k8s.io/component-helpers v0.28.0 h1:ubHUiEF7H/DOx4471pHHsLlH3EGu8jlEvnld5PS4KdI= -k8s.io/component-helpers v0.28.0/go.mod h1:i7hJ/oFhZImqUWwjLFG/yGkLpJ3KFoirY2DLYIMql6Q= -k8s.io/controller-manager v0.28.0 h1:55rmyzwEOnhAZLsuDdDHwVT2sGzkleFY0SqZFKsLN5U= -k8s.io/controller-manager v0.28.0/go.mod h1:WrABGmrpEWBap27eu533RpW5lBnVT5K+u2oc2bDwcmU= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.28.0 h1:BwJhU9qPcJhHLUcQjtelOSjYti+1/caJLr+4jHbKzTA= -k8s.io/kms v0.28.0/go.mod h1:CNU792ls92v2Ye7Vn1jn+xLqYtUSezDZNVu6PLbJyrU= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/kubelet v0.28.0 h1:H/3JAkLIungVF+WLpqrxhgJ4gzwsbN8VA8LOTYsEX3U= -k8s.io/kubelet v0.28.0/go.mod h1:i8jUg4ltbRusT3ExOhSAeqETuHdoHTZcTT2cPr9RTgc= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 h1:trsWhjU5jZrx6UvFu4WzQDrN7Pga4a7Qg+zcfcj64PA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0= +k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= +k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= +k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= +k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= +k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= +k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= +k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= +k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= +k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/cloud-provider v0.29.0 h1:Qgk/jHsSKGRk/ltTlN6e7eaNuuamLROOzVBd0RPp94M= +k8s.io/cloud-provider v0.29.0/go.mod h1:gBCt7YYKFV4oUcJ/0xF9lS/9il4MxKunJ+ZKvh39WGo= +k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= +k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= +k8s.io/component-helpers v0.29.0 h1:Y8W70NGeitKxWwhsPo/vEQbQx5VqJV+3xfLpP3V1VxU= +k8s.io/component-helpers v0.29.0/go.mod h1:j2coxVfmzTOXWSE6sta0MTgNSr572Dcx68F6DD+8fWc= +k8s.io/controller-manager v0.29.0 h1:kEv9sKLnjDkoSqeouWp2lZ8P33an5wrDJpOMqoyD7pc= +k8s.io/controller-manager v0.29.0/go.mod h1:UKtadWkULF5bfX7vu3hHppzY/hz88C03t70GItg/x08= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kms v0.29.0 h1:KJ1zaZt74CgvgV3NR7tnURJ/mJOKC5X3nwon/WdwgxI= +k8s.io/kms v0.29.0/go.mod h1:mB0f9HLxRXeXUfHfn1A7rpwOlzXI1gIWu86z6buNoYA= +k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e h1:snPmy96t93RredGRjKfMFt+gvxuVAncqSAyBveJtr4Q= +k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/kubelet v0.29.0 h1:SX5hlznTBcGIrS1scaf8r8p6m3e475KMifwt9i12iOk= +k8s.io/kubelet v0.29.0/go.mod h1:kvKS2+Bz2tgDOG1S1q0TH2z1DasNuVF+8p6Aw7xvKkI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2SGwkQasmbeqDo8th5wOBA5h/AjTKA4I= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From fa637e4d5882434c41b04dd37509250cd8893464 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 25 Dec 2023 15:30:42 +0800 Subject: [PATCH 057/279] Fix an error about volume name identified by test case --- .../en/examples/pods/storage/projected-clustertrustbundle.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/examples/pods/storage/projected-clustertrustbundle.yaml b/content/en/examples/pods/storage/projected-clustertrustbundle.yaml index 452384a44514e..bd660c189e12d 100644 --- a/content/en/examples/pods/storage/projected-clustertrustbundle.yaml +++ b/content/en/examples/pods/storage/projected-clustertrustbundle.yaml @@ -13,7 +13,7 @@ spec: readOnly: true serviceAccountName: default volumes: - - name: root-certificates-vol + - name: token-vol projected: sources: - clusterTrustBundle: From a2b9c21c8148d34dda1300510e969572a053a714 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 25 Dec 2023 15:33:49 +0800 Subject: [PATCH 058/279] Revise test case logic Major revisions included: - Fake Job labels and selectors generation for validation. - Remove obsolete PVC validation options. - Include newly discovered manifests into the test case. - Remove tests related to PodSecurityPolicy which is gone forever. --- content/en/examples/examples_test.go | 54 ++++++++++++++++++---------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/content/en/examples/examples_test.go b/content/en/examples/examples_test.go index 1222ac773faf9..a3a51e0c5596c 100644 --- a/content/en/examples/examples_test.go +++ b/content/en/examples/examples_test.go @@ -27,6 +27,7 @@ import ( "strings" "testing" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" @@ -65,7 +66,6 @@ import ( storage_validation "k8s.io/kubernetes/pkg/apis/storage/validation" "k8s.io/kubernetes/pkg/capabilities" - "k8s.io/kubernetes/pkg/registry/batch/job" // initialize install packages _ "k8s.io/kubernetes/pkg/apis/admissionregistration/install" @@ -195,17 +195,13 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) { case *api.Namespace: errors = validation.ValidateNamespace(t) case *api.PersistentVolume: - opts := validation.PersistentVolumeSpecValidationOptions{ - AllowReadWriteOncePod: true, - } + opts := validation.PersistentVolumeSpecValidationOptions{} errors = validation.ValidatePersistentVolume(t, opts) case *api.PersistentVolumeClaim: if t.Namespace == "" { t.Namespace = api.NamespaceDefault } - opts := validation.PersistentVolumeClaimSpecValidationOptions{ - AllowReadWriteOncePod: true, - } + opts := validation.PersistentVolumeClaimSpecValidationOptions{} errors = validation.ValidatePersistentVolumeClaim(t, opts) case *api.Pod: if t.Namespace == "" { @@ -292,16 +288,34 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) { if t.Namespace == "" { t.Namespace = api.NamespaceDefault } + // Job needs generateSelector called before validation, and job.Validate does this. - // See: https://github.com/kubernetes/kubernetes/issues/20951#issuecomment-187787040 - t.ObjectMeta.UID = types.UID("fakeuid") if strings.Index(t.ObjectMeta.Name, "$") > -1 { t.ObjectMeta.Name = "skip-for-good" } - errors = job.Strategy.Validate(nil, t) + t.ObjectMeta.UID = types.UID("fakeuid") + if t.Spec.Template.ObjectMeta.Labels == nil { + t.Spec.Template.ObjectMeta.Labels = make(map[string]string) + } + t.Spec.Template.ObjectMeta.Labels["controller-uid"] = "fakeuid" + t.Spec.Template.ObjectMeta.Labels["job-name"] = t.ObjectMeta.Name + if t.Spec.Selector == nil { + t.Spec.Selector = &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "controller-uid": "fakeuid", + "job-name": t.ObjectMeta.Name, + }, + } + } + opts := batch_validation.JobValidationOptions{ + RequirePrefixedLabels: false, + } + errors = batch_validation.ValidateJob(t, opts) + // case *flowcontrol.FlowSchema: // TODO: This is still failing // errors = flowcontrol_validation.ValidateFlowSchema(t) + case *networking.Ingress: if t.Namespace == "" { t.Namespace = api.NamespaceDefault @@ -314,8 +328,6 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) { t.Namespace = api.NamespaceDefault } errors = networking_validation.ValidateNetworkPolicy(t, netValidationOptions) - case *policy.PodSecurityPolicy: - errors = policy_validation.ValidatePodSecurityPolicy(t) case *policy.PodDisruptionBudget: if t.Namespace == "" { t.Namespace = api.NamespaceDefault @@ -509,7 +521,9 @@ func TestExampleObjectSchemas(t *testing.T) { "indexed-job-vol": {&batch.Job{}}, }, "application/job/rabbitmq": { - "job": {&batch.Job{}}, + "job": {&batch.Job{}}, + "rabbitmq-statefulset": {&apps.StatefulSet{}}, + "rabbitmq-service": {&api.Service{}}, }, "application/job/redis": { "job": {&batch.Job{}}, @@ -671,6 +685,7 @@ func TestExampleObjectSchemas(t *testing.T) { "pv-pod": {&api.Pod{}}, "pv-volume": {&api.PersistentVolume{}}, "redis": {&api.Pod{}}, + "projected-clustertrustbundle": {&api.Pod{}}, }, "pods/topology-spread-constraints": { "one-constraint": {&api.Pod{}}, @@ -678,11 +693,7 @@ func TestExampleObjectSchemas(t *testing.T) { "two-constraints": {&api.Pod{}}, }, "policy": { - "baseline-psp": {&policy.PodSecurityPolicy{}}, - "example-psp": {&policy.PodSecurityPolicy{}}, - "priority-class-resourcequota": {&api.ResourceQuota{}}, - "privileged-psp": {&policy.PodSecurityPolicy{}}, - "restricted-psp": {&policy.PodSecurityPolicy{}}, + "priority-class-resourcequota": {&api.ResourceQuota{}}, "zookeeper-pod-disruption-budget-maxunavailable": {&policy.PodDisruptionBudget{}}, "zookeeper-pod-disruption-budget-minavailable": {&policy.PodDisruptionBudget{}}, }, @@ -766,6 +777,13 @@ func TestExampleObjectSchemas(t *testing.T) { "audit": { "audit-policy": true, }, + // PSP is dropped in v1.29, do not validate them + "policy": { + "baseline-psp": true, + "example-psp": true, + "privileged-psp": true, + "restricted-psp": true, + }, } capabilities.SetForTests(capabilities.Capabilities{ AllowPrivileged: true, From fc4b3caeaadfc08c007f0340d94e879a8f30f70d Mon Sep 17 00:00:00 2001 From: DeltaX Date: Mon, 25 Dec 2023 16:08:10 +0800 Subject: [PATCH 059/279] [zh] Sync controllers/job.md and fix link anchor. --- .../docs/concepts/workloads/controllers/job.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/content/zh-cn/docs/concepts/workloads/controllers/job.md b/content/zh-cn/docs/concepts/workloads/controllers/job.md index 3456d1ca53c52..c6402a3db9da4 100644 --- a/content/zh-cn/docs/concepts/workloads/controllers/job.md +++ b/content/zh-cn/docs/concepts/workloads/controllers/job.md @@ -650,7 +650,7 @@ from failed Jobs is not lost inadvertently. --> ### 逐索引的回退限制 {#backoff-limit-per-index} -{{< feature-state for_k8s_version="v1.28" state="alpha" >}} +{{< feature-state for_k8s_version="v1.29" state="beta" >}} {{< note >}} ```yaml apiVersion: batch/v1 kind: Job @@ -1623,7 +1626,7 @@ observe that pods from a Job are stucked with the tracking finalizer. -### 弹性索引 Job {#elastic-indexed-job} +### 弹性索引 Job {#elastic-indexed-jobs} {{< feature-state for_k8s_version="v1.27" state="beta" >}} @@ -1649,15 +1652,17 @@ scaling an indexed Job, such as MPI, Horovord, Ray, and PyTorch training jobs. --> ### 延迟创建替换 Pod {#pod-replacement-policy} -{{< feature-state for_k8s_version="v1.28" state="alpha" >}} +{{< feature-state for_k8s_version="v1.29" state="beta" >}} {{< note >}} 你只有在启用了 `JobPodReplacementPolicy` -[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)后, +[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)后(默认启用), 才能为 Job 设置 `podReplacementPolicy`。 {{< /note >}} From 32b86daf2d4116810b2b188ee668c99c1ce80c22 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Fri, 22 Dec 2023 09:49:07 +0800 Subject: [PATCH 060/279] [zh] Localize feature-gates/n*.md --- .../namespace-default-label-name.md | 29 ++++++++++++++ .../feature-gates/network-policy-end-port.md | 31 ++++++++++++++ .../feature-gates/network-policy-status.md | 20 ++++++++++ .../new-volume-manager-reconstruction.md | 40 +++++++++++++++++++ .../feature-gates/nftables-proxy-mode.md | 18 +++++++++ .../node-disruption-exclusion.md | 32 +++++++++++++++ ...inclusion-policy-in-pod-topology-spread.md | 25 ++++++++++++ .../feature-gates/node-lease.md | 30 ++++++++++++++ .../feature-gates/node-log-query.md | 17 ++++++++ .../node-out-of-service-volume-detach.md | 31 ++++++++++++++ .../feature-gates/node-swap.md | 25 ++++++++++++ .../feature-gates/non-preempting-priority.md | 30 ++++++++++++++ 12 files changed, 328 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-lease.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-swap.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md new file mode 100644 index 0000000000000..4dcdd81fae605 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/namespace-default-label-name.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: NamespaceDefaultLabelName +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + +removed: true +--- + + +配置 API 服务器以在所有名字空间上设置一个不可变的{{< glossary_tooltip text="标签" term_id="label" >}} +`kubernetes.io/metadata.name`,取值为名字空间的名称。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md new file mode 100644 index 0000000000000..5a62b8c516e45 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md @@ -0,0 +1,31 @@ +--- +title: NetworkPolicyEndPort +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true +--- + + +允许你在 [NetworkPolicy](/zh-cn/docs/concepts/services-networking/network-policies/) +规则中将端口设置为一个端口号范围。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md new file mode 100644 index 0000000000000..7929ef2633f80 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/network-policy-status.md @@ -0,0 +1,20 @@ +--- +title: NetworkPolicyStatus +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.27" + +removed: true +--- + + +为 NetworkPolicy 对象启用 `status` 子资源。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md new file mode 100644 index 0000000000000..b956113b0baec --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/new-volume-manager-reconstruction.md @@ -0,0 +1,40 @@ +--- +title: NewVolumeManagerReconstruction +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.27" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" +--- + + +在 kubelet 启动期间启用改进的挂载卷的发现。由于这段代码已经进行了重大重构, +我们允许用户不采用这一逻辑,以免 kubelet 在启动时被卡住,或者未能为已终止的 Pod 卸载卷。 +请注意,此重构是作为 Kubernetes 1.25 中的 `SELinuxMountReadWriteOncePod` Alpha 特性门控的一部分完成的。 + + + +在 Kubernetes v1.25 之前,kubelet 在启动期间使用不同的默认行为来发现已挂载的卷。 +如果你禁用此特性门控(默认启用),则选择传统的发现方式。 + +在 Kubernetes v1.25 和 v1.26 中,此行为切换是 `SELinuxMountReadWriteOncePod` 特性门控的一部分。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md new file mode 100644 index 0000000000000..5afac16b3fcf8 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/nftables-proxy-mode.md @@ -0,0 +1,18 @@ +--- +title: NFTablesProxyMode +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + + +允许使用 +[nftables 模式](/zh-cn/docs/reference/networking/virtual-ips/#proxy-mode-nftables)运行 kube-proxy。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md new file mode 100644 index 0000000000000..d9c04545c85f7 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-disruption-exclusion.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: NodeDisruptionExclusion +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true +--- + + +启用节点标签 `node.kubernetes.io/exclude-disruption`, +以防止在可用区发生故障期间驱逐节点。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md new file mode 100644 index 0000000000000..c0934c258ae7a --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-inclusion-policy-in-pod-topology-spread.md @@ -0,0 +1,25 @@ +--- +title: NodeInclusionPolicyInPodTopologySpread +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" +--- + + +在计算 Pod 拓扑分布偏差时允许在 +[Pod 拓扑分布约束](/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/)中使用 +`nodeAffinityPolicy` 和 `nodeTaintsPolicy`。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-lease.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-lease.md new file mode 100644 index 0000000000000..7ad470bd2d02e --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-lease.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: NodeLease +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.23" + +removed: true +--- + + +启用新的 Lease API 以报告节点心跳,节点心跳可用作节点运行状况信号。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md new file mode 100644 index 0000000000000..8f079a460754d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-log-query.md @@ -0,0 +1,17 @@ +--- +title: NodeLogQuery +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" +--- + + +允许使用 `/logs` 端点来查询节点服务的日志。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md new file mode 100644 index 0000000000000..e559b6b13f583 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-out-of-service-volume-detach.md @@ -0,0 +1,31 @@ +--- +title: NodeOutOfServiceVolumeDetach +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" +--- + + +当使用 `node.kubernetes.io/out-of-service` +污点将节点标记为无法提供服务时,节点上不能容忍这个污点的 Pod 将被强制删除, +并且针对此节点上被终止的 Pod 将立即执行解除卷挂接操作。 +被删除的 Pod 可以很快在不同的节点上恢复。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-swap.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-swap.md new file mode 100644 index 0000000000000..95ecf061fdde4 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/node-swap.md @@ -0,0 +1,25 @@ +--- +title: NodeSwap +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.27" + - stage: beta + defaultValue: false + fromVersion: "1.28" +--- + + +允许 kubelet 为节点上的 Kubernetes 工作负载分配交换内存。 +必须将 `KubeletConfiguration.failSwapOn` 设置为 false 才能使用此能力。 +更多细节请参见[交换内存](/zh-cn/docs/concepts/architecture/nodes/#swap-memory)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md new file mode 100644 index 0000000000000..2ca744b735bc6 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/non-preempting-priority.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: NonPreemptingPriority +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true +--- + + +为 PriorityClass 和 Pod 启用 `preemptionPolicy` 字段。 From 8edf79b4bf4ef5d3ffd4a55a49a581f18e21c4a3 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 25 Dec 2023 09:27:13 +0800 Subject: [PATCH 061/279] [zh] Localize part1 of /feature-gates/p*.md --- .../pdb-unhealthy-pod-eviction-policy.md | 25 +++++++++++++ .../feature-gates/persistent-local-volumes.md | 32 +++++++++++++++++ ...stent-volume-last-phase-transition-time.md | 22 ++++++++++++ .../pod-affinity-namespace-selector.md | 35 +++++++++++++++++++ .../pod-and-container-stats-from-cri.md | 19 ++++++++++ .../feature-gates/pod-deletion-cost.md | 23 ++++++++++++ .../feature-gates/pod-disruption-budget.md | 30 ++++++++++++++++ .../pod-disruption-conditions.md | 21 +++++++++++ 8 files changed, 207 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md new file mode 100644 index 0000000000000..7173cbc529ccf --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pdb-unhealthy-pod-eviction-policy.md @@ -0,0 +1,25 @@ +--- +title: PDBUnhealthyPodEvictionPolicy +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" +--- + + +启用 `PodDisruptionBudget` 的 `unhealthyPodEvictionPolicy` 字段。 +此字段指定何时应考虑驱逐不健康的 Pod。 +更多细节请参阅[不健康 Pod 驱逐策略](/zh-cn/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md new file mode 100644 index 0000000000000..18db1c80689fe --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-local-volumes.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: PersistentLocalVolumes +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.7" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + +removed: true +--- + + +允许在 Pod 中使用 `local` 卷类型。 +如果请求 `local` 卷,则必须指定 Pod 亲和性属性。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md new file mode 100644 index 0000000000000..79170213b51fa --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/persistent-volume-last-phase-transition-time.md @@ -0,0 +1,22 @@ +--- +title: PersistentVolumeLastPhaseTransitionTime +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" +--- + + +为 PersistentVolume 添加一个新字段,用于保存卷上一次转换阶段的时间戳。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md new file mode 100644 index 0000000000000..cb2bcb350e916 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-affinity-namespace-selector.md @@ -0,0 +1,35 @@ +--- +# Removed from Kubernetes +title: PodAffinityNamespaceSelector +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true +--- + + +启用 [Pod 亲和性名字空间选择算符](/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node/#namespace-selector)和 +[CrossNamespacePodAffinity](/zh-cn/docs/concepts/policy/resource-quotas/#cross-namespace-pod-affinity-quota) +资源配额特性。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md new file mode 100644 index 0000000000000..a8b7b04e8202d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-and-container-stats-from-cri.md @@ -0,0 +1,19 @@ +--- +title: PodAndContainerStatsFromCRI +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" +--- + + +将 kubelet 配置为从 CRI 容器运行时收集容器和 Pod 的统计信息,而不是从 cAdvisor 收集统计信息。 +从 1.26 版本开始,这还包括从 CRI 收集指标并通过 `/metrics/cadvisor` 进行发布(而不是直接由 cAdvisor 发布)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md new file mode 100644 index 0000000000000..d3f42ed3d56b2 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-deletion-cost.md @@ -0,0 +1,23 @@ +--- +title: PodDeletionCost +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" +--- + + +启用 [Pod 删除开销](/zh-cn/docs/concepts/workloads/controllers/replicaset/#pod-deletion-cost)特性, +允许用户影响 ReplicaSet 的缩容顺序。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md new file mode 100644 index 0000000000000..5d943cec8d5c3 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-budget.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: PodDisruptionBudget +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.3" + toVersion: "1.4" + - stage: beta + defaultValue: true + fromVersion: "1.5" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.25" + +removed: true +--- + + +启用 [PodDisruptionBudget](/zh-cn/docs/tasks/run-application/configure-pdb/) 特性。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md new file mode 100644 index 0000000000000..e1cb9fc40d13c --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-disruption-conditions.md @@ -0,0 +1,21 @@ +--- +title: PodDisruptionConditions +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" +--- + + +启用支持追加一个专用的 Pod 状况,以表示 Pod 由于某个干扰正在被删除。 From 75ee2c9be29506307280c13db624b13d88a9ce31 Mon Sep 17 00:00:00 2001 From: Jin Li Date: Mon, 25 Dec 2023 10:12:07 +0800 Subject: [PATCH 062/279] [zh-cn] sync debug-pods.md --- .../debug/debug-application/debug-pods.md | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/content/zh-cn/docs/tasks/debug/debug-application/debug-pods.md b/content/zh-cn/docs/tasks/debug/debug-application/debug-pods.md index 222be1d87bacc..8e29924ef116e 100644 --- a/content/zh-cn/docs/tasks/debug/debug-application/debug-pods.md +++ b/content/zh-cn/docs/tasks/debug/debug-application/debug-pods.md @@ -127,6 +127,60 @@ There are three things to check: * 确保镜像已被推送到镜像仓库。 * 尝试手动是否能拉取镜像。例如,如果你在你的 PC 上使用 Docker,请运行 `docker pull <镜像>`。 + +#### Pod 停滞在 terminating 状态 {#my-pod-stays-terminating} + +如果 Pod 停滞在 `Terminating` 状态,表示已发出删除 Pod 的请求, +但控制平面无法删除该 Pod 对象。 + +如果 Pod 拥有 [Finalizer](/zh-cn/docs/concepts/overview/working-with-objects/finalizers/) +并且集群中安装了[准入 Webhook](/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/), +可能会导致控制平面无法移除 Finalizer,从而导致 Pod 出现此问题。 + + +要确认这种情况,请检查你的集群中是否有针对 `pods` 资源进行 `UPDATE` +操作的 ValidatingWebhookConfiguration 或 MutatingWebhookConfiguration。 + +如果 Webhook 是由第三方提供的: +- 确保你使用的是最新版。 +- 禁用 `UPDATE` 操作的 Webhook。 +- 向相关供应商报告问题。 + + +如果你是 Webhook 的作者: +- 对于变更性质的 Webhook,请确保在 `UPDATE` 操作中永远不要更改不可变字段。 + 例如,一般不允许更改容器。 +- 对于验证性质的 Webhook,请确保你的验证策略仅适用于新的更改。换句话说, + 你应该允许存在违规的现有 Pod 通过验证。这样可以确保在安装验证性质的 Webhook + 之前创建的 Pod 可以继续运行。 + +启用了针对未认证客户端的 HTTP/2 拒绝服务(DoS)防护措施。 +Kubernetes v1.28.0 至 v1.28.2 版本并未包括这项特性门控。 \ No newline at end of file diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/unknown-version-interoperability-proxy.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/unknown-version-interoperability-proxy.md new file mode 100644 index 0000000000000..7499c9947412d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/unknown-version-interoperability-proxy.md @@ -0,0 +1,20 @@ +--- +title: UnknownVersionInteroperabilityProxy +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" +--- + + +当存在多个不同版本的 kube-apiserver 时,将资源请求代理到正确的对等 kube-apiserver。 +更多信息请参见[混合版本代理](/zh-cn/docs/concepts/architecture/mixed-version-proxy/) 。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-pod-security-standards.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-pod-security-standards.md new file mode 100644 index 0000000000000..57b5c7e0aec1b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-pod-security-standards.md @@ -0,0 +1,20 @@ +--- +title: UserNamespacesPodSecurityStandards +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + + +启用 Pod 安全标准策略的放宽措施,适用于在命名空间中运行的 Pod。 +你需要在集群的所有节点上统一设置此特性门控,并且必须启用 `UserNamespacesSupport` 才能使用此功能。 \ No newline at end of file diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-stateless-pods-support.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-stateless-pods-support.md new file mode 100644 index 0000000000000..7159ca02c6605 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-stateless-pods-support.md @@ -0,0 +1,21 @@ +--- +title: UserNamespacesStatelessPodsSupport +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.27" + +removed: true +--- + + +为无状态 Pod 启用用户命名空间支持。此特性在 Kubernetes v1.28 版本中被 `UserNamespacesSupport` 特性取代。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-support.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-support.md new file mode 100644 index 0000000000000..68a5a809db0b2 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/user-namespaces-support.md @@ -0,0 +1,17 @@ +--- +title: UserNamespacesSupport +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" +--- + + +为 Pod 启用用户命名空间支持。 From a4b705bc4cb527dabd1bf527b266699e25f94989 Mon Sep 17 00:00:00 2001 From: Takashiidobe Date: Mon, 25 Dec 2023 09:44:01 -0500 Subject: [PATCH 065/279] code review feedback --- content/en/docs/reference/config-api/kubeconfig.v1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/reference/config-api/kubeconfig.v1.md b/content/en/docs/reference/config-api/kubeconfig.v1.md index 6ec5b00ae437e..72a5c63358ce8 100644 --- a/content/en/docs/reference/config-api/kubeconfig.v1.md +++ b/content/en/docs/reference/config-api/kubeconfig.v1.md @@ -55,21 +55,21 @@ TODO(jlowdermilk): remove this after eliminating downstream dependencies.

[]NamedCluster -

Clusters is a map of referenceable names to cluster configs

+

Clusters is a map of referencable names to cluster configs

users [Required]
[]NamedAuthInfo -

AuthInfos is a map of referenceable names to user configs

+

AuthInfos is a map of referencable names to user configs

contexts [Required]
[]NamedContext -

Contexts is a map of referenceable names to context configs

+

Contexts is a map of referencable names to context configs

current-context [Required]
From 5476934e60c492ed8a70baf6245dcce66dd6afa0 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Mon, 25 Dec 2023 23:55:49 +0000 Subject: [PATCH 066/279] [zh] Sync 16 files prefixed with 'a' in feature-gates --- .../feature-gates/accelerators.md | 11 +++++++++++ .../admission-webhook-match-conditions.md | 9 +++++++++ .../feature-gates/advanced-auditing.md | 16 ++++++++++++++++ .../feature-gates/affinity-in-annotations.md | 11 +++++++++++ .../aggregated-discovery-endpoint.md | 9 +++++++++ .../allow-ext-traffic-local-endpoints.md | 12 ++++++++++++ .../allow-insecure-backend-proxy.md | 12 ++++++++++++ .../feature-gates/any-volume-data-source.md | 9 +++++++++ .../feature-gates/api-list-chunking.md | 13 +++++++++++++ .../feature-gates/api-priority-and-fairness.md | 13 +++++++++++++ .../feature-gates/api-response-compression.md | 9 +++++++++ .../feature-gates/api-self-subject-review.md | 13 +++++++++++++ .../feature-gates/api-server-identity.md | 9 +++++++++ .../feature-gates/api-server-tracing.md | 9 +++++++++ .../feature-gates/apparmor.md | 5 +++++ .../feature-gates/attach-volume-limit.md | 16 ++++++++++++++++ 16 files changed, 176 insertions(+) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/accelerators.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/accelerators.md index ade88fc9bbf37..747cf7169661d 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/accelerators.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/accelerators.md @@ -6,6 +6,17 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.6" + toVersion: "1.10" + - stage: deprecated + fromVersion: "1.11" + toVersion: "1.11" + +removed: true --- +允许在索引作业中指定每个索引的最大 Pod 重试次数。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-mutable-node-scheduling-directives.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-mutable-node-scheduling-directives.md new file mode 100644 index 0000000000000..2f7d7591074dc --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-mutable-node-scheduling-directives.md @@ -0,0 +1,26 @@ +--- +title: JobMutableNodeSchedulingDirectives +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true +--- + + +允许更新在 [Job](/zh-cn/docs/concepts/workloads/controllers/job/) +的 Pod 模板中的节点调度指令。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-pod-failure-policy.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-pod-failure-policy.md new file mode 100644 index 0000000000000..bef23d14878db --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-pod-failure-policy.md @@ -0,0 +1,22 @@ +--- +title: JobPodFailurePolicy +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" +--- + + +允许用户根据容器退出码和 Pod 状况来指定 Pod 失效的处理方法。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-pod-replacement-policy.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-pod-replacement-policy.md new file mode 100644 index 0000000000000..5546e5e0aba96 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-pod-replacement-policy.md @@ -0,0 +1,21 @@ +--- +title: JobPodReplacementPolicy +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" +--- + + +允许你在 [Job](/zh-cn/docs/concepts/workloads/controllers/job/) 中为终止的 Pod 指定替代 Pod。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-ready-pods.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-ready-pods.md new file mode 100644 index 0000000000000..f9e5dc67c0201 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-ready-pods.md @@ -0,0 +1,32 @@ +--- +title: JobReadyPods +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" +--- + + +允许跟踪[状况](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions)为 +`Ready` 的 Pod 的个数。`Ready` 的 Pod 记录在 +[Job](/zh-cn/docs/concepts/workloads/controllers/job/) 对象的 +[status](/zh-cn/docs/reference/kubernetes-api/workload-resources/job-v1/#JobStatus) 字段中。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-tracking-with-finalizers.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-tracking-with-finalizers.md new file mode 100644 index 0000000000000..3a9e65f55dad5 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/job-tracking-with-finalizers.md @@ -0,0 +1,38 @@ +--- +title: JobTrackingWithFinalizers +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: false + fromVersion: "1.23" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.28" + +removed: true +--- + + +启用跟踪 [Job](/zh-cn/docs/concepts/workloads/controllers/job/) +完成情况,而非总是从集群剩余 Pod 获取信息来判断完成情况。 +Job 控制器使用 Pod 终结器(finalizers)和 Job 状态中的一个字段 +来跟踪已完成的 Pod 以计算完成度。 From 9d4def38138095765be5de7e8a53fd8e542ff503 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 26 Dec 2023 09:13:22 +0800 Subject: [PATCH 070/279] [zh] Sync feature-gates/i*.md --- .../feature-gates/honor-pv-reclaim-policy.md | 5 +++++ .../feature-gates/hpa-container-metrics.md | 9 +++++++++ .../feature-gates/hpa-scale-to-zero.md | 5 +++++ .../huge-page-storage-medium-size.md | 16 ++++++++++++++++ .../feature-gates/huge-pages.md | 16 ++++++++++++++++ .../feature-gates/hyper-v-container.md | 12 ++++++++++++ .../feature-gates/identify-pod-os.md | 16 ++++++++++++++++ .../feature-gates/immutable-ephemeral-volumes.md | 16 ++++++++++++++++ .../in-place-pod-vertical-scaling.md | 5 +++++ 9 files changed, 100 insertions(+) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md index e25906dd38518..585c358e02c05 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/honor-pv-reclaim-policy.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" --- +启用 kubelet 配置字段 `imageMaximumGCAge`,允许管理员指定多久之后镜像将被垃圾收集。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md index e00007064ac11..ae25aa7bc11eb 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/in-tree-plugin-aws-unregister.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" --- -要确认这种情况,请检查你的集群中是否有针对 `pods` 资源进行 `UPDATE` -操作的 ValidatingWebhookConfiguration 或 MutatingWebhookConfiguration。 +要确认这种情况,请检查你的集群中是否有 ValidatingWebhookConfiguration 或 +MutatingWebhookConfiguration 处理 `pods` 资源的 `UPDATE` 操作。 如果 Webhook 是由第三方提供的: + - 确保你使用的是最新版。 -- 禁用 `UPDATE` 操作的 Webhook。 +- 禁用处理 `UPDATE` 操作的 Webhook。 - 向相关供应商报告问题。 如果你是 Webhook 的作者: -- 对于变更性质的 Webhook,请确保在 `UPDATE` 操作中永远不要更改不可变字段。 - 例如,一般不允许更改容器。 -- 对于验证性质的 Webhook,请确保你的验证策略仅适用于新的更改。换句话说, + +- 对于变更性质的 Webhook,请确保在处理 `UPDATE` 操作时不要更改不可变字段。 + 例如,一般不允许更改 `containers`。 +- 对于验证性质的 Webhook,请确保你的验证策略仅被应用于新的更改之上。换句话说, 你应该允许存在违规的现有 Pod 通过验证。这样可以确保在安装验证性质的 Webhook 之前创建的 Pod 可以继续运行。 @@ -325,7 +327,6 @@ kubectl get pods --selector=name=nginx,type=frontend ``` to list pods that match this selector. Verify that the list matches the Pods that you expect to provide your Service. -Verify that the pod's `containerPort` matches up with the Service's `targetPort` --> 你可以使用如下命令列出与选择算符相匹配的 Pod,并验证这些 Pod 是否归属于创建的服务: From bee507b9f46642b74e946d00a320b8da03d45b84 Mon Sep 17 00:00:00 2001 From: Subhajit009iitr Date: Tue, 26 Dec 2023 14:33:54 +0530 Subject: [PATCH 075/279] Fix search-icon when typing --- layouts/partials/search-input.html | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/layouts/partials/search-input.html b/layouts/partials/search-input.html index c41a5052f2b8c..6eadec8d99ad3 100644 --- a/layouts/partials/search-input.html +++ b/layouts/partials/search-input.html @@ -1,29 +1,40 @@ + + {{ if or .Site.Params.gcs_engine_id .Site.Params.algolia_docsearch }} {{ else if .Site.Params.offlineSearch }}
{{ else if .Site.Params.k8s_search }} From 1ddc6165d6222b532665851c79981b01bec73eaa Mon Sep 17 00:00:00 2001 From: DeltaX Date: Sat, 23 Dec 2023 01:32:52 +0800 Subject: [PATCH 076/279] [zh] Localize feature-gates/e*.md Apply suggestions from code review Co-authored-by: Michael Co-authored-by: Tim Bannister Co-authored-by: Qiming Teng --- .../efficient-watch-resumption.md | 25 +++++++++++++ .../feature-gates/elastic-indexed-job.md | 21 +++++++++++ .../enable-aggregated-discovery-timeout.md | 23 ++++++++++++ .../enable-equivalence-class-cache.md | 25 +++++++++++++ .../feature-gates/endpoint-slice-node-name.md | 25 +++++++++++++ .../feature-gates/endpoint-slice-proxying.md | 35 +++++++++++++++++++ .../endpoint-slice-terminating-condition.md | 28 +++++++++++++++ .../feature-gates/endpoint-slice.md | 35 +++++++++++++++++++ .../feature-gates/ephemeral-containers.md | 32 +++++++++++++++++ .../feature-gates/even-pods-spread.md | 31 ++++++++++++++++ .../feature-gates/evented-pleg.md | 33 +++++++++++++++++ .../feature-gates/exec-probe-timeout.md | 22 ++++++++++++ .../feature-gates/expand-csi-volumes.md | 29 +++++++++++++++ .../expand-in-use-persistent-volumes.md | 31 ++++++++++++++++ .../expand-persistent-volumes.md | 31 ++++++++++++++++ .../feature-gates/expanded-dns-config.md | 30 ++++++++++++++++ .../experimental-critical-pod-annotation.md | 29 +++++++++++++++ ...rimental-host-user-namespace-defaulting.md | 27 ++++++++++++++ .../external-policy-for-external-ip.md | 23 ++++++++++++ 19 files changed, 535 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md new file mode 100644 index 0000000000000..ddf77551bba45 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/efficient-watch-resumption.md @@ -0,0 +1,25 @@ +--- +title: EfficientWatchResumption +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" +--- + +允许将存储发起的书签(进度通知)事件传递给用户。这仅适用于 watch(监视)操作。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md new file mode 100644 index 0000000000000..f6da4e5dd1072 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/elastic-indexed-job.md @@ -0,0 +1,21 @@ +--- +title: ElasticIndexedJob +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.27" +--- + +允许通过同时改变 `spec.completions` 和 `spec.parallelism` +使得 `spec.completions == spec.parallelism` 来对带索引的 Job 执行扩容或缩容。 +更多细节请参阅[弹性索引 Job](/zh-cn/docs/concepts/workloads/controllers/job#elastic-indexed-jobs) 文档。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md new file mode 100644 index 0000000000000..9f50594651350 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-aggregated-discovery-timeout.md @@ -0,0 +1,23 @@ +--- +# Removed from Kubernetes +title: EnableAggregatedDiscoveryTimeout +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: deprecated + defaultValue: true + fromVersion: "1.16" + toVersion: "1.17" + +removed: true + +--- + +对聚合的发现调用启用五秒钟超时设置。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md new file mode 100644 index 0000000000000..fd427dd2a9814 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/enable-equivalence-class-cache.md @@ -0,0 +1,25 @@ +--- +# Removed from Kubernetes +title: EnableEquivalenceClassCache +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.12" + - stage: deprecated + fromVersion: "1.13" + toVersion: "1.23" + +removed: true +--- + +调度 Pod 时,使调度器缓存节点的等效项。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md new file mode 100644 index 0000000000000..598e242e347a8 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-node-name.md @@ -0,0 +1,25 @@ +--- +# Removed from Kubernetes +title: EndpointSliceNodeName +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.24" + +removed: true +--- + +启用 EndpointSlice 的 `nodeName` 字段。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md new file mode 100644 index 0000000000000..03350bd75563c --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-proxying.md @@ -0,0 +1,35 @@ +--- +# Removed from Kubernetes +title: EndpointSliceProxying +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true +--- + +启用此特性门控时,Linux 上运行的 kube-proxy 会使用 +EndpointSlice 而不是 Endpoints 作为其主要数据源, +从而使得可扩缩性和性能提升成为可能。 +参阅[启用 EndpointSlice](/zh-cn/docs/concepts/services-networking/endpoint-slices/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md new file mode 100644 index 0000000000000..1d8cb8e4f1a64 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice-terminating-condition.md @@ -0,0 +1,28 @@ +--- +title: EndpointSliceTerminatingCondition +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true +--- + +启用 EndpointSlice 的 `terminating` 和 `serving` 状况字段。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md new file mode 100644 index 0000000000000..d1fba038e950b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/endpoint-slice.md @@ -0,0 +1,35 @@ +--- +# Removed from Kubernetes +title: EndpointSlice +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.16" + - stage: beta + defaultValue: false + fromVersion: "1.17" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.24" + +removed: true +--- + +启用 EndpointSlice 以实现可扩缩性和可扩展性更好的网络端点。 +参阅[启用 EndpointSlice](/zh-cn/docs/concepts/services-networking/endpoint-slices/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md new file mode 100644 index 0000000000000..8de5a510271af --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/ephemeral-containers.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: EphemeralContainers +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true +--- + +启用添加{{< glossary_tooltip text="临时容器" term_id="ephemeral-container" >}}到正在运行的 +Pod 的特性。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md new file mode 100644 index 0000000000000..8413539616d69 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/even-pods-spread.md @@ -0,0 +1,31 @@ +--- +# Removed from Kubernetes +title: EvenPodsSpread +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.18" + - stage: stable + defaultValue: true + fromVersion: "1.19" + toVersion: "1.21" + +removed: true +--- + +使 Pod 能够在拓扑域之间平衡调度。请参阅 +[Pod 拓扑扩展约束](/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md new file mode 100644 index 0000000000000..ed444f931f1ba --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md @@ -0,0 +1,33 @@ +--- +title: EventedPLEG +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: false + fromVersion: "1.27" +--- + +启用此特性后,kubelet 能够通过 +{{}} +扩展从{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}接收容器生命周期事件。 +(PLEG 是 “Pod lifecycle event generator” 的缩写,即 Pod 生命周期事件生成器)。 +要使用此特性,你还需要在集群中运行的每个容器运行时中启用对容器生命周期事件的支持。 +如果容器运行时未宣布支持容器生命周期事件,即使你已启用了此特性门控, +kubelet 也会自动切换到原有的通用 PLEG 机制。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md new file mode 100644 index 0000000000000..93213a57bc5f8 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/exec-probe-timeout.md @@ -0,0 +1,22 @@ +--- +title: ExecProbeTimeout +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: stable + defaultValue: true + fromVersion: "1.20" +--- + +确保 kubelet 会遵从 exec 探针的超时值设置。 +此特性门控的主要目的是方便你处理现有的、依赖于已被修复的缺陷的工作负载; +该缺陷导致 Kubernetes 会忽略 exec 探针的超时值设置。 +参阅[就绪态探针](/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes). diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md new file mode 100644 index 0000000000000..565f84a1f3527 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-csi-volumes.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: ExpandCSIVolumes +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true +--- + +启用 CSI 卷的扩展。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md new file mode 100644 index 0000000000000..bc73856500c53 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-in-use-persistent-volumes.md @@ -0,0 +1,31 @@ +--- +# Removed from Kubernetes +title: ExpandInUsePersistentVolumes +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true +--- + +启用扩充使用中的 PVC 的大小。 +请查阅[调整使用中的 PersistentVolumeClaim 的大小](/zh-cn/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md new file mode 100644 index 0000000000000..92888e8325c34 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expand-persistent-volumes.md @@ -0,0 +1,31 @@ +--- +# Removed from Kubernetes +title: ExpandPersistentVolumes +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.10" + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + +removed: true +--- + +允许扩展持久卷。 +请查阅[扩展持久卷申领](/zh-cn/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md new file mode 100644 index 0000000000000..ec4433e401e29 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md @@ -0,0 +1,30 @@ +--- +title: ExpandedDNSConfig +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" +--- + +在 kubelet 和 kube-apiserver 上启用后, +允许使用更多的 DNS 搜索域和搜索域列表。此功能特性需要容器运行时 +(containerd v1.5.6 或更高,CRI-O v1.22 或更高)的支持。 +参阅[扩展 DNS 配置](/zh-cn/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration). diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md new file mode 100644 index 0000000000000..225c0fc72a1a6 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-critical-pod-annotation.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: ExperimentalCriticalPodAnnotation +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.5" + toVersion: "1.12" + - stage: deprecated + defaultValue: false + fromVersion: "1.13" + toVersion: "1.16" + +removed: true +--- + +启用将特定 Pod 注解为 **关键负载(Critical)** 的方式, +用于[确保其被调度](/zh-cn/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/)。 +从 v1.13 开始已弃用此特性,转而使用 Pod 优先级和抢占功能。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md new file mode 100644 index 0000000000000..5166c5180a3fc --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md @@ -0,0 +1,27 @@ +--- +title: ExperimentalHostUserNamespaceDefaulting +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.5" + toVersion: "1.27" + - stage: deprecated + defaultValue: false + fromVersion: "1.28" +--- + +启用主机默认的用户名字空间。 +这适用于使用其他主机名字空间、主机安装的容器,或具有特权或使用特定的非名字空间功能 +(例如 `MKNODE`、`SYS_MODULE` 等)的容器。 +如果在 Docker 守护程序中启用了用户名字空间重新映射,则启用此选项。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md new file mode 100644 index 0000000000000..ed8b6ffbf6ff0 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/external-policy-for-external-ip.md @@ -0,0 +1,23 @@ +--- +# Removed from Kubernetes +title: ExternalPolicyForExternalIP +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: stable + defaultValue: true + fromVersion: "1.18" + toVersion: "1.22" + +removed: true +--- + +修复一个缺陷,该缺陷会导致 ExternalTrafficPolicy +不会应用到 Service 的外部 IP。 From 6b87aa8c31bb18a08023aceab2b2b423f1a30ec3 Mon Sep 17 00:00:00 2001 From: xin gu <418294249@qq.com> Date: Mon, 25 Dec 2023 22:00:59 +0800 Subject: [PATCH 077/279] sync feature-gates/q*.md --- .../feature-gates/qos-reserved.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md new file mode 100644 index 0000000000000..4a7acaff8205a --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/qos-reserved.md @@ -0,0 +1,19 @@ +--- +title: QOSReserved +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" +--- + + +允许在 QoS 层面预留资源,避免低 QoS 级别的 Pod 占用高 QoS 级别所请求的资源(当前只适用于内存)。 \ No newline at end of file From 07d0c15b5dbeb5a40c29ee339992b7a60061f1f8 Mon Sep 17 00:00:00 2001 From: Subhajit009iitr Date: Tue, 26 Dec 2023 21:32:45 +0530 Subject: [PATCH 078/279] Implement using fa search icon --- layouts/partials/search-input.html | 104 ++++++++++++++++++++--------- 1 file changed, 73 insertions(+), 31 deletions(-) diff --git a/layouts/partials/search-input.html b/layouts/partials/search-input.html index 6eadec8d99ad3..c0e14ae240999 100644 --- a/layouts/partials/search-input.html +++ b/layouts/partials/search-input.html @@ -1,41 +1,83 @@ - + + -{{ if or .Site.Params.gcs_engine_id .Site.Params.algolia_docsearch }} - -{{ else if .Site.Params.offlineSearch }} -
+ + {{ if or .Site.Params.gcs_engine_id .Site.Params.algolia_docsearch }} +
+ + +
+ {{ else if .Site.Params.offlineSearch }} + + {{ else if .Site.Params.k8s_search }} +
+ + -
-{{ else if .Site.Params.k8s_search }} - -{{ end }} \ No newline at end of file + {{ end }} + From b9556087c95f160bc16b010c728ca0a856cd80a9 Mon Sep 17 00:00:00 2001 From: Subhajit009iitr Date: Tue, 26 Dec 2023 21:36:37 +0530 Subject: [PATCH 079/279] Fix search font --- layouts/partials/search-input.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/layouts/partials/search-input.html b/layouts/partials/search-input.html index c0e14ae240999..2478aada7da5e 100644 --- a/layouts/partials/search-input.html +++ b/layouts/partials/search-input.html @@ -19,7 +19,7 @@ } .td-search-input { - font-family: 'Your Preferred Font', sans-serif; + font-family: sans-serif; } .search-input { @@ -32,7 +32,6 @@ border-radius: 15px; } - /* Adjust the placeholder font style */ .search-input::placeholder { font-style: normal; font-weight: normal; From eff10b13937bc2d13dade741694ae8685c21e59c Mon Sep 17 00:00:00 2001 From: Arhell Date: Wed, 27 Dec 2023 01:20:03 +0200 Subject: [PATCH 080/279] [zh] Fix the broken link in blog post --- content/zh-cn/blog/2023-11-24-sig-testing-spotlight.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/blog/2023-11-24-sig-testing-spotlight.md b/content/zh-cn/blog/2023-11-24-sig-testing-spotlight.md index 59072b6d93eec..6f662f33c4b86 100644 --- a/content/zh-cn/blog/2023-11-24-sig-testing-spotlight.md +++ b/content/zh-cn/blog/2023-11-24-sig-testing-spotlight.md @@ -100,7 +100,7 @@ started using it. For E2E testing, that was [Ginkgo+Gomega](https://github.com/onsi/ginkgo). Some hacks were necessary, for example around cleanup after a test run and for categorising tests. Eventually this led to Ginkgo v2 and [revised best -practices for E2E testing](/blog/2023/04/12/e2e-testing-best-practices-reloaded/). +practices for E2E testing](https://www.kubernetes.dev/blog/2023/04/12/e2e-testing-best-practices-reloaded/). Regarding unit testing opinions are pretty diverse: some maintainers prefer to use just the Go standard library with hand-written checks. Others use helper packages like stretchr/testify. That @@ -114,7 +114,7 @@ and other components, then runs tests that are more like E2E tests. 当时开发人员只是看看有什么可用的工具并开始使用这些工具。对于 E2E 测试来说,使用的是 [Ginkgo + Gomega](https://github.com/onsi/ginkgo)。集成一些黑科技是必要的, 例如在测试运行后进行清理和对测试进行分类。最终形成了 Ginkgo v2 -和[重新修订的 E2E 测试最佳实践](/blog/2023/04/12/e2e-testing-best-practices-reloaded/)。 +和[重新修订的 E2E 测试最佳实践](https://www.kubernetes.dev/blog/2023/04/12/e2e-testing-best-practices-reloaded/)。 关于单元测试,意见非常多样化:一些维护者倾向于只使用 Go 标准库和手动检查。 而其他人使用 stretchr/testify 这类辅助工具包。这种多样性是可以接受的,因为单元测试是自包含的: 贡献者只需在处理许多不同领域时保持灵活。集成测试介于二者之间,它基于 Go 单元测试, From 4731ea343694cdf4b844f3ffbfe3f985573510ef Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Wed, 27 Dec 2023 00:51:37 +0000 Subject: [PATCH 081/279] [zh] Sync feature-gates/d*.md --- .../feature-gates/daemon-set-update-surge.md | 16 +++++++++++++++ ...ult-host-network-ports-in-pod-templates.md | 5 +++++ .../default-pod-topology-spread.md | 16 +++++++++++++++ .../delegate-fs-group-to-csi-driver.md | 16 +++++++++++++++ .../device-plugin-cdi-devices.md | 9 +++++++++ .../feature-gates/device-plugins.md | 16 +++++++++++++++ .../disable-accelerator-usage-metrics.md | 16 +++++++++++++++ .../feature-gates/disable-cloud-providers.md | 9 +++++++++ ...able-kubelet-cloud-credential-providers.md | 9 +++++++++ .../disable-node-kube-proxy-version.md | 5 +++++ .../feature-gates/downward-api-huge-pages.md | 20 +++++++++++++++++++ .../feature-gates/dry-run.md | 16 +++++++++++++++ .../feature-gates/dynamic-auditing.md | 11 ++++++++++ .../feature-gates/dynamic-kubelet-config.md | 16 +++++++++++++++ .../dynamic-provisioning-scheduling.md | 10 ++++++++++ .../dynamic-resource-allocation.md | 5 +++++ .../dynamic-volume-provisioning.md | 12 +++++++++++ 17 files changed, 207 insertions(+) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md index 1c9364eee91a3..b29df3a0d85fd 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/daemon-set-update-surge.md @@ -5,6 +5,22 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.28" + +removed: true --- +根据节点上的污点和 Pod 上的容忍度启用从节点驱逐 Pod 的特性。 +更多细节参见[污点和容忍度](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/taint-nodes-by-condition.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/taint-nodes-by-condition.md new file mode 100644 index 0000000000000..057d1d8c4651a --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/taint-nodes-by-condition.md @@ -0,0 +1,31 @@ +--- +# Removed from Kubernetes +title: TaintNodesByCondition +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.18" + +removed: true +--- + + +根据[节点状况](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)启用自动为节点标记污点。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/token-request-projection.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/token-request-projection.md new file mode 100644 index 0000000000000..22a2da7f6eafb --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/token-request-projection.md @@ -0,0 +1,33 @@ +--- +# Removed from Kubernetes +title: TokenRequestProjection +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.21" + +removed: true +--- + + +启用通过 +[`projected` 卷](/zh-cn/docs/concepts/storage/volumes/#projected)将服务账号令牌注入到 +Pod 中的特性。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/token-request.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/token-request.md new file mode 100644 index 0000000000000..e8fc0eb8be0de --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/token-request.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: TokenRequest +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.21" + +removed: true +--- + + +在服务账号资源上启用 `TokenRequest` 端点。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md new file mode 100644 index 0000000000000..1c9489c7b0249 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md @@ -0,0 +1,29 @@ +--- +title: TopologyAwareHints +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.22" + - stage: beta + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" +--- + + +在 EndpointSlice 中启用基于拓扑提示的拓扑感知路由。 +更多细节参见[拓扑感知路由](/zh-cn/docs/concepts/services-networking/topology-aware-routing/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-alpha-options.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-alpha-options.md new file mode 100644 index 0000000000000..9e6f96f5a7c0a --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-alpha-options.md @@ -0,0 +1,22 @@ +--- +title: TopologyManagerPolicyAlphaOptions +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" +--- + + +允许微调拓扑管理器策略的实验性的、Alpha 质量的选项。 +此特性门控守护**一组**质量级别为 Alpha 的拓扑管理器选项。 +此特性门控绝对不会进阶至 Beta 或稳定版。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-beta-options.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-beta-options.md new file mode 100644 index 0000000000000..f28265027b216 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-beta-options.md @@ -0,0 +1,26 @@ +--- +title: TopologyManagerPolicyBetaOptions +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.26" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" +--- + + +允许微调拓扑管理器策略的实验性的、Beta 质量的选项。 +此特性门控守护**一组**质量级别为 Beta 的拓扑管理器选项。 +此特性门控绝对不会进阶至稳定版。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md new file mode 100644 index 0000000000000..8a7e03885c6cd --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md @@ -0,0 +1,21 @@ +--- +title: TopologyManagerPolicyOptions +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" +--- + + +允许对拓扑管理器策略进行微调。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager.md new file mode 100644 index 0000000000000..8516a0229dc02 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/topology-manager.md @@ -0,0 +1,31 @@ +--- +title: TopologyManager +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true +--- + + +启用一种机制来协调 Kubernetes 不同组件的细粒度硬件资源分配。 +详见[控制节点上的拓扑管理策略](/zh-cn/docs/tasks/administer-cluster/topology-manager/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/translate-stream-close-websocket-requests.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/translate-stream-close-websocket-requests.md new file mode 100644 index 0000000000000..c873dc7a83752 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/translate-stream-close-websocket-requests.md @@ -0,0 +1,19 @@ +--- +title: TranslateStreamCloseWebsocketRequests +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + + +允许从请求 v5 子协议版本的客户端处通过 WebSocket 流式传输远程命令子协议(`exec`、`cp`、`attach`)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/ttl-after-finished.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/ttl-after-finished.md new file mode 100644 index 0000000000000..d5f714112855b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/ttl-after-finished.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: TTLAfterFinished +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.20" + - stage: beta + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + - stage: stable + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + +removed: true +--- + + +允许 +[TTL 控制器](/zh-cn/docs/concepts/workloads/controllers/ttlafterfinished/)在资源执行完毕后清理资源。 From 6f4da28563d57be8c108b17d6406963b22facb55 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Wed, 27 Dec 2023 01:01:25 +0000 Subject: [PATCH 083/279] [zh] Sync feature-gates/m*.md --- .../match-label-keys-in-pod-affinity.md | 5 +++++ .../match-label-keys-in-pod-topology-spread.md | 9 +++++++++ .../max-unavailable-stateful-set.md | 5 +++++ .../feature-gates/memory-manager.md | 9 +++++++++ .../feature-gates/memory-qos.md | 5 +++++ .../min-domains-in-pod-topology-spread.md | 13 +++++++++++++ .../feature-gates/minimize-ip-tables-restore.md | 13 +++++++++++++ .../feature-gates/mixed-protocol-lb-service.md | 16 ++++++++++++++++ .../feature-gates/mount-containers.md | 12 ++++++++++++ .../feature-gates/mount-propagation.md | 16 ++++++++++++++++ .../feature-gates/multi-cidr-range-allocator.md | 8 ++++++++ .../multi-cidr-service-allocator.md | 5 +++++ 12 files changed, 116 insertions(+) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md index 751b0c8e522d1..6283c07b18517 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/match-label-keys-in-pod-affinity.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" --- -## 会见贡献者 +## 会见贡献者 {#meet-the-contributors} **Sandipan:** 你能简单介绍一下自己吗,谈谈你的职责角色以及你是如何参与 Kubernetes 项目和 SIG Testing 的? @@ -88,7 +88,7 @@ structured logging WG lead. **Sandipan:** Testing is a field in which multiple approaches and tools exist; how did you arrive at the existing practices? --> -## 测试实践和工具 +## 测试实践和工具 {#testing-practices-and-tools} **Sandipan:** 测试是一个存在多种方法和工具的领域,你们是如何形成现有实践方式的? @@ -126,7 +126,7 @@ and other components, then runs tests that are more like E2E tests. **Sandipan:** SIG Testing is pretty diverse. Can you give a brief overview of the various subprojects owned by SIG Testing? --> -## SIG Testing 拥有的子项目 +## SIG Testing 拥有的子项目 {#subprojects-owned-by-sig-testing} **Sandipan:** SIG Testing 非常多样化。你能简要介绍一下 SIG Testing 拥有的各个子项目吗? @@ -174,7 +174,7 @@ Testing subprojects, check out the [SIG Testing README](https://github.com/kuber **Sandipan:** What are some of the key challenges you face? --> -## 主要挑战和成就 +## 主要挑战和成就 {#key-challenges-and-accomplishments} **Sandipan:** 你们面临的一些主要挑战是什么? @@ -260,7 +260,7 @@ be related to a regression in their current change. **Sandipan:** What are some of your favourite things about this SIG? --> -## 人员和范围 +## 人员和范围 {#the-people-and-the-scope} **Sandipan:** 这个 SIG 中有哪些让你热爱的? @@ -312,7 +312,7 @@ it might even be yourself! **Sandipan:** What areas and/or subprojects does your SIG need help with? --> -## 展望未来 +## 展望未来 {#looking-ahead} **Sandipan:** 在哪些领域和/或子项目上,你们的 SIG 需要帮助? From 817ff5072e3d9329e0c58059e7f072861c1aed2b Mon Sep 17 00:00:00 2001 From: windsonsea Date: Wed, 27 Dec 2023 09:30:19 +0800 Subject: [PATCH 085/279] [zh] Localize part2 of feature-gates/p*.md --- .../pod-has-network-condition.md | 23 +++++++++++++ .../feature-gates/pod-host-ips.md | 23 +++++++++++++ .../feature-gates/pod-index-label.md | 19 +++++++++++ .../pod-lifecycle-sleep-action.md | 17 ++++++++++ .../feature-gates/pod-overhead.md | 32 ++++++++++++++++++ .../feature-gates/pod-priority.md | 31 +++++++++++++++++ .../feature-gates/pod-readiness-gates.md | 33 +++++++++++++++++++ 7 files changed, 178 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md new file mode 100644 index 0000000000000..7a7e191e6b4e6 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-has-network-condition.md @@ -0,0 +1,23 @@ +--- +title: PodHasNetworkCondition +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.27" + +removed: true +--- + + +使得 kubelet 能够对 Pod 标记 +[PodHasNetwork](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) 状况。 +此特性在 1.28 中重命名为 `PodReadyToStartContainersCondition`。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md new file mode 100644 index 0000000000000..568425fa52788 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-host-ips.md @@ -0,0 +1,23 @@ +--- +title: PodHostIPs +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" +--- + + +为 Pod 和 {{< glossary_tooltip term_id="downward-api" text="downward API" >}} +启用 `status.hostIPs` 字段。此字段允许你将主机 IP 地址暴露给工作负载。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md new file mode 100644 index 0000000000000..d5ccbf66ba878 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-index-label.md @@ -0,0 +1,19 @@ +--- +title: PodIndexLabel +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.28" +--- + + +在创建新的 Pod 时允许 Job 控制器和 StatefulSet 控制器将 Pod 索引添加为标签。 +详情参见 [Job 完成模式文档](/zh-cn/docs/concepts/workloads/controllers/job#completion-mode)和 +[StatefulSet Pod 索引标签文档](/zh-cn/docs/concepts/workloads/controllers/statefulset/#pod-index-label)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md new file mode 100644 index 0000000000000..b095cf5aec685 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-lifecycle-sleep-action.md @@ -0,0 +1,17 @@ +--- +title: PodLifecycleSleepAction +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + + +在 Container 生命周期钩子中启用 `sleep` 操作。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md new file mode 100644 index 0000000000000..f3537a4027da5 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-overhead.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: PodOverhead +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true +--- + + +启用 [PodOverhead](/zh-cn/docs/concepts/scheduling-eviction/pod-overhead/) +特性以计算 Pod 开销。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md new file mode 100644 index 0000000000000..6c44b5b548bc8 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-priority.md @@ -0,0 +1,31 @@ +--- +# Removed from Kubernetes +title: PodPriority +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.10" + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.18" + +removed: true +--- + + +允许根据[优先级](/zh-cn/docs/concepts/scheduling-eviction/pod-priority-preemption/)取消调度和抢占 Pod。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md new file mode 100644 index 0000000000000..b5fcdf9fc56b9 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-readiness-gates.md @@ -0,0 +1,33 @@ +--- +# Removed from Kubernetes +title: PodReadinessGates +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.13" + - stage: stable + defaultValue: true + fromVersion: "1.14" + toVersion: "1.16" + +removed: true +--- + + +允许设置 `podReadinessGate` 字段以扩展 Pod 就绪状态评估。更多细节请参见 +[Pod 就绪状态判别](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)。 From 4e115c08696665ecb000c99213ba1ec75ba58b87 Mon Sep 17 00:00:00 2001 From: DeltaX Date: Wed, 27 Dec 2023 01:12:26 +0800 Subject: [PATCH 086/279] [zh] Sync feature-gates/c*.md --- .../cloud-controller-manager-webhook.md | 5 +++++ .../cloud-dual-stack-node-ips.md | 9 +++++++++ .../cluster-trust-bundle-projection.md | 5 +++++ .../feature-gates/cluster-trust-bundle.md | 5 +++++ .../feature-gates/component-slis.md | 9 +++++++++ .../configurable-fs-group-policy.md | 16 +++++++++++++++ .../consistent-http-get-handlers.md | 5 +++++ .../consistent-list-from-cache.md | 5 +++++ .../feature-gates/container-checkpoint.md | 5 +++++ .../feature-gates/contextual-logging.md | 5 +++++ .../controller-manager-leader-migration.md | 16 +++++++++++++++ .../cpu-manager-policy-alpha-options.md | 5 +++++ .../cpu-manager-policy-beta-options.md | 5 +++++ .../cpu-manager-policy-options.md | 9 +++++++++ .../feature-gates/cpu-manager.md | 13 ++++++++++++ .../crd-validation-ratcheting.md | 5 +++++ .../cri-container-log-rotation.md | 16 +++++++++++++++ .../feature-gates/cron-job-controller-v2.md | 16 +++++++++++++++ .../feature-gates/cron-job-time-zone.md | 16 +++++++++++++++ .../cron-jobs-scheduled-annotation.md | 5 +++++ .../cross-namespace-volume-data-source.md | 5 +++++ .../feature-gates/csi-block-volume.md | 16 +++++++++++++++ .../feature-gates/csi-driver-registry.md | 16 +++++++++++++++ .../feature-gates/csi-inline-volume.md | 16 +++++++++++++++ .../csi-migration-aws-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-aws.md | 20 +++++++++++++++++++ .../csi-migration-azure-disk-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-azure-disk.md | 20 +++++++++++++++++++ .../csi-migration-azure-file-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-azure-file.md | 17 ++++++++++++++++ .../csi-migration-gce-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-gce.md | 20 +++++++++++++++++++ .../csi-migration-open-stack-complete.md | 11 ++++++++++ .../feature-gates/csi-migration-open-stack.md | 16 +++++++++++++++ .../feature-gates/csi-migration-portworx.md | 9 +++++++++ .../feature-gates/csi-migration-rbd.md | 9 +++++++++ .../feature-gates/csi-migration.md | 16 +++++++++++++++ .../csi-migrationv-sphere-complete.md | 11 ++++++++++ .../feature-gates/csi-migrationv-sphere.md | 20 +++++++++++++++++++ .../feature-gates/csi-node-expand-secret.md | 13 ++++++++++++ .../feature-gates/csi-node-info.md | 16 +++++++++++++++ .../feature-gates/csi-persistent-volume.md | 16 +++++++++++++++ .../csi-service-account-token.md | 16 +++++++++++++++ .../feature-gates/csi-storage-capacity.md | 16 +++++++++++++++ .../csi-volume-fs-group-policy.md | 16 +++++++++++++++ .../feature-gates/csi-volume-health.md | 5 +++++ .../feature-gates/csr-duration.md | 12 +++++++++++ .../custom-cpu-cfs-quota-period.md | 5 +++++ .../feature-gates/custom-pod-dns.md | 16 +++++++++++++++ .../custom-resource-defaulting.md | 16 +++++++++++++++ .../custom-resource-publish-open-api.md | 16 +++++++++++++++ .../custom-resource-subresources.md | 16 +++++++++++++++ .../custom-resource-validation-expressions.md | 13 ++++++++++++ .../custom-resource-validation.md | 16 +++++++++++++++ .../custom-resource-webhook-conversion.md | 16 +++++++++++++++ 55 files changed, 665 insertions(+) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md index 9a037ef6c4fa0..669c7b2ff84df 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/cloud-controller-manager-webhook.md @@ -4,6 +4,11 @@ content_type: feature_gate _build: list: never render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" --- +使得 kubelet 能在 Pod 上标记 +[PodReadyToStartContainers](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) 状况。 + +此特性门控先前称为 `PodHasNetworkCondition`,关联的状况称为 `PodHasNetwork`。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-scheduling-readiness.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-scheduling-readiness.md new file mode 100644 index 0000000000000..95e874fd2a23f --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-scheduling-readiness.md @@ -0,0 +1,22 @@ +--- +title: PodSchedulingReadiness +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" +--- + + +允许设置 `schedulingGates` 字段以控制 Pod +的[调度就绪状态](/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-security.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-security.md new file mode 100644 index 0000000000000..f8350346135af --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-security.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: PodSecurity +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.27" + +removed: true +--- + + +启用 `PodSecurity` 准入插件。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-share-process-namespace.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-share-process-namespace.md new file mode 100644 index 0000000000000..1f3464fbfe109 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pod-share-process-namespace.md @@ -0,0 +1,34 @@ +--- +# Removed from Kubernetes +title: PodShareProcessNamespace +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.19" + +removed: true +--- + + +在 Pod 中启用 `shareProcessNamespace` 的设置, +以便在 Pod 中运行的容器之间共享同一进程名字空间。 +更多细节请参见[在 Pod 中的容器间共享同一进程名字空间](/zh-cn/docs/tasks/configure-pod-container/share-process-namespace/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/prefer-nominated-node.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/prefer-nominated-node.md new file mode 100644 index 0000000000000..573027e40d77b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/prefer-nominated-node.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: PreferNominatedNode +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true +--- + + +这个标志告诉调度器在循环遍历集群中的所有其他节点之前是否先检查指定的节点。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/probe-termination-grace-period.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/probe-termination-grace-period.md new file mode 100644 index 0000000000000..d7cb0d14c2fa5 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/probe-termination-grace-period.md @@ -0,0 +1,36 @@ +--- +title: ProbeTerminationGracePeriod +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: false + fromVersion: "1.22" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + +removed: true +--- + + +在 Pod 上启用[设置探针级别 `terminationGracePeriodSeconds`](/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#probe-level-terminationgraceperiodseconds)。 +更多细节请参见[增强提案](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2238-liveness-probe-grace-period)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/proc-mount-type.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/proc-mount-type.md new file mode 100644 index 0000000000000..ba7231df1d74b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/proc-mount-type.md @@ -0,0 +1,19 @@ +--- +title: ProcMountType +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" +--- + + +允许容器通过设置 SecurityContext 的 `procMount` 字段来控制对 +proc 类型的挂载方式。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md new file mode 100644 index 0000000000000..e22868732a16d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md @@ -0,0 +1,26 @@ +--- +title: ProxyTerminatingEndpoints +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.25" + - stage: beta + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" +--- + + +当 `ExternalTrafficPolicy=Local` 时,允许 kube-proxy 处理终止过程中的端点。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pvc-protection.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pvc-protection.md new file mode 100644 index 0000000000000..487754b9b4318 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/pvc-protection.md @@ -0,0 +1,26 @@ +--- +# Removed from Kubernetes +title: PVCProtection +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.9" + - stage: deprecated + fromVersion: "1.10" + toVersion: "1.10" + +removed: true +--- + + +启用后,可预防仍然有 Pod 正使用的 PersistentVolumeClaim (PVC) 被删除。 From 3ea68527a759c9ceb87da00fd15c7eed22d2934e Mon Sep 17 00:00:00 2001 From: FanLin <931234477@qq.com> Date: Thu, 28 Dec 2023 15:08:31 +0800 Subject: [PATCH 093/279] [zh] Localize part1 of /feature-gates/k*.md --- .../feature-gates/kmsv1.md | 23 +++++++++++++ .../feature-gates/kmsv2-kdf.md | 25 +++++++++++++++ .../feature-gates/kmsv2.md | 26 +++++++++++++++ .../kubelet-cgroup-driver-from-cri.md | 32 +++++++++++++++++++ .../feature-gates/kubelet-config-file.md | 29 +++++++++++++++++ .../kubelet-credential-providers.md | 29 +++++++++++++++++ .../kubelet-in-user-namespace.md | 20 ++++++++++++ 7 files changed, 184 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md new file mode 100644 index 0000000000000..b828d8bfd6683 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv1.md @@ -0,0 +1,23 @@ +--- +title: KMSv1 +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: deprecated + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + - stage: deprecated + defaultValue: false + fromVersion: "1.29" + +--- + + +启用 KMS v1 API 以实现静态加密。 +详情参见[使用 KMS 驱动进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md new file mode 100644 index 0000000000000..06a339d4643c1 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2-kdf.md @@ -0,0 +1,25 @@ +--- +title: KMSv2KDF +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" +--- + + +启用 KMS v2 以生成一次性数据加密密钥。 +详情参见[使用 KMS 驱动进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。 +如果 `KMSv2` 特性门控在你的集群未被启用,则 `KMSv2KDF` 特性门控的值不会产生任何影响。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md new file mode 100644 index 0000000000000..4eee5b3ed979a --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kmsv2.md @@ -0,0 +1,26 @@ +--- +title: KMSv2 +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" +--- + + +启用 KMS v2 API 以实现静态加密。 +详情参见[使用 KMS 驱动进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md new file mode 100644 index 0000000000000..0c53ca508e43d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-cgroup-driver-from-cri.md @@ -0,0 +1,32 @@ +--- +title: KubeletCgroupDriverFromCRI +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" +--- + + +启用检测来自 {{}} +的 kubelet cgroup 驱动配置选项。你可以在支持该特性门控的 kubelet 节点上使用此特性门控, +也可以在支持 `RuntimeConfig` CRI 调用的 CRI 容器运行时所在节点上使用此特性门控。 +如果 CRI 和 kubelet 都支持此特性,kubelet 将忽略 `cgroupDriver` 配置设置(或已弃用的 `--cgroup-driver` 命令行参数)。 +如果你启用此特性门控但容器运行时不支持它,则 kubelet 将回退到使用通过 `cgroupDriver` 配置设置进行配置的驱动。 +详情参见[配置 cgroup 驱动](/zh-cn/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md new file mode 100644 index 0000000000000..fa0205b220be5 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-config-file.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: KubeletConfigFile +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.9" + - stage: deprecated + fromVersion: "1.10" + toVersion: "1.10" + +removed: true +--- + + +允许从使用配置文件指定的文件中加载 kubelet 配置。 +详情参见[通过配置文件设置 kubelet 参数](/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md new file mode 100644 index 0000000000000..bc3bcb04c4a8c --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-credential-providers.md @@ -0,0 +1,29 @@ +--- +title: KubeletCredentialProviders +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.28" + +removed: true +--- + + +启用 kubelet exec 凭据提供程序以获取镜像拉取凭据。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md new file mode 100644 index 0000000000000..355b4a4786000 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-in-user-namespace.md @@ -0,0 +1,20 @@ +--- +title: KubeletInUserNamespace +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" +--- + + +支持在{{}}里运行 kubelet。 +请参见[以非 root 用户身份运行 Kubernetes 节点组件](/zh-cn/docs/tasks/administer-cluster/kubelet-in-userns/)。 From f6e45ffc4801bc49784a041fadd882ea64f6f982 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Thu, 28 Dec 2023 16:20:52 +0800 Subject: [PATCH 094/279] [zh] Localize feature-gates/r*.md --- .../feature-gates/read-write-once-pod.md | 26 ++++++++++++++++ .../recover-volume-expansion-failure.md | 21 +++++++++++++ .../feature-gates/remaining-item-count.md | 28 +++++++++++++++++ .../feature-gates/remove-self-link.md | 30 +++++++++++++++++++ .../feature-gates/request-management.md | 27 +++++++++++++++++ .../resource-limits-priority-function.md | 29 ++++++++++++++++++ .../resource-quota-scope-selectors.md | 30 +++++++++++++++++++ 7 files changed, 191 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/request-management.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md new file mode 100644 index 0000000000000..d12f436390082 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/read-write-once-pod.md @@ -0,0 +1,26 @@ +--- +title: ReadWriteOncePod +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" +--- + + +允许使用 `ReadWriteOncePod` 访问模式的 PersistentVolume。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md new file mode 100644 index 0000000000000..386b231aa44ff --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/recover-volume-expansion-failure.md @@ -0,0 +1,21 @@ +--- +title: RecoverVolumeExpansionFailure +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" +--- + + +允许用户编辑自己的 PVC 来缩容,以便从之前卷扩容引发的失败中恢复。 +更多细节可参见[处理扩充卷过程中的失败](/zh-cn/docs/concepts/storage/persistent-volumes/#recovering-from-failure-when-expanding-volumes)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md new file mode 100644 index 0000000000000..0b4e0447fc57c --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remaining-item-count.md @@ -0,0 +1,28 @@ +--- +title: RemainingItemCount +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" +--- + + +允许 API 服务器在[分块列表请求](/zh-cn/docs/reference/using-api/api-concepts/#retrieving-large-results-sets-in-chunks) +的响应中显示剩余条目的个数。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md new file mode 100644 index 0000000000000..5c94fc0278930 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/remove-self-link.md @@ -0,0 +1,30 @@ +--- +title: RemoveSelfLink +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" +--- + + +将所有对象和集合的 `.metadata.selfLink` 字段设置为空(空字符串)。 +此字段自 Kubernetes v1.16 版本起已被弃用。 +启用此特性后,`.metadata.selfLink` 字段仍然是 Kubernetes API 的一部分,但始终不设置。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/request-management.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/request-management.md new file mode 100644 index 0000000000000..862d73a535cbb --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/request-management.md @@ -0,0 +1,27 @@ +--- +# Removed from Kubernetes +title: RequestManagement +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.16" + - stage: deprecated + fromVersion: "1.17" + toVersion: "1.17" + +removed: true +--- + + +允许在每个 API 服务器上通过优先级和公平性来管理请求并发性。 +自 1.17 以来已被 `APIPriorityAndFairness` 替代。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md new file mode 100644 index 0000000000000..b68b666b53cf7 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-limits-priority-function.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: ResourceLimitsPriorityFunction +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.9" + toVersion: "1.18" + - stage: deprecated + fromVersion: "1.19" + toVersion: "1.19" + +removed: true +--- + + +启用某调度器优先级函数,此函数将最低得分 1 指派给至少满足输入 Pod 的 CPU 和内存限制之一的节点, +目的是打破得分相同的节点之间的关联。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md new file mode 100644 index 0000000000000..922e899db36c2 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/resource-quota-scope-selectors.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: ResourceQuotaScopeSelectors +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.18" + +removed: true +--- + + +启用资源配额范围选择算符。 From 6a7240f55bcac1d5f9d8956732f9a3f62866531a Mon Sep 17 00:00:00 2001 From: hunshcn Date: Thu, 28 Dec 2023 21:39:19 +0800 Subject: [PATCH 095/279] fix serviceaccount-token-volume-projection link --- .../tasks/configure-pod-container/configure-service-account.md | 2 +- content/en/docs/tasks/extend-kubernetes/setup-konnectivity.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index 002fc3708e965..9182a43f8b44b 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -539,7 +539,7 @@ See also: - or learn to [distribute credentials securely using Secrets](/docs/tasks/inject-data-application/distribute-credentials-secure/) - but also bear in mind that using Secrets for authenticating as a ServiceAccount is deprecated. The recommended alternative is - [ServiceAccount token volume projection](#service-account-token-volume-projection). + [ServiceAccount token volume projection](#serviceaccount-token-volume-projection). - Read about [projected volumes](/docs/tasks/configure-pod-container/configure-projected-volume-storage/). - For background on OIDC discovery, read the [ServiceAccount signing key retrieval](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1393-oidc-discovery) diff --git a/content/en/docs/tasks/extend-kubernetes/setup-konnectivity.md b/content/en/docs/tasks/extend-kubernetes/setup-konnectivity.md index ba7ee91fbee5f..3eb4f7868c6e6 100644 --- a/content/en/docs/tasks/extend-kubernetes/setup-konnectivity.md +++ b/content/en/docs/tasks/extend-kubernetes/setup-konnectivity.md @@ -29,7 +29,7 @@ You need to configure the API Server to use the Konnectivity service and direct the network traffic to the cluster nodes: 1. Make sure that -[Service Account Token Volume Projection](/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection) +[Service Account Token Volume Projection](/docs/tasks/configure-pod-container/configure-service-account/#serviceaccount-token-volume-projection) feature enabled in your cluster. It is enabled by default since Kubernetes v1.20. 1. Create an egress configuration file such as `admin/konnectivity/egress-selector-configuration.yaml`. 1. Set the `--egress-selector-config-file` flag of the API Server to the path of From 77857bc8f98b08f25e3d82f9621f9fd242077201 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 28 Dec 2023 14:46:33 +0000 Subject: [PATCH 096/279] Emphasize contributions other than docs There are lots of ways to get involved. Make it easier to discover what those are. --- content/en/docs/contribute/_index.md | 192 ++------------------------- content/en/docs/contribute/docs.md | 186 ++++++++++++++++++++++++++ content/en/docs/home/_index.md | 6 +- 3 files changed, 202 insertions(+), 182 deletions(-) create mode 100644 content/en/docs/contribute/docs.md diff --git a/content/en/docs/contribute/_index.md b/content/en/docs/contribute/_index.md index 8bd6cfa17dac5..caca7416abc34 100644 --- a/content/en/docs/contribute/_index.md +++ b/content/en/docs/contribute/_index.md @@ -1,197 +1,31 @@ --- content_type: concept -title: Contribute to K8s docs -linktitle: Contribute +title: Contribute to Kubernetes +linkTitle: Contribute main_menu: true no_list: true weight: 80 card: name: contribute weight: 10 - title: Start contributing to K8s + title: Contribute to Kubernetes --- -*Kubernetes welcomes improvements from all contributors, new and experienced!* +There are lots of ways to contribute to Kubernetes. You can work on designs for new features, +you can document the code we already have, you can write for our [blog](/blog). There's more: +you can implement those new features or fix bugs. You can help people join our contributor +community, or support existing contributors. -{{< note >}} -To learn more about contributing to Kubernetes in general, see the -[contributor documentation](https://www.kubernetes.dev/docs/). +With all these different ways to make a difference to the project, we - Kubernetes - have made +a dedicated website: https://k8s.dev/. You can go there to learn more about +contributing to Kubernetes. + +If you specifically want to learn about contributing to _this_ documentation, read +[Contribute to Kubernetes documentation](/docs/contribute/docs/). You can also read the {{< glossary_tooltip text="CNCF" term_id="cncf" >}} [page](https://contribute.cncf.io/contributors/projects/#kubernetes) about contributing to Kubernetes. -{{< /note >}} - ---- - -This website is maintained by [Kubernetes SIG Docs](/docs/contribute/#get-involved-with-sig-docs). - -Kubernetes documentation contributors: - -- Improve existing content -- Create new content -- Translate the documentation -- Manage and publish the documentation parts of the Kubernetes release cycle - - - - - -## Getting started - -Anyone can open an issue about documentation, or contribute a change with a -pull request (PR) to the -[`kubernetes/website` GitHub repository](https://github.com/kubernetes/website). -You need to be comfortable with -[git](https://git-scm.com/) and -[GitHub](https://skills.github.com/) -to work effectively in the Kubernetes community. - -To get involved with documentation: - -1. Sign the CNCF [Contributor License Agreement](https://github.com/kubernetes/community/blob/master/CLA.md). -2. Familiarize yourself with the [documentation repository](https://github.com/kubernetes/website) - and the website's [static site generator](https://gohugo.io). -3. Make sure you understand the basic processes for - [opening a pull request](/docs/contribute/new-content/open-a-pr/) and - [reviewing changes](/docs/contribute/review/reviewing-prs/). - - - - -{{< mermaid >}} -flowchart TB -subgraph third[Open PR] -direction TB -U[ ] -.- -Q[Improve content] --- N[Create content] -N --- O[Translate docs] -O --- P[Manage/publish docs parts
of K8s release cycle] - -end - -subgraph second[Review] -direction TB - T[ ] -.- - D[Look over the
kubernetes/website
repository] --- E[Check out the
Hugo static site
generator] - E --- F[Understand basic
GitHub commands] - F --- G[Review open PR
and change review
processes] -end - -subgraph first[Sign up] - direction TB - S[ ] -.- - B[Sign the CNCF
Contributor
License Agreement] --- C[Join sig-docs
Slack channel] - C --- V[Join kubernetes-sig-docs
mailing list] - V --- M[Attend weekly
sig-docs calls
or slack meetings] -end - -A([fa:fa-user New
Contributor]) --> first -A --> second -A --> third -A --> H[Ask Questions!!!] - - -classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; -classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold -classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 -class A,B,C,D,E,F,G,H,M,Q,N,O,P,V grey -class S,T,U spacewhite -class first,second,third white -{{}} -Figure 1. Getting started for a new contributor. - -Figure 1 outlines a roadmap for new contributors. You can follow some or all of the steps for `Sign up` and `Review`. Now you are ready to open PRs that achieve your contribution objectives with some listed under `Open PR`. Again, questions are always welcome! - -Some tasks require more trust and more access in the Kubernetes organization. -See [Participating in SIG Docs](/docs/contribute/participate/) for more details about -roles and permissions. - -## Your first contribution - -You can prepare for your first contribution by reviewing several steps beforehand. Figure 2 outlines the steps and the details follow. - - - - -{{< mermaid >}} -flowchart LR - subgraph second[First Contribution] - direction TB - S[ ] -.- - G[Review PRs from other
K8s members] --> - A[Check kubernetes/website
issues list for
good first PRs] --> B[Open a PR!!] - end - subgraph first[Suggested Prep] - direction TB - T[ ] -.- - D[Read contribution overview] -->E[Read K8s content
and style guides] - E --> F[Learn about Hugo page
content types
and shortcodes] - end - - - first ----> second - - -classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; -classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold -classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 -class A,B,D,E,F,G grey -class S,T spacewhite -class first,second white -{{}} -Figure 2. Preparation for your first contribution. - -- Read the [Contribution overview](/docs/contribute/new-content/) to - learn about the different ways you can contribute. -- Check [`kubernetes/website` issues list](https://github.com/kubernetes/website/issues/) - for issues that make good entry points. -- [Open a pull request using GitHub](/docs/contribute/new-content/open-a-pr/#changes-using-github) - to existing documentation and learn more about filing issues in GitHub. -- [Review pull requests](/docs/contribute/review/reviewing-prs/) from other - Kubernetes community members for accuracy and language. -- Read the Kubernetes [content](/docs/contribute/style/content-guide/) and - [style guides](/docs/contribute/style/style-guide/) so you can leave informed comments. -- Learn about [page content types](/docs/contribute/style/page-content-types/) - and [Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/). - -## Getting help when contributing - -Making your first contribution can be overwhelming. The [New Contributor Ambassadors](https://github.com/kubernetes/website#new-contributor-ambassadors) are there to walk you through making your first few contributions. You can reach out to them in the [Kubernetes Slack](https://slack.k8s.io/) preferably in the `#sig-docs` channel. There is also the [New Contributors Meet and Greet call](https://www.kubernetes.dev/resources/calendar/) that happens on the first Tuesday of every month. You can interact with the New Contributor Ambassadors and get your queries resolved here. - -## Next steps - -- Learn to [work from a local clone](/docs/contribute/new-content/open-a-pr/#fork-the-repo) - of the repository. -- Document [features in a release](/docs/contribute/new-content/new-features/). -- Participate in [SIG Docs](/docs/contribute/participate/), and become a - [member or reviewer](/docs/contribute/participate/roles-and-responsibilities/). - -- Start or help with a [localization](/docs/contribute/localization/). - -## Get involved with SIG Docs - -[SIG Docs](/docs/contribute/participate/) is the group of contributors who -publish and maintain Kubernetes documentation and the website. Getting -involved with SIG Docs is a great way for Kubernetes contributors (feature -development or otherwise) to have a large impact on the Kubernetes project. - -SIG Docs communicates with different methods: - -- [Join `#sig-docs` on the Kubernetes Slack instance](https://slack.k8s.io/). Make sure to - introduce yourself! -- [Join the `kubernetes-sig-docs` mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs), - where broader discussions take place and official decisions are recorded. -- Join the [SIG Docs video meeting](https://github.com/kubernetes/community/tree/master/sig-docs) held every two weeks. Meetings are always announced on `#sig-docs` and added to the [Kubernetes community meetings calendar](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles). You'll need to download the [Zoom client](https://zoom.us/download) or dial in using a phone. -- Join the SIG Docs async Slack standup meeting on those weeks when the in-person Zoom video meeting does not take place. Meetings are always announced on `#sig-docs`. You can contribute to any one of the threads up to 24 hours after meeting announcement. - -## Other ways to contribute - -- Visit the [Kubernetes community site](/community/). Participate on Twitter or Stack Overflow, learn about local Kubernetes meetups and events, and more. -- Read the [contributor cheatsheet](https://www.kubernetes.dev/docs/contributor-cheatsheet/) to get involved with Kubernetes feature development. -- Visit the contributor site to learn more about [Kubernetes Contributors](https://www.kubernetes.dev/) and [additional contributor resources](https://www.kubernetes.dev/resources/). -- Submit a [blog post or case study](/docs/contribute/new-content/blogs-case-studies/). - diff --git a/content/en/docs/contribute/docs.md b/content/en/docs/contribute/docs.md new file mode 100644 index 0000000000000..1f29cd5e85a74 --- /dev/null +++ b/content/en/docs/contribute/docs.md @@ -0,0 +1,186 @@ +--- +content_type: concept +title: Contribute to Kubernetes Documentation +weight: 09 +card: + name: contribute + weight: 11 + title: Contribute to documentation +--- + + +This website is maintained by [Kubernetes SIG Docs](/docs/contribute/#get-involved-with-sig-docs). +The Kubernetes project welcomes help from all contributors, new or experienced! + +Kubernetes documentation contributors: + +- Improve existing content +- Create new content +- Translate the documentation +- Manage and publish the documentation parts of the Kubernetes release cycle + +--- + +{{< note >}} +To learn more about contributing to Kubernetes in general, see the general +[contributor documentation](https://www.kubernetes.dev/docs/) site. +{{< /note >}} + + + + +## Getting started + +Anyone can open an issue about documentation, or contribute a change with a +pull request (PR) to the +[`kubernetes/website` GitHub repository](https://github.com/kubernetes/website). +You need to be comfortable with +[git](https://git-scm.com/) and +[GitHub](https://skills.github.com/) +to work effectively in the Kubernetes community. + +To get involved with documentation: + +1. Sign the CNCF [Contributor License Agreement](https://github.com/kubernetes/community/blob/master/CLA.md). +2. Familiarize yourself with the [documentation repository](https://github.com/kubernetes/website) + and the website's [static site generator](https://gohugo.io). +3. Make sure you understand the basic processes for + [opening a pull request](/docs/contribute/new-content/open-a-pr/) and + [reviewing changes](/docs/contribute/review/reviewing-prs/). + + + + +{{< mermaid >}} +flowchart TB +subgraph third[Open PR] +direction TB +U[ ] -.- +Q[Improve content] --- N[Create content] +N --- O[Translate docs] +O --- P[Manage/publish docs parts
of K8s release cycle] + +end + +subgraph second[Review] +direction TB + T[ ] -.- + D[Look over the
kubernetes/website
repository] --- E[Check out the
Hugo static site
generator] + E --- F[Understand basic
GitHub commands] + F --- G[Review open PR
and change review
processes] +end + +subgraph first[Sign up] + direction TB + S[ ] -.- + B[Sign the CNCF
Contributor
License Agreement] --- C[Join sig-docs
Slack channel] + C --- V[Join kubernetes-sig-docs
mailing list] + V --- M[Attend weekly
sig-docs calls
or slack meetings] +end + +A([fa:fa-user New
Contributor]) --> first +A --> second +A --> third +A --> H[Ask Questions!!!] + + +classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; +classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold +classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 +class A,B,C,D,E,F,G,H,M,Q,N,O,P,V grey +class S,T,U spacewhite +class first,second,third white +{{}} +Figure 1. Getting started for a new contributor. + +Figure 1 outlines a roadmap for new contributors. You can follow some or all of the steps for `Sign up` and `Review`. Now you are ready to open PRs that achieve your contribution objectives with some listed under `Open PR`. Again, questions are always welcome! + +Some tasks require more trust and more access in the Kubernetes organization. +See [Participating in SIG Docs](/docs/contribute/participate/) for more details about +roles and permissions. + +## Your first contribution + +You can prepare for your first contribution by reviewing several steps beforehand. Figure 2 outlines the steps and the details follow. + + + + +{{< mermaid >}} +flowchart LR + subgraph second[First Contribution] + direction TB + S[ ] -.- + G[Review PRs from other
K8s members] --> + A[Check kubernetes/website
issues list for
good first PRs] --> B[Open a PR!!] + end + subgraph first[Suggested Prep] + direction TB + T[ ] -.- + D[Read contribution overview] -->E[Read K8s content
and style guides] + E --> F[Learn about Hugo page
content types
and shortcodes] + end + + + first ----> second + + +classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; +classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold +classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 +class A,B,D,E,F,G grey +class S,T spacewhite +class first,second white +{{}} +Figure 2. Preparation for your first contribution. + +- Read the [Contribution overview](/docs/contribute/new-content/) to + learn about the different ways you can contribute. +- Check [`kubernetes/website` issues list](https://github.com/kubernetes/website/issues/) + for issues that make good entry points. +- [Open a pull request using GitHub](/docs/contribute/new-content/open-a-pr/#changes-using-github) + to existing documentation and learn more about filing issues in GitHub. +- [Review pull requests](/docs/contribute/review/reviewing-prs/) from other + Kubernetes community members for accuracy and language. +- Read the Kubernetes [content](/docs/contribute/style/content-guide/) and + [style guides](/docs/contribute/style/style-guide/) so you can leave informed comments. +- Learn about [page content types](/docs/contribute/style/page-content-types/) + and [Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/). + +## Getting help when contributing + +Making your first contribution can be overwhelming. The [New Contributor Ambassadors](https://github.com/kubernetes/website#new-contributor-ambassadors) are there to walk you through making your first few contributions. You can reach out to them in the [Kubernetes Slack](https://slack.k8s.io/) preferably in the `#sig-docs` channel. There is also the [New Contributors Meet and Greet call](https://www.kubernetes.dev/resources/calendar/) that happens on the first Tuesday of every month. You can interact with the New Contributor Ambassadors and get your queries resolved here. + +## Next steps + +- Learn to [work from a local clone](/docs/contribute/new-content/open-a-pr/#fork-the-repo) + of the repository. +- Document [features in a release](/docs/contribute/new-content/new-features/). +- Participate in [SIG Docs](/docs/contribute/participate/), and become a + [member or reviewer](/docs/contribute/participate/roles-and-responsibilities/). + +- Start or help with a [localization](/docs/contribute/localization/). + +## Get involved with SIG Docs + +[SIG Docs](/docs/contribute/participate/) is the group of contributors who +publish and maintain Kubernetes documentation and the website. Getting +involved with SIG Docs is a great way for Kubernetes contributors (feature +development or otherwise) to have a large impact on the Kubernetes project. + +SIG Docs communicates with different methods: + +- [Join `#sig-docs` on the Kubernetes Slack instance](https://slack.k8s.io/). Make sure to + introduce yourself! +- [Join the `kubernetes-sig-docs` mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs), + where broader discussions take place and official decisions are recorded. +- Join the [SIG Docs video meeting](https://github.com/kubernetes/community/tree/master/sig-docs) held every two weeks. Meetings are always announced on `#sig-docs` and added to the [Kubernetes community meetings calendar](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles). You'll need to download the [Zoom client](https://zoom.us/download) or dial in using a phone. +- Join the SIG Docs async Slack standup meeting on those weeks when the in-person Zoom video meeting does not take place. Meetings are always announced on `#sig-docs`. You can contribute to any one of the threads up to 24 hours after meeting announcement. + +## Other ways to contribute + +- Visit the [Kubernetes community site](/community/). Participate on Twitter or Stack Overflow, learn about local Kubernetes meetups and events, and more. +- Read the [contributor cheatsheet](https://www.kubernetes.dev/docs/contributor-cheatsheet/) to get involved with Kubernetes feature development. +- Visit the contributor site to learn more about [Kubernetes Contributors](https://www.kubernetes.dev/) and [additional contributor resources](https://www.kubernetes.dev/resources/). +- Submit a [blog post or case study](/docs/contribute/new-content/blogs-case-studies/). + diff --git a/content/en/docs/home/_index.md b/content/en/docs/home/_index.md index e783070d98ec3..9256f06670f83 100644 --- a/content/en/docs/home/_index.md +++ b/content/en/docs/home/_index.md @@ -48,9 +48,9 @@ cards: button_path: /docs/reference - name: contribute title: Contribute to Kubernetes - description: Anyone can contribute, whether you're new to the project or you've been around a long time. - button: Find out how to help - button_path: /docs/contribute + description: Find out how you can help make Kubernetes better. + button: See Ways to Contribute + button_path: "/docs/contribute" - name: training title: "Training" description: "Get certified in Kubernetes and make your cloud native projects successful!" From f283565582335c8d7d0a00daea4e7e7dc312dc64 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 28 Dec 2023 09:32:35 +0000 Subject: [PATCH 097/279] Set a title for feature gates in the table If you hover over a feature gate name, you (now) see the text description. At least in typical web browsers. --- layouts/shortcodes/feature-gate-table.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/layouts/shortcodes/feature-gate-table.html b/layouts/shortcodes/feature-gate-table.html index 325f2f7421193..a3021d48d87e7 100644 --- a/layouts/shortcodes/feature-gate-table.html +++ b/layouts/shortcodes/feature-gate-table.html @@ -77,6 +77,8 @@ {{- end -}} {{- end -}} + {{- $featureDescription := $featureGateFile.Content | plainify -}} + {{- range $featureGate := $featureGateFile.Params.stages -}} {{- $validStages := slice "alpha" "beta" "stable" "deprecated" -}} @@ -101,7 +103,7 @@ - {{- $featureGateName -}} + {{- $featureGateName -}} {{- if isSet $featureGate "defaultValue" -}}{{- $featureGate.defaultValue -}}{{- else -}}–{{- end -}} {{- T (printf "feature_gate_stage_%s" $featureGate.stage) -}} {{- $featureGate.fromVersion -}} From daecef82921acc0200d912d6594f2c30ada45259 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 28 Dec 2023 10:17:54 +0000 Subject: [PATCH 098/279] Render feature gate descriptions automatically Build a sorted list of feature gates based on the individual files that describe them. --- .../feature-gates-removed/index.md | 158 +---------------- .../feature-gates/index.md | 167 +----------------- layouts/shortcodes/feature-gate-list.html | 60 +++++++ 3 files changed, 65 insertions(+), 320 deletions(-) create mode 100644 layouts/shortcodes/feature-gate-list.html diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md b/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md index 47e73f8851fc8..65f231d188ef7 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates-removed/index.md @@ -31,159 +31,5 @@ In the following table: ## Descriptions for removed feature gates -- {{< feature-gate-description name="Accelerators" >}} -- {{< feature-gate-description name="AffinityInAnnotations" >}} -- {{< feature-gate-description name="AdvancedAuditing" >}} -- {{< feature-gate-description name="AllowExtTrafficLocalEndpoints" >}} -- {{< feature-gate-description name="AllowInsecureBackendProxy" >}} -- {{< feature-gate-description name="AttachVolumeLimit" >}} -- {{< feature-gate-description name="BalanceAttachedNodeVolumes" >}} -- {{< feature-gate-description name="BlockVolume" >}} -- {{< feature-gate-description name="BoundServiceAccountTokenVolume" >}} -- {{< feature-gate-description name="CRIContainerLogRotation" >}} -- {{< feature-gate-description name="CSIBlockVolume" >}} -- {{< feature-gate-description name="CSIDriverRegistry" >}} -- {{< feature-gate-description name="CSIInlineVolume" >}} -- {{< feature-gate-description name="CSIMigration" >}} -- {{< feature-gate-description name="CSIMigrationAWS" >}} -- {{< feature-gate-description name="CSIMigrationAWSComplete" >}} -- {{< feature-gate-description name="CSIMigrationAzureDisk" >}} -- {{< feature-gate-description name="CSIMigrationAzureDiskComplete" >}} -- {{< feature-gate-description name="CSIMigrationAzureFileComplete" >}} -- {{< feature-gate-description name="CSIMigrationGCE" >}} -- {{< feature-gate-description name="CSIMigrationGCEComplete" >}} -- {{< feature-gate-description name="CSIMigrationOpenStack" >}} -- {{< feature-gate-description name="CSIMigrationOpenStackComplete" >}} -- {{< feature-gate-description name="CSIMigrationvSphereComplete" >}} -- {{< feature-gate-description name="CSIMigrationvSphere" >}} -- {{< feature-gate-description name="CSINodeInfo" >}} -- {{< feature-gate-description name="CSIPersistentVolume" >}} -- {{< feature-gate-description name="CSIServiceAccountToken" >}} -- {{< feature-gate-description name="CSIStorageCapacity" >}} -- {{< feature-gate-description name="CSIVolumeFSGroupPolicy" >}} -- {{< feature-gate-description name="CSRDuration" >}} -- {{< feature-gate-description name="ConfigurableFSGroupPolicy" >}} -- {{< feature-gate-description name="ControllerManagerLeaderMigration" >}} -- {{< feature-gate-description name="CronJobControllerV2" >}} -- {{< feature-gate-description name="CronJobTimeZone" >}} -- {{< feature-gate-description name="CustomPodDNS" >}} -- {{< feature-gate-description name="CustomResourceDefaulting" >}} -- {{< feature-gate-description name="CustomResourcePublishOpenAPI" >}} -- {{< feature-gate-description name="CustomResourceSubresources" >}} -- {{< feature-gate-description name="CustomResourceValidation" >}} -- {{< feature-gate-description name="CustomResourceWebhookConversion" >}} -- {{< feature-gate-description name="DaemonSetUpdateSurge" >}} -- {{< feature-gate-description name="DefaultPodTopologySpread" >}} -- {{< feature-gate-description name="DelegateFSGroupToCSIDriver" >}} -- {{< feature-gate-description name="DevicePlugins" >}} -- {{< feature-gate-description name="DisableAcceleratorUsageMetrics" >}} -- {{< feature-gate-description name="DownwardAPIHugePages" >}} -- {{< feature-gate-description name="DryRun" >}} -- {{< feature-gate-description name="DynamicAuditing" >}} -- {{< feature-gate-description name="DynamicKubeletConfig" >}} -- {{< feature-gate-description name="DynamicProvisioningScheduling" >}} -- {{< feature-gate-description name="DynamicVolumeProvisioning" >}} -- {{< feature-gate-description name="EnableAggregatedDiscoveryTimeout" >}} -- {{< feature-gate-description name="EnableEquivalenceClassCache" >}} -- {{< feature-gate-description name="EndpointSlice" >}} -- {{< feature-gate-description name="EndpointSliceNodeName" >}} -- {{< feature-gate-description name="EndpointSliceProxying" >}} -- {{< feature-gate-description name="EndpointSliceTerminatingCondition" >}} -- {{< feature-gate-description name="EphemeralContainers" >}} -- {{< feature-gate-description name="EvenPodsSpread" >}} -- {{< feature-gate-description name="ExpandCSIVolumes" >}} -- {{< feature-gate-description name="ExpandInUsePersistentVolumes" >}} -- {{< feature-gate-description name="ExpandPersistentVolumes" >}} -- {{< feature-gate-description name="ExperimentalCriticalPodAnnotation" >}} -- {{< feature-gate-description name="ExternalPolicyForExternalIP" >}} -- {{< feature-gate-description name="GCERegionalPersistentDisk" >}} -- {{< feature-gate-description name="GRPCContainerProbe" >}} -- {{< feature-gate-description name="GenericEphemeralVolume" >}} -- {{< feature-gate-description name="HugePageStorageMediumSize" >}} -- {{< feature-gate-description name="HugePages" >}} -- {{< feature-gate-description name="HyperVContainer" >}} -- {{< feature-gate-description name="IPv6DualStack" >}} -- {{< feature-gate-description name="IdentifyPodOS" >}} -- {{< feature-gate-description name="ImmutableEphemeralVolumes" >}} -- {{< feature-gate-description name="IndexedJob" >}} -- {{< feature-gate-description name="IngressClassNamespacedParams" >}} -- {{< feature-gate-description name="Initializers" >}} -- {{< feature-gate-description name="JobMutableNodeSchedulingDirectives" >}} -- {{< feature-gate-description name="JobTrackingWithFinalizers" >}} -- {{< feature-gate-description name="KubeletConfigFile" >}} -- {{< feature-gate-description name="KubeletCredentialProviders" >}} -- {{< feature-gate-description name="KubeletPluginsWatcher" >}} -- {{< feature-gate-description name="LegacyNodeRoleBehavior" >}} -- {{< feature-gate-description name="LegacyServiceAccountTokenNoAutoGeneration" >}} -- {{< feature-gate-description name="LocalStorageCapacityIsolation" >}} -- {{< feature-gate-description name="MixedProtocolLBService" >}} -- {{< feature-gate-description name="MountContainers" >}} -- {{< feature-gate-description name="MountPropagation" >}} -- {{< feature-gate-description name="MultiCIDRRangeAllocator" >}} -- {{< feature-gate-description name="NamespaceDefaultLabelName" >}} -- {{< feature-gate-description name="NetworkPolicyStatus" >}} -- {{< feature-gate-description name="NodeDisruptionExclusion" >}} -- {{< feature-gate-description name="NodeLease" >}} -- {{< feature-gate-description name="NonPreemptingPriority" >}} -- {{< feature-gate-description name="OpenAPIV3" >}} -- {{< feature-gate-description name="PVCProtection" >}} -- {{< feature-gate-description name="PersistentLocalVolumes" >}} -- {{< feature-gate-description name="PodAffinityNamespaceSelector" >}} -- {{< feature-gate-description name="PodDisruptionBudget" >}} -- {{< feature-gate-description name="PodHasNetworkCondition" >}} -- {{< feature-gate-description name="PodOverhead" >}} -- {{< feature-gate-description name="PodPriority" >}} -- {{< feature-gate-description name="PodReadinessGates" >}} -- {{< feature-gate-description name="PodSecurity" >}} -- {{< feature-gate-description name="PodShareProcessNamespace" >}} -- {{< feature-gate-description name="PreferNominatedNode" >}} -- {{< feature-gate-description name="ProbeTerminationGracePeriod" >}} -- {{< feature-gate-description name="RequestManagement" >}} -- {{< feature-gate-description name="ResourceLimitsPriorityFunction" >}} -- {{< feature-gate-description name="ResourceQuotaScopeSelectors" >}} -- {{< feature-gate-description name="RetroactiveDefaultStorageClass" >}} -- {{< feature-gate-description name="RootCAConfigMap" >}} -- {{< feature-gate-description name="RotateKubeletClientCertificate" >}} -- {{< feature-gate-description name="RunAsGroup" >}} -- {{< feature-gate-description name="RuntimeClass" >}} -- {{< feature-gate-description name="SCTPSupport" >}} -- {{< feature-gate-description name="ScheduleDaemonSetPods" >}} -- {{< feature-gate-description name="SeccompDefault" >}} -- {{< feature-gate-description name="SelectorIndex" >}} -- {{< feature-gate-description name="ServiceAccountIssuerDiscovery" >}} -- {{< feature-gate-description name="ServiceAppProtocol" >}} -- {{< feature-gate-description name="ServiceIPStaticSubrange" >}} -- {{< feature-gate-description name="ServiceInternalTrafficPolicy" >}} -- {{< feature-gate-description name="ServiceLoadBalancerClass" >}} -- {{< feature-gate-description name="ServiceLoadBalancerFinalizer" >}} -- {{< feature-gate-description name="ServiceLBNodePortControl" >}} -- {{< feature-gate-description name="ServiceNodeExclusion" >}} -- {{< feature-gate-description name="ServiceTopology" >}} -- {{< feature-gate-description name="SetHostnameAsFQDN" >}} -- {{< feature-gate-description name="StartupProbe" >}} -- {{< feature-gate-description name="StatefulSetMinReadySeconds" >}} -- {{< feature-gate-description name="StorageObjectInUseProtection" >}} -- {{< feature-gate-description name="StreamingProxyRedirects" >}} -- {{< feature-gate-description name="SupportIPVSProxyMode" >}} -- {{< feature-gate-description name="SupportNodePidsLimit" >}} -- {{< feature-gate-description name="SupportPodPidsLimit" >}} -- {{< feature-gate-description name="SuspendJob" >}} -- {{< feature-gate-description name="Sysctls" >}} -- {{< feature-gate-description name="TTLAfterFinished" >}} -- {{< feature-gate-description name="TaintBasedEvictions" >}} -- {{< feature-gate-description name="TaintNodesByCondition" >}} -- {{< feature-gate-description name="TokenRequest" >}} -- {{< feature-gate-description name="TokenRequestProjection" >}} -- {{< feature-gate-description name="TopologyManager" >}} -- {{< feature-gate-description name="UserNamespacesStatelessPodsSupport" >}} -- {{< feature-gate-description name="ValidateProxyRedirects" >}} -- {{< feature-gate-description name="VolumePVCDataSource" >}} -- {{< feature-gate-description name="VolumeScheduling" >}} -- {{< feature-gate-description name="VolumeSnapshotDataSource" >}} -- {{< feature-gate-description name="VolumeSubpath" >}} -- {{< feature-gate-description name="VolumeSubpathEnvExpansion" >}} -- {{< feature-gate-description name="WarningHeaders" >}} -- {{< feature-gate-description name="WindowsEndpointSliceProxying" >}} -- {{< feature-gate-description name="WindowsGMSA" >}} -- {{< feature-gate-description name="WindowsHostProcessContainers" >}} -- {{< feature-gate-description name="WindowsRunAsUserName" >}} + +{{< feature-gate-list show-removed="true" >}} diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md index a745776b2da08..671ebc61f75fa 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/index.md @@ -102,171 +102,10 @@ A *General Availability* (GA) feature is also referred to as a *stable* feature. ## List of feature gates {#feature-gates} -Each feature gate is designed for enabling/disabling a specific feature: +Each feature gate is designed for enabling/disabling a specific feature. -- {{< feature-gate-description name="AdmissionWebhookMatchConditions" >}} -- {{< feature-gate-description name="AllowServiceLBStatusOnNonLB" >}} -- {{< feature-gate-description name="AggregatedDiscoveryEndpoint" >}} -- {{< feature-gate-description name="AnyVolumeDataSource" >}} -- {{< feature-gate-description name="APIListChunking" >}} -- {{< feature-gate-description name="APIPriorityAndFairness" >}} -- {{< feature-gate-description name="APIResponseCompression" >}} -- {{< feature-gate-description name="APISelfSubjectReview" >}} -- {{< feature-gate-description name="APIServerIdentity" >}} -- {{< feature-gate-description name="APIServerTracing" >}} -- {{< feature-gate-description name="AppArmor" >}} -- {{< feature-gate-description name="CloudControllerManagerWebhook" >}} -- {{< feature-gate-description name="CloudDualStackNodeIPs" >}} -- {{< feature-gate-description name="ClusterTrustBundle" >}} -- {{< feature-gate-description name="ClusterTrustBundleProjection" >}} -- {{< feature-gate-description name="ComponentSLIs" >}} -- {{< feature-gate-description name="ConsistentHTTPGetHandlers" >}} -- {{< feature-gate-description name="ConsistentListFromCache" >}} -- {{< feature-gate-description name="ContainerCheckpoint" >}} -- {{< feature-gate-description name="ContextualLogging" >}} -- {{< feature-gate-description name="CPUManager" >}} -- {{< feature-gate-description name="CPUManagerPolicyAlphaOptions" >}} -- {{< feature-gate-description name="CPUManagerPolicyBetaOptions" >}} -- {{< feature-gate-description name="CPUManagerPolicyOptions" >}} -- {{< feature-gate-description name="CRDValidationRatcheting" >}} -- {{< feature-gate-description name="CronJobsScheduledAnnotation" >}} -- {{< feature-gate-description name="CronJobTimeZone" >}} -- {{< feature-gate-description name="CrossNamespaceVolumeDataSource" >}} -- {{< feature-gate-description name="CSIMigrationAzureFile" >}} -- {{< feature-gate-description name="CSIMigrationPortworx" >}} -- {{< feature-gate-description name="CSIMigrationRBD" >}} -- {{< feature-gate-description name="CSINodeExpandSecret" >}} -- {{< feature-gate-description name="CSIVolumeHealth" >}} -- {{< feature-gate-description name="CustomCPUCFSQuotaPeriod" >}} -- {{< feature-gate-description name="CustomResourceValidationExpressions" >}} -- {{< feature-gate-description name="DefaultHostNetworkHostPortsInPodTemplates" >}} -- {{< feature-gate-description name="DevicePluginCDIDevices" >}} -- {{< feature-gate-description name="DisableCloudProviders" >}} -- {{< feature-gate-description name="DisableKubeletCloudCredentialProviders" >}} -- {{< feature-gate-description name="DisableNodeKubeProxyVersion" >}} -- {{< feature-gate-description name="DynamicResourceAllocation" >}} -- {{< feature-gate-description name="EfficientWatchResumption" >}} -- {{< feature-gate-description name="ElasticIndexedJob" >}} -- {{< feature-gate-description name="EventedPLEG" >}} -- {{< feature-gate-description name="ExecProbeTimeout" >}} -- {{< feature-gate-description name="ExpandedDNSConfig" >}} -- {{< feature-gate-description name="ExperimentalHostUserNamespaceDefaulting" >}} -- {{< feature-gate-description name="GracefulNodeShutdown" >}} -- {{< feature-gate-description name="GracefulNodeShutdownBasedOnPodPriority" >}} -- {{< feature-gate-description name="GRPCContainerProbe" >}} -- {{< feature-gate-description name="HonorPVReclaimPolicy" >}} -- {{< feature-gate-description name="HPAContainerMetrics" >}} -- {{< feature-gate-description name="HPAScaleToZero" >}} -- {{< feature-gate-description name="ImageMaximumGCAge" >}} -- {{< feature-gate-description name="InPlacePodVerticalScaling" >}} -- {{< feature-gate-description name="InTreePluginAWSUnregister" >}} -- {{< feature-gate-description name="InTreePluginAzureDiskUnregister" >}} -- {{< feature-gate-description name="InTreePluginAzureFileUnregister" >}} -- {{< feature-gate-description name="InTreePluginGCEUnregister" >}} -- {{< feature-gate-description name="InTreePluginOpenStackUnregister" >}} -- {{< feature-gate-description name="InTreePluginPortworxUnregister" >}} -- {{< feature-gate-description name="InTreePluginRBDUnregister" >}} -- {{< feature-gate-description name="InTreePluginvSphereUnregister" >}} -- {{< feature-gate-description name="IPTablesOwnershipCleanup" >}} -- {{< feature-gate-description name="JobBackoffLimitPerIndex" >}} -- {{< feature-gate-description name="JobMutableNodeSchedulingDirectives" >}} -- {{< feature-gate-description name="JobPodFailurePolicy" >}} -- {{< feature-gate-description name="JobPodReplacementPolicy" >}} -- {{< feature-gate-description name="JobReadyPods" >}} -- {{< feature-gate-description name="KMSv1" >}} -- {{< feature-gate-description name="KMSv2" >}} -- {{< feature-gate-description name="KMSv2KDF" >}} -- {{< feature-gate-description name="KubeletCgroupDriverFromCRI" >}} -- {{< feature-gate-description name="KubeletInUserNamespace" >}} -- {{< feature-gate-description name="KubeletPodResources" >}} -- {{< feature-gate-description name="KubeletPodResourcesDynamicResources" >}} -- {{< feature-gate-description name="KubeletPodResourcesGet" >}} -- {{< feature-gate-description name="KubeletPodResourcesGetAllocatable" >}} -- {{< feature-gate-description name="KubeletSeparateDiskGC" >}} -- {{< feature-gate-description name="KubeletTracing" >}} -- {{< feature-gate-description name="KubeProxyDrainingTerminatingNodes" >}} -- {{< feature-gate-description name="LegacyServiceAccountTokenCleanUp" >}} -- {{< feature-gate-description name="LegacyServiceAccountTokenNoAutoGeneration" >}} -- {{< feature-gate-description name="LegacyServiceAccountTokenTracking" >}} -- {{< feature-gate-description name="LoadBalancerIPMode" >}} -- {{< feature-gate-description name="LocalStorageCapacityIsolationFSQuotaMonitoring" >}} -- {{< feature-gate-description name="LogarithmicScaleDown" >}} -- {{< feature-gate-description name="LoggingAlphaOptions" >}} -- {{< feature-gate-description name="LoggingBetaOptions" >}} -- {{< feature-gate-description name="MatchLabelKeysInPodAffinity" >}} -- {{< feature-gate-description name="MatchLabelKeysInPodTopologySpread" >}} -- {{< feature-gate-description name="MaxUnavailableStatefulSet" >}} -- {{< feature-gate-description name="MemoryManager" >}} -- {{< feature-gate-description name="MemoryQoS" >}} -- {{< feature-gate-description name="MinDomainsInPodTopologySpread" >}} -- {{< feature-gate-description name="MinimizeIPTablesRestore" >}} -- {{< feature-gate-description name="MultiCIDRServiceAllocator" >}} -- {{< feature-gate-description name="NewVolumeManagerReconstruction" >}} -- {{< feature-gate-description name="NFTablesProxyMode" >}} -- {{< feature-gate-description name="NodeInclusionPolicyInPodTopologySpread" >}} -- {{< feature-gate-description name="NodeLogQuery" >}} -- {{< feature-gate-description name="NodeOutOfServiceVolumeDetach" >}} -- {{< feature-gate-description name="NodeSwap" >}} -- {{< feature-gate-description name="OpenAPIEnums" >}} -- {{< feature-gate-description name="PDBUnhealthyPodEvictionPolicy" >}} -- {{< feature-gate-description name="PersistentVolumeLastPhaseTransitionTime" >}} -- {{< feature-gate-description name="PodAndContainerStatsFromCRI" >}} -- {{< feature-gate-description name="PodDeletionCost" >}} -- {{< feature-gate-description name="PodDisruptionConditions" >}} -- {{< feature-gate-description name="PodHostIPs" >}} -- {{< feature-gate-description name="PodIndexLabel" >}} -- {{< feature-gate-description name="PodLifecycleSleepAction" >}} -- {{< feature-gate-description name="PodReadyToStartContainersCondition" >}} -- {{< feature-gate-description name="PodSchedulingReadiness" >}} -- {{< feature-gate-description name="ProcMountType" >}} -- {{< feature-gate-description name="ProxyTerminatingEndpoints" >}} -- {{< feature-gate-description name="QOSReserved" >}} -- {{< feature-gate-description name="ReadWriteOncePod" >}} -- {{< feature-gate-description name="RecoverVolumeExpansionFailure" >}} -- {{< feature-gate-description name="RemainingItemCount" >}} -- {{< feature-gate-description name="RemoveSelfLink" >}} -- {{< feature-gate-description name="RotateKubeletServerCertificate" >}} -- {{< feature-gate-description name="RuntimeClassInImageCriApi" >}} -- {{< feature-gate-description name="SchedulerQueueingHints" >}} -- {{< feature-gate-description name="SecurityContextDeny" >}} -- {{< feature-gate-description name="SELinuxMountReadWriteOncePod" >}} -- {{< feature-gate-description name="SeparateTaintEvictionController" >}} -- {{< feature-gate-description name="ServerSideApply" >}} -- {{< feature-gate-description name="ServerSideFieldValidation" >}} -- {{< feature-gate-description name="ServiceAccountTokenJTI" >}} -- {{< feature-gate-description name="ServiceAccountTokenNodeBinding" >}} -- {{< feature-gate-description name="ServiceAccountTokenNodeBindingValidation" >}} -- {{< feature-gate-description name="ServiceAccountTokenPodNodeInfo" >}} -- {{< feature-gate-description name="ServiceNodePortStaticSubrange" >}} -- {{< feature-gate-description name="SidecarContainers" >}} -- {{< feature-gate-description name="SizeMemoryBackedVolumes" >}} -- {{< feature-gate-description name="SkipReadOnlyValidationGCE" >}} -- {{< feature-gate-description name="StableLoadBalancerNodeSet" >}} -- {{< feature-gate-description name="StatefulSetAutoDeletePVC" >}} -- {{< feature-gate-description name="StatefulSetStartOrdinal" >}} -- {{< feature-gate-description name="StorageVersionAPI" >}} -- {{< feature-gate-description name="StorageVersionHash" >}} -- {{< feature-gate-description name="StructuredAuthenticationConfiguration" >}} -- {{< feature-gate-description name="StructuredAuthorizationConfiguration" >}} -- {{< feature-gate-description name="TopologyAwareHints" >}} -- {{< feature-gate-description name="TopologyManager" >}} -- {{< feature-gate-description name="TopologyManagerPolicyAlphaOptions" >}} -- {{< feature-gate-description name="TopologyManagerPolicyBetaOptions" >}} -- {{< feature-gate-description name="TopologyManagerPolicyOptions" >}} -- {{< feature-gate-description name="TranslateStreamCloseWebsocketRequests" >}} -- {{< feature-gate-description name="UnauthenticatedHTTP2DOSMitigation" >}} -- {{< feature-gate-description name="UnknownVersionInteroperabilityProxy" >}} -- {{< feature-gate-description name="UserNamespacesPodSecurityStandards" >}} -- {{< feature-gate-description name="UserNamespacesSupport" >}} -- {{< feature-gate-description name="ValidatingAdmissionPolicy" >}} -- {{< feature-gate-description name="VolumeAttributesClass" >}} -- {{< feature-gate-description name="VolumeCapacityPriority" >}} -- {{< feature-gate-description name="WatchBookmark" >}} -- {{< feature-gate-description name="WatchList" >}} -- {{< feature-gate-description name="WindowsHostNetwork" >}} -- {{< feature-gate-description name="WinDSR" >}} -- {{< feature-gate-description name="WinOverlay" >}} -- {{< feature-gate-description name="ZeroLimitedNominalConcurrencyShares" >}} + +{{< feature-gate-list include="alpha,beta,ga,deprecated" >}} ## {{% heading "whatsnext" %}} diff --git a/layouts/shortcodes/feature-gate-list.html b/layouts/shortcodes/feature-gate-list.html new file mode 100644 index 0000000000000..7c965aac82891 --- /dev/null +++ b/layouts/shortcodes/feature-gate-list.html @@ -0,0 +1,60 @@ +{{- $featureDataFiles := .Site.GetPage "page" "docs/reference/command-line-tools-reference/feature-gates" -}} + + +{{- $removedFeatureGateRequested := .Get "show-removed" -}} + + +{{- $includeValues := .Get "include" -}} + + +{{- $sortedFeatureGates := sort ($featureDataFiles.Resources.ByType "page") -}} + +
    + {{- range $featureGateFile := $sortedFeatureGates -}} + + + {{- $featureGateName := $featureGateFile.Params.Title -}} + + + {{- $removedStatusForFeature := index $featureGateFile.Params.Removed -}} + + {{- $shouldDisplayThisFeatureGate := false -}} + + + {{- if not (isSet $featureGateFile.Params "stages") -}} + {{- warnf "Stages parameter is missing in the front matter for %s in %s" $featureGateName (print $featureGateFile.File.Lang "/" $featureGateFile.File.Path) -}} + + {{- else -}} + + {{- range $stage := $featureGateFile.Params.stages -}} + {{- if and (eq ($stage).stage "stable") (in $includeValues "ga") -}} + {{- $shouldDisplayThisFeatureGate = true -}} + {{- continue -}} + {{- end -}} + {{- if (in $includeValues ($stage).stage ) -}} + {{- $shouldDisplayThisFeatureGate = true -}} + {{- continue -}} + {{- end -}} + {{- end -}} + + {{- if and (not $removedFeatureGateRequested) ($removedStatusForFeature) -}} + {{- $shouldDisplayThisFeatureGate = false -}} + {{- end -}} + + {{- if and ($removedFeatureGateRequested) ($removedStatusForFeature) -}} + {{- $shouldDisplayThisFeatureGate = true -}} + {{- end -}} + {{- end -}} + + {{- if $shouldDisplayThisFeatureGate -}} + {{- with $featureGateFile.Content -}} +
  • + {{- $hasParagraphWrapper := (hasPrefix ( . | markdownify ) "

    ") -}} + {{- if not $hasParagraphWrapper }}

    {{ end -}} + {{ $featureGateName }}: {{ . | markdownify -}} + {{- if not $hasParagraphWrapper }}

    {{ end -}} +
    • + {{- end -}} + {{- end -}} + {{- end -}} +
\ No newline at end of file From 98c5caf14c8806f2614e500d7fb558314c1e9abb Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Thu, 28 Dec 2023 14:50:42 +0000 Subject: [PATCH 099/279] Revise guidance about documenting feature gate changes --- .../en/docs/contribute/new-content/new-features.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/content/en/docs/contribute/new-content/new-features.md b/content/en/docs/contribute/new-content/new-features.md index dc7fe07ada974..1caa49391de24 100644 --- a/content/en/docs/contribute/new-content/new-features.md +++ b/content/en/docs/contribute/new-content/new-features.md @@ -155,12 +155,6 @@ description of the feature gate is also required; create a new Markdown file inside `content/en/docs/reference/command-line-tools-reference/feature-gates/` (use other files as a template). -{{< note >}} -Make sure to add a -[`feature-gate-description` shortcode](/docs/contribute/style/hugo-shortcodes/#feature-gate-description) -into the feature gates page. The list is sorted alphabetically. -{{< /note >}} - When you change a feature gate to disabled-by-default to enabled-by-default, you may also need to change other documentation (not just the list of feature gates). Watch out for language such as ”The `exampleSetting` field @@ -195,11 +189,7 @@ Eventually, Kubernetes will stop including the feature gate at all. To signify t include `removed: true` in the front matter of the respective description file. This action triggers the transition of the feature gate from [Feature gates for graduated or deprecated features](/docs/reference/command-line-tools-reference/feature-gates-removed/#feature-gates-that-are-removed) section to a dedicated page titled -[Feature Gates (removed)](/docs/reference/command-line-tools-reference/feature-gates-removed/). - -Also make sure to move the relevant list entry and -[`feature-gate-description` shortcode](/docs/contribute/style/hugo-shortcodes/#feature-gate-description) into the -removed feature gates page. The lists are sorted alphabetically. +[Feature Gates (removed)](/docs/reference/command-line-tools-reference/feature-gates-removed/), including its description. ### All PRs reviewed and ready to merge From 89fc0b56cb041cc9cc4c91e548aa3ad0238d3ce9 Mon Sep 17 00:00:00 2001 From: DeltaX Date: Fri, 29 Dec 2023 00:06:18 +0800 Subject: [PATCH 100/279] [zh] Localize feature-gates/z*.md --- ...zero-limited-nominal-concurrency-shares.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md new file mode 100644 index 0000000000000..28ae0cef472c4 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md @@ -0,0 +1,19 @@ +--- +title: ZeroLimitedNominalConcurrencyShares +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.29" +--- + +允许 API 服务器中的[优先级和公平性](/zh-cn/docs/concepts/cluster-administration/flow-control/)使用 +`limited` 部分的 `nominalConcurrencyShares` 字段的零值作为优先级。 From c2210f5b57d3b71219aaaee852e654c799cfc46a Mon Sep 17 00:00:00 2001 From: DeltaX Date: Fri, 29 Dec 2023 00:11:49 +0800 Subject: [PATCH 101/279] Fix feature-gates/z*.md content format --- .../feature-gates/zero-limited-nominal-concurrency-shares.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md index f088c029b7bca..14e4d28bd4601 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md @@ -11,5 +11,5 @@ stages: fromVersion: "1.29" --- Allow [Priority & Fairness](/docs/concepts/cluster-administration/flow-control/) -in the API server to use a zero value for the `nominalConcurrencyShares field of +in the API server to use a zero value for the `nominalConcurrencyShares` field of the `limited` section of a priority level. From 05a88c374a1ae6842bcb9a316b1611f4db792afa Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sat, 23 Dec 2023 21:53:04 +0800 Subject: [PATCH 102/279] [zh-cn] sync basic-stateful-set.md Signed-off-by: xin.li --- .../basic-stateful-set.md | 161 +++++++++++++++--- 1 file changed, 138 insertions(+), 23 deletions(-) diff --git a/content/zh-cn/docs/tutorials/stateful-application/basic-stateful-set.md b/content/zh-cn/docs/tutorials/stateful-application/basic-stateful-set.md index 9459f662cba36..259162e678fae 100644 --- a/content/zh-cn/docs/tutorials/stateful-application/basic-stateful-set.md +++ b/content/zh-cn/docs/tutorials/stateful-application/basic-stateful-set.md @@ -145,8 +145,14 @@ of the StatefulSet's Pods. [`kubectl get`](/docs/reference/generated/kubectl/kubectl-commands/#get) 来监视 StatefulSet 的 Pod 的创建情况。 + ```shell -kubectl get pods -w -l app=nginx +# 使用此终端运行指定 --watch 的命令 +# 当你被要求开始一个新的 watch 时结束这个 watch +kubectl get pods --watch -l app=nginx ``` ### 顺序创建 Pod {#ordered-pod-creation} @@ -207,8 +213,14 @@ look like the example below. 对于一个拥有 **n** 个副本的 StatefulSet,Pod 被部署时是按照 **{0..n-1}** 的序号顺序创建的。 在第一个终端中使用 `kubectl get` 检查输出。这个输出最终将看起来像下面的样子。 + ```shell -kubectl get pods -w -l app=nginx +# 不要开始一个新的 watch +# 这应该已经处于 Running 状态 +kubectl get pods --watch -l app=nginx ``` ``` NAME READY STATUS RESTARTS AGE @@ -370,8 +382,14 @@ In one terminal, watch the StatefulSet's Pods: --> 在一个终端中监视 StatefulSet 的 Pod: + ```shell -kubectl get pod -w -l app=nginx +# 启动一个新的 watch +# 当你看到删除完成后结束这个 watch +kubectl get pod --watch -l app=nginx ``` 等待 StatefulSet 重启它们,并且两个 Pod 都变成 Running 和 Ready 状态: + ```shell -kubectl get pod -w -l app=nginx +# 这应该已经处于 Running 状态 +kubectl get pod --watch -l app=nginx ``` ``` NAME READY STATUS RESTARTS AGE @@ -611,8 +633,14 @@ In a second terminal, delete all of the StatefulSet's Pods: --> 在另一个终端删除 StatefulSet 所有的 Pod: + ```shell -kubectl delete pod -l app=nginx +# 当你到达该部分的末尾时结束此 watch +# 在开始“扩展 StatefulSet” 时,你将启动一个新的 watch。 +kubectl get pod --watch -l app=nginx ``` ``` pod "web-0" deleted @@ -625,8 +653,12 @@ for all of the Pods to transition to Running and Ready. --> 在第一个终端里检查 `kubectl get` 命令的输出,等待所有 Pod 变成 Running 和 Ready 状态。 + ```shell -kubectl get pod -w -l app=nginx +# 这应该已经处于 Running 状态 +kubectl get pod --watch -l app=nginx ``` ``` NAME READY STATUS RESTARTS AGE @@ -688,8 +720,16 @@ In one terminal window, watch the Pods in the StatefulSet: --> 在一个终端窗口监视 StatefulSet 的 Pod: + ```shell -kubectl get pods -w -l app=nginx +# 如果你已经有一个正在运行的 wach,你可以继续使用它。 +# 否则,就启动一个。 +# 当 StatefulSet 有 5 个健康的 Pod 时结束此 watch +kubectl get pods --watch -l app=nginx ``` 在第一个 终端中检查 `kubectl get` 命令的输出,等待增加的 3 个 Pod 的状态变为 Running 和 Ready。 + ```shell -kubectl get pods -w -l app=nginx +# 这应该已经处于 Running 状态 +kubectl get pod --watch -l app=nginx ``` ``` NAME READY STATUS RESTARTS AGE @@ -745,7 +789,7 @@ StatefulSet 控制器扩展了副本的数量。 Pod,并且会等待前一个 Pod 变为 Running 和 Ready 才会启动下一个 Pod。 ### 缩容 {#scaling-down} @@ -754,8 +798,13 @@ In one terminal, watch the StatefulSet's Pods: --> 在一个终端监视 StatefulSet 的 Pod: + ```shell kubectl get pods -w -l app=nginx +# 当 StatefulSet 只有 3 个 Pod 时结束此 watch +kubectl get pod --watch -l app=nginx ``` 等待 `web-4` 和 `web-3` 状态变为 Terminating。 + ```shell kubectl get pods -w -l app=nginx +# 这应该已经处于 Running 状态 +kubectl get pods --watch -l app=nginx ``` ``` NAME READY STATUS RESTARTS AGE @@ -898,8 +952,16 @@ In another terminal, watch the Pods in the StatefulSet: --> 在另一个终端监控 StatefulSet 中的 Pod: + ```shell -kubectl get pod -l app=nginx -w +# 滚动完成后结束此 watch +# +# 如果你不确定,请让它再运行一分钟 +kubectl get pod -l app=nginx --watch ``` 等待 Pod 变成 Running 和 Ready。 + ```shell -kubectl get pod -l app=nginx -w +# 当你看到 web-2 运行正常时结束 watch +kubectl get pod -l app=nginx --watch ``` ``` NAME READY STATUS RESTARTS AGE @@ -1097,7 +1163,12 @@ Patch the StatefulSet to decrement the partition: --> 通过 patch 命令修改 StatefulSet 来减少分区: + ```shell +# “partition” 的值应与 StatefulSet 现有的最高序数相匹配 kubectl patch statefulset web -p '{"spec":{"updateStrategy":{"type":"RollingUpdate","rollingUpdate":{"partition":2}}}}' ``` ``` @@ -1109,8 +1180,12 @@ Wait for `web-2` to be Running and Ready. --> 等待 `web-2` 变成 Running 和 Ready。 + ```shell -kubectl get pod -l app=nginx -w +# 这应该已经处于 Running 状态 +kubectl get pod -l app=nginx --watch ``` ``` NAME READY STATUS RESTARTS AGE @@ -1158,8 +1233,12 @@ Wait for the `web-1` Pod to be Running and Ready. --> 等待 `web-1` 变成 Running 和 Ready。 + ```shell -kubectl get pod -l app=nginx -w +# 这应该已经处于 Running 状态 +kubectl get pod -l app=nginx --watch ``` 等待 StatefulSet 中的所有 Pod 变成 Running 和 Ready。 + ```shell -kubectl get pod -l app=nginx -w +# 这应该已经处于 Running 状态 +kubectl get pod -l app=nginx --watch ``` 在一个终端窗口监视 StatefulSet 中的 Pod。 + ``` -kubectl get pods -w -l app=nginx +# 当 StatefulSet 没有 Pod 时结束此 watch +kubectl get pods --watch -l app=nginx ``` 在一个终端监控 StatefulSet 的 Pod。 + ```shell -kubectl get pods -w -l app=nginx +# 让 watch 一直运行到你下次启动 watch 为止 +kubectl get pods --watch -l app=nginx ``` 在第一个终端中运行并检查 `kubectl get` 命令的输出。 + ```shell -kubectl get pods -w -l app=nginx +# 这应该已经处于 Running 状态 +kubectl get pods --watch -l app=nginx ``` ``` NAME READY STATUS RESTARTS AGE @@ -1496,8 +1591,12 @@ In one terminal window, watch the Pods in the StatefulSet. --> 在一个终端窗口监视 StatefulSet 里的 Pod。 + ```shell -kubectl get pods -w -l app=nginx +# 让它运行直到下一页部分 +kubectl get pods --watch -l app=nginx ``` 在第一个终端检查 `kubectl get` 命令的输出,并等待所有的 Pod 变成 Terminating 状态。 + ```shell -kubectl get pods -w -l app=nginx +# 这应该已经处于 Running 状态 +kubectl get pods --watch -l app=nginx ``` ``` @@ -1686,8 +1789,12 @@ In one terminal, watch the Pods in the StatefulSet. --> 在一个终端窗口监视 StatefulSet 中的 Pod。 + ```shell -kubectl get pod -l app=nginx -w +# 让 watch 一直运行直到本节结束 +kubectl get pod -l app=nginx --watch ``` 查看你在第一个终端中运行的 `kubectl get` 命令的输出。 + ```shell -kubectl get pod -l app=nginx -w +# 这应该已经处于 Running 状态 +kubectl get pod -l app=nginx --watch ``` ``` NAME READY STATUS RESTARTS AGE @@ -1779,8 +1890,12 @@ You can watch `kubectl get` to see those Pods being deleted. --> 你可以监视 `kubectl get` 来查看那些 Pod 被删除: + ```shell -kubectl get pod -l app=nginx -w +# 当你看到需要的内容后结束 watch +kubectl get pod -l app=nginx --watch ``` ``` web-3 1/1 Terminating 0 9m From 1dd8780d8f9228f98fe638398e6fc2e371603e63 Mon Sep 17 00:00:00 2001 From: FanLin <931234477@qq.com> Date: Fri, 29 Dec 2023 09:31:27 +0800 Subject: [PATCH 103/279] [zh] Localize feature-gates/o*.md --- .../feature-gates/openapi-enums.md | 22 +++++++++++++++ .../feature-gates/openapiv3.md | 27 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md new file mode 100644 index 0000000000000..81ea1e335bd2a --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapi-enums.md @@ -0,0 +1,22 @@ +--- +title: OpenAPIEnums +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" +--- + + +允许在从 API 服务器返回的 spec 中填充 OpenAPI 模式的 "enum" 字段。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md new file mode 100644 index 0000000000000..1f0c63ee73ebb --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/openapiv3.md @@ -0,0 +1,27 @@ +--- +title: OpenAPIV3 +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.23" + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" +removed: true +--- + + +允许 API 服务器发布 OpenAPI V3。 From 151f2431044ae769f765cbdae5689f1e334f50cf Mon Sep 17 00:00:00 2001 From: DeltaX Date: Fri, 29 Dec 2023 01:22:23 +0800 Subject: [PATCH 104/279] [zh] Localize feature-gates/s*.md part 1 Apply suggestions from code review Co-authored-by: Michael --- .../feature-gates/schedule-daemon-set-pods.md | 30 ++++++++++++++++++ .../feature-gates/scheduler-queueing-hints.md | 28 +++++++++++++++++ .../feature-gates/sctp-support.md | 31 +++++++++++++++++++ .../feature-gates/seccomp-default.md | 30 ++++++++++++++++++ .../feature-gates/security-context-deny.md | 16 ++++++++++ .../feature-gates/selector-index.md | 30 ++++++++++++++++++ .../selinux-mount-read-write-once-pod.md | 28 +++++++++++++++++ .../separate-taint-eviction-controller.md | 24 ++++++++++++++ .../feature-gates/server-side-apply.md | 25 +++++++++++++++ .../server-side-field-validation.md | 27 ++++++++++++++++ 10 files changed, 269 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selector-index.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md new file mode 100644 index 0000000000000..9781c6f4cafa1 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/schedule-daemon-set-pods.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: ScheduleDaemonSetPods +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.18" + +removed: true +--- + +启用 DaemonSet Pod 由默认调度器而不是 DaemonSet 控制器进行调度。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md new file mode 100644 index 0000000000000..f46d9e86ea69b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/scheduler-queueing-hints.md @@ -0,0 +1,28 @@ +--- +title: SchedulerQueueingHints +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: false + fromVersion: "1.29" +--- + +启用[调度器的**排队提示**增强功能](https://github.com/kubernetes/enhancements/blob/master/keps/sig-scheduling/4247-queueinghint/README.md), +有助于减少无效的重新排队。 +调度器会在集群中发生可能导致 Pod 被重新调度的变化时,尝试重新进行 Pod 的调度。 +排队提示是一些内部信号, +用于帮助调度器基于先前的调度尝试来筛选集群中与未调度的 Pod 相关的变化。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md new file mode 100644 index 0000000000000..ee1d51f1b9d1c --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sctp-support.md @@ -0,0 +1,31 @@ +--- +# Removed from Kubernetes +title: SCTPSupport +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.22" + +removed: true +--- + +在 Pod、Service、Endpoints、NetworkPolicy 定义中允许将 **SCTP** +用作 `protocol` 值。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md new file mode 100644 index 0000000000000..35222827c96df --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/seccomp-default.md @@ -0,0 +1,30 @@ +--- +title: SeccompDefault +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" + toVersion: "1.28" + +removed: true +--- + +启用 `RuntimeDefault` 作为所有工作负载的默认 seccomp 配置文件。 +此 seccomp 配置文件在 Pod 和/或 Container 的 `securityContext` 中被指定。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md new file mode 100644 index 0000000000000..35a2a0d2deb1d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md @@ -0,0 +1,16 @@ +--- +title: SecurityContextDeny +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" +--- + +此门控表示 `SecurityContextDeny` 准入控制器已弃用。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selector-index.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selector-index.md new file mode 100644 index 0000000000000..49796215a08b1 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selector-index.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: SelectorIndex +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.25" + +removed: true +--- + +允许使用 API 服务器的 watch 缓存中基于标签和字段的索引来加速 list 操作。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md new file mode 100644 index 0000000000000..92a66f5732ab8 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/selinux-mount-read-write-once-pod.md @@ -0,0 +1,28 @@ +--- +title: SELinuxMountReadWriteOncePod +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: false + fromVersion: "1.27" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" +--- + +通过允许 kubelet 直接用正确的 SELinux +标签为 Pod 挂载卷而不是以递归方式更改这些卷上的每个文件来加速容器启动。 +最初的实现侧重 ReadWriteOncePod 卷。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md new file mode 100644 index 0000000000000..680cf66834df4 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/separate-taint-eviction-controller.md @@ -0,0 +1,24 @@ +--- +title: SeparateTaintEvictionController +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.29" +--- + +允许运行 `TaintEvictionController`,该控制器可在 `NodeLifecycleController` +之外执行[基于污点的驱逐](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/#taint-based-evictions)。 +此特性启用时,用户可以在 `kube-controller-manager` +上设置 `--controllers=-taint-eviction-controller` 标志, +可选择禁用基于污点的驱逐。 \ No newline at end of file diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md new file mode 100644 index 0000000000000..d366155ea60b9 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-apply.md @@ -0,0 +1,25 @@ +--- +title: ServerSideApply +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" +--- + +在 API 服务器上启用[服务器端应用(SSA)](/zh-cn/docs/reference/using-api/server-side-apply/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md new file mode 100644 index 0000000000000..42542f536030c --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/server-side-field-validation.md @@ -0,0 +1,27 @@ +--- +title: ServerSideFieldValidation +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + - stage: stable + defaultValue: true + fromVersion: "1.27" +--- + +启用服务器端字段验证。这意味着资源模式的验证发生在 API 服务器端而不是客户端 +(例如,`kubectl create` 或 `kubectl apply` 命令行)。 From da43467d736c14e58eb3534bb7b0c60bb23860a4 Mon Sep 17 00:00:00 2001 From: lbzs <627062293@qq.com> Date: Wed, 20 Dec 2023 10:15:33 +0800 Subject: [PATCH 105/279] [zh]Localize blog: loadbalancer-ip-mode-alpha --- ...1-29-feature-loadbalancer-ip-mode-alpha.md | 219 ++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2023-12-18-kubernetes-1-29-feature-loadbalancer-ip-mode-alpha.md diff --git a/content/zh-cn/blog/_posts/2023-12-18-kubernetes-1-29-feature-loadbalancer-ip-mode-alpha.md b/content/zh-cn/blog/_posts/2023-12-18-kubernetes-1-29-feature-loadbalancer-ip-mode-alpha.md new file mode 100644 index 0000000000000..3247a50c6b861 --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-12-18-kubernetes-1-29-feature-loadbalancer-ip-mode-alpha.md @@ -0,0 +1,219 @@ +--- +layout: blog +title: "Kubernetes 1.29 新的 Alpha 特性:Service 的负载均衡器 IP 模式" +date: 2023-12-18 +slug: kubernetes-1-29-feature-loadbalancer-ip-mode-alpha +--- + + + +**作者:** [Aohan Yang](https://github.com/RyanAoh) + +**译者:** Allen Zhang + + +本文介绍 Kubernetes 1.29 中一个新的 Alpha 特性。 +此特性提供了一种可配置的方式用于定义 Service 的实现方式,本文中以 +kube-proxy 为例介绍如何处理集群内从 Pod 到 Service 的流量。 + + +## 背景 + + +在 Kubernetes 早期版本中,kube-proxy 会拦截指向 `type: LoadBalancer` Service 关联 +IP 地址的流量。这与你为 `kube-proxy` 所使用的哪种模式无关。 + +这种拦截实现了预期行为(流量最终会抵达服务后挂载的端点)。这种机制取决于 kube-proxy 的模式,在 +Linux 中,运行于 iptables 模式下的 kube-proxy 会重定向数据包到后端端点;在 ipvs 模式下, +kube-proxy 会将负载均衡器的 IP 地址配置到节点的一个网络接口上。采用这种拦截有两个原因: + + +1. **流量路径优化:** 高效地重定向 Pod 流量 - 当 Pod 中的容器发送指向负载均衡器 IP 地址的出站包时, + 会绕过负载均衡器直接重定向到后端服务。 + + +2. **处理负载均衡数据包:** 有些负载均衡器发送的数据包设置目标 IP 为负载均衡器的 IP 地址。 + 因此,这些数据包需要被直接路由到正确的后端(可能不在该节点本地),以避免回环。 + + +## 问题 + + +然而,上述行为存在几个问题: + + +1. **[源 IP(Source IP)](https://github.com/kubernetes/kubernetes/issues/79783):** + 一些云厂商在传输数据包到节点时使用负载均衡器的 IP 地址作为源 IP。在 kube-proxy 的 ipvs 模式下, + 存在负载均衡器健康检查永远不会返回的问题。原因是回复的数据包被转发到本地网络接口 `kube-ipvs0`(绑定负载均衡器 IP 的接口)上并被忽略。 + + +2. **[负载均衡器层功能缺失](https://github.com/kubernetes/kubernetes/issues/66607):** + 某些云厂商在负载均衡器层提供了部分特性(例如 TLS 终结、协议代理等)。 + 绕过负载均衡器会导致当数据包抵达后端服务时这些特性不会生效(导致协议错误等)。 + + + +即使新的 Alpha 特性默认关闭,也有[临时解决方案](https://github.com/kubernetes/kubernetes/issues/66607#issuecomment-474513060), +即为 Service 设置 `.status.loadBalancer.ingress.hostname` 以绕过 kube-proxy 绑定。 +但这终究只是临时解决方案。 + + +## 解决方案 + + +总之,为云厂商提供选项以禁用当前这种行为大有裨益。 + + +Kubernetes 1.29 版本为 Service 引入新的 Alpha 字段 `.status.loadBalancer.ingress.ipMode` 以解决上述问题。 +该字段指定负载均衡器 IP 的运行方式,并且只有在指定 `.status.loadBalancer.ingress.ip` 字段时才能指定。 + + +`.status.loadBalancer.ingress.ipMode` 可选值为:`"VIP"` 和 `"Proxy"`。 +默认值为 `VIP`,即目标 IP 设置为负载均衡 IP 和端口并发送到节点的流量会被 kube-proxy 重定向到后端服务。 +这种方式保持 kube-proxy 现有行为模式。`Proxy` 用于阻止 kube-proxy 在 ipvs 和 iptables 模式下绑定负载均衡 IP 地址到节点。 +此时,流量会直达负载均衡器然后被重定向到目标节点。转发数据包的目的值配置取决于云厂商的负载均衡器如何传输流量。 + + +- 如果流量被发送到节点然后通过目标地址转换(`DNAT`)的方式到达 Pod,目的地应当设置为节点和 IP 和端口; +- 如果流量被直接转发到 Pod,目的地应当被设置为 Pod 的 IP 和端口。 + + +## 用法 + + +开启该特性的必要步骤: + + +- 下载 [Kubernetes 最新版本](https://kubernetes.io/releases/download/)(`v1.29.0` 或更新)。 +- 通过命令行参数 `--feature-gates=LoadBalancerIPMode=true` 在 kube-proxy、kube-apiserver 和 + cloud-controller-manager 开启特性门控。 +- 对于 `type: LoadBalancer` 类型的 Service,将 `ipMode` 设置为合适的值。 + 这一步可能由你在 `EnsureLoadBalancer` 过程中选择的 cloud-controller-manager 进行处理。 + + +## 更多信息 + + +- 阅读[指定负载均衡器状态的 IPMode](/zh-cn/docs/concepts/services-networking/service/#load-balancer-ip-mode)。 +- 阅读 [KEP-1860](https://kep.k8s.io/1860) - [让 Kubernetes 感知负载均衡器的行为](https://github.com/kubernetes/enhancements/tree/b103a6b0992439f996be4314caf3bf7b75652366/keps/sig-network/1860-kube-proxy-IP-node-binding#kep-1860-make-kubernetes-aware-of-the-loadbalancer-behaviour) _(sic)_。 + + +## 联系我们 + + +通过 [Slack](https://slack.k8s.io/) 频道 [#sig-network](https://kubernetes.slack.com/messages/sig-network), +或者通过[邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-network)联系我们。 + + +## 特别鸣谢 + + +非常感谢 [@Sh4d1](https://github.com/Sh4d1) 的原始提案和最初代码实现。 +我中途接手并完成了这项工作。同样我们也向其他帮助设计、实现、审查特性代码的贡献者表示感谢(按首字母顺序排列): + +- [@aojea](https://github.com/aojea) +- [@danwinship](https://github.com/danwinship) +- [@sftim](https://github.com/sftim) +- [@tengqm](https://github.com/tengqm) +- [@thockin](https://github.com/thockin) +- [@wojtek-t](https://github.com/wojtek-t) \ No newline at end of file From dccbe9fe2595967be43eff5441a471fe7dc77707 Mon Sep 17 00:00:00 2001 From: hunshcn Date: Thu, 28 Dec 2023 10:57:19 +0800 Subject: [PATCH 106/279] [zh-cn] sync pod-security-standards.md user-namespaces.md sysctl-cluster.md --- .../security/pod-security-standards.md | 19 ++++++++ .../workloads/pods/user-namespaces.md | 44 +++++++++++++++++++ .../administer-cluster/sysctl-cluster.md | 32 +++++++++----- 3 files changed, 83 insertions(+), 12 deletions(-) diff --git a/content/zh-cn/docs/concepts/security/pod-security-standards.md b/content/zh-cn/docs/concepts/security/pod-security-standards.md index b1286c87e5ab5..2b46cd07c79d1 100644 --- a/content/zh-cn/docs/concepts/security/pod-security-standards.md +++ b/content/zh-cn/docs/concepts/security/pod-security-standards.md @@ -316,6 +316,10 @@ fail validation.
  • net.ipv4.tcp_syncookies
  • net.ipv4.ping_group_range
  • net.ipv4.ip_local_reserved_ports(从 Kubernetes 1.27 开始)
    • +
  • net.ipv4.tcp_keepalive_time(从 Kubernetes 1.29 开始)
    • +
  • net.ipv4.tcp_fin_timeout(从 Kubernetes 1.29 开始)
    • +
  • net.ipv4.tcp_keepalive_intvl(从 Kubernetes 1.29 开始)
    • +
  • net.ipv4.tcp_keepalive_probes(从 Kubernetes 1.29 开始)
    • @@ -594,6 +598,21 @@ Restrictions on the following controls are only required if `.spec.os.name` is n - Seccomp - Linux 权能 + +## 用户命名空间 {#user-namespaces} + +用户命名空间是 Linux 特有的功能,可在运行工作负载时提高隔离度。 +关于用户命名空间如何与 PodSecurityStandard 协同工作, +请参阅 +[文档](/zh-cn/docs/concepts/workloads/pods/user-namespaces#integration-with-pod-security-admission-checks) +了解 Pod 如何使用用户命名空间。 + +## 与 Pod 安全准入检查的集成 {#integration-with-pod-security-admission-checks} + +{{< feature-state state="alpha" for_k8s_version="v1.29" >}} + + +对于启用了用户命名空间的 Linux Pod,Kubernetes 会以受控方式放宽 +[Pod 安全性标准](/zh-cn/docs/concepts/security/pod-security-standards)的应用。 +这种行为可以通过[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/) +`UserNamespacesPodSecurityStandards` 进行控制,可以让最终用户提前尝试此特性。 +如果管理员启用此特性门控,必须确保群集中的所有节点都启用了用户命名空间。 + + +如果你启用相关特性门控并创建了使用用户命名空间的 Pod,以下的字段不会被限制, +即使在执行了 _Baseline_ 或 _Restricted_ Pod 安全性标准的上下文中。这种行为不会带来安全问题, +因为带有用户命名空间的 Pod 内的 `root` 实际上指的是容器内的用户,绝不会映射到主机上的特权用户。 +以下是在这种情况下**不进行**检查的 Pod 字段列表: + +- `spec.securityContext.runAsNonRoot` +- `spec.containers[*].securityContext.runAsNonRoot` +- `spec.initContainers[*].securityContext.runAsNonRoot` +- `spec.ephemeralContainers[*].securityContext.runAsNonRoot` +- `spec.securityContext.runAsUser` +- `spec.containers[*].securityContext.runAsUser` +- `spec.initContainers[*].securityContext.runAsUser` + diff --git a/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md b/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md index 93249d9c853a2..0c9506bf0b252 100644 --- a/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md +++ b/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md @@ -129,19 +129,27 @@ The following sysctls are supported in the _safe_ set: 以下几种 sysctl 参数是 **安全的**: -- `kernel.shm_rmid_forced`, -- `net.ipv4.ip_local_port_range`, -- `net.ipv4.tcp_syncookies`, -- `net.ipv4.ping_group_range`(从 Kubernetes 1.18 开始), -- `net.ipv4.ip_unprivileged_port_start`(从 Kubernetes 1.22 开始), -- `net.ipv4.ip_local_reserved_ports`(从 Kubernetes 1.27 开始)。 +- `kernel.shm_rmid_forced`; +- `net.ipv4.ip_local_port_range`; +- `net.ipv4.tcp_syncookies`; +- `net.ipv4.ping_group_range`(从 Kubernetes 1.18 开始); +- `net.ipv4.ip_unprivileged_port_start`(从 Kubernetes 1.22 开始); +- `net.ipv4.ip_local_reserved_ports`(从 Kubernetes 1.27 开始,需要 kernel 3.16+); +- `net.ipv4.tcp_keepalive_time`(从 Kubernetes 1.29 开始,需要 kernel 4.5+); +- `net.ipv4.tcp_fin_timeout`(从 Kubernetes 1.29 开始,需要 kernel 4.6+); +- `net.ipv4.tcp_keepalive_intvl`(从 Kubernetes 1.29 开始,需要 kernel 4.5+); +- `net.ipv4.tcp_keepalive_probes`(从 Kubernetes 1.29 开始,需要 kernel 4.5+)。 {{< note >}} +为 `externalTrafficPolicy: Cluster` 服务实现终止节点的连接排空。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-plugins-watcher.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-plugins-watcher.md new file mode 100644 index 0000000000000..1124deb313716 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-plugins-watcher.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: KubeletPluginsWatcher +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.11" + toVersion: "1.11" + - stage: beta + defaultValue: true + fromVersion: "1.12" + toVersion: "1.12" + - stage: stable + defaultValue: true + fromVersion: "1.13" + toVersion: "1.16" + +removed: true +--- + + +启用基于探针的插件监视程序,使 kubelet 能够发现 +[CSI 卷驱动程序](/zh-cn/docs/concepts/storage/volumes/#csi)这类插件。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamic-resources.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamic-resources.md new file mode 100644 index 0000000000000..8edc7a3488b75 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamic-resources.md @@ -0,0 +1,24 @@ +--- +title: KubeletPodResourcesDynamicResources +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" +--- + + +扩展 kubelet 的 Pod 资源 gRPC 端点以包括通过 +`DynamicResourceAllocation` API 在 `ResourceClaims` 中分配的资源。 +详情参见[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)。 +包含有关可分配资源的信息,使客户端能够正确跟踪节点上的可用计算资源。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md new file mode 100644 index 0000000000000..a546f81a977f4 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md @@ -0,0 +1,28 @@ +--- +title: KubeletPodResourcesGetAllocatable +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" +--- + + +启用 kubelet 的 Pod 资源的 `GetAllocatableResources` 功能。 +此 API 增强了[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get.md new file mode 100644 index 0000000000000..13c9150658a30 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get.md @@ -0,0 +1,19 @@ +--- +title: KubeletPodResourcesGet +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" +--- + + +在 kubelet 上为 Pod 资源启用 `Get` gRPC 端点。 +此 API 增强了[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md new file mode 100644 index 0000000000000..72749f0c3ca0d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md @@ -0,0 +1,28 @@ +--- +title: KubeletPodResources +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.13" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" +--- + + +启用 kubelet 上 Pod 资源 gRPC 端点。 +详情参见[支持设备监控](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/606-compute-device-assignment/README.md)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-separate-disk-gc.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-separate-disk-gc.md new file mode 100644 index 0000000000000..98d6cf0d12008 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-separate-disk-gc.md @@ -0,0 +1,18 @@ +--- +title: KubeletSeparateDiskGC +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + + +启用 kubelet,即使在容器镜像和容器位于独立文件系统的情况下,也能进行垃圾回收。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-tracing.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-tracing.md new file mode 100644 index 0000000000000..566edb0c475d0 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/kubelet-tracing.md @@ -0,0 +1,26 @@ +--- +title: KubeletTracing +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.25" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" +--- + + +新增在 kubelet 中对分布式追踪的支持。 +启用时,kubelet CRI 接口和经身份验证的 http 服务器被插桩以生成 OpenTelemetry 追踪 span。 +详情参见[追踪 Kubernetes 系统组件](/zh-cn/docs/concepts/cluster-administration/system-traces/)。 From 552e53582db45aba0cd154b91cc2efd533fe8496 Mon Sep 17 00:00:00 2001 From: hunshcn Date: Thu, 28 Dec 2023 20:22:10 +0800 Subject: [PATCH 108/279] [zh-cn] sync service-accounts.md and serviceaccount link Signed-off-by: hunshcn --- .../zh-cn/docs/concepts/security/service-accounts.md | 12 +++++++----- .../configure-service-account.md | 6 +++--- .../tasks/extend-kubernetes/setup-konnectivity.md | 4 ++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/content/zh-cn/docs/concepts/security/service-accounts.md b/content/zh-cn/docs/concepts/security/service-accounts.md index 5e4defa131ef8..d25f461492f01 100644 --- a/content/zh-cn/docs/concepts/security/service-accounts.md +++ b/content/zh-cn/docs/concepts/security/service-accounts.md @@ -474,7 +474,8 @@ API 服务器按照以下方式检查该持有者令牌的有效性: -TokenRequest API 为 ServiceAccount 生成**绑定令牌**。这种绑定与以该 ServiceAccount 身份运行的 -的客户端(如 Pod)的生命期相关联。 +TokenRequest API 为 ServiceAccount 生成**绑定令牌**。这种绑定与以该 ServiceAccount +身份运行的客户端(如 Pod)的生命期相关联。有关绑定 Pod 服务账号令牌的 JWT 模式和载荷的示例, +请参阅[服务账号令牌卷投射](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/#serviceaccount-token-volume-projection)。 对于使用 `TokenRequest` API 签发的令牌,API 服务器还会检查正在使用 ServiceAccount 的特定对象引用是否仍然存在, 方式是通过该对象的{{< glossary_tooltip term_id="uid" text="唯一 ID" >}} 进行匹配。 @@ -516,14 +518,14 @@ account credentials, you can use the following methods: Kubernetes 项目建议你使用 TokenReview API,因为当你删除某些 API 对象 -(如 Secret、ServiceAccount 和 Pod)的时候,此方法将使绑定到这些 API 对象上的令牌失效。 +(如 Secret、ServiceAccount、Pod 和 Node)的时候,此方法将使绑定到这些 API 对象上的令牌失效。 例如,如果删除包含投射 ServiceAccount 令牌的 Pod,则集群立即使该令牌失效, 并且 TokenReview 操作也会立即失败。 如果你使用的是 OIDC 验证,则客户端将继续将令牌视为有效,直到令牌达到其到期时间戳。 diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md index 036ce85b09355..f566b7d80b768 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md @@ -594,7 +594,7 @@ myregistrykey -## 服务账号令牌卷投射 {#service-account-token-volume-projection} +## 服务账号令牌卷投射 {#serviceaccount-token-volume-projection} {{< feature-state for_k8s_version="v1.20" state="stable" >}} @@ -908,7 +908,7 @@ See also: - or learn to [distribute credentials securely using Secrets](/docs/tasks/inject-data-application/distribute-credentials-secure/) - but also bear in mind that using Secrets for authenticating as a ServiceAccount is deprecated. The recommended alternative is - [ServiceAccount token volume projection](#service-account-token-volume-projection). + [ServiceAccount token volume projection](#serviceaccount-token-volume-projection). --> 另请参见: @@ -917,7 +917,7 @@ See also: - 阅读 [Secret](/zh-cn/docs/concepts/configuration/secret/) 的概念 - 或者学习[使用 Secret 来安全地分发凭据](/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/) - 不过也要注意,使用 Secret 来完成 ServiceAccount 身份验证的做法已经过时。 - 建议的替代做法是执行 [ServiceAccount 令牌卷投射](#service-account-token-volume-projection)。 + 建议的替代做法是执行 [ServiceAccount 令牌卷投射](#serviceaccount-token-volume-projection)。 你需要配置 API 服务器来使用 Konnectivity 服务,并将网络流量定向到集群节点: -1. 确保[服务账号令牌卷投射](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection)特性被启用。 +1. 确保[服务账号令牌卷投射](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/#serviceaccount-token-volume-projection)特性被启用。 该特性自 Kubernetes v1.20 起默认已被启用。 1. 创建一个出站流量配置文件,比如 `admin/konnectivity/egress-selector-configuration.yaml`。 1. 将 API 服务器的 `--egress-selector-config-file` 参数设置为你的 API From 60b70a1cfe63c5a3f90c76d2172076acb83ee781 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sat, 23 Dec 2023 22:26:17 +0800 Subject: [PATCH 109/279] [zh-cn] sync fine-parallel-processing-work-queue.md Signed-off-by: xin.li --- .../fine-parallel-processing-work-queue.md | 133 ++++++++++-------- 1 file changed, 72 insertions(+), 61 deletions(-) diff --git a/content/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue.md b/content/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue.md index 8f6c0d5637407..0042a26b63f4f 100644 --- a/content/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue.md +++ b/content/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue.md @@ -1,23 +1,22 @@ --- title: 使用工作队列进行精细的并行处理 content_type: task -min-kubernetes-server-version: v1.8 weight: 30 --- -在这个例子中,我们会运行一个 Kubernetes Job,其中的 Pod 会运行多个并行工作进程。 +在此示例中,你将运行一个 Kubernetes Job,该 Job 将多个并行任务作为工作进程运行, +每个任务在单独的 Pod 中运行。 -1. **启动存储服务用于保存工作队列。** 在这个例子中,我们使用 Redis 来存储工作项。 - 在上一个例子中,我们使用了 RabbitMQ。 +1. **启动存储服务用于保存工作队列。** 在这个例子中,你将使用 Redis 来存储工作项。 + 在[上一个例子中](/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue), + 你使用了 RabbitMQ。 在这个例子中,由于 AMQP 不能为客户端提供一个良好的方法来检测一个有限长度的工作队列是否为空, - 我们使用了 Redis 和一个自定义的工作队列客户端库。 + 你将使用 Redis 和一个自定义的工作队列客户端库。 在实践中,你可能会设置一个类似于 Redis 的存储库,并将其同时用于多项任务或其他事务的工作队列。 +你将需要一个容器镜像仓库,可以向其中上传镜像以在集群中运行。 +此示例使用的是 [Docker Hub](https://hub.docker.com/), +当然你可以将其调整为别的容器镜像仓库。 + +此任务示例还假设你已在本地安装了 Docker,并使用 Docker 来构建容器镜像。 + ## 启动 Redis -对于这个例子,为了简单起见,我们将启动一个单实例的 Redis。 +对于这个例子,为了简单起见,你将启动一个单实例的 Redis。 了解如何部署一个可伸缩、高可用的 Redis 例子,请查看 [Redis 示例](https://github.com/kubernetes/examples/tree/master/guestbook) @@ -97,9 +112,9 @@ You could also download the following files directly: - [`worker.py`](/examples/application/job/redis/worker.py) 现在按回车键,启动 Redis 命令行界面,然后创建一个存在若干个工作项的列表。 ```shell -# redis-cli -h redis +redis-cli -h redis +``` +```console redis:6379> rpush job2 "apple" (integer) 1 redis:6379> rpush job2 "banana" @@ -158,9 +175,9 @@ redis:6379> lrange job2 0 -1 ``` -因此,这个键为 `job2` 的列表就是我们的工作队列。 +因此,这个键为 `job2` 的列表就是工作队列。 -## 创建镜像 +## 创建容器镜像 {#create-an-image} -现在我们已经准备好创建一个我们要运行的镜像。 +现在你已准备好创建一个镜像来处理该队列中的工作。 -我们会使用一个带有 Redis 客户端的 Python 工作程序从消息队列中读出消息。 +你将使用一个带有 Redis 客户端的 Python 工作程序从消息队列中读出消息。 -这里提供了一个简单的 Redis 工作队列客户端库,名为 rediswq.py ([下载](/examples/application/job/redis/rediswq.py))。 +这里提供了一个简单的 Redis 工作队列客户端库,名为 `rediswq.py` +([下载](/zh-cn/examples/application/job/redis/rediswq.py))。 你也可以下载 [`worker.py`](/examples/application/job/redis/worker.py)、 [`rediswq.py`](/examples/application/job/redis/rediswq.py) 和 -[`Dockerfile`](/examples/application/job/redis/Dockerfile) 文件。然后构建镜像: +[`Dockerfile`](/examples/application/job/redis/Dockerfile) 文件。然后构建容器镜像。 +以下是使用 Docker 进行镜像构建的示例: ```shell docker build -t job-wq-2 . @@ -234,52 +253,40 @@ your private repository](/docs/concepts/containers/images/). 你需要将镜像 push 到一个公共仓库或者 [配置集群访问你的私有仓库](/zh-cn/docs/concepts/containers/images/)。 - -如果你使用的是 [Google Container Registry](https://cloud.google.com/tools/container-registry/), -请先用你的 project ID 给你的镜像打上标签,然后 push 到 GCR。请将 `` 替换为你自己的 project ID。 - -```shell -docker tag job-wq-2 gcr.io//job-wq-2 -gcloud docker -- push gcr.io//job-wq-2 -``` - ## 定义一个 Job -这是 Job 定义: +以下是你将创建的 Job 的清单: {{% code_sample file="application/job/redis/job.yaml" %}} +{{< note >}} -请确保将 Job 模板中的 `gcr.io/myproject` 更改为你自己的路径。 +请确保将 Job 清单中的 `gcr.io/myproject` 更改为你自己的路径。 +{{< /note >}} 在这个例子中,每个 Pod 处理了队列中的多个项目,直到队列中没有项目时便退出。 因为是由工作程序自行检测工作队列是否为空,并且 Job 控制器不知道工作队列的存在, 这依赖于工作程序在完成工作时发出信号。 工作程序以成功退出的形式发出信号表示工作队列已经为空。 -所以,只要有任意一个工作程序成功退出,控制器就知道工作已经完成了,所有的 Pod 将很快会退出。 -因此,我们将 Job 的完成计数(Completion Count)设置为 1。 +所以,只要有**任意**一个工作程序成功退出,控制器就知道工作已经完成了,所有的 Pod 将很快会退出。 +因此,我们需要将 Job 的完成计数(Completion Count)设置为 1。 尽管如此,Job 控制器还是会等待其它 Pod 完成。 ```shell +# 这假设你已经下载并编辑了清单 kubectl apply -f ./job.yaml ``` -稍等片刻,然后检查这个 Job。 +稍等片刻,然后检查这个 Job: ```shell kubectl describe jobs/job-wq-2 @@ -313,14 +324,14 @@ Labels: controller-uid=b1c7e4e3-92e1-11e7-b85e-fa163ee3c11f Annotations: Parallelism: 2 Completions: -Start Time: Mon, 11 Jan 2016 17:07:59 -0800 +Start Time: Mon, 11 Jan 2022 17:07:59 +0000 Pods Statuses: 1 Running / 0 Succeeded / 0 Failed Pod Template: Labels: controller-uid=b1c7e4e3-92e1-11e7-b85e-fa163ee3c11f job-name=job-wq-2 Containers: c: - Image: gcr.io/exampleproject/job-wq-2 + Image: container-registry.example/exampleproject/job-wq-2 Port: Environment: Mounts: @@ -353,9 +364,9 @@ Working on lemon ``` -你可以看到,其中的一个 Pod 处理了若干个工作单元。 +你可以看到,此 Job 中的一个 Pod 处理了若干个工作单元。 @@ -374,10 +385,10 @@ want to consider one of the other -如果你有持续的后台处理业务,那么可以考虑使用 `ReplicaSet` 来运行你的后台业务, +如果你有持续的后台处理业务,那么可以考虑使用 ReplicaSet 来运行你的后台业务, 和运行一个类似 [https://github.com/resque/resque](https://github.com/resque/resque) 的后台处理库。 From 799b46ce9f3c9ba29fb3a867e8c5c67f6680f405 Mon Sep 17 00:00:00 2001 From: DeltaX Date: Fri, 29 Dec 2023 01:56:19 +0800 Subject: [PATCH 110/279] [zh] Localize feature-gates/s*.md part 2 Apply suggestions from code review Co-authored-by: Michael Co-authored-by: Qiming Teng --- .../service-account-issuer-discovery.md | 33 +++++++++++++++++ .../service-account-token-jti.md | 18 ++++++++++ ...e-account-token-node-binding-validation.md | 16 +++++++++ .../service-account-token-node-binding.md | 16 +++++++++ .../service-account-token-pod-node-info.md | 18 ++++++++++ .../feature-gates/service-app-protocol.md | 29 +++++++++++++++ .../service-internal-traffic-policy.md | 27 ++++++++++++++ .../service-ip-static-subrange.md | 35 +++++++++++++++++++ .../service-lb-node-port-control.md | 29 +++++++++++++++ .../service-load-balancer-class.md | 32 +++++++++++++++++ .../service-load-balancer-finalizer.md | 29 +++++++++++++++ .../feature-gates/service-node-exclusion.md | 32 +++++++++++++++++ .../service-nodeport-static-subrange.md | 28 +++++++++++++++ .../feature-gates/service-topology.md | 25 +++++++++++++ 14 files changed, 367 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-topology.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md new file mode 100644 index 0000000000000..8b911b4ad9696 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-issuer-discovery.md @@ -0,0 +1,33 @@ +--- +# Removed from Kubernetes +title: ServiceAccountIssuerDiscovery +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.23" + +removed: true +--- + +在 API 服务器中为服务账号颁发者启用 OIDC 发现端点(颁发者和 JWKS URL)。 +详情参见[为 Pod 配置服务账号](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md new file mode 100644 index 0000000000000..722d75d033df4 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-jti.md @@ -0,0 +1,18 @@ +--- +title: ServiceAccountTokenJTI +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + +控制是否将 JTI(UUID)嵌入到生成的服务账号令牌中, +以及对于这些令牌未来的请求,是否将这些 JTI 记录到 Kubernetes 审计日志中。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md new file mode 100644 index 0000000000000..c792a0a5b7d3f --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.md @@ -0,0 +1,16 @@ +--- +title: ServiceAccountTokenNodeBindingValidation +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + +控制 API 服务器是否会验证服务账号令牌中的 Node 引用。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md new file mode 100644 index 0000000000000..9fe83915ebd53 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding.md @@ -0,0 +1,16 @@ +--- +title: ServiceAccountTokenNodeBinding +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + +控制 API 服务器是否允许将服务账号令牌绑定到 Node 对象。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md new file mode 100644 index 0000000000000..4c26a4e530aa0 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-account-token-pod-node-info.md @@ -0,0 +1,18 @@ +--- +title: ServiceAccountTokenPodNodeInfo +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + +控制 API 服务器在颁发绑定到 Pod 对象的服务账号令牌时, +是否嵌入关联 Node 的名称和 `uid`。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md new file mode 100644 index 0000000000000..185276243f322 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-app-protocol.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: ServiceAppProtocol +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.18" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.22" + +removed: true +--- + +为 Service 和 Endpoints 启用 `appProtocol` 字段。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md new file mode 100644 index 0000000000000..2b0a26b22ddda --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-internal-traffic-policy.md @@ -0,0 +1,27 @@ +--- +title: ServiceInternalTrafficPolicy +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true +--- + +为 Service 启用 `internalTrafficPolicy` 字段。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md new file mode 100644 index 0000000000000..54322e80548a5 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-ip-static-subrange.md @@ -0,0 +1,35 @@ +--- +title: ServiceIPStaticSubrange +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" + toVersion: "1.24" + - stage: beta + defaultValue: true + fromVersion: "1.25" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.27" + +removed: true +--- + +启用 Service 的 ClusterIP 分配策略,从而细分 ClusterIP 范围。 +动态分配的 ClusterIP 地址将优先从较高范围分配, +以允许用户从较低范围分配静态 ClusterIP,进而降低发生冲突的风险。 +更多详细信息请参阅[避免冲突](/zh-cn/docs/reference/networking/virtual-ips/#avoiding-collisions)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md new file mode 100644 index 0000000000000..356ecaa6b5855 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-lb-node-port-control.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: ServiceLBNodePortControl +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true +--- + +为 Service 启用 `allocateLoadBalancerNodePorts` 字段。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md new file mode 100644 index 0000000000000..0a94b87381833 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-class.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: ServiceLoadBalancerClass +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true +--- + +为 Service 启用 `loadBalancerClass` 字段。 +有关更多信息,请参见[设置负载均衡器实现的类别](/zh-cn/docs/concepts/services-networking/service/#load-balancer-class)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md new file mode 100644 index 0000000000000..71a970685aa79 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-load-balancer-finalizer.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: ServiceLoadBalancerFinalizer +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" + toVersion: "1.15" + - stage: beta + defaultValue: true + fromVersion: "1.16" + toVersion: "1.16" + - stage: stable + defaultValue: true + fromVersion: "1.17" + toVersion: "1.20" + +removed: true +--- + +为 Service 负载均衡器启用终结器(finalizers)保护。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md new file mode 100644 index 0000000000000..46654c488920c --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-node-exclusion.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: ServiceNodeExclusion +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true +--- + +允许从云提供商创建的负载均衡器中排除节点。 +如果节点标记有 `node.kubernetes.io/exclude-from-external-load-balancers` 标签, +则可以排除该节点。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md new file mode 100644 index 0000000000000..cae508ef64395 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-nodeport-static-subrange.md @@ -0,0 +1,28 @@ +--- +title: ServiceNodePortStaticSubrange +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.27" + toVersion: "1.27" + - stage: beta + defaultValue: true + fromVersion: "1.28" + toVersion: "1.28" + - stage: stable + defaultValue: true + fromVersion: "1.29" +--- + +允许对 NodePort Service 使用不同的端口分配策略。 +有关更多详细信息, +请参阅[保留 NodePort 范围以避免冲突](/zh-cn/docs/concepts/services-networking/service/#avoid-nodeport-collisions)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-topology.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-topology.md new file mode 100644 index 0000000000000..825b138e35f01 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/service-topology.md @@ -0,0 +1,25 @@ +--- +# Removed from Kubernetes +title: ServiceTopology +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.17" + toVersion: "1.19" + - stage: deprecated + defaultValue: false + fromVersion: "1.20" + toVersion: "1.22" + +removed: true +--- + +允许 Service 基于集群的节点拓扑进行流量路由。 From ee2d9ce0256a17cd337349cd9f75d2a9a758bcd5 Mon Sep 17 00:00:00 2001 From: lbzs <627062293@qq.com> Date: Tue, 19 Dec 2023 17:30:11 +0800 Subject: [PATCH 111/279] [zh] Localize a blog: taint-eviction-controller.md --- .../2023-12-19-taint-eviction-controller.md | 183 ++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2023-12-19-taint-eviction-controller.md diff --git a/content/zh-cn/blog/_posts/2023-12-19-taint-eviction-controller.md b/content/zh-cn/blog/_posts/2023-12-19-taint-eviction-controller.md new file mode 100644 index 0000000000000..ff765356dadf5 --- /dev/null +++ b/content/zh-cn/blog/_posts/2023-12-19-taint-eviction-controller.md @@ -0,0 +1,183 @@ +--- +layout: blog +title: "Kubernetes 1.29: 解耦污点管理器与节点生命周期控制器" +date: 2023-12-19 +slug: kubernetes-1-29-taint-eviction-controller +--- + + + +**作者:** Yuan Chen (Apple), Andrea Tosatto (Apple) + +**译者:** Allen Zhang + + +这篇博客讨论在 Kubernetes 1.29 中基于污点的 Pod 驱逐处理的新特性。 + + +## 背景 + + +在 Kubernetes 1.29 中引入了一项改进,以加强节点上基于污点的 Pod 驱逐处理。 +本文将讨论对节点生命周期控制器(node-lifecycle-controller)所做的更改,以分离职责并提高代码的整体可维护性。 + + +## 变动摘要 + + +节点生命周期控制器之前组合了两个独立的功能: + + +- 基于节点的条件为节点新增了一组预定义的污点 `NoExecute`。 +- 对有 `NoExecute` 污点的 Pod 执行驱逐操作。 + + +在 Kubernetes 1.29 版本中,基于污点的驱逐实现已经从节点生命周期控制器中移出, +成为一个名为污点驱逐控制器(taint-eviction-controller)的独立组件。 +旨在拆分代码,提高代码的可维护性,并方便未来对这两个组件进行扩展。 + + +以下新指标可以帮助你监控基于污点的 Pod 驱逐: + + +- `pod_deletion_duration_seconds` 表示当 Pod 的污点被激活直到这个 Pod 被污点驱逐控制器删除的延迟时间。 +- `pod_deletions_total` 表示自从污点驱逐控制器启动以来驱逐的 Pod 总数。 + + +## 如何使用这个新特性? + + +名为 `SeparateTaintEvictionController` 的特性门控已被添加。该特性在 Kubernetes 1.29 Beta 版本中默认开启。 +详情请参阅[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。 + + + +当这项特性启用时,用户可以通过在 `kube-controller-manager` 通过手动设置 +`--controllers=-taint-eviction-controller` 的方式来禁用基于污点的驱逐功能。 + + +如果想禁用该特性并在节点生命周期中使用旧版本污点管理器,用户可以通过设置 `SeparateTaintEvictionController=false` 来禁用。 + + +## 使用案例 + + +该特性将允许集群管理员扩展、增强默认的污点驱逐控制器,并且可以使用自定义的实现方式替换默认的污点驱逐控制器以满足不同的需要。 +例如:更好地支持在本地磁盘的持久卷中的有状态工作负载。 + + +## FAQ + + +**该特性是否会改变现有的基于污点的 Pod 驱逐行为?** + + +不会,基于污点的 Pod 驱逐行为保持不变。如果特性门控 `SeparateTaintEvictionController` 被关闭, +将继续使用之前的节点生命周期管理器中的污点管理器。 + + +**启用/使用此特性是否会导致现有 SLI/SLO 中任何操作的用时增加?** + + +不会。 + + +**启用/使用此特性是否会导致资源利用量(如 CPU、内存、磁盘、IO 等)的增加?** + + +运行单独的 `taint-eviction-controller` 所增加的资源利用量可以忽略不计。 + + +## 了解更多 + + +更多细节请参考 [KEP](http://kep.k8s.io/3902)。 + + +## 特别鸣谢 + + +与任何 Kubernetes 特性一样,从撰写 KEP 到实现新控制器再到审核 KEP 和代码,多名社区成员都做出了贡献,特别感谢: + +- Aldo Culquicondor (@alculquicondor) +- Maciej Szulik (@soltysh) +- Filip Křepinský (@atiratree) +- Han Kang (@logicalhan) +- Wei Huang (@Huang-Wei) +- Sergey Kanzhelevi (@SergeyKanzhelev) +- Ravi Gudimetla (@ravisantoshgudimetla) +- Deep Debroy (@ddebroy) From 712f1258a21ae0c6662df30733e3934ee9bc5b98 Mon Sep 17 00:00:00 2001 From: steve-hardman <132999137+steve-hardman@users.noreply.github.com> Date: Fri, 29 Dec 2023 15:02:35 +0000 Subject: [PATCH 112/279] Fix typo Co-authored-by: Dipesh Rawat --- .../en/docs/concepts/containers/container-lifecycle-hooks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/containers/container-lifecycle-hooks.md b/content/en/docs/concepts/containers/container-lifecycle-hooks.md index 39236328011fb..9cb9fa367779d 100644 --- a/content/en/docs/concepts/containers/container-lifecycle-hooks.md +++ b/content/en/docs/concepts/containers/container-lifecycle-hooks.md @@ -50,7 +50,7 @@ A more detailed description of the termination behavior can be found in ### Hook handler implementations Containers can access a hook by implementing and registering a handler for that hook. -There are threetypes of hook handlers that can be implemented for Containers: +There are three types of hook handlers that can be implemented for Containers: * Exec - Executes a specific command, such as `pre-stop.sh`, inside the cgroups and namespaces of the Container. Resources consumed by the command are counted against the Container. From eea19f4f81e3ca79f965c04f2de749f849753aa9 Mon Sep 17 00:00:00 2001 From: DeltaX Date: Sat, 30 Dec 2023 02:15:01 +0800 Subject: [PATCH 113/279] Remove useless file in feature-gates/s* --- .../feature-gates/service-account-token-node-binding-validation.m | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.m diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.m b/content/en/docs/reference/command-line-tools-reference/feature-gates/service-account-token-node-binding-validation.m deleted file mode 100644 index e69de29bb2d1d..0000000000000 From 3c85f62e4d45692ab82521e8c1bbcde2289055ac Mon Sep 17 00:00:00 2001 From: Arhell Date: Sat, 30 Dec 2023 04:11:44 +0200 Subject: [PATCH 114/279] [hi] Fix broken GitHub Learning link --- content/hi/docs/contribute/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/hi/docs/contribute/_index.md b/content/hi/docs/contribute/_index.md index c6f748bbda0c7..f26271a2af652 100644 --- a/content/hi/docs/contribute/_index.md +++ b/content/hi/docs/contribute/_index.md @@ -39,7 +39,7 @@ card: [`kubernetes/website` GitHub रिपॉजिटरी](https://github.com/kubernetes/website) मे बदलाव पुल अनुरोध (PR) द्वारा कर सकता है। आपको [Git](https://git-scm.com/) और -[Github](https://lab.github.com/) +[Github](https://skills.github.com/) की जानकारी होनी चाहिए ताकि आप कुबेरनेटेस समुदाय मे प्रभावी रूप से काम कर सकें। प्रलेखन मे सहयोग करने के लिए: From 32169e751c2f20d758e856127165b15a0eee3280 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Sat, 30 Dec 2023 15:20:17 +0800 Subject: [PATCH 115/279] WIP fix API reference problem --- static/css/style_apiref.css | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/static/css/style_apiref.css b/static/css/style_apiref.css index 87737bf02f585..635b625d91640 100644 --- a/static/css/style_apiref.css +++ b/static/css/style_apiref.css @@ -100,13 +100,11 @@ code { display: block; height: 100%; position: fixed; - width: 100%; - z-index: 1; top: 0; left: 0; background-color: rgba(51, 113, 227, 3%); border-right: 1px solid #dee2e6; - overflow-x: hidden; + overflow-x: scroll; padding-top: .5rem; } From f64f67e36b73a2e374bfdb84998a64474ddaba5d Mon Sep 17 00:00:00 2001 From: Arhell Date: Sun, 31 Dec 2023 01:35:18 +0200 Subject: [PATCH 116/279] [pt] Fix broken GitHub Learning link --- content/pt-br/docs/contribute/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/contribute/_index.md b/content/pt-br/docs/contribute/_index.md index e5a227c2f13a0..7d60fb44d1b57 100644 --- a/content/pt-br/docs/contribute/_index.md +++ b/content/pt-br/docs/contribute/_index.md @@ -35,7 +35,7 @@ Contribuidores da documentação do Kubernetes podem: Qualquer pessoa pode abrir uma issue sobre a documentação, ou contribuir com uma mudança por meio de um pull request (PR) para o [repositório do Github `kubernetes/website`](https://github.com/kubernetes/website). É recomendável que você se sinta confortável com [git](https://git-scm.com/) e -[Github](https://lab.github.com/) para trabalhar efetivamente na comunidade Kubernetes. +[Github](https://skills.github.com/) para trabalhar efetivamente na comunidade Kubernetes. Para se envolver com a documentação: From 88820251b44bff55703bf598ddf7a6c53f691ebd Mon Sep 17 00:00:00 2001 From: John Gaughan <75457317+john-gaughan@users.noreply.github.com> Date: Sat, 30 Dec 2023 17:17:02 -0800 Subject: [PATCH 117/279] Grammar corrections --- .../tutorials/kubernetes-basics/deploy-app/deploy-intro.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html index 7339066dc7f21..bb828e745fe0f 100644 --- a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html @@ -134,8 +134,8 @@

    View the app

    By default they are visible from other pods and services within the same Kubernetes cluster, but not outside that network. When we use kubectl, we're interacting through an API endpoint to communicate with our application.

    We will cover other options on how to expose your application outside the Kubernetes cluster later, in Module 4. - Also as a basic tutorial, we're not explaining what Pods are in any detail here, it will cover in later topics.

    -

    The kubectl proxy command can create a proxy that will forward communications into the cluster-wide, private network. The proxy can be terminated by pressing control-C and won't show any output while its running.

    + Also as a basic tutorial, we're not explaining what Pods are in any detail here, it will be covered in later topics.

    +

    The kubectl proxy command can create a proxy that will forward communications into the cluster-wide, private network. The proxy can be terminated by pressing control-C and won't show any output while it's running.

    You need to open a second terminal window to run the proxy.

    kubectl proxy

    We now have a connection between our host (the terminal) and the Kubernetes cluster. The proxy enables direct access to the API from these terminals.

    From 7e631d0318dc279cb2d31231d8823360e61e9304 Mon Sep 17 00:00:00 2001 From: DeltaX Date: Sun, 31 Dec 2023 23:40:05 +0800 Subject: [PATCH 118/279] [zh] Fix link anchor in configure-service-account.md --- .../tasks/configure-pod-container/configure-service-account.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md index f566b7d80b768..21f76bec46c69 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md @@ -794,7 +794,7 @@ often good enough for the application to load the token on a schedule -## 发现服务账号分发者 +## 发现服务账号分发者 {#service-account-issuer-discovery} {{< feature-state for_k8s_version="v1.21" state="stable" >}} From 8b46ec4047d2a928fe608401905d7702acdc3cfd Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 1 Jan 2024 21:15:50 +0800 Subject: [PATCH 119/279] Fix several link errors --- .../en/docs/concepts/cluster-administration/flow-control.md | 2 +- .../en/docs/concepts/scheduling-eviction/assign-pod-node.md | 4 ++-- content/en/docs/concepts/services-networking/gateway.md | 2 +- content/en/docs/concepts/storage/persistent-volumes.md | 4 +--- .../feature-gates/network-policy-end-port.md | 2 +- .../feature-gates/topology-aware-hints.md | 2 +- content/en/docs/reference/kubectl/_index.md | 2 +- .../docs/tasks/access-application-cluster/access-cluster.md | 2 +- .../en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md | 2 +- 9 files changed, 10 insertions(+), 12 deletions(-) diff --git a/content/en/docs/concepts/cluster-administration/flow-control.md b/content/en/docs/concepts/cluster-administration/flow-control.md index 859e841d0b73c..93a94ad3c2e54 100644 --- a/content/en/docs/concepts/cluster-administration/flow-control.md +++ b/content/en/docs/concepts/cluster-administration/flow-control.md @@ -47,7 +47,7 @@ are not subject to the `--max-requests-inflight` limit. The API Priority and Fairness feature is controlled by a command-line flag and is enabled by default. See -[Options](/docs/reference/command-line-tools-reference/kube-apiserver/options/) +[Options](/docs/reference/command-line-tools-reference/kube-apiserver/#options) for a general explanation of the available kube-apiserver command-line options and how to enable and disable them. The name of the command-line option for APF is "--enable-priority-and-fairness". This feature diff --git a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md index 3e8a6a14073a9..8aa1e97200891 100644 --- a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md +++ b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md @@ -306,7 +306,7 @@ Pod affinity rule uses the "hard" uses the "soft" `preferredDuringSchedulingIgnoredDuringExecution`. The affinity rule specifies that the scheduler is allowed to place the example Pod -on a node only if that node belongs to a specific [zone](/docs/concepts/scheduling-eviction/topology-spread-constraints/topology-spread-constraints/) +on a node only if that node belongs to a specific [zone](/docs/concepts/scheduling-eviction/topology-spread-constraints/) where other Pods have been labeled with `security=S1`. For instance, if we have a cluster with a designated zone, let's call it "Zone V," consisting of nodes labeled with `topology.kubernetes.io/zone=V`, the scheduler can @@ -315,7 +315,7 @@ Zone V already labeled with `security=S1`. Conversely, if there are no Pods with labels in Zone V, the scheduler will not assign the example Pod to any node in that zone. The anti-affinity rule specifies that the scheduler should try to avoid scheduling the Pod -on a node if that node belongs to a specific [zone](/docs/concepts/scheduling-eviction/topology-spread-constraints/topology-spread-constraints/) +on a node if that node belongs to a specific [zone](/docs/concepts/scheduling-eviction/topology-spread-constraints/) where other Pods have been labeled with `security=S2`. For instance, if we have a cluster with a designated zone, let's call it "Zone R," consisting of nodes labeled with `topology.kubernetes.io/zone=R`, the scheduler should avoid diff --git a/content/en/docs/concepts/services-networking/gateway.md b/content/en/docs/concepts/services-networking/gateway.md index dd54398659a40..9a54f6bee676c 100644 --- a/content/en/docs/concepts/services-networking/gateway.md +++ b/content/en/docs/concepts/services-networking/gateway.md @@ -191,7 +191,7 @@ guide for details on migrating Ingress resources to Gateway API resources. ## {{% heading "whatsnext" %}} Instead of Gateway API resources being natively implemented by Kubernetes, the specifications -are defined as [Custom Resources](docs/concepts/extend-kubernetes/api-extension/custom-resources) +are defined as [Custom Resources](/docs/concepts/extend-kubernetes/api-extension/custom-resources/) supported by a wide range of [implementations](https://gateway-api.sigs.k8s.io/implementations/). [Install](https://gateway-api.sigs.k8s.io/guides/#installing-gateway-api) the Gateway API CRDs or follow the installation instructions of your selected implementation. After installing an diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md index 0d5caa4ef2f13..39949e22fcd7f 100644 --- a/content/en/docs/concepts/storage/persistent-volumes.md +++ b/content/en/docs/concepts/storage/persistent-volumes.md @@ -578,9 +578,7 @@ mounting of NFS filesystems. ### Capacity Generally, a PV will have a specific storage capacity. This is set using the PV's -`capacity` attribute. Read the glossary term -[Quantity](/docs/reference/glossary/?all=true#term-quantity) to understand the units -expected by `capacity`. +`capacity` attribute which is a {{< glossary_tooltip term_id="quantity" >}} value. Currently, storage size is the only resource that can be set or requested. Future attributes may include IOPS, throughput, etc. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md index 1766a6898814d..3897009c791f3 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/network-policy-end-port.md @@ -22,5 +22,5 @@ stages: removed: true --- Allows you to define ports in a -[NetworkPolicy](docs/concepts/services-networking/network-policies/) +[NetworkPolicy](/docs/concepts/services-networking/network-policies/) rule as a range of port numbers. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md index d4616b2bf154b..390d9fee79fb6 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-aware-hints.md @@ -20,5 +20,5 @@ stages: --- Enables topology aware routing based on topology hints in EndpointSlices. See [Topology Aware -Hints](/docs/concepts/services-networking/topology-aware-hints/) for more +Hints](/docs/concepts/services-networking/topology-aware-routing/) for more details. diff --git a/content/en/docs/reference/kubectl/_index.md b/content/en/docs/reference/kubectl/_index.md index f04d5edcf9d98..c692517b51543 100644 --- a/content/en/docs/reference/kubectl/_index.md +++ b/content/en/docs/reference/kubectl/_index.md @@ -24,7 +24,7 @@ For details about each command, including all the supported flags and subcommand [kubectl](/docs/reference/generated/kubectl/kubectl-commands/) reference documentation. For installation instructions, see [Installing kubectl](/docs/tasks/tools/#kubectl); -for a quick guide, see the [cheat sheet](/docs/reference/kubectl/cheatsheet/). +for a quick guide, see the [cheat sheet](/docs/reference/kubectl/quick-reference/). If you're used to using the `docker` command-line tool, [`kubectl` for Docker Users](/docs/reference/kubectl/docker-cli-to-kubectl/) explains some equivalent commands for Kubernetes. diff --git a/content/en/docs/tasks/access-application-cluster/access-cluster.md b/content/en/docs/tasks/access-application-cluster/access-cluster.md index 09122dbc65609..a7ddade17d081 100644 --- a/content/en/docs/tasks/access-application-cluster/access-cluster.md +++ b/content/en/docs/tasks/access-application-cluster/access-cluster.md @@ -26,7 +26,7 @@ Check the location and credentials that kubectl knows about with this command: kubectl config view ``` -Many of the [examples](/docs/reference/kubectl/cheatsheet/) provide an introduction to using +Many of the [examples](/docs/reference/kubectl/quick-reference/) provide an introduction to using `kubectl`, and complete documentation is found in the [kubectl reference](/docs/reference/kubectl/). diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md index b745a22792c75..db812fa0ec79b 100644 --- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md +++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md @@ -465,7 +465,7 @@ sudo kubeadm certs generate-csr ``` If external etcd is to be used, follow the -[External etcd with kubeadm](docs/setup/production-environment/tools/kubeadm/high-availability/#external-etcd-nodes) +[External etcd with kubeadm](/docs/setup/production-environment/tools/kubeadm/high-availability/#external-etcd-nodes) guide to understand what CSR files are needed on the kubeadm and etcd nodes. Other `.csr` and `.key` files under `/etc/kubernetes/pki/etcd` can be removed. From 1a4bda3ef935e952b3ac269d85e3e31c0542e60e Mon Sep 17 00:00:00 2001 From: DeltaX Date: Sat, 30 Dec 2023 02:05:16 +0800 Subject: [PATCH 120/279] [zh] Localize feature-gates/s*.md part 3 Apply suggestions from code review Co-authored-by: Michael Co-authored-by: Qiming Teng --- .../feature-gates/set-hostname-as-fqdn.md | 32 +++++++++++++++++ .../feature-gates/sidecar-containers.md | 25 +++++++++++++ .../size-memory-backed-volumes.md | 21 +++++++++++ .../skip-read-only-validation-gce.md | 21 +++++++++++ .../stable-load-balancer-node-set.md | 17 +++++++++ .../feature-gates/startup-probe.md | 30 ++++++++++++++++ .../stateful-set-auto-delete-pvc.md | 27 ++++++++++++++ .../stateful-set-min-ready-seconds.md | 30 ++++++++++++++++ .../stateful-set-start-ordinal.md | 24 +++++++++++++ .../storage-object-in-use-protection.md | 27 ++++++++++++++ .../feature-gates/storage-version-api.md | 17 +++++++++ .../feature-gates/storage-version-hash.md | 21 +++++++++++ .../streaming-proxy-redirects.md | 36 +++++++++++++++++++ ...structured-authentication-configuration.md | 17 +++++++++ .../structured-authorization-configuration.md | 19 ++++++++++ .../feature-gates/support-ipvs-proxy-mode.md | 35 ++++++++++++++++++ .../feature-gates/support-node-pids-limit.md | 35 ++++++++++++++++++ .../feature-gates/support-pod-pids-limit.md | 29 +++++++++++++++ .../feature-gates/suspend-job.md | 31 ++++++++++++++++ .../feature-gates/sysctls.md | 27 ++++++++++++++ 20 files changed, 521 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sysctls.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md new file mode 100644 index 0000000000000..836750314b5ca --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/set-hostname-as-fqdn.md @@ -0,0 +1,32 @@ +--- +# Removed from Kubernetes +title: SetHostnameAsFQDN +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.19" + toVersion: "1.19" + - stage: beta + defaultValue: true + fromVersion: "1.20" + toVersion: "1.21" + - stage: stable + defaultValue: true + fromVersion: "1.22" + toVersion: "1.24" + +removed: true +--- + +启用将全限定域名(FQDN)设置为 Pod 主机名的功能。 +请参见 [Pod 的 `setHostnameAsFQDN` 字段](/zh-cn/docs/concepts/services-networking/dns-pod-service/#pod-sethostnameasfqdn-field)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md new file mode 100644 index 0000000000000..d45fc98f80dc6 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sidecar-containers.md @@ -0,0 +1,25 @@ +--- +title: SidecarContainers +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" +--- + +允许将 Init 容器的 `restartPolicy` 设置为 `Always`, +以便该容器成为一个边车容器(可重启的 Init 容器)。 +详情参见[边车容器和 restartPolicy](/zh-cn/docs/concepts/workloads/pods/sidecar-containers/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md new file mode 100644 index 0000000000000..7ed7e9a7badd5 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/size-memory-backed-volumes.md @@ -0,0 +1,21 @@ +--- +title: SizeMemoryBackedVolumes +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" +--- + +允许 kubelet 检查基于内存制备的卷的尺寸约束(目前主要针对 `emptyDir` 卷)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md new file mode 100644 index 0000000000000..70c1663aef7fb --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/skip-read-only-validation-gce.md @@ -0,0 +1,21 @@ +--- +title: SkipReadOnlyValidationGCE +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: deprecated + defaultValue: true + fromVersion: "1.29" +--- + +跳过对 GCE 的验证,将在下个版本中启用。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md new file mode 100644 index 0000000000000..c8718c4614547 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stable-load-balancer-node-set.md @@ -0,0 +1,17 @@ +--- +title: StableLoadBalancerNodeSet +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.27" +--- + +允许服务控制器(KCCM)减少根据节点状态变化来对负载均衡器作重新配置的操作。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md new file mode 100644 index 0000000000000..3705305760130 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/startup-probe.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: StartupProbe +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.17" + - stage: beta + defaultValue: true + fromVersion: "1.18" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + +removed: true +--- + +在 kubelet 中启用[启动探针](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-startup-probe)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md new file mode 100644 index 0000000000000..0421cdb60db31 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-auto-delete-pvc.md @@ -0,0 +1,27 @@ +--- +title: StatefulSetAutoDeletePVC +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.23" + toVersion: "1.26" + - stage: beta + defaultValue: false + fromVersion: "1.27" +--- + +允许使用可选字段 `.spec.persistentVolumeClaimRetentionPolicy`, +以便根据 StatefulSet 的生命周期来控制 PVC 的删除。 +详情参见 [PersistentVolumeClaim 保留](/zh-cn/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md new file mode 100644 index 0000000000000..fbd062e719fd9 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-min-ready-seconds.md @@ -0,0 +1,30 @@ +--- +# Removed from Kubernetes +title: StatefulSetMinReadySeconds +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.22" + toVersion: "1.22" + - stage: beta + defaultValue: true + fromVersion: "1.23" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true +--- + +允许 StatefulSet 控制器遵守 `minReadySeconds`。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md new file mode 100644 index 0000000000000..118307f2bbe4b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/stateful-set-start-ordinal.md @@ -0,0 +1,24 @@ +--- +title: StatefulSetStartOrdinal +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" +--- + +允许在 StatefulSet 中配置起始序号。 +详情参见[起始序号](/zh-cn/docs/concepts/workloads/controllers/statefulset/#start-ordinal)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md new file mode 100644 index 0000000000000..8362b2847e3a2 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-object-in-use-protection.md @@ -0,0 +1,27 @@ +--- +# Removed from Kubernetes +title: StorageObjectInUseProtection +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.10" + - stage: stable + defaultValue: true + fromVersion: "1.11" + toVersion: "1.24" + +removed: true +--- + +如果仍在使用 PersistentVolume 或 PersistentVolumeClaim 对象, +则将其删除操作推迟。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md new file mode 100644 index 0000000000000..b4e19785e0b17 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-api.md @@ -0,0 +1,17 @@ +--- +title: StorageVersionAPI +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.20" +--- + +启用[存储版本 API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#storageversion-v1alpha1-internal-apiserver-k8s-io)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md new file mode 100644 index 0000000000000..7f6efd5473db7 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/storage-version-hash.md @@ -0,0 +1,21 @@ +--- +title: StorageVersionHash +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" +--- + +允许 API 服务器在版本发现中公开存储版本的哈希值。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md new file mode 100644 index 0000000000000..45173f094a182 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/streaming-proxy-redirects.md @@ -0,0 +1,36 @@ +--- +# Removed from Kubernetes +title: StreamingProxyRedirects +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: false + fromVersion: "1.5" + toVersion: "1.5" + - stage: beta + defaultValue: true + fromVersion: "1.6" + toVersion: "1.17" + - stage: deprecated + defaultValue: true + fromVersion: "1.18" + toVersion: "1.21" + - stage: deprecated + defaultValue: false + fromVersion: "1.22" + toVersion: "1.24" + +removed: true +--- + +指示 API 服务器拦截(并跟踪)后端(kubelet)的重定向以处理流请求。 +流请求的例子包括 `exec`、`attach` 和 `port-forward` 请求。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md new file mode 100644 index 0000000000000..a6b46a94d258e --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authentication-configuration.md @@ -0,0 +1,17 @@ +--- +title: StructuredAuthenticationConfiguration +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + +为 API 服务器启用[结构化身份验证配置](/zh-cn/docs/reference/access-authn-authz/authentication/#configuring-the-api-server)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md new file mode 100644 index 0000000000000..b686fbc5bf293 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/structured-authorization-configuration.md @@ -0,0 +1,19 @@ +--- +title: StructuredAuthorizationConfiguration +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + +启用结构化授权配置,以便集群管理员可以在 API +服务器处理程序链中指定多个[授权 Webhook](/zh-cn/docs/reference/access-authn-authz/webhook/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md new file mode 100644 index 0000000000000..51f1f0d7463e5 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-ipvs-proxy-mode.md @@ -0,0 +1,35 @@ +--- +# Removed from Kubernetes +title: SupportIPVSProxyMode +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.8" + toVersion: "1.8" + - stage: beta + defaultValue: false + fromVersion: "1.9" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.10" + - stage: stable + defaultValue: true + fromVersion: "1.11" + toVersion: "1.20" + +removed: true +--- + +启用使用 IPVS 提供集群内服务负载平衡。 +详情参见[服务代理](/zh-cn/docs/reference/networking/virtual-ips/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md new file mode 100644 index 0000000000000..ce4d4bcfb792b --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-node-pids-limit.md @@ -0,0 +1,35 @@ +--- +# Removed from Kubernetes +title: SupportNodePidsLimit +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.14" + toVersion: "1.14" + - stage: beta + defaultValue: true + fromVersion: "1.15" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + +removed: true +--- + +允许限制 Node 上的 PID 用量。 +`--system-reserved` 和 `--kube-reserved` 中的参数 `pid=<数值>` +可以分别用来设定为整个系统所预留的进程 ID 个数, +和为 Kubernetes 系统守护进程预留的进程 ID 个数。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md new file mode 100644 index 0000000000000..05fb08d6c7bca --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/support-pod-pids-limit.md @@ -0,0 +1,29 @@ +--- +# Removed from Kubernetes +title: SupportPodPidsLimit +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.10" + toVersion: "1.13" + - stage: beta + defaultValue: true + fromVersion: "1.14" + toVersion: "1.19" + - stage: stable + defaultValue: true + fromVersion: "1.20" + toVersion: "1.23" + +removed: true +--- + +允许限制 Pod 中的 PID 用量。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md new file mode 100644 index 0000000000000..732fc656dbaf0 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/suspend-job.md @@ -0,0 +1,31 @@ +--- +# Removed from Kubernetes +title: SuspendJob +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" + toVersion: "1.23" + - stage: stable + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + +removed: true +--- + +启用对挂起和恢复 Job 的支持。详情参见 +[Job 文档](/zh-cn/docs/concepts/workloads/controllers/job/)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sysctls.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sysctls.md new file mode 100644 index 0000000000000..2f72e32765059 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/sysctls.md @@ -0,0 +1,27 @@ +--- +# Removed from Kubernetes +title: Sysctls +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.11" + toVersion: "1.20" + - stage: stable + defaultValue: true + fromVersion: "1.21" + toVersion: "1.22" + +removed: true +--- + +允许为每个 Pod 设置受命名空间约束的内核参数(sysctl)。详情参见 +[sysctl](/zh-cn/docs/tasks/administer-cluster/sysctl-cluster/)。 From 4679ecd0082f7da6e7efe67842ada7b699b157c8 Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 1 Jan 2024 17:46:49 +0200 Subject: [PATCH 121/279] [ja] Fix broken GitHub Learning link --- content/ja/docs/contribute/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/contribute/_index.md b/content/ja/docs/contribute/_index.md index 353355ab7b0df..a62c8194c7412 100644 --- a/content/ja/docs/contribute/_index.md +++ b/content/ja/docs/contribute/_index.md @@ -33,7 +33,7 @@ Kubernetesドキュメントコントリビューターは ## はじめに どなたでも、問題を説明するissueや、ドキュメントの改善を求めるissueを作成し、[`kubernetes/website` GitHub リポジトリ](https://github.com/kubernetes/website)に対するプルリクエスト(PR)を用いて変更に貢献することができます。 -Kubernetesコミュニティで効果的に働くためには、[git](https://git-scm.com/)と[GitHub](https://lab.github.com/)を基本的に使いこなせる必要があります。 +Kubernetesコミュニティで効果的に働くためには、[git](https://git-scm.com/)と[GitHub](https://skills.github.com/)を基本的に使いこなせる必要があります。 ドキュメンテーションに関わるには: From 4f3a865a353aa5c003b2ecaab7a85a4cc30be586 Mon Sep 17 00:00:00 2001 From: Arhell Date: Tue, 2 Jan 2024 01:01:37 +0200 Subject: [PATCH 122/279] [pl] Fix broken GitHub Learning link --- content/pl/docs/contribute/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pl/docs/contribute/_index.md b/content/pl/docs/contribute/_index.md index b064e0311557a..4c5d3a37152b9 100644 --- a/content/pl/docs/contribute/_index.md +++ b/content/pl/docs/contribute/_index.md @@ -45,7 +45,7 @@ Każdy może otworzyć zgłoszenie dotyczące dokumentacji lub zaproponować zmi Aby móc sprawnie funkcjonować w społeczności Kubernetes, wymagana jest pewna biegłość w korzystaniu z [git-a](https://git-scm.com/) i -[GitHub-a](https://lab.github.com/). +[GitHub-a](https://skills.github.com/). Aby zaangażować się w prace nad dokumentacją należy: From 03c93e169c7a8df39a8acdbd2cf4e9762655f756 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 5 Dec 2023 17:20:21 +0800 Subject: [PATCH 123/279] [zh] Localize a component image into Chinese --- .../concepts/architecture/cloud-controller.md | 2 +- .../docs/images/components-of-kubernetes.svg | 1500 +++++++++++++++++ 2 files changed, 1501 insertions(+), 1 deletion(-) create mode 100644 content/zh-cn/docs/images/components-of-kubernetes.svg diff --git a/content/zh-cn/docs/concepts/architecture/cloud-controller.md b/content/zh-cn/docs/concepts/architecture/cloud-controller.md index 98d27f509a275..6c6e76d82be91 100644 --- a/content/zh-cn/docs/concepts/architecture/cloud-controller.md +++ b/content/zh-cn/docs/concepts/architecture/cloud-controller.md @@ -44,7 +44,7 @@ process. --> ## 设计 {#design} -![Kubernetes 组件](/images/docs/components-of-kubernetes.svg) +{{< figure src="/zh-cn/docs/images/components-of-kubernetes.svg" alt="此图展示了 Kubernetes 集群的组件" class="diagram-medium" >}} 云控制器管理器以一组多副本的进程集合的形式运行在控制面中,通常表现为 Pod 中的容器。每个 `cloud-controller-manager` diff --git a/content/zh-cn/docs/images/components-of-kubernetes.svg b/content/zh-cn/docs/images/components-of-kubernetes.svg new file mode 100644 index 0000000000000..6b3c0b8c16b7d --- /dev/null +++ b/content/zh-cn/docs/images/components-of-kubernetes.svg @@ -0,0 +1,1500 @@ + + + + Kubernetes components + + + + image/svg+xml + + Kubernetes components + + + Cloud Native Computing Foundation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 云平台API + + + + + + + + + k-proxy + + + + + + + + + + kubelet + + + + + + + + + + + + sched + + + + + + + + + + sched + + + + + + + + + + sched + + + + + 控制平面 + 节点 + + + + + + + + etcd + + + + + Kubernetes 集群 + + + + + + + + api + + + + + + + + + + api + + + + + + + + + + api + + + + + + + + + + + + + c-c-m + + + + + + + + + + c-c-m + + + + + + + + + + c-c-m + + + + + + + + + + + + + c-m + + + + + + + + + + c-m + + + + + + + + + + c-m + + + + + 节点 + 节点 + + + + + + + + + + + + + + + + + + + + k-proxy + + + + + + + + + + kubelet + + + + + + + + + + kubelet + + + + + + + + + + k-proxy + + + + + + + + + + + + + + + + + + + + + + + + + + + sched + + + + + 云控制器管理器(可选) + API 服务器 + 控制器管理器 + 调度器 + kubelet + kube-proxy + 控制平面 + 节点 + etcd(持久化存储) + + + + + + + + c-c-m + + + + + + + + + + + + c-m + + + + + + + + + + + + kubelet + + + + + + + + + + + + k-proxy + + + + + + + + + + + + etcd + + + + + + + + + + + + + + api + + + + + + + From a25d74ac075553188a8d7b2a30159d6db5686e99 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 2 Jan 2024 09:51:11 +0800 Subject: [PATCH 124/279] [zh] Sync /cluster-administration/networking.md --- .../cluster-administration/networking.md | 60 ++ .../images/kubernetes-cluster-network.svg | 770 ++++++++++++++++++ 2 files changed, 830 insertions(+) create mode 100644 content/zh-cn/docs/images/kubernetes-cluster-network.svg diff --git a/content/zh-cn/docs/concepts/cluster-administration/networking.md b/content/zh-cn/docs/concepts/cluster-administration/networking.md index a71411adf13c1..8fcb45cd830a6 100644 --- a/content/zh-cn/docs/concepts/cluster-administration/networking.md +++ b/content/zh-cn/docs/concepts/cluster-administration/networking.md @@ -58,6 +58,66 @@ Kubernetes 的宗旨就是在应用之间共享机器。 要了解 Kubernetes 网络模型,请参阅[此处](/zh-cn/docs/concepts/services-networking/)。 + +## Kubernetes IP 地址范围 {#kubernetest-ip-address-ranges} + +Kubernetes 集群需要从以下组件中配置的可用地址范围中为 Pod、Service 和 Node 分配不重叠的 IP 地址: + + +- 网络插件配置为向 Pod 分配 IP 地址。 +- kube-apiserver 配置为向 Service 分配 IP 地址。 +- kubelet 或 cloud-controller-manager 配置为向 Node 分配 IP 地址。 + + +{{< figure src="/zh-cn/docs/images/kubernetes-cluster-network.svg" alt="此图展示了 Kubernetes 集群中不同的网络范围" class="diagram-medium" >}} + + +## 集群网络类型 {#cluster-network-ipfamilies} + +根据配置的 IP 协议族,Kubernetes 集群可以分为以下几类: + + +- 仅 IPv4:网络插件、kube-apiserver 和 kubelet/cloud-controller-manager 配置为仅分配 IPv4 地址。 +- 仅 IPv6:网络插件、kube-apiserver 和 kubelet/cloud-controller-manager 配置为仅分配 IPv6 地址。 +- IPv4/IPv6 或 IPv6/IPv4 [双协议栈](/zh-cn/docs/concepts/services-networking/dual-stack/): + - 网络插件配置为分配 IPv4 和 IPv6 地址。 + - kube-apiserver 配置为分配 IPv4 和 IPv6 地址。 + - kubelet 或 cloud-controller-manager 配置为分配 IPv4 和 IPv6 地址。 + - 所有组件必须就配置的主要 IP 协议族达成一致。 + + +Kubernetes 集群只考虑 Pod、Service 和 Node 对象中存在的 IP 协议族,而不考虑所表示对象的现有 IP。 +例如,服务器或 Pod 的接口上可以有多个 IP 地址,但只有 `node.status.addresses` 或 `pod.status.ips` +中的 IP 地址被认为是实现 Kubernetes 网络模型和定义集群类型的。 + +Secret 的 `stringData` 字段与服务端应用不兼容。 +{{< /note >}} + diff --git a/content/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kustomize.md b/content/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kustomize.md index 49825101dc2ef..731531db35f51 100644 --- a/content/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kustomize.md +++ b/content/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kustomize.md @@ -44,6 +44,13 @@ file for the username `admin` and the password `1f2d1e2e67df`. 并在定义中引用其它本地文件、`.env` 文件或文字值生成 Secret。 例如:下面的指令为用户名 `admin` 和密码 `1f2d1e2e67df` 创建 Kustomization 文件。 +{{< note >}} + +Secret 的 `stringData` 字段与服务端应用不兼容。 +{{< /note >}} + ### 创建 Kustomization 文件 {#create-the-kustomization-file} {{< tabs name="Secret data" >}} diff --git a/content/zh-cn/docs/tasks/debug/debug-cluster/crictl.md b/content/zh-cn/docs/tasks/debug/debug-cluster/crictl.md index f044e96c120b4..fda88d472c970 100644 --- a/content/zh-cn/docs/tasks/debug/debug-cluster/crictl.md +++ b/content/zh-cn/docs/tasks/debug/debug-cluster/crictl.md @@ -423,13 +423,13 @@ deleted by the Kubelet. ### Create a container Using `crictl` to create a container is useful for debugging container runtimes. -On a running Kubernetes cluster, the sandbox will eventually be stopped and +On a running Kubernetes cluster, the container will eventually be stopped and deleted by the Kubelet. --> ### 创建容器 {#create-a-container} 用 `crictl` 创建容器对容器运行时排错很有帮助。 -在运行的 Kubernetes 集群中,沙盒会随机地被 kubelet 停止和删除。 +在运行的 Kubernetes 集群中,容器最终将被 kubelet 停止和删除。 diff --git a/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md b/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md index 89c07890af90f..44eb631d3b826 100644 --- a/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md +++ b/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md @@ -279,7 +279,7 @@ if not used correctly. of the request. If it is signed by one of the CA certificates in the file referenced by `--client-ca-file`, then the request is treated as a legitimate request, and the user is the value of the common name `CN=`, while the group is the organization `O=`. - See the [documentation on TLS authentication](/docs/reference/access-authn-authz/authentication/#x509-client-certs). + See the [documentation on TLS authentication](/docs/reference/access-authn-authz/authentication/#x509-client-certificates). * `--requestheader-client-ca-file`: When a request arrives to the Kubernetes apiserver, if this option is enabled, the Kubernetes apiserver checks the certificate of the request. If it is signed by one of the CA certificates in the file reference by `--requestheader-client-ca-file`, diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md index f472a94962616..1f4f15bc3a009 100644 --- a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md +++ b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md @@ -438,7 +438,7 @@ which caused the conversion. All other changes are ignored. ### Deploy the conversion webhook service Documentation for deploying the conversion webhook is the same as for the -[admission webhook example service](/docs/reference/access-authn-authz/extensible-admission-controllers/#deploy_the_admission_webhook_service). +[admission webhook example service](/docs/reference/access-authn-authz/extensible-admission-controllers/#deploy-the-admission-webhook-service). The assumption for next sections is that the conversion webhook server is deployed to a service named `example-conversion-webhook-server` in `default` namespace and serving traffic on path `/crdconvert`. From 90c3dca175dd322503f6db22d09171473af40e77 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Thu, 21 Dec 2023 16:39:55 +0800 Subject: [PATCH 132/279] [zh] Localize feature-gates/l*.md --- .../legacy-node-role-behavior.md | 34 +++++++++++++++++++ .../legacy-service-account-token-clean-up.md | 24 +++++++++++++ ...ervice-account-token-no-auto-generation.md | 26 ++++++++++++++ .../legacy-service-account-token-tracking.md | 27 +++++++++++++++ .../feature-gates/load-balancer-ip-mode.md | 20 +++++++++++ ...-capacity-isolation-fs-quota-monitoring.md | 28 +++++++++++++++ .../local-storage-capacity-isolation.md | 34 +++++++++++++++++++ .../feature-gates/logarithmic-scale-down.md | 22 ++++++++++++ .../feature-gates/logging-alpha-options.md | 17 ++++++++++ .../feature-gates/logging-beta-options.md | 17 ++++++++++ 10 files changed, 249 insertions(+) create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md create mode 100644 content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md new file mode 100644 index 0000000000000..076da15529636 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-node-role-behavior.md @@ -0,0 +1,34 @@ +--- +# Removed from Kubernetes +title: LegacyNodeRoleBehavior +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.16" + toVersion: "1.18" + - stage: beta + defaultValue: true + fromVersion: "1.19" + toVersion: "1.20" + - stage: stable + defaultValue: false + fromVersion: "1.21" + toVersion: "1.22" + +removed: true +--- + + +禁用此门控时,服务负载均衡器中和节点干扰中的原先行为会忽略 +`node-role.kubernetes.io/master` 标签,将使用 `NodeDisruptionExclusion` 和 +`ServiceNodeExclusion` 对应特性所提供的标签。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md new file mode 100644 index 0000000000000..082be687f08e7 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-clean-up.md @@ -0,0 +1,24 @@ +--- +title: LegacyServiceAccountTokenCleanUp +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.28" + toVersion: "1.28" + - stage: beta + defaultValue: true + fromVersion: "1.29" +--- + + +当服务账号令牌在指定时间内(默认为一年)未被使用时, +允许基于 Secret 清理[服务账号令牌](/zh-cn/docs/concepts/security/service-accounts/#get-a-token)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md new file mode 100644 index 0000000000000..d9e026d09abac --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-no-auto-generation.md @@ -0,0 +1,26 @@ +--- +title: LegacyServiceAccountTokenNoAutoGeneration +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.24" + toVersion: "1.25" + - stage: stable + defaultValue: true + fromVersion: "1.26" + toVersion: "1.28" + +removed: true +--- + + +停止基于 Secret +自动生成[服务账号令牌](/zh-cn/docs/concepts/security/service-accounts/#get-a-token)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md new file mode 100644 index 0000000000000..5d790c1fb9039 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md @@ -0,0 +1,27 @@ +--- +title: LegacyServiceAccountTokenTracking +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.26" + toVersion: "1.26" + - stage: beta + defaultValue: true + fromVersion: "1.27" + toVersion: "1.27" + - stage: stable + defaultValue: true + fromVersion: "1.28" +--- + + +跟踪基于 Secret +的[服务账号令牌](/zh-cn/docs/concepts/security/service-accounts/#get-a-token)的使用情况。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md new file mode 100644 index 0000000000000..c13c44cd896f9 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/load-balancer-ip-mode.md @@ -0,0 +1,20 @@ +--- +title: LoadBalancerIPMode +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.29" +--- + + +当 Service 的 `type` 为 `LoadBalancer` 时,可设置该 Service 的 `ipMode`。 +更多细节请参阅[指定负载均衡器状态的 IPMode](/zh-cn/docs/concepts/services-networking/service/#load-balancer-ip-mode)。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md new file mode 100644 index 0000000000000..628dd0d2117d0 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation-fs-quota-monitoring.md @@ -0,0 +1,28 @@ +--- +title: LocalStorageCapacityIsolationFSQuotaMonitoring +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.15" +--- + + +如果[本地临时存储](/zh-cn/docs/concepts/configuration/manage-resources-containers/)启用了 +`LocalStorageCapacityIsolation`,并且 +[emptyDir 卷](/zh-cn/docs/concepts/storage/volumes/#emptydir)所使用的文件系统支持项目配额, +并且启用了这些配额,将使用项目配额来监视 +[emptyDir 卷](/zh-cn/docs/concepts/storage/volumes/#emptydir)的存储消耗而不是遍历文件系统, +以此获得更好的性能和准确性。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md new file mode 100644 index 0000000000000..ea69019ce8da2 --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/local-storage-capacity-isolation.md @@ -0,0 +1,34 @@ +--- +# Removed from Kubernetes +title: LocalStorageCapacityIsolation +content_type: feature_gate + +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.7" + toVersion: "1.9" + - stage: beta + defaultValue: true + fromVersion: "1.10" + toVersion: "1.24" + - stage: stable + defaultValue: true + fromVersion: "1.25" + toVersion: "1.26" + +removed: true +--- + + +允许使用[本地临时存储](/zh-cn/docs/concepts/configuration/manage-resources-containers/)以及 +[emptyDir 卷](/zh-cn/docs/concepts/storage/volumes/#emptydir)的 `sizeLimit` 属性。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md new file mode 100644 index 0000000000000..a315aff6f697d --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logarithmic-scale-down.md @@ -0,0 +1,22 @@ +--- +title: LogarithmicScaleDown +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.21" + toVersion: "1.21" + - stage: beta + defaultValue: true + fromVersion: "1.22" +--- + + +启用 Pod 的半随机选择,控制器将根据 Pod 时间戳的对数桶按比例缩小来驱逐 Pod。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md new file mode 100644 index 0000000000000..9e8149725ca6e --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md @@ -0,0 +1,17 @@ +--- +title: LoggingAlphaOptions +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.24" +--- + + +允许微调实验性的、Alpha 级别的日志选项。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md new file mode 100644 index 0000000000000..48d2075f2b20e --- /dev/null +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md @@ -0,0 +1,17 @@ +--- +title: LoggingBetaOptions +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: beta + defaultValue: true + fromVersion: "1.24" +--- + + +允许微调实验性的、Beta 级别的日志选项。 From 4d6a8e57c08566e42ec1b63b6ed0e66fd82c6e63 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 2 Jan 2024 20:14:39 +0800 Subject: [PATCH 133/279] Clean up three generate-ref-docs --- .../generate-ref-docs/contribute-upstream.md | 36 ++++------ .../contribute/generate-ref-docs/kubectl.md | 66 ++++++++----------- .../generate-ref-docs/kubernetes-api.md | 59 ++++++++--------- 3 files changed, 69 insertions(+), 92 deletions(-) diff --git a/content/en/docs/contribute/generate-ref-docs/contribute-upstream.md b/content/en/docs/contribute/generate-ref-docs/contribute-upstream.md index af0d97f7099da..b785e4a89dc0c 100644 --- a/content/en/docs/contribute/generate-ref-docs/contribute-upstream.md +++ b/content/en/docs/contribute/generate-ref-docs/contribute-upstream.md @@ -16,11 +16,8 @@ API or the `kube-*` components from the upstream code, see the following instruc - [Generating Reference Documentation for the Kubernetes API](/docs/contribute/generate-ref-docs/kubernetes-api/) - [Generating Reference Documentation for the Kubernetes Components and Tools](/docs/contribute/generate-ref-docs/kubernetes-components/) - - ## {{% heading "prerequisites" %}} - - You need to have these tools installed: - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) @@ -38,8 +35,6 @@ API or the `kube-*` components from the upstream code, see the following instruc For more information, see [Creating a Pull Request](https://help.github.com/articles/creating-a-pull-request/) and [GitHub Standard Fork & Pull Request Workflow](https://gist.github.com/Chaser324/ce0505fbed06b947d962). - - ## The big picture @@ -51,7 +46,7 @@ from the source code in the [upstream Kubernetes](https://github.com/kubernetes/ When you see bugs in the generated documentation, you may want to consider creating a patch to fix it in the upstream project. -## Cloning the Kubernetes repository +## Clone the Kubernetes repository If you don't already have the kubernetes/kubernetes repository, get it now: @@ -64,16 +59,16 @@ go get github.com/kubernetes/kubernetes Determine the base directory of your clone of the [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository. For example, if you followed the preceding step to get the repository, your -base directory is `$GOPATH/src/github.com/kubernetes/kubernetes.` +base directory is `$GOPATH/src/github.com/kubernetes/kubernetes`. The remaining steps refer to your base directory as ``. Determine the base directory of your clone of the [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) repository. For example, if you followed the preceding step to get the repository, your -base directory is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs.` +base directory is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs`. The remaining steps refer to your base directory as ``. -## Editing the Kubernetes source code +## Edit the Kubernetes source code The Kubernetes API reference documentation is automatically generated from an OpenAPI spec, which is generated from the Kubernetes source code. If you @@ -84,10 +79,10 @@ The documentation for the `kube-*` components is also generated from the upstrea source code. You must change the code related to the component you want to fix in order to fix the generated documentation. -### Making changes to the upstream source code +### Make changes to the upstream source code {{< note >}} -The following steps are an example, not a general procedure. Details +The following steps are an example, not a general procedure. Details will be different in your situation. {{< /note >}} @@ -123,12 +118,12 @@ On branch master modified: staging/src/k8s.io/api/apps/v1/types.go ``` -### Committing your edited file +### Commit your edited file Run `git add` and `git commit` to commit the changes you have made so far. In the next step, you will do a second commit. It is important to keep your changes separated into two commits. -### Generating the OpenAPI spec and related files +### Generate the OpenAPI spec and related files Go to `` and run these scripts: @@ -179,7 +174,7 @@ repository and in related repositories, such as [kubernetes/apiserver](https://github.com/kubernetes/apiserver/blob/master/README.md). {{< /note >}} -### Cherry picking your commit into a release branch +### Cherry pick your commit into a release branch In the preceding section, you edited a file in the master branch and then ran scripts to generate an OpenAPI spec and related files. Then you submitted your changes in a pull request @@ -189,7 +184,7 @@ Kubernetes version {{< skew latestVersion >}}, and you want to backport your cha release-{{< skew prevMinorVersion >}} branch. Recall that your pull request has two commits: one for editing `types.go` -and one for the files generated by scripts. The next step is to propose a cherry pick of your first +and one for the files generated by scripts. The next step is to propose a cherry pick of your first commit into the release-{{< skew prevMinorVersion >}} branch. The idea is to cherry pick the commit that edited `types.go`, but not the commit that has the results of running the scripts. For instructions, see [Propose a Cherry Pick](https://git.k8s.io/community/contributors/devel/sig-release/cherry-picks.md). @@ -220,7 +215,7 @@ the same as the generated files in the master branch. The generated files in the contain API elements only from Kubernetes {{< skew prevMinorVersion >}}. The generated files in the master branch might contain API elements that are not in {{< skew prevMinorVersion >}}, but are under development for {{< skew latestVersion >}}. -## Generating the published reference docs +## Generate the published reference docs The preceding section showed how to edit a source file and then generate several files, including `api/openapi-spec/swagger.json` in the @@ -228,16 +223,13 @@ several files, including `api/openapi-spec/swagger.json` in the The `swagger.json` file is the OpenAPI definition file to use for generating the API reference documentation. -You are now ready to follow the [Generating Reference Documentation for the Kubernetes API](/docs/contribute/generate-ref-docs/kubernetes-api/) guide to generate the +You are now ready to follow the +[Generating Reference Documentation for the Kubernetes API](/docs/contribute/generate-ref-docs/kubernetes-api/) +guide to generate the [published Kubernetes API reference documentation](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/). - - ## {{% heading "whatsnext" %}} - * [Generating Reference Documentation for the Kubernetes API](/docs/contribute/generate-ref-docs/kubernetes-api/) * [Generating Reference Docs for Kubernetes Components and Tools](/docs/contribute/generate-ref-docs/kubernetes-components/) * [Generating Reference Documentation for kubectl Commands](/docs/contribute/generate-ref-docs/kubectl/) - - diff --git a/content/en/docs/contribute/generate-ref-docs/kubectl.md b/content/en/docs/contribute/generate-ref-docs/kubectl.md index a41c8d0df38c3..f0221c651d985 100644 --- a/content/en/docs/contribute/generate-ref-docs/kubectl.md +++ b/content/en/docs/contribute/generate-ref-docs/kubectl.md @@ -10,8 +10,7 @@ This page shows how to generate the `kubectl` command reference. {{< note >}} This topic shows how to generate reference documentation for -[kubectl commands](/docs/reference/generated/kubectl/kubectl-commands) -like +[kubectl commands](/docs/reference/generated/kubectl/kubectl-commands) like [kubectl apply](/docs/reference/generated/kubectl/kubectl-commands#apply) and [kubectl taint](/docs/reference/generated/kubectl/kubectl-commands#taint). This topic does not show how to generate the @@ -27,9 +26,9 @@ reference page, see -## Setting up the local repositories +## Set up the local repositories -Create a local workspace and set your `GOPATH`. +Create a local workspace and set your `GOPATH`: ```shell mkdir -p $HOME/ @@ -58,7 +57,7 @@ Get a clone of the kubernetes/kubernetes repository as k8s.io/kubernetes: git clone https://github.com/kubernetes/kubernetes $GOPATH/src/k8s.io/kubernetes ``` -Remove the spf13 package from `$GOPATH/src/k8s.io/kubernetes/vendor/github.com`. +Remove the spf13 package from `$GOPATH/src/k8s.io/kubernetes/vendor/github.com`: ```shell rm -rf $GOPATH/src/k8s.io/kubernetes/vendor/github.com/spf13 @@ -67,22 +66,22 @@ rm -rf $GOPATH/src/k8s.io/kubernetes/vendor/github.com/spf13 The kubernetes/kubernetes repository provides the `kubectl` and `kustomize` source code. * Determine the base directory of your clone of the -[kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository. -For example, if you followed the preceding step to get the repository, your -base directory is `$GOPATH/src/k8s.io/kubernetes.` -The remaining steps refer to your base directory as ``. + [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository. + For example, if you followed the preceding step to get the repository, your + base directory is `$GOPATH/src/k8s.io/kubernetes`. + The remaining steps refer to your base directory as ``. * Determine the base directory of your clone of the -[kubernetes/website](https://github.com/kubernetes/website) repository. -For example, if you followed the preceding step to get the repository, your -base directory is `$GOPATH/src/github.com//website.` -The remaining steps refer to your base directory as ``. + [kubernetes/website](https://github.com/kubernetes/website) repository. + For example, if you followed the preceding step to get the repository, your + base directory is `$GOPATH/src/github.com//website`. + The remaining steps refer to your base directory as ``. * Determine the base directory of your clone of the -[kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) repository. -For example, if you followed the preceding step to get the repository, your -base directory is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs.` -The remaining steps refer to your base directory as ``. + [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) repository. + For example, if you followed the preceding step to get the repository, your + base directory is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs`. + The remaining steps refer to your base directory as ``. In your local k8s.io/kubernetes repository, check out the branch of interest, and make sure it is up to date. For example, if you want to generate docs for @@ -97,7 +96,7 @@ git pull https://github.com/kubernetes/kubernetes {{< skew prevMinorVersion >}}. If you do not need to edit the `kubectl` source code, follow the instructions for [Setting build variables](#setting-build-variables). -## Editing the kubectl source code +## Edit the kubectl source code The kubectl command reference documentation is automatically generated from the kubectl source code. If you want to change the reference documentation, the first step @@ -111,15 +110,14 @@ is an example of a pull request that fixes a typo in the kubectl source code. Monitor your pull request, and respond to reviewer comments. Continue to monitor your pull request until it is merged into the target branch of the kubernetes/kubernetes repository. -## Cherry picking your change into a release branch +## Cherry pick your change into a release branch Your change is now in the master branch, which is used for development of the next Kubernetes release. If you want your change to appear in the docs for a Kubernetes version that has already been released, you need to propose that your change be cherry picked into the release branch. -For example, suppose the master branch is being used to develop Kubernetes -{{< skew currentVersion >}} +For example, suppose the master branch is being used to develop Kubernetes {{< skew currentVersion >}} and you want to backport your change to the release-{{< skew prevMinorVersion >}} branch. For instructions on how to do this, see [Propose a Cherry Pick](https://git.k8s.io/community/contributors/devel/sig-release/cherry-picks.md). @@ -132,14 +130,15 @@ milestone in your pull request. If you don't have those permissions, you will need to work with someone who can set the label and milestone for you. {{< /note >}} -## Setting build variables +## Set build variables Go to ``. On you command line, set the following environment variables. * Set `K8S_ROOT` to ``. * Set `K8S_WEBROOT` to ``. * Set `K8S_RELEASE` to the version of the docs you want to build. - For example, if you want to build docs for Kubernetes {{< skew prevMinorVersion >}}, set `K8S_RELEASE` to {{< skew prevMinorVersion >}}. + For example, if you want to build docs for Kubernetes {{< skew prevMinorVersion >}}, + set `K8S_RELEASE` to {{< skew prevMinorVersion >}}. For example: @@ -162,13 +161,12 @@ cd make createversiondirs ``` -## Checking out a release tag in k8s.io/kubernetes +## Check out a release tag in k8s.io/kubernetes -In your local `` repository, checkout the branch that has +In your local `` repository, check out the branch that has the version of Kubernetes that you want to document. For example, if you want to generate docs for Kubernetes {{< skew prevMinorVersion >}}.0, check out the -`v{{< skew prevMinorVersion >}}` tag. Make sure -you local branch is up to date. +`v{{< skew prevMinorVersion >}}` tag. Make sure your local branch is up to date. ```shell cd @@ -176,7 +174,7 @@ git checkout v{{< skew prevMinorVersion >}}.0 git pull https://github.com/kubernetes/kubernetes v{{< skew prevMinorVersion >}}.0 ``` -## Running the doc generation code +## Run the doc generation code In your local ``, run the `copycli` build target. The command runs as `root`: @@ -238,27 +236,21 @@ make container-serve View the [local preview](https://localhost:1313/docs/reference/generated/kubectl/kubectl-commands/). -## Adding and committing changes in kubernetes/website +## Add and commit changes in kubernetes/website Run `git add` and `git commit` to commit the files. -## Creating a pull request +## Create a pull request Create a pull request to the `kubernetes/website` repository. Monitor your pull request, and respond to review comments as needed. Continue to monitor your pull request until it is merged. A few minutes after your pull request is merged, your updated reference -topics will be visible in the -[published documentation](/docs/home). - - +topics will be visible in the [published documentation](/docs/home). ## {{% heading "whatsnext" %}} - * [Generating Reference Documentation Quickstart](/docs/contribute/generate-ref-docs/quickstart/) * [Generating Reference Documentation for Kubernetes Components and Tools](/docs/contribute/generate-ref-docs/kubernetes-components/) * [Generating Reference Documentation for the Kubernetes API](/docs/contribute/generate-ref-docs/kubernetes-api/) - - diff --git a/content/en/docs/contribute/generate-ref-docs/kubernetes-api.md b/content/en/docs/contribute/generate-ref-docs/kubernetes-api.md index 67d8acc0b5f0f..66abad97895ce 100644 --- a/content/en/docs/contribute/generate-ref-docs/kubernetes-api.md +++ b/content/en/docs/contribute/generate-ref-docs/kubernetes-api.md @@ -15,23 +15,19 @@ using the [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/re If you find bugs in the generated documentation, you need to [fix them upstream](/docs/contribute/generate-ref-docs/contribute-upstream/). -If you need only to regenerate the reference documentation from the [OpenAPI](https://github.com/OAI/OpenAPI-Specification) +If you need only to regenerate the reference documentation from the +[OpenAPI](https://github.com/OAI/OpenAPI-Specification) spec, continue reading this page. - - ## {{% heading "prerequisites" %}} - {{< include "prerequisites-ref-docs.md" >}} - - -## Setting up the local repositories +## Set up the local repositories -Create a local workspace and set your `GOPATH`. +Create a local workspace and set your `GOPATH`: ```shell mkdir -p $HOME/ @@ -61,26 +57,26 @@ git clone https://github.com/kubernetes/kubernetes $GOPATH/src/k8s.io/kubernetes ``` * The base directory of your clone of the -[kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository is -`$GOPATH/src/k8s.io/kubernetes.` -The remaining steps refer to your base directory as ``. + [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository is + `$GOPATH/src/k8s.io/kubernetes.` + The remaining steps refer to your base directory as ``. * The base directory of your clone of the -[kubernetes/website](https://github.com/kubernetes/website) repository is -`$GOPATH/src/github.com//website.` -The remaining steps refer to your base directory as ``. + [kubernetes/website](https://github.com/kubernetes/website) repository is + `$GOPATH/src/github.com//website`. + The remaining steps refer to your base directory as ``. * The base directory of your clone of the -[kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) -repository is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs.` -The remaining steps refer to your base directory as ``. + [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) + repository is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs`. + The remaining steps refer to your base directory as ``. -## Generating the API reference docs +## Generate the API reference docs This section shows how to generate the [published Kubernetes API reference documentation](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/). -### Setting build variables +### Set build variables * Set `K8S_ROOT` to ``. * Set `K8S_WEBROOT` to ``. @@ -95,9 +91,9 @@ export K8S_ROOT=${GOPATH}/src/k8s.io/kubernetes export K8S_RELEASE=1.17.0 ``` -### Creating versioned directory and fetching Open API spec +### Create versioned directory and fetch Open API spec -The `updateapispec` build target creates the versioned build directory. +The `updateapispec` build target creates the versioned build directory. After the directory is created, the Open API spec is fetched from the `` repository. These steps ensure that the version of the configuration files and Kubernetes Open API spec match the release version. @@ -110,7 +106,7 @@ cd make updateapispec ``` -### Building the API reference docs +### Build the API reference docs The `copyapi` target builds the API reference and copies the generated files to directories in ``. @@ -154,7 +150,7 @@ static/docs/reference/generated/kubernetes-api/{{< param "version" >}}/js/navDat static/docs/reference/generated/kubernetes-api/{{< param "version" >}}/js/scroll.js ``` -## Updating the API reference index pages +## Update the API reference index pages When generating reference documentation for a new release, update the file, `/content/en/docs/reference/kubernetes-api/api-index.md` with the new @@ -163,13 +159,13 @@ version number. * Open `/content/en/docs/reference/kubernetes-api/api-index.md` for editing, and update the API reference version number. For example: - ``` - --- - title: v1.17 - --- + ``` + --- + title: v1.17 + --- - [Kubernetes API v1.17](/docs/reference/generated/kubernetes-api/v1.17/) - ``` + [Kubernetes API v1.17](/docs/reference/generated/kubernetes-api/v1.17/) + ``` * Open `/content/en/docs/reference/_index.md` for editing, and add a new link for the latest API reference. Remove the oldest API reference version. @@ -188,7 +184,7 @@ make container-serve ## Commit the changes -In `` run `git add` and `git commit` to commit the change. +In ``, run `git add` and `git commit` to commit the change. Submit your changes as a [pull request](/docs/contribute/new-content/open-a-pr/) to the @@ -196,11 +192,8 @@ Submit your changes as a Monitor your pull request, and respond to reviewer comments as needed. Continue to monitor your pull request until it has been merged. - ## {{% heading "whatsnext" %}} * [Generating Reference Documentation Quickstart](/docs/contribute/generate-ref-docs/quickstart/) * [Generating Reference Docs for Kubernetes Components and Tools](/docs/contribute/generate-ref-docs/kubernetes-components/) * [Generating Reference Documentation for kubectl Commands](/docs/contribute/generate-ref-docs/kubectl/) - - From 0a10547b01cfdacb044cf4cb89302445d6ec964c Mon Sep 17 00:00:00 2001 From: baerwang Date: Wed, 3 Jan 2024 21:12:54 +0800 Subject: [PATCH 134/279] [zh-cn] Optimize Linguistic logic --- .../zh-cn/docs/reference/glossary/cloud-controller-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/zh-cn/docs/reference/glossary/cloud-controller-manager.md b/content/zh-cn/docs/reference/glossary/cloud-controller-manager.md index 14dc89e78841e..99219d1701d86 100644 --- a/content/zh-cn/docs/reference/glossary/cloud-controller-manager.md +++ b/content/zh-cn/docs/reference/glossary/cloud-controller-manager.md @@ -36,7 +36,7 @@ with that cloud platform from components that only interact with your cluster. 一个 Kubernetes {{}}组件, 嵌入了特定于云平台的控制逻辑。 [云控制器管理器(Cloud Controller Manager)](/zh-cn/docs/concepts/architecture/cloud-controller/) -允许你将你的集群连接到云提供商的 API 之上, +允许将你的集群连接到云提供商的 API 之上, 并将与该云平台交互的组件同与你的集群交互的组件分离开来。 From 71e46006fd629a1a118713350db9cebedd2956ea Mon Sep 17 00:00:00 2001 From: Junya Okabe Date: Thu, 4 Jan 2024 03:02:22 +0900 Subject: [PATCH 135/279] feat: update content/ja/docs/home/_index.md --- content/ja/docs/home/_index.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/content/ja/docs/home/_index.md b/content/ja/docs/home/_index.md index 91959b469c126..610a35ea644f4 100644 --- a/content/ja/docs/home/_index.md +++ b/content/ja/docs/home/_index.md @@ -21,7 +21,7 @@ overview: > Kubernetesは、コンテナ化されたアプリケーションの展開、スケーリング、また管理を自動化するためのオープンソースコンテナプラットフォームです。このオープンソースプロジェクトは、Cloud Native Computing Foundation(CNCF)によってホストされています。 cards: - name: concepts - title: "基本を理解する" + title: "Kubernetesを理解する" description: "Kubernetesとその基本的なコンセプトを学びます。" button: "コンセプトを学ぶ" button_path: "/docs/concepts" @@ -40,11 +40,6 @@ cards: description: "一般的なタスク、そのタスクを短い手順でどのように実行するかを見てみます。" button: "タスクを見る" button_path: "/docs/tasks" -- name: training - title: "トレーニング" - description: "Kubernetesの資格を取得して、クラウドネイティブプロジェクトを成功させます!" - button: "トレーニングを見る" - button_path: "/training" - name: reference title: "リファレンス情報を調べる" description: "用語、コマンドラインの構文、APIリソースタイプ、そして構築ツールのドキュメントを見て回ります。" @@ -55,8 +50,13 @@ cards: description: "プロジェクトに不慣れでも、長い間関わっていたとしても、誰でもコントリビュートすることができます。" button: "ドキュメントにコントリビュートする" button_path: /docs/contribute -- name: release-notes - title: "K8sリリースノート" +- name: training + title: "トレーニング" + description: "Kubernetesの資格を取得して、クラウドネイティブプロジェクトを成功させます!" + button: "トレーニングを見る" + button_path: "/training" +- name: Download + title: "Kubernetesをダウンロードする" description: "もしKubernetesをインストールする、また最新バージョンにアップグレードする場合、最新のリリースノートを参照してください。" button: "Kubernetesをダウンロードする" button_path: "/releases/download" From b5e99d4a62a32e8f98425f68f9a15ebf6bb56dd9 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Wed, 3 Jan 2024 23:24:34 +0000 Subject: [PATCH 136/279] Simplify description for IdentifyPodOS Now that the feature gate is removed, we can rely on the main Pod documentation to explain what operating systems Kubernetes can support for Pods. --- .../feature-gates/identify-pod-os.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md index 91e38d57d785c..5910c8084ecd0 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/identify-pod-os.md @@ -25,5 +25,3 @@ removed: true --- Allows the Pod OS field to be specified. This helps in identifying the OS of the pod authoritatively during the API server admission time. -In Kubernetes {{< skew currentVersion >}}, the allowed values for the `pod.spec.os.name` -are `windows` and `linux`. From a599742e65fd6dcd1b707392a10c2187c25a7e4f Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Wed, 3 Jan 2024 23:30:51 +0000 Subject: [PATCH 137/279] Link to topology manager fine tuning docs from feature gate --- .../feature-gates/topology-manager-policy-options.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md index 5ca3237b88b50..6a59d8f40bd4e 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/topology-manager-policy-options.md @@ -14,4 +14,5 @@ stages: defaultValue: true fromVersion: "1.28" --- -Allow fine-tuning of topology manager policies, +Enable [fine-tuning](/docs/tasks/administer-cluster/topology-manager/#topology-manager-policy-options) +of topology manager policies. From 36d15c7fc3d0a01f01d7235e5fa0d489db83107a Mon Sep 17 00:00:00 2001 From: Arhell Date: Thu, 4 Jan 2024 02:42:03 +0200 Subject: [PATCH 138/279] [zh] Fix typo in TLS Secrets part --- content/zh-cn/docs/concepts/configuration/secret.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/docs/concepts/configuration/secret.md b/content/zh-cn/docs/concepts/configuration/secret.md index 0d463587de0e1..056d300eea582 100644 --- a/content/zh-cn/docs/concepts/configuration/secret.md +++ b/content/zh-cn/docs/concepts/configuration/secret.md @@ -645,14 +645,14 @@ Kubernetes 所提供的内置类型 `kubernetes.io/ssh-auth` 用来存放 SSH 提供 SSH 身份认证类型的 Secret 仅仅是出于方便性考虑。 你可以使用 `Opaque` 类型来保存用于 SSH 身份认证的凭据。 -不过,使用预定义的、公开的 Secret 类型(`kubernetes.io/ssh-auth`) +不过,使用预定义的、公开的 Secret 类型(`kubernetes.io/tls`) 有助于其他人理解你的 Secret 的用途,也可以就其中包含的主键名形成约定。 Kubernetes API 会验证这种类型的 Secret 中是否设定了所需的主键。 From 0e673d65be8708e189c180ab558d4c066d255a91 Mon Sep 17 00:00:00 2001 From: Karen Bradshaw Date: Wed, 3 Jan 2024 19:56:16 -0500 Subject: [PATCH 139/279] update en admin list - add kbhawkey to emeritus approvers - see related pull request: https://github.com/kubernetes/org/pull/4650 --- OWNERS | 1 + OWNERS_ALIASES | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/OWNERS b/OWNERS index da89f66200622..74982880e4322 100644 --- a/OWNERS +++ b/OWNERS @@ -13,6 +13,7 @@ emeritus_approvers: # - jaredbhatti, commented out to disable PR assignments # - jimangel, commented out to disable PR assignments # - kbarnard10, commented out to disable PR assignments +# - kbhawkey, commented out to disable PR assignments # - steveperry-53, commented out to disable PR assignments - stewart-yu # - zacharysarah, commented out to disable PR assignments diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 5b223b56fe489..0c9bf3503c756 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -12,7 +12,6 @@ aliases: sig-docs-localization-owners: # Admins for localization content - a-mccarthy - divya-mohan0209 - - kbhawkey - natalisucks - onlydole - reylejano @@ -28,7 +27,6 @@ aliases: sig-docs-en-owners: # Admins for English content - divya-mohan0209 - katcosgrove # RT 1.29 Docs Lead - - kbhawkey - natalisucks - nate-double-u - onlydole @@ -124,7 +122,6 @@ aliases: - ysyukr sig-docs-leads: # Website chairs and tech leads - divya-mohan0209 - - kbhawkey - natalisucks - onlydole - reylejano From 7bf084a69b21878e318737e2eba0ecbf189e6207 Mon Sep 17 00:00:00 2001 From: hunshcn Date: Thu, 4 Jan 2024 11:11:29 +0800 Subject: [PATCH 140/279] fix links in blog sig-architecture-conformance-spotlight-2023 Signed-off-by: hunshcn --- .../_posts/2023-10-05-sig-architecture-conformance-spotlight.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md b/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md index dbfd3d67a98ab..39e0ce8712273 100644 --- a/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md +++ b/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md @@ -26,7 +26,7 @@ sub-project](https://github.com/kubernetes/community/blob/master/sig-architectur bit about yourself, your role and how you got involved in Kubernetes. **Riaan Kleinhans (RK)**: Hi! My name is Riaan Kleinhans and I live in -South Africa. I am the Project manager for the [ii-Team](ii.nz) in New +South Africa. I am the Project manager for the [ii-Team](https://ii.nz) in New Zealand. When I joined ii the plan was to move to New Zealand in April 2020 and then Covid happened. Fortunately, being a flexible and dynamic team we were able to make it work remotely and in very From a4e38af85ac2892760d051ac28a6968dfb262a61 Mon Sep 17 00:00:00 2001 From: Jin Li Date: Tue, 2 Jan 2024 17:17:13 +0800 Subject: [PATCH 141/279] [zh-cn] sync service-accounts-admin.md Co-authored-by: Michael --- .../service-accounts-admin.md | 193 +++++++++++++++++- 1 file changed, 190 insertions(+), 3 deletions(-) diff --git a/content/zh-cn/docs/reference/access-authn-authz/service-accounts-admin.md b/content/zh-cn/docs/reference/access-authn-authz/service-accounts-admin.md index fc98545a57228..3d196833cdfae 100644 --- a/content/zh-cn/docs/reference/access-authn-authz/service-accounts-admin.md +++ b/content/zh-cn/docs/reference/access-authn-authz/service-accounts-admin.md @@ -5,10 +5,8 @@ weight: 50 --- +## 清理自动生成的传统 ServiceAccount 令牌 {#auto-generated-legacy-serviceaccount-token-clean-up} + +在 1.24 版本之前,Kubernetes 自动为 ServiceAccount 生成基于 Secret 的令牌。 +为了区分自动生成的令牌和手动创建的令牌,Kubernetes 会检查 ServiceAccount 的 +Secret 字段是否有引用。如果该 Secret 被 `secrets` 字段引用, +它被视为自动生成的传统令牌。否则,它被视为手动创建的传统令牌。例如: + + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: build-robot + namespace: default +secrets: + - name: build-robot-secret # 对于手动生成的令牌通常不会存在此字段 +``` + + +从 1.29 版本开始,如果传统 ServiceAccount +令牌在一定时间段(默认设置为一年)内未被使用,则会被标记为无效。 +在定义的时间段(同样默认为一年)持续未被使用的令牌将由控制平面自动清除。 + + +如果用户使用一个无效的自动生成的令牌,令牌验证器将执行以下操作: + +1. 为键值对 `authentication.k8s.io/legacy-token-invalidated: /` + 添加审计注解, +1. `invalid_legacy_auto_token_uses_total` 指标计数加一, +1. 更新 Secret 标签 `kubernetes.io/legacy-token-last-used` 为新日期, +1. 返回一个提示令牌已经无效的报错。 + + +当收到这个校验报错时,用户可以通过移除 `kubernetes.io/legacy-token-invalid-since` +标签更新 Secret,以临时允许使用此令牌。 + +以下是一个自动生成的传统令牌示例,它被标记了 `kubernetes.io/legacy-token-last-used` +和 `kubernetes.io/legacy-token-invalid-since` 标签: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: build-robot-secret + namespace: default + labels: + kubernetes.io/legacy-token-last-used: 2022-10-24 + kubernetes.io/legacy-token-invalid-since: 2023-10-25 + annotations: + kubernetes.io/service-account.name: build-robot +type: kubernetes.io/service-account-token +``` + +### 传统 ServiceAccount 令牌追踪控制器 + +{{< feature-state for_k8s_version="v1.28" state="stable" >}} + + +此控制器在 `kube-system` 命名空间中生成名为 +`kube-apiserver-legacy-service-account-token-tracking` 的 ConfigMap。 +这个 ConfigMap 记录了系统开始监视传统服务账户令牌的时间戳。 + + +### 传统 ServiceAccount 令牌清理器 + +{{< feature-state for_k8s_version="v1.29" state="beta" >}} + + +传统 ServiceAccount 令牌清理器作为 `kube-controller-manager` 的一部分运行, +每 24 小时检查一次,查看是否有任何自动生成的传统 ServiceAccount +令牌在**特定时间段**内未被使用。如果有的话,清理器会将这些令牌标记为无效。 + +清理器的工作方式是首先检查控制平面创建的 ConfigMap(前提是启用了 +`LegacyServiceAccountTokenTracking`)。如果当前时间是 ConfigMap +所包含日期之后的**特定时间段**,清理器会遍历集群中的 Secret 列表, +并评估每个类型为 `kubernetes.io/service-account-token` 的 Secret。 + + +如果一个 Secret 满足以下所有条件,清理器会将其标记为无效: + +- Secret 是自动生成的,意味着它被 ServiceAccount 双向引用。 +- Secret 当前没有被任何 Pod 挂载。 +- Secret 自从创建或上次使用以来的**特定时间段**未被使用过。 + + +清理器通过向 Secret 添加名为 `kubernetes.io/legacy-token-invalid-since` 的标签, +并将此值设置为当前日期,来标记 Secret 为无效。 +如果一个无效的 Secret 在**特定时间段**内未被使用,清理器将会删除它。 + +{{< note >}} + +上述所有的**特定时间段**都默认为一年。集群管理员可以通过 `kube-controller-manager` +组件的 `--legacy-service-account-token-clean-up-period` 命令行参数来配置此值。 +{{< /note >}} + ### TokenRequest API {{< feature-state for_k8s_version="v1.22" state="stable" >}} @@ -514,6 +690,17 @@ service-account-token Secret that you just created. 如果你在 `examplens` 名字空间中启动一个新的 Pod,它可以使用你刚刚创建的 `myserviceaccount` service-account-token Secret。 +{{< caution >}} + +不要在 ServiceAccount 的 `secrets` 字段中引用手动创建的 Secret。 +否则,如果这些手动创建的 Secret 长时间未被使用将会被清理掉。 +请参考[清理自动生成的传统 ServiceAccount 令牌](#auto-generated-legacy-serviceaccount-token-clean-up)。 +{{< /caution >}} + ### Alpha 和 Beta 状态的特性门控 {#feature-gates-for-alpha-or-beta-features} -{{< table caption="处于 Alpha 或 Beta 状态的特性门控" sortable="true" >}} - -| 特性 | 默认值 | 状态 | 开始(Since) | 结束(Until) | -|---------|---------|-------|---------------|---------------| -| `APIListChunking` | `false` | Alpha | 1.8 | 1.8 | -| `APIListChunking` | `true` | Beta | 1.9 | | -| `APIPriorityAndFairness` | `false` | Alpha | 1.18 | 1.19 | -| `APIPriorityAndFairness` | `true` | Beta | 1.20 | | -| `APIResponseCompression` | `false` | Alpha | 1.7 | 1.15 | -| `APIResponseCompression` | `true` | Beta | 1.16 | | -| `APIServerIdentity` | `false` | Alpha | 1.20 | 1.25 | -| `APIServerIdentity` | `true` | Beta | 1.26 | | -| `APIServerTracing` | `false` | Alpha | 1.22 | 1.26 | -| `APIServerTracing` | `true` | Beta | 1.27 | | -| `AdmissionWebhookMatchConditions` | `false` | Alpha | 1.27 | 1.27 | -| `AdmissionWebhookMatchConditions` | `true` | Beta | 1.28 | | -| `AggregatedDiscoveryEndpoint` | `false` | Alpha | 1.26 | 1.26 | -| `AggregatedDiscoveryEndpoint` | `true` | Beta | 1.27 | | -| `AnyVolumeDataSource` | `false` | Alpha | 1.18 | 1.23 | -| `AnyVolumeDataSource` | `true` | Beta | 1.24 | | -| `AppArmor` | `true` | Beta | 1.4 | | -| `CPUManagerPolicyAlphaOptions` | `false` | Alpha | 1.23 | | -| `CPUManagerPolicyBetaOptions` | `true` | Beta | 1.23 | | -| `CPUManagerPolicyOptions` | `false` | Alpha | 1.22 | 1.22 | -| `CPUManagerPolicyOptions` | `true` | Beta | 1.23 | | -| `CRDValidationRatcheting` | `false` | Alpha | 1.28 | | -| `CSIMigrationPortworx` | `false` | Alpha | 1.23 | 1.24 | -| `CSIMigrationPortworx` | `false` | Beta | 1.25 | | -| `CSINodeExpandSecret` | `false` | Alpha | 1.25 | 1.26 | -| `CSINodeExpandSecret` | `true` | Beta | 1.27 | | -| `CSIVolumeHealth` | `false` | Alpha | 1.21 | | -| `CloudControllerManagerWebhook` | `false` | Alpha | 1.27 | | -| `CloudDualStackNodeIPs` | `false` | Alpha | 1.27 | | -| `ClusterTrustBundle` | `false` | Alpha | 1.27 | | -| `ComponentSLIs` | `false` | Alpha | 1.26 | 1.26 | -| `ComponentSLIs` | `true` | Beta | 1.27 | | -| `ConsistentListFromCache` | `false` | Alpha | 1.28 | | -| `ContainerCheckpoint` | `false` | Alpha | 1.25 | | -| `ContextualLogging` | `false` | Alpha | 1.24 | | -| `CronJobsScheduledAnnotation` | `true` | Beta | 1.28 | | -| `CrossNamespaceVolumeDataSource` | `false` | Alpha| 1.26 | | -| `CustomCPUCFSQuotaPeriod` | `false` | Alpha | 1.12 | | -| `CustomResourceValidationExpressions` | `false` | Alpha | 1.23 | 1.24 | -| `CustomResourceValidationExpressions` | `true` | Beta | 1.25 | | -| `DevicePluginCDIDevices` | `false` | Alpha | 1.28 | | -| `DisableCloudProviders` | `false` | Alpha | 1.22 | | -| `DisableKubeletCloudCredentialProviders` | `false` | Alpha | 1.23 | | -| `DynamicResourceAllocation` | `false` | Alpha | 1.26 | | -| `ElasticIndexedJob` | `true` | Beta | 1.27 | | -| `EventedPLEG` | `false` | Alpha | 1.26 | 1.26 | -| `EventedPLEG` | `false` | Beta | 1.27 | | -| `GracefulNodeShutdown` | `false` | Alpha | 1.20 | 1.20 | -| `GracefulNodeShutdown` | `true` | Beta | 1.21 | | -| `GracefulNodeShutdownBasedOnPodPriority` | `false` | Alpha | 1.23 | 1.23 | -| `GracefulNodeShutdownBasedOnPodPriority` | `true` | Beta | 1.24 | | -| `HPAContainerMetrics` | `false` | Alpha | 1.20 | 1.26 | -| `HPAContainerMetrics` | `true` | Beta | 1.27 | | -| `HPAScaleToZero` | `false` | Alpha | 1.16 | | -| `HonorPVReclaimPolicy` | `false` | Alpha | 1.23 | | -| `InPlacePodVerticalScaling` | `false` | Alpha | 1.27 | | -| `InTreePluginAWSUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginAzureDiskUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginAzureFileUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginGCEUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginOpenStackUnregister` | `false` | Alpha | 1.21 | | -| `InTreePluginPortworxUnregister` | `false` | Alpha | 1.23 | | -| `InTreePluginvSphereUnregister` | `false` | Alpha | 1.21 | | -| `JobBackoffLimitPerIndex` | `false` | Alpha | 1.28 | | -| `JobPodFailurePolicy` | `false` | Alpha | 1.25 | 1.25 | -| `JobPodFailurePolicy` | `true` | Beta | 1.26 | | -| `JobPodReplacementPolicy` | `false` | Alpha | 1.28 | | -| `JobReadyPods` | `false` | Alpha | 1.23 | 1.23 | -| `JobReadyPods` | `true` | Beta | 1.24 | | -| `KMSv2` | `false` | Alpha | 1.25 | 1.26 | -| `KMSv2` | `true` | Beta | 1.27 | | -| `KMSv2KDF` | `false` | Beta | 1.28 | | -| `KubeProxyDrainingTerminatingNodes` | `false` | Alpha | 1.28 | | -| `KubeletCgroupDriverFromCRI` | `false` | Alpha | 1.28 | | -| `KubeletInUserNamespace` | `false` | Alpha | 1.22 | | -| `KubeletPodResourcesDynamicResources` | `false` | Alpha | 1.27 | | -| `KubeletPodResourcesGet` | `false` | Alpha | 1.27 | | -| `KubeletTracing` | `false` | Alpha | 1.25 | 1.26 | -| `KubeletTracing` | `true` | Beta | 1.27 | | -| `LegacyServiceAccountTokenCleanUp` | `false` | Alpha | 1.28 | | -| `LocalStorageCapacityIsolationFSQuotaMonitoring` | `false` | Alpha | 1.15 | - | -| `LogarithmicScaleDown` | `false` | Alpha | 1.21 | 1.21 | -| `LogarithmicScaleDown` | `true` | Beta | 1.22 | | -| `LoggingAlphaOptions` | `false` | Alpha | 1.24 | - | -| `LoggingBetaOptions` | `true` | Beta | 1.24 | - | -| `MatchLabelKeysInPodTopologySpread` | `false` | Alpha | 1.25 | 1.26 | -| `MatchLabelKeysInPodTopologySpread` | `true` | Beta | 1.27 | - | -| `MaxUnavailableStatefulSet` | `false` | Alpha | 1.24 | | -| `MemoryManager` | `false` | Alpha | 1.21 | 1.21 | -| `MemoryManager` | `true` | Beta | 1.22 | | -| `MemoryQoS` | `false` | Alpha | 1.22 | | -| `MinDomainsInPodTopologySpread` | `false` | Alpha | 1.24 | 1.24 | -| `MinDomainsInPodTopologySpread` | `false` | Beta | 1.25 | 1.26 | -| `MinDomainsInPodTopologySpread` | `true` | Beta | 1.27 | | -| `MultiCIDRRangeAllocator` | `false` | Alpha | 1.25 | | -| `MultiCIDRServiceAllocator` | `false` | Alpha | 1.27 | | -| `NewVolumeManagerReconstruction` | `false` | Beta | 1.27 | 1.27 | -| `NewVolumeManagerReconstruction` | `true` | Beta | 1.28 | | -| `NodeInclusionPolicyInPodTopologySpread` | `false` | Alpha | 1.25 | 1.25 | -| `NodeInclusionPolicyInPodTopologySpread` | `true` | Beta | 1.26 | | -| `NodeLogQuery` | `false` | Alpha | 1.27 | | -| `NodeSwap` | `false` | Alpha | 1.22 | 1.27 | -| `NodeSwap` | `false` | Beta | 1.28 | | -| `OpenAPIEnums` | `false` | Alpha | 1.23 | 1.23 | -| `OpenAPIEnums` | `true` | Beta | 1.24 | | -| `PDBUnhealthyPodEvictionPolicy` | `false` | Alpha | 1.26 | 1.26 | -| `PDBUnhealthyPodEvictionPolicy` | `true` | Beta | 1.27 | | -| `PersistentVolumeLastPhaseTransistionTime` | `false` | Alpha | 1.28 | | -| `PodAndContainerStatsFromCRI` | `false` | Alpha | 1.23 | | -| `PodDeletionCost` | `false` | Alpha | 1.21 | 1.21 | -| `PodDeletionCost` | `true` | Beta | 1.22 | | -| `PodDisruptionConditions` | `false` | Alpha | 1.25 | 1.25 | -| `PodDisruptionConditions` | `true` | Beta | 1.26 | | -| `PodHostIPs` | `false` | Alpha | 1.28 | | -| `PodIndexLabel` | `true` | Beta | 1.28 | | -| `PodReadyToStartContainersCondition` | `false` | Alpha | 1.28 | | -| `PodSchedulingReadiness` | `false` | Alpha | 1.26 | 1.26 | -| `PodSchedulingReadiness` | `true` | Beta | 1.27 | | -| `ProcMountType` | `false` | Alpha | 1.12 | | -| `QOSReserved` | `false` | Alpha | 1.11 | | -| `ReadWriteOncePod` | `false` | Alpha | 1.22 | 1.26 | -| `ReadWriteOncePod` | `true` | Beta | 1.27 | | -| `RecoverVolumeExpansionFailure` | `false` | Alpha | 1.23 | | -| `RemainingItemCount` | `false` | Alpha | 1.15 | 1.15 | -| `RemainingItemCount` | `true` | Beta | 1.16 | | -| `RotateKubeletServerCertificate` | `false` | Alpha | 1.7 | 1.11 | -| `RotateKubeletServerCertificate` | `true` | Beta | 1.12 | | -| `SELinuxMountReadWriteOncePod` | `false` | Alpha | 1.25 | 1.26 | -| `SELinuxMountReadWriteOncePod` | `false` | Beta | 1.27 | 1.27 | -| `SELinuxMountReadWriteOncePod` | `true` | Beta | 1.28 | | -| `SchedulerQueueingHints` | `true` | Beta | 1.28 | | -| `SecurityContextDeny` | `false` | Alpha | 1.27 | | -| `ServiceNodePortStaticSubrange` | `false` | Alpha | 1.27 | 1.27 | -| `ServiceNodePortStaticSubrange` | `true` | Beta | 1.28 | | -| `SidecarContainers` | `false` | Alpha | 1.28 | | -| `SizeMemoryBackedVolumes` | `false` | Alpha | 1.20 | 1.21 | -| `SizeMemoryBackedVolumes` | `true` | Beta | 1.22 | | -| `SkipReadOnlyValidationGCE` | `false` | Alpha | 1.28 | | -| `StableLoadBalancerNodeSet` | `true` | Beta | 1.27 | | -| `StatefulSetAutoDeletePVC` | `false` | Alpha | 1.23 | 1.26 | -| `StatefulSetAutoDeletePVC` | `true` | Beta | 1.27 | | -| `StatefulSetStartOrdinal` | `false` | Alpha | 1.26 | 1.26 | -| `StatefulSetStartOrdinal` | `true` | Beta | 1.27 | | -| `StorageVersionAPI` | `false` | Alpha | 1.20 | | -| `StorageVersionHash` | `false` | Alpha | 1.14 | 1.14 | -| `StorageVersionHash` | `true` | Beta | 1.15 | | -| `TopologyAwareHints` | `false` | Alpha | 1.21 | 1.22 | -| `TopologyAwareHints` | `false` | Beta | 1.23 | 1.23 | -| `TopologyAwareHints` | `true` | Beta | 1.24 | | -| `TopologyManagerPolicyAlphaOptions` | `false` | Alpha | 1.26 | | -| `TopologyManagerPolicyBetaOptions` | `false` | Beta | 1.26 | 1.27 | -| `TopologyManagerPolicyBetaOptions` | `true` | Beta | 1.28 | | -| `TopologyManagerPolicyOptions` | `false` | Alpha | 1.26 | 1.27 | -| `TopologyManagerPolicyOptions` | `true` | Beta | 1.28 | | -| `UnauthenticatedHTTP2DOSMitigation` | `false` | Beta | 1.28 | | -| `UnknownVersionInteroperabilityProxy` | `false` | Alpha | 1.28 | | -| `UserNamespacesSupport` | `false` | Alpha | 1.28 | | -| `ValidatingAdmissionPolicy` | `false` | Alpha | 1.26 | 1.27 | -| `ValidatingAdmissionPolicy` | `false` | Beta | 1.28 | | -| `VolumeCapacityPriority` | `false` | Alpha | 1.21 | | -| `WatchList` | `false` | Alpha | 1.27 | | -| `WinDSR` | `false` | Alpha | 1.14 | | -| `WinOverlay` | `false` | Alpha | 1.14 | 1.19 | -| `WinOverlay` | `true` | Beta | 1.20 | | -| `WindowsHostNetwork` | `true` | Alpha | 1.26 | | -{{< /table >}} +{{< feature-gate-table include="alpha,beta" caption="处于 Alpha 或 Beta 状态的特性门控" >}} + ### 已毕业和已废弃的特性门控 {#feature-gates-for-graduated-or-deprecated-features} -{{< table caption="已毕业或不推荐使用的特性门控" sortable="true" >}} - -| 特性 | 默认值 | 状态 | 开始(Since) | 结束(Until) | -|---------|---------|-------|---------------|---------------| -| `APISelfSubjectReview` | `false` | Alpha | 1.26 | 1.26 | -| `APISelfSubjectReview` | `true` | Beta | 1.27 | 1.27 | -| `APISelfSubjectReview` | `true` | GA | 1.28 | - | -| `CPUManager` | `false` | Alpha | 1.8 | 1.9 | -| `CPUManager` | `true` | Beta | 1.10 | 1.25 | -| `CPUManager` | `true` | GA | 1.26 | - | -| `CSIMigrationAzureFile` | `false` | Alpha | 1.15 | 1.20 | -| `CSIMigrationAzureFile` | `false` | Beta | 1.21 | 1.23 | -| `CSIMigrationAzureFile` | `true` | Beta | 1.24 | 1.25 | -| `CSIMigrationAzureFile` | `true` | GA | 1.26 | | -| `CSIMigrationRBD` | `false` | Alpha | 1.23 | 1.27 | -| `CSIMigrationRBD` | `false` | Deprecated | 1.28 | | -| `CSIMigrationvSphere` | `false` | Alpha | 1.18 | 1.18 | -| `CSIMigrationvSphere` | `false` | Beta | 1.19 | 1.24 | -| `CSIMigrationvSphere` | `true` | Beta | 1.25 | 1.25 | -| `CSIMigrationvSphere` | `true` | GA | 1.26 | - | -| `ConsistentHTTPGetHandlers` | `true` | GA | 1.25 | - | -| `CronJobTimeZone` | `false` | Alpha | 1.24 | 1.24 | -| `CronJobTimeZone` | `true` | Beta | 1.25 | 1.26 | -| `CronJobTimeZone` | `true` | GA | 1.27 | - | -| `DaemonSetUpdateSurge` | `false` | Alpha | 1.21 | 1.21 | -| `DaemonSetUpdateSurge` | `true` | Beta | 1.22 | 1.24 | -| `DaemonSetUpdateSurge` | `true` | GA | 1.25 | | -| `DefaultHostNetworkHostPortsInPodTemplates` | `false` | Deprecated | 1.28 | | -| `DownwardAPIHugePages` | `false` | Alpha | 1.20 | 1.20 | -| `DownwardAPIHugePages` | `false` | Beta | 1.21 | 1.21 | -| `DownwardAPIHugePages` | `true` | Beta | 1.22 | 1.26 | -| `DownwardAPIHugePages` | `true` | GA | 1.27 | | -| `EfficientWatchResumption` | `false` | Alpha | 1.20 | 1.20 | -| `EfficientWatchResumption` | `true` | Beta | 1.21 | 1.23 | -| `EfficientWatchResumption` | `true` | GA | 1.24 | | -| `ExecProbeTimeout` | `true` | GA | 1.20 | | -| `ExpandedDNSConfig` | `false` | Alpha | 1.22 | 1.25 | -| `ExpandedDNSConfig` | `true` | Beta | 1.26 | 1.27 | -| `ExpandedDNSConfig` | `true` | GA | 1.28 | | -| `ExperimentalHostUserNamespaceDefaulting` | `false` | Beta | 1.5 | 1.27 | -| `ExperimentalHostUserNamespaceDefaulting` | `false` | Deprecated | 1.28 | | -| `GRPCContainerProbe` | `false` | Alpha | 1.23 | 1.23 | -| `GRPCContainerProbe` | `true` | Beta | 1.24 | 1.26 | -| `GRPCContainerProbe` | `true` | GA | 1.27 | | -| `IPTablesOwnershipCleanup` | `false` | Alpha | 1.25 | 1.26 | -| `IPTablesOwnershipCleanup` | `true` | Beta | 1.27 | 1.27 | -| `IPTablesOwnershipCleanup` | `true` | GA | 1.28 | | -| `InTreePluginRBDUnregister` | `false` | Alpha | 1.23 | 1.27 | -| `InTreePluginRBDUnregister` | `false` | Deprecated | 1.28 | | -| `JobMutableNodeSchedulingDirectives` | `true` | Beta | 1.23 | 1.26 | -| `JobMutableNodeSchedulingDirectives` | `true` | GA | 1.27 | | -| `JobTrackingWithFinalizers` | `false` | Alpha | 1.22 | 1.22 | -| `JobTrackingWithFinalizers` | `false` | Beta | 1.23 | 1.24 | -| `JobTrackingWithFinalizers` | `true` | Beta | 1.25 | 1.25 | -| `JobTrackingWithFinalizers` | `true` | GA | 1.26 | | -| `KMSv1` | `true` | Deprecated | 1.28 | | -| `KubeletPodResources` | `false` | Alpha | 1.13 | 1.14 | -| `KubeletPodResources` | `true` | Beta | 1.15 | 1.27 | -| `KubeletPodResources` | `true` | GA | 1.28 | | -| `KubeletPodResourcesGetAllocatable` | `false` | Alpha | 1.21 | 1.22 | -| `KubeletPodResourcesGetAllocatable` | `true` | Beta | 1.23 | 1.27 | -| `KubeletPodResourcesGetAllocatable` | `true` | GA | 1.28 | | -| `LegacyServiceAccountTokenNoAutoGeneration` | `true` | Beta | 1.24 | 1.25 | -| `LegacyServiceAccountTokenNoAutoGeneration` | `true` | GA | 1.26 | | -| `LegacyServiceAccountTokenTracking` | `false` | Alpha | 1.26 | 1.26 | -| `LegacyServiceAccountTokenTracking` | `true` | Beta | 1.27 | 1.27 | -| `LegacyServiceAccountTokenTracking` | `true` | GA | 1.28 | | -| `MinimizeIPTablesRestore` | `false` | Alpha | 1.26 | 1.26 | -| `MinimizeIPTablesRestore` | `true` | Beta | 1.27 | 1.27 | -| `MinimizeIPTablesRestore` | `true` | GA | 1.28 | | -| `NodeOutOfServiceVolumeDetach` | `false` | Alpha | 1.24 | 1.25 | -| `NodeOutOfServiceVolumeDetach` | `true` | Beta | 1.26 | 1.27 | -| `NodeOutOfServiceVolumeDetach` | `true` | GA | 1.28 | | -| `OpenAPIV3` | `false` | Alpha | 1.23 | 1.23 | -| `OpenAPIV3` | `true` | Beta | 1.24 | 1.26 | -| `OpenAPIV3` | `true` | GA | 1.27 | | -| `ProbeTerminationGracePeriod` | `false` | Alpha | 1.21 | 1.21 | -| `ProbeTerminationGracePeriod` | `false` | Beta | 1.22 | 1.24 | -| `ProbeTerminationGracePeriod` | `true` | Beta | 1.25 | 1.27 | -| `ProbeTerminationGracePeriod` | `true` | GA | 1.28 | | -| `ProxyTerminatingEndpoints` | `false` | Alpha | 1.22 | 1.25 | -| `ProxyTerminatingEndpoints` | `true` | Beta | 1.26 | 1.27 | -| `ProxyTerminatingEndpoints` | `true` | GA | 1.28 | | -| `RemoveSelfLink` | `false` | Alpha | 1.16 | 1.19 | -| `RemoveSelfLink` | `true` | Beta | 1.20 | 1.23 | -| `RemoveSelfLink` | `true` | GA | 1.24 | | -| `RetroactiveDefaultStorageClass` | `false` | Alpha | 1.25 | 1.25 | -| `RetroactiveDefaultStorageClass` | `true` | Beta | 1.26 | 1.27 | -| `RetroactiveDefaultStorageClass` | `true` | GA | 1.28 | | -| `SeccompDefault` | `false` | Alpha | 1.22 | 1.24 | -| `SeccompDefault` | `true` | Beta | 1.25 | 1.26 | -| `SeccompDefault` | `true` | GA | 1.27 | - | -| `ServerSideApply` | `false` | Alpha | 1.14 | 1.15 | -| `ServerSideApply` | `true` | Beta | 1.16 | 1.21 | -| `ServerSideApply` | `true` | GA | 1.22 | - | -| `ServerSideFieldValidation` | `false` | Alpha | 1.23 | 1.24 | -| `ServerSideFieldValidation` | `true` | Beta | 1.25 | 1.26 | -| `ServerSideFieldValidation` | `true` | GA | 1.27 | - | -| `TopologyManager` | `false` | Alpha | 1.16 | 1.17 | -| `TopologyManager` | `true` | Beta | 1.18 | 1.26 | -| `TopologyManager` | `true` | GA | 1.27 | - | -| `WatchBookmark` | `false` | Alpha | 1.15 | 1.15 | -| `WatchBookmark` | `true` | Beta | 1.16 | 1.16 | -| `WatchBookmark` | `true` | GA | 1.17 | - | -{{< /table >}} +{{< feature-gate-table include="ga,deprecated" caption="已毕业或已废弃的特性门控" >}} - ### 特性门控列表 {#feature-gates} 每个特性门控均用于启用或禁用某个特定的特性: - -- `AdmissionWebhookMatchConditions`:在转换和验证准入 Webhook - 上启用[匹配条件](/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchconditions) - -- `APIListChunking`:启用 API 客户端以块的形式从 API 服务器检索(`LIST` 或 `GET`)资源。 -- `APIPriorityAndFairness`:在每个服务器上启用优先级和公平性来管理请求并发(由 `RequestManagement` 重命名而来)。 -- `APIResponseCompression`:压缩 `LIST` 或 `GET` 请求的 API 响应。 -- `APISelfSubjectReview`:激活 `SelfSubjectReview` API,允许用户查看请求主体的身份验证信息。 - 更多细节请参阅 [API 访问客户端的身份验证信息](/zh-cn/docs/reference/access-authn-authz/authentication/#self-subject-review)。 -- `APIServerIdentity`:使用[租约](/zh-cn/docs/concepts/architecture/leases)为集群中的每个 - API 服务器赋予一个 ID。 -- `APIServerTracing`:为集群中的每个 API 服务器添加对分布式跟踪的支持。 - 参阅[针对 Kubernetes 系统组件的追踪](/zh-cn/docs/concepts/cluster-administration/system-traces/) - 获取更多详细信息。 - -- `AggregatedDiscoveryEndpoint`:启用单个 HTTP 端点 `/discovery/`, - 支持用 ETag 进行原生 HTTP 缓存,包含 API 服务器已知的所有 APIResource。 -- `AnyVolumeDataSource`:允许使用任何自定义的资源来做作为 - {{< glossary_tooltip text="PVC" term_id="persistent-volume-claim" >}} 中的 `DataSource`。 -- `AppArmor`:在 Linux 节点上为 Pod 启用 AppArmor 机制的强制访问控制。 - 请参见 [AppArmor 教程](/zh-cn/docs/tutorials/security/apparmor/)获取详细信息。 - -- `CPUManager`:启用容器级别的 CPU 亲和性支持,有关更多详细信息,请参见 - [CPU 管理策略](/zh-cn/docs/tasks/administer-cluster/cpu-management-policies/)。 -- `CPUManagerPolicyAlphaOptions`:允许对 CPUManager 策略进行微调,针对试验性的、Alpha 质量级别的选项。 - 此特性门控用来保护一组质量级别为 Alpha 的 CPUManager 选项。 - 此特性门控永远不会被升级为 Beta 或者稳定版本。 -- `CPUManagerPolicyBetaOptions`:允许对 CPUManager 策略进行微调,针对试验性的、Beta 质量级别的选项。 - 此特性门控用来保护一组质量级别为 Beta 的 CPUManager 选项。 - 此特性门控永远不会被升级为稳定版本。 -- `CPUManagerPolicyOptions`:允许微调 CPU 管理策略。 - -- `CSIMigrationAzureFile`:确保封装和转换逻辑能够将卷操作从 AzureFile 内嵌插件路由到 - AzureFile CSI 插件。对于禁用了此特性的节点或者没有安装并配置 AzureFile CSI - 插件的节点,支持回退到内嵌(in-tree)AzureFile 插件来执行卷挂载操作。 - 不支持回退到内嵌插件来执行卷制备操作,因为对应的 CSI 插件必须已安装且正确配置。 - 此特性需要启用 CSIMigration 特性标志。 - -- `CSIMigrationRBD`:启用填充和转换逻辑,将卷操作从 RBD 的内嵌插件路由到 Ceph RBD - CSI 插件。此特性要求 CSIMigration 和 csiMigrationRBD 特性标志均被启用, - 且集群中安装并配置了 Ceph CSI 插件。此标志已被弃用,以鼓励使用 - `InTreePluginRBDUnregister` 特性标志。后者会禁止注册内嵌的 RBD 插件。 - -- `CSIMigrationvSphere`:允许封装和转换逻辑将卷操作从 vSphere 内嵌插件路由到 - vSphere CSI 插件。如果节点禁用了此特性门控或者未安装和配置 vSphere CSI 插件, - 则支持回退到 vSphere 内嵌插件来执行挂载操作。 - 不支持回退到内嵌插件来执行制备操作,因为对应的 CSI 插件必须已安装且正确配置。 - 这需要启用 CSIMigration 特性标志。 - -- `CSIMigrationPortworx`:启用填充和转换逻辑,将卷操作从 Portworx 内嵌插件路由到 - Portworx CSI 插件。需要在集群中安装并配置 Portworx CSI 插件. - -- `CSINodeExpandSecret`:允许在 `NodeExpandVolume` CSI 操作期间将 Secret - 身份验证数据传递到 CSI 驱动以供后者使用。 -- `CSIVolumeHealth`:启用对节点上的 CSI 卷运行状况监控的支持。 - -- `CloudControllerManagerWebhook`:启用在云控制器管理器中的 Webhook。 -- `CloudDualStackNodeIPs`:允许在外部云驱动中通过 `kubelet --node-ip` 设置双协议栈。 - 有关详细信息,请参阅[配置 IPv4/IPv6 双协议栈](/zh-cn/docs/concepts/services-networking/dual-stack/#configure-ipv4-ipv6-dual-stack)。 -- `ClusterTrustBundle`:启用 ClusterTrustBundle 对象和 kubelet 集成。 - -- `ComponentSLIs`:在 kubelet、kube-scheduler、kube-proxy、kube-controller-manager、cloud-controller-manager - 等 Kubernetes 组件上启用 `/metrics/slis` 端点,从而允许你抓取健康检查指标。 -- `ConsistentHTTPGetHandlers`:使用探测器为生命周期处理程序规范化 HTTP get URL 和标头传递。 -- `ConsistentListFromCache`:允许 API 服务器从缓存中提供一致的列表。 -- `ContainerCheckpoint`: 启用 kubelet `checkpoint` API。 - 详情见 [Kubelet Checkpoint API](/zh-cn/docs/reference/node/kubelet-checkpoint-api/)。 -- `ContextualLogging`:当你启用这个特性门控,支持日志上下文记录的 Kubernetes - 组件会为日志输出添加额外的详细内容。 -- `CronJobsScheduledAnnotation`:将调度作业的时间设置为代表 CronJob 创建的作业上的一个 - {{< glossary_tooltip text="注解" term_id="annotation" >}}。 -- `CronJobTimeZone`:允许在 [CronJobs](/zh-cn/docs/concepts/workloads/controllers/cron-jobs/) - 中使用 `timeZone` 可选字段。 - -- `CRDValidationRatcheting`:如果资源更新的冲突部分未发生变化,则启用对自定义资源的更新以包含对 OpenAPI 模式的违规条目。 - 详情参见[验证递进](/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-ratcheting)。 -- `CrossNamespaceVolumeDataSource`:启用跨名字空间卷数据源,以允许你在 PersistentVolumeClaim - 的 `dataSourceRef` 字段中指定一个源名字空间。 -- `CustomCPUCFSQuotaPeriod`:使节点能够更改 - [kubelet 配置](/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/)中的 `cpuCFSQuotaPeriod`。 -- `CustomResourceValidationExpressions`:启用 CRD 中的表达式语言合法性检查, - 基于 `x-kubernetes-validations` 扩展中所书写的合法性检查规则来验证定制资源。 - -- `DaemonSetUpdateSurge`:使 DaemonSet 工作负载在每个节点的更新期间保持可用性。 - 参阅[对 DaemonSet 执行滚动更新](/zh-cn/docs/tasks/manage-daemon/update-daemon-set/)。 - -- `DefaultHostNetworkHostPortsInPodTemplates`:更改何时分配 `PodSpec.containers[*].ports[*].hostPort` 的默认值。 - 默认仅在 Pod 中设置默认值。启用此特性意味着即使在嵌套的 PodSpec(例如 Deployment 中)中也会分配默认值, - 这是以前的默认行为。 -- `DevicePluginCDIDevices`:启用[设备插件](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/) - API 对 CDI 设备 ID 的支持。 - -- `DisableCloudProviders`:禁用 `kube-apiserver`,`kube-controller-manager` 和 - `kubelet` 组件的 `--cloud-provider` 标志相关的所有功能。 -- `DisableKubeletCloudCredentialProviders`:禁用 kubelet 中为拉取镜像内置的凭据机制, - 该凭据用于向某云提供商的容器镜像仓库执行身份认证。 -- `DownwardAPIHugePages`: - 允许在[下行(Downward)API](/zh-cn/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information) - 中使用巨页信息。 - -- `DynamicResourceAllocation`:启用对具有自定义参数和独立于 Pod 生命周期的资源的支持。 -- `ElasticIndexedJob`:通过同时改变 `spec.completions` 和 `spec.parallelism` - 使得 `spec.completions == spec.parallelism` 来对带索引的 Job 执行扩容或缩容。 - 有关详细信息,请参阅有关[弹性的带索引的 Job](/zh-cn/docs/concepts/workloads/controllers/job#elastic-indexed-jobs) 的文档。 -- `EfficientWatchResumption`:允许将存储发起的书签(进度通知)事件传递给用户。 - 这仅适用于监视操作。 - -- `EventedPLEG`:启用此特性后,kubelet 能够通过 {{}} - 扩展从{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}接收容器生命周期事件。 - (PLEG 是 `Pod lifecycle event generator` 的缩写,即 Pod 生命周期事件生成器)。 - 要使用此特性,你还需要在集群中运行的每个容器运行时中启用对容器生命周期事件的支持。 - 如果容器运行时未宣布支持容器生命周期事件,即使你已启用了此特性门控,kubelet 也会自动切换到原有的通用 PLEG 机制。 -- `ExecProbeTimeout`:确保 kubelet 会遵从 exec 探针的超时值设置。 - 此特性门控的主要目的是方便你处理现有的、依赖于已被修复的缺陷的工作负载; - 该缺陷导致 Kubernetes 会忽略 exec 探针的超时值设置。 - 参阅[就绪态探针](/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes). - -- `ExpandedDNSConfig`:在 kubelet 和 kube-apiserver 上启用后, - 允许使用更多的 DNS 搜索域和搜索域列表。此功能特性需要容器运行时 - (containerd v1.5.6 或更高,CRI-O v1.22 或更高)的支持。 - 参阅[扩展 DNS 配置](/zh-cn/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration). - -- `ExperimentalHostUserNamespaceDefaulting`:启用主机默认的用户名字空间。 - 这适用于使用其他主机名字空间、主机安装的容器,或具有特权或使用特定的非名字空间功能 - (例如 MKNODE、SYS_MODULE 等)的容器。 - 如果在 Docker 守护程序中启用了用户名字空间重新映射,则启用此选项。 -- `GracefulNodeShutdown`:在 kubelet 中启用体面地关闭节点的支持。 - 在系统关闭时,kubelet 会尝试监测该事件并体面地终止节点上运行的 Pod。 - 参阅[体面地关闭节点](/zh-cn/docs/concepts/architecture/nodes/#graceful-node-shutdown)以了解更多细节。 - -- `GracefulNodeShutdownBasedOnPodPriority`:允许 kubelet 在体面终止节点时检查 - Pod 的优先级。 -- `GRPCContainerProbe`:为活跃态、就绪态和启动探针启用 gRPC 探针。 - 参阅[配置活跃态、就绪态和启动探针](/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-grpc-liveness-probe)。 -- `HonorPVReclaimPolicy`:无论 PV 和 PVC 的删除顺序如何,当持久卷申领的策略为 `Delete` - 时,确保这种策略得到处理。 - 更多详细信息,请参阅 [PersistentVolume 删除保护 finalizer](/zh-cn/docs/concepts/storage/persistent-volumes/#persistentvolume-deletion-protection-finalizer) 文档。 - -- `HPAContainerMetrics`:允许 `HorizontalPodAutoscaler` 基于目标 Pods 中各容器的度量值来执行扩缩操作。 -- `HPAScaleToZero`:使用自定义指标或外部指标时,可将 `HorizontalPodAutoscaler` - 资源的 `minReplicas` 设置为 0。 - -- `IPTablesOwnershipCleanup`:这使得 kubelet 不再创建传统的 iptables 规则。 -- `InPlacePodVerticalScaling`:启用就地 Pod 垂直扩缩。 - -- `InTreePluginAWSUnregister`:在 kubelet 和卷控制器上关闭注册 aws-ebs 内嵌插件。 -- `InTreePluginAzureDiskUnregister`:在 kubelet 和卷控制器上关闭注册 azuredisk 内嵌插件。 -- `InTreePluginAzureFileUnregister`:在 kubelet 和卷控制器上关闭注册 azurefile 内嵌插件。 - -- `InTreePluginGCEUnregister`:在 kubelet 和卷控制器上关闭注册 gce-pd 内嵌插件。 -- `InTreePluginOpenStackUnregister`:在 kubelet 和卷控制器上关闭注册 OpenStack cinder 内嵌插件。 -- `InTreePluginPortworxUnregister`:在 kubelet 和卷控制器上关闭注册 Portworx 内嵌插件。 -- `InTreePluginRBDUnregister`:在 kubelet 和卷控制器上关闭注册 RBD 内嵌插件。 - -- `InTreePluginvSphereUnregister`:在 kubelet 和卷控制器上关闭注册 vSphere 内嵌插件。 - -- `JobMutableNodeSchedulingDirectives`:允许在 [Job](/zh-cn/docs/concepts/workloads/controllers/job/) - 的 Pod 模板中更新节点调度指令。 -- `JobBackoffLimitPerIndex`:允许在索引作业中指定每个索引的最大 Pod 重试次数。 -- `JobPodFailurePolicy`:允许用户根据容器退出码和 Pod 状况来指定 Pod 失效的处理方法。 -- `JobPodReplacementPolicy`:允许你在 [Job](/zh-cn/docs/concepts/workloads/controllers/job/) - 中为终止的 Pod 指定替代 Pod。 -- `JobReadyPods`:允许跟踪[状况](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions)为 - `Ready` 的 Pod 的个数。`Ready` 的 Pod 记录在 - [Job](/zh-cn/docs/concepts/workloads/controllers/job/) 对象的 - [status](/zh-cn/docs/reference/kubernetes-api/workload-resources/job-v1/#JobStatus) 字段中。 - -- `JobTrackingWithFinalizers`:启用跟踪 [Job](/zh-cn/docs/concepts/workloads/controllers/job/) - 完成情况,而不是永远从集群剩余 Pod 来获取信息判断完成情况。Job 控制器使用 - Pod finalizers 和 Job 状态中的一个字段来跟踪已完成的 Pod 以计算完成。 - -- `KMSv1`:启用 KMS v1 API 以进行数据静态加密。 - 详情参见[使用 KMS 提供程序进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。 -- `KMSv2`:启用 KMS v2 API 以实现静态加密。 - 详情参见[使用 KMS 驱动进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。 -- `KMSv2KDF`:启用 KMS v2 以生成一次性数据加密密钥。 - 详情参见[使用 KMS 提供程序进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。 - 如果 `KMSv2` 特性门控在你的集群未被启用 ,则 `KMSv2KDF` 特性门控的值不会产生任何影响。 -- `KubeProxyDrainingTerminatingNodes`:为 `externalTrafficPolicy: Cluster` 服务实现正终止节点的连接排空。 - -- `KubeletCgroupDriverFromCRI`:启用检测来自 {{}} - 的 kubelet cgroup 驱动配置选项。你可以在支持该特性门控的 kubelet 节点上使用此特性门控, - 也可以在支持 `RuntimeConfig` CRI 调用的 CRI 容器运行时所在节点上使用此特性门控。 - 如果 CRI 和 kubelet 都支持此特性,kubelet 将忽略 `cgroupDriver` 配置设置(或已弃用的 `--cgroup-driver` 命令行参数)。 - 如果你启用此特性门控但容器运行时不支持它,则 kubelet 将回退到使用通过 `cgroupDriver` 配置设置进行配置的驱动。 - 详情参见[配置 cgroup 驱动](/zh-cn/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/)。 - -- `KubeletInUserNamespace`:支持在{{}}里运行 kubelet。 - 请参见[使用非 Root 用户来运行 Kubernetes 节点组件](/zh-cn/docs/tasks/administer-cluster/kubelet-in-userns/)。 - -- `KubeletPodResources`:启用 kubelet 上 Pod 资源 GRPC 端点。更多详细信息, - 请参见[支持设备监控](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/compute-device-assignment.md)。 -- `KubeletPodResourcesGet`:在 kubelet 上为 Pod 资源启用 `Get` gRPC 端点。 - 此 API 增强了[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)。 -- `KubeletPodResourcesGetAllocatable`:启用 kubelet 的 Pod 资源的 `GetAllocatableResources` 功能。 - 该 API 增强了[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources) - 包含有关可分配资源的信息,使客户端能够正确跟踪节点上的可用计算资源。 - -- `KubeletPodResourcesDynamicResources`:扩展 kubelet 的 pod 资源 gRPC 端点以包括通过 - `DynamicResourceAllocation` API 在 `ResourceClaims` 中分配的资源。 - 有关详细信息,请参阅[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)。 -- `KubeletTracing`:新增在 Kubelet 中对分布式追踪的支持。 - 启用时,kubelet CRI 接口和经身份验证的 http 服务器被插桩以生成 OpenTelemetry 追踪 span。 - 参阅[针对 Kubernetes 系统组件的追踪](/zh-cn/docs/concepts/cluster-administration/system-traces/) - 获取更多详细信息。 -- `LegacyServiceAccountTokenNoAutoGeneration`:停止基于 Secret - 自动生成[服务账号令牌](/zh-cn/docs/concepts/security/service-accounts/#get-a-token)。 -- `LegacyServiceAccountTokenCleanUp`:当服务账号令牌在指定时间内(默认为一年)未被使用时, - 启用基于 Secret 清理[服务账号令牌](/zh-cn/docs/concepts/security/service-accounts/#get-a-token)。 -- `LegacyServiceAccountTokenTracking`:跟踪使用基于 Secret - 的[服务账号令牌](/zh-cn/docs/concepts/security/service-accounts/#get-a-token)。 - -- `LocalStorageCapacityIsolationFSQuotaMonitoring`:如果 - [本地临时存储](/zh-cn/docs/concepts/configuration/manage-resources-containers/)启用了 - `LocalStorageCapacityIsolation`,并且 - [emptyDir 卷](/zh-cn/docs/concepts/storage/volumes/#emptydir)的后备文件系统支持项目配额, - 并且启用了这些配额,将使用项目配额来监视 - [emptyDir 卷](/zh-cn/docs/concepts/storage/volumes/#emptydir)的存储消耗而不是遍历文件系统, - 以此获得更好的性能和准确性。 - -- `LogarithmicScaleDown`:启用 Pod 的半随机(semi-random)选择,控制器将根据 Pod - 时间戳的对数桶按比例缩小去驱逐 Pod。 -- `LoggingAlphaOptions`:允许微调实验性的、Alpha 质量的日志选项。 -- `LoggingBetaOptions`:允许微调实验性的、Beta 质量的日志选项。 -- `MatchLabelKeysInPodTopologySpread`:为 - [Pod 拓扑分布约束](/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/) - 启用 `matchLabelKeys` 字段。 -- `MaxUnavailableStatefulSet`:启用为 StatefulSet - 的[滚动更新策略](/zh-cn/docs/concepts/workloads/controllers/statefulset/#rolling-updates)设置 - `maxUnavailable` 字段。该字段指定更新过程中不可用 Pod 个数的上限。 -- `MemoryManager`:允许基于 NUMA 拓扑为容器设置内存亲和性。 -- `MemoryQoS`:使用 cgroup v2 内存控制器在 Pod / 容器上启用内存保护和使用限制。 -- `MinDomainsInPodTopologySpread`:在 - [Pod 拓扑分布约束](/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/)中启用 `minDomains`。 -- `MinimizeIPTablesRestore`:在 kube-proxy iptables 模式中启用新的性能改进逻辑。 - -- `MultiCIDRRangeAllocator`:启用 MultiCIDR 网段分配机制。 -- `MultiCIDRServiceAllocator`: 使用 IPAddress 对象跟踪 Service 的集群 IP 的 IP 地址分配。 -- `NewVolumeManagerReconstruction`: 在 kubelet 启动期间启用改进的挂载卷的发现。 - 由于这段代码已经进行了重大重构,我们允许在 kubelet 在启动时被卡住或没有从终止的 Pod 上卸载卷的情况下选择退出。 - 请注意,此重构是在 Kubernetes 1.25 中的 `SELinuxMountReadWriteOncePod` alpha 特性门控背后进行的。 - - - 在 Kubernetes v1.25 之前,kubelet 在启动期间使用不同的默认行为来发现挂载的卷。 - 如果禁用此特性门控(默认启用),则选择传统的发现方式。 - - 在Kubernetes v1.25 和 v1.26 中,此行为切换是 `SELinuxMountReadWriteOncePod` 特性门控的一部分。 - -- `NodeInclusionPolicyInPodTopologySpread`:在计算 Pod 拓扑分布偏差时启用在 - [Pod 拓扑分布约束](/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/)中使用 - `nodeAffinityPolicy` and `nodeTaintsPolicy`。 - -- `NodeOutOfServiceVolumeDetach`:当使用 `node.kubernetes.io/out-of-service` - 污点将节点标记为停止服务时,节点上不能容忍这个污点的 Pod 将被强制删除, - 并且该在节点上被终止的 Pod 将立即进行卷分离操作。 -- `NodeSwap`:启用 kubelet 为节点上的 Kubernetes 工作负载分配交换内存的能力。 - 必须将 `KubeletConfiguration.failSwapOn` 设置为 false 的情况下才能使用。 - 更多详细信息,请参见[交换内存](/zh-cn/docs/concepts/architecture/nodes/#swap-memory)。 -- `OpenAPIEnums`:允许在从 API 服务器返回的 spec 中填充 OpenAPI 模式的 "enum" 字段。 -- `OpenAPIV3`:允许 API 服务器发布 OpenAPI V3。 -- `PDBUnhealthyPodEvictionPolicy`:启用 `PodDisruptionBudget` 的 `unhealthyPodEvictionPolicy` 字段。 - 此字段指定何时应考虑驱逐不健康的 Pod。 - 更多细节请参阅[不健康 Pod 驱逐策略](/zh-cn/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)。 - -- `PersistentVolumeLastPhaseTransitionTime`:为 PersistentVolume 添加一个新字段,用于保存卷上一次转换阶段的时间戳。 -- `PodAndContainerStatsFromCRI`:配置 kubelet 从 CRI 容器运行时中而不是从 cAdvisor 中采集容器和 Pod 统计信息。 - 从 1.26 开始,这还包括从 CRI 收集指标并通过 `/metrics/cadvisor` 输出这些指标(而不是让 cAdvisor 直接输出)。 -- `PodDeletionCost`:启用 [Pod 删除开销](/zh-cn/docs/concepts/workloads/controllers/replicaset/#pod-deletion-cost)特性, - 允许用户影响 ReplicaSet 的缩容顺序。 -- `PodDisruptionConditions`:启用支持追加一个专用的 Pod 状况,以表示 Pod 由于某个干扰正在被删除。 - -- `PodHostIPs`:为 Pod 和 {{< glossary_tooltip term_id="downward-api" text="downward API" >}} - 启用 `status.hostIPs` 字段。该字段允许你将主机 IP 地址暴露给工作负载。 -- `PodIndexLabel`:在创建新的 Pod 时,使得 Job 控制器和 StatefulSet 控制器能将 Pod 索引添加为标签。 - 详情参见 [Job 完成模式文档](/zh-cn/docs/concepts/workloads/controllers/job#completion-mode)和 - [StatefulSet Pod 索引标签文档](/zh-cn/docs/concepts/workloads/controllers/statefulset/#pod-index-label)。 -- `PodReadyToStartContainersCondition`:使得 kubelet 能在 Pod 上标记 - [PodReadyToStartContainers](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) 状况。 - 此前(1.25-1.27 版本)称为 `PodHasNetworkCondition`。 - -- `PodSchedulingReadiness`:启用设置 `schedulingGates` 字段以控制 Pod 的[调度就绪](/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness/)。 - -- `ProbeTerminationGracePeriod`:在 Pod 上启用 - [设置探测器级别 `terminationGracePeriodSeconds`](/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#probe-level-terminationgraceperiodseconds)。 - 有关更多信息,请参见[改进提案](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2238-liveness-probe-grace-period)。 -- `ProcMountType`:允许容器通过设置 SecurityContext 的 `procMount` 字段来控制对 - proc 文件系统的挂载方式。 -- `ProxyTerminatingEndpoints`:当 `ExternalTrafficPolicy=Local` 时, - 允许 kube-proxy 来处理终止过程中的端点。 -- `QOSReserved`:允许在 QoS 级别进行资源预留,以防止处于较低 QoS 级别的 Pod - 突发进入处于较高 QoS 级别的请求资源(目前仅适用于内存)。 -- `ReadWriteOncePod`:允许使用 `ReadWriteOncePod` 访问模式的 PersistentVolume。 - -- `RecoverVolumeExpansionFailure`:允许用户编辑其 PVC 来缩小其尺寸, - 从而从之前卷扩容发生的失败中恢复。更多细节可参见 - [从卷扩容失效中恢复](/zh-cn/docs/concepts/storage/persistent-volumes/#recovering-from-failure-when-expanding-volumes)。 -- `RemainingItemCount`:允许 API 服务器在 - [分块列表请求](/zh-cn/docs/reference/using-api/api-concepts/#retrieving-large-results-sets-in-chunks) - 的响应中显示剩余条目的个数。 -- `RemoveSelfLink`:将所有对象和集合的 `.metadata.selfLink` 字段设置为空(空字符串)。 - 该字段自 Kubernetes v1.16 版本以来已被弃用。 - 启用此功能后,`.metadata.selfLink` 字段仍然是 Kubernetes API 的一部分,但始终未设置。 - -- `RetroactiveDefaultStorageClass`:允许以追溯方式分配 StorageClass 给未绑定的 PVC。 - -- `RotateKubeletServerCertificate`:在 kubelet 上启用服务器 TLS 证书的轮换。 - 更多详细信息,请参见 - [kubelet 配置](/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#kubelet-configuration)。 - -- `SELinuxMountReadWriteOncePod`:通过允许 kubelet 直接用正确的 SELinux - 标签为 Pod 挂载卷而不是以递归方式更改这些卷上的每个文件来加速容器启动。最初的实现侧重 ReadWriteOncePod 卷。 -- `SchedulerQueueingHints`:启用[调度器的**排队提示**增强功能](https://github.com/kubernetes/enhancements/blob/master/keps/sig-scheduling/4247-queueinghint/README.md), - 有助于减少无效的重新排队。调度器会在集群中发生可能导致 Pod 被重新调度的变化时, - 尝试重新进行 Pod 的调度。排队提示是一些内部信号, - 用于帮助调度器基于先前的调度尝试来筛选集群中与未调度的 Pod 相关的变化。 - -- `SeccompDefault`:启用 `RuntimeDefault` 作为所有工作负载的默认 seccomp 配置文件。 - 此 seccomp 配置文件在 Pod 和/或 Container 的 `securityContext` 中被指定。 -- `SecurityContextDeny`:此门控表示 `SecurityContextDeny` 准入控制器已弃用。 -- `ServerSideApply`:在 API 服务器上启用[服务器端应用(SSA)](/zh-cn/docs/reference/using-api/server-side-apply/)。 -- `ServerSideFieldValidation`:启用服务器端字段验证。 - 这意味着验证资源模式在 API 服务器端而不是客户端执行 - (例如,`kubectl create` 或 `kubectl apply` 命令行)。 - -- `ServiceNodePortStaticSubrange`:允许对 NodePort Service - 使用不同的端口分配策略。有关更多详细信息, - 请参阅[保留 NodePort 范围以避免冲突](/zh-cn/docs/concepts/services-networking/service/#avoid-nodeport-collisions)。 - -- `SidecarContainers`:允许将 Init 容器的 `restartPolicy` 设置为 `Always`, - 以便该容器成为一个边车容器(可重启的 Init 容器)。 - 详情参见[边车容器和 restartPolicy](/zh-cn/docs/concepts/workloads/pods/init-containers/#sidecar-containers-and-restartpolicy)。 - -- `SizeMemoryBackedVolumes`:允许 kubelet 检查基于内存制备的卷的尺寸约束(目前主要针对 `emptyDir` 卷)。 -- `SkipReadOnlyValidationGCE`:跳过对 GCE 的验证,将在下个版本中启用。 -- `StableLoadBalancerNodeSet`:允许服务控制器(KCCM)根据节点状态变化来减少负载均衡器的重新配置。 -- `StatefulSetStartOrdinal`:允许在 StatefulSet 中配置起始序号。 - 更多细节请参阅[起始序号](/zh-cn/docs/concepts/workloads/controllers/statefulset/#start-ordinal)。 - -- `StorageVersionAPI`: - 启用[存储版本 API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#storageversion-v1alpha1-internal-apiserver-k8s-io)。 -- `StorageVersionHash`:允许 API 服务器在版本发现中公开存储版本的哈希值。 - -- `TopologyAwareHints`: 在 EndpointSlices 中启用基于拓扑提示的拓扑感知路由。 - 更多详细信息可参见[拓扑感知路由](/zh-cn/docs/concepts/services-networking/topology-aware-routing/)。 -- `TopologyManager`:启用一种机制来协调 Kubernetes 不同组件的细粒度硬件资源分配。 - 详见[控制节点上的拓扑管理策略](/zh-cn/docs/tasks/administer-cluster/topology-manager/)。 -- `TopologyManagerPolicyAlphaOptions`:允许微调拓扑管理器策略的实验性的、Alpha 质量的选项。 - 此特性门控守护**一组**质量级别为 Alpha 的拓扑管理器选项。 - 此特性门控绝对不会进阶至 Beta 或稳定版。 -- `TopologyManagerPolicyBetaOptions`:允许微调拓扑管理器策略的实验性的、Beta 质量的选项。 - 此特性门控守护**一组**质量级别为 Beta 的拓扑管理器选项。 - 此特性门控绝对不会进阶至稳定版。 - -- `TopologyManagerPolicyOptions`:允许微调拓扑管理器策略。 -- `UnauthenticatedHTTP2DOSMitigation`:此功能针对未认证客户端启用 HTTP/2 拒绝服务(DoS)防御机制。 - 值得注意的是,Kubernetes v1.28.0 至 v1.28.2 版本中并未包含这一功能。 -- `UnknownVersionInteroperabilityProxy`:存在多个不同版本的 kube-apiserver 时将资源请求代理到正确的对等 kube-apiserver。 - 详细信息请参阅[混合版本代理](/zh-cn/docs/concepts/architecture/mixed-version-proxy/)。 -- `UserNamespacesSupport`:为 Pod 启用用户名字空间支持。 - 在 Kubernetes v1.28 之前,此特性门控被命名为 `UserNamespacesStatelessPodsSupport`。 - -- `ValidatingAdmissionPolicy`:启用准入控制中所用的对 CEL 校验的 [ValidatingAdmissionPolicy](/zh-cn/docs/reference/access-authn-authz/validating-admission-policy/) 支持。 -- `VolumeCapacityPriority`:基于可用 PV 容量的拓扑,启用对不同节点的优先级支持。 - -- `WatchBookmark`:启用对 watch 操作中 bookmark 事件的支持。 -- `WatchList`:启用对 - [在 watch 请求中流式传输对象的初始状态](/zh-cn/docs/reference/using-api/api-concepts/#streaming-lists)的支持。 -- `WinDSR`:允许 kube-proxy 为 Windows 创建 DSR 负载均衡。 -- `WinOverlay`:允许在 Windows 的覆盖网络模式下运行 kube-proxy。 - -- `WindowsHostNetwork`:启用对 Windows 容器接入主机网络名字空间的支持。 + +{{< feature-gate-list include="alpha,beta,ga,deprecated" >}} ## {{% heading "whatsnext" %}} From 991abfbdd04515c0607a6a6f343396acd1455187 Mon Sep 17 00:00:00 2001 From: Surya Seetharaman Date: Thu, 4 Jan 2024 18:28:37 +0100 Subject: [PATCH 143/279] Update content/en/docs/concepts/services-networking/network-policies.md Co-authored-by: Antonio Ojea --- .../en/docs/concepts/services-networking/network-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/services-networking/network-policies.md b/content/en/docs/concepts/services-networking/network-policies.md index e8823dc3f8234..c5a1c8f9f7a73 100644 --- a/content/en/docs/concepts/services-networking/network-policies.md +++ b/content/en/docs/concepts/services-networking/network-policies.md @@ -380,7 +380,7 @@ When the set of NetworkPolicies that applies to an existing connection changes - either due to a change in NetworkPolicies or if the relevant labels of the namespaces/pods selected by the policy (both subject and peers) are changed in the middle of an existing connection - it is implementation defined as to whether the change will take effect for that existing connection or not. -Example: A policy is created that leads to denying a previously allowed connection, the underlying CNI +Example: A policy is created that leads to denying a previously allowed connection, the underlying network plugin implementation is responsible for defining if that new policy will close the existing connections or not. It is recommended not to modify policies/pods/namespaces in ways that might affect existing connections. From bfa079d4031a9f189844a6ee936f83dbf9c2be29 Mon Sep 17 00:00:00 2001 From: Ayush Gupta <114745463+Ayush9026@users.noreply.github.com> Date: Fri, 5 Jan 2024 01:39:41 +0530 Subject: [PATCH 144/279] Added-link-beginner-starting-out-in-#sig-docs (#43246) * Added-link-beginner-starting-out-in-#sig-docs * Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c5417a43f663d..a47bdd6b44d5f 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,7 @@ For more information about contributing to the Kubernetes documentation, see: - [Page Content Types](https://kubernetes.io/docs/contribute/style/page-content-types/) - [Documentation Style Guide](https://kubernetes.io/docs/contribute/style/style-guide/) - [Localizing Kubernetes Documentation](https://kubernetes.io/docs/contribute/localization/) +- [Introduction to Kubernetes Docs](https://www.youtube.com/watch?v=pprMgmNzDcw) ### New contributor ambassadors From acab7ee86e553863673d05425740321857a6cb52 Mon Sep 17 00:00:00 2001 From: Mike Coleman Date: Thu, 4 Jan 2024 15:07:25 -0800 Subject: [PATCH 145/279] Move note about keyring directory closer to wher it is used the note about the keyring directory not existing applies to a step earlier in the document, I think it'd make more sense for it to be moved closer to the relevant section --- .../tools/kubeadm/install-kubeadm.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 07265d0fac62b..ac91c56c1b13f 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -185,6 +185,11 @@ These instructions are for Kubernetes {{< skew currentVersion >}}. curl -fsSL https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg ``` +{{< note >}} +In releases older than Debian 12 and Ubuntu 22.04, `/etc/apt/keyrings` does not exist by default; +you can create it by running `sudo mkdir -m 755 /etc/apt/keyrings` +{{< /note >}} + 3. Add the appropriate Kubernetes `apt` repository. Please note that this repository have packages only for Kubernetes {{< skew currentVersion >}}; for other Kubernetes minor versions, you need to change the Kubernetes minor version in the URL to match your desired minor version @@ -204,11 +209,6 @@ These instructions are for Kubernetes {{< skew currentVersion >}}. sudo apt-mark hold kubelet kubeadm kubectl ``` -{{< note >}} -In releases older than Debian 12 and Ubuntu 22.04, `/etc/apt/keyrings` does not exist by default; -you can create it by running `sudo mkdir -m 755 /etc/apt/keyrings` -{{< /note >}} - {{% /tab %}} {{% tab name="Red Hat-based distributions" %}} From ea208186fea10628b4a6e37cedfa8b4531f8df6d Mon Sep 17 00:00:00 2001 From: "John.C" <155592353+dev-johnn@users.noreply.github.com> Date: Fri, 5 Jan 2024 00:18:46 +0000 Subject: [PATCH 146/279] Fix typo --- .../feature-gates/logging-alpha-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md index ae187993d17fe..ce920ac2c9a3d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-alpha-options.md @@ -10,4 +10,4 @@ stages: defaultValue: false fromVersion: "1.24" --- -Allow fine-tuing of experimental, alpha-quality logging options. +Allow fine-tuning of experimental, alpha-quality logging options. From 867e2b4022fa20f16aea29f4c32f3865c7d46550 Mon Sep 17 00:00:00 2001 From: "John.C" <155592353+dev-johnn@users.noreply.github.com> Date: Fri, 5 Jan 2024 00:19:24 +0000 Subject: [PATCH 147/279] FIx typo --- .../feature-gates/logging-beta-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md index d70065c1f345e..790fcc3a5aafe 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md @@ -10,4 +10,4 @@ stages: defaultValue: true fromVersion: "1.24" --- -Allow fine-tuing of experimental, beta-quality logging options. +Allow fine-tuning of experimental, beta-quality logging options. From b5579055987a954af4ab42abf2e533829a7c2142 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Fri, 5 Jan 2024 09:03:44 +0800 Subject: [PATCH 148/279] [zh] Sync /feature-gates-removed/index.md --- .../feature-gates-removed/index.md | 1376 +---------------- 1 file changed, 5 insertions(+), 1371 deletions(-) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/index.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/index.md index 6c716fd281f35..92f0ab18e6f9b 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/index.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/index.md @@ -50,1382 +50,16 @@ In the following table: - “结束(To)” 列(如果不为空)包含你仍然可以使用某个特性门控的最后一个 Kubernetes 版本。 如果对应特性处于 “废弃” 或 “GA” 状态,则 “结束(To)” 列是该特性被移除时的 Kubernetes 版本。 -{{< table caption="已移除的特性门控" >}} - + -| 特性 | 默认值 | 状态 | 开始(From) | 结束(To) | -|---------|---------|-------|-------|-------| -| `Accelerators` | `false` | Alpha | 1.6 | 1.10 | -| `Accelerators` | - | Deprecated | 1.11 | 1.11 | -| `AdvancedAuditing` | `false` | Alpha | 1.7 | 1.7 | -| `AdvancedAuditing` | `true` | Beta | 1.8 | 1.11 | -| `AdvancedAuditing` | `true` | GA | 1.12 | 1.27 | -| `AffinityInAnnotations` | `false` | Alpha | 1.6 | 1.7 | -| `AffinityInAnnotations` | - | Deprecated | 1.8 | 1.8 | -| `AllowExtTrafficLocalEndpoints` | `false` | Beta | 1.4 | 1.6 | -| `AllowExtTrafficLocalEndpoints` | `true` | GA | 1.7 | 1.9 | -| `AllowInsecureBackendProxy` | `true` | Beta | 1.17 | 1.20 | -| `AllowInsecureBackendProxy` | `true` | GA | 1.21 | 1.25 | -| `AttachVolumeLimit` | `false` | Alpha | 1.11 | 1.11 | -| `AttachVolumeLimit` | `true` | Beta | 1.12 | 1.16 | -| `AttachVolumeLimit` | `true` | GA | 1.17 | 1.21 | -| `BalanceAttachedNodeVolumes` | `false` | Alpha | 1.11 | 1.21 | -| `BalanceAttachedNodeVolumes` | `false` | Deprecated | 1.22 | 1.22 | -| `BlockVolume` | `false` | Alpha | 1.9 | 1.12 | -| `BlockVolume` | `true` | Beta | 1.13 | 1.17 | -| `BlockVolume` | `true` | GA | 1.18 | 1.21 | -| `BoundServiceAccountTokenVolume` | `false` | Alpha | 1.13 | 1.20 | -| `BoundServiceAccountTokenVolume` | `true` | Beta | 1.21 | 1.21 | -| `BoundServiceAccountTokenVolume` | `true` | GA | 1.22 | 1.23 | -| `CRIContainerLogRotation` | `false` | Alpha | 1.10 | 1.10 | -| `CRIContainerLogRotation` | `true` | Beta | 1.11 | 1.20 | -| `CRIContainerLogRotation` | `true` | GA | 1.21 | 1.22 | -| `CSIBlockVolume` | `false` | Alpha | 1.11 | 1.13 | -| `CSIBlockVolume` | `true` | Beta | 1.14 | 1.17 | -| `CSIBlockVolume` | `true` | GA | 1.18 | 1.21 | -| `CSIDriverRegistry` | `false` | Alpha | 1.12 | 1.13 | -| `CSIDriverRegistry` | `true` | Beta | 1.14 | 1.17 | -| `CSIDriverRegistry` | `true` | GA | 1.18 | 1.21 | -| `CSIInlineVolume` | `false` | Alpha | 1.15 | 1.15 | -| `CSIInlineVolume` | `true` | Beta | 1.16 | 1.24 | -| `CSIInlineVolume` | `true` | GA | 1.25 | 1.26 | -| `CSIMigration` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigration` | `true` | Beta | 1.17 | 1.24 | -| `CSIMigration` | `true` | GA | 1.25 | 1.26 | -| `CSIMigrationAWS` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigrationAWS` | `false` | Beta | 1.17 | 1.22 | -| `CSIMigrationAWS` | `true` | Beta | 1.23 | 1.24 | -| `CSIMigrationAWS` | `true` | GA | 1.25 | 1.26 | -| `CSIMigrationAWSComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationAWSComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationAzureDisk` | `false` | Alpha | 1.15 | 1.18 | -| `CSIMigrationAzureDisk` | `false` | Beta | 1.19 | 1.22 | -| `CSIMigrationAzureDisk` | `true` | Beta | 1.23 | 1.23 | -| `CSIMigrationAzureDisk` | `true` | GA | 1.24 | 1.26 | -| `CSIMigrationAzureDiskComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationAzureDiskComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationAzureFileComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationAzureFileComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationGCE` | `false` | Alpha | 1.14 | 1.16 | -| `CSIMigrationGCE` | `false` | Beta | 1.17 | 1.22 | -| `CSIMigrationGCE` | `true` | Beta | 1.23 | 1.24 | -| `CSIMigrationGCE` | `true` | GA | 1.25 | 1.27 | -| `CSIMigrationGCEComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationGCEComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationOpenStack` | `false` | Alpha | 1.14 | 1.17 | -| `CSIMigrationOpenStack` | `true` | Beta | 1.18 | 1.23 | -| `CSIMigrationOpenStack` | `true` | GA | 1.24 | 1.25 | -| `CSIMigrationOpenStackComplete` | `false` | Alpha | 1.17 | 1.20 | -| `CSIMigrationOpenStackComplete` | - | Deprecated | 1.21 | 1.21 | -| `CSIMigrationvSphereComplete` | `false` | Beta | 1.19 | 1.21 | -| `CSIMigrationvSphereComplete` | - | Deprecated | 1.22 | 1.22 | -| `CSINodeInfo` | `false` | Alpha | 1.12 | 1.13 | -| `CSINodeInfo` | `true` | Beta | 1.14 | 1.16 | -| `CSINodeInfo` | `true` | GA | 1.17 | 1.22 | -| `CSIPersistentVolume` | `false` | Alpha | 1.9 | 1.9 | -| `CSIPersistentVolume` | `true` | Beta | 1.10 | 1.12 | -| `CSIPersistentVolume` | `true` | GA | 1.13 | 1.16 | -| `CSIServiceAccountToken` | `false` | Alpha | 1.20 | 1.20 | -| `CSIServiceAccountToken` | `true` | Beta | 1.21 | 1.21 | -| `CSIServiceAccountToken` | `true` | GA | 1.22 | 1.24 | -| `CSIStorageCapacity` | `false` | Alpha | 1.19 | 1.20 | -| `CSIStorageCapacity` | `true` | Beta | 1.21 | 1.23 | -| `CSIStorageCapacity` | `true` | GA | 1.24 | 1.27 | -| `CSIVolumeFSGroupPolicy` | `false` | Alpha | 1.19 | 1.19 | -| `CSIVolumeFSGroupPolicy` | `true` | Beta | 1.20 | 1.22 | -| `CSIVolumeFSGroupPolicy` | `true` | GA | 1.23 | 1.25 | -| `CSRDuration` | `true` | Beta | 1.22 | 1.23 | -| `CSRDuration` | `true` | GA | 1.24 | 1.25 | -| `ConfigurableFSGroupPolicy` | `false` | Alpha | 1.18 | 1.19 | -| `ConfigurableFSGroupPolicy` | `true` | Beta | 1.20 | 1.22 | -| `ConfigurableFSGroupPolicy` | `true` | GA | 1.23 | 1.25 | -| `ControllerManagerLeaderMigration` | `false` | Alpha | 1.21 | 1.21 | -| `ControllerManagerLeaderMigration` | `true` | Beta | 1.22 | 1.23 | -| `ControllerManagerLeaderMigration` | `true` | GA | 1.24 | 1.26 | -| `CronJobControllerV2` | `false` | Alpha | 1.20 | 1.20 | -| `CronJobControllerV2` | `true` | Beta | 1.21 | 1.21 | -| `CronJobControllerV2` | `true` | GA | 1.22 | 1.23 | -| `CustomPodDNS` | `false` | Alpha | 1.9 | 1.9 | -| `CustomPodDNS` | `true` | Beta| 1.10 | 1.13 | -| `CustomPodDNS` | `true` | GA | 1.14 | 1.16 | -| `CustomResourceDefaulting` | `false` | Alpha| 1.15 | 1.15 | -| `CustomResourceDefaulting` | `true` | Beta | 1.16 | 1.16 | -| `CustomResourceDefaulting` | `true` | GA | 1.17 | 1.18 | -| `CustomResourcePublishOpenAPI` | `false` | Alpha| 1.14 | 1.14 | -| `CustomResourcePublishOpenAPI` | `true` | Beta| 1.15 | 1.15 | -| `CustomResourcePublishOpenAPI` | `true` | GA | 1.16 | 1.18 | -| `CustomResourceSubresources` | `false` | Alpha | 1.10 | 1.10 | -| `CustomResourceSubresources` | `true` | Beta | 1.11 | 1.15 | -| `CustomResourceSubresources` | `true` | GA | 1.16 | 1.18 | -| `CustomResourceValidation` | `false` | Alpha | 1.8 | 1.8 | -| `CustomResourceValidation` | `true` | Beta | 1.9 | 1.15 | -| `CustomResourceValidation` | `true` | GA | 1.16 | 1.18 | -| `CustomResourceWebhookConversion` | `false` | Alpha | 1.13 | 1.14 | -| `CustomResourceWebhookConversion` | `true` | Beta | 1.15 | 1.15 | -| `CustomResourceWebhookConversion` | `true` | GA | 1.16 | 1.18 | -| `DaemonSetUpdateSurge` | `false` | Alpha | 1.21 | 1.21 | -| `DaemonSetUpdateSurge` | `true` | Beta | 1.22 | 1.24 | -| `DaemonSetUpdateSurge` | `true` | GA | 1.25 | 1.26 | -| `DefaultPodTopologySpread` | `false` | Alpha | 1.19 | 1.19 | -| `DefaultPodTopologySpread` | `true` | Beta | 1.20 | 1.23 | -| `DefaultPodTopologySpread` | `true` | GA | 1.24 | 1.25 | -| `DelegateFSGroupToCSIDriver` | `false` | Alpha | 1.22 | 1.22 | -| `DelegateFSGroupToCSIDriver` | `true` | Beta | 1.23 | 1.25 | -| `DelegateFSGroupToCSIDriver` | `true` | GA | 1.26 | 1.27 | -| `DevicePlugins` | `false` | Alpha | 1.8 | 1.9 | -| `DevicePlugins` | `true` | Beta | 1.10 | 1.25 | -| `DevicePlugins` | `true` | GA | 1.26 | 1.27 | -| `DisableAcceleratorUsageMetrics` | `false` | Alpha | 1.19 | 1.19 | -| `DisableAcceleratorUsageMetrics` | `true` | Beta | 1.20 | 1.24 | -| `DisableAcceleratorUsageMetrics` | `true` | GA | 1.25 | 1.27 | -| `DryRun` | `false` | Alpha | 1.12 | 1.12 | -| `DryRun` | `true` | Beta | 1.13 | 1.18 | -| `DryRun` | `true` | GA | 1.19 | 1.27 | -| `DynamicAuditing` | `false` | Alpha | 1.13 | 1.18 | -| `DynamicAuditing` | - | Deprecated | 1.19 | 1.19 | -| `DynamicKubeletConfig` | `false` | Alpha | 1.4 | 1.10 | -| `DynamicKubeletConfig` | `true` | Beta | 1.11 | 1.21 | -| `DynamicKubeletConfig` | `false` | Deprecated | 1.22 | 1.25 | -| `DynamicProvisioningScheduling` | `false` | Alpha | 1.11 | 1.11 | -| `DynamicProvisioningScheduling` | - | Deprecated| 1.12 | - | -| `DynamicVolumeProvisioning` | `true` | Alpha | 1.3 | 1.7 | -| `DynamicVolumeProvisioning` | `true` | GA | 1.8 | 1.12 | -| `EnableAggregatedDiscoveryTimeout` | `true` | Deprecated | 1.16 | 1.17 | -| `EnableEquivalenceClassCache` | `false` | Alpha | 1.8 | 1.12 | -| `EnableEquivalenceClassCache` | - | Deprecated | 1.13 | 1.23 | -| `EndpointSlice` | `false` | Alpha | 1.16 | 1.16 | -| `EndpointSlice` | `false` | Beta | 1.17 | 1.17 | -| `EndpointSlice` | `true` | Beta | 1.18 | 1.20 | -| `EndpointSlice` | `true` | GA | 1.21 | 1.24 | -| `EndpointSliceNodeName` | `false` | Alpha | 1.20 | 1.20 | -| `EndpointSliceNodeName` | `true` | GA | 1.21 | 1.24 | -| `EndpointSliceProxying` | `false` | Alpha | 1.18 | 1.18 | -| `EndpointSliceProxying` | `true` | Beta | 1.19 | 1.21 | -| `EndpointSliceProxying` | `true` | GA | 1.22 | 1.24 | -| `EndpointSliceTerminatingCondition` | `false` | Alpha | 1.20 | 1.21 | -| `EndpointSliceTerminatingCondition` | `true` | Beta | 1.22 | 1.25 | -| `EndpointSliceTerminatingCondition` | `true` | GA | 1.26 | 1.27 | -| `EphemeralContainers` | `false` | Alpha | 1.16 | 1.22 | -| `EphemeralContainers` | `true` | Beta | 1.23 | 1.24 | -| `EphemeralContainers` | `true` | GA | 1.25 | 1.26 | -| `EvenPodsSpread` | `false` | Alpha | 1.16 | 1.17 | -| `EvenPodsSpread` | `true` | Beta | 1.18 | 1.18 | -| `EvenPodsSpread` | `true` | GA | 1.19 | 1.21 | -| `ExpandCSIVolumes` | `false` | Alpha | 1.14 | 1.15 | -| `ExpandCSIVolumes` | `true` | Beta | 1.16 | 1.23 | -| `ExpandCSIVolumes` | `true` | GA | 1.24 | 1.26 | -| `ExpandInUsePersistentVolumes` | `false` | Alpha | 1.11 | 1.14 | -| `ExpandInUsePersistentVolumes` | `true` | Beta | 1.15 | 1.23 | -| `ExpandInUsePersistentVolumes` | `true` | GA | 1.24 | 1.26 | -| `ExpandPersistentVolumes` | `false` | Alpha | 1.8 | 1.10 | -| `ExpandPersistentVolumes` | `true` | Beta | 1.11 | 1.23 | -| `ExpandPersistentVolumes` | `true` | GA | 1.24 | 1.26 | -| `ExperimentalCriticalPodAnnotation` | `false` | Alpha | 1.5 | 1.12 | -| `ExperimentalCriticalPodAnnotation` | `false` | Deprecated | 1.13 | 1.16 | -| `ExternalPolicyForExternalIP` | `true` | GA | 1.18 | 1.22 | -| `GCERegionalPersistentDisk` | `true` | Beta | 1.10 | 1.12 | -| `GCERegionalPersistentDisk` | `true` | GA | 1.13 | 1.16 | -| `GenericEphemeralVolume` | `false` | Alpha | 1.19 | 1.20 | -| `GenericEphemeralVolume` | `true` | Beta | 1.21 | 1.22 | -| `GenericEphemeralVolume` | `true` | GA | 1.23 | 1.24 | -| `HugePageStorageMediumSize` | `false` | Alpha | 1.18 | 1.18 | -| `HugePageStorageMediumSize` | `true` | Beta | 1.19 | 1.21 | -| `HugePageStorageMediumSize` | `true` | GA | 1.22 | 1.24 | -| `HugePages` | `false` | Alpha | 1.8 | 1.9 | -| `HugePages` | `true` | Beta| 1.10 | 1.13 | -| `HugePages` | `true` | GA | 1.14 | 1.16 | -| `HyperVContainer` | `false` | Alpha | 1.10 | 1.19 | -| `HyperVContainer` | `false` | Deprecated | 1.20 | 1.20 | -| `IPv6DualStack` | `false` | Alpha | 1.15 | 1.20 | -| `IPv6DualStack` | `true` | Beta | 1.21 | 1.22 | -| `IPv6DualStack` | `true` | GA | 1.23 | 1.24 | -| `IdentifyPodOS` | `false` | Alpha | 1.23 | 1.23 | -| `IdentifyPodOS` | `true` | Beta | 1.24 | 1.24 | -| `IdentifyPodOS` | `true` | GA | 1.25 | 1.26 | -| `ImmutableEphemeralVolumes` | `false` | Alpha | 1.18 | 1.18 | -| `ImmutableEphemeralVolumes` | `true` | Beta | 1.19 | 1.20 | -| `ImmutableEphemeralVolumes` | `true` | GA | 1.21 | 1.24 | -| `IndexedJob` | `false` | Alpha | 1.21 | 1.21 | -| `IndexedJob` | `true` | Beta | 1.22 | 1.23 | -| `IndexedJob` | `true` | GA | 1.24 | 1.25 | -| `IngressClassNamespacedParams` | `false` | Alpha | 1.21 | 1.21 | -| `IngressClassNamespacedParams` | `true` | Beta | 1.22 | 1.22 | -| `IngressClassNamespacedParams` | `true` | GA | 1.23 | 1.24 | -| `Initializers` | `false` | Alpha | 1.7 | 1.13 | -| `Initializers` | - | Deprecated | 1.14 | 1.14 | -| `KMSv1` | `true` | Deprecated | 1.28 | | -| `KubeletConfigFile` | `false` | Alpha | 1.8 | 1.9 | -| `KubeletConfigFile` | - | Deprecated | 1.10 | 1.10 | -| `KubeletCredentialProviders` | `false` | Alpha | 1.20 | 1.23 | -| `KubeletCredentialProviders` | `true` | Beta | 1.24 | 1.25 | -| `KubeletCredentialProviders` | `true` | GA | 1.26 | 1.28 | -| `KubeletPluginsWatcher` | `false` | Alpha | 1.11 | 1.11 | -| `KubeletPluginsWatcher` | `true` | Beta | 1.12 | 1.12 | -| `KubeletPluginsWatcher` | `true` | GA | 1.13 | 1.16 | -| `LegacyNodeRoleBehavior` | `false` | Alpha | 1.16 | 1.18 | -| `LegacyNodeRoleBehavior` | `true` | Beta | 1.19 | 1.20 | -| `LegacyNodeRoleBehavior` | `false` | GA | 1.21 | 1.22 | -| `LocalStorageCapacityIsolation` | `false` | Alpha | 1.7 | 1.9 | -| `LocalStorageCapacityIsolation` | `true` | Beta | 1.10 | 1.24 | -| `LocalStorageCapacityIsolation` | `true` | GA | 1.25 | 1.26 | -| `MixedProtocolLBService` | `false` | Alpha | 1.20 | 1.23 | -| `MixedProtocolLBService` | `true` | Beta | 1.24 | 1.25 | -| `MixedProtocolLBService` | `true` | GA | 1.26 | 1.27 | -| `MountContainers` | `false` | Alpha | 1.9 | 1.16 | -| `MountContainers` | `false` | Deprecated | 1.17 | 1.17 | -| `MountPropagation` | `false` | Alpha | 1.8 | 1.9 | -| `MountPropagation` | `true` | Beta | 1.10 | 1.11 | -| `MountPropagation` | `true` | GA | 1.12 | 1.14 | -| `NamespaceDefaultLabelName` | `true` | Beta | 1.21 | 1.21 | -| `NamespaceDefaultLabelName` | `true` | GA | 1.22 | 1.23 | -| `NetworkPolicyEndPort` | `false` | Alpha | 1.21 | 1.21 | -| `NetworkPolicyEndPort` | `true` | Beta | 1.22 | 1.24 | -| `NetworkPolicyEndPort` | `true` | GA | 1.25 | 1.26 | -| `NetworkPolicyStatus` | `false` | Alpha | 1.24 | 1.27 | -| `NodeDisruptionExclusion` | `false` | Alpha | 1.16 | 1.18 | -| `NodeDisruptionExclusion` | `true` | Beta | 1.19 | 1.20 | -| `NodeDisruptionExclusion` | `true` | GA | 1.21 | 1.22 | -| `NodeLease` | `false` | Alpha | 1.12 | 1.13 | -| `NodeLease` | `true` | Beta | 1.14 | 1.16 | -| `NodeLease` | `true` | GA | 1.17 | 1.23 | -| `NonPreemptingPriority` | `false` | Alpha | 1.15 | 1.18 | -| `NonPreemptingPriority` | `true` | Beta | 1.19 | 1.23 | -| `NonPreemptingPriority` | `true` | GA | 1.24 | 1.25 | -| `PVCProtection` | `false` | Alpha | 1.9 | 1.9 | -| `PVCProtection` | - | Deprecated | 1.10 | 1.10 | -| `PersistentLocalVolumes` | `false` | Alpha | 1.7 | 1.9 | -| `PersistentLocalVolumes` | `true` | Beta | 1.10 | 1.13 | -| `PersistentLocalVolumes` | `true` | GA | 1.14 | 1.16 | -| `PodAffinityNamespaceSelector` | `false` | Alpha | 1.21 | 1.21 | -| `PodAffinityNamespaceSelector` | `true` | Beta | 1.22 | 1.23 | -| `PodAffinityNamespaceSelector` | `true` | GA | 1.24 | 1.25 | -| `PodDisruptionBudget` | `false` | Alpha | 1.3 | 1.4 | -| `PodDisruptionBudget` | `true` | Beta | 1.5 | 1.20 | -| `PodDisruptionBudget` | `true` | GA | 1.21 | 1.25 | -| `PodHasNetworkCondition` | `false` | Alpha | 1.25 | 1.27 | -| `PodOverhead` | `false` | Alpha | 1.16 | 1.17 | -| `PodOverhead` | `true` | Beta | 1.18 | 1.23 | -| `PodOverhead` | `true` | GA | 1.24 | 1.25 | -| `PodPriority` | `false` | Alpha | 1.8 | 1.10 | -| `PodPriority` | `true` | Beta | 1.11 | 1.13 | -| `PodPriority` | `true` | GA | 1.14 | 1.18 | -| `PodReadinessGates` | `false` | Alpha | 1.11 | 1.11 | -| `PodReadinessGates` | `true` | Beta | 1.12 | 1.13 | -| `PodReadinessGates` | `true` | GA | 1.14 | 1.16 | -| `PodSecurity` | `false` | Alpha | 1.22 | 1.22 | -| `PodSecurity` | `true` | Beta | 1.23 | 1.24 | -| `PodSecurity` | `true` | GA | 1.25 | 1.27 | -| `PodShareProcessNamespace` | `false` | Alpha | 1.10 | 1.11 | -| `PodShareProcessNamespace` | `true` | Beta | 1.12 | 1.16 | -| `PodShareProcessNamespace` | `true` | GA | 1.17 | 1.19 | -| `PreferNominatedNode` | `false` | Alpha | 1.21 | 1.21 | -| `PreferNominatedNode` | `true` | Beta | 1.22 | 1.23 | -| `PreferNominatedNode` | `true` | GA | 1.24 | 1.25 | -| `RequestManagement` | `false` | Alpha | 1.15 | 1.16 | -| `RequestManagement` | - | Deprecated | 1.17 | 1.17 | -| `ResourceLimitsPriorityFunction` | `false` | Alpha | 1.9 | 1.18 | -| `ResourceLimitsPriorityFunction` | - | Deprecated | 1.19 | 1.19 | -| `ResourceQuotaScopeSelectors` | `false` | Alpha | 1.11 | 1.11 | -| `ResourceQuotaScopeSelectors` | `true` | Beta | 1.12 | 1.16 | -| `ResourceQuotaScopeSelectors` | `true` | GA | 1.17 | 1.18 | -| `RootCAConfigMap` | `false` | Alpha | 1.13 | 1.19 | -| `RootCAConfigMap` | `true` | Beta | 1.20 | 1.20 | -| `RootCAConfigMap` | `true` | GA | 1.21 | 1.22 | -| `RotateKubeletClientCertificate` | `true` | Beta | 1.8 | 1.18 | -| `RotateKubeletClientCertificate` | `true` | GA | 1.19 | 1.21 | -| `RunAsGroup` | `true` | Beta | 1.14 | 1.20 | -| `RunAsGroup` | `true` | GA | 1.21 | 1.22 | -| `RuntimeClass` | `false` | Alpha | 1.12 | 1.13 | -| `RuntimeClass` | `true` | Beta | 1.14 | 1.19 | -| `RuntimeClass` | `true` | GA | 1.20 | 1.24 | -| `SCTPSupport` | `false` | Alpha | 1.12 | 1.18 | -| `SCTPSupport` | `true` | Beta | 1.19 | 1.19 | -| `SCTPSupport` | `true` | GA | 1.20 | 1.22 | -| `ScheduleDaemonSetPods` | `false` | Alpha | 1.11 | 1.11 | -| `ScheduleDaemonSetPods` | `true` | Beta | 1.12 | 1.16 | -| `ScheduleDaemonSetPods` | `true` | GA | 1.17 | 1.18 | -| `SelectorIndex` | `false` | Alpha | 1.18 | 1.18 | -| `SelectorIndex` | `true` | Beta | 1.19 | 1.19 | -| `SelectorIndex` | `true` | GA | 1.20 | 1.25 | -| `ServiceAccountIssuerDiscovery` | `false` | Alpha | 1.18 | 1.19 | -| `ServiceAccountIssuerDiscovery` | `true` | Beta | 1.20 | 1.20 | -| `ServiceAccountIssuerDiscovery` | `true` | GA | 1.21 | 1.23 | -| `ServiceAppProtocol` | `false` | Alpha | 1.18 | 1.18 | -| `ServiceAppProtocol` | `true` | Beta | 1.19 | 1.19 | -| `ServiceAppProtocol` | `true` | GA | 1.20 | 1.22 | -| `ServiceIPStaticSubrange` | `false` | Alpha | 1.24 | 1.24 | -| `ServiceIPStaticSubrange` | `true` | Beta | 1.25 | 1.25 | -| `ServiceIPStaticSubrange` | `true` | GA | 1.26 | 1.27 | -| `ServiceInternalTrafficPolicy` | `false` | Alpha | 1.21 | 1.21 | -| `ServiceInternalTrafficPolicy` | `true` | Beta | 1.22 | 1.25 | -| `ServiceInternalTrafficPolicy` | `true` | GA | 1.26 | 1.27 | -| `ServiceLBNodePortControl` | `false` | Alpha | 1.20 | 1.21 | -| `ServiceLBNodePortControl` | `true` | Beta | 1.22 | 1.23 | -| `ServiceLBNodePortControl` | `true` | GA | 1.24 | 1.25 | -| `ServiceLoadBalancerClass` | `false` | Alpha | 1.21 | 1.21 | -| `ServiceLoadBalancerClass` | `true` | Beta | 1.22 | 1.23 | -| `ServiceLoadBalancerClass` | `true` | GA | 1.24 | 1.25 | -| `ServiceLoadBalancerFinalizer` | `false` | Alpha | 1.15 | 1.15 | -| `ServiceLoadBalancerFinalizer` | `true` | Beta | 1.16 | 1.16 | -| `ServiceLoadBalancerFinalizer` | `true` | GA | 1.17 | 1.20 | -| `ServiceNodeExclusion` | `false` | Alpha | 1.8 | 1.18 | -| `ServiceNodeExclusion` | `true` | Beta | 1.19 | 1.20 | -| `ServiceNodeExclusion` | `true` | GA | 1.21 | 1.22 | -| `ServiceTopology` | `false` | Alpha | 1.17 | 1.19 | -| `ServiceTopology` | `false` | Deprecated | 1.20 | 1.22 | -| `SetHostnameAsFQDN` | `false` | Alpha | 1.19 | 1.19 | -| `SetHostnameAsFQDN` | `true` | Beta | 1.20 | 1.21 | -| `SetHostnameAsFQDN` | `true` | GA | 1.22 | 1,24 | -| `StartupProbe` | `false` | Alpha | 1.16 | 1.17 | -| `StartupProbe` | `true` | Beta | 1.18 | 1.19 | -| `StartupProbe` | `true` | GA | 1.20 | 1.23 | -| `StatefulSetMinReadySeconds` | `false` | Alpha | 1.22 | 1.22 | -| `StatefulSetMinReadySeconds` | `true` | Beta | 1.23 | 1.24 | -| `StatefulSetMinReadySeconds` | `true` | GA | 1.25 | 1.26 | -| `StorageObjectInUseProtection` | `true` | Beta | 1.10 | 1.10 | -| `StorageObjectInUseProtection` | `true` | GA | 1.11 | 1.24 | -| `StreamingProxyRedirects` | `false` | Beta | 1.5 | 1.5 | -| `StreamingProxyRedirects` | `true` | Beta | 1.6 | 1.17 | -| `StreamingProxyRedirects` | `true` | Deprecated | 1.18 | 1.21 | -| `StreamingProxyRedirects` | `false` | Deprecated | 1.22 | 1.24 | -| `SupportIPVSProxyMode` | `false` | Alpha | 1.8 | 1.8 | -| `SupportIPVSProxyMode` | `false` | Beta | 1.9 | 1.9 | -| `SupportIPVSProxyMode` | `true` | Beta | 1.10 | 1.10 | -| `SupportIPVSProxyMode` | `true` | GA | 1.11 | 1.20 | -| `SupportNodePidsLimit` | `false` | Alpha | 1.14 | 1.14 | -| `SupportNodePidsLimit` | `true` | Beta | 1.15 | 1.19 | -| `SupportNodePidsLimit` | `true` | GA | 1.20 | 1.23 | -| `SupportPodPidsLimit` | `false` | Alpha | 1.10 | 1.13 | -| `SupportPodPidsLimit` | `true` | Beta | 1.14 | 1.19 | -| `SupportPodPidsLimit` | `true` | GA | 1.20 | 1.23 | -| `SuspendJob` | `false` | Alpha | 1.21 | 1.21 | -| `SuspendJob` | `true` | Beta | 1.22 | 1.23 | -| `SuspendJob` | `true` | GA | 1.24 | 1.25 | -| `Sysctls` | `true` | Beta | 1.11 | 1.20 | -| `Sysctls` | `true` | GA | 1.21 | 1.22 | -| `TTLAfterFinished` | `false` | Alpha | 1.12 | 1.20 | -| `TTLAfterFinished` | `true` | Beta | 1.21 | 1.22 | -| `TTLAfterFinished` | `true` | GA | 1.23 | 1.24 | -| `TaintBasedEvictions` | `false` | Alpha | 1.6 | 1.12 | -| `TaintBasedEvictions` | `true` | Beta | 1.13 | 1.17 | -| `TaintBasedEvictions` | `true` | GA | 1.18 | 1.20 | -| `TaintNodesByCondition` | `false` | Alpha | 1.8 | 1.11 | -| `TaintNodesByCondition` | `true` | Beta | 1.12 | 1.16 | -| `TaintNodesByCondition` | `true` | GA | 1.17 | 1.18 | -| `TokenRequest` | `false` | Alpha | 1.10 | 1.11 | -| `TokenRequest` | `true` | Beta | 1.12 | 1.19 | -| `TokenRequest` | `true` | GA | 1.20 | 1.21 | -| `TokenRequestProjection` | `false` | Alpha | 1.11 | 1.11 | -| `TokenRequestProjection` | `true` | Beta | 1.12 | 1.19 | -| `TokenRequestProjection` | `true` | GA | 1.20 | 1.21 | -| `UserNamespacesStatelessPodsSupport` | `false` | Alpha | 1.25 | 1.27 | -| `ValidateProxyRedirects` | `false` | Alpha | 1.12 | 1.13 | -| `ValidateProxyRedirects` | `true` | Beta | 1.14 | 1.21 | -| `ValidateProxyRedirects` | `true` | Deprecated | 1.22 | 1.24 | -| `VolumePVCDataSource` | `false` | Alpha | 1.15 | 1.15 | -| `VolumePVCDataSource` | `true` | Beta | 1.16 | 1.17 | -| `VolumePVCDataSource` | `true` | GA | 1.18 | 1.21 | -| `VolumeScheduling` | `false` | Alpha | 1.9 | 1.9 | -| `VolumeScheduling` | `true` | Beta | 1.10 | 1.12 | -| `VolumeScheduling` | `true` | GA | 1.13 | 1.16 | -| `VolumeSnapshotDataSource` | `false` | Alpha | 1.12 | 1.16 | -| `VolumeSnapshotDataSource` | `true` | Beta | 1.17 | 1.19 | -| `VolumeSnapshotDataSource` | `true` | GA | 1.20 | 1.22 | -| `VolumeSubpath` | `true` | GA | 1.10 | 1.24 | -| `VolumeSubpathEnvExpansion` | `false` | Alpha | 1.14 | 1.14 | -| `VolumeSubpathEnvExpansion` | `true` | Beta | 1.15 | 1.16 | -| `VolumeSubpathEnvExpansion` | `true` | GA | 1.17 | 1.24 | -| `WarningHeaders` | `true` | Beta | 1.19 | 1.21 | -| `WarningHeaders` | `true` | GA | 1.22 | 1.24 | -| `WindowsEndpointSliceProxying` | `false` | Alpha | 1.19 | 1.20 | -| `WindowsEndpointSliceProxying` | `true` | Beta | 1.21 | 1.21 | -| `WindowsEndpointSliceProxying` | `true` | GA | 1.22| 1.24 | -| `WindowsGMSA` | `false` | Alpha | 1.14 | 1.15 | -| `WindowsGMSA` | `true` | Beta | 1.16 | 1.17 | -| `WindowsGMSA` | `true` | GA | 1.18 | 1.20 | -| `WindowsHostProcessContainers` | `false` | Alpha | 1.22 | 1.22 | -| `WindowsHostProcessContainers` | `true` | Beta | 1.23 | 1.25 | -| `WindowsHostProcessContainers` | `true` | GA | 1.26 | 1.27 | -| `WindowsRunAsUserName` | `false` | Alpha | 1.16 | 1.16 | -| `WindowsRunAsUserName` | `true` | Beta | 1.17 | 1.17 | -| `WindowsRunAsUserName` | `true` | GA | 1.18 | 1.20 | -{{< /table >}} +{{< feature-gate-table show-removed="true" caption="已移除的特性门控" sortable="true" >}} ## 已移除的特性门控的说明 {#description-for-removed-feature-gates} - -- `Accelerators`:使用 Docker Engine 时启用 Nvidia GPU 支持。这一特性不再提供。 - 关于替代方案,请参阅[设备插件](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/)。 - -- `AffinityInAnnotations`:启用 [Pod 亲和或反亲和](/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)。 - -- `AdvancedAuditing`:启用[高级审计](/zh-cn/docs/tasks/debug/debug-cluster/audit/#advanced-audit)。 - -- `AllowExtTrafficLocalEndpoints`:启用服务用于将外部请求路由到节点本地终端。 - -- `AllowInsecureBackendProxy`:允许用户在请求 Pod 日志时跳过 kubelet 的 TLS 验证。 - - -- `AttachVolumeLimit`:启用卷插件用于报告可连接到节点的卷数限制。有关更多详细信息, - 请参阅[动态卷限制](/zh-cn/docs/concepts/storage/storage-limits/#dynamic-volume-limits)。 - -- `BalanceAttachedNodeVolumes`:在进行平衡资源分配的调度时,考虑节点上的卷数。 - 调度器在决策时会优先考虑 CPU、内存利用率和卷数更近的节点。 - -- `BlockVolume`:在 Pod 中启用原始块设备的定义和使用。有关更多详细信息, - 请参见[原始块卷支持](/zh-cn/docs/concepts/storage/persistent-volumes/#raw-block-volume-support)。 - - -- `BoundServiceAccountTokenVolume`:迁移 ServiceAccount 卷以使用由 - ServiceAccountTokenVolumeProjection 组成的投射卷。集群管理员可以使用 - `serviceaccount_stale_tokens_total` 度量值来监控依赖于扩展令牌的负载。 - 如果没有这种类型的负载,你可以在启动 `kube-apiserver` 时添加 - `--service-account-extend-token-expiration=false` 参数关闭扩展令牌。 - 查看[绑定服务账号令牌](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md)获取更多详细信息。 - - -- `CRIContainerLogRotation`:为 CRI 容器运行时启用容器日志轮换。日志文件的默认最大大小为 - 10MB,缺省情况下,一个容器允许的最大日志文件数为 5。这些值可以在 kubelet 配置中配置。 - 更多细节请参见[日志架构](/zh-cn/docs/concepts/cluster-administration/logging/#logging-at-the-node-level)。 - - -- `CSIBlockVolume`:启用外部 CSI 卷驱动程序用于支持块存储。有关更多详细信息,请参见 - [`csi` 原始块卷支持](/zh-cn/docs/concepts/storage/volumes/#csi-raw-block-volume-support)。 - -- `CSIDriverRegistry`:在 csi.storage.k8s.io 中启用与 CSIDriver API 对象有关的所有逻辑。 - - -- `CSIInlineVolume`:为 Pod 启用 CSI 内联卷支持。 - -- `CSIMigration`:确保封装和转换逻辑能够将卷操作从内嵌插件路由到相应的预安装 CSI 插件。 - -- `CSIMigrationAWS`:确保填充和转换逻辑能够将卷操作从 AWS-EBS 内嵌插件路由到 EBS CSI 插件。 - 如果节点禁用了此特性门控或者未安装和配置 EBS CSI 插件,支持回退到内嵌 EBS 插件来执行卷挂载操作。 - 不支持回退到这些插件来执行卷制备操作,因为需要安装并配置 CSI 插件 - - -- `CSIMigrationAWSComplete`:停止在 kubelet 和卷控制器中注册 EBS 内嵌插件, - 并启用填充和转换逻辑将卷操作从 AWS-EBS 内嵌插件路由到 EBS CSI 插件。 - 这需要启用 CSIMigration 和 CSIMigrationAWS 特性标志,并在集群中的所有节点上安装和配置 - EBS CSI 插件。该特性标志已被废弃,取而代之的是 `InTreePluginAWSUnregister`, - 后者会阻止注册 EBS 内嵌插件。 - - -- `CSIMigrationAzureDisk`:确保填充和转换逻辑能够将卷操作从 AzureDisk 内嵌插件路由到 - Azure 磁盘 CSI 插件。对于禁用了此特性的节点或者没有安装并配置 AzureDisk CSI - 插件的节点,支持回退到内嵌(in-tree)AzureDisk 插件来执行磁盘挂载操作。 - 不支持回退到内嵌插件来执行磁盘制备操作,因为对应的 CSI 插件必须已安装且正确配置。 - 此特性需要启用 CSIMigration 特性标志。 - - -- `CSIMigrationAzureDiskComplete`:停止在 kubelet 和卷控制器中注册 Azure 磁盘内嵌插件, - 并启用 shims 和转换逻辑以将卷操作从 Azure 磁盘内嵌插件路由到 AzureDisk CSI 插件。 - 这需要启用 CSIMigration 和 CSIMigrationAzureDisk 特性标志, - 并在集群中的所有节点上安装和配置 AzureDisk CSI 插件。该特性标志已被废弃, - 取而代之的是能防止注册内嵌 AzureDisk 插件的 `InTreePluginAzureDiskUnregister` 特性标志。 - - -- `CSIMigrationAzureFileComplete`:停止在 kubelet 和卷控制器中注册 Azure-File 内嵌插件, - 并启用 shims 和转换逻辑以将卷操作从 Azure-File 内嵌插件路由到 AzureFile CSI 插件。 - 这需要启用 CSIMigration 和 CSIMigrationAzureFile 特性标志, - 并在集群中的所有节点上安装和配置 AzureFile CSI 插件。该特性标志已被废弃, - 取而代之的是能防止注册内嵌 AzureDisk 插件的 `InTreePluginAzureFileUnregister` 特性标志。 - - -- `CSIMigrationOpenStack`:确保填充和转换逻辑能够将卷操作从 Cinder 内嵌插件路由到 - Cinder CSI 插件。对于禁用了此特性的节点或者没有安装并配置 Cinder CSI 插件的节点, - 支持回退到内嵌(in-tree)Cinder 插件来执行挂载操作。 - 不支持回退到内嵌插件来执行制备操作,因为对应的 CSI 插件必须已安装且正确配置。 - 此磁特性需要启用 CSIMigration 特性标志。 - -- `CSIMigrationOpenStack`:启用垫片和转换逻辑以将卷操作从 Cinder in-tree - 插件路由到 Cinder CSI 插件。支持回退到树内 Cinder 插件, - 以便对禁用该功能或未安装和配置 Cinder CSI 插件的节点进行挂载操作。 - 不支持回退供应操作,对于那些必须安装和配置 CSI 插件。需要启用 CSIMigration 功能标志。 - - -- `CSIMigrationOpenStackComplete`:停止在 kubelet 和卷控制器中注册 Cinder 内嵌插件, - 并启用填充和转换逻辑将卷操作从 Cinder 内嵌插件路由到 Cinder CSI 插件。 - 这需要启用 CSIMigration 和 CSIMigrationOpenStack 特性标志,并在集群中的所有节点上安装和配置 - Cinder CSI 插件。该特性标志已被弃用,取而代之的是能防止注册内嵌 OpenStack Cinder 插件的 - `InTreePluginOpenStackUnregister` 特性标志。 - - -- `CSIMigrationvSphereComplete`:停止在 kubelet 和卷控制器中注册 vSphere 内嵌插件, - 并启用填充和转换逻辑以将卷操作从 vSphere 内嵌插件路由到 vSphere CSI 插件。 - 这需要启用 CSIMigration 和 CSIMigrationvSphere 特性标志,并在集群中的所有节点上安装和配置 - vSphere CSI 插件。该特性标志已被废弃,取而代之的是能防止注册内嵌 vSphere 插件的 - `InTreePluginvSphereUnregister` 特性标志。 - - -- `CSINodeInfo`:在 `csi.storage.k8s.io` 中启用与 CSINodeInfo API 对象有关的所有逻辑。 - -- `CSIPersistentVolume`:启用发现和挂载通过 - [CSI(容器存储接口)](https://git.k8s.io/design-proposals-archive/storage/container-storage-interface.md) - 兼容卷插件配置的卷。 - -- `CSIServiceAccountToken`:允许 CSI 驱动接收挂载卷目标 Pods 的服务账号令牌。 - 参阅[令牌请求(Token Requests)](https://kubernetes-csi.github.io/docs/token-requests.html)。 - - -- `CSIVolumeFSGroupPolicy`:允许 CSIDrivers 使用 `fsGroupPolicy` 字段。 - 该字段能控制由 CSIDriver 创建的卷在挂载这些卷时是否支持卷所有权和权限修改。 - -- `CSRDuration`:允许客户端为通过 Kubernetes CSR API 签署的证书申请有效期限。 - -- `ConfigurableFSGroupPolicy`:在 Pod 中挂载卷时,允许用户为 fsGroup - 配置卷访问权限和属主变更策略。请参见 - [为 Pod 配置卷访问权限和属主变更策略](/zh-cn/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods)。 - -- `CronJobControllerV2`:使用 {{< glossary_tooltip text="CronJob" term_id="cronjob" >}} - 控制器的一种替代实现。否则,系统会选择同一控制器的 v1 版本。 - - -- `ControllerManagerLeaderMigration`:为 - [kube-controller-manager](/zh-cn/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) 和 - [cloud-controller-manager](/zh-cn/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager) - 启用 Leader 迁移,它允许集群管理者在没有停机的高可用集群环境下,实时把 kube-controller-manager - 迁移到外部的 controller-manager (例如 cloud-controller-manager) 中。 - - -- `CustomPodDNS`:允许使用 Pod 的 `dnsConfig` 属性自定义其 DNS 设置。 - 更多详细信息,请参见 - [Pod 的 DNS 配置](/zh-cn/docs/concepts/services-networking/dns-pod-service/#pods-dns-config)。 - -- `CustomResourceDefaulting`:为 CRD 启用在其 OpenAPI v3 验证模式中提供默认值的支持。 - -- `CustomResourcePublishOpenAPI`:启用 CRD OpenAPI 规范的发布。 - - -- `CustomResourceSubresources`:对于用 - [CustomResourceDefinition](/zh-cn/docs/concepts/extend-kubernetes/api-extension/custom-resources/) - 创建的资源启用其 `/status` 和 `/scale` 子资源。 - -- `CustomResourceValidation`:对于用 - [CustomResourceDefinition](/zh-cn/docs/concepts/extend-kubernetes/api-extension/custom-resources/) - 创建的资源启用基于模式的验证。 - -- `CustomResourceWebhookConversion`:对于用 - [CustomResourceDefinition](/zh-cn/docs/concepts/extend-kubernetes/api-extension/custom-resources/) - 创建的资源启用基于 Webhook 的转换。 - -- `DaemonSetUpdateSurge`:使 DaemonSet 工作负载在每个节点的更新期间保持可用性。 - 参阅[对 DaemonSet 执行滚动更新](/zh-cn/docs/tasks/manage-daemon/update-daemon-set/)。 - -- `DefaultPodTopologySpread`:启用 `PodTopologySpread` 调度插件来完成 - [默认的调度传播](/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints)。 - - -- `DelegateFSGroupToCSIDriver`:如果 CSI 驱动程序支持,则通过 NodeStageVolume 和 - NodePublishVolume CSI 调用传递 `fsGroup`,委托驱动来应用 Pod 的 - `securityContext` 中的 `fsGroup`。 - -- `DevicePlugins`:在节点上启用基于[设备插件](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/)的资源制备。 - -- `DisableAcceleratorUsageMetrics`: - [禁用 kubelet 收集加速器指标](/zh-cn/docs/concepts/cluster-administration/system-metrics/#disable-accelerator-metrics)。 - -- `DryRun`:启用在服务器端对请求进行[试运行(Dry Run)](/zh-cn/docs/reference/using-api/api-concepts/#dry-run), - 以便测试验证、合并和修改,同时避免提交更改。 - - -- `DynamicAuditing`:在 v1.19 版本前用于启用动态审计。 - -- `DynamicKubeletConfig`:启用 kubelet 的动态配置。 - 除偏差策略场景外,不再支持该功能。该特性门控在 kubelet 1.24 版本中已被移除。 - -- `DynamicProvisioningScheduling`:扩展默认调度器以了解卷拓扑并处理 PV 制备。 - 此特性已在 v1.12 中完全被 `VolumeScheduling` 特性取代。 - -- `DynamicVolumeProvisioning`:启用持久化卷到 Pod - 的[动态制备](/zh-cn/docs/concepts/storage/dynamic-provisioning/)。 - - -- `EnableAggregatedDiscoveryTimeout`:对聚集的发现调用启用五秒钟超时设置。 - -- `EnableEquivalenceClassCache`:调度 Pod 时,使 scheduler 缓存节点的等效项。 - -- `EndpointSlice`:启用 EndpointSlice 以实现可扩缩性和可扩展性更好的网络端点。 - 参阅[启用 EndpointSlice](/zh-cn/docs/concepts/services-networking/endpoint-slices/)。 - - -- `EndpointSliceNodeName`:允许使用 EndpointSlice 的 `nodeName` 字段。 - -- `EndpointSliceProxying`:启用此特性门控时,Linux 上运行的 kube-proxy 会使用 - EndpointSlices 而不是 Endpoints 作为其主要数据源,从而使得可扩缩性和性能提升成为可能。 - 参阅[启用 EndpointSlice](/zh-cn/docs/concepts/services-networking/endpoint-slices/)。 - -- `EphemeralContainers`:启用添加 - {{< glossary_tooltip text="临时容器" term_id="ephemeral-container" >}} - 到正在运行的 Pod 的特性。 - -- `EvenPodsSpread`:使 Pod 能够在拓扑域之间平衡调度。请参阅 - [Pod 拓扑扩展约束](/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/)。 - -- `ExpandCSIVolumes`:启用扩展 CSI 卷。 - - -- `ExpandInUsePersistentVolumes`:启用扩充使用中的 PVC 的尺寸。 - 请查阅[调整使用中的 PersistentVolumeClaim 的大小](/zh-cn/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim)。 -- `ExpandPersistentVolumes`:允许扩充持久卷。 - 请查阅[扩展持久卷申领](/zh-cn/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims)。 - - -- `ExperimentalCriticalPodAnnotation`:启用将特定 Pod 注解为 **critical** 的方式, - 用于[确保其被调度](/zh-cn/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/)。 - 从 v1.13 开始已弃用此特性,转而使用 Pod 优先级和抢占功能。 - -- `ExternalPolicyForExternalIP`:修复 ExternalPolicyForExternalIP 没有应用于 - Service ExternalIPs 的缺陷。 - -- `GCERegionalPersistentDisk`:在 GCE 上启用带地理区域信息的 PD 特性。 - - -- `GenericEphemeralVolume`:启用支持临时的内联卷,这些卷支持普通卷 - (可以由第三方存储供应商提供、存储容量跟踪、从快照还原等等)的所有功能。 - 请参见[临时卷](/zh-cn/docs/concepts/storage/ephemeral-volumes/)。 - -- `HugePageStorageMediumSize`: - 启用支持多种大小的预分配[巨页资源](/zh-cn/docs/tasks/manage-hugepages/scheduling-hugepages/)。 - -- `HugePages`: - 启用分配和使用预分配的[巨页资源](/zh-cn/docs/tasks/manage-hugepages/scheduling-hugepages/)。 - - -- `HyperVContainer`:为 Windows 容器启用 - [Hyper-V 隔离](https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container)。 - -- `IPv6DualStack`:启用[双协议栈](/zh-cn/docs/concepts/services-networking/dual-stack/)以支持 IPv6。 - -- `IdentifyPodOS`:允许设置 Pod 的 OS 字段。这一设置有助于在 API 服务器准入期间确定性地辨识 - Pod 的 OS。在 Kubernetes {{< skew currentVersion >}} 中,`pod.spec.os.name` 可选的值包括 - `windows` 和 `linux`。 - -- `ImmutableEphemeralVolumes`:允许将各个 Secret 和 ConfigMap 标记为不可变更的, - 以提高安全性和性能。 - -- `IndexedJob`:允许 [Job](/zh-cn/docs/concepts/workloads/controllers/job/) - 控制器根据完成索引来管理 Pod 完成。 - - -- `IngressClassNamespacedParams`:允许在 `IngressClass` 资源中使用名字空间范围的参数引用。 - 此功能为 `IngressClass.spec.parameters` 添加了两个字段 - `scope` 和 `namespace`。 - -- `Initializers`:允许使用 Intializers 准入插件来异步协调对象创建操作。 - -- `KubeletConfigFile`:启用从使用配置文件指定的文件中加载 kubelet 配置。 - 有关更多详细信息, - 请参见[通过配置文件设置 kubelet 参数](/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/)。 - - -- `LocalStorageCapacityIsolation`:允许使用 - [本地临时存储](/zh-cn/docs/concepts/configuration/manage-resources-containers/) - 以及 [emptyDir 卷](/zh-cn/docs/concepts/storage/volumes/#emptydir)的 `sizeLimit` 属性。 - -- `KubeletPluginsWatcher`:启用基于探针的插件监视应用程序,使 kubelet 能够发现类似 - [CSI 卷驱动程序](/zh-cn/docs/concepts/storage/volumes/#csi)这类插件。 - -- `LegacyNodeRoleBehavior`:禁用此门控时,服务负载均衡器中和节点干扰中的原先行为会忽略 - `node-role.kubernetes.io/master` 标签,使用 `NodeDisruptionExclusion` 和 - `ServiceNodeExclusion` 对应特性所提供的标签。 - -- `MountContainers`:允许使用主机上的工具容器作为卷挂载程序。 - -- `MountPropagation`:启用将一个容器安装的共享卷共享到其他容器或 Pod。 - 更多详细信息,请参见[挂载传播](/zh-cn/docs/concepts/storage/volumes/#mount-propagation)。 - - -- `NamespaceDefaultLabelName`:配置 API 服务器以在所有名字空间上设置一个不可变的 - {{< glossary_tooltip text="标签" term_id="label" >}} `kubernetes.io/metadata.name`, - 取值为名字空间的名称。 - -- `NodeDisruptionExclusion`:启用节点标签 `node.kubernetes.io/exclude-disruption`, - 以防止在可用区发生故障期间驱逐节点。 - -- `NodeLease`:启用新的 Lease(租期)API 以报告节点心跳,可用作节点运行状况信号。 - -- `NonPreemptingPriority`:为 PriorityClass 和 Pod 启用 `preemptionPolicy` 选项。 - -- `PVCProtection`:当 PersistentVolumeClaim (PVC) 仍然在 Pod 使用时被删除,启用保护。 - - -- `PersistentLocalVolumes`:允许在 Pod 中使用 `local(本地)` 卷类型。 - 如果请求 `local` 卷,则必须指定 Pod 亲和性属性。 - -- `PodAffinityNamespaceSelector`:启用 [Pod 亲和性名字空间选择算符](/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node/#namespace-selector)和 - [CrossNamespacePodAffinity](/zh-cn/docs/concepts/policy/resource-quotas/#cross-namespace-pod-affinity-quota) - 资源配额功能。 - -- `PodDisruptionBudget`:启用 [PodDisruptionBudget](/zh-cn/docs/tasks/run-application/configure-pdb/) 功能特性。 - -- `PodHasNetworkCondition`:使得 kubelet 能够对 Pod 标记 - [PodHasNetwork](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) 状况。 - 此特性在 1.28 中重命名为 `PodReadyToStartContainersCondition`。 - -- `PodOverhead`:启用 [PodOverhead](/zh-cn/docs/concepts/scheduling-eviction/pod-overhead/) - 特性以计算 Pod 开销。 - -- `PodPriority`:启用根据[优先级](/zh-cn/docs/concepts/scheduling-eviction/pod-priority-preemption/)的 - Pod 调度和抢占。 - -- `PodReadinessGates`:启用 `podReadinessGate` 字段的设置以扩展 Pod 准备状态评估。 - 有关更多详细信息,请参见 - [Pod 就绪状态判别](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)。 - - -- `PodSecurity`:开启 `PodSecurity` 准入控制插件。 - -- `PodShareProcessNamespace`:在 Pod 中启用 `shareProcessNamespace` 的设置, - 以便在 Pod 中运行的容器之间共享同一进程名字空间。更多详细信息, - 请参见[在 Pod 中的容器间共享同一进程名字空间](/zh-cn/docs/tasks/configure-pod-container/share-process-namespace/)。 - -- `PreferNominatedNode`:这个标志告诉调度器在循环遍历集群中的所有其他节点之前, - 是否首先检查指定的节点。 - -- `RequestManagement`:允许在每个 API 服务器上通过优先级和公平性管理请求并发性。 - 自 1.17 以来已被 `APIPriorityAndFairness` 替代。 - -- `ResourceLimitsPriorityFunction`:启用某调度器优先级函数, - 该函数将最低得分 1 指派给至少满足输入 Pod 的 CPU 和内存限制之一的节点, - 目的是打破得分相同的节点之间的关联。 - -- `ResourceQuotaScopeSelectors`:启用资源配额范围选择算符。 - - -- `RootCAConfigMap`:配置 `kube-controller-manager`,使之发布一个名为 `kube-root-ca.crt` - 的 {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}}, - 到所有名字空间中。该 ConfigMap 包含用来验证与 kube-apiserver 之间连接的 CA 证书包。 - 参阅[绑定服务账号令牌](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md) - 以了解更多细节。 - -- `RotateKubeletClientCertificate`:在 kubelet 上启用客户端 TLS 证书的轮换。 - 更多详细信息,请参见 - [kubelet 配置](/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#kubelet-configuration)。 - - -- `RunAsGroup`:启用对容器初始化过程中设置的主要组 ID 的控制。 - -- `RuntimeClass`:启用 [RuntimeClass](/zh-cn/docs/concepts/containers/runtime-class/) - 特性用于选择容器运行时配置。 - -- `SCTPSupport`:在 Pod、Service、Endpoints、NetworkPolicy 定义中允许将 'SCTP' - 用作 `protocol` 值。 - -- `ScheduleDaemonSetPods`:启用 DaemonSet Pod 由默认调度程序而不是 - DaemonSet 控制器进行调度。 - - -- `SelectorIndex`:允许使用 API 服务器的 watch 缓存中基于标签和字段的索引来加速 list 操作。 - -- `ServiceAccountIssuerDiscovery`:在 API 服务器中为服务账号颁发者启用 OIDC 发现端点 - (颁发者和 JWKS URL)。详情参见 - [为 Pod 配置服务账号](/zh-cn/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery)。 - -- `ServiceAppProtocol`:为 Service 和 Endpoints 启用 `appProtocol` 字段。 - -- `ServiceIPStaticSubrange`:启用 Service 的 ClusterIP 分配策略,从而细分 ClusterIP 范围。 - 动态分配的 ClusterIP 地址将优先从较高范围分配,以允许用户从较低范围分配静态 ClusterIP,进而降低发生冲突的风险。 - 更多详细信息请参阅[避免冲突](/zh-cn/docs/reference/networking/virtual-ips/#avoiding-collisions)。 - -- `ServiceInternalTrafficPolicy`:为服务启用 `internalTrafficPolicy` 字段。 - -- `ServiceLoadBalancerClass`:为服务启用 `loadBalancerClass` 字段。 - 有关更多信息,请参见[指定负载均衡器实现类](/zh-cn/docs/concepts/services-networking/service/#load-balancer-class)。 - -- `ServiceLoadBalancerFinalizer`:为服务负载均衡启用终结器(finalizers)保护。 - -- `ServiceLBNodePortControl`:为服务启用 `allocateLoadBalancerNodePorts` 字段。 - -- `ServiceNodeExclusion`:启用从云提供商创建的负载均衡中排除节点。 - 如果节点标记有 `node.kubernetes.io/exclude-from-external-load-balancers` 标签,则可以排除该节点。 - -- `ServiceTopology`:启用服务拓扑可以让一个服务基于集群的节点拓扑进行流量路由。 - -- `SetHostnameAsFQDN`:启用将全限定域名(FQDN)设置为 Pod 主机名的功能。 - 请参见[为 Pod 设置 `setHostnameAsFQDN` 字段](/zh-cn/docs/concepts/services-networking/dns-pod-service/#pod-sethostnameasfqdn-field)。 - -- `StartupProbe`:在 kubelet - 中启用[启动探针](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-startup-probe)。 - - -- `StatefulSetMinReadySeconds`: 允许 StatefulSet 控制器采纳 `minReadySeconds` 设置。 - - -- `StorageObjectInUseProtection`:如果仍在使用 PersistentVolume 或 - PersistentVolumeClaim 对象,则将其删除操作推迟。 - -- `StreamingProxyRedirects`:指示 API 服务器拦截(并跟踪)后端(kubelet)的重定向以处理流请求。 - 流请求的例子包括 `exec`、`attach` 和 `port-forward` 请求。 - -- `SupportIPVSProxyMode`:启用使用 IPVS 提供集群内服务负载平衡。更多详细信息, - 请参见[服务代理](/zh-cn/docs/reference/networking/virtual-ips/)。 - -- `SupportNodePidsLimit`:启用支持,限制节点上的 PID 用量。 - `--system-reserved` 和 `--kube-reserved` 中的参数 `pid=<数值>` - 可以分别用来设定为整个系统所预留的进程 ID 个数和为 Kubernetes 系统守护进程预留的进程 ID 个数。 - - -- `SupportPodPidsLimit`:启用支持限制 Pod 中的进程 PID。 - -- `SuspendJob`:启用对追加和恢复 Job 的支持。更多细节请参阅 - [Job 文档](/zh-cn/docs/concepts/workloads/controllers/job/)。 - -- `Sysctls`:允许为每个 Pod 设置的名字空间内核参数(sysctls)。 - 更多详细信息,请参见 [sysctls](/zh-cn/docs/tasks/administer-cluster/sysctl-cluster/)。 - -- `TTLAfterFinished`:资源完成执行后,允许 - [TTL 控制器](/zh-cn/docs/concepts/workloads/controllers/ttlafterfinished/)清理资源。 - -- `TaintBasedEvictions`:根据节点上的污点和 Pod 上的容忍度启用从节点驱逐 Pod 的特性。 - 更多详细信息可参见[污点和容忍度](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)。 - - -- `TaintNodesByCondition`: - 根据[节点状况](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)启用自动为节点标记污点。 - -- `TokenRequest`:在服务账号资源上启用 `TokenRequest` 端点。 - -- `TokenRequestProjection`:启用通过 - [`projected` 卷](/zh-cn/docs/concepts/storage/volumes/#projected)将服务账号令牌注入到 Pod 中的特性。 - -- `UserNamespacesStatelessPodsSupport`:为无状态 Pod 启用用户名字空间的支持。 - 此标志在新版本中被重命名为 `UserNamespacesSupport`。 - -- `ValidateProxyRedirects`:这个标志控制 API 服务器是否应该验证只跟随到相同的主机的重定向。 - 仅在启用 `StreamingProxyRedirects` 标志时被使用。 - - -- `VolumePVCDataSource`:启用对将现有 PVC 指定数据源的支持。 - -- `VolumeScheduling`:启用卷拓扑感知调度,并使 PersistentVolumeClaim(PVC) - 绑定能够了解调度决策;当与 PersistentLocalVolumes 特性门控一起使用时, - 还允许使用 [`local`](/zh-cn/docs/concepts/storage/volumes/#local) 卷类型。 - -- `VolumeSnapshotDataSource`:启用卷快照数据源支持。 - -- `VolumeSubpath`:允许在容器中挂载卷的子路径。 - - -- `VolumeSubpathEnvExpansion`:启用 `subPathExpr` 字段用于在 `subPath` 中展开环境变量。 - -- `WarningHeaders`:允许在 API 响应中发送警告头部。 - -- `WindowsEndpointSliceProxying`:当启用时,运行在 Windows 上的 kube-proxy - 将使用 EndpointSlices 而不是 Endpoints 作为主要数据源,从而实现可伸缩性和并改进性能。 - 详情请参见[启用端点切片](/zh-cn/docs/concepts/services-networking/endpoint-slices/)。 - - -- `WindowsGMSA`:允许将 GMSA 凭据规范从 Pod 传递到容器运行时。 - -- `WindowsHostProcessContainers`:启用对 Windows HostProcess 容器的支持。 - -- `WindowsRunAsUserName`:提供使用非默认用户在 Windows 容器中运行应用程序的支持。 - 详情请参见[配置 RunAsUserName](/zh-cn/docs/tasks/configure-pod-container/configure-runasusername)。 + +{{< feature-gate-list show-removed="true" >}} From 709318363698785ab6578d437fbc9c3775ed146e Mon Sep 17 00:00:00 2001 From: steve-hardman <132999137+steve-hardman@users.noreply.github.com> Date: Fri, 5 Jan 2024 04:44:16 +0000 Subject: [PATCH 149/279] Fixes to address Hugo deprecation warnings during build (#44610) * Fix hugo deprecation warnings * Fix hugo deprecation warnings --- hugo.toml | 70 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/hugo.toml b/hugo.toml index c6a129c4ca452..7da8be9cc7152 100644 --- a/hugo.toml +++ b/hugo.toml @@ -15,7 +15,7 @@ timeZone = "UTC" enableRobotsTXT = true disableBrowserError = true -disableKinds = ["taxonomy", "taxonomyTerm"] +disableKinds = ["taxonomy"] ignoreFiles = [ "(?:^|/)OWNERS$", "README[-]+[a-z]*\\.md", "^node_modules$", "content/en/docs/doc-contributor-tools" ] @@ -296,18 +296,18 @@ no = 'Sorry to hear that. Please Date: Fri, 5 Jan 2024 18:00:29 +0800 Subject: [PATCH 150/279] [zh] Sync contribute/new-content/new-features.md --- .../contribute/new-content/new-features.md | 133 +++++++++++++++--- 1 file changed, 113 insertions(+), 20 deletions(-) diff --git a/content/zh-cn/docs/contribute/new-content/new-features.md b/content/zh-cn/docs/contribute/new-content/new-features.md index c11cfe85d23e5..6d590ae365829 100644 --- a/content/zh-cn/docs/contribute/new-content/new-features.md +++ b/content/zh-cn/docs/contribute/new-content/new-features.md @@ -242,31 +242,125 @@ Use their suggestions to get the content to a release ready state. 为了确保技术准确性,内容可能还需要相应 SIG 的技术审核。 尽量利用他们所给出的建议,改进文档内容以达到发布就绪状态。 + +如果你的特性需要文档,而你未提交初版文档,那此特性可能会被从里程碑中移除。 + + +#### 特性门控 {#ready-for-review-feature-gates} + +如果你在处理的特性处于 Alpha 或 Beta 阶段并由某特性门控控制, +你需要在 `content/en/docs/reference/command-line-tools-reference/feature-gates/` 目录中为其创建一个特性门控文件。 +此文件的名称应该是特性门控的名称,此名称的式样从 `UpperCamelCase` 转换为 `kebab-case`,并以 `.md` 作为后缀。 +你可以参照同一目录中已存在的其他文件,以了解你的文件应该是什么样子的。 +通常一段话就够了;若要长篇阐述,请在其他地方添加文档,并为其添加链接。 + + +此外,为了确保你的特性门控出现在 +[Alpha/Beta 特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features)表格中, +请在 Markdown 描述文件的 [Front Matter](https://gohugo.io/content-management/front-matter/) 中包含以下细节: + + +```yaml +stages: + - stage: # 指定特性门控的开发阶段 + defaultValue: # 如果默认启用,则设置为 true,否则为 false + fromVersion: # 特性门控可用的起始版本 + toVersion: # (可选)特性门控可用的结束版本 +``` + + +对于全新的特性门控,还需要一个单独的特性门控描述;在 +`content/en/docs/reference/command-line-tools-reference/feature-gates/` +目录中创建一个新的 Markdown 文件(把其他文件用作模板)。 + + +当你将特性门控从默认禁用更改为默认启用时,你可能还需要更改其他文档(不仅仅是特性门控列表)。 +参照这样的话术 “`exampleSetting` 字段是一个 Beta 字段,默认禁用。 +你可以通过启用 `ProcessExampleThings` 特性门控来启用此字段。” + + -如果你在处理的功能特性处于 Alpha 或 Beta 阶段并由某特性门控控制, -请确保在你的 PR 中,该特性门控被添加到 -[Alpha/Beta 特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features)表格中。 -对于新的特性门控选项,需要为该特性门控提供一段描述。 -如果所处理的功能特性已经进入正式发布(GA)状态或者被废弃, -请确保将其从 -[Alpha 和 Beta 状态的特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features)表格迁移到 -[已毕业和已废弃的特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/#feature-gates-that-are-removed), -并确保迁移后保留其 Alpha、Beta 版本变迁历史。 +如果你的特性已经是 GA(正式发布)或已弃用的,请在描述文件的 `stages` 块中包含一个额外的 `stage` 条目。 +确保 Alpha 和 Beta 阶段保持不变。这一步将特性门控从 +[Alpha/Beta 特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features) +表格移到[已毕业或已弃用的特性门控](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-graduated-or-deprecated-features)表格。例如: - -如果你的功能特性需要文档,而你未提交初版文档,该特性可能会被从里程碑中删除。 +{{< highlight yaml "linenos=false,hl_lines=10-15" >}} +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.12" + toVersion: "1.12" + - stage: beta + defaultValue: true + fromVersion: "1.13" + toVersion: "1.18" + # 将 'stable' stage 代码块添加到了 stages 下 + - stage: stable + defaultValue: true + fromVersion: "1.19" + toVersion: "1.27" +{{< / highlight >}} + + +最终,Kubernetes 将完全停止包含此特性门控。为了表示某特性门控已被移除, +请在相应描述文件的 Front Matter 中包括 `removed: true`。 +此操作将使特性门控及其描述从[已毕业或已弃用的特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/#feature-gates-that-are-removed) +部分移到名为[特性门控(已移除)](/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/)的专用页面。 + +Auf Linux beschränken {{< glossary_tooltip text="control groups" term_id="cgroup" >}} die Ressourcen, die einem Prozess zugeteilt werden. + +Das {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} und die zugrundeliegende Container Runtime müssen mit cgroups interagieren um +[Ressourcen-Verwaltung für Pods und Container](/docs/concepts/configuration/manage-resources-containers/) durchzusetzen. Das schließt CPU/Speicher Anfragen und Limits für containerisierte Arbeitslasten ein. + +Es gibt zwei Versionen cgroups in Linux: cgroup v1 und cgroup v2. cgroup v2 ist die neue Generation der `cgroup` API. + + + + +## Was ist cgroup v2? {#cgroup-v2} +{{< feature-state for_k8s_version="v1.25" state="stable" >}} + +cgroup v2 ist die nächste Version der Linux `cgroup` API. cgroup v2 stellt ein einheitliches Kontrollsystem mit erweiterten Ressourcenmanagement Fähigkeiten bereit. + +cgroup v2 bietet einige Verbesserungen gegenüber cgroup v1, zum Beispiel folgende: + +- einzelnes vereinheitlichtes Hierarchiendesign in der API +- erhöhte Sicherheit bei sub-tree Delegierung zu Container +- Neuere Features, wie [Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html) +- erweitertes Ressourcen Zuteilungsmanagement und Isolierung über mehrfache Ressourcen + - einheitliche Erfassung für verschiedene Arten der Speicherzuteilung (Netzwerkspeicher, Kernelspeicher, usw.) + - Erfassung nicht-unmittelbarer Ressourcenänderungen wie "page cache write backs" + +Manche Kubernetes Funktionen verwenden ausschließlich cgroup v2 für erweitertes Ressourcenmanagement und Isolierung. Die [MemoryQoS](/blog/2021/11/26/qos-memory-resources/) Funktion, zum Beispiel, verbessert Speicher QoS und setzt dabei auf cgroup v2 Primitives. + + +## cgroup v2 verwenden {#cgroupv2-verwenden} + +Die empfohlene Methode um cgroup v2 zu verwenden, ist eine Linux Distribution zu verwenden, die cgroup v2 standardmäßig aktiviert und verwendet. + +Um zu Kontrollieren ob ihre Distribution cgroup v2 verwendet, siehe [Identifizieren der cgroup Version auf Linux Knoten](#cgroup-version-identifizieren). + +### Voraussetzungen {#Voraussetzungen} + +cgroup v2 hat folgende Voraussetzungen: + +* Betriebssystem Distribution ermöglicht cgroup v2 +* Linux Kernel Version ist 5.8 oder neuer +* Container Runtime unterstützt cgroup v2. Zum Besipiel: + * [containerd](https://containerd.io/) v1.4 und neuer + * [cri-o](https://cri-o.io/) v1.20 und neuer +* Das kubelet und die Container Runtime sind konfiguriert, um den [systemd cgroup Treiber](/docs/setup/production-environment/container-runtimes#systemd-cgroup-driver) zu verwenden + +### Linux Distribution cgroup v2 Support + +Für eine Liste der Linux Distributionen, die cgroup v2 verwenden, siehe die [cgroup v2 Dokumentation](https://github.com/opencontainers/runc/blob/main/docs/cgroup-v2.md) + + +* Container Optimized OS (seit M97) +* Ubuntu (seit 21.10, 22.04+ empfohlen) +* Debian GNU/Linux (seit Debian 11 bullseye) +* Fedora (seit 31) +* Arch Linux (seit April 2021) +* RHEL und RHEL-basierte Distributionen (seit 9) + +Zum Überprüfen ob Ihre Distribution cgroup v2 verwendet, siehe die Dokumentation Ihrer Distribution, oder folge den Anweisungen in [Identifizieren der cgroup Version auf Linux Knoten](#cgroup-version-identifizieren). + +Man kann auch manuell cgroup v2 aktivieren, indem man die Kernel Boot Argumente anpasst. Wenn Ihre Distribution GRUB verwendet, muss `systemd.unified_cgroup_hierarchy=1` in `GRUB_CMDLINE_LINUX` unter `/etc/default/grub` hinzugefügt werden. Danach muss man `sudo update-grub` ausführen. Die empfohlene Methode ist aber das Verwenden einer Distribution, die schon standardmäßig cgroup v2 aktiviert. + +### Migrieren zu cgroup v2 {#cgroupv2-migrieren} + +Um zu cgroup v2 zu migrieren, müssen Sie erst sicherstellen, dass die [Voraussetzungen](#Voraussetzungen) erfüllt sind. Dann müssen Sie auf eine Kernel Version aktualisieren, die cgroup v2 standardmäßig aktiviert. + +Das kubelet erkennt automatisch, dass das Betriebssystem auf cgroup v2 läuft, und verhält sich entsprechend, ohne weitere Konfiguration. + +Nach dem Umschalten auf cgroup v2 sollte es keinen erkennbaren Unterschied in der Benutzererfahrung geben, es sei denn, die Benutzer greifen auf das cgroup Dateisystem direkt zu, entweder auf dem Knoten oder in den Containern. + +cgroup v2 verwendet eine andere API als cgroup v1. Wenn es also Anwendungen gibt, die direkt auf das cgroup Dateisystem zugreifen, müssen sie aktualisiert werden, um cgroup v2 zu unterstützen. Zum Beispiel: + +* Manche Überwachungs- und Sicherheitsagenten von Drittanbietern können vom cgroup Dateisystem abhängig sein. + Diese müssen aktualisiert werden um cgroup v2 zu unterstützen. +* Wenn Sie [cAdvisor](https://github.com/google/cadvisor) als eigenständigen DaemonSet verwenden, zum Überwachen von Pods und Container, muss es auf v0.43.0 oder neuer aktualisiert werden. +* Wenn Sie Java Applikationen bereitstellen, sollten Sie bevorzugt Versionen verwenden, die cgroup v2 vollständig unterstützen: + * [OpenJDK / HotSpot](https://bugs.openjdk.org/browse/JDK-8230305): jdk8u372, 11.0.16, 15 und neuer + * [IBM Semeru Runtimes](https://www.ibm.com/support/pages/apar/IJ46681): 8.0.382.0, 11.0.20.0, 17.0.8.0, und neuer + * [IBM Java](https://www.ibm.com/support/pages/apar/IJ46681): 8.0.8.6 und neuer +* Wenn Sie das [uber-go/automaxprocs](https://github.com/uber-go/automaxprocs) Paket verwenden, vergewissern Sie sich, dass Sie v1.5.1 oder höher verwenden. + +## Identifizieren der cgroup Version auf Linux Knoten {#cgroup-version-identifizieren} + +Die cgroup Version hängt von der verwendeten Linux Distribution und der standardmäßig auf dem Betriebssystem konfigurierten cgroup Version ab. Zum Überprüfen der cgroup Version, die ihre Distribution verwendet, führen Sie den Befehl `stat -fc %T /sys/fs/cgroup/` auf dem Knoten aus: + +```shell +stat -fc %T /sys/fs/cgroup/ +``` + +Für cgroup v2, ist das Ergebnis `cgroup2fs`. + +Für cgroup v1, ist das Ergebnis `tmpfs.` + +## {{% heading "whatsnext" %}} + +- Erfahre mehr über [cgroups](https://man7.org/linux/man-pages/man7/cgroups.7.html) +- Erfahre mehr über [container runtime](/docs/concepts/architecture/cri) +- Erfahre mehr über [cgroup drivers](/docs/setup/production-environment/container-runtimes#cgroup-drivers) + diff --git a/content/de/docs/reference/glossary/cgroup.md b/content/de/docs/reference/glossary/cgroup.md new file mode 100644 index 0000000000000..18d68f1714e86 --- /dev/null +++ b/content/de/docs/reference/glossary/cgroup.md @@ -0,0 +1,17 @@ +--- +title: cgroup (control group) +id: cgroup +date: 2019-06-25 +full_link: +short_description: > + Eine Gruppe Linux Prozesse mit optionaler Isolation, Erfassung und Begrenzung der Ressourcen + +aka: +tags: +- fundamental +--- +Eine Gruppe Linux Prozesse mit optionaler Isolation, Erfassung und Begrenzung der Ressourcen. + + + +cgroup ist eine Funktion des Linux Kernels, dass die Ressourcennutzung (CPU, Speicher, Platten I/O, Netzwerk) begrenzt, erfasst und isoliert, für eine Sammling Prozesse. From b999863066811c1351f283ac7b7ec76b0bada13d Mon Sep 17 00:00:00 2001 From: hschneid66 Date: Fri, 5 Jan 2024 15:51:49 +0000 Subject: [PATCH 152/279] modified master-node-communication.md to remove master/slave terminology --- ...md => control-plane-node-communication.md} | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) rename content/de/docs/concepts/architecture/{master-node-communication.md => control-plane-node-communication.md} (66%) diff --git a/content/de/docs/concepts/architecture/master-node-communication.md b/content/de/docs/concepts/architecture/control-plane-node-communication.md similarity index 66% rename from content/de/docs/concepts/architecture/master-node-communication.md rename to content/de/docs/concepts/architecture/control-plane-node-communication.md index 6874cdb68772a..46a1ad34a67b5 100644 --- a/content/de/docs/concepts/architecture/master-node-communication.md +++ b/content/de/docs/concepts/architecture/control-plane-node-communication.md @@ -1,12 +1,12 @@ --- -title: Master-Node Kommunikation +title: Control-Plane-Node Kommunikation content_type: concept weight: 20 --- -Dieses Dokument katalogisiert die Kommunikationspfade zwischen dem Master (eigentlich dem Apiserver) und des Kubernetes-Clusters. +Dieses Dokument katalogisiert die Kommunikationspfade zwischen dem Control Plane (eigentlich dem Apiserver) und des Kubernetes-Clusters. Die Absicht besteht darin, Benutzern die Möglichkeit zu geben, ihre Installation so anzupassen, dass die Netzwerkkonfiguration so abgesichert wird, dass der Cluster in einem nicht vertrauenswürdigen Netzwerk (oder mit vollständig öffentlichen IP-Adressen eines Cloud-Providers) ausgeführt werden kann. @@ -14,28 +14,28 @@ Die Absicht besteht darin, Benutzern die Möglichkeit zu geben, ihre Installatio -## Cluster zum Master +## Cluster zum Control Plane -Alle Kommunikationspfade vom Cluster zum Master enden beim Apiserver (keine der anderen Master-Komponenten ist dafür ausgelegt, Remote-Services verfügbar zu machen). +Alle Kommunikationspfade vom Cluster zum Control Plane enden beim Apiserver (keine der anderen Control-Plane-Komponenten ist dafür ausgelegt, Remote-Services verfügbar zu machen). In einem typischen Setup ist der Apiserver so konfiguriert, dass er Remote-Verbindungen an einem sicheren HTTPS-Port (443) mit einer oder mehreren Formen der [Clientauthentifizierung](/docs/reference/access-authn-authz/authentication/) überwacht. -Eine oder mehrere Formene von [Autorisierung](/docs/reference/access-authn-authz/authorization/) sollte aktiviert sein, insbesondere wenn [anonyme Anfragen](/docs/reference/access-authn-authz/authentication/#anonymous-requests) oder [Service Account Tokens](/docs/reference/access-authn-authz/authentication/#service-account-tokens) aktiviert sind. +Eine oder mehrere Formen von [Autorisierung](/docs/reference/access-authn-authz/authorization/) sollte aktiviert sein, insbesondere wenn [anonyme Anfragen](/docs/reference/access-authn-authz/authentication/#anonymous-requests) oder [Service Account Tokens](/docs/reference/access-authn-authz/authentication/#service-account-tokens) aktiviert sind. -Nodes sollten mit dem öffentlichen Stammzertifikat für den Cluster konfiguriert werden, sodass sie eine sichere Verbindung zum Apiserver mit gültigen Client-Anmeldeinformationen herstellen können. +Knoten sollten mit dem öffentlichen Stammzertifikat für den Cluster konfiguriert werden, sodass sie eine sichere Verbindung zum Apiserver mit gültigen Client-Anmeldeinformationen herstellen können. Beispielsweise bei einer gewöhnlichen GKE-Konfiguration enstprechen die dem kubelet zur Verfügung gestellten Client-Anmeldeinformationen eines Client-Zertifikats. Lesen Sie über [kubelet TLS bootstrapping](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/) zur automatisierten Bereitstellung von kubelet-Client-Zertifikaten. Pods, die eine Verbindung zum Apiserver herstellen möchten, können dies auf sichere Weise tun, indem sie ein Dienstkonto verwenden, sodass Kubernetes das öffentliche Stammzertifikat und ein gültiges Trägertoken automatisch in den Pod einfügt, wenn er instanziiert wird. Der `kubernetes`-Dienst (in allen Namespaces) ist mit einer virtuellen IP-Adresse konfiguriert, die (über den Kube-Proxy) an den HTTPS-Endpunkt auf dem Apiserver umgeleitet wird. -Die Master-Komponenten kommunizieren auch über den sicheren Port mit dem Cluster-Apiserver. +Die Control-Plane-Komponenten kommunizieren auch über den sicheren Port mit dem Cluster-Apiserver. -Der Standardbetriebsmodus für Verbindungen vom Cluster (Knoten und Pods, die auf den Knoten ausgeführt werden) zum Master ist daher standardmäßig gesichert und kann über nicht vertrauenswürdige und/oder öffentliche Netzwerke laufen. +Der Standardbetriebsmodus für Verbindungen vom Cluster (Knoten und Pods, die auf den Knoten ausgeführt werden) zum Control Plane ist daher standardmäßig gesichert und kann über nicht vertrauenswürdige und/oder öffentliche Netzwerke laufen. -## Master zum Cluster +## Control Plane zum Cluster -Es gibt zwei primäre Kommunikationspfade vom Master (Apiserver) zum Cluster. -Der Erste ist vom Apiserver hin zum Kubelet-Prozess, der auf jedem Node im Cluster ausgeführt wird. -Der Zweite ist vom Apiserver zu einem beliebigen Node, Pod oder Dienst über die Proxy-Funktionalität des Apiservers. +Es gibt zwei primäre Kommunikationspfade vom Control Plane (Apiserver) zum Cluster. +Der Erste ist vom Apiserver hin zum Kubelet-Prozess, der auf jedem Knoten im Cluster ausgeführt wird. +Der Zweite ist vom Apiserver zu einem beliebigen Knoten, Pod oder Dienst über die Proxy-Funktionalität des Apiservers. ### Apiserver zum kubelet @@ -55,16 +55,16 @@ zwischen dem Apiserver und dem kubelet, falls es erforderlich ist eine Verbindun Außerdem sollte [Kubelet Authentifizierung und/oder Autorisierung](/docs/admin/kubelet-authentication-authorization/) aktiviert sein, um die kubelet-API abzusichern. -### Apiserver zu Nodes, Pods und Services +### Apiserver zu Knoten, Pods und Services -Die Verbindungen vom Apiserver zu einem Node, Pod oder Dienst verwenden standardmäßig einfache HTTP-Verbindungen und werden daher weder authentifiziert noch verschlüsselt. +Die Verbindungen vom Apiserver zu einem Knoten, Pod oder Dienst verwenden standardmäßig einfache HTTP-Verbindungen und werden daher weder authentifiziert noch verschlüsselt. Sie können über eine sichere HTTPS-Verbindung ausgeführt werden, indem dem Node, dem Pod oder dem Servicenamen in der API-URL "https:" vorangestellt wird. Das vom HTTPS-Endpunkt bereitgestellte Zertifikat wird jedoch nicht überprüft, und es werden keine Clientanmeldeinformationen bereitgestellt. Die Verbindung wird zwar verschlüsselt, garantiert jedoch keine Integrität. Diese Verbindungen **sind derzeit nicht sicher** innerhalb von nicht vertrauenswürdigen und/oder öffentlichen Netzen. -### SSH Tunnels +### SSH Tunnel -Kubernetes unterstützt SSH-Tunnel zum Schutz der Master -> Cluster Kommunikationspfade. -In dieser Konfiguration initiiert der Apiserver einen SSH-Tunnel zu jedem Node im Cluster (Verbindung mit dem SSH-Server, der mit Port 22 läuft), und leitet den gesamten Datenverkehr für ein kubelet, einen Node, einen Pod oder einen Dienst durch den Tunnel. +Kubernetes unterstützt SSH-Tunnel zum Schutz der Control Plane -> Cluster Kommunikationspfade. +In dieser Konfiguration initiiert der Apiserver einen SSH-Tunnel zu jedem Knoten im Cluster (Verbindung mit dem SSH-Server, der mit Port 22 läuft), und leitet den gesamten Datenverkehr für ein kubelet, einen Knoten, einen Pod oder einen Dienst durch den Tunnel. Dieser Tunnel stellt sicher, dass der Datenverkehr nicht außerhalb des Netzwerks sichtbar ist, in dem die Knoten ausgeführt werden. SSH-Tunnel werden zur Zeit nicht unterstützt. Sie sollten also nicht verwendet werden, sei denn, man weiß, was man tut. Ein Ersatz für diesen Kommunikationskanal wird entwickelt. From 1ed206481f71c4b83ee4054b3684d96998a3da3f Mon Sep 17 00:00:00 2001 From: Holger Schneider Date: Fri, 5 Jan 2024 17:24:52 +0000 Subject: [PATCH 153/279] Update content/de/docs/concepts/architecture/control-plane-node-communication.md Slight change (SSH-Tunnel does look better) Co-authored-by: Tim Bannister --- .../concepts/architecture/control-plane-node-communication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/de/docs/concepts/architecture/control-plane-node-communication.md b/content/de/docs/concepts/architecture/control-plane-node-communication.md index 46a1ad34a67b5..babc962eccfa7 100644 --- a/content/de/docs/concepts/architecture/control-plane-node-communication.md +++ b/content/de/docs/concepts/architecture/control-plane-node-communication.md @@ -61,7 +61,7 @@ Die Verbindungen vom Apiserver zu einem Knoten, Pod oder Dienst verwenden standa Sie können über eine sichere HTTPS-Verbindung ausgeführt werden, indem dem Node, dem Pod oder dem Servicenamen in der API-URL "https:" vorangestellt wird. Das vom HTTPS-Endpunkt bereitgestellte Zertifikat wird jedoch nicht überprüft, und es werden keine Clientanmeldeinformationen bereitgestellt. Die Verbindung wird zwar verschlüsselt, garantiert jedoch keine Integrität. Diese Verbindungen **sind derzeit nicht sicher** innerhalb von nicht vertrauenswürdigen und/oder öffentlichen Netzen. -### SSH Tunnel +### SSH-Tunnel Kubernetes unterstützt SSH-Tunnel zum Schutz der Control Plane -> Cluster Kommunikationspfade. In dieser Konfiguration initiiert der Apiserver einen SSH-Tunnel zu jedem Knoten im Cluster (Verbindung mit dem SSH-Server, der mit Port 22 läuft), und leitet den gesamten Datenverkehr für ein kubelet, einen Knoten, einen Pod oder einen Dienst durch den Tunnel. From 7100b9ce32ccdfc46ae55330292064bfc888cf23 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Sat, 6 Jan 2024 14:39:02 +0800 Subject: [PATCH 154/279] Revise kubectl reference layout The reference is generated using an improve version of component reference generator (https://github.com/kubernetes-sigs/reference-docs/pull/349). --- .../reference/kubectl/generated/kubectl.md | 137 ++++++--- .../kubectl/generated/kubectl_alpha.md | 275 ----------------- .../kubectl/generated/kubectl_alpha_auth.md | 279 ----------------- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../kubectl_apply_edit-last-applied.md | 53 +++- .../kubectl_apply_set-last-applied.md | 53 +++- .../kubectl_apply_view-last-applied.md | 53 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../{ => kubectl_auth}/kubectl_auth_can-i.md | 53 +++- .../kubectl_auth_reconcile.md | 53 +++- .../{ => kubectl_auth}/kubectl_auth_whoami.md | 53 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../kubectl_certificate_approve.md | 53 +++- .../kubectl_certificate_deny.md | 53 +++- .../_index.md} | 54 +++- .../kubectl_cluster-info_dump.md | 53 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../kubectl_config_current-context.md | 53 +++- .../kubectl_config_delete-cluster.md | 53 +++- .../kubectl_config_delete-context.md | 53 +++- .../kubectl_config_delete-user.md | 53 +++- .../kubectl_config_get-clusters.md | 53 +++- .../kubectl_config_get-contexts.md | 53 +++- .../kubectl_config_get-users.md | 53 +++- .../kubectl_config_rename-context.md | 53 +++- .../kubectl_config_set-cluster.md | 53 +++- .../kubectl_config_set-context.md | 53 +++- .../kubectl_config_set-credentials.md | 53 +++- .../kubectl_config_set.md | 53 +++- .../kubectl_config_unset.md | 53 +++- .../kubectl_config_use-context.md | 53 +++- .../kubectl_config_view.md | 53 +++- .../_index.md} | 54 +++- .../{kubectl_cp.md => kubectl_cp/_index.md} | 54 +++- .../_index.md} | 54 +++- .../kubectl_create_clusterrole.md | 53 +++- .../kubectl_create_clusterrolebinding.md | 53 +++- .../kubectl_create_configmap.md | 53 +++- .../kubectl_create_cronjob.md | 53 +++- .../kubectl_create_deployment.md | 53 +++- .../kubectl_create_ingress.md | 53 +++- .../kubectl_create_job.md | 53 +++- .../kubectl_create_namespace.md | 53 +++- .../kubectl_create_poddisruptionbudget.md | 53 +++- .../kubectl_create_priorityclass.md | 53 +++- .../kubectl_create_quota.md | 53 +++- .../kubectl_create_role.md | 53 +++- .../kubectl_create_rolebinding.md | 53 +++- .../kubectl_create_secret.md | 59 +++- .../kubectl_create_secret_docker-registry.md | 53 +++- .../kubectl_create_secret_generic.md | 53 +++- .../kubectl_create_secret_tls.md | 53 +++- .../kubectl_create_service.md | 61 +++- .../kubectl_create_service_clusterip.md | 53 +++- .../kubectl_create_service_externalname.md | 53 +++- .../kubectl_create_service_loadbalancer.md | 53 +++- .../kubectl_create_service_nodeport.md | 53 +++- .../kubectl_create_serviceaccount.md | 53 +++- .../kubectl_create_token.md | 55 +++- .../_index.md} | 54 +++- .../_index.md} | 61 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 56 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../{kubectl_get.md => kubectl_get/_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../kubectl/generated/kubectl_options.md | 285 ------------------ .../_index.md} | 103 ++++--- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../kubectl_plugin_list.md | 53 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../kubectl_rollout_history.md | 53 +++- .../kubectl_rollout_pause.md | 53 +++- .../kubectl_rollout_restart.md | 56 +++- .../kubectl_rollout_resume.md | 53 +++- .../kubectl_rollout_status.md | 53 +++- .../kubectl_rollout_undo.md | 53 +++- .../{kubectl_run.md => kubectl_run/_index.md} | 54 +++- .../_index.md} | 54 +++- .../{kubectl_set.md => kubectl_set/_index.md} | 54 +++- .../{ => kubectl_set}/kubectl_set_env.md | 53 +++- .../{ => kubectl_set}/kubectl_set_image.md | 53 +++- .../kubectl_set_resources.md | 53 +++- .../{ => kubectl_set}/kubectl_set_selector.md | 53 +++- .../kubectl_set_serviceaccount.md | 53 +++- .../{ => kubectl_set}/kubectl_set_subject.md | 53 +++- .../_index.md} | 54 +++- .../{kubectl_top.md => kubectl_top/_index.md} | 54 +++- .../{ => kubectl_top}/kubectl_top_node.md | 53 +++- .../{ => kubectl_top}/kubectl_top_pod.md | 53 +++- .../_index.md} | 54 +++- .../_index.md} | 54 +++- .../_index.md} | 57 +++- 110 files changed, 5571 insertions(+), 1146 deletions(-) delete mode 100644 content/en/docs/reference/kubectl/generated/kubectl_alpha.md delete mode 100644 content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md rename content/en/docs/reference/kubectl/generated/{kubectl_annotate.md => kubectl_annotate/_index.md} (89%) rename content/en/docs/reference/kubectl/generated/{kubectl_api-resources.md => kubectl_api-resources/_index.md} (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_api-versions.md => kubectl_api-versions/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{kubectl_apply.md => kubectl_apply/_index.md} (90%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_apply}/kubectl_apply_edit-last-applied.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_apply}/kubectl_apply_set-last-applied.md (86%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_apply}/kubectl_apply_view-last-applied.md (85%) rename content/en/docs/reference/kubectl/generated/{kubectl_attach.md => kubectl_attach/_index.md} (85%) rename content/en/docs/reference/kubectl/generated/{kubectl_auth.md => kubectl_auth/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_auth}/kubectl_auth_can-i.md (86%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_auth}/kubectl_auth_reconcile.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_auth}/kubectl_auth_whoami.md (85%) rename content/en/docs/reference/kubectl/generated/{kubectl_autoscale.md => kubectl_autoscale/_index.md} (88%) rename content/en/docs/reference/kubectl/generated/{kubectl_certificate.md => kubectl_certificate/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_certificate}/kubectl_certificate_approve.md (86%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_certificate}/kubectl_certificate_deny.md (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_cluster-info.md => kubectl_cluster-info/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_cluster-info}/kubectl_cluster-info_dump.md (87%) rename content/en/docs/reference/kubectl/generated/{kubectl_completion.md => kubectl_completion/_index.md} (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_config.md => kubectl_config/_index.md} (85%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_current-context.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_delete-cluster.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_delete-context.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_delete-user.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_get-clusters.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_get-contexts.md (84%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_get-users.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_rename-context.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_set-cluster.md (85%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_set-context.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_set-credentials.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_set.md (85%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_unset.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_use-context.md (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_config}/kubectl_config_view.md (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_cordon.md => kubectl_cordon/_index.md} (84%) rename content/en/docs/reference/kubectl/generated/{kubectl_cp.md => kubectl_cp/_index.md} (85%) rename content/en/docs/reference/kubectl/generated/{kubectl_create.md => kubectl_create/_index.md} (89%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_clusterrole.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_clusterrolebinding.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_configmap.md (89%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_cronjob.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_deployment.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_ingress.md (89%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_job.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_namespace.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_poddisruptionbudget.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_priorityclass.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_quota.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_role.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_rolebinding.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_secret.md (80%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_secret_docker-registry.md (89%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_secret_generic.md (89%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_secret_tls.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_service.md (79%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_service_clusterip.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_service_externalname.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_service_loadbalancer.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_service_nodeport.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_serviceaccount.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_create}/kubectl_create_token.md (85%) rename content/en/docs/reference/kubectl/generated/{kubectl_debug.md => kubectl_debug/_index.md} (89%) rename content/en/docs/reference/kubectl/generated/{kubectl_delete.md => kubectl_delete/_index.md} (89%) rename content/en/docs/reference/kubectl/generated/{kubectl_describe.md => kubectl_describe/_index.md} (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_diff.md => kubectl_diff/_index.md} (87%) rename content/en/docs/reference/kubectl/generated/{kubectl_drain.md => kubectl_drain/_index.md} (88%) rename content/en/docs/reference/kubectl/generated/{kubectl_edit.md => kubectl_edit/_index.md} (89%) rename content/en/docs/reference/kubectl/generated/{kubectl_events.md => kubectl_events/_index.md} (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_exec.md => kubectl_exec/_index.md} (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_explain.md => kubectl_explain/_index.md} (85%) rename content/en/docs/reference/kubectl/generated/{kubectl_expose.md => kubectl_expose/_index.md} (90%) rename content/en/docs/reference/kubectl/generated/{kubectl_get.md => kubectl_get/_index.md} (90%) rename content/en/docs/reference/kubectl/generated/{kubectl_kustomize.md => kubectl_kustomize/_index.md} (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_label.md => kubectl_label/_index.md} (89%) rename content/en/docs/reference/kubectl/generated/{kubectl_logs.md => kubectl_logs/_index.md} (88%) delete mode 100644 content/en/docs/reference/kubectl/generated/kubectl_options.md rename content/en/docs/reference/kubectl/generated/{kubectl_alpha_auth_whoami.md => kubectl_options/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{kubectl_patch.md => kubectl_patch/_index.md} (88%) rename content/en/docs/reference/kubectl/generated/{kubectl_plugin.md => kubectl_plugin/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_plugin}/kubectl_plugin_list.md (83%) rename content/en/docs/reference/kubectl/generated/{kubectl_port-forward.md => kubectl_port-forward/_index.md} (85%) rename content/en/docs/reference/kubectl/generated/{kubectl_proxy.md => kubectl_proxy/_index.md} (88%) rename content/en/docs/reference/kubectl/generated/{kubectl_replace.md => kubectl_replace/_index.md} (89%) rename content/en/docs/reference/kubectl/generated/{kubectl_rollout.md => kubectl_rollout/_index.md} (84%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_rollout}/kubectl_rollout_history.md (86%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_rollout}/kubectl_rollout_pause.md (86%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_rollout}/kubectl_rollout_restart.md (85%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_rollout}/kubectl_rollout_resume.md (86%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_rollout}/kubectl_rollout_status.md (86%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_rollout}/kubectl_rollout_undo.md (87%) rename content/en/docs/reference/kubectl/generated/{kubectl_run.md => kubectl_run/_index.md} (90%) rename content/en/docs/reference/kubectl/generated/{kubectl_scale.md => kubectl_scale/_index.md} (88%) rename content/en/docs/reference/kubectl/generated/{kubectl_set.md => kubectl_set/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_set}/kubectl_set_env.md (90%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_set}/kubectl_set_image.md (88%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_set}/kubectl_set_resources.md (89%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_set}/kubectl_set_selector.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_set}/kubectl_set_serviceaccount.md (87%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_set}/kubectl_set_subject.md (88%) rename content/en/docs/reference/kubectl/generated/{kubectl_taint.md => kubectl_taint/_index.md} (88%) rename content/en/docs/reference/kubectl/generated/{kubectl_top.md => kubectl_top/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_top}/kubectl_top_node.md (85%) rename content/en/docs/reference/kubectl/generated/{ => kubectl_top}/kubectl_top_pod.md (86%) rename content/en/docs/reference/kubectl/generated/{kubectl_uncordon.md => kubectl_uncordon/_index.md} (84%) rename content/en/docs/reference/kubectl/generated/{kubectl_version.md => kubectl_version/_index.md} (83%) rename content/en/docs/reference/kubectl/generated/{kubectl_wait.md => kubectl_wait/_index.md} (87%) diff --git a/content/en/docs/reference/kubectl/generated/kubectl.md b/content/en/docs/reference/kubectl/generated/kubectl.md index 750e9c196ac24..2a34e7fa4fa34 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl.md +++ b/content/en/docs/reference/kubectl/generated/kubectl.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -213,6 +213,55 @@ kubectl [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -262,47 +311,47 @@ kubectl [flags] ## {{% heading "seealso" %}} -* [kubectl annotate](kubectl_annotate/) - Update the annotations on a resource -* [kubectl api-resources](kubectl_api-resources/) - Print the supported API resources on the server -* [kubectl api-versions](kubectl_api-versions/) - Print the supported API versions on the server, in the form of "group/version" -* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin -* [kubectl attach](kubectl_attach/) - Attach to a running container -* [kubectl auth](kubectl_auth/) - Inspect authorization -* [kubectl autoscale](kubectl_autoscale/) - Auto-scale a deployment, replica set, stateful set, or replication controller -* [kubectl certificate](kubectl_certificate/) - Modify certificate resources -* [kubectl cluster-info](kubectl_cluster-info/) - Display cluster information -* [kubectl completion](kubectl_completion/) - Output shell completion code for the specified shell (bash, zsh, fish, or powershell) -* [kubectl config](kubectl_config/) - Modify kubeconfig files -* [kubectl cordon](kubectl_cordon/) - Mark node as unschedulable -* [kubectl cp](kubectl_cp/) - Copy files and directories to and from containers -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin -* [kubectl debug](kubectl_debug/) - Create debugging sessions for troubleshooting workloads and nodes -* [kubectl delete](kubectl_delete/) - Delete resources by file names, stdin, resources and names, or by resources and label selector -* [kubectl describe](kubectl_describe/) - Show details of a specific resource or group of resources -* [kubectl diff](kubectl_diff/) - Diff the live version against a would-be applied version -* [kubectl drain](kubectl_drain/) - Drain node in preparation for maintenance -* [kubectl edit](kubectl_edit/) - Edit a resource on the server -* [kubectl events](kubectl_events/) - List events -* [kubectl exec](kubectl_exec/) - Execute a command in a container -* [kubectl explain](kubectl_explain/) - Get documentation for a resource -* [kubectl expose](kubectl_expose/) - Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service -* [kubectl get](kubectl_get/) - Display one or many resources -* [kubectl kustomize](kubectl_kustomize/) - Build a kustomization target from a directory or URL -* [kubectl label](kubectl_label/) - Update the labels on a resource -* [kubectl logs](kubectl_logs/) - Print the logs for a container in a pod -* [kubectl options](kubectl_options/) - Print the list of flags inherited by all commands -* [kubectl patch](kubectl_patch/) - Update fields of a resource -* [kubectl plugin](kubectl_plugin/) - Provides utilities for interacting with plugins -* [kubectl port-forward](kubectl_port-forward/) - Forward one or more local ports to a pod -* [kubectl proxy](kubectl_proxy/) - Run a proxy to the Kubernetes API server -* [kubectl replace](kubectl_replace/) - Replace a resource by file name or stdin -* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource -* [kubectl run](kubectl_run/) - Run a particular image on the cluster -* [kubectl scale](kubectl_scale/) - Set a new size for a deployment, replica set, or replication controller -* [kubectl set](kubectl_set/) - Set specific features on objects -* [kubectl taint](kubectl_taint/) - Update the taints on one or more nodes -* [kubectl top](kubectl_top/) - Display resource (CPU/memory) usage -* [kubectl uncordon](kubectl_uncordon/) - Mark node as schedulable -* [kubectl version](kubectl_version/) - Print the client and server version information -* [kubectl wait](kubectl_wait/) - Experimental: Wait for a specific condition on one or many resources +* [kubectl annotate](../kubectl_annotate/) - Update the annotations on a resource +* [kubectl api-resources](../kubectl_api-resources/) - Print the supported API resources on the server +* [kubectl api-versions](../kubectl_api-versions/) - Print the supported API versions on the server, in the form of "group/version" +* [kubectl apply](../kubectl_apply/) - Apply a configuration to a resource by file name or stdin +* [kubectl attach](../kubectl_attach/) - Attach to a running container +* [kubectl auth](../kubectl_auth/) - Inspect authorization +* [kubectl autoscale](../kubectl_autoscale/) - Auto-scale a deployment, replica set, stateful set, or replication controller +* [kubectl certificate](../kubectl_certificate/) - Modify certificate resources +* [kubectl cluster-info](../kubectl_cluster-info/) - Display cluster information +* [kubectl completion](../kubectl_completion/) - Output shell completion code for the specified shell (bash, zsh, fish, or powershell) +* [kubectl config](../kubectl_config/) - Modify kubeconfig files +* [kubectl cordon](../kubectl_cordon/) - Mark node as unschedulable +* [kubectl cp](../kubectl_cp/) - Copy files and directories to and from containers +* [kubectl create](../kubectl_create/) - Create a resource from a file or from stdin +* [kubectl debug](../kubectl_debug/) - Create debugging sessions for troubleshooting workloads and nodes +* [kubectl delete](../kubectl_delete/) - Delete resources by file names, stdin, resources and names, or by resources and label selector +* [kubectl describe](../kubectl_describe/) - Show details of a specific resource or group of resources +* [kubectl diff](../kubectl_diff/) - Diff the live version against a would-be applied version +* [kubectl drain](../kubectl_drain/) - Drain node in preparation for maintenance +* [kubectl edit](../kubectl_edit/) - Edit a resource on the server +* [kubectl events](../kubectl_events/) - List events +* [kubectl exec](../kubectl_exec/) - Execute a command in a container +* [kubectl explain](../kubectl_explain/) - Get documentation for a resource +* [kubectl expose](../kubectl_expose/) - Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service +* [kubectl get](../kubectl_get/) - Display one or many resources +* [kubectl kustomize](../kubectl_kustomize/) - Build a kustomization target from a directory or URL +* [kubectl label](../kubectl_label/) - Update the labels on a resource +* [kubectl logs](../kubectl_logs/) - Print the logs for a container in a pod +* [kubectl options](../kubectl_options/) - Print the list of flags inherited by all commands +* [kubectl patch](../kubectl_patch/) - Update fields of a resource +* [kubectl plugin](../kubectl_plugin/) - Provides utilities for interacting with plugins +* [kubectl port-forward](../kubectl_port-forward/) - Forward one or more local ports to a pod +* [kubectl proxy](../kubectl_proxy/) - Run a proxy to the Kubernetes API server +* [kubectl replace](../kubectl_replace/) - Replace a resource by file name or stdin +* [kubectl rollout](../kubectl_rollout/) - Manage the rollout of a resource +* [kubectl run](../kubectl_run/) - Run a particular image on the cluster +* [kubectl scale](../kubectl_scale/) - Set a new size for a deployment, replica set, or replication controller +* [kubectl set](../kubectl_set/) - Set specific features on objects +* [kubectl taint](../kubectl_taint/) - Update the taints on one or more nodes +* [kubectl top](../kubectl_top/) - Display resource (CPU/memory) usage +* [kubectl uncordon](../kubectl_uncordon/) - Mark node as schedulable +* [kubectl version](../kubectl_version/) - Print the client and server version information +* [kubectl wait](../kubectl_wait/) - Experimental: Wait for a specific condition on one or many resources diff --git a/content/en/docs/reference/kubectl/generated/kubectl_alpha.md b/content/en/docs/reference/kubectl/generated/kubectl_alpha.md deleted file mode 100644 index bf42148a97cfb..0000000000000 --- a/content/en/docs/reference/kubectl/generated/kubectl_alpha.md +++ /dev/null @@ -1,275 +0,0 @@ ---- -title: kubectl alpha -content_type: tool-reference -weight: 30 -auto_generated: true ---- - - - - - -## {{% heading "synopsis" %}} - - -These commands correspond to alpha features that are not enabled in Kubernetes clusters by default. - -## {{% heading "options" %}} - - ---- - - - - - - - - - - -
    -h, --help

    help for alpha

    - - - -## {{% heading "parentoptions" %}} - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    --as string

    Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

    --as-group strings

    Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

    --as-uid string

    UID to impersonate for the operation.

    --azure-container-registry-config string

    Path to the file containing Azure container registry configuration information.

    --cache-dir string     Default: "$HOME/.kube/cache"

    Default cache directory

    --certificate-authority string

    Path to a cert file for the certificate authority

    --client-certificate string

    Path to a client certificate file for TLS

    --client-key string

    Path to a client key file for TLS

    --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

    CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

    --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

    CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

    --cluster string

    The name of the kubeconfig cluster to use

    --context string

    The name of the kubeconfig context to use

    --default-not-ready-toleration-seconds int     Default: 300

    Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

    --default-unreachable-toleration-seconds int     Default: 300

    Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

    --disable-compression

    If true, opt-out of response compression for all requests to the server

    --insecure-skip-tls-verify

    If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

    --kubeconfig string

    Path to the kubeconfig file to use for CLI requests.

    --match-server-version

    Require server version to match client version

    -n, --namespace string

    If present, the namespace scope for this CLI request

    --password string

    Password for basic authentication to the API server

    --profile string     Default: "none"

    Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

    --profile-output string     Default: "profile.pprof"

    Name of the file to write the profile to

    --request-timeout string     Default: "0"

    The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

    -s, --server string

    The address and port of the Kubernetes API server

    --tls-server-name string

    Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

    --token string

    Bearer token for authentication to the API server

    --user string

    The name of the kubeconfig user to use

    --username string

    Username for basic authentication to the API server

    --version version[=true]

    Print version information and quit

    --warnings-as-errors

    Treat warnings received from the server as errors and exit with a non-zero exit code

    - - - -## {{% heading "seealso" %}} - -* [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -* [kubectl alpha auth](kubectl_alpha_auth.md) - Inspect authorization - diff --git a/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md b/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md deleted file mode 100644 index 0a2454243c3a8..0000000000000 --- a/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth.md +++ /dev/null @@ -1,279 +0,0 @@ ---- -title: kubectl alpha auth -content_type: tool-reference -weight: 30 -auto_generated: true ---- - - - - - -## {{% heading "synopsis" %}} - - -Inspect authorization - -``` -kubectl alpha auth [flags] -``` - -## {{% heading "options" %}} - - ---- - - - - - - - - - - -
    -h, --help

    help for auth

    - - - -## {{% heading "parentoptions" %}} - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    --as string

    Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

    --as-group strings

    Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

    --as-uid string

    UID to impersonate for the operation.

    --azure-container-registry-config string

    Path to the file containing Azure container registry configuration information.

    --cache-dir string     Default: "$HOME/.kube/cache"

    Default cache directory

    --certificate-authority string

    Path to a cert file for the certificate authority

    --client-certificate string

    Path to a client certificate file for TLS

    --client-key string

    Path to a client key file for TLS

    --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

    CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

    --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

    CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

    --cluster string

    The name of the kubeconfig cluster to use

    --context string

    The name of the kubeconfig context to use

    --default-not-ready-toleration-seconds int     Default: 300

    Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

    --default-unreachable-toleration-seconds int     Default: 300

    Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

    --disable-compression

    If true, opt-out of response compression for all requests to the server

    --insecure-skip-tls-verify

    If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

    --kubeconfig string

    Path to the kubeconfig file to use for CLI requests.

    --match-server-version

    Require server version to match client version

    -n, --namespace string

    If present, the namespace scope for this CLI request

    --password string

    Password for basic authentication to the API server

    --profile string     Default: "none"

    Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

    --profile-output string     Default: "profile.pprof"

    Name of the file to write the profile to

    --request-timeout string     Default: "0"

    The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

    -s, --server string

    The address and port of the Kubernetes API server

    --tls-server-name string

    Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

    --token string

    Bearer token for authentication to the API server

    --user string

    The name of the kubeconfig user to use

    --username string

    Username for basic authentication to the API server

    --version version[=true]

    Print version information and quit

    --warnings-as-errors

    Treat warnings received from the server as errors and exit with a non-zero exit code

    - - - -## {{% heading "seealso" %}} - -* [kubectl alpha](kubectl_alpha.md) - Commands for features in alpha -* [kubectl alpha auth whoami](kubectl_alpha_auth_whoami.md) - Experimental: Check self subject attributes - diff --git a/content/en/docs/reference/kubectl/generated/kubectl_annotate.md b/content/en/docs/reference/kubectl/generated/kubectl_annotate/_index.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_annotate.md rename to content/en/docs/reference/kubectl/generated/kubectl_annotate/_index.md index 10e18cd274182..611b30178b336 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_annotate.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_annotate/_index.md @@ -3,6 +3,7 @@ title: kubectl annotate content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -374,6 +375,55 @@ kubectl annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=V

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -423,5 +473,5 @@ kubectl annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=V ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_api-resources.md b/content/en/docs/reference/kubectl/generated/kubectl_api-resources/_index.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_api-resources.md rename to content/en/docs/reference/kubectl/generated/kubectl_api-resources/_index.md index 7c54f4d0f1fbe..7457dc8d34b5f 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_api-resources.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_api-resources/_index.md @@ -3,6 +3,7 @@ title: kubectl api-resources content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -303,6 +304,55 @@ kubectl api-resources [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -352,5 +402,5 @@ kubectl api-resources [flags] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_api-versions.md b/content/en/docs/reference/kubectl/generated/kubectl_api-versions/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_api-versions.md rename to content/en/docs/reference/kubectl/generated/kubectl_api-versions/_index.md index 6439051732f82..3c63eb25052bb 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_api-versions.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_api-versions/_index.md @@ -3,6 +3,7 @@ title: kubectl api-versions content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +233,55 @@ kubectl api-versions

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +331,5 @@ kubectl api-versions ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply.md b/content/en/docs/reference/kubectl/generated/kubectl_apply/_index.md similarity index 90% rename from content/en/docs/reference/kubectl/generated/kubectl_apply.md rename to content/en/docs/reference/kubectl/generated/kubectl_apply/_index.md index a7ea7ab281f7d..15587371c62b9 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_apply.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply/_index.md @@ -3,6 +3,7 @@ title: kubectl apply content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -413,6 +414,55 @@ kubectl apply (-f FILENAME | -k DIRECTORY)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -462,7 +512,7 @@ kubectl apply (-f FILENAME | -k DIRECTORY) ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl apply edit-last-applied](kubectl_apply_edit-last-applied/) - Edit latest last-applied-configuration annotations of a resource/object * [kubectl apply set-last-applied](kubectl_apply_set-last-applied/) - Set the last-applied-configuration annotation on a live object to match the contents of a file * [kubectl apply view-last-applied](kubectl_apply_view-last-applied/) - View the latest last-applied-configuration annotations of a resource/object diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply_edit-last-applied.md b/content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_edit-last-applied.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_apply_edit-last-applied.md rename to content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_edit-last-applied.md index 0a1c2c218e98d..2e12d98d0f5a9 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_apply_edit-last-applied.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_edit-last-applied.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -313,6 +313,55 @@ kubectl apply edit-last-applied (RESOURCE/NAME | -f FILENAME)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -362,5 +411,5 @@ kubectl apply edit-last-applied (RESOURCE/NAME | -f FILENAME) ## {{% heading "seealso" %}} -* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin +* [kubectl apply](../) - Apply a configuration to a resource by file name or stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply_set-last-applied.md b/content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_set-last-applied.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_apply_set-last-applied.md rename to content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_set-last-applied.md index 5129c8d58f0d2..6dc2da4e29494 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_apply_set-last-applied.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_set-last-applied.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -287,6 +287,55 @@ kubectl apply set-last-applied -f FILENAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -336,5 +385,5 @@ kubectl apply set-last-applied -f FILENAME ## {{% heading "seealso" %}} -* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin +* [kubectl apply](../) - Apply a configuration to a resource by file name or stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_apply_view-last-applied.md b/content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_view-last-applied.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_apply_view-last-applied.md rename to content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_view-last-applied.md index b4b1435739387..c3a138d68c53c 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_apply_view-last-applied.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_apply/kubectl_apply_view-last-applied.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -279,6 +279,55 @@ kubectl apply view-last-applied (TYPE [NAME | -l label] | TYPE/NAME | -f FILENAM

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -328,5 +377,5 @@ kubectl apply view-last-applied (TYPE [NAME | -l label] | TYPE/NAME | -f FILENAM ## {{% heading "seealso" %}} -* [kubectl apply](kubectl_apply/) - Apply a configuration to a resource by file name or stdin +* [kubectl apply](../) - Apply a configuration to a resource by file name or stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_attach.md b/content/en/docs/reference/kubectl/generated/kubectl_attach/_index.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_attach.md rename to content/en/docs/reference/kubectl/generated/kubectl_attach/_index.md index 69e88e550cd8c..de53451202a34 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_attach.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_attach/_index.md @@ -3,6 +3,7 @@ title: kubectl attach content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -278,6 +279,55 @@ kubectl attach (POD | TYPE/NAME) -c CONTAINER

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -327,5 +377,5 @@ kubectl attach (POD | TYPE/NAME) -c CONTAINER ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth.md b/content/en/docs/reference/kubectl/generated/kubectl_auth/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_auth.md rename to content/en/docs/reference/kubectl/generated/kubectl_auth/_index.md index 5005a7812eb7e..0885909fd4408 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_auth.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth/_index.md @@ -3,6 +3,7 @@ title: kubectl auth content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -225,6 +226,55 @@ kubectl auth [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -274,7 +324,7 @@ kubectl auth [flags] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl auth can-i](kubectl_auth_can-i/) - Check whether an action is allowed * [kubectl auth reconcile](kubectl_auth_reconcile/) - Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects * [kubectl auth whoami](kubectl_auth_whoami/) - Experimental: Check self subject attributes diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth_can-i.md b/content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_can-i.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_auth_can-i.md rename to content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_can-i.md index 3a8c593f7d527..283efb27d402f 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_auth_can-i.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_can-i.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -292,6 +292,55 @@ kubectl auth can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -341,5 +390,5 @@ kubectl auth can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL] ## {{% heading "seealso" %}} -* [kubectl auth](kubectl_auth/) - Inspect authorization +* [kubectl auth](../) - Inspect authorization diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth_reconcile.md b/content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_reconcile.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_auth_reconcile.md rename to content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_reconcile.md index 7ff6f02534bbf..88dc2cd8476f4 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_auth_reconcile.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_reconcile.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -310,6 +310,55 @@ kubectl auth reconcile -f FILENAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -359,5 +408,5 @@ kubectl auth reconcile -f FILENAME ## {{% heading "seealso" %}} -* [kubectl auth](kubectl_auth/) - Inspect authorization +* [kubectl auth](../) - Inspect authorization diff --git a/content/en/docs/reference/kubectl/generated/kubectl_auth_whoami.md b/content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_whoami.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_auth_whoami.md rename to content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_whoami.md index 86aa6dc191f60..8080079a9cb15 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_auth_whoami.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_whoami.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -267,6 +267,55 @@ kubectl auth whoami

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -316,5 +365,5 @@ kubectl auth whoami ## {{% heading "seealso" %}} -* [kubectl auth](kubectl_auth/) - Inspect authorization +* [kubectl auth](../) - Inspect authorization diff --git a/content/en/docs/reference/kubectl/generated/kubectl_autoscale.md b/content/en/docs/reference/kubectl/generated/kubectl_autoscale/_index.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_autoscale.md rename to content/en/docs/reference/kubectl/generated/kubectl_autoscale/_index.md index 67ab30866ac34..1d4906cbbf851 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_autoscale.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_autoscale/_index.md @@ -3,6 +3,7 @@ title: kubectl autoscale content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -335,6 +336,55 @@ kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MA

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -384,5 +434,5 @@ kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MA ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_certificate.md b/content/en/docs/reference/kubectl/generated/kubectl_certificate/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_certificate.md rename to content/en/docs/reference/kubectl/generated/kubectl_certificate/_index.md index 67e91135c3136..7270dded9262b 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_certificate.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_certificate/_index.md @@ -3,6 +3,7 @@ title: kubectl certificate content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -225,6 +226,55 @@ kubectl certificate SUBCOMMAND

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -274,7 +324,7 @@ kubectl certificate SUBCOMMAND ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl certificate approve](kubectl_certificate_approve/) - Approve a certificate signing request * [kubectl certificate deny](kubectl_certificate_deny/) - Deny a certificate signing request diff --git a/content/en/docs/reference/kubectl/generated/kubectl_certificate_approve.md b/content/en/docs/reference/kubectl/generated/kubectl_certificate/kubectl_certificate_approve.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_certificate_approve.md rename to content/en/docs/reference/kubectl/generated/kubectl_certificate/kubectl_certificate_approve.md index 9504d5b459d15..628a001aba272 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_certificate_approve.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_certificate/kubectl_certificate_approve.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -292,6 +292,55 @@ kubectl certificate approve (-f FILENAME | NAME)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -341,5 +390,5 @@ kubectl certificate approve (-f FILENAME | NAME) ## {{% heading "seealso" %}} -* [kubectl certificate](kubectl_certificate/) - Modify certificate resources +* [kubectl certificate](../) - Modify certificate resources diff --git a/content/en/docs/reference/kubectl/generated/kubectl_certificate_deny.md b/content/en/docs/reference/kubectl/generated/kubectl_certificate/kubectl_certificate_deny.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_certificate_deny.md rename to content/en/docs/reference/kubectl/generated/kubectl_certificate/kubectl_certificate_deny.md index fc3d80ec9a78a..a119682f851df 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_certificate_deny.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_certificate/kubectl_certificate_deny.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -290,6 +290,55 @@ kubectl certificate deny (-f FILENAME | NAME)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -339,5 +388,5 @@ kubectl certificate deny (-f FILENAME | NAME) ## {{% heading "seealso" %}} -* [kubectl certificate](kubectl_certificate/) - Modify certificate resources +* [kubectl certificate](../) - Modify certificate resources diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cluster-info.md b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_cluster-info.md rename to content/en/docs/reference/kubectl/generated/kubectl_cluster-info/_index.md index bab1fb38bef67..acc42af2f9cdc 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_cluster-info.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info/_index.md @@ -3,6 +3,7 @@ title: kubectl cluster-info content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +233,55 @@ kubectl cluster-info [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,6 +331,6 @@ kubectl cluster-info [flags] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl cluster-info dump](kubectl_cluster-info_dump/) - Dump relevant information for debugging and diagnosis diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cluster-info_dump.md b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info/kubectl_cluster-info_dump.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_cluster-info_dump.md rename to content/en/docs/reference/kubectl/generated/kubectl_cluster-info/kubectl_cluster-info_dump.md index a52feb97ef141..3b680b06d9bbc 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_cluster-info_dump.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_cluster-info/kubectl_cluster-info_dump.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -299,6 +299,55 @@ kubectl cluster-info dump [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -348,5 +397,5 @@ kubectl cluster-info dump [flags] ## {{% heading "seealso" %}} -* [kubectl cluster-info](kubectl_cluster-info/) - Display cluster information +* [kubectl cluster-info](../) - Display cluster information diff --git a/content/en/docs/reference/kubectl/generated/kubectl_completion.md b/content/en/docs/reference/kubectl/generated/kubectl_completion/_index.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_completion.md rename to content/en/docs/reference/kubectl/generated/kubectl_completion/_index.md index 4b41b4ea79a35..82b20219a75f7 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_completion.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_completion/_index.md @@ -3,6 +3,7 @@ title: kubectl completion content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -289,6 +290,55 @@ kubectl completion SHELL

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -338,5 +388,5 @@ kubectl completion SHELL ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config.md b/content/en/docs/reference/kubectl/generated/kubectl_config/_index.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_config.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/_index.md index 51da8e137e93f..c4976676426b5 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/_index.md @@ -3,6 +3,7 @@ title: kubectl config content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -231,6 +232,55 @@ kubectl config SUBCOMMAND

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -280,7 +330,7 @@ kubectl config SUBCOMMAND ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl config current-context](kubectl_config_current-context/) - Display the current-context * [kubectl config delete-cluster](kubectl_config_delete-cluster/) - Delete the specified cluster from the kubeconfig * [kubectl config delete-context](kubectl_config_delete-context/) - Delete the specified context from the kubeconfig diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_current-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_current-context.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_current-context.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_current-context.md index 2336af7b97062..b095a52cfaa39 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_current-context.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_current-context.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +232,55 @@ kubectl config current-context [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +330,5 @@ kubectl config current-context [flags] ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-cluster.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-cluster.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_delete-cluster.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-cluster.md index 1c9cfd8d834ae..343865f278a4e 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-cluster.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-cluster.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +232,55 @@ kubectl config delete-cluster NAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +330,5 @@ kubectl config delete-cluster NAME ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-context.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_delete-context.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-context.md index 72a6d95420580..0743778a8ecdc 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-context.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-context.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +232,55 @@ kubectl config delete-context NAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +330,5 @@ kubectl config delete-context NAME ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-user.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-user.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_delete-user.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-user.md index c547bec6930af..22e2d3adc49ce 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_delete-user.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_delete-user.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +232,55 @@ kubectl config delete-user NAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +330,5 @@ kubectl config delete-user NAME ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_get-clusters.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-clusters.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_get-clusters.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-clusters.md index 0e2a2bad87ee6..ba61e2fdabbf8 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_get-clusters.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-clusters.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +232,55 @@ kubectl config get-clusters [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +330,5 @@ kubectl config get-clusters [flags] ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_get-contexts.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-contexts.md similarity index 84% rename from content/en/docs/reference/kubectl/generated/kubectl_config_get-contexts.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-contexts.md index c24c214119a15..2019c2860aa8d 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_get-contexts.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-contexts.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -249,6 +249,55 @@ kubectl config get-contexts [(-o|--output=)name)]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -298,5 +347,5 @@ kubectl config get-contexts [(-o|--output=)name)] ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_get-users.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-users.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_get-users.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-users.md index c6ab84a973060..d6682c5a41f7a 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_get-users.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_get-users.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +232,55 @@ kubectl config get-users [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +330,5 @@ kubectl config get-users [flags] ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_rename-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_rename-context.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_rename-context.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_rename-context.md index 9105edc9a7b5e..3bf5c5125911b 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_rename-context.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_rename-context.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -238,6 +238,55 @@ kubectl config rename-context CONTEXT_NAME NEW_NAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -287,5 +336,5 @@ kubectl config rename-context CONTEXT_NAME NEW_NAME ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set-cluster.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-cluster.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_config_set-cluster.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-cluster.md index c571af3e0504f..c2d3205bf9b63 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_set-cluster.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-cluster.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -267,6 +267,55 @@ kubectl config set-cluster NAME [--server=server] [--certificate-authority=path/

    The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --token string @@ -309,5 +358,5 @@ kubectl config set-cluster NAME [--server=server] [--certificate-authority=path/ ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-context.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_set-context.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-context.md index c7230cc5e15d9..3085248376b57 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_set-context.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-context.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -248,6 +248,55 @@ kubectl config set-context [NAME | --current] [--cluster=cluster_nickname] [--us

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -290,5 +339,5 @@ kubectl config set-context [NAME | --current] [--cluster=cluster_nickname] [--us ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set-credentials.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-credentials.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_config_set-credentials.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-credentials.md index 70084103258b1..330bbfd65617c 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_set-credentials.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-credentials.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -336,6 +336,55 @@ kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--c

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -371,5 +420,5 @@ kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--c ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_set.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_config_set.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set.md index cad2af88547a7..895a27d126ebc 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_set.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -254,6 +254,55 @@ kubectl config set PROPERTY_NAME PROPERTY_VALUE

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -303,5 +352,5 @@ kubectl config set PROPERTY_NAME PROPERTY_VALUE ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_unset.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_unset.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_unset.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_unset.md index ee2bc74113b09..7fdc0f4fb58aa 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_unset.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_unset.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -237,6 +237,55 @@ kubectl config unset PROPERTY_NAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -286,5 +335,5 @@ kubectl config unset PROPERTY_NAME ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_use-context.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_use-context.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_config_use-context.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_use-context.md index acc619752b7e3..7e194a0a6348b 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_use-context.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_use-context.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -232,6 +232,55 @@ kubectl config use-context CONTEXT_NAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -281,5 +330,5 @@ kubectl config use-context CONTEXT_NAME ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_config_view.md b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_view.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_config_view.md rename to content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_view.md index 158e6b8f818fe..e9f2cc9e0bd48 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_config_view.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_config/kubectl_config_view.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -296,6 +296,55 @@ kubectl config view [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -345,5 +394,5 @@ kubectl config view [flags] ## {{% heading "seealso" %}} -* [kubectl config](kubectl_config/) - Modify kubeconfig files +* [kubectl config](../) - Modify kubeconfig files diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cordon.md b/content/en/docs/reference/kubectl/generated/kubectl_cordon/_index.md similarity index 84% rename from content/en/docs/reference/kubectl/generated/kubectl_cordon.md rename to content/en/docs/reference/kubectl/generated/kubectl_cordon/_index.md index 55c06a3bead94..f973b3727c5eb 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_cordon.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_cordon/_index.md @@ -3,6 +3,7 @@ title: kubectl cordon content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -246,6 +247,55 @@ kubectl cordon NODE

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -295,5 +345,5 @@ kubectl cordon NODE ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_cp.md b/content/en/docs/reference/kubectl/generated/kubectl_cp/_index.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_cp.md rename to content/en/docs/reference/kubectl/generated/kubectl_cp/_index.md index d446964bb1297..c9a8b908d3782 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_cp.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_cp/_index.md @@ -3,6 +3,7 @@ title: kubectl cp content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -275,6 +276,55 @@ kubectl cp

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -324,5 +374,5 @@ kubectl cp ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create.md b/content/en/docs/reference/kubectl/generated/kubectl_create/_index.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_create.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/_index.md index 1249eb73b8976..6fd9e8a1627eb 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/_index.md @@ -3,6 +3,7 @@ title: kubectl create content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -345,6 +346,55 @@ kubectl create -f FILENAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -394,7 +444,7 @@ kubectl create -f FILENAME ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl create clusterrole](kubectl_create_clusterrole/) - Create a cluster role * [kubectl create clusterrolebinding](kubectl_create_clusterrolebinding/) - Create a cluster role binding for a particular cluster role * [kubectl create configmap](kubectl_create_configmap/) - Create a config map from a local file, directory or literal value diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrole.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrole.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_create_clusterrole.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrole.md index 2bc7d8bb98733..53261d91eda23 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrole.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrole.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -338,6 +338,55 @@ kubectl create clusterrole NAME --verb=verb --resource=resource.group [--resourc

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -387,5 +436,5 @@ kubectl create clusterrole NAME --verb=verb --resource=resource.group [--resourc ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrolebinding.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrolebinding.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_create_clusterrolebinding.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrolebinding.md index 15044a8b1a01e..c2840acf411ed 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_clusterrolebinding.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrolebinding.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -316,6 +316,55 @@ kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--g

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -358,5 +407,5 @@ kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--g ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_configmap.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_configmap.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_create_configmap.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_configmap.md index 2070e69f938d1..94916db2e85df 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_configmap.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_configmap.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -334,6 +334,55 @@ kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=va

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -383,5 +432,5 @@ kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=va ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_cronjob.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_cronjob.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_cronjob.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_cronjob.md index c823310aee962..489499e81c92e 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_cronjob.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_cronjob.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -312,6 +312,55 @@ kubectl create cronjob NAME --image=image --schedule='0/5 * * * ?' -- [COMMAND]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -361,5 +410,5 @@ kubectl create cronjob NAME --image=image --schedule='0/5 * * * ?' -- [COMMAND] ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_deployment.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_deployment.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_create_deployment.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_deployment.md index 178c8cfb9602c..b0171a66419be 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_deployment.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_deployment.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -318,6 +318,55 @@ kubectl create deployment NAME --image=image -- [COMMAND] [args...]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -367,5 +416,5 @@ kubectl create deployment NAME --image=image -- [COMMAND] [args...] ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_ingress.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_ingress.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_create_ingress.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_ingress.md index c93c22468e989..d5e807c152cf3 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_ingress.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_ingress.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -349,6 +349,55 @@ kubectl create ingress NAME --rule=host/path=service:port[,tls[=secret]]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -398,5 +447,5 @@ kubectl create ingress NAME --rule=host/path=service:port[,tls[=secret]] ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_job.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_job.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_job.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_job.md index 684f378bf2a34..f482be5e55123 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_job.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_job.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -308,6 +308,55 @@ kubectl create job NAME --image=image [--from=cronjob/name] -- [COMMAND] [args..

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -357,5 +406,5 @@ kubectl create job NAME --image=image [--from=cronjob/name] -- [COMMAND] [args.. ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_namespace.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_namespace.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_namespace.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_namespace.md index b1a703d59aca7..eb3262ddfde7f 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_namespace.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_namespace.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -288,6 +288,55 @@ kubectl create namespace NAME [--dry-run=server|client|none]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -337,5 +386,5 @@ kubectl create namespace NAME [--dry-run=server|client|none] ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_poddisruptionbudget.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_poddisruptionbudget.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_create_poddisruptionbudget.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_poddisruptionbudget.md index 81174a8271d63..aac007bc876ff 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_poddisruptionbudget.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_poddisruptionbudget.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -314,6 +314,55 @@ kubectl create poddisruptionbudget NAME --selector=SELECTOR --min-available=N [-

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -363,5 +412,5 @@ kubectl create poddisruptionbudget NAME --selector=SELECTOR --min-available=N [- ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_priorityclass.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_priorityclass.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_create_priorityclass.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_priorityclass.md index db01798857ce9..a953b44eef9a2 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_priorityclass.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_priorityclass.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -322,6 +322,55 @@ kubectl create priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -371,5 +420,5 @@ kubectl create priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_quota.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_quota.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_quota.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_quota.md index d323b752d81a6..15f59f82b3a28 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_quota.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_quota.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -305,6 +305,55 @@ kubectl create quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scop

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -354,5 +403,5 @@ kubectl create quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scop ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_role.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_role.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_create_role.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_role.md index 2b30ec5267dc5..43fcfccaa5ebb 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_role.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_role.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -318,6 +318,55 @@ kubectl create role NAME --verb=verb --resource=resource.group/subresource [--re

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -367,5 +416,5 @@ kubectl create role NAME --verb=verb --resource=resource.group/subresource [--re ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_rolebinding.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_rolebinding.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_create_rolebinding.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_rolebinding.md index 01901d3865687..6e52b10d83770 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_rolebinding.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_rolebinding.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -326,6 +326,55 @@ kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -368,5 +417,5 @@ kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret.md similarity index 80% rename from content/en/docs/reference/kubectl/generated/kubectl_create_secret.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret.md index 52996ade05238..2fadccd843be2 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_secret.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -231,6 +231,55 @@ kubectl create secret (docker-registry | generic | tls)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -280,8 +329,8 @@ kubectl create secret (docker-registry | generic | tls) ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin -* [kubectl create secret docker-registry](kubectl_create_secret_docker-registry/) - Create a secret for use with a Docker registry -* [kubectl create secret generic](kubectl_create_secret_generic/) - Create a secret from a local file, directory, or literal value -* [kubectl create secret tls](kubectl_create_secret_tls/) - Create a TLS secret +* [kubectl create](../) - Create a resource from a file or from stdin +* [kubectl create secret docker-registry](../kubectl_create_secret_docker-registry/) - Create a secret for use with a Docker registry +* [kubectl create secret generic](../kubectl_create_secret_generic/) - Create a secret from a local file, directory, or literal value +* [kubectl create secret tls](../kubectl_create_secret_tls/) - Create a TLS secret diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_docker-registry.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_docker-registry.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_create_secret_docker-registry.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_docker-registry.md index 822b641a68bc3..2bc16aff5cf37 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_docker-registry.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_docker-registry.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -344,6 +344,55 @@ kubectl create secret docker-registry NAME --docker-username=user --docker-passw

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -393,5 +442,5 @@ kubectl create secret docker-registry NAME --docker-username=user --docker-passw ## {{% heading "seealso" %}} -* [kubectl create secret](kubectl_create_secret/) - Create a secret using a specified subcommand +* [kubectl create secret](../) - Create a secret using a specified subcommand diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_generic.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_generic.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_create_secret_generic.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_generic.md index d619e3e12acf7..1bc568a77f575 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_generic.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_generic.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -341,6 +341,55 @@ kubectl create secret generic NAME [--type=string] [--from-file=[key=]source] [-

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -390,5 +439,5 @@ kubectl create secret generic NAME [--type=string] [--from-file=[key=]source] [- ## {{% heading "seealso" %}} -* [kubectl create secret](kubectl_create_secret/) - Create a secret using a specified subcommand +* [kubectl create secret](../) - Create a secret using a specified subcommand diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_tls.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_secret_tls.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls.md index f06b8f6df12b3..10d582d9e2909 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_secret_tls.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -311,6 +311,55 @@ kubectl create secret tls NAME --cert=path/to/cert/file --key=path/to/key/file [

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -360,5 +409,5 @@ kubectl create secret tls NAME --cert=path/to/cert/file --key=path/to/key/file [ ## {{% heading "seealso" %}} -* [kubectl create secret](kubectl_create_secret/) - Create a secret using a specified subcommand +* [kubectl create secret](../) - Create a secret using a specified subcommand diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service.md similarity index 79% rename from content/en/docs/reference/kubectl/generated/kubectl_create_service.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service.md index 3635b026f29ac..31bc14b9b8a05 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_service.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -225,6 +225,55 @@ kubectl create service [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -274,9 +323,9 @@ kubectl create service [flags] ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin -* [kubectl create service clusterip](kubectl_create_service_clusterip/) - Create a ClusterIP service -* [kubectl create service externalname](kubectl_create_service_externalname/) - Create an ExternalName service -* [kubectl create service loadbalancer](kubectl_create_service_loadbalancer/) - Create a LoadBalancer service -* [kubectl create service nodeport](kubectl_create_service_nodeport/) - Create a NodePort service +* [kubectl create](../) - Create a resource from a file or from stdin +* [kubectl create service clusterip](../kubectl_create_service_clusterip/) - Create a ClusterIP service +* [kubectl create service externalname](../kubectl_create_service_externalname/) - Create an ExternalName service +* [kubectl create service loadbalancer](../kubectl_create_service_loadbalancer/) - Create a LoadBalancer service +* [kubectl create service nodeport](../kubectl_create_service_nodeport/) - Create a NodePort service diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_clusterip.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_clusterip.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_service_clusterip.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_clusterip.md index 5e362b9e25b63..df28894007972 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_service_clusterip.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_clusterip.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -305,6 +305,55 @@ kubectl create service clusterip NAME [--tcp=:] [--dry-run=ser

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -354,5 +403,5 @@ kubectl create service clusterip NAME [--tcp=:] [--dry-run=ser ## {{% heading "seealso" %}} -* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand +* [kubectl create service](../) - Create a service using a specified subcommand diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_externalname.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_externalname.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_service_externalname.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_externalname.md index ea640b7ddb3ef..879045effcf59 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_service_externalname.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_externalname.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -304,6 +304,55 @@ kubectl create service externalname NAME --external-name external.name [--dry-ru

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -353,5 +402,5 @@ kubectl create service externalname NAME --external-name external.name [--dry-ru ## {{% heading "seealso" %}} -* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand +* [kubectl create service](../) - Create a service using a specified subcommand diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_loadbalancer.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_loadbalancer.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_service_loadbalancer.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_loadbalancer.md index 4cfe37099907a..a2e4181db2c91 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_service_loadbalancer.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_loadbalancer.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -295,6 +295,55 @@ kubectl create service loadbalancer NAME [--tcp=port:targetPort] [--dry-run=serv

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -344,5 +393,5 @@ kubectl create service loadbalancer NAME [--tcp=port:targetPort] [--dry-run=serv ## {{% heading "seealso" %}} -* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand +* [kubectl create service](../) - Create a service using a specified subcommand diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_service_nodeport.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_nodeport.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_service_nodeport.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_nodeport.md index faec01c56b4b7..c391ceaf11ecf 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_service_nodeport.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_service_nodeport.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -302,6 +302,55 @@ kubectl create service nodeport NAME [--tcp=port:targetPort] [--dry-run=server|c

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -351,5 +400,5 @@ kubectl create service nodeport NAME [--tcp=port:targetPort] [--dry-run=server|c ## {{% heading "seealso" %}} -* [kubectl create service](kubectl_create_service/) - Create a service using a specified subcommand +* [kubectl create service](../) - Create a service using a specified subcommand diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_serviceaccount.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_serviceaccount.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_create_serviceaccount.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_serviceaccount.md index 2bfdaf9b404dd..8b06bb62623d5 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_serviceaccount.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_serviceaccount.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -288,6 +288,55 @@ kubectl create serviceaccount NAME [--dry-run=server|client|none]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -337,5 +386,5 @@ kubectl create serviceaccount NAME [--dry-run=server|client|none] ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_create_token.md b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_token.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_create_token.md rename to content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_token.md index a526aff8155a9..5711599ac326f 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_create_token.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_create/kubectl_create_token.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -97,7 +97,7 @@ kubectl create token SERVICE_ACCOUNT_NAME --duration duration -

    Requested lifetime of the issued token. The server may return a token with a longer or shorter lifetime.

    +

    Requested lifetime of the issued token. If not set, the lifetime will be determined by the server automatically. The server may return a token with a longer or shorter lifetime.

    @@ -310,6 +310,55 @@ kubectl create token SERVICE_ACCOUNT_NAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -359,5 +408,5 @@ kubectl create token SERVICE_ACCOUNT_NAME ## {{% heading "seealso" %}} -* [kubectl create](kubectl_create/) - Create a resource from a file or from stdin +* [kubectl create](../) - Create a resource from a file or from stdin diff --git a/content/en/docs/reference/kubectl/generated/kubectl_debug.md b/content/en/docs/reference/kubectl/generated/kubectl_debug/_index.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_debug.md rename to content/en/docs/reference/kubectl/generated/kubectl_debug/_index.md index 0d6e15b02074d..ccb3acbaa15b2 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_debug.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_debug/_index.md @@ -3,6 +3,7 @@ title: kubectl debug content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -375,6 +376,55 @@ kubectl debug (POD | TYPE[[.VERSION].GROUP]/NAME) [ -- COMMAND [args...] ]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -424,5 +474,5 @@ kubectl debug (POD | TYPE[[.VERSION].GROUP]/NAME) [ -- COMMAND [args...] ] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_delete.md b/content/en/docs/reference/kubectl/generated/kubectl_delete/_index.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_delete.md rename to content/en/docs/reference/kubectl/generated/kubectl_delete/_index.md index ee3f0393ced33..4ba71656d1fc1 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_delete.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_delete/_index.md @@ -3,6 +3,7 @@ title: kubectl delete content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -147,6 +148,13 @@ kubectl delete ([-f FILENAME] | [-k DIRECTORY] | TYPE [(NAME | -l label | --all)

    Treat "resource not found" as a successful delete. Defaults to "true" when --all is specified.

    + +-i, --interactive + + +

    If true, delete resource only when user confirms. This flag is in Alpha.

    + + -k, --kustomize string @@ -385,6 +393,55 @@ kubectl delete ([-f FILENAME] | [-k DIRECTORY] | TYPE [(NAME | -l label | --all)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -434,5 +491,5 @@ kubectl delete ([-f FILENAME] | [-k DIRECTORY] | TYPE [(NAME | -l label | --all) ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_describe.md b/content/en/docs/reference/kubectl/generated/kubectl_describe/_index.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_describe.md rename to content/en/docs/reference/kubectl/generated/kubectl_describe/_index.md index ac5a2d0ef971f..5d63c7e9e5986 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_describe.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_describe/_index.md @@ -3,6 +3,7 @@ title: kubectl describe content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -305,6 +306,55 @@ kubectl describe (-f FILENAME | TYPE [NAME_PREFIX | -l label] | TYPE/NAME)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -354,5 +404,5 @@ kubectl describe (-f FILENAME | TYPE [NAME_PREFIX | -l label] | TYPE/NAME) ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_diff.md b/content/en/docs/reference/kubectl/generated/kubectl_diff/_index.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_diff.md rename to content/en/docs/reference/kubectl/generated/kubectl_diff/_index.md index 371f759542e53..3cce8f607c9a9 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_diff.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_diff/_index.md @@ -3,6 +3,7 @@ title: kubectl diff content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -322,6 +323,55 @@ kubectl diff -f FILENAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -371,5 +421,5 @@ kubectl diff -f FILENAME ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_drain.md b/content/en/docs/reference/kubectl/generated/kubectl_drain/_index.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_drain.md rename to content/en/docs/reference/kubectl/generated/kubectl_drain/_index.md index c9e734fe9ddde..f871858a38af7 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_drain.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_drain/_index.md @@ -3,6 +3,7 @@ title: kubectl drain content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -320,6 +321,55 @@ kubectl drain NODE

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -369,5 +419,5 @@ kubectl drain NODE ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_edit.md b/content/en/docs/reference/kubectl/generated/kubectl_edit/_index.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_edit.md rename to content/en/docs/reference/kubectl/generated/kubectl_edit/_index.md index fa53f1a94bc3d..9e66d63ed4f95 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_edit.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_edit/_index.md @@ -3,6 +3,7 @@ title: kubectl edit content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -347,6 +348,55 @@ kubectl edit (RESOURCE/NAME | -f FILENAME)

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -396,5 +446,5 @@ kubectl edit (RESOURCE/NAME | -f FILENAME) ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_events.md b/content/en/docs/reference/kubectl/generated/kubectl_events/_index.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_events.md rename to content/en/docs/reference/kubectl/generated/kubectl_events/_index.md index 3bd84dd561d42..878ce52141465 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_events.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_events/_index.md @@ -3,6 +3,7 @@ title: kubectl events content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -26,7 +27,7 @@ Display events. Prints a table of the most important information about events. You can request events for a namespace, for all namespace, or filtered to only those pertaining to a specified resource. ``` -kubectl events [(-o|--output=)json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file] [--for TYPE/NAME] [--watch] [--event=Normal,Warning] +kubectl events [(-o|--output=)json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file] [--for TYPE/NAME] [--watch] [--types=Normal,Warning] ``` ## {{% heading "examples" %}} @@ -316,6 +317,55 @@ kubectl events [(-o|--output=)json|yaml|name|go-template|go-template-file|templa

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -365,5 +415,5 @@ kubectl events [(-o|--output=)json|yaml|name|go-template|go-template-file|templa ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_exec.md b/content/en/docs/reference/kubectl/generated/kubectl_exec/_index.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_exec.md rename to content/en/docs/reference/kubectl/generated/kubectl_exec/_index.md index 14570040c3025..24716e8fe7fc5 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_exec.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_exec/_index.md @@ -3,6 +3,7 @@ title: kubectl exec content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -294,6 +295,55 @@ kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -343,5 +393,5 @@ kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_explain.md b/content/en/docs/reference/kubectl/generated/kubectl_explain/_index.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_explain.md rename to content/en/docs/reference/kubectl/generated/kubectl_explain/_index.md index 31d88afccd0c0..75acae550e64b 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_explain.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_explain/_index.md @@ -3,6 +3,7 @@ title: kubectl explain content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -273,6 +274,55 @@ kubectl explain TYPE [--recursive=FALSE|TRUE] [--api-version=api-version-group]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -322,5 +372,5 @@ kubectl explain TYPE [--recursive=FALSE|TRUE] [--api-version=api-version-group] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_expose.md b/content/en/docs/reference/kubectl/generated/kubectl_expose/_index.md similarity index 90% rename from content/en/docs/reference/kubectl/generated/kubectl_expose.md rename to content/en/docs/reference/kubectl/generated/kubectl_expose/_index.md index b6120802bab2d..f3ff17a938b98 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_expose.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_expose/_index.md @@ -3,6 +3,7 @@ title: kubectl expose content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -417,6 +418,55 @@ kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -466,5 +516,5 @@ kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_get.md b/content/en/docs/reference/kubectl/generated/kubectl_get/_index.md similarity index 90% rename from content/en/docs/reference/kubectl/generated/kubectl_get.md rename to content/en/docs/reference/kubectl/generated/kubectl_get/_index.md index 1308f2f6c9f13..71d27912a237a 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_get.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_get/_index.md @@ -3,6 +3,7 @@ title: kubectl get content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -432,6 +433,55 @@ kubectl get [(-o|--output=)json|yaml|name|go-template|go-template-file|template|

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -481,5 +531,5 @@ kubectl get [(-o|--output=)json|yaml|name|go-template|go-template-file|template| ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_kustomize.md b/content/en/docs/reference/kubectl/generated/kubectl_kustomize/_index.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_kustomize.md rename to content/en/docs/reference/kubectl/generated/kubectl_kustomize/_index.md index bcdb4c68ab90c..3cb4256a6398d 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_kustomize.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_kustomize/_index.md @@ -3,6 +3,7 @@ title: kubectl kustomize content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -308,6 +309,55 @@ kubectl kustomize DIR [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -357,5 +407,5 @@ kubectl kustomize DIR [flags] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_label.md b/content/en/docs/reference/kubectl/generated/kubectl_label/_index.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_label.md rename to content/en/docs/reference/kubectl/generated/kubectl_label/_index.md index ada2cce8307a9..33277f5219f8a 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_label.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_label/_index.md @@ -3,6 +3,7 @@ title: kubectl label content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -372,6 +373,55 @@ kubectl label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -421,5 +471,5 @@ kubectl label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_ ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_logs.md b/content/en/docs/reference/kubectl/generated/kubectl_logs/_index.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_logs.md rename to content/en/docs/reference/kubectl/generated/kubectl_logs/_index.md index d4ff82c762c71..61b0bc120e2dc 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_logs.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_logs/_index.md @@ -3,6 +3,7 @@ title: kubectl logs content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -367,6 +368,55 @@ kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -416,5 +466,5 @@ kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_options.md b/content/en/docs/reference/kubectl/generated/kubectl_options.md deleted file mode 100644 index e478a1625bd39..0000000000000 --- a/content/en/docs/reference/kubectl/generated/kubectl_options.md +++ /dev/null @@ -1,285 +0,0 @@ ---- -title: kubectl options -content_type: tool-reference -weight: 30 -auto_generated: true ---- - - - - - -## {{% heading "synopsis" %}} - - -Print the list of flags inherited by all commands - -``` -kubectl options [flags] -``` - -## {{% heading "examples" %}} - -``` - # Print flags inherited by all commands - kubectl options -``` - -## {{% heading "options" %}} - - ---- - - - - - - - - - - -
    -h, --help

    help for options

    - - - -## {{% heading "parentoptions" %}} - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    --as string

    Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

    --as-group strings

    Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

    --as-uid string

    UID to impersonate for the operation.

    --azure-container-registry-config string

    Path to the file containing Azure container registry configuration information.

    --cache-dir string     Default: "$HOME/.kube/cache"

    Default cache directory

    --certificate-authority string

    Path to a cert file for the certificate authority

    --client-certificate string

    Path to a client certificate file for TLS

    --client-key string

    Path to a client key file for TLS

    --cloud-provider-gce-l7lb-src-cidrs cidrs     Default: 130.211.0.0/22,35.191.0.0/16

    CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks

    --cloud-provider-gce-lb-src-cidrs cidrs     Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

    CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks

    --cluster string

    The name of the kubeconfig cluster to use

    --context string

    The name of the kubeconfig context to use

    --default-not-ready-toleration-seconds int     Default: 300

    Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

    --default-unreachable-toleration-seconds int     Default: 300

    Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

    --disable-compression

    If true, opt-out of response compression for all requests to the server

    --insecure-skip-tls-verify

    If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

    --kubeconfig string

    Path to the kubeconfig file to use for CLI requests.

    --match-server-version

    Require server version to match client version

    -n, --namespace string

    If present, the namespace scope for this CLI request

    --password string

    Password for basic authentication to the API server

    --profile string     Default: "none"

    Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

    --profile-output string     Default: "profile.pprof"

    Name of the file to write the profile to

    --request-timeout string     Default: "0"

    The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

    -s, --server string

    The address and port of the Kubernetes API server

    --tls-server-name string

    Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

    --token string

    Bearer token for authentication to the API server

    --user string

    The name of the kubeconfig user to use

    --username string

    Username for basic authentication to the API server

    --version version[=true]

    --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

    --warnings-as-errors

    Treat warnings received from the server as errors and exit with a non-zero exit code

    - - - -## {{% heading "seealso" %}} - -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager - diff --git a/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth_whoami.md b/content/en/docs/reference/kubectl/generated/kubectl_options/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_alpha_auth_whoami.md rename to content/en/docs/reference/kubectl/generated/kubectl_options/_index.md index d9faa0bcd57d7..300222b012afd 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_alpha_auth_whoami.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_options/_index.md @@ -1,8 +1,9 @@ --- -title: kubectl alpha auth whoami +title: kubectl options content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -21,24 +22,17 @@ guide. You can file document formatting bugs against the ## {{% heading "synopsis" %}} -Experimental: Check who you are and your attributes (groups, extra). - - This command is helpful to get yourself aware of the current user attributes, - especially when dynamic authentication, e.g., token webhook, auth proxy, or OIDC provider, - is enabled in the Kubernetes cluster. +Print the list of flags inherited by all commands ``` -kubectl alpha auth whoami +kubectl options [flags] ``` ## {{% heading "examples" %}} ``` - # Get your subject attributes. - kubectl alpha auth whoami - - # Get your subject attributes in JSON format. - kubectl alpha auth whoami -o json + # Print flags inherited by all commands + kubectl options ``` ## {{% heading "options" %}} @@ -50,39 +44,11 @@ kubectl alpha auth whoami - ---allow-missing-template-keys     Default: true - - -

    If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

    - - -h, --help -

    help for whoami

    - - - --o, --output string - - -

    Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).

    - - - ---show-managed-fields - - -

    If true, keep the managedFields when printing objects in JSON or YAML format.

    - - - ---template string - - -

    Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

    +

    help for options

    @@ -267,6 +233,55 @@ kubectl alpha auth whoami

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -299,7 +314,7 @@ kubectl alpha auth whoami --version version[=true] -

    Print version information and quit

    +

    --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

    @@ -316,5 +331,5 @@ kubectl alpha auth whoami ## {{% heading "seealso" %}} -* [kubectl alpha auth](kubectl_alpha_auth.md) - Inspect authorization +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_patch.md b/content/en/docs/reference/kubectl/generated/kubectl_patch/_index.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_patch.md rename to content/en/docs/reference/kubectl/generated/kubectl_patch/_index.md index b0b4d204aac2d..c818e1d8de149 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_patch.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_patch/_index.md @@ -3,6 +3,7 @@ title: kubectl patch content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -349,6 +350,55 @@ kubectl patch (-f FILENAME | TYPE NAME) [-p PATCH|--patch-file FILE]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -398,5 +448,5 @@ kubectl patch (-f FILENAME | TYPE NAME) [-p PATCH|--patch-file FILE] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_plugin.md b/content/en/docs/reference/kubectl/generated/kubectl_plugin/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_plugin.md rename to content/en/docs/reference/kubectl/generated/kubectl_plugin/_index.md index 2cc9b2bd13061..499a1cfbb6ed8 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_plugin.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_plugin/_index.md @@ -3,6 +3,7 @@ title: kubectl plugin content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -229,6 +230,55 @@ kubectl plugin [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -278,6 +328,6 @@ kubectl plugin [flags] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl plugin list](kubectl_plugin_list/) - List all visible plugin executables on a user's PATH diff --git a/content/en/docs/reference/kubectl/generated/kubectl_plugin_list.md b/content/en/docs/reference/kubectl/generated/kubectl_plugin/kubectl_plugin_list.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_plugin_list.md rename to content/en/docs/reference/kubectl/generated/kubectl_plugin/kubectl_plugin_list.md index 8e830b4740414..d91443d3465d0 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_plugin_list.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_plugin/kubectl_plugin_list.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -241,6 +241,55 @@ kubectl plugin list [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -290,5 +339,5 @@ kubectl plugin list [flags] ## {{% heading "seealso" %}} -* [kubectl plugin](kubectl_plugin/) - Provides utilities for interacting with plugins +* [kubectl plugin](../) - Provides utilities for interacting with plugins diff --git a/content/en/docs/reference/kubectl/generated/kubectl_port-forward.md b/content/en/docs/reference/kubectl/generated/kubectl_port-forward/_index.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_port-forward.md rename to content/en/docs/reference/kubectl/generated/kubectl_port-forward/_index.md index 11fb01c56ba02..af464b467a1dc 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_port-forward.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_port-forward/_index.md @@ -3,6 +3,7 @@ title: kubectl port-forward content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -268,6 +269,55 @@ kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_POR

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -317,5 +367,5 @@ kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_POR ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_proxy.md b/content/en/docs/reference/kubectl/generated/kubectl_proxy/_index.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_proxy.md rename to content/en/docs/reference/kubectl/generated/kubectl_proxy/_index.md index 29bc8155bb0d3..8d6e95e6f3ca4 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_proxy.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_proxy/_index.md @@ -3,6 +3,7 @@ title: kubectl proxy content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -342,6 +343,55 @@ kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-pref

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -391,5 +441,5 @@ kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-pref ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_replace.md b/content/en/docs/reference/kubectl/generated/kubectl_replace/_index.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_replace.md rename to content/en/docs/reference/kubectl/generated/kubectl_replace/_index.md index 6bcd289482ae4..bfa8a29fd9ff9 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_replace.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_replace/_index.md @@ -3,6 +3,7 @@ title: kubectl replace content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -371,6 +372,55 @@ kubectl replace -f FILENAME

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -420,5 +470,5 @@ kubectl replace -f FILENAME ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout/_index.md similarity index 84% rename from content/en/docs/reference/kubectl/generated/kubectl_rollout.md rename to content/en/docs/reference/kubectl/generated/kubectl_rollout/_index.md index 7d5c1ccef7434..f722514062947 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_rollout.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout/_index.md @@ -3,6 +3,7 @@ title: kubectl rollout content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -247,6 +248,55 @@ kubectl rollout SUBCOMMAND

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -296,7 +346,7 @@ kubectl rollout SUBCOMMAND ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl rollout history](kubectl_rollout_history/) - View rollout history * [kubectl rollout pause](kubectl_rollout_pause/) - Mark the provided resource as paused * [kubectl rollout restart](kubectl_rollout_restart/) - Restart a resource diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_history.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_history.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_rollout_history.md rename to content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_history.md index b4f6f42eb1836..3e491ef2fd7f4 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_rollout_history.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_history.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -298,6 +298,55 @@ kubectl rollout history (TYPE NAME | TYPE/NAME) [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -347,5 +396,5 @@ kubectl rollout history (TYPE NAME | TYPE/NAME) [flags] ## {{% heading "seealso" %}} -* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource +* [kubectl rollout](../) - Manage the rollout of a resource diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_pause.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_pause.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_rollout_pause.md rename to content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_pause.md index 8e3fbd2a6d926..81cd8fb1caffb 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_rollout_pause.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_pause.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -299,6 +299,55 @@ kubectl rollout pause RESOURCE

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -348,5 +397,5 @@ kubectl rollout pause RESOURCE ## {{% heading "seealso" %}} -* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource +* [kubectl rollout](../) - Manage the rollout of a resource diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_restart.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_restart.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_rollout_restart.md rename to content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_restart.md index b611531bdbdaa..71e7aaf53dbd9 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_rollout_restart.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_restart.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -32,6 +32,9 @@ kubectl rollout restart RESOURCE ## {{% heading "examples" %}} ``` + # Restart all deployments in test-namespace namespace + kubectl rollout restart deployment -n test-namespace + # Restart a deployment kubectl rollout restart deployment/nginx @@ -303,6 +306,55 @@ kubectl rollout restart RESOURCE

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -352,5 +404,5 @@ kubectl rollout restart RESOURCE ## {{% heading "seealso" %}} -* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource +* [kubectl rollout](../) - Manage the rollout of a resource diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_resume.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_resume.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_rollout_resume.md rename to content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_resume.md index c26c4b407534a..6ef7bb29a3276 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_rollout_resume.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_resume.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -297,6 +297,55 @@ kubectl rollout resume RESOURCE

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -346,5 +395,5 @@ kubectl rollout resume RESOURCE ## {{% heading "seealso" %}} -* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource +* [kubectl rollout](../) - Manage the rollout of a resource diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_status.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_status.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_rollout_status.md rename to content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_status.md index 4f342be6161a6..5d2367623237b 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_rollout_status.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_status.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -283,6 +283,55 @@ kubectl rollout status (TYPE NAME | TYPE/NAME) [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -332,5 +381,5 @@ kubectl rollout status (TYPE NAME | TYPE/NAME) [flags] ## {{% heading "seealso" %}} -* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource +* [kubectl rollout](../) - Manage the rollout of a resource diff --git a/content/en/docs/reference/kubectl/generated/kubectl_rollout_undo.md b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_undo.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_rollout_undo.md rename to content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_undo.md index 5c9f60a2f87ea..a7d607003b68d 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_rollout_undo.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_undo.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -308,6 +308,55 @@ kubectl rollout undo (TYPE NAME | TYPE/NAME) [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -357,5 +406,5 @@ kubectl rollout undo (TYPE NAME | TYPE/NAME) [flags] ## {{% heading "seealso" %}} -* [kubectl rollout](kubectl_rollout/) - Manage the rollout of a resource +* [kubectl rollout](../) - Manage the rollout of a resource diff --git a/content/en/docs/reference/kubectl/generated/kubectl_run.md b/content/en/docs/reference/kubectl/generated/kubectl_run/_index.md similarity index 90% rename from content/en/docs/reference/kubectl/generated/kubectl_run.md rename to content/en/docs/reference/kubectl/generated/kubectl_run/_index.md index 3869443e1a5b4..63c7ac1b75263 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_run.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_run/_index.md @@ -3,6 +3,7 @@ title: kubectl run content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -438,6 +439,55 @@ kubectl run NAME --image=image [--env="key=value"] [--port=port] [--dry-run=serv

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -487,5 +537,5 @@ kubectl run NAME --image=image [--env="key=value"] [--port=port] [--dry-run=serv ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_scale.md b/content/en/docs/reference/kubectl/generated/kubectl_scale/_index.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_scale.md rename to content/en/docs/reference/kubectl/generated/kubectl_scale/_index.md index 4ad2845005a92..8c620e7d38916 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_scale.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_scale/_index.md @@ -3,6 +3,7 @@ title: kubectl scale content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -346,6 +347,55 @@ kubectl scale [--resource-version=version] [--current-replicas=count] --replicas

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -395,5 +445,5 @@ kubectl scale [--resource-version=version] [--current-replicas=count] --replicas ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set.md b/content/en/docs/reference/kubectl/generated/kubectl_set/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_set.md rename to content/en/docs/reference/kubectl/generated/kubectl_set/_index.md index a09bbcfb93299..464fe8b53aa6b 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_set.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_set/_index.md @@ -3,6 +3,7 @@ title: kubectl set content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -227,6 +228,55 @@ kubectl set SUBCOMMAND

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -276,7 +326,7 @@ kubectl set SUBCOMMAND ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl set env](kubectl_set_env/) - Update environment variables on a pod template * [kubectl set image](kubectl_set_image/) - Update the image of a pod template * [kubectl set resources](kubectl_set_resources/) - Update resource requests/limits on objects with pod templates diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_env.md b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_env.md similarity index 90% rename from content/en/docs/reference/kubectl/generated/kubectl_set_env.md rename to content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_env.md index 1eec0c35c41c1..e3407bf103cd9 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_set_env.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_env.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -411,6 +411,55 @@ kubectl set env RESOURCE/NAME KEY_1=VAL_1 ... KEY_N=VAL_N

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -460,5 +509,5 @@ kubectl set env RESOURCE/NAME KEY_1=VAL_1 ... KEY_N=VAL_N ## {{% heading "seealso" %}} -* [kubectl set](kubectl_set/) - Set specific features on objects +* [kubectl set](../) - Set specific features on objects diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_image.md b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_image.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_set_image.md rename to content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_image.md index 9e8a13a37808c..126169bdacc0e 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_set_image.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_image.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -329,6 +329,55 @@ kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 .

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -378,5 +427,5 @@ kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 . ## {{% heading "seealso" %}} -* [kubectl set](kubectl_set/) - Set specific features on objects +* [kubectl set](../) - Set specific features on objects diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_resources.md b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_resources.md similarity index 89% rename from content/en/docs/reference/kubectl/generated/kubectl_set_resources.md rename to content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_resources.md index 5d3fa8ba00e54..876bdb5f79466 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_set_resources.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_resources.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -350,6 +350,55 @@ kubectl set resources (-f FILENAME | TYPE NAME) ([--limits=LIMITS & --requests=

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -399,5 +448,5 @@ kubectl set resources (-f FILENAME | TYPE NAME) ([--limits=LIMITS & --requests= ## {{% heading "seealso" %}} -* [kubectl set](kubectl_set/) - Set specific features on objects +* [kubectl set](../) - Set specific features on objects diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_selector.md b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_selector.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_set_selector.md rename to content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_selector.md index dc461d528bc63..22b93938c18c7 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_set_selector.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_selector.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -312,6 +312,55 @@ kubectl set selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=v

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -361,5 +410,5 @@ kubectl set selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=v ## {{% heading "seealso" %}} -* [kubectl set](kubectl_set/) - Set specific features on objects +* [kubectl set](../) - Set specific features on objects diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_serviceaccount.md b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_serviceaccount.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_set_serviceaccount.md rename to content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_serviceaccount.md index c5507b3f05a64..0077649dc3fe1 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_set_serviceaccount.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_serviceaccount.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -316,6 +316,55 @@ kubectl set serviceaccount (-f FILENAME | TYPE NAME) SERVICE_ACCOUNT

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -365,5 +414,5 @@ kubectl set serviceaccount (-f FILENAME | TYPE NAME) SERVICE_ACCOUNT ## {{% heading "seealso" %}} -* [kubectl set](kubectl_set/) - Set specific features on objects +* [kubectl set](../) - Set specific features on objects diff --git a/content/en/docs/reference/kubectl/generated/kubectl_set_subject.md b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_subject.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_set_subject.md rename to content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_subject.md index 0d00f9658f0a9..4bb9e1807c2da 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_set_subject.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_set/kubectl_set_subject.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -343,6 +343,55 @@ kubectl set subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupna

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -385,5 +434,5 @@ kubectl set subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupna ## {{% heading "seealso" %}} -* [kubectl set](kubectl_set/) - Set specific features on objects +* [kubectl set](../) - Set specific features on objects diff --git a/content/en/docs/reference/kubectl/generated/kubectl_taint.md b/content/en/docs/reference/kubectl/generated/kubectl_taint/_index.md similarity index 88% rename from content/en/docs/reference/kubectl/generated/kubectl_taint.md rename to content/en/docs/reference/kubectl/generated/kubectl_taint/_index.md index 62b8240b3f821..81fabb002ce1e 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_taint.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_taint/_index.md @@ -3,6 +3,7 @@ title: kubectl taint content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -322,6 +323,55 @@ kubectl taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -371,5 +421,5 @@ kubectl taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_ ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_top.md b/content/en/docs/reference/kubectl/generated/kubectl_top/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_top.md rename to content/en/docs/reference/kubectl/generated/kubectl_top/_index.md index c9b09dab342a8..79c0ec6b9211e 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_top.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_top/_index.md @@ -3,6 +3,7 @@ title: kubectl top content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -229,6 +230,55 @@ kubectl top [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -278,7 +328,7 @@ kubectl top [flags] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager * [kubectl top node](kubectl_top_node/) - Display resource (CPU/memory) usage of nodes * [kubectl top pod](kubectl_top_pod/) - Display resource (CPU/memory) usage of pods diff --git a/content/en/docs/reference/kubectl/generated/kubectl_top_node.md b/content/en/docs/reference/kubectl/generated/kubectl_top/kubectl_top_node.md similarity index 85% rename from content/en/docs/reference/kubectl/generated/kubectl_top_node.md rename to content/en/docs/reference/kubectl/generated/kubectl_top/kubectl_top_node.md index 6a7b83d8020c0..4fa3234b20a36 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_top_node.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_top/kubectl_top_node.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -272,6 +272,55 @@ kubectl top node [NAME | -l label]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -321,5 +370,5 @@ kubectl top node [NAME | -l label] ## {{% heading "seealso" %}} -* [kubectl top](kubectl_top/) - Display resource (CPU/memory) usage +* [kubectl top](../) - Display resource (CPU/memory) usage diff --git a/content/en/docs/reference/kubectl/generated/kubectl_top_pod.md b/content/en/docs/reference/kubectl/generated/kubectl_top/kubectl_top_pod.md similarity index 86% rename from content/en/docs/reference/kubectl/generated/kubectl_top_pod.md rename to content/en/docs/reference/kubectl/generated/kubectl_top/kubectl_top_pod.md index 4f1eca2153e71..1d2809c1a586e 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_top_pod.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_top/kubectl_top_pod.md @@ -11,7 +11,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -301,6 +301,55 @@ kubectl top pod [NAME | -l label]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -350,5 +399,5 @@ kubectl top pod [NAME | -l label] ## {{% heading "seealso" %}} -* [kubectl top](kubectl_top/) - Display resource (CPU/memory) usage +* [kubectl top](../) - Display resource (CPU/memory) usage diff --git a/content/en/docs/reference/kubectl/generated/kubectl_uncordon.md b/content/en/docs/reference/kubectl/generated/kubectl_uncordon/_index.md similarity index 84% rename from content/en/docs/reference/kubectl/generated/kubectl_uncordon.md rename to content/en/docs/reference/kubectl/generated/kubectl_uncordon/_index.md index 64ee119690099..e476068de58c5 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_uncordon.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_uncordon/_index.md @@ -3,6 +3,7 @@ title: kubectl uncordon content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -246,6 +247,55 @@ kubectl uncordon NODE

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -295,5 +345,5 @@ kubectl uncordon NODE ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_version.md b/content/en/docs/reference/kubectl/generated/kubectl_version/_index.md similarity index 83% rename from content/en/docs/reference/kubectl/generated/kubectl_version.md rename to content/en/docs/reference/kubectl/generated/kubectl_version/_index.md index b7241e2244903..53020be62130f 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_version.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_version/_index.md @@ -3,6 +3,7 @@ title: kubectl version content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -246,6 +247,55 @@ kubectl version [flags]

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -295,5 +345,5 @@ kubectl version [flags] ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager diff --git a/content/en/docs/reference/kubectl/generated/kubectl_wait.md b/content/en/docs/reference/kubectl/generated/kubectl_wait/_index.md similarity index 87% rename from content/en/docs/reference/kubectl/generated/kubectl_wait.md rename to content/en/docs/reference/kubectl/generated/kubectl_wait/_index.md index aa9f8bf0b069e..fa385b6018ca4 100644 --- a/content/en/docs/reference/kubectl/generated/kubectl_wait.md +++ b/content/en/docs/reference/kubectl/generated/kubectl_wait/_index.md @@ -3,6 +3,7 @@ title: kubectl wait content_type: tool-reference weight: 30 auto_generated: true +no_list: true --- @@ -11,7 +12,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -45,6 +46,9 @@ kubectl wait ([-f FILENAME] | resource.group/resource.name | resource.group [(-l # Wait for the pod "busybox1" to contain the status phase to be "Running" kubectl wait --for=jsonpath='{.status.phase}'=Running pod/busybox1 + # Wait for pod "busybox1" to be Ready + kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' pod/busybox1 + # Wait for the service "loadbalancer" to have ingress. kubectl wait --for=jsonpath='{.status.loadBalancer.ingress}' service/loadbalancer @@ -342,6 +346,55 @@ kubectl wait ([-f FILENAME] | resource.group/resource.name | resource.group [(-l

    The address and port of the Kubernetes API server

    + +--storage-driver-buffer-duration duration     Default: 1m0s + + +

    Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

    + + + +--storage-driver-db string     Default: "cadvisor" + + +

    database name

    + + + +--storage-driver-host string     Default: "localhost:8086" + + +

    database host:port

    + + + +--storage-driver-password string     Default: "root" + + +

    database password

    + + + +--storage-driver-secure + + +

    use secure connection with database

    + + + +--storage-driver-table string     Default: "stats" + + +

    table name

    + + + +--storage-driver-user string     Default: "root" + + +

    database username

    + + --tls-server-name string @@ -391,5 +444,5 @@ kubectl wait ([-f FILENAME] | resource.group/resource.name | resource.group [(-l ## {{% heading "seealso" %}} -* [kubectl](kubectl/) - kubectl controls the Kubernetes cluster manager +* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager From 84e8a3ab71aee2710ed2e195b5d55f25a87b2723 Mon Sep 17 00:00:00 2001 From: Arhell Date: Sat, 6 Jan 2024 18:45:43 +0200 Subject: [PATCH 155/279] [pt] Fix typo in TLS Secrets part --- content/pt-br/docs/concepts/configuration/secret.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/concepts/configuration/secret.md b/content/pt-br/docs/concepts/configuration/secret.md index 8e964be37d8e0..0d62447a31dec 100644 --- a/content/pt-br/docs/concepts/configuration/secret.md +++ b/content/pt-br/docs/concepts/configuration/secret.md @@ -1141,7 +1141,7 @@ data: O Secret de autenticação SSH é fornecido apenas para a conveniência do usuário. Você pode criar um Secret do tipo `Opaque` para credentials utilizadas para autenticação SSH. No entanto, a utilização do tipo embutido e público de Secret -(`kubernetes.io/ssh-auth`) auxilia outras pessoas a compreenderem o propósito do +(`kubernetes.io/tls`) auxilia outras pessoas a compreenderem o propósito do seu Secret, e define uma convenção de quais chaves podem ser esperadas. O tipo embutido também fornece verificação dos campos requeridos em uma configuração de Secret. From c4e386e05e446a47556865580efa13cda5502ccb Mon Sep 17 00:00:00 2001 From: Yutaro Taira <31821663+9sako6@users.noreply.github.com> Date: Sun, 7 Jan 2024 14:04:27 +0900 Subject: [PATCH 156/279] [ja] Fix indentation of example code in Secret doc --- content/ja/docs/concepts/configuration/secret.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/configuration/secret.md b/content/ja/docs/concepts/configuration/secret.md index 0514eaa40c96d..3a1c95afdb398 100644 --- a/content/ja/docs/concepts/configuration/secret.md +++ b/content/ja/docs/concepts/configuration/secret.md @@ -143,7 +143,7 @@ apiVersion: v1 kind: Secret name: secret-dockercfg type: kubernetes.io/dockercfg - data: +data: .dockercfg: | "" ``` From 9628589687aeced58a56a18bf137cbed1b8e0f09 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sun, 7 Jan 2024 17:06:45 +0800 Subject: [PATCH 157/279] [zh-cn] sync contribute/_index.md Signed-off-by: xin.li --- content/zh-cn/docs/contribute/_index.md | 331 ++---------------------- 1 file changed, 20 insertions(+), 311 deletions(-) diff --git a/content/zh-cn/docs/contribute/_index.md b/content/zh-cn/docs/contribute/_index.md index 7dd0fcd38efb5..4414f3246a12d 100644 --- a/content/zh-cn/docs/contribute/_index.md +++ b/content/zh-cn/docs/contribute/_index.md @@ -1,339 +1,48 @@ --- content_type: concept -title: 为 K8s 文档出一份力 -linktitle: 贡献 +title: 为 Kubernetes 出一份力 +linkTitle: 贡献 main_menu: true no_list: true weight: 80 card: name: contribute weight: 10 - title: 开始为 K8s 做贡献 + title: 开始为 Kubernetes 做贡献 --- -**Kubernetes 欢迎来自所有贡献者的改进,无论你是新人和有经验的贡献者!** +为 Kubernetes 做出贡献的方法有很多。你可以致力于新特性的设计、记录我们已有的代码、为我们的[博客](/blog)写文章。 +还有更多:你可以实现这些新特性或修复 Bug、可以帮助人们加入我们的贡献者社区,或支持现有的贡献者。 -{{< note >}} -要了解有关为 Kubernetes 做出贡献的更多信息,请参阅 -[贡献者文档](https://www.kubernetes.dev/docs/)。 +通过所有这些不同的方式来改变项目,我们(Kubernetes)制作了一个专门的网站:https://k8s.dev/。 +你可以去那里了解有关为 Kubernetes 做出贡献的更多信息。 -你还可以阅读 -{{< glossary_tooltip text="CNCF" term_id="cncf" >}} -关于为 Kubernetes 做贡献的[页面](https://contribute.cncf.io/contributors/projects/#kubernetes)。 -{{< /note >}} - - -本网站由 [Kubernetes SIG Docs](/zh-cn/docs/contribute/#get-involved-with-SIG-Docs)(文档特别兴趣小组)维护。 - -Kubernetes 文档项目的贡献者: - -- 改进现有内容 -- 创建新内容 -- 翻译文档 -- 管理并发布 Kubernetes 周期性发行版的文档 - - - - -## 入门 {#getting-started} - -任何人都可以提出文档方面的问题(issue),或贡献一个变更,用拉取请求(PR)的方式提交到 -[GitHub 上的 `kubernetes/website` 仓库](https://github.com/kubernetes/website)。 -当然你需要熟练使用 [git](https://git-scm.com/) 和 [GitHub](https://lab.github.com/) -才能在 Kubernetes 社区中有效工作。 - - -如何参与文档编制: - -1. 签署 CNCF 的[贡献者许可协议](https://github.com/kubernetes/community/blob/master/CLA.md)。 -2. 熟悉[文档仓库](https://github.com/kubernetes/website)和网站的[静态站点生成器](https://gohugo.io)。 -3. 确保理解[发起 PR](/zh-cn/docs/contribute/new-content/open-a-pr/) - 和[审查变更](/zh-cn/docs/contribute/review/reviewing-prs/)的基本流程。 - - - - -{{< mermaid >}} -flowchart TB -subgraph third[发起 PR] -direction TB -U[ ] -.- -Q[改进现有内容] --- N[创建新内容] -N --- O[翻译文档] -O --- P[管理并发布 K8s
    周期性发行版的文档] - -end - -subgraph second[评审] -direction TB - T[ ] -.- - D[仔细查看
    kubernetes/website
    仓库] --- E[下载安装 Hugo
    静态站点
    生成器] - E --- F[了解基本的
    GitHub 命令] - F --- G[评审待处理的 PR
    并遵从变更审查
    流程] -end - -subgraph first[注册] - direction TB - S[ ] -.- - B[签署 CNCF
    贡献者
    许可协议] --- C[加入 sig-docs
    Slack 频道] - C --- V[加入 kubernetes-sig-docs
    邮件列表] - V --- M[参加每周的
    sig-docs 电话会议
    或 slack 会议] -end - -A([fa:fa-user 新的
    贡献者]) --> first -A --> second -A --> third -A --> H[提出问题!!!] - - -classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; -classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold -classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 -class A,B,C,D,E,F,G,H,M,Q,N,O,P,V grey -class S,T,U spacewhite -class first,second,third white -{{}} - - -图 1. 新手入门指示。 - -图 1 概述了新贡献者的路线图。 -你可以遵从“注册”和“评审”所述的某些或全部步骤。 -至此,你完成了发起 PR 的准备工作, -可以通过“发起 PR” 列出的事项实现你的贡献目标。 -再次重申,欢迎随时提出问题! - - -有些任务要求 Kubernetes 组织内更高的信任级别和访问权限。 -阅读[参与 SIG Docs 工作](/zh-cn/docs/contribute/participate/),获取角色和权限的更多细节。 - - -## 第一次贡献 {#your-first-contribution} - -你可以提前查阅几个步骤,来准备你的第一次贡献。 -图 2 概述了后续的步骤和细节。 - - - - -{{< mermaid >}} -flowchart LR - subgraph second[第一次贡献] - direction TB - S[ ] -.- - G[查阅其他 K8s
    成员发起的 PR] --> - A[检索 kubernetes/website
    问题列表是否有
    good first 一类的 PR] --> B[发起一个 PR!!] - end - subgraph first[建议的准备工作] - direction TB - T[ ] -.- - D[阅读贡献概述] -->E[阅读 K8s 内容
    和风格指南] - E --> F[了解 Hugo 页面
    内容类型
    和短代码] - end - - - first ----> second - - -classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; -classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold -classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 -class A,B,D,E,F,G grey -class S,T spacewhite -class first,second white -{{}} - - -图 2. 第一次贡献的准备工作。 - - -- 通读[贡献概述](/zh-cn/docs/contribute/new-content/),了解参与贡献的不同方式。 -- 查看 [`kubernetes/website` 问题列表](https://github.com/kubernetes/website/issues/), - 检索最适合作为切入点的问题。 -- 在现有文档上,[使用 GitHub 提交 PR](/zh-cn/docs/contribute/new-content/open-a-pr/#changes-using-github), - 掌握在 GitHub 上登记 Issue 的方法。 -- Kubernetes 社区其他成员会[评审 PR](/zh-cn/docs/contribute/review/reviewing-prs/), - 以确保文档精准和语言流畅。 -- 阅读 kubernetes 的[内容指南](/zh-cn/docs/contribute/style/content-guide/)和 - [风格指南](/zh-cn/docs/contribute/style/style-guide/),以发表有见地的评论。 -- 了解[页面内容类型](/zh-cn/docs/contribute/style/page-content-types/)和 - [Hugo 短代码](/zh-cn/docs/contribute/style/hugo-shortcodes/)。 - - -## 贡献时获取帮助 - -做出第一个贡献可能会让人感觉比较困难。 -[新贡献者大使](https://github.com/kubernetes/website#new-contributor-ambassadors) -将引导你完成最初的一些贡献。你可以在 [Kubernetes Slack](https://slack.k8s.io/) -中联系他们,最好是在 `#sig-docs` 频道中。还有每月第一个星期二举行的 -[新贡献者见面会](https://www.kubernetes.dev/resources/calendar/), -你可以在此处与新贡献者大使互动并解决你的疑问。 - - -## 下一步 {#next-teps} - -- 学习在仓库的[本地克隆中工作](/zh-cn/docs/contribute/new-content/open-a-pr/#fork-the-repo)。 -- 为[发行版的特性](/zh-cn/docs/contribute/new-content/new-features/)编写文档。 -- 加入 [SIG Docs](/zh-cn/docs/contribute/participate/), - 并成为[成员或评审者](/zh-cn/docs/contribute/participate/roles-and-responsibilities/)。 -- 开始或帮助[本地化](/zh-cn/docs/contribute/localization/)工作。 - - -## 参与 SIG Docs 工作 {#get-involved-with-SIG-Docs} - -[SIG Docs](/zh-cn/docs/contribute/participate/) 是负责发布、维护 Kubernetes 文档的贡献者团体。 -参与 SIG Docs 是 Kubernetes 贡献者(开发者和其他人员)对 Kubernetes 项目产生重大影响力的好方式。 - -SIG Docs 的几种沟通方式: - - -- [加入 Kubernetes 在 Slack 上的 `#sig-docs` 频道](https://slack.k8s.io/)。 - 一定记得自我介绍! -- [加入 `kubernetes-sig-docs` 邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-docs), - 这里有更广泛的讨论,和官方决策的记录。 -- 参加每两周召开一次的 [SIG Docs 视频会议](https://github.com/kubernetes/community/tree/master/sig-docs)。 - 会议总是在 `#sig-docs` 上发出公告,同时添加到 - [Kubernetes 社区会议日历](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles)。 - 你需要下载 [Zoom 客户端软件](https://zoom.us/download),或电话拨号接入。 -- 如果有几周未召开实况 Zoom 视频会议,请参加 SIG Docs 异步 Slack 站会。 - 会议总是在 `#sig-docs` 上发出公告。 - 你可以在会议公告后 24 小时内为其中任一议题做贡献。 - - -## 其他贡献方式 {#other-ways-to-contribute} - -- 访问 [Kubernetes 社区网站](/zh-cn/community/)。 - 参与 Twitter 或 Stack Overflow,了解当地的 Kubernetes 会议和活动等等。 -- 阅读[贡献者备忘单](https://github.com/kubernetes/community/tree/master/contributors/guide/contributor-cheatsheet), - 参与 Kubernetes 功能开发。 -- 访问贡献者网站,进一步了解有关 [Kubernetes 贡献者](https://www.kubernetes.dev/) - 和[更多贡献者资源](https://www.kubernetes.dev/resources/)的信息。 -- 提交一篇[博客文章或案例研究](/zh-cn/docs/contribute/new-content/blogs-case-studies/)。 +如果你特别想了解如何为**本**文档做出贡献,请阅读[为 Kubernetes 文档做出贡献](/zh-cn/docs/contribute/docs/)。 From ae62625ab57c56c5102c9ddcf3f4a8b304f70cf3 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sun, 7 Jan 2024 18:07:15 +0800 Subject: [PATCH 158/279] [zh-cn] sync generate-ref-docs/kubernetes-api contribute-upstream Signed-off-by: xin.li --- .../generate-ref-docs/contribute-upstream.md | 26 +++--- .../generate-ref-docs/kubernetes-api.md | 90 ++++++++++--------- 2 files changed, 62 insertions(+), 54 deletions(-) diff --git a/content/zh-cn/docs/contribute/generate-ref-docs/contribute-upstream.md b/content/zh-cn/docs/contribute/generate-ref-docs/contribute-upstream.md index 9bd9e0fc7f1a9..5c9dc1a4b088a 100644 --- a/content/zh-cn/docs/contribute/generate-ref-docs/contribute-upstream.md +++ b/content/zh-cn/docs/contribute/generate-ref-docs/contribute-upstream.md @@ -90,7 +90,7 @@ Kubernetes API 和 `kube-*` 组件(例如 `kube-apiserver`、`kube-controller- 当你在生成的文档中看到错误时,你可能需要考虑创建一个 PR 用来在上游项目中对其进行修复。 @@ -108,7 +108,7 @@ go get github.com/kubernetes/kubernetes Determine the base directory of your clone of the [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository. For example, if you followed the preceding step to get the repository, your -base directory is `$GOPATH/src/github.com/kubernetes/kubernetes.` +base directory is `$GOPATH/src/github.com/kubernetes/kubernetes`. The remaining steps refer to your base directory as ``. --> 确定你的 [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 代码仓库克隆的根目录。 @@ -119,7 +119,7 @@ The remaining steps refer to your base directory as ``. Determine the base directory of your clone of the [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) repository. For example, if you followed the preceding step to get the repository, your -base directory is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs.` +base directory is `$GOPATH/src/github.com/kubernetes-sigs/reference-docs`. The remaining steps refer to your base directory as ``. --> 确定你的 [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) @@ -129,7 +129,7 @@ The remaining steps refer to your base directory as ``. 接下来其余步骤将你的根目录称为 ``。 ### 更改上游 Kubernetes 源代码 @@ -209,7 +209,7 @@ On branch master ``` @@ -305,7 +305,7 @@ repository and in related repositories, such as {{< /note >}} 现在,你可以按照 diff --git a/content/zh-cn/docs/contribute/generate-ref-docs/kubernetes-api.md b/content/zh-cn/docs/contribute/generate-ref-docs/kubernetes-api.md index 74fc1fe897a51..5ccd16ade93b0 100644 --- a/content/zh-cn/docs/contribute/generate-ref-docs/kubernetes-api.md +++ b/content/zh-cn/docs/contribute/generate-ref-docs/kubernetes-api.md @@ -21,19 +21,21 @@ using the [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/re If you find bugs in the generated documentation, you need to [fix them upstream](/docs/contribute/generate-ref-docs/contribute-upstream/). -If you need only to regenerate the reference documentation from the [OpenAPI](https://github.com/OAI/OpenAPI-Specification) +If you need only to regenerate the reference documentation from the +[OpenAPI](https://github.com/OAI/OpenAPI-Specification) spec, continue reading this page. --> 本页面显示了如何更新 Kubernetes API 参考文档。 Kubernetes API 参考文档是从 -[Kubernetes OpenAPI 规范](https://github.com/kubernetes/kubernetes/blob/master/api/openapi-spec/swagger.json) -构建的, -且使用[kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) 生成代码。 +[Kubernetes OpenAPI 规范](https://github.com/kubernetes/kubernetes/blob/master/api/openapi-spec/swagger.json)构建的, +且使用 [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) +生成代码。 如果你在生成的文档中发现错误,则需要[在上游修复](/zh-cn/docs/contribute/generate-ref-docs/contribute-upstream/)。 -如果你只需要从 [OpenAPI](https://github.com/OAI/OpenAPI-Specification) 规范中重新生成参考文档,请继续阅读此页。 +如果你只需要从 [OpenAPI](https://github.com/OAI/OpenAPI-Specification) +规范中重新生成参考文档,请继续阅读此页。 ## {{% heading "prerequisites" %}} @@ -42,13 +44,13 @@ Kubernetes API 参考文档是从 ## 配置本地仓库 -创建本地工作区并设置你的 `GOPATH`。 +创建本地工作区并设置你的 `GOPATH`: ```shell mkdir -p $HOME/ @@ -87,30 +89,30 @@ git clone https://github.com/kubernetes/kubernetes $GOPATH/src/k8s.io/kubernetes * [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 仓库克隆后的根目录为 `$GOPATH/src/k8s.io/kubernetes`。 后续步骤将此目录称为 ``。 * [kubernetes/website](https://github.com/kubernetes/website) 仓库克隆后的根目录为 `$GOPATH/src/github.com//website`。后续步骤将此目录称为 ``。 * [kubernetes-sigs/reference-docs](https://github.com/kubernetes-sigs/reference-docs) - 仓库克隆后的基本目录为 `$GOPATH/src/github.com/kubernetes-sigs/reference-docs.`。 + 仓库克隆后的基本目录为 `$GOPATH/src/github.com/kubernetes-sigs/reference-docs`。 后续步骤将此目录称为 ``。 -### 设置构建变量 {#setting-build-variables} +### 设置构建变量 {#set-build-variables} + +进入 `` 目录,然后打开 `Makefile` 文件进行编辑: -* 设置 `K8S_ROOT` 为 ``. -* 设置 `K8S_WEBROOT` 为 ``. +* 设置 `K8S_ROOT` 为 ``。 +* 设置 `K8S_WEBROOT` 为 ``。 * 设置 `K8S_RELEASE` 为要构建的文档的版本。 例如,如果你想为 Kubernetes 1.17.0 构建文档,请将 `K8S_RELEASE` 设置为 1.17.0。 @@ -149,9 +153,9 @@ export K8S_RELEASE=1.17.0 ``` -在 `` 目录中,运行以下命令来构建: +在 `` 目录中,运行以下命令来构建: ```shell cd @@ -175,12 +179,11 @@ make updateapispec ``` ### 构建 API 参考文档 @@ -236,7 +239,7 @@ static/docs/reference/generated/kubernetes-api/{{< param "version" >}}/js/scroll ``` * 打开并编辑 `/content/en/docs/reference/kubernetes-api/api-index.md`, API 参考的版本号。例如: - ``` - title: v1.17 - [Kubernetes API v1.17](/docs/reference/generated/kubernetes-api/v1.17/) - ``` + ``` + title: v1.17 + [Kubernetes API v1.17](/docs/reference/generated/kubernetes-api/v1.17/) + ``` + -* 打开编辑 `/content/en/docs/reference/_index.md`,添加指向最新 API 参考 - 的链接,删除最老的 API 版本。 +* 打开编辑 `/content/en/docs/reference/_index.md`,添加指向最新 API + 参考的链接,删除最老的 API 版本。 通常保留最近的五个版本的 API 参考的链接。 ```shell cd -git submodule update --init --recursive --depth 1 # if not already done +git submodule update --init --recursive --depth 1 # 如果尚未完成 make container-serve ``` ## 提交更改 @@ -319,4 +326,3 @@ to monitor your pull request until it has been merged. * [生成参考文档快速入门](/zh-cn/docs/contribute/generate-ref-docs/quickstart/) * [为 Kubernetes 组件和工具生成参考文档](/zh-cn/docs/contribute/generate-ref-docs/kubernetes-components/) * [为 kubectl 命令集生成参考文档](/zh-cn/docs/contribute/generate-ref-docs/kubectl/) - From 27cfd83294c852a28ec15a26b5a919d3405ec83d Mon Sep 17 00:00:00 2001 From: xin gu <418294249@qq.com> Date: Sat, 6 Jan 2024 09:18:28 +0800 Subject: [PATCH 159/279] sync configure-persistent-volume-storage static-pod Update static-pod.md --- .../configure-persistent-volume-storage.md | 10 +++++++ .../configure-pod-container/static-pod.md | 27 +++++++++---------- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md index 94bd9ec002530..1863e8af58a6f 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md @@ -178,6 +178,16 @@ PersistentVolumeClaim requests to this PersistentVolume. [StorageClass 的名称](/zh-cn/docs/concepts/storage/persistent-volumes/#class)为 `manual`。 它将用于将 PersistentVolumeClaim 的请求绑定到此 PersistentVolume。 +{{< note >}} + +为了简化,本示例采用了 `ReadWriteOnce` 访问模式。然而对于生产环境, +Kubernetes 项目建议改用 `ReadWriteOncePod` 访问模式。 +{{< /note >}} + diff --git a/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md b/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md index 32b579ec4816d..eb89aea6301e3 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md @@ -161,24 +161,21 @@ For example, this is how to start a simple web server as a static Pod: ``` -3. 配置这个节点上的 kubelet,使用这个参数执行 `--pod-manifest-path=/etc/kubernetes/manifests/`。 - 在 Fedora 上编辑 `/etc/kubernetes/kubelet` 以包含下面这行: - - ``` - KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubernetes/manifests/" - ``` - - - 或者在 [Kubelet 配置文件](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中添加 - `staticPodPath: <目录>`字段。 +3. 在该节点上配置 kubelet,在 [kubelet 配置文件](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中设定 `staticPodPath` 值。 + 欲了解更多信息,请参考[通过配置文件设定 kubelet 参数](/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/)。 + 另一个已弃用的方法是,在该节点上通过命令行参数配置 kubelet,以便从本地查找静态 Pod 清单。 + 若使用这种弃用的方法,请启动 kubelet 时加上 `--pod-manifest-path=/etc/kubernetes/manifests/` 参数。 允许微调实验性的、Alpha 级别的日志选项。 diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md index 48d2075f2b20e..7b1c181381521 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/logging-beta-options.md @@ -12,6 +12,6 @@ stages: --- 允许微调实验性的、Beta 级别的日志选项。 From 3a40d64df31f48ee9ea0bdf3b325a556aaed161b Mon Sep 17 00:00:00 2001 From: Caleb Woodbine Date: Mon, 8 Jan 2024 09:45:01 +1300 Subject: [PATCH 163/279] chore: fix links and names for ii.nz - fix links - use ii.nz instead of ii-Team --- .../2023-10-05-sig-architecture-conformance-spotlight.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md b/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md index 39e0ce8712273..68f3b966ac40a 100644 --- a/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md +++ b/content/en/blog/_posts/2023-10-05-sig-architecture-conformance-spotlight.md @@ -16,7 +16,7 @@ Architecture: Conformance subproject_ In this [SIG Architecture](https://github.com/kubernetes/community/blob/master/sig-architecture/README.md) spotlight, we talked with [Riaan -Kleinhans](https://github.com/Riaankl) (ii-Team), Lead for the +Kleinhans](https://github.com/Riaankl) (ii.nz), Lead for the [Conformance sub-project](https://github.com/kubernetes/community/blob/master/sig-architecture/README.md#conformance-definition-1). @@ -26,7 +26,7 @@ sub-project](https://github.com/kubernetes/community/blob/master/sig-architectur bit about yourself, your role and how you got involved in Kubernetes. **Riaan Kleinhans (RK)**: Hi! My name is Riaan Kleinhans and I live in -South Africa. I am the Project manager for the [ii-Team](https://ii.nz) in New +South Africa. I am the Project manager for the [ii.nz](https://ii.nz) team in New Zealand. When I joined ii the plan was to move to New Zealand in April 2020 and then Covid happened. Fortunately, being a flexible and dynamic team we were able to make it work remotely and in very From 01afb66e8069995fc7ce34846af2990a092f0cca Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 8 Jan 2024 09:30:50 +0800 Subject: [PATCH 164/279] [zh] sync kube-apiserver.md --- .../kube-apiserver.md | 191 ++++++++++-------- 1 file changed, 111 insertions(+), 80 deletions(-) diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md b/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md index bc754c6a5fcc3..d9cd7f4036a0d 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md @@ -2,7 +2,6 @@ title: kube-apiserver content_type: tool-reference weight: 30 -auto_generated: true --- ## {{% heading "synopsis" %}} @@ -91,6 +90,19 @@ The map from metric-label to value allow-list of this label. The key's format is

    + +--allow-metric-labels-manifest string + + +

    + +包含允许列表映射的清单文件的路径。此文件的格式与 --allow-metric-labels 相同。 +请注意,--allow-metric-labels 标志将覆盖清单文件。 +

    + + --allow-privileged @@ -553,6 +565,20 @@ API group and version used for serializing audit events written to webhook. + +--authentication-config string + + +

    + +用于配置 JWT 令牌验证器的身份验证配置文件。注意:此特性自 v1.29 起处于 Alpha 阶段。 +需要设置 --feature-gate=StructuredAuthenticationConfiguration=true 才能启用此特性。 +此特性与 oidc-* 标志互斥。 +

    + + --authentication-token-webhook-cache-ttl duration     2m0s @@ -592,6 +618,20 @@ The API version of the authentication.k8s.io TokenReview to send to and expect f + +--authorization-config string + + +

    + +用于配置鉴权链的鉴权配置文件。注意:此特性自 v1.29 起处于 Alpha 阶段。 +需要将 --feature-gate=StructuredAuthorizationConfiguration=true 特性标志设置为 true 才能启用此特性。 +此特性与其他 --authorization-mode和--authorization-webhook-* 标志互斥。 +

    + + --authorization-mode strings     默认值:"AlwaysAllow" @@ -726,30 +766,6 @@ client-ca 文件中的授权机构之一签名的客户端证书的请求进行 - ---cloud-config string - - - - -云厂商配置文件的路径。空字符串表示无配置文件。 - - - - ---cloud-provider string - - - - -云服务提供商。空字符串表示没有云厂商。 - - - --cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:"130.211.0.0/22,35.191.0.0/16" @@ -953,12 +969,9 @@ Enables the generic garbage collector. MUST be synced with the corresponding fla -如果为 true 且启用了 APIPriorityAndFairness 特性门控, -则使用增强的处理程序替换 max-in-flight 处理程序, +如果为 true,则使用增强的处理程序替换 max-in-flight 处理程序, 以便根据优先级和公平性完成排队和调度。 @@ -1188,8 +1201,6 @@ comma-separated 'key=True|False' pairs

    一组 key=value 对,用来描述测试性/试验性功能的特性门控。可选项有:
    -APIListChunking=true|false (BETA - 默认值=true)
    -APIPriorityAndFairness=true|false (BETA - 默认值=true)
    APIResponseCompression=true|false (BETA - 默认值=true)
    APIServerIdentity=true|false (BETA - 默认值=true)
    APIServerTracing=true|false (BETA - 默认值=true)
    @@ -1322,11 +1342,11 @@ CPUManagerPolicyBetaOptions=true|false (BETA - 默认值=true)
    CPUManagerPolicyOptions=true|false (BETA - 默认值=true)
    CRDValidationRatcheting=true|false (ALPHA - 默认值=false)
    CSIMigrationPortworx=true|false (BETA - 默认值=false)
    -CSINodeExpandSecret=true|false (BETA - 默认值=true)
    CSIVolumeHealth=true|false (ALPHA - 默认值=false)
    CloudControllerManagerWebhook=true|false (ALPHA - 默认值=false)
    -CloudDualStackNodeIPs=true|false (ALPHA - 默认值=false)
    +CloudDualStackNodeIPs=true|false (BETA - 默认值=true)
    ClusterTrustBundle=true|false (ALPHA - 默认值=false)
    +ClusterTrustBundleProjection=true|false (ALPHA - 默认值=false)
    ComponentSLIs=true|false (BETA - 默认值=true)
    ConsistentListFromCache=true|false (ALPHA - 默认值=false)
    ContainerCheckpoint=true|false (ALPHA - 默认值=false)
    @@ -1334,10 +1354,10 @@ ContextualLogging=true|false (ALPHA - 默认值=false)
    CronJobsScheduledAnnotation=true|false (BETA - 默认值=true)
    CrossNamespaceVolumeDataSource=true|false (ALPHA - 默认值=false)
    CustomCPUCFSQuotaPeriod=true|false (ALPHA - 默认值=false)
    -CustomResourceValidationExpressions=true|false (BETA - 默认值=true)
    -DevicePluginCDIDevices=true|false (ALPHA - 默认值=false)
    -DisableCloudProviders=true|false (ALPHA - 默认值=false)
    -DisableKubeletCloudCredentialProviders=true|false (ALPHA - 默认值=false)
    +DevicePluginCDIDevices=true|false (BETA - 默认值=true)
    +DisableCloudProviders=true|false (BETA - 默认值=true)
    +DisableKubeletCloudCredentialProviders=true|false (BETA - 默认值=true)
    +DisableNodeKubeProxyVersion=true|false (ALPHA - 默认值=false)
    DynamicResourceAllocation=true|false (ALPHA - 默认值=false)
    ElasticIndexedJob=true|false (BETA - 默认值=true)
    EventedPLEG=true|false (BETA - 默认值=false)
    @@ -1346,6 +1366,7 @@ GracefulNodeShutdownBasedOnPodPriority=true|false (BETA - 默认值=true)
    HPAContainerMetrics=true|false (BETA - 默认值=true)
    HPAScaleToZero=true|false (ALPHA - 默认值=false)
    HonorPVReclaimPolicy=true|false (ALPHA - 默认值=false)
    +ImageMaximumGCAge=true|false (ALPHA - 默认值=false)
    InPlacePodVerticalScaling=true|false (ALPHA - 默认值=false)
    InTreePluginAWSUnregister=true|false (ALPHA - 默认值=false)
    InTreePluginAzureDiskUnregister=true|false (ALPHA - 默认值=false)
    @@ -1354,74 +1375,84 @@ InTreePluginGCEUnregister=true|false (ALPHA - 默认值=false)
    InTreePluginOpenStackUnregister=true|false (ALPHA - 默认值=false)
    InTreePluginPortworxUnregister=true|false (ALPHA - 默认值=false)
    InTreePluginvSphereUnregister=true|false (ALPHA - 默认值=false)
    -JobBackoffLimitPerIndex=true|false (ALPHA - 默认值=false)
    +JobBackoffLimitPerIndex=true|false (BETA - 默认值=true)
    JobPodFailurePolicy=true|false (BETA - 默认值=true)
    -JobPodReplacementPolicy=true|false (ALPHA - 默认值=false)
    -JobReadyPods=true|false (BETA - 默认值=true)
    -KMSv2=true|false (BETA - 默认值=true)
    -KMSv2KDF=true|false (BETA - 默认值=false)
    +JobPodReplacementPolicy=true|false (BETA - 默认值=true)
    KubeProxyDrainingTerminatingNodes=true|false (ALPHA - 默认值=false)
    KubeletCgroupDriverFromCRI=true|false (ALPHA - 默认值=false)
    KubeletInUserNamespace=true|false (ALPHA - 默认值=false)
    KubeletPodResourcesDynamicResources=true|false (ALPHA - 默认值=false)
    KubeletPodResourcesGet=true|false (ALPHA - 默认值=false)
    +KubeletSeparateDiskGC=true|false (ALPHA - 默认值=false)
    KubeletTracing=true|false (BETA - 默认值=true)
    -LegacyServiceAccountTokenCleanUp=true|false (ALPHA - 默认值=false)
    +LegacyServiceAccountTokenCleanUp=true|false (BETA - 默认值=true)
    +LoadBalancerIPMode=true|false (ALPHA - 默认值=false)
    LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - 默认值=false)
    LogarithmicScaleDown=true|false (BETA - 默认值=true)
    LoggingAlphaOptions=true|false (ALPHA - 默认值=false)
    LoggingBetaOptions=true|false (BETA - 默认值=true)
    +MatchLabelKeysInPodAffinity=true|false (ALPHA - 默认值=false)
    MatchLabelKeysInPodTopologySpread=true|false (BETA - 默认值=true)
    MaxUnavailableStatefulSet=true|false (ALPHA - 默认值=false)
    MemoryManager=true|false (BETA - 默认值=true)
    MemoryQoS=true|false (ALPHA - 默认值=false)
    MinDomainsInPodTopologySpread=true|false (BETA - 默认值=true)
    -MultiCIDRRangeAllocator=true|false (ALPHA - 默认值=false)
    MultiCIDRServiceAllocator=true|false (ALPHA - 默认值=false)
    +NFTablesProxyMode=true|false (ALPHA - 默认值=false)
    NewVolumeManagerReconstruction=true|false (BETA - 默认值=true)
    NodeInclusionPolicyInPodTopologySpread=true|false (BETA - 默认值=true)
    NodeLogQuery=true|false (ALPHA - 默认值=false)
    NodeSwap=true|false (BETA - 默认值=false)
    OpenAPIEnums=true|false (BETA - 默认值=true)
    PDBUnhealthyPodEvictionPolicy=true|false (BETA - 默认值=true)
    -PersistentVolumeLastPhaseTransitionTime=true|false (ALPHA - 默认值=false)
    +PersistentVolumeLastPhaseTransitionTime=true|false (BETA - 默认值=true)
    PodAndContainerStatsFromCRI=true|false (ALPHA - 默认值=false)
    PodDeletionCost=true|false (BETA - 默认值=true)
    PodDisruptionConditions=true|false (BETA - 默认值=true)
    -PodHostIPs=true|false (ALPHA - 默认值=false)
    +PodHostIPs=true|false (BETA - 默认值=true)
    PodIndexLabel=true|false (BETA - 默认值=true)
    -PodReadyToStartContainersCondition=true|false (ALPHA - 默认值=false)
    +PodLifecycleSleepAction=true|false (ALPHA - 默认值=false)
    +PodReadyToStartContainersCondition=true|false (BETA - 默认值=true)
    PodSchedulingReadiness=true|false (BETA - 默认值=true)
    ProcMountType=true|false (ALPHA - 默认值=false)
    QOSReserved=true|false (ALPHA - 默认值=false)
    -ReadWriteOncePod=true|false (BETA - 默认值=true)
    RecoverVolumeExpansionFailure=true|false (ALPHA - 默认值=false)
    -RemainingItemCount=true|false (BETA - 默认值=true)
    RotateKubeletServerCertificate=true|false (BETA - 默认值=true)
    +RuntimeClassInImageCriApi=true|false (ALPHA - 默认值=false)
    SELinuxMountReadWriteOncePod=true|false (BETA - 默认值=true)
    -SchedulerQueueingHints=true|false (BETA - 默认值=true)
    +SchedulerQueueingHints=true|false (BETA - 默认值=false)
    SecurityContextDeny=true|false (ALPHA - 默认值=false)
    -ServiceNodePortStaticSubrange=true|false (BETA - 默认值=true)
    -SidecarContainers=true|false (ALPHA - 默认值=false)
    +SeparateTaintEvictionController=true|false (BETA - 默认值=true)
    +ServiceAccountTokenJTI=true|false (ALPHA - 默认值=false)
    +ServiceAccountTokenNodeBinding=true|false (ALPHA - 默认值=false)
    +ServiceAccountTokenNodeBindingValidation=true|false (ALPHA - 默认值=false)
    +ServiceAccountTokenPodNodeInfo=true|false (ALPHA - 默认值=false)
    +SidecarContainers=true|false (BETA - 默认值=true)
    SizeMemoryBackedVolumes=true|false (BETA - 默认值=true)
    -SkipReadOnlyValidationGCE=true|false (ALPHA - 默认值=false)
    StableLoadBalancerNodeSet=true|false (BETA - 默认值=true)
    StatefulSetAutoDeletePVC=true|false (BETA - 默认值=true)
    StatefulSetStartOrdinal=true|false (BETA - 默认值=true)
    StorageVersionAPI=true|false (ALPHA - 默认值=false)
    StorageVersionHash=true|false (BETA - 默认值=true)
    +StructuredAuthenticationConfiguration=true|false (ALPHA - 默认值=false)
    +StructuredAuthorizationConfiguration=true|false (ALPHA - 默认值=false)
    TopologyAwareHints=true|false (BETA - 默认值=true)
    TopologyManagerPolicyAlphaOptions=true|false (ALPHA - 默认值=false)
    TopologyManagerPolicyBetaOptions=true|false (BETA - 默认值=true)
    TopologyManagerPolicyOptions=true|false (BETA - 默认值=true)
    +TranslateStreamCloseWebsocketRequests=true|false (ALPHA - 默认值=false)
    +UnauthenticatedHTTP2DOSMitigation=true|false (BETA - 默认值=true)
    UnknownVersionInteroperabilityProxy=true|false (ALPHA - 默认值=false)
    +UserNamespacesPodSecurityStandards=true|false (ALPHA - 默认值=false)
    UserNamespacesSupport=true|false (ALPHA - 默认值=false)
    ValidatingAdmissionPolicy=true|false (BETA - 默认值=false)
    +VolumeAttributesClass=true|false (ALPHA - 默认值=false)
    VolumeCapacityPriority=true|false (ALPHA - 默认值=false)
    WatchList=true|false (ALPHA - 默认值=false)
    WinDSR=true|false (ALPHA - 默认值=false)
    WinOverlay=true|false (BETA - 默认值=true)
    -WindowsHostNetwork=true|false (ALPHA - 默认值=true) +WindowsHostNetwork=true|false (ALPHA - 默认值=true)
    +ZeroLimitedNominalConcurrencyShares=true|false (BETA - 默认值=false)

    From e0d86030410d65850a5abee71183c28c1a3e5664 Mon Sep 17 00:00:00 2001 From: Holger Schneider Date: Mon, 8 Jan 2024 12:29:14 +0000 Subject: [PATCH 165/279] Update cgroups.md made capitalization in list more consistent (capitalized all line starts) --- content/de/docs/concepts/architecture/cgroups.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/de/docs/concepts/architecture/cgroups.md b/content/de/docs/concepts/architecture/cgroups.md index 5034a969adc13..41158f908e247 100644 --- a/content/de/docs/concepts/architecture/cgroups.md +++ b/content/de/docs/concepts/architecture/cgroups.md @@ -23,11 +23,11 @@ cgroup v2 ist die nächste Version der Linux `cgroup` API. cgroup v2 stellt ein cgroup v2 bietet einige Verbesserungen gegenüber cgroup v1, zum Beispiel folgende: -- einzelnes vereinheitlichtes Hierarchiendesign in der API -- erhöhte Sicherheit bei sub-tree Delegierung zu Container +- Einzelnes vereinheitlichtes Hierarchiendesign in der API +- Erhöhte Sicherheit bei sub-tree Delegierung zu Container - Neuere Features, wie [Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html) -- erweitertes Ressourcen Zuteilungsmanagement und Isolierung über mehrfache Ressourcen - - einheitliche Erfassung für verschiedene Arten der Speicherzuteilung (Netzwerkspeicher, Kernelspeicher, usw.) +- Erweitertes Ressourcen Zuteilungsmanagement und Isolierung über mehrfache Ressourcen + - Einheitliche Erfassung für verschiedene Arten der Speicherzuteilung (Netzwerkspeicher, Kernelspeicher, usw.) - Erfassung nicht-unmittelbarer Ressourcenänderungen wie "page cache write backs" Manche Kubernetes Funktionen verwenden ausschließlich cgroup v2 für erweitertes Ressourcenmanagement und Isolierung. Die [MemoryQoS](/blog/2021/11/26/qos-memory-resources/) Funktion, zum Beispiel, verbessert Speicher QoS und setzt dabei auf cgroup v2 Primitives. From bfbe2db97ba8d5456cea2b6ca31ffd7a43e4df0b Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Mon, 8 Jan 2024 17:55:19 +0000 Subject: [PATCH 166/279] Highlight initial comment Make the initial comment extra obvious to readers. --- content/en/docs/tasks/administer-cluster/encrypt-data.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md index 8ec745e7415d0..7c89b2fc82824 100644 --- a/content/en/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/en/docs/tasks/administer-cluster/encrypt-data.md @@ -65,7 +65,10 @@ decrypt data stored in the etcd. ## Understanding the encryption at rest configuration -```yaml + + + +{{< highlight yaml "linenos=false,hl_lines=2-5" >}} --- # # CAUTION: this is an example configuration. @@ -118,7 +121,7 @@ resources: keys: - name: key3 secret: c2VjcmV0IGlzIHNlY3VyZSwgSSB0aGluaw== -``` +{{< /highlight >}} Each `resources` array item is a separate config and contains a complete configuration. The `resources.resources` field is an array of Kubernetes resource names (`resource` or `resource.group`) From 16a832660f0256617badf76b4dacc05a1560e44f Mon Sep 17 00:00:00 2001 From: Arhell Date: Tue, 9 Jan 2024 02:19:31 +0200 Subject: [PATCH 167/279] [zh] Fix typo & link --- .../custom-resources/custom-resource-definitions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md b/content/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md index 520e835d2a86f..c81975a68d106 100644 --- a/content/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md +++ b/content/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md @@ -624,7 +624,7 @@ would be sent to the API server. #### Controlling pruning By default, all unspecified fields for a custom resource, across all versions, are pruned. It is possible though to -opt-out of that for specifc sub-trees of fields by adding `x-kubernetes-preserve-unknown-fields: true` in the +opt-out of that for specific sub-trees of fields by adding `x-kubernetes-preserve-unknown-fields: true` in the [structural OpenAPI v3 validation schema](#specifying-a-structural-schema). For example: @@ -1942,7 +1942,7 @@ CEL [`Optional`](https://pkg.go.dev/github.com/google/cel-go/cel#OptionalTypes) -代理服务器的 IP 地址(所有 IPv4 接口设置为 “0.0.0.0”,所有 IPv6 接口设置为 “::”)。 +重写 kube-proxy 对其节点主要 IP 的理解。请注意,此名称是一个历史遗留字段, +并且 kube-proxy 实际上并没有将任何套接字绑定到此 IP。 如果配置文件由 --config 指定,则忽略此参数。

    @@ -123,13 +124,11 @@ If true cleanup iptables and ipvs rules and exit.

    -集群中 Pod 的 CIDR 范围。配置后,将从该范围之外发送到服务集群 IP -的流量被伪装,从 Pod 发送到外部 LoadBalancer IP -的流量将被重定向到相应的集群 IP。 -对于双协议栈集群,接受一个逗号分隔的列表, -每个 IP 协议族(IPv4 和 IPv6)至少包含一个 CIDR。 +集群中 Pod 的 CIDR 范围。对于双协议栈集群,这可以是逗号分隔的双协议栈 CIDR 范围对。 +当 --detect-local-mode 设置为 ClusterCIDR 时, +kube-proxy 会将源 IP 在此范围内的流量视为本地流量。否则不使用此字段。 如果配置文件由 --config 指定,则忽略此参数。

    @@ -189,6 +188,18 @@ Minimum number of conntrack entries to allocate, regardless of conntrack-max-per + +--conntrack-tcp-be-liberal + + +

    + +通过将 nf_conntrack_tcp_be_liberal 设置为 1,启用宽松模式以跟踪 TCP 数据包。 +

    + + --conntrack-tcp-timeout-close-wait duration     默认值:1h0m0s @@ -216,6 +227,30 @@ Idle timeout for established TCP connections (0 to leave as-is) + +--conntrack-udp-timeout duration + + +

    + +UNREPLIED UDP 连接的空闲超时(0 保持当前设置)。 +

    + + + +--conntrack-udp-timeout-stream duration + + +

    + +ASSURED UDP 连接的空闲超时(0 保持当前设置)。 +

    + + --detect-local-mode LocalMode @@ -237,8 +272,6 @@ Mode to use to detect local traffic. This parameter is ignored if a config file

    一组 key=value 对,用来描述测试性/试验性功能的特性门控。可选项有:
    -APIListChunking=true|false (BETA - 默认值为 true)
    -APIPriorityAndFairness=true|false (BETA - 默认值为 true)
    -APIResponseCompression=true|false (BETA - 默认值为 true)
    -APIServerIdentity=true|false (BETA - 默认值为 true)
    -APIServerTracing=true|false (BETA - 默认值为 true)
    -AdmissionWebhookMatchConditions=true|false (BETA - 默认值为 true)
    -AggregatedDiscoveryEndpoint=true|false (BETA - 默认值为 true)
    -AllAlpha=true|false (ALPHA - 默认值为 false)
    -AllBeta=true|false (BETA - 默认值为 false)
    -AnyVolumeDataSource=true|false (BETA - 默认值为 true)
    -AppArmor=true|false (BETA - 默认值为 true)
    -CPUManagerPolicyAlphaOptions=true|false (ALPHA - 默认值为 false)
    -CPUManagerPolicyBetaOptions=true|false (BETA - 默认值为 true)
    -CPUManagerPolicyOptions=true|false (BETA - 默认值为 true)
    -CRDValidationRatcheting=true|false (ALPHA - 默认值为 false)
    -CSIMigrationPortworx=true|false (BETA - 默认值为 false)
    -CSINodeExpandSecret=true|false (BETA - 默认值为 true)
    -CSIVolumeHealth=true|false (ALPHA - 默认值为 false)
    -CloudControllerManagerWebhook=true|false (ALPHA - 默认值为 false)
    -CloudDualStackNodeIPs=true|false (ALPHA - 默认值为 false)
    -ClusterTrustBundle=true|false (ALPHA - 默认值为 false)
    -ComponentSLIs=true|false (BETA - 默认值为 true)
    -ConsistentListFromCache=true|false (ALPHA - 默认值为 false)
    -ContainerCheckpoint=true|false (ALPHA - 默认值为 false)
    -ContextualLogging=true|false (ALPHA - 默认值为 false)
    -CronJobsScheduledAnnotation=true|false (BETA - 默认值为 true)
    -CrossNamespaceVolumeDataSource=true|false (ALPHA - 默认值为 false)
    -CustomCPUCFSQuotaPeriod=true|false (ALPHA - 默认值为 false)
    -CustomResourceValidationExpressions=true|false (BETA - 默认值为 true)
    -DevicePluginCDIDevices=true|false (ALPHA - 默认值为 false)
    -DisableCloudProviders=true|false (ALPHA - 默认值为 false)
    -DisableKubeletCloudCredentialProviders=true|false (ALPHA - 默认值为 false)
    -DynamicResourceAllocation=true|false (ALPHA - 默认值为 false)
    -ElasticIndexedJob=true|false (BETA - 默认值为 true)
    -EventedPLEG=true|false (BETA - 默认值为 false)
    -GracefulNodeShutdown=true|false (BETA - 默认值为 true)
    -GracefulNodeShutdownBasedOnPodPriority=true|false (BETA - 默认值为 true)
    -HPAContainerMetrics=true|false (BETA - 默认值为 true)
    -HPAScaleToZero=true|false (ALPHA - 默认值为 false)
    -HonorPVReclaimPolicy=true|false (ALPHA - 默认值为 false)
    -InPlacePodVerticalScaling=true|false (ALPHA - 默认值为 false)
    -InTreePluginAWSUnregister=true|false (ALPHA - 默认值为 false)
    -InTreePluginAzureDiskUnregister=true|false (ALPHA - 默认值为 false)
    -InTreePluginAzureFileUnregister=true|false (ALPHA - 默认值为 false)
    -InTreePluginGCEUnregister=true|false (ALPHA - 默认值为 false)
    -InTreePluginOpenStackUnregister=true|false (ALPHA - 默认值为 false)
    -InTreePluginPortworxUnregister=true|false (ALPHA - 默认值为 false)
    -InTreePluginvSphereUnregister=true|false (ALPHA - 默认值为 false)
    -JobBackoffLimitPerIndex=true|false (ALPHA - 默认值为 false)
    -JobPodFailurePolicy=true|false (BETA - 默认值为 true)
    -JobPodReplacementPolicy=true|false (ALPHA - 默认值为 false)
    J -obReadyPods=true|false (BETA - 默认值为 true)
    -KMSv2=true|false (BETA - 默认值为 true)
    -KMSv2KDF=true|false (BETA - 默认值为 false)
    -KubeProxyDrainingTerminatingNodes=true|false (ALPHA - 默认值为 false)
    -KubeletCgroupDriverFromCRI=true|false (ALPHA - 默认值为 false)
    -KubeletInUserNamespace=true|false (ALPHA - 默认值为 false)
    -KubeletPodResourcesDynamicResources=true|false (ALPHA - 默认值为 false)
    -KubeletPodResourcesGet=true|false (ALPHA - 默认值为 false)
    -KubeletTracing=true|false (BETA - 默认值为 true)
    -LegacyServiceAccountTokenCleanUp=true|false (ALPHA - 默认值为 false)
    -LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - 默认值为 false)
    -LogarithmicScaleDown=true|false (BETA - 默认值为 true)
    -LoggingAlphaOptions=true|false (ALPHA - 默认值为 false)
    -LoggingBetaOptions=true|false (BETA - 默认值为 true)
    -MatchLabelKeysInPodTopologySpread=true|false (BETA - 默认值为 true)
    -MaxUnavailableStatefulSet=true|false (ALPHA - 默认值为 false)
    -MemoryManager=true|false (BETA - 默认值为 true)
    -MemoryQoS=true|false (ALPHA - 默认值为 false)
    -MinDomainsInPodTopologySpread=true|false (BETA - 默认值为 true)
    -MultiCIDRRangeAllocator=true|false (ALPHA - 默认值为 false)
    -MultiCIDRServiceAllocator=true|false (ALPHA - 默认值为 false)
    -NewVolumeManagerReconstruction=true|false (BETA - 默认值为 true)
    -NodeInclusionPolicyInPodTopologySpread=true|false (BETA - 默认值为 true)
    -NodeLogQuery=true|false (ALPHA - 默认值为 false)
    -NodeSwap=true|false (BETA - 默认值为 false)
    -OpenAPIEnums=true|false (BETA - 默认值为 true)
    -PDBUnhealthyPodEvictionPolicy=true|false (BETA - 默认值为 true)
    -PersistentVolumeLastPhaseTransitionTime=true|false (ALPHA - 默认值为 false)
    -PodAndContainerStatsFromCRI=true|false (ALPHA - 默认值为 false)
    -PodDeletionCost=true|false (BETA - 默认值为 true)
    -PodDisruptionConditions=true|false (BETA - 默认值为 true)
    -PodHostIPs=true|false (ALPHA - 默认值为 false)
    -PodIndexLabel=true|false (BETA - 默认值为 true)
    -PodReadyToStartContainersCondition=true|false (ALPHA - 默认值为 false)
    -PodSchedulingReadiness=true|false (BETA - 默认值为 true)
    -ProcMountType=true|false (ALPHA - 默认值为 false)
    -QOSReserved=true|false (ALPHA - 默认值为 false)
    -ReadWriteOncePod=true|false (BETA - 默认值为 true)
    -RecoverVolumeExpansionFailure=true|false (ALPHA - 默认值为 false)
    -RemainingItemCount=true|false (BETA - 默认值为 true)
    -RotateKubeletServerCertificate=true|false (BETA - 默认值为 true)
    -SELinuxMountReadWriteOncePod=true|false (BETA - 默认值为 true)
    -SchedulerQueueingHints=true|false (BETA - 默认值为 true)
    -SecurityContextDeny=true|false (ALPHA - 默认值为 false)
    -ServiceNodePortStaticSubrange=true|false (BETA - 默认值为 true)
    -SidecarContainers=true|false (ALPHA - 默认值为 false)
    -SizeMemoryBackedVolumes=true|false (BETA - 默认值为 true)
    -SkipReadOnlyValidationGCE=true|false (ALPHA - 默认值为 false)
    -StableLoadBalancerNodeSet=true|false (BETA - 默认值为 true)
    -StatefulSetAutoDeletePVC=true|false (BETA - 默认值为 true)
    -StatefulSetStartOrdinal=true|false (BETA - 默认值为 true)
    -StorageVersionAPI=true|false (ALPHA - 默认值为 false)
    -StorageVersionHash=true|false (BETA - 默认值为 true)
    -TopologyAwareHints=true|false (BETA - 默认值为 true)
    -TopologyManagerPolicyAlphaOptions=true|false (ALPHA - 默认值为 false)
    -TopologyManagerPolicyBetaOptions=true|false (BETA - 默认值为 true)
    -TopologyManagerPolicyOptions=true|false (BETA - 默认值为 true)
    -UnknownVersionInteroperabilityProxy=true|false (ALPHA - 默认值为 false)
    -UserNamespacesSupport=true|false (ALPHA - 默认值为 false)
    -ValidatingAdmissionPolicy=true|false (BETA - 默认值为 false)
    -VolumeCapacityPriority=true|false (ALPHA - 默认值为 false)
    -WatchList=true|false (ALPHA - 默认值为 false)
    -WinDSR=true|false (ALPHA - 默认值为 false)
    -WinOverlay=true|false (BETA - 默认值为 true)
    -WindowsHostNetwork=true|false (ALPHA - 默认值为 true)
    +APIResponseCompression=true|false (BETA - 默认值=true)
    +APIServerIdentity=true|false (BETA - 默认值=true)
    +APIServerTracing=true|false (BETA - 默认值=true)
    +AdmissionWebhookMatchConditions=true|false (BETA - 默认值=true)
    +AggregatedDiscoveryEndpoint=true|false (BETA - 默认值=true)
    +AllAlpha=true|false (ALPHA - 默认值=false)
    +AllBeta=true|false (BETA - 默认值=false)
    +AnyVolumeDataSource=true|false (BETA - 默认值=true)
    +AppArmor=true|false (BETA - 默认值=true)
    +CPUManagerPolicyAlphaOptions=true|false (ALPHA - 默认值=false)
    +CPUManagerPolicyBetaOptions=true|false (BETA - 默认值=true)
    +CPUManagerPolicyOptions=true|false (BETA - 默认值=true)
    +CRDValidationRatcheting=true|false (ALPHA - 默认值=false)
    +CSIMigrationPortworx=true|false (BETA - 默认值=false)
    +CSIVolumeHealth=true|false (ALPHA - 默认值=false)
    +CloudControllerManagerWebhook=true|false (ALPHA - 默认值=false)
    +CloudDualStackNodeIPs=true|false (BETA - 默认值=true)
    +ClusterTrustBundle=true|false (ALPHA - 默认值=false)
    +ClusterTrustBundleProjection=true|false (ALPHA - 默认值=false)
    +ComponentSLIs=true|false (BETA - 默认值=true)
    +ConsistentListFromCache=true|false (ALPHA - 默认值=false)
    +ContainerCheckpoint=true|false (ALPHA - 默认值=false)
    +ContextualLogging=true|false (ALPHA - 默认值=false)
    +CronJobsScheduledAnnotation=true|false (BETA - 默认值=true)
    +CrossNamespaceVolumeDataSource=true|false (ALPHA - 默认值=false)
    +CustomCPUCFSQuotaPeriod=true|false (ALPHA - 默认值=false)
    +DevicePluginCDIDevices=true|false (BETA - 默认值=true)
    +DisableCloudProviders=true|false (BETA - 默认值=true)
    +DisableKubeletCloudCredentialProviders=true|false (BETA - 默认值=true)
    +DisableNodeKubeProxyVersion=true|false (ALPHA - 默认值=false)
    +DynamicResourceAllocation=true|false (ALPHA - 默认值=false)
    +ElasticIndexedJob=true|false (BETA - 默认值=true)
    +EventedPLEG=true|false (BETA - 默认值=false)
    +GracefulNodeShutdown=true|false (BETA - 默认值=true)
    +GracefulNodeShutdownBasedOnPodPriority=true|false (BETA - 默认值=true)
    +HPAContainerMetrics=true|false (BETA - 默认值=true)
    +HPAScaleToZero=true|false (ALPHA - 默认值=false)
    +HonorPVReclaimPolicy=true|false (ALPHA - 默认值=false)
    +ImageMaximumGCAge=true|false (ALPHA - 默认值=false)
    +InPlacePodVerticalScaling=true|false (ALPHA - 默认值=false)
    +InTreePluginAWSUnregister=true|false (ALPHA - 默认值=false)
    +InTreePluginAzureDiskUnregister=true|false (ALPHA - 默认值=false)
    +InTreePluginAzureFileUnregister=true|false (ALPHA - 默认值=false)
    +InTreePluginGCEUnregister=true|false (ALPHA - 默认值=false)
    +InTreePluginOpenStackUnregister=true|false (ALPHA - 默认值=false)
    +InTreePluginPortworxUnregister=true|false (ALPHA - 默认值=false)
    +InTreePluginvSphereUnregister=true|false (ALPHA - 默认值=false)
    +JobBackoffLimitPerIndex=true|false (BETA - 默认值=true)
    +JobPodFailurePolicy=true|false (BETA - 默认值=true)
    +JobPodReplacementPolicy=true|false (BETA - 默认值=true)
    +KubeProxyDrainingTerminatingNodes=true|false (ALPHA - 默认值=false)
    +KubeletCgroupDriverFromCRI=true|false (ALPHA - 默认值=false)
    +KubeletInUserNamespace=true|false (ALPHA - 默认值=false)
    +KubeletPodResourcesDynamicResources=true|false (ALPHA - 默认值=false)
    +KubeletPodResourcesGet=true|false (ALPHA - 默认值=false)
    +KubeletSeparateDiskGC=true|false (ALPHA - 默认值=false)
    +KubeletTracing=true|false (BETA - 默认值=true)
    +LegacyServiceAccountTokenCleanUp=true|false (BETA - 默认值=true)
    +LoadBalancerIPMode=true|false (ALPHA - 默认值=false)
    +LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - 默认值=false)
    +LogarithmicScaleDown=true|false (BETA - 默认值=true)
    +LoggingAlphaOptions=true|false (ALPHA - 默认值=false)
    +LoggingBetaOptions=true|false (BETA - 默认值=true)
    +MatchLabelKeysInPodAffinity=true|false (ALPHA - 默认值=false)
    +MatchLabelKeysInPodTopologySpread=true|false (BETA - 默认值=true)
    +MaxUnavailableStatefulSet=true|false (ALPHA - 默认值=false)
    +MemoryManager=true|false (BETA - 默认值=true)
    +MemoryQoS=true|false (ALPHA - 默认值=false)
    +MinDomainsInPodTopologySpread=true|false (BETA - 默认值=true)
    +MultiCIDRServiceAllocator=true|false (ALPHA - 默认值=false)
    +NFTablesProxyMode=true|false (ALPHA - 默认值=false)
    +NewVolumeManagerReconstruction=true|false (BETA - 默认值=true)
    +NodeInclusionPolicyInPodTopologySpread=true|false (BETA - 默认值=true)
    +NodeLogQuery=true|false (ALPHA - 默认值=false)
    +NodeSwap=true|false (BETA - 默认值=false)
    +OpenAPIEnums=true|false (BETA - 默认值=true)
    +PDBUnhealthyPodEvictionPolicy=true|false (BETA - 默认值=true)
    +PersistentVolumeLastPhaseTransitionTime=true|false (BETA - 默认值=true)
    +PodAndContainerStatsFromCRI=true|false (ALPHA - 默认值=false)
    +PodDeletionCost=true|false (BETA - 默认值=true)
    +PodDisruptionConditions=true|false (BETA - 默认值=true)
    +PodHostIPs=true|false (BETA - 默认值=true)
    +PodIndexLabel=true|false (BETA - 默认值=true)
    +PodLifecycleSleepAction=true|false (ALPHA - 默认值=false)
    +PodReadyToStartContainersCondition=true|false (BETA - 默认值=true)
    +PodSchedulingReadiness=true|false (BETA - 默认值=true)
    +ProcMountType=true|false (ALPHA - 默认值=false)
    +QOSReserved=true|false (ALPHA - 默认值=false)
    +RecoverVolumeExpansionFailure=true|false (ALPHA - 默认值=false)
    +RotateKubeletServerCertificate=true|false (BETA - 默认值=true)
    +RuntimeClassInImageCriApi=true|false (ALPHA - 默认值=false)
    +SELinuxMountReadWriteOncePod=true|false (BETA - 默认值=true)
    +SchedulerQueueingHints=true|false (BETA - 默认值=false)
    +SecurityContextDeny=true|false (ALPHA - 默认值=false)
    +SeparateTaintEvictionController=true|false (BETA - 默认值=true)
    +ServiceAccountTokenJTI=true|false (ALPHA - 默认值=false)
    +ServiceAccountTokenNodeBinding=true|false (ALPHA - 默认值=false)
    +ServiceAccountTokenNodeBindingValidation=true|false (ALPHA - 默认值=false)
    +ServiceAccountTokenPodNodeInfo=true|false (ALPHA - 默认值=false)
    +SidecarContainers=true|false (BETA - 默认值=true)
    +SizeMemoryBackedVolumes=true|false (BETA - 默认值=true)
    +StableLoadBalancerNodeSet=true|false (BETA - 默认值=true)
    +StatefulSetAutoDeletePVC=true|false (BETA - 默认值=true)
    +StatefulSetStartOrdinal=true|false (BETA - 默认值=true)
    +StorageVersionAPI=true|false (ALPHA - 默认值=false)
    +StorageVersionHash=true|false (BETA - 默认值=true)
    +StructuredAuthenticationConfiguration=true|false (ALPHA - 默认值=false)
    +StructuredAuthorizationConfiguration=true|false (ALPHA - 默认值=false)
    +TopologyAwareHints=true|false (BETA - 默认值=true)
    +TopologyManagerPolicyAlphaOptions=true|false (ALPHA - 默认值=false)
    +TopologyManagerPolicyBetaOptions=true|false (BETA - 默认值=true)
    +TopologyManagerPolicyOptions=true|false (BETA - 默认值=true)
    +TranslateStreamCloseWebsocketRequests=true|false (ALPHA - 默认值=false)
    +UnauthenticatedHTTP2DOSMitigation=true|false (BETA - 默认值=true)
    +UnknownVersionInteroperabilityProxy=true|false (ALPHA - 默认值=false)
    +UserNamespacesPodSecurityStandards=true|false (ALPHA - 默认值=false)
    +UserNamespacesSupport=true|false (ALPHA - 默认值=false)
    +ValidatingAdmissionPolicy=true|false (BETA - 默认值=false)
    +VolumeAttributesClass=true|false (ALPHA - 默认值=false)
    +VolumeCapacityPriority=true|false (ALPHA - 默认值=false)
    +WatchList=true|false (ALPHA - 默认值=false)
    +WinDSR=true|false (ALPHA - 默认值=false)
    +WinOverlay=true|false (BETA - 默认值=true)
    +WindowsHostNetwork=true|false (ALPHA - 默认值=true)
    +ZeroLimitedNominalConcurrencyShares=true|false (BETA - 默认值=false)
    如果配置文件由 --config 指定,则忽略此参数。

    @@ -483,12 +536,12 @@ WindowsHostNetwork=true|false (ALPHA - 默认值为 true)

    -服务健康状态检查的 IP 地址和端口(设置为 '0.0.0.0:10256' 表示使用所有 -IPv4 接口,设置为 '[::]:10256' 表示使用所有 IPv6 接口); -设置为空则禁用。 -如果配置文件由 --config 指定,则忽略此参数。 +服务健康状态检查的 IP 地址和端口。 +如果 --bind-address 未设置或设置为 IPv4,则默认为 “0.0.0.0:10256”。 +如果 --bind-address 设置为 IPv6,则默认为 “[::]:10256”。 +设置为空则禁用。如果配置文件由 --config 指定,则忽略此参数。

    @@ -512,13 +565,27 @@ kube-proxy 操作的帮助命令。

    如果非空,将使用此字符串而不是实际的主机名作为标识。 +如果不设置,节点名称假定为与节点的主机名相同。

    + +--init-only + + +

    + +如果设置为 true,则执行需要完整 root 权限才能执行的所有初始化步骤,然后退出。 +完成此操作后,你可以仅使用 CAP_NET_ADMIN 权能再次运行 kube-proxy。 +

    + + --iptables-localhost-nodeports     默认值:true @@ -527,11 +594,11 @@ If non-empty, will use this string as identification instead of the actual hostn

    如果设为 false,Kube-proxy 将禁用允许通过本地主机访问 NodePort 服务的传统行为, -这仅适用于 iptables 模式和 ipv4。 +这仅适用于 iptables 模式和 ipv4。本地主机的 NodePort 在其他代理模式或 IPv6 下是不允许的。

    @@ -542,9 +609,9 @@ If false Kube-proxy will disable the legacy behavior of allowing NodePort servic

    -在使用纯 iptables 代理时,用来设置 fwmark 空间的 bit,标记需要 +在使用 iptables 或 ipvs 代理模式时,用来设置 fwmark 空间的 bit,标记需要 SNAT 的数据包。必须在 [0,31] 范围内。

    @@ -556,9 +623,10 @@ SNAT 的数据包。必须在 [0,31] 范围内。

    -iptables 规则可以随着端点和服务的更改而刷新的最小间隔(例如 '5s'、'1m'、'2h22m')。 +iptables 规则重新同步之间的最小间隔(例如 '5s'、'1m'、'2h22m')。 +值为 0 表示每次 Service 或 EndpointSlice 更改都会立即进行 iptables 重新同步。

    @@ -569,9 +637,9 @@ iptables 规则可以随着端点和服务的更改而刷新的最小间隔(

    -刷新 iptables 规则的最大间隔(例如 '5s'、'1m'、'2h22m')。必须大于 0。 +表示各种重新同步和清理操作执行频率的时间间隔(例如 '5s'、'1m'、'2h22m')。必须大于 0。

    @@ -595,9 +663,10 @@ A comma-separated list of CIDR's which the ipvs proxier should not touch when cl

    -ipvs 规则可以随着端点和服务的更改而刷新的最小间隔(例如 '5s'、'1m'、'2h22m')。 +ipvs 规则重新同步之间的最小间隔(例如 '5s'、'1m'、'2h22m')。 +值为 0 表示每次 Service 或 EndpointSlice 更改都会立即进行 ipvs 重新同步。

    @@ -635,9 +704,9 @@ Enable strict ARP by setting arp_ignore to 1 and arp_announce to 2

    -刷新 ipvs 规则的最大间隔(例如 '5s'、'1m'、'2h22m')。必须大于 0。 +表示各种重新同步和清理操作执行频率的时间间隔(例如 '5s'、'1m'、'2h22m')。必须大于 0。

    @@ -842,10 +911,10 @@ Comma-separated list of files to check for machine-id. Use the first one that ex

    -如果使用纯 iptables 代理,则对通过服务集群 IP 发送的所有流量 -进行 SNAT(通常不需要)。 +如果使用 iptables 或 ipvs 代理模式,则对通过 Service 集群 IP 发送的所有流量进行 SNAT。 +这对某些 CNI 插件可能是必需的。

    @@ -869,12 +938,13 @@ Kubernetes API 服务器的地址(覆盖 kubeconfig 中的相关值)。

    -metrics 服务器要使用的 IP 地址和端口 -(设置为 '0.0.0.0:10249' 则使用所有 IPv4 接口,设置为 '[::]:10249' 则使用所有 IPv6 接口) -设置为空则禁用。 -如果配置文件由 --config 指定,则忽略此参数。 +metrics 服务器要使用的 IP 地址和端口。 +如果 --bind-address 未设置或设置为 IPv4,则默认为 "127.0.0.1:10249"。 +如果 --bind-address 设置为 IPv6,则默认为 "[::1]:10249"。 +设置为 "0.0.0.0:10249" / "[::]:10249" 可以在所有接口上进行绑定。 +设置为空则禁用。如果配置文件由 --config 指定,则忽略此参数。

    @@ -885,11 +955,11 @@ metrics 服务器要使用的 IP 地址和端口

    -一个字符串值,指定用于 NodePort 服务的地址。 -值可以是有效的 IP 块(例如 1.2.3.0/24, 1.2.3.4/32)。 -默认的空字符串切片([])表示使用所有本地地址。 +一个包含有效节点 IP 的 CIDR 范围列表。 +如果设置了,到 NodePort 服务的连接只会在节点 IP 在指定范围内时才会被接受。 +如果不设置,则 NodePort 连接将在所有本地 IP 上被接受。 如果配置文件由 --config 指定,则忽略此参数。

    @@ -928,11 +998,10 @@ kube-proxy 进程中的 oom-score-adj 值,必须在 [-1000,1000] 范围内。 -集群中的一个桥接接口名称。 -Kube-proxy 将来自与该值匹配的桥接接口的流量视为本地流量。 -如果 DetectLocalMode 设置为 BridgeInterface,则应设置该参数。 +一个桥接接口名称。当 --detect-local-mode 设置为 BridgeInterface 时, +kube-proxy 会将源自此桥接的流量视为本地流量。 @@ -942,11 +1011,10 @@ Kube-proxy 将来自与该值匹配的桥接接口的流量视为本地流量。 -集群中的一个接口前缀。 -Kube-proxy 将来自与给定前缀匹配的接口的流量视为本地流量。 -如果 DetectLocalMode 设置为 InterfaceNamePrefix,则应设置该参数。 +一个接口名称前缀。当 --detect-local-mode 设置为 InterfaceNamePrefix 时, +kube-proxy 会将源自名称以该前缀开头的所有接口的流量视为本地流量。 @@ -979,21 +1047,6 @@ Which proxy mode to use: on Linux this can be 'iptables' (default) or 'ipvs'. On - ---proxy-port-range port-range - - -

    - -可以用来代理服务流量的主机端口范围(包括'起始端口-结束端口'、 -'单个端口'、'起始端口+偏移'几种形式)。 -如果未指定或者设置为 0(或 0-0),则随机选择端口。 -

    - - - --show-hidden-metrics-for-version string @@ -1020,7 +1073,7 @@ The previous version for which you want to show hidden metrics. Only the previou -如果为 true,则避免在日志消息中使用头部前缀 +如果为 true,则避免在日志消息中使用头部前缀。

    @@ -1042,10 +1095,10 @@ If true, avoid headers when opening log files (no effect when -logtostderr=true)

    当写入到文件或 stderr 时设置严重程度达到或超过此阈值的日志输出到 stderr -(当 --logtostderr=true--alsologtostderr=false 时不生效)。 +(当 --logtostderr=true--alsologtostderr=true 时不生效)。

    From e74d66cfe1f2512bc6932879ca5b0fbeaf3e5a41 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Mon, 8 Jan 2024 22:14:09 +0800 Subject: [PATCH 170/279] [zh-cn] sync coarse-parallel-processing-work-queue.md Signed-off-by: xin.li --- .../coarse-parallel-processing-work-queue.md | 270 ++++++++++-------- 1 file changed, 155 insertions(+), 115 deletions(-) diff --git a/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md b/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md index 4a48febbd3421..80a193750d5cd 100644 --- a/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md +++ b/content/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue.md @@ -1,13 +1,11 @@ --- title: 使用工作队列进行粗粒度并行处理 -min-kubernetes-server-version: v1.8 content_type: task weight: 20 --- @@ -15,7 +13,7 @@ weight: 20 -本例中,我们会运行包含多个并行工作进程的 Kubernetes Job。 +本例中,你将会运行包含多个并行工作进程的 Kubernetes Job。 本例中,每个 Pod 一旦被创建,会立即从任务队列中取走一个工作单元并完成它,然后将工作单元从队列中删除后再退出。 @@ -51,15 +49,24 @@ Here is an overview of the steps in this example: -要熟悉 Job 基本用法(非并行的),请参考 +你应当熟悉 Job 的基本用法(非并行的),请参考 [Job](/zh-cn/docs/concepts/workloads/controllers/job/)。 {{< include "task-tutorial-prereqs.md" >}} + +你需要一个容器镜像仓库,用来向其中上传镜像以在集群中运行。 + +此任务示例还假设你已在本地安装了 Docker。 + ```shell -kubectl create -f https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.3/examples/celery-rabbitmq/rabbitmq-service.yaml +# 为 StatefulSet 创建一个 Service 来使用 +kubectl create -f https://kubernetes.io/examples/application/job/rabbitmq-service.yaml ``` ``` service "rabbitmq-service" created ``` ```shell -kubectl create -f https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.3/examples/celery-rabbitmq/rabbitmq-controller.yaml +kubectl create -f https://kubernetes.io/examples/application/job/rabbitmq-statefulset.yaml ``` ``` -replicationcontroller "rabbitmq-controller" created +statefulset "rabbitmq" created ``` - -我们仅用到 -[celery-rabbitmq 示例](https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/celery-rabbitmq)中描述的部分功能。 - 请注意你的 Pod 名称和命令提示符将会不同。 -接下来安装 `amqp-tools`,这样我们就能用消息队列了。 +接下来安装 `amqp-tools`,这样你就能用消息队列了。 +下面是在该 Pod 的交互式 shell 中需要运行的命令: ```shell -# 安装一些工具 -root@temp-loe07:/# apt-get update -.... [ lots of output ] .... -root@temp-loe07:/# apt-get install -y curl ca-certificates amqp-tools python dnsutils -.... [ lots of output ] .... +apt-get update && apt-get install -y curl ca-certificates amqp-tools python dnsutils ``` -后续,我们将制作一个包含这些包的 Docker 镜像。 +后续,你将制作一个包含这些包的容器镜像。 -接着,我们将要验证可以发现 RabbitMQ 服务: +接着,你将要验证可以发现 RabbitMQ 服务: ``` +# 在 Pod 内运行这些命令 # 请注意 rabbitmq-service 拥有一个由 Kubernetes 提供的 DNS 名称: -root@temp-loe07:/# nslookup rabbitmq-service +nslookup rabbitmq-service +``` +``` Server: 10.0.0.10 Address: 10.0.0.10#53 Name: rabbitmq-service.default.svc.cluster.local Address: 10.0.147.152 - -# 你的 IP 地址会不同 ``` + +(IP 地址会有所不同) -如果 Kube-DNS 没有正确安装,上一步可能会出错。 -你也可以在环境变量中找到服务 IP。 +如果 kube-dns 插件没有正确安装,上一步可能会出错。 +你也可以在环境变量中找到该服务的 IP 地址。 +```shell +# 在 Pod 内运行此检查 +env | grep RABBITMQ_SERVICE | grep HOST +``` ``` -# env | grep RABBIT | grep HOST RABBITMQ_SERVICE_SERVICE_HOST=10.0.147.152 - -# 你的 IP 地址会有所不同 ``` + +(IP 地址会有所不同) -接着我们将要确认可以创建队列,并能发布消息和消费消息。 +接下来,你将验证是否可以创建队列以及发布和使用消息。 ```shell +# 在 Pod 内运行这些命令 # 下一行,rabbitmq-service 是访问 rabbitmq-service 的主机名。5672是 rabbitmq 的标准端口。 -root@temp-loe07:/# export BROKER_URL=amqp://guest:guest@rabbitmq-service:5672 +export BROKER_URL=amqp://guest:guest@rabbitmq-service:5672 # 如果上一步中你不能解析 "rabbitmq-service",可以用下面的命令替换: -# root@temp-loe07:/# BROKER_URL=amqp://guest:guest@$RABBITMQ_SERVICE_SERVICE_HOST:5672 +BROKER_URL=amqp://guest:guest@$RABBITMQ_SERVICE_SERVICE_HOST:5672 # 现在创建队列: -root@temp-loe07:/# /usr/bin/amqp-declare-queue --url=$BROKER_URL -q foo -d foo +/usr/bin/amqp-declare-queue --url=$BROKER_URL -q foo -d foo +``` +``` +foo +``` -# 向它推送一条消息: + +向队列推送一条消息: -root@temp-loe07:/# /usr/bin/amqp-publish --url=$BROKER_URL -r foo -p -b Hello +```shell +/usr/bin/amqp-publish --url=$BROKER_URL -r foo -p -b Hello # 然后取回它: -root@temp-loe07:/# /usr/bin/amqp-consume --url=$BROKER_URL -q foo -c 1 cat && echo +/usr/bin/amqp-consume --url=$BROKER_URL -q foo -c 1 cat && echo +``` +``` Hello -root@temp-loe07:/# ``` 最后一个命令中,`amqp-consume` 工具从队列中取走了一个消息,并把该消息传递给了随机命令的标准输出。 在这种情况下,`cat` 会打印它从标准输入中读取的字符,echo 会添加回车符以便示例可读。 ## 为队列增加任务 {#filling-the-queue-with-tasks} -现在让我们给队列增加一些任务。在我们的示例中,任务是多个待打印的字符串。 +现在用一些模拟任务填充队列。在此示例中,任务是多个待打印的字符串。 实践中,消息的内容可以是: @@ -260,23 +285,37 @@ In a practice, the content of the messages might be: - 待渲染的场景的帧序列号 -本例中,如果有大量的数据需要被 Job 的所有 Pod 读取,典型的做法是把它们放在一个共享文件系统中, +如果有大量的数据需要被 Job 的所有 Pod 读取,典型的做法是把它们放在一个共享文件系统中, 如 NFS(Network File System 网络文件系统),并以只读的方式挂载到所有 Pod,或者 Pod 中的程序从类似 HDFS (Hadoop Distributed File System 分布式文件系统)的集群文件系统中读取。 -例如,我们创建队列并使用 amqp 命令行工具向队列中填充消息。实践中,你可以写个程序来利用 amqp 客户端库来填充这些队列。 +例如,你将创建队列并使用 AMQP 命令行工具向队列中填充消息。实践中,你可以写个程序来利用 AMQP 客户端库来填充这些队列。 + + +```shell +# 在你的计算机上运行此命令,而不是在 Pod 中 +/usr/bin/amqp-declare-queue --url=$BROKER_URL -q job1 -d +``` +``` +job1 +``` + +将这几项添加到队列中: ```shell -/usr/bin/amqp-declare-queue --url=$BROKER_URL -q job1 -d job1 for f in apple banana cherry date fig grape lemon melon do /usr/bin/amqp-publish --url=$BROKER_URL -r job1 -p -b $f @@ -284,23 +323,23 @@ done ``` -这样,我们给队列中填充了 8 个消息。 +你给队列中填充了 8 个消息。 -## 创建镜像 {#create-an-image} +## 创建容器镜像 {#create-a-container-image} -现在我们可以创建一个做为 Job 来运行的镜像。 +现在你可以创建一个做为 Job 来运行的镜像。 -我们将用 `amqp-consume` 实用程序从队列中读取消息并运行实际的程序。 +这个 Job 将用 `amqp-consume` 实用程序从队列中读取消息并进行实际工作。 这里给出一个非常简单的示例程序: {{% code_sample language="python" file="application/job/rabbitmq/worker.py" %}} @@ -316,16 +355,13 @@ chmod +x worker.py -现在,编译镜像。如果你在用源代码树,那么切换到目录 `examples/job/work-queue-1`。 -否则的话,创建一个临时目录,切换到这个目录。下载 +现在,编译镜像。创建一个临时目录,切换到这个目录。下载 [Dockerfile](/examples/application/job/rabbitmq/Dockerfile) 和 [worker.py](/examples/application/job/rabbitmq/worker.py)。 无论哪种情况,都可以用下面的命令编译镜像: @@ -348,49 +384,48 @@ docker push /job-wq-1 ``` -如果你在用[谷歌容器仓库](https://cloud.google.com/tools/container-registry/), -用你的项目 ID 作为标签打到你的应用镜像上,然后推送到 GCR。 -用你的项目 ID 替换 ``。 - -```shell -docker tag job-wq-1 gcr.io//job-wq-1 -gcloud docker -- push gcr.io//job-wq-1 -``` +如果你使用替代的镜像仓库,请标记该镜像并将其推送到那里。 ## 定义 Job {#defining-a-job} -这里给出一个 Job 定义 YAML 文件。你将需要拷贝一份 Job 并编辑该镜像以匹配你使用的名称,保存为 `./job.yaml`。 +这里给出一个 Job 的清单。你需要复制一份 Job 清单的副本(将其命名为 `./job.yaml`), +并编辑容器镜像的名称以匹配使用的名称。 {{% code_sample file="application/job/rabbitmq/job.yaml" %}} 本例中,每个 Pod 使用队列中的一个消息然后退出。 这样,Job 的完成计数就代表了完成的工作项的数量。 -本例中我们设置 `.spec.completions: 8`,因为我们放了 8 项内容在队列中。 +这就是示例清单将 `.spec.completions` 设置为 `8` 的原因。 ## 运行 Job {#running-the-job} -现在我们运行 Job: +运行 Job: + +# 这假设你已经下载并编辑了清单 ```shell kubectl apply -f ./job.yaml ``` @@ -422,14 +457,14 @@ Labels: controller-uid=41d75705-92df-11e7-b85e-fa163ee3c11f Annotations: Parallelism: 2 Completions: 8 -Start Time: Wed, 06 Sep 2017 16:42:02 +0800 +Start Time: Wed, 06 Sep 2022 16:42:02 +0000 Pods Statuses: 0 Running / 8 Succeeded / 0 Failed Pod Template: Labels: controller-uid=41d75705-92df-11e7-b85e-fa163ee3c11f job-name=job-wq-1 Containers: c: - Image: gcr.io/causal-jigsaw-637/job-wq-1 + Image: container-registry.example/causal-jigsaw-637/job-wq-1 Port: Environment: BROKER_URL: amqp://guest:guest@rabbitmq-service:5672 @@ -450,49 +485,51 @@ Events: ``` -该 Job 的所有 Pod 都已成功。耶! +该 Job 的所有 Pod 都已成功!你完成了。 ## 替代方案 {#alternatives} 本文所讲述的处理方法的好处是你不需要修改你的 "worker" 程序使其知道工作队列的存在。 +你可以将未修改的工作程序包含在容器镜像中。 -本文所描述的方法需要你运行一个消息队列服务。如果不方便运行消息队列服务, +使用此方法需要你运行消息队列服务。如果不方便运行消息队列服务, 你也许会考虑另外一种[任务模式](/zh-cn/docs/concepts/workloads/controllers/job/#job-patterns)。 本文所述的方法为每个工作项创建了一个 Pod。 如果你的工作项仅需数秒钟,为每个工作项创建 Pod 会增加很多的常规消耗。 -可以考虑另外的方案请参考[示例](/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue/), +考虑另一种设计,例如[精细并行工作队列示例](/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue/), 这种方案可以实现每个 Pod 执行多个工作项。 -示例中,我们使用 `amqp-consume` 从消息队列读取消息并执行我们真正的程序。 +示例中,你使用了 `amqp-consume` 从消息队列读取消息并执行真正的程序。 这样的好处是你不需要修改你的程序使其知道队列的存在。 要了解怎样使用客户端库和工作队列通信, -请参考[不同的示例](/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue/)。 +请参考[精细并行工作队列示例](/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue/)。 ## 友情提醒 {#caveats} @@ -517,7 +556,8 @@ in the queue have been processed. 如果设置的完成数量大于队列中的消息数量,当队列中所有的消息都处理完成后, Job 也会显示为未完成。Job 将创建 Pod 并阻塞等待消息输入。 +你需要建立自己的机制来发现何时有工作要做,并测量队列的大小,设置匹配的完成数量。 当发生下面两种情况时,即使队列中所有的消息都处理完了,Job 也不会显示为完成状态: -* 在 amqp-consume 命令拿到消息和容器成功退出之间的时间段内,执行杀死容器操作; -* 在 kubelet 向 api-server 传回 Pod 成功运行之前,发生节点崩溃。 +* 在 `amqp-consume` 命令拿到消息和容器成功退出之间的时间段内,执行杀死容器操作; +* 在 kubelet 向 API 服务器传回 Pod 成功运行之前,发生节点崩溃。 From a084e305a9d46f22a974280eecd3d231fc49f342 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Tue, 9 Jan 2024 22:09:40 +0800 Subject: [PATCH 171/279] improve format for contribute/docs.md pr-wranglers.md Signed-off-by: xin.li --- content/en/docs/contribute/docs.md | 37 ++++++++--- .../contribute/participate/pr-wranglers.md | 64 ++++++++++++++----- 2 files changed, 74 insertions(+), 27 deletions(-) diff --git a/content/en/docs/contribute/docs.md b/content/en/docs/contribute/docs.md index 1f29cd5e85a74..3e43be61925d7 100644 --- a/content/en/docs/contribute/docs.md +++ b/content/en/docs/contribute/docs.md @@ -37,7 +37,7 @@ pull request (PR) to the You need to be comfortable with [git](https://git-scm.com/) and [GitHub](https://skills.github.com/) -to work effectively in the Kubernetes community. +to work effectively in the Kubernetes community. To get involved with documentation: @@ -93,7 +93,10 @@ class first,second,third white {{}} Figure 1. Getting started for a new contributor. -Figure 1 outlines a roadmap for new contributors. You can follow some or all of the steps for `Sign up` and `Review`. Now you are ready to open PRs that achieve your contribution objectives with some listed under `Open PR`. Again, questions are always welcome! +Figure 1 outlines a roadmap for new contributors. You can follow some or all of +the steps for `Sign up` and `Review`. Now you are ready to open PRs that achieve +your contribution objectives with some listed under `Open PR`. Again, questions +are always welcome! Some tasks require more trust and more access in the Kubernetes organization. See [Participating in SIG Docs](/docs/contribute/participate/) for more details about @@ -101,7 +104,8 @@ roles and permissions. ## Your first contribution -You can prepare for your first contribution by reviewing several steps beforehand. Figure 2 outlines the steps and the details follow. +You can prepare for your first contribution by reviewing several steps beforehand. +Figure 2 outlines the steps and the details follow. @@ -149,7 +153,13 @@ Figure 2. Preparation for your first contribution. ## Getting help when contributing -Making your first contribution can be overwhelming. The [New Contributor Ambassadors](https://github.com/kubernetes/website#new-contributor-ambassadors) are there to walk you through making your first few contributions. You can reach out to them in the [Kubernetes Slack](https://slack.k8s.io/) preferably in the `#sig-docs` channel. There is also the [New Contributors Meet and Greet call](https://www.kubernetes.dev/resources/calendar/) that happens on the first Tuesday of every month. You can interact with the New Contributor Ambassadors and get your queries resolved here. +Making your first contribution can be overwhelming. The +[New Contributor Ambassadors](https://github.com/kubernetes/website#new-contributor-ambassadors) +are there to walk you through making your first few contributions. You can reach out to them in the +[Kubernetes Slack](https://slack.k8s.io/) preferably in the `#sig-docs` channel. There is also the +[New Contributors Meet and Greet call](https://www.kubernetes.dev/resources/calendar/) +that happens on the first Tuesday of every month. You can interact with the New Contributor Ambassadors +and get your queries resolved here. ## Next steps @@ -174,13 +184,20 @@ SIG Docs communicates with different methods: introduce yourself! - [Join the `kubernetes-sig-docs` mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs), where broader discussions take place and official decisions are recorded. -- Join the [SIG Docs video meeting](https://github.com/kubernetes/community/tree/master/sig-docs) held every two weeks. Meetings are always announced on `#sig-docs` and added to the [Kubernetes community meetings calendar](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles). You'll need to download the [Zoom client](https://zoom.us/download) or dial in using a phone. -- Join the SIG Docs async Slack standup meeting on those weeks when the in-person Zoom video meeting does not take place. Meetings are always announced on `#sig-docs`. You can contribute to any one of the threads up to 24 hours after meeting announcement. +- Join the [SIG Docs video meeting](https://github.com/kubernetes/community/tree/master/sig-docs) + held every two weeks. Meetings are always announced on `#sig-docs` and added to the + [Kubernetes community meetings calendar](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles). + You'll need to download the [Zoom client](https://zoom.us/download) or dial in using a phone. +- Join the SIG Docs async Slack standup meeting on those weeks when the in-person Zoom + video meeting does not take place. Meetings are always announced on `#sig-docs`. + You can contribute to any one of the threads up to 24 hours after meeting announcement. ## Other ways to contribute -- Visit the [Kubernetes community site](/community/). Participate on Twitter or Stack Overflow, learn about local Kubernetes meetups and events, and more. -- Read the [contributor cheatsheet](https://www.kubernetes.dev/docs/contributor-cheatsheet/) to get involved with Kubernetes feature development. -- Visit the contributor site to learn more about [Kubernetes Contributors](https://www.kubernetes.dev/) and [additional contributor resources](https://www.kubernetes.dev/resources/). +- Visit the [Kubernetes community site](/community/). Participate on Twitter or Stack Overflow, + learn about local Kubernetes meetups and events, and more. +- Read the [contributor cheatsheet](https://www.kubernetes.dev/docs/contributor-cheatsheet/) + to get involved with Kubernetes feature development. +- Visit the contributor site to learn more about [Kubernetes Contributors](https://www.kubernetes.dev/) + and [additional contributor resources](https://www.kubernetes.dev/resources/). - Submit a [blog post or case study](/docs/contribute/new-content/blogs-case-studies/). - diff --git a/content/en/docs/contribute/participate/pr-wranglers.md b/content/en/docs/contribute/participate/pr-wranglers.md index ee553c64d68c8..cc00de9ce10da 100644 --- a/content/en/docs/contribute/participate/pr-wranglers.md +++ b/content/en/docs/contribute/participate/pr-wranglers.md @@ -6,9 +6,12 @@ weight: 20 -SIG Docs [approvers](/docs/contribute/participate/roles-and-responsibilities/#approvers) take week-long shifts [managing pull requests](https://github.com/kubernetes/website/wiki/PR-Wranglers) for the repository. +SIG Docs [approvers](/docs/contribute/participate/roles-and-responsibilities/#approvers) +take week-long shifts [managing pull requests](https://github.com/kubernetes/website/wiki/PR-Wranglers) +for the repository. -This section covers the duties of a PR wrangler. For more information on giving good reviews, see [Reviewing changes](/docs/contribute/review/). +This section covers the duties of a PR wrangler. For more information on giving good reviews, +see [Reviewing changes](/docs/contribute/review/). @@ -16,17 +19,23 @@ This section covers the duties of a PR wrangler. For more information on giving Each day in a week-long shift as PR Wrangler: -- Triage and tag incoming issues daily. See [Triage and categorize issues](/docs/contribute/review/for-approvers/#triage-and-categorize-issues) for guidelines on how SIG Docs uses metadata. -- Review [open pull requests](https://github.com/kubernetes/website/pulls) for quality and adherence to the [Style](/docs/contribute/style/style-guide/) and [Content](/docs/contribute/style/content-guide/) guides. +- Triage and tag incoming issues daily. See + [Triage and categorize issues](/docs/contribute/review/for-approvers/#triage-and-categorize-issues) + for guidelines on how SIG Docs uses metadata. +- Review [open pull requests](https://github.com/kubernetes/website/pulls) for quality + and adherence to the [Style](/docs/contribute/style/style-guide/) and + [Content](/docs/contribute/style/content-guide/) guides. - Start with the smallest PRs (`size/XS`) first, and end with the largest (`size/XXL`). Review as many PRs as you can. - Make sure PR contributors sign the [CLA](https://github.com/kubernetes/community/blob/master/CLA.md). - - Use [this](https://github.com/zparnold/k8s-docs-pr-botherer) script to remind contributors that haven't signed the CLA to do so. + - Use [this](https://github.com/zparnold/k8s-docs-pr-botherer) script to remind contributors + that haven't signed the CLA to do so. - Provide feedback on changes and ask for technical reviews from members of other SIGs. - Provide inline suggestions on the PR for the proposed content changes. - If you need to verify content, comment on the PR and request more details. - Assign relevant `sig/` label(s). - If needed, assign reviewers from the `reviewers:` block in the file's front matter. - - You can also tag a [SIG](https://github.com/kubernetes/community/blob/master/sig-list.md) for a review by commenting `@kubernetes/-pr-reviews` on the PR. + - You can also tag a [SIG](https://github.com/kubernetes/community/blob/master/sig-list.md) + for a review by commenting `@kubernetes/-pr-reviews` on the PR. - Use the `/approve` comment to approve a PR for merging. Merge the PR when ready. - PRs should have a `/lgtm` comment from another member before merging. - Consider accepting technically accurate content that doesn't meet the @@ -48,11 +57,19 @@ These queries exclude localization PRs. All queries are against the main branch the PR and remind them that they can open it after signing the CLA. **Do not review PRs whose authors have not signed the CLA!** - [Needs LGTM](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+-label%3A%22cncf-cla%3A+no%22+-label%3Ado-not-merge%2Fwork-in-progress+-label%3Ado-not-merge%2Fhold+label%3Alanguage%2Fen+-label%3Algtm): - Lists PRs that need an LGTM from a member. If the PR needs technical review, loop in one of the reviewers suggested by the bot. If the content needs work, add suggestions and feedback in-line. + Lists PRs that need an LGTM from a member. If the PR needs technical review, + loop in one of the reviewers suggested by the bot. If the content needs work, + add suggestions and feedback in-line. - [Has LGTM, needs docs approval](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+-label%3Ado-not-merge%2Fwork-in-progress+-label%3Ado-not-merge%2Fhold+label%3Alanguage%2Fen+label%3Algtm+): Lists PRs that need an `/approve` comment to merge. -- [Quick Wins](https://github.com/kubernetes/website/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aopen+base%3Amain+-label%3A%22do-not-merge%2Fwork-in-progress%22+-label%3A%22do-not-merge%2Fhold%22+label%3A%22cncf-cla%3A+yes%22+label%3A%22size%2FXS%22+label%3A%22language%2Fen%22): Lists PRs against the main branch with no clear blockers. (change "XS" in the size label as you work through the PRs [XS, S, M, L, XL, XXL]). -- [Not against the primary branch](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+label%3Alanguage%2Fen+-base%3Amain): If the PR is against a `dev-` branch, it's for an upcoming release. Assign the [docs release manager](https://github.com/kubernetes/sig-release/tree/master/release-team#kubernetes-release-team-roles) using: `/assign @`. If the PR is against an old branch, help the author figure out whether it's targeted against the best branch. +- [Quick Wins](https://github.com/kubernetes/website/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aopen+base%3Amain+-label%3A%22do-not-merge%2Fwork-in-progress%22+-label%3A%22do-not-merge%2Fhold%22+label%3A%22cncf-cla%3A+yes%22+label%3A%22size%2FXS%22+label%3A%22language%2Fen%22): + Lists PRs against the main branch with no clear blockers. + (change "XS" in the size label as you work through the PRs [XS, S, M, L, XL, XXL]). +- [Not against the primary branch](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+label%3Alanguage%2Fen+-base%3Amain): + If the PR is against a `dev-` branch, it's for an upcoming release. Assign the + [docs release manager](https://github.com/kubernetes/sig-release/tree/master/release-team#kubernetes-release-team-roles) + using: `/assign @`. If the PR is against an old branch, + help the author figure out whether it's targeted against the best branch. ### Helpful Prow commands for wranglers @@ -74,30 +91,43 @@ Reviews and approvals are one tool to keep our PR queue short and current. Anoth Close PRs where: - The author hasn't signed the CLA for two weeks. - Authors can reopen the PR after signing the CLA. This is a low-risk way to make sure nothing gets merged without a signed CLA. + Authors can reopen the PR after signing the CLA. This is a low-risk way to make + sure nothing gets merged without a signed CLA. - The author has not responded to comments or feedback in 2 or more weeks. -Don't be afraid to close pull requests. Contributors can easily reopen and resume works in progress. Often a closure notice is what spurs an author to resume and finish their contribution. +Don't be afraid to close pull requests. Contributors can easily reopen and resume works in progress. +Often a closure notice is what spurs an author to resume and finish their contribution. To close a pull request, leave a `/close` comment on the PR. {{< note >}} -The [`k8s-triage-robot`](https://github.com/k8s-triage-robot) bot marks issues as stale after 90 days of inactivity. After 30 more days it marks issues as rotten and closes them. PR wranglers should close issues after 14-30 days of inactivity. +The [`k8s-triage-robot`](https://github.com/k8s-triage-robot) bot marks issues +as stale after 90 days of inactivity. After 30 more days it marks issues as rotten +and closes them. PR wranglers should close issues after 14-30 days of inactivity. {{< /note >}} ## PR Wrangler shadow program -In late 2021, SIG Docs introduced the PR Wrangler Shadow Program. The program was introduced to help new contributors understand the PR wrangling process. +In late 2021, SIG Docs introduced the PR Wrangler Shadow Program. +The program was introduced to help new contributors understand the PR wrangling process. ### Become a shadow -- If you are interested in shadowing as a PR wrangler, please visit the [PR Wranglers Wiki page](https://github.com/kubernetes/website/wiki/PR-Wranglers) to see the PR wrangling schedule for this year and sign up. +- If you are interested in shadowing as a PR wrangler, please visit the + [PR Wranglers Wiki page](https://github.com/kubernetes/website/wiki/PR-Wranglers) + to see the PR wrangling schedule for this year and sign up. -- Kubernetes org members can edit the [PR Wranglers Wiki page](https://github.com/kubernetes/website/wiki/PR-Wranglers) and sign up to shadow an existing PR Wrangler for a week. +- Kubernetes org members can edit the + [PR Wranglers Wiki page](https://github.com/kubernetes/website/wiki/PR-Wranglers) + and sign up to shadow an existing PR Wrangler for a week. -- Others can reach out on the [#sig-docs Slack channel](https://kubernetes.slack.com/messages/sig-docs) for requesting to shadow an assigned PR Wrangler for a specific week. Feel free to reach out to Brad Topol (`@bradtopol`) or one of the [SIG Docs co-chairs/leads](https://github.com/kubernetes/community/tree/master/sig-docs#leadership). +- Others can reach out on the [#sig-docs Slack channel](https://kubernetes.slack.com/messages/sig-docs) + for requesting to shadow an assigned PR Wrangler for a specific week. Feel free to reach out to + Brad Topol (`@bradtopol`) or one of the + [SIG Docs co-chairs/leads](https://github.com/kubernetes/community/tree/master/sig-docs#leadership). -- Once you've signed up to shadow a PR Wrangler, introduce yourself to the PR Wrangler on the [Kubernetes Slack](https://slack.k8s.io). +- Once you've signed up to shadow a PR Wrangler, introduce yourself to the PR Wrangler on the + [Kubernetes Slack](https://slack.k8s.io). From bc63a98e2dd4b6879ba7caa7089842e3f587261b Mon Sep 17 00:00:00 2001 From: Joe Betz Date: Tue, 9 Jan 2024 07:44:07 -0800 Subject: [PATCH 172/279] Document CEL option, library and language feature availability by version (#42695) * Document CEL option, library and language feature availability by version * Update content/en/docs/reference/using-api/cel.md Co-authored-by: Tim Bannister * Apply feedback * Feedback applied * noop commit to trigger build --------- Co-authored-by: Tim Bannister --- content/en/docs/reference/using-api/cel.md | 40 ++++++++++++++++++---- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/content/en/docs/reference/using-api/cel.md b/content/en/docs/reference/using-api/cel.md index 694bce6b33e9c..5c94a0cf952cc 100644 --- a/content/en/docs/reference/using-api/cel.md +++ b/content/en/docs/reference/using-api/cel.md @@ -61,13 +61,38 @@ Example CEL expressions: | `self.names.size() == self.details.size() && self.names.all(n, n in self.details)` | Validate the 'details' map is keyed by the items in the 'names' listSet | {{< /table >}} -## CEL community libraries - -Kubernetes CEL expressions have access to the following CEL community libraries: - -- CEL standard functions, defined in the [list of standard definitions](https://github.com/google/cel-spec/blob/master/doc/langdef.md#list-of-standard-definitions) -- CEL standard [macros](https://github.com/google/cel-spec/blob/v0.7.0/doc/langdef.md#macros) -- CEL [extended string function library](https://pkg.go.dev/github.com/google/cel-go/ext#Strings) +## CEL options, language features, and libraries + +CEL is configured with the following options, libraries and language features, introduced at the specified Kubernetes versions: + +| CEL option, library or language feature | Included | Availablity | +| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | -------------------------- | +| [Standard macros](stdmacros) | `has`, `all`, `exists`, `exists_one`, `map`, `filter` | All Kubernetes versions | +| [Standard functions](stdlib) | See [official list of standard definitions](stdlib) | All Kubernetes versions | +| [Homogeneous Aggregate Literals](opt1) | | All Kubernetes versions | +| [Default UTC Time Zone](opt2) | | All Kubernetes versions | +| [Eagerly Validate Declarations](opt3) | | All Kubernetes versions | +| [extended strings library](stringsgodoc), Version 1 | `charAt`, `indexOf`, `lastIndexOf`, `lowerAscii`, `upperAscii`, `replace`, `split`, `join`, `substring`, `trim` | All Kubernetes versions | +| Kubernetes list library | See [Kubernetes list library](#kubernetes-list-library) | All Kubernetes versions | +| Kubernetes regex library | See [Kubernetes regex library](#kubernetes-regex-library) | All Kubernetes versions | +| Kubernetes URL library | See [Kubernetes URL library](#kubernetes-url-library) | All Kubernetes versions | +| Kubernetes authorizer library | See [Kubernetes authorizer library](#kubernetes-authorizer-library) | All Kubernetes versions | + +[stdmacros]: https://github.com/google/cel-spec/blob/v0.7.0/doc/langdef.md#macros +[stdlib]: https://github.com/google/cel-spec/blob/master/doc/langdef.md#list-of-standard-definitions +[stringsgodoc]: https://pkg.go.dev/github.com/google/cel-go/ext#Strings +[opt1]: https://pkg.go.dev/github.com/google/cel-go@v0.17.4/cel#HomogeneousAggregateLiterals +[opt2]: https://pkg.go.dev/github.com/google/cel-go@v0.17.4/cel#DefaultUTCTimeZone +[opt3]: https://pkg.go.dev/github.com/google/cel-go@v0.17.4/cel#EagerlyValidateDeclarations +[opt4]: https://pkg.go.dev/github.com/google/cel-go@v0.17.4/cel#OptionalTypes +[opt5]: https://pkg.go.dev/github.com/google/cel-go@v0.17.4/cel#CrossTypeNumericComparisons + +CEL functions, features and language settings support Kubernetes control plane +rollbacks. For example, _CEL Optional Values_ was introduced at Kubernetes 1.29 +and so only API servers at that version or newer will accept write requests to +CEL expressions that use _CEL Optional Values_. However, when a cluster is +rolled back to Kubernetes 1.28 CEL expressions using "CEL Optional Values" that +are already stored in API resources will continue to evaluate correctly. ## Kubernetes CEL libraries @@ -336,3 +361,4 @@ API resources by rejecting create or update operations containing the CEL expression to the API resources. This feature offers a stronger assurance that CEL expressions written to the API resource will be evaluate at runtime without exceeding the runtime cost budget. + From 8106c6e092487c1359c62f386dc479cac4bd522d Mon Sep 17 00:00:00 2001 From: John Huang <616672335@qq.com> Date: Wed, 10 Jan 2024 01:07:50 +0800 Subject: [PATCH 173/279] Add notes on kubeadm clusters version (#44683) * Add notes on kubeadm clusters version Update content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md Co-authored-by: Dipesh Rawat move into additional information * Update content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md Co-authored-by: Tim Bannister --------- Co-authored-by: Tim Bannister --- .../docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md index 12e7298a30ad9..09f43dd6341dc 100644 --- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md +++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md @@ -42,6 +42,10 @@ The upgrade workflow at high level is the following: first drain the node (or nodes) that you are upgrading. In the case of control plane nodes, they could be running CoreDNS Pods or other critical workloads. For more information see [Draining nodes](/docs/tasks/administer-cluster/safely-drain-node/). +- The Kubernetes project recommends that you match your kubelet and kubeadm versions. + You can instead use an a version of kubelet that is older than kubeadm, provided it is within the + range of supported versions. + For more details, please visit [kubeadm's skew against the kubelet](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#kubeadm-s-skew-against-the-kubelet). - All containers are restarted after upgrade, because the container spec hash value is changed. - To verify that the kubelet service has successfully restarted after the kubelet has been upgraded, you can execute `systemctl status kubelet` or view the service logs with `journalctl -xeu kubelet`. From c7554e7589301ef1728a13a859077509f604dbe3 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Wed, 10 Jan 2024 09:16:47 +0800 Subject: [PATCH 174/279] [zh] Sync participate/pr-wranglers.md --- .../contribute/participate/pr-wranglers.md | 119 ++++++++++++------ 1 file changed, 81 insertions(+), 38 deletions(-) diff --git a/content/zh-cn/docs/contribute/participate/pr-wranglers.md b/content/zh-cn/docs/contribute/participate/pr-wranglers.md index 9ec889d8cdaab..09dfd1f4e7487 100644 --- a/content/zh-cn/docs/contribute/participate/pr-wranglers.md +++ b/content/zh-cn/docs/contribute/participate/pr-wranglers.md @@ -11,53 +11,62 @@ weight: 20 -SIG Docs 的[批准人(Approvers)](/zh-cn/docs/contribute/participate/roles-and-responsibilities/#approvers)们每周轮流负责 +SIG Docs 的[批准人(Approver)](/zh-cn/docs/contribute/participate/roles-and-responsibilities/#approvers)们每周轮流负责 [管理仓库的 PR](https://github.com/kubernetes/website/wiki/PR-Wranglers)。 本节介绍 PR 管理者的职责。关于如何提供较好的评审意见, 可参阅[评审变更](/zh-cn/docs/contribute/review/)。 - ## 职责 {#duties} + 在为期一周的轮值期内,PR 管理者要: -- 每天对新增的 Issues 判定和打标签。参见 - [对 Issues 进行判定和分类](/zh-cn/docs/contribute/review/for-approvers/#triage-and-categorize-issues) +- 每天对新增的 Issue 判定和打标签。参见 + [对 Issue 进行判定和分类](/zh-cn/docs/contribute/review/for-approvers/#triage-and-categorize-issues) 以了解 SIG Docs 如何使用元数据的详细信息。 -- 检查[悬决的 PR](https://github.com/kubernetes/website/pulls) 的质量并确保它们符合 - [样式指南](/zh-cn/docs/contribute/style/style-guide/)和 +- 检查[悬决的 PR](https://github.com/kubernetes/website/pulls) + 的质量并确保它们符合[样式指南](/zh-cn/docs/contribute/style/style-guide/)和 [内容指南](/zh-cn/docs/contribute/style/content-guide/)要求。 - 首先查看最小的 PR(`size/XS`),然后逐渐扩展到最大的 PR(`size/XXL`),尽可能多地评审 PR。 -- 确保贡献者完成 [CLA](https://github.com/kubernetes/community/blob/master/CLA.md) 签署。 +- 确保贡献者签署 [CLA](https://github.com/kubernetes/community/blob/master/CLA.md)。 - 使用[此脚本](https://github.com/zparnold/k8s-docs-pr-botherer)自动提醒尚未签署 CLA 的贡献者签署 CLA。 -- 针对提供提供反馈,请求其他 SIG 的成员进行技术审核。 +- 针对变更提供反馈,请求其他 SIG 的成员进行技术审核。 - 为 PR 所建议的内容更改提供就地反馈。 - 如果你需要验证内容,请在 PR 上发表评论并要求贡献者提供更多细节。 - 设置相关的 `sig/` 标签。 @@ -76,8 +85,8 @@ Each day in a week-long shift as PR Wrangler: --> - 使用 `/approve` 评论来批准可以合并的 PR,在 PR 就绪时将其合并。 - PR 在被合并之前,应该有来自其他成员的 `/lgtm` 评论。 - - 可以考虑接受那些技术上准确,但文风上不满足 - [风格指南](/zh-cn/docs/contribute/style/style-guide/)要求的 PR。 + - 可以考虑接受那些技术上准确、 + 但文风上不满足[风格指南](/zh-cn/docs/contribute/style/style-guide/)要求的 PR。 批准变更时,可以登记一个新的 Issue 来解决文档风格问题。 你通常可以将这些风格修复问题标记为 `good first issue`。 - 将风格修复事项标记为 `good first issue` 可以很好地确保向新加入的贡献者分派一些比较简单的任务, @@ -90,9 +99,9 @@ The following queries are helpful when wrangling. After working through these queries, the remaining list of PRs to review is usually small. These queries exclude localization PRs. All queries are against the main branch except the last one. --> -### 对管理者有用的 GitHub 查询 +### 对管理者有用的 GitHub 查询 {#helpful-github-queries-for-wranglers} -执行管理操作时,以下查询很有用。完成以下这些查询后,剩余的要审阅的 PR 列表通常很小。 +执行管理操作时,以下查询很有用。完成以下这些查询后,剩余的要评审的 PR 列表通常很小。 这些查询都不包含本地化的 PR,并仅包含主分支上的 PR(除了最后一个查询)。 - [未签署 CLA,不可合并的 PR](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+label%3A%22cncf-cla%3A+no%22+-label%3A%22do-not-merge%2Fwork-in-progress%22+-label%3A%22do-not-merge%2Fhold%22+label%3Alanguage%2Fen): - 提醒贡献者签署 CLA。如果机器人和审阅者都已经提醒他们,请关闭 PR,并提醒他们在签署 CLA 后可以重新提交。 + 提醒贡献者签署 CLA。如果机器人和评审者都已经提醒他们,请关闭 PR,并提醒他们在签署 CLA 后可以重新提交。 - **在作者没有签署 CLA 之前,不要审阅他们的 PR!** + **在作者没有签署 CLA 之前,不要评审他们的 PR!** - [需要 LGTM](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+-label%3A%22cncf-cla%3A+no%22+-label%3Ado-not-merge%2Fwork-in-progress+-label%3Ado-not-merge%2Fhold+label%3Alanguage%2Fen+-label%3Algtm): 列举需要来自成员的 LGTM 评论的 PR。 - 如果需要技术审查,请告知机器人所建议的审阅者。 + 如果需要技术审查,请告知机器人所建议的评审者。 如果 PR 继续改进,就地提供更改建议或反馈。 - [已有 LGTM标签,需要 Docs 团队批准](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+-label%3Ado-not-merge%2Fwork-in-progress+-label%3Ado-not-merge%2Fhold+label%3Alanguage%2Fen+label%3Algtm+): @@ -132,6 +149,17 @@ These queries exclude localization PRs. All queries are against the main branch ### 对管理者有用的 Prow 命令 {#helpful-prow-commands-for-wranglers} @@ -154,11 +182,13 @@ Reviews and approvals are one tool to keep our PR queue short and current. Anoth Close PRs where: - The author hasn't signed the CLA for two weeks. - Authors can reopen the PR after signing the CLA. This is a low-risk way to make sure nothing gets merged without a signed CLA. + Authors can reopen the PR after signing the CLA. This is a low-risk way to make + sure nothing gets merged without a signed CLA. - The author has not responded to comments or feedback in 2 or more weeks. -Don't be afraid to close pull requests. Contributors can easily reopen and resume works in progress. Often a closure notice is what spurs an author to resume and finish their contribution. +Don't be afraid to close pull requests. Contributors can easily reopen and resume works in progress. +Often a closure notice is what spurs an author to resume and finish their contribution. To close a pull request, leave a `/close` comment on the PR. --> @@ -178,10 +208,12 @@ To close a pull request, leave a `/close` comment on the PR. 要关闭 PR,请在 PR 上输入 `/close` 评论。 +{{< note >}} -{{< note >}} 一个名为 [`k8s-ci-robot`](https://github.com/k8s-ci-robot) 的自动服务会在 Issue 停滞 90 天后自动将其标记为过期;然后再等 30 天,如果仍然无人过问,则将其关闭。 PR 管理者应该在 issues 处于无人过问状态 14-30 天后关闭它们。 @@ -190,9 +222,10 @@ PR 管理者应该在 issues 处于无人过问状态 14-30 天后关闭它们 -## PR 管理者影子计划 +## PR 管理者影子计划 {#pr-wrangler-shadow-program} 2021 下半年,SIG Docs 推出了 PR 管理者影子计划(PR Wrangler Shadow Program)。 该计划旨在帮助新的贡献者们了解 PR 管理流程。 @@ -200,23 +233,33 @@ In late 2021, SIG Docs introduced the PR Wrangler Shadow Program. The program wa -### 成为一名影子 +### 成为一名影子 {#become-a-shadow} -- 如果你有兴趣成为一名 PR 管理者的影子,请访问 [PR 管理者维基页面](https://github.com/kubernetes/website/wiki/PR-Wranglers)查看今年的 +- 如果你有兴趣成为一名 PR 管理者的影子,请访问 + [PR 管理者维基页面](https://github.com/kubernetes/website/wiki/PR-Wranglers)查看今年的 PR 管理轮值表,然后注册报名。 -- Kubernetes 组织成员可以编辑 [PR 管理者维基页面](https://github.com/kubernetes/website/wiki/PR-Wranglers), +- Kubernetes 组织成员可以编辑 + [PR 管理者维基页面](https://github.com/kubernetes/website/wiki/PR-Wranglers), 注册成为一名现有 PR 管理者一周内的影子。 -- 其他人可以通过 [#sig-docs Slack 频道](https://kubernetes.slack.com/messages/sig-docs)申请成为指定 +- 其他人可以通过 [#sig-docs Slack 频道](https://kubernetes.slack.com/messages/sig-docs)申请成为指定 PR 管理者某一周的影子。可以随时咨询 (`@bradtopol`) 或某一位 [SIG Docs 联席主席/主管](https://github.com/kubernetes/community/tree/master/sig-docs#leadership)。 From 4f4519d245e0018b3fa3c818adeae07844bec3fe Mon Sep 17 00:00:00 2001 From: John Gaughan <75457317+john-gaughan@users.noreply.github.com> Date: Tue, 9 Jan 2024 17:41:52 -0800 Subject: [PATCH 175/279] Clarify explanation of rolling updates I was tripped up while reading the paragraph that explains what a rolling update is and how it works. This commit makes some small phrasing and grammatical changes to make the explanation easier to read. Importantly, it replaces the word "updates" with "replaces", since rolling updates create *new* pods which replace the old ones, rather than updating the current pods. --- .../docs/tutorials/kubernetes-basics/update/update-intro.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html b/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html index 6b7993190d326..b0f7c94fdced4 100644 --- a/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html @@ -27,7 +27,7 @@

    Objectives

    Updating an application

    -

    Users expect applications to be available all the time and developers are expected to deploy new versions of them several times a day. In Kubernetes this is done with rolling updates. Rolling updates allow Deployments' update to take place with zero downtime by incrementally updating Pods instances with new ones. The new Pods will be scheduled on Nodes with available resources.

    +

    Users expect applications to be available all the time, and developers are expected to deploy new versions of them several times a day. In Kubernetes this is done with rolling updates. A rolling update allows a Deployment update to take place with zero downtime. It does this by incrementally replacing the current Pods with new ones. The new Pods are scheduled on Nodes with available resources.

    In the previous module we scaled our application to run multiple instances. This is a requirement for performing updates without affecting application availability. By default, the maximum number of Pods that can be unavailable during the update and the maximum number of new Pods that can be created, is one. Both options can be configured to either numbers or percentages (of Pods). In Kubernetes, updates are versioned and any Deployment update can be reverted to a previous (stable) version.

    From e2466ace15208df1916f2e45d5a3b4a5fb0ffbdc Mon Sep 17 00:00:00 2001 From: Jongwoo Han Date: Tue, 9 Jan 2024 00:31:38 +0900 Subject: [PATCH 176/279] [zh] Fix typo in the number of types of hook handlers for Containers Signed-off-by: Jongwoo Han --- .../containers/container-lifecycle-hooks.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/content/zh-cn/docs/concepts/containers/container-lifecycle-hooks.md b/content/zh-cn/docs/concepts/containers/container-lifecycle-hooks.md index d0524bd6d1e53..0fa1872770e03 100644 --- a/content/zh-cn/docs/concepts/containers/container-lifecycle-hooks.md +++ b/content/zh-cn/docs/concepts/containers/container-lifecycle-hooks.md @@ -86,34 +86,40 @@ A more detailed description of the termination behavior can be found in ### Hook handler implementations Containers can access a hook by implementing and registering a handler for that hook. -There are two types of hook handlers that can be implemented for Containers: +There are three types of hook handlers that can be implemented for Containers: --> ### 回调处理程序的实现 容器可以通过实现和注册该回调的处理程序来访问该回调。 -针对容器,有两种类型的回调处理程序可供实现: +针对容器,有三种类型的回调处理程序可供实现: * Exec - 在容器的 cgroups 和名字空间中执行特定的命令(例如 `pre-stop.sh`)。 命令所消耗的资源计入容器的资源消耗。 * HTTP - 对容器上的特定端点执行 HTTP 请求。 +* Sleep - 将容器暂停一段指定的时间。 + 当[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/) `PodLifecycleSleepAction` 被启用时, + “Sleep” 操作才可用。 ### 回调处理程序执行 当调用容器生命周期管理回调时,Kubernetes 管理系统根据回调动作执行其处理程序, -`httpGet` 和 `tcpSocket` 在 kubelet 进程执行,而 `exec` 则由容器内执行。 +`httpGet`、`tcpSocket` 和 `sleep` 由 kubelet 进程执行,而 `exec` 在容器中执行。 + + +本网站由 [Kubernetes SIG Docs](/zh-cn/docs/contribute/#get-involved-with-SIG-Docs)(文档特别兴趣小组)维护。 +Kubernetes 项目欢迎所有贡献者(无论是新手还是经验丰富的贡献者)提供帮助! + +Kubernetes 文档项目的贡献者: + +- 改进现有内容 +- 创建新内容 +- 翻译文档 +- 管理并发布 Kubernetes 周期性发行版的文档 + +--- + +{{< note >}} + +要了解有关为 Kubernetes 做出贡献的更多信息, +请参阅[贡献者文档](https://www.kubernetes.dev/docs/)。 +{{< /note >}} + + + + +## 入门 {#getting-started} + +任何人都可以提出文档方面的问题(issue),或贡献一个变更,用拉取请求(PR)的方式提交到 +[GitHub 上的 `kubernetes/website` 仓库](https://github.com/kubernetes/website)。 +当然你需要熟练使用 [git](https://git-scm.com/) 和 [GitHub](https://lab.github.com/) +才能在 Kubernetes 社区中有效工作。 + + +如何参与文档编制: + +1. 签署 CNCF 的[贡献者许可协议](https://github.com/kubernetes/community/blob/master/CLA.md)。 +2. 熟悉[文档仓库](https://github.com/kubernetes/website)和网站的[静态站点生成器](https://gohugo.io)。 +3. 确保理解[发起 PR](/zh-cn/docs/contribute/new-content/open-a-pr/) + 和[审查变更](/zh-cn/docs/contribute/review/reviewing-prs/)的基本流程。 + + + + +{{< mermaid >}} +flowchart TB +subgraph third[发起 PR] +direction TB +U[ ] -.- +Q[改进现有内容] --- N[创建新内容] +N --- O[翻译文档] +O --- P[管理并发布 K8s
    周期性发行版的文档] + +end + +subgraph second[评审] +direction TB + T[ ] -.- + D[仔细查看
    kubernetes/website
    仓库] --- E[下载安装 Hugo
    静态站点
    生成器] + E --- F[了解基本的
    GitHub 命令] + F --- G[评审待处理的 PR
    并遵从变更审查
    流程] +end + +subgraph first[注册] + direction TB + S[ ] -.- + B[签署 CNCF
    贡献者
    许可协议] --- C[加入 sig-docs
    Slack 频道] + C --- V[加入 kubernetes-sig-docs
    邮件列表] + V --- M[参加每周的
    sig-docs 电话会议
    或 slack 会议] +end + +A([fa:fa-user 新的
    贡献者]) --> first +A --> second +A --> third +A --> H[提出问题!!!] + + +classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; +classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold +classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 +class A,B,C,D,E,F,G,H,M,Q,N,O,P,V grey +class S,T,U spacewhite +class first,second,third white +{{}} + + +图 1. 新手入门指示。 + +图 1 概述了新贡献者的路线图。 +你可以遵从“注册”和“评审”所述的某些或全部步骤。 +至此,你完成了发起 PR 的准备工作, +可以通过“发起 PR” 列出的事项实现你的贡献目标。 +再次重申,欢迎随时提出问题! + + +有些任务要求 Kubernetes 组织内更高的信任级别和访问权限。 +阅读[参与 SIG Docs 工作](/zh-cn/docs/contribute/participate/),获取角色和权限的更多细节。 + + +## 第一次贡献 {#your-first-contribution} + +你可以提前查阅几个步骤,来准备你的第一次贡献。 +图 2 概述了后续的步骤和细节。 + + + + +{{< mermaid >}} +flowchart LR + subgraph second[第一次贡献] + direction TB + S[ ] -.- + G[查阅其他 K8s
    成员发起的 PR] --> + A[检索 kubernetes/website
    问题列表是否有
    good first 一类的 PR] --> B[发起一个 PR!!] + end + subgraph first[建议的准备工作] + direction TB + T[ ] -.- + D[阅读贡献概述] -->E[阅读 K8s 内容
    和风格指南] + E --> F[了解 Hugo 页面
    内容类型
    和短代码] + end + + + first ----> second + + +classDef grey fill:#dddddd,stroke:#ffffff,stroke-width:px,color:#000000, font-size:15px; +classDef white fill:#ffffff,stroke:#000,stroke-width:px,color:#000,font-weight:bold +classDef spacewhite fill:#ffffff,stroke:#fff,stroke-width:0px,color:#000 +class A,B,D,E,F,G grey +class S,T spacewhite +class first,second white +{{}} + + +图 2. 第一次贡献的准备工作。 + + +- 通读[贡献概述](/zh-cn/docs/contribute/new-content/),了解参与贡献的不同方式。 +- 查看 [`kubernetes/website` 问题列表](https://github.com/kubernetes/website/issues/), + 检索最适合作为切入点的问题。 +- 在现有文档上,[使用 GitHub 提交 PR](/zh-cn/docs/contribute/new-content/open-a-pr/#changes-using-github), + 掌握在 GitHub 上登记 Issue 的方法。 +- Kubernetes 社区其他成员会[评审 PR](/zh-cn/docs/contribute/review/reviewing-prs/), + 以确保文档精准和语言流畅。 +- 阅读 kubernetes 的[内容指南](/zh-cn/docs/contribute/style/content-guide/)和 + [风格指南](/zh-cn/docs/contribute/style/style-guide/),以发表有见地的评论。 +- 了解[页面内容类型](/zh-cn/docs/contribute/style/page-content-types/)和 + [Hugo 短代码](/zh-cn/docs/contribute/style/hugo-shortcodes/)。 + + +## 贡献时获取帮助 + +做出第一个贡献可能会让人感觉比较困难。 +[新贡献者大使](https://github.com/kubernetes/website#new-contributor-ambassadors) +将引导你完成最初的一些贡献。你可以在 [Kubernetes Slack](https://slack.k8s.io/) +中联系他们,最好是在 `#sig-docs` 频道中。还有每月第一个星期二举行的 +[新贡献者见面会](https://www.kubernetes.dev/resources/calendar/), +你可以在此处与新贡献者大使互动并解决你的疑问。 + + +## 下一步 {#next-teps} + +- 学习在仓库的[本地克隆中工作](/zh-cn/docs/contribute/new-content/open-a-pr/#fork-the-repo)。 +- 为[发行版的特性](/zh-cn/docs/contribute/new-content/new-features/)编写文档。 +- 加入 [SIG Docs](/zh-cn/docs/contribute/participate/), + 并成为[成员或评审者](/zh-cn/docs/contribute/participate/roles-and-responsibilities/)。 +- 开始或帮助[本地化](/zh-cn/docs/contribute/localization/)工作。 + + +## 参与 SIG Docs 工作 {#get-involved-with-SIG-Docs} + +[SIG Docs](/zh-cn/docs/contribute/participate/) 是负责发布、维护 Kubernetes 文档的贡献者团体。 +参与 SIG Docs 是 Kubernetes 贡献者(开发者和其他人员)对 Kubernetes 项目产生重大影响力的好方式。 + +SIG Docs 的几种沟通方式: + + +- [加入 Kubernetes 在 Slack 上的 `#sig-docs` 频道](https://slack.k8s.io/)。 + 一定记得自我介绍! +- [加入 `kubernetes-sig-docs` 邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-docs), + 这里有更广泛的讨论,和官方决策的记录。 +- 参加每两周召开一次的 [SIG Docs 视频会议](https://github.com/kubernetes/community/tree/master/sig-docs)。 + 会议总是在 `#sig-docs` 上发出公告,同时添加到 + [Kubernetes 社区会议日历](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles)。 + 你需要下载 [Zoom 客户端软件](https://zoom.us/download),或电话拨号接入。 +- 如果有几周未召开实况 Zoom 视频会议,请参加 SIG Docs 异步 Slack 站会。 + 会议总是在 `#sig-docs` 上发出公告。 + 你可以在会议公告后 24 小时内为其中任一议题做贡献。 + + +## 其他贡献方式 {#other-ways-to-contribute} + +- 访问 [Kubernetes 社区网站](/zh-cn/community/)。 + 参与 Twitter 或 Stack Overflow,了解当地的 Kubernetes 会议和活动等等。 +- 阅读[贡献者备忘单](https://github.com/kubernetes/community/tree/master/contributors/guide/contributor-cheatsheet), + 参与 Kubernetes 功能开发。 +- 访问贡献者网站,进一步了解有关 [Kubernetes 贡献者](https://www.kubernetes.dev/) + 和[更多贡献者资源](https://www.kubernetes.dev/resources/)的信息。 +- 提交一篇[博客文章或案例研究](/zh-cn/docs/contribute/new-content/blogs-case-studies/)。 From 934896af12b9f5772866004dbe5446aab3eb3f13 Mon Sep 17 00:00:00 2001 From: sgoldin Date: Wed, 10 Jan 2024 09:24:19 -0800 Subject: [PATCH 178/279] fix: clarify day of the week in cron job documentation The cron scheduling syntax documentation was copied from somewhere else, and included an optional part of the spec (sundays can be referenced as 0 or 7) that is not implemented by kubernetes. This is unnecessarily confusing. --- content/en/docs/concepts/workloads/controllers/cron-jobs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/workloads/controllers/cron-jobs.md b/content/en/docs/concepts/workloads/controllers/cron-jobs.md index d2ce56bece06e..46cf2484a535e 100644 --- a/content/en/docs/concepts/workloads/controllers/cron-jobs.md +++ b/content/en/docs/concepts/workloads/controllers/cron-jobs.md @@ -55,9 +55,9 @@ The `.spec.schedule` field is required. The value of that field follows the [Cro # │ ┌───────────── hour (0 - 23) # │ │ ┌───────────── day of the month (1 - 31) # │ │ │ ┌───────────── month (1 - 12) -# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday; -# │ │ │ │ │ 7 is also Sunday on some systems) +# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday) # │ │ │ │ │ OR sun, mon, tue, wed, thu, fri, sat +# │ │ │ │ │ # │ │ │ │ │ # * * * * * ``` From 968b804c1b216a3ed07bd0074056dc8786697be3 Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 10 Jan 2024 19:59:56 +0100 Subject: [PATCH 179/279] [fr] translate task declare-network-policy --- .../declare-network-policy.md | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 content/fr/docs/tasks/administer-cluster/declare-network-policy.md diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md new file mode 100644 index 0000000000000..e75fbcbfbae02 --- /dev/null +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -0,0 +1,143 @@ +--- +title: Déclarer une politique réseau (NetworkPolicy) +min-kubernetes-server-version: v1.8 +content_type: task +weight: 180 +--- + +Ce document vous aide à utiliser l'[API NetworkPolicy de Kubernetes](/docs/concepts/services-networking/network-policies/) pour déclarer des politiques réseau qui gouvernent la communication entre les pods. + +{{% thirdparty-content %}} + +## {{% heading "prerequisites" %}} + +{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} + +Assurez-vous d'avoir configuré un fournisseur de réseau qui supporte les politiques réseau. De nombreux fournisseurs de réseau prennent en charge les NetworkPolicy, notamment : + +* [Antrea](/docs/tasks/administer-cluster/network-policy-provider/antrea-network-policy/) +* [Calico](/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy/) +* [Cilium](/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy/) +* [Kube-router](/docs/tasks/administer-cluster/network-policy-provider/kube-router-network-policy/) +* [Romana](/docs/tasks/administer-cluster/network-policy-provider/romana-network-policy/) +* [Weave Net](/docs/tasks/administer-cluster/network-policy-provider/weave-network-policy/) + + + +## Créer un déploiement `nginx` et l'exposer via un service + +Pour comprendre comment fonctionne les politiques réseau dans Kubernetes, commencez par créer un déploiement `nginx`. + +```console +kubectl create deployment nginx --image=nginx +``` +```none +deployment.apps/nginx created +``` + +Exposez le déploiement via un service appelé `nginx`. + +```console +kubectl expose deployment nginx --port=80 +``` + +```none +service/nginx exposed +``` + +Les commandes ci-dessus créent un déploiement avec un Pod nginx et exposent le déploiement via un service nommé `nginx`. Le Pod et le déploiement `nginx` se trouvent dans le namespace `default`. + +```console +kubectl get svc,pod +``` + +```none +NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/kubernetes 10.100.0.1 443/TCP 46m +service/nginx 10.100.0.16 80/TCP 33s + +NAME READY STATUS RESTARTS AGE +pod/nginx-701339712-e0qfq 1/1 Running 0 35s +``` + +## Tester le service en y accédant depuis un autre Pod + +Vous devriez pouvoir accéder au nouveau service `nginx` depuis d'autres pods. Pour accéder au service `nginx` depuis un autre pod dans le namespace `default`, démarrez un conteneur busybox : + +```console +kubectl run busybox --rm -ti --image=busybox:1.28 -- /bin/sh +``` + +Dans votre shell, exécutez la commande suivante : + +```shell +wget --spider --timeout=1 nginx +``` + +```none +Connecting to nginx (10.100.0.16:80) +remote file exists +``` + +## Limiter l'accès au service `nginx` + +Pour limiter l'accès au service `nginx` afin que seuls les pods avec le label `access: true` puissent le consulter, créez un objet NetworkPolicy comme suit : + +{{% code_sample file="service/networking/nginx-policy.yaml" %}} + +Le nom d'un objet NetworkPolicy doit être un [nom de sous-domaine DNS valide](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). + +{{< note >}} +Les NetworkPolicy incluent un `podSelector` qui sélectionne le regroupement de pods auxquels la politique s'applique. Vous pouvez voir que cette politique sélectionne les pods avec le label `app=nginx`. Ce label a été ajouté automatiquement au pod dans le déploiement `nginx`. Un `podSelector` vide sélectionne tous les pods dans le namespace. +{{< /note >}} + +## Affecter la politique au service + +Utilisez kubectl pour créer une NetworkPolicy à partir du fichier `nginx-policy.yaml` ci-dessus : + +```console +kubectl apply -f https://k8s.io/examples/service/networking/nginx-policy.yaml +``` + +```none +networkpolicy.networking.k8s.io/access-nginx created +``` + +## Tester l'accès au service lorsque l'étiquette d'accès n'est pas définie +Lorsque vous tentez d'accéder au service `nginx` depuis un pod sans les labels corrects, la requête échoue : + +```console +kubectl run busybox --rm -ti --image=busybox:1.28 -- /bin/sh +``` + +Dans votre shell, exécutez la commande : + +```shell +wget --spider --timeout=1 nginx +``` + +```none +Connecting to nginx (10.100.0.16:80) +wget: download timed out +``` + +## Définir le label d'accès et tester à nouveau + +Vous pouvez créer un pod avec les bons labels pour voir que la requête est autorisée : + +```console +kubectl run busybox --rm -ti --labels="access=true" --image=busybox:1.28 -- /bin/sh +``` + +Dans votre shell, exécutez la commande : + +```shell +wget --spider --timeout=1 nginx +``` + +```none +Connecting to nginx (10.100.0.16:80) +remote file exists +``` + + From 906f672421aabfa3750def83c60fd5aa21432f93 Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 10 Jan 2024 20:00:41 +0100 Subject: [PATCH 180/279] add supporting file --- .../examples/service/networking/nginx-policy.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 content/fr/examples/service/networking/nginx-policy.yaml diff --git a/content/fr/examples/service/networking/nginx-policy.yaml b/content/fr/examples/service/networking/nginx-policy.yaml new file mode 100644 index 0000000000000..89ee9886925e7 --- /dev/null +++ b/content/fr/examples/service/networking/nginx-policy.yaml @@ -0,0 +1,13 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: access-nginx +spec: + podSelector: + matchLabels: + app: nginx + ingress: + - from: + - podSelector: + matchLabels: + access: "true" From a6b2f0311ad3a5fc67fd0e924754ecd20482b652 Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 10 Jan 2024 20:01:10 +0100 Subject: [PATCH 181/279] add translated third party messages --- data/i18n/fr/fr.toml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/data/i18n/fr/fr.toml b/data/i18n/fr/fr.toml index 04d4da4eba39e..c1e2d853a4f4b 100644 --- a/data/i18n/fr/fr.toml +++ b/data/i18n/fr/fr.toml @@ -151,5 +151,19 @@ other = "Fin du support:" [previous_patches] other = "Correctifs publiés:" +[thirdparty_message] +other = """Cette section renvoie à des projets tiers qui fournissent des fonctionnalités requises par Kubernetes. Les auteurs du projet Kubernetes ne sont pas responsables de ces projets, classés par ordre alphabétique. Pour ajouter un projet à cette liste, lisez le     guide avant de soumettre une modification. Plus d'informations.""" + +[thirdparty_message_edit_disclaimer] +other="""Conseils sur le contenu tiers""" + +[thirdparty_message_single_item] +other = """🛇 Cet élément renvoie à un projet ou un produit tiers qui ne fait pas partie de Kubernetes lui-même. Plus d'informations""" + +[thirdparty_message_disclaimer] +other = """

    Les éléments sur cette page font référence à des produits ou projets tiers qui fournissent des fonctionnalités requises par Kubernetes. Les auteurs du projet Kubernetes ne sont pas responsables de ces produits ou projets tiers. Consultez les lignes directrices du site de la CNCF pour plus de détails.

    Vous devriez lire le guide avant de proposer une modification qui ajoute un nouveau lien tiers.

    """ + + [release_date_before] other = "(publiée: " + From fba0b4d65a0014559d09740359ee18afbd27955e Mon Sep 17 00:00:00 2001 From: k0rventen Date: Wed, 10 Jan 2024 20:16:31 +0100 Subject: [PATCH 182/279] minor translation fixes --- .../docs/tasks/administer-cluster/declare-network-policy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md index e75fbcbfbae02..7b8dd6d1719c6 100644 --- a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -103,8 +103,8 @@ kubectl apply -f https://k8s.io/examples/service/networking/nginx-policy.yaml networkpolicy.networking.k8s.io/access-nginx created ``` -## Tester l'accès au service lorsque l'étiquette d'accès n'est pas définie -Lorsque vous tentez d'accéder au service `nginx` depuis un pod sans les labels corrects, la requête échoue : +## Tester l'accès au service lorsque le label d'accès n'est pas défini +Lorsque vous tentez d'accéder au service `nginx` depuis un pod sans les bons labels, la requête échoue : ```console kubectl run busybox --rm -ti --image=busybox:1.28 -- /bin/sh @@ -123,7 +123,7 @@ wget: download timed out ## Définir le label d'accès et tester à nouveau -Vous pouvez créer un pod avec les bons labels pour voir que la requête est autorisée : +Vous pouvez créer un pod avec le bon label pour voir que la requête est autorisée : ```console kubectl run busybox --rm -ti --labels="access=true" --image=busybox:1.28 -- /bin/sh From d65c812b1654c43cd7158e76224bb1353d7e8a8c Mon Sep 17 00:00:00 2001 From: Arhell Date: Thu, 11 Jan 2024 00:37:18 +0200 Subject: [PATCH 183/279] [zh] Fix voyager link --- .../docs/concepts/services-networking/ingress-controllers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/docs/concepts/services-networking/ingress-controllers.md b/content/zh-cn/docs/concepts/services-networking/ingress-controllers.md index d7ee065986d28..1f279e63e1632 100644 --- a/content/zh-cn/docs/concepts/services-networking/ingress-controllers.md +++ b/content/zh-cn/docs/concepts/services-networking/ingress-controllers.md @@ -154,7 +154,7 @@ Kubernetes 作为一个项目,目前支持和维护 * The [Traefik Kubernetes Ingress provider](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) is an ingress controller for the [Traefik](https://traefik.io/traefik/) proxy. * [Tyk Operator](https://github.com/TykTechnologies/tyk-operator) extends Ingress with Custom Resources to bring API Management capabilities to Ingress. Tyk Operator works with the Open Source Tyk Gateway & Tyk Cloud control plane. -* [Voyager](https://appscode.com/products/voyager) is an ingress controller for +* [Voyager](https://voyagermesh.com) is an ingress controller for [HAProxy](https://www.haproxy.org/#desc). * [Wallarm Ingress Controller](https://www.wallarm.com/solutions/waf-for-kubernetes) is an Ingress Controller that provides WAAP (WAF) and API Security capabilities. --> @@ -163,7 +163,7 @@ Kubernetes 作为一个项目,目前支持和维护 * [Tyk Operator](https://github.com/TykTechnologies/tyk-operator) 使用自定义资源扩展 Ingress,为之带来 API 管理能力。Tyk Operator 使用开源的 Tyk Gateway & Tyk Cloud 控制面。 -* [Voyager](https://appscode.com/products/voyager) 是一个针对 +* [Voyager](https://voyagermesh.com) 是一个针对 [HAProxy](https://www.haproxy.org/#desc) 的 Ingress 控制器。 * [Wallarm Ingress Controller](https://www.wallarm.com/solutions/waf-for-kubernetes) 是提供 WAAP(WAF) 和 API 安全功能的 Ingress Controller。 From b320dd30be3530c0782ce58d963c6ecd2f68ad38 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Thu, 11 Jan 2024 09:11:52 +0800 Subject: [PATCH 184/279] [zh] Sync /kubeadm/install-kubeadm.md --- .../tools/kubeadm/install-kubeadm.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index c6f5fe78028a9..43cc975084a77 100644 --- a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -334,6 +334,15 @@ These instructions are for Kubernetes {{< skew currentVersion >}}. curl -fsSL https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg ``` + {{< note >}} + + 在 Debian 12 和 Ubuntu 22.04 之前的早期版本中,默认情况下不存在 `/etc/apt/keyrings` 目录; + 你可以通过运行 `sudo mkdir -m 755 /etc/apt/keyrings` 来创建此目录。 + {{< /note >}} + -在 Debian 12 和 Ubuntu 22.04 之前的早期版本中,默认情况下不存在 `/etc/apt/keyrings` 目录; -你可以通过运行 `sudo mkdir -m 755 /etc/apt/keyrings` 来创建它。 -{{< /note >}} - {{% /tab %}} {{% tab name="基于 Red Hat 的发行版" %}} @@ -538,12 +538,12 @@ systemctl enable --now kubelet Flatcar Container Linux 发行版会将 `/usr/` 目录挂载为一个只读文件系统。 在启动引导你的集群之前,你需要执行一些额外的操作来配置一个可写入的目录。 -参见 [kubeadm 故障排查指南](/zh-cn/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#usr-mounted-read-only/) +参见 [kubeadm 故障排查指南](/zh-cn/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#usr-mounted-read-only) 以了解如何配置一个可写入的目录。 {{< /note >}} From ba8e352278a8983f22adbe6f6283df8ab8a605b4 Mon Sep 17 00:00:00 2001 From: steve-hardman <132999137+steve-hardman@users.noreply.github.com> Date: Thu, 11 Jan 2024 01:25:16 +0000 Subject: [PATCH 185/279] Update redirects Co-authored-by: Dipesh Rawat --- static/_redirects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/_redirects b/static/_redirects index 249e536ef78c4..77d9f6c755349 100644 --- a/static/_redirects +++ b/static/_redirects @@ -169,7 +169,7 @@ /docs/reference/deprecation-policy/ /docs/reference/using-api/deprecation-policy/ 301 -/docs/reference/generated/kubectl/kubectl_commands/ docs/reference/kubectl/ 301 +/docs/reference/generated/kubectl/kubectl-commands/ /docs/reference/kubectl/ 301 /docs/reference/generated/cloud-controller-manager/ /docs/reference/command-line-tools-reference/cloud-controller-manager/ 301 /docs/reference/generated/kubelet/ /docs/reference/command-line-tools-reference/kubelet/ 301 /docs/reference/generated/kube-apiserver/ /docs/reference/command-line-tools-reference/kube-apiserver/ 301 From 604a46193ee35621a381fcf0d5b9d5e2f09ff666 Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Thu, 11 Jan 2024 10:25:11 +0800 Subject: [PATCH 186/279] [zh] resync guestbook/YAMLs --- .../examples/application/guestbook/frontend-deployment.yaml | 2 +- .../application/guestbook/redis-follower-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/examples/application/guestbook/frontend-deployment.yaml b/content/zh-cn/examples/application/guestbook/frontend-deployment.yaml index 95f066586d220..3ab03a3ffabb9 100644 --- a/content/zh-cn/examples/application/guestbook/frontend-deployment.yaml +++ b/content/zh-cn/examples/application/guestbook/frontend-deployment.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: php-redis - image: gcr.io/google_samples/gb-frontend:v5 + image: us-docker.pkg.dev/google-samples/containers/gke/gb-frontend:v5 env: - name: GET_HOSTS_FROM value: "dns" diff --git a/content/zh-cn/examples/application/guestbook/redis-follower-deployment.yaml b/content/zh-cn/examples/application/guestbook/redis-follower-deployment.yaml index 2d96e049a1d10..bdcd3e510deff 100644 --- a/content/zh-cn/examples/application/guestbook/redis-follower-deployment.yaml +++ b/content/zh-cn/examples/application/guestbook/redis-follower-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: follower - image: gcr.io/google_samples/gb-redis-follower:v2 + image: us-docker.pkg.dev/google-samples/containers/gke/gb-redis-follower:v2 resources: requests: cpu: 100m From 22de82adbd1d0941f8cdaec0ec7ed0c1c5260ffb Mon Sep 17 00:00:00 2001 From: John Gaughan <75457317+john-gaughan@users.noreply.github.com> Date: Wed, 10 Jan 2024 21:59:51 -0500 Subject: [PATCH 187/279] Add clause about waiting for new pods before removing old ones Co-authored-by: Tim Bannister --- .../docs/tutorials/kubernetes-basics/update/update-intro.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html b/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html index b0f7c94fdced4..f151f5a8e21fc 100644 --- a/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html +++ b/content/en/docs/tutorials/kubernetes-basics/update/update-intro.html @@ -27,7 +27,7 @@

    Objectives

    Updating an application

    -

    Users expect applications to be available all the time, and developers are expected to deploy new versions of them several times a day. In Kubernetes this is done with rolling updates. A rolling update allows a Deployment update to take place with zero downtime. It does this by incrementally replacing the current Pods with new ones. The new Pods are scheduled on Nodes with available resources.

    +

    Users expect applications to be available all the time, and developers are expected to deploy new versions of them several times a day. In Kubernetes this is done with rolling updates. A rolling update allows a Deployment update to take place with zero downtime. It does this by incrementally replacing the current Pods with new ones. The new Pods are scheduled on Nodes with available resources, and Kubernetes waits for those new Pods to start before removing the old Pods.

    In the previous module we scaled our application to run multiple instances. This is a requirement for performing updates without affecting application availability. By default, the maximum number of Pods that can be unavailable during the update and the maximum number of new Pods that can be created, is one. Both options can be configured to either numbers or percentages (of Pods). In Kubernetes, updates are versioned and any Deployment update can be reverted to a previous (stable) version.

    From d23027e8569083fd5b8d1356158819d704d7f936 Mon Sep 17 00:00:00 2001 From: coco <49311792+k0rventen@users.noreply.github.com> Date: Thu, 11 Jan 2024 11:23:20 +0100 Subject: [PATCH 188/279] Update content/fr/docs/tasks/administer-cluster/declare-network-policy.md Co-authored-by: Tim Bannister --- .../fr/docs/tasks/administer-cluster/declare-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md index 7b8dd6d1719c6..e2b26da3fb22e 100644 --- a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -45,7 +45,7 @@ kubectl expose deployment nginx --port=80 service/nginx exposed ``` -Les commandes ci-dessus créent un déploiement avec un Pod nginx et exposent le déploiement via un service nommé `nginx`. Le Pod et le déploiement `nginx` se trouvent dans le namespace `default`. +Les commandes ci-dessus créent un déploiement avec un Pod nginx et exposent le déploiement via un service nommé `nginx`. Le Pod et le Deployment `nginx` se trouvent dans le namespace `default`. ```console kubectl get svc,pod From 56b86fe336f6039c261c98eeb0b38c99b766751a Mon Sep 17 00:00:00 2001 From: coco <49311792+k0rventen@users.noreply.github.com> Date: Thu, 11 Jan 2024 11:23:29 +0100 Subject: [PATCH 189/279] Update content/fr/docs/tasks/administer-cluster/declare-network-policy.md Co-authored-by: Tim Bannister --- .../fr/docs/tasks/administer-cluster/declare-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md index e2b26da3fb22e..27c664ffd5851 100644 --- a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -60,7 +60,7 @@ NAME READY STATUS RESTARTS AGE pod/nginx-701339712-e0qfq 1/1 Running 0 35s ``` -## Tester le service en y accédant depuis un autre Pod +## Tester le Service en y accédant depuis un autre Pod Vous devriez pouvoir accéder au nouveau service `nginx` depuis d'autres pods. Pour accéder au service `nginx` depuis un autre pod dans le namespace `default`, démarrez un conteneur busybox : From 6f32ad1d84fdc0d8e86413b5ce8a637bd2a69f54 Mon Sep 17 00:00:00 2001 From: coco <49311792+k0rventen@users.noreply.github.com> Date: Thu, 11 Jan 2024 11:23:41 +0100 Subject: [PATCH 190/279] Update content/fr/docs/tasks/administer-cluster/declare-network-policy.md Co-authored-by: Tim Bannister --- .../fr/docs/tasks/administer-cluster/declare-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md index 27c664ffd5851..e55e84fdf4568 100644 --- a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -24,7 +24,7 @@ Assurez-vous d'avoir configuré un fournisseur de réseau qui supporte les polit -## Créer un déploiement `nginx` et l'exposer via un service +## Créer un Deployment `nginx` et l'exposer via un Service Pour comprendre comment fonctionne les politiques réseau dans Kubernetes, commencez par créer un déploiement `nginx`. From 4f17a43a5b57384180f26e9f691a03450d77f58b Mon Sep 17 00:00:00 2001 From: coco <49311792+k0rventen@users.noreply.github.com> Date: Thu, 11 Jan 2024 11:23:49 +0100 Subject: [PATCH 191/279] Update content/fr/docs/tasks/administer-cluster/declare-network-policy.md Co-authored-by: Tim Bannister --- .../fr/docs/tasks/administer-cluster/declare-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md index e55e84fdf4568..92707ff02e821 100644 --- a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -79,7 +79,7 @@ Connecting to nginx (10.100.0.16:80) remote file exists ``` -## Limiter l'accès au service `nginx` +## Limiter l'accès au Service `nginx` Pour limiter l'accès au service `nginx` afin que seuls les pods avec le label `access: true` puissent le consulter, créez un objet NetworkPolicy comme suit : From fdf82d71c85463dfc3331e65c25afe7b6183a41b Mon Sep 17 00:00:00 2001 From: coco <49311792+k0rventen@users.noreply.github.com> Date: Thu, 11 Jan 2024 11:23:56 +0100 Subject: [PATCH 192/279] Update content/fr/docs/tasks/administer-cluster/declare-network-policy.md Co-authored-by: Tim Bannister --- .../fr/docs/tasks/administer-cluster/declare-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md index 92707ff02e821..46bfdbf0d4293 100644 --- a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -103,7 +103,7 @@ kubectl apply -f https://k8s.io/examples/service/networking/nginx-policy.yaml networkpolicy.networking.k8s.io/access-nginx created ``` -## Tester l'accès au service lorsque le label d'accès n'est pas défini +## Tester l'accès au Service lorsque le label d'accès n'est pas défini Lorsque vous tentez d'accéder au service `nginx` depuis un pod sans les bons labels, la requête échoue : ```console From 302ce29b27f642b77c8be881a8048a6907e8176e Mon Sep 17 00:00:00 2001 From: coco <49311792+k0rventen@users.noreply.github.com> Date: Thu, 11 Jan 2024 11:24:13 +0100 Subject: [PATCH 193/279] Update content/fr/docs/tasks/administer-cluster/declare-network-policy.md Co-authored-by: Tim Bannister --- .../fr/docs/tasks/administer-cluster/declare-network-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md index 46bfdbf0d4293..d5b9ef6daa8a4 100644 --- a/content/fr/docs/tasks/administer-cluster/declare-network-policy.md +++ b/content/fr/docs/tasks/administer-cluster/declare-network-policy.md @@ -91,7 +91,7 @@ Le nom d'un objet NetworkPolicy doit être un [nom de sous-domaine DNS valide](/ Les NetworkPolicy incluent un `podSelector` qui sélectionne le regroupement de pods auxquels la politique s'applique. Vous pouvez voir que cette politique sélectionne les pods avec le label `app=nginx`. Ce label a été ajouté automatiquement au pod dans le déploiement `nginx`. Un `podSelector` vide sélectionne tous les pods dans le namespace. {{< /note >}} -## Affecter la politique au service +## Affecter la politique au Service Utilisez kubectl pour créer une NetworkPolicy à partir du fichier `nginx-policy.yaml` ci-dessus : From 2c60938832cf287b8fa2cc7cbee49e67d5aa4470 Mon Sep 17 00:00:00 2001 From: coco <49311792+k0rventen@users.noreply.github.com> Date: Thu, 11 Jan 2024 11:24:25 +0100 Subject: [PATCH 194/279] Update data/i18n/fr/fr.toml Co-authored-by: Tim Bannister --- data/i18n/fr/fr.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/i18n/fr/fr.toml b/data/i18n/fr/fr.toml index c1e2d853a4f4b..cc902370c0fe8 100644 --- a/data/i18n/fr/fr.toml +++ b/data/i18n/fr/fr.toml @@ -161,7 +161,7 @@ other="""Conseils sur le contenu tiers""" other = """🛇 Cet élément renvoie à un projet ou un produit tiers qui ne fait pas partie de Kubernetes lui-même. Plus d'informations""" [thirdparty_message_disclaimer] -other = """

    Les éléments sur cette page font référence à des produits ou projets tiers qui fournissent des fonctionnalités requises par Kubernetes. Les auteurs du projet Kubernetes ne sont pas responsables de ces produits ou projets tiers. Consultez les lignes directrices du site de la CNCF pour plus de détails.

    Vous devriez lire le guide avant de proposer une modification qui ajoute un nouveau lien tiers.

    """ +other = """

    Certains éléments sur cette page font référence à des produits ou projets tiers qui fournissent des fonctionnalités requises par Kubernetes. Les auteurs du projet Kubernetes ne sont pas responsables de ces produits ou projets tiers. Consultez les lignes directrices du site de la CNCF pour plus de détails.

    Vous devriez lire le guide avant de proposer une modification qui ajoute un nouveau lien tiers.

    """ [release_date_before] From bf8edeedfc61f39f7522ebbb9f8daf91b313d63b Mon Sep 17 00:00:00 2001 From: xin gu <418294249@qq.com> Date: Thu, 11 Jan 2024 21:32:35 +0800 Subject: [PATCH 195/279] sync nodes replicaset statefulset --- content/zh-cn/docs/concepts/architecture/nodes.md | 2 +- .../docs/concepts/workloads/controllers/replicaset.md | 2 +- .../docs/concepts/workloads/controllers/statefulset.md | 10 ++++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/docs/concepts/architecture/nodes.md b/content/zh-cn/docs/concepts/architecture/nodes.md index 92e6e9a7a2d95..628351fa25d5c 100644 --- a/content/zh-cn/docs/concepts/architecture/nodes.md +++ b/content/zh-cn/docs/concepts/architecture/nodes.md @@ -534,7 +534,7 @@ If you want to explicitly reserve resources for non-Pod processes, see --> ## 节点拓扑 {#node-topology} -{{< feature-state state="beta" for_k8s_version="v1.18" >}} +{{< feature-state state="stable" for_k8s_version="v1.27" >}} 采用这种方式,一个 ReplicaSet 中可以包含异质的 Pod 集合。 diff --git a/content/zh-cn/docs/concepts/workloads/controllers/statefulset.md b/content/zh-cn/docs/concepts/workloads/controllers/statefulset.md index a7b94ca4a99aa..083d7b9f4e5b1 100644 --- a/content/zh-cn/docs/concepts/workloads/controllers/statefulset.md +++ b/content/zh-cn/docs/concepts/workloads/controllers/statefulset.md @@ -167,6 +167,16 @@ spec: storage: 1Gi ``` +{{< note >}} + +这个示例出于简化考虑使用了 `ReadWriteOnce` 访问模式。但对于生产环境, +Kubernetes 项目建议使用 `ReadWriteOncePod` 访问模式。 +{{< /note >}} + diff --git a/content/ru/docs/reference/glossary/object.md b/content/ru/docs/reference/glossary/object.md new file mode 100644 index 0000000000000..83084122901b9 --- /dev/null +++ b/content/ru/docs/reference/glossary/object.md @@ -0,0 +1,18 @@ +--- +title: Объект +id: object +date: 2023-11-20 +full_link: /ru/docs/concepts/overview/working-with-objects/ +short_description: > + Сущность в системе Kubernetes, представляющая часть состояния кластера. +aka: +tags: +- fundamental +--- +Сущность в системе Kubernetes. Kubernetes использует их для представления состояния кластера. + +Объект Kubernetes обычно представляет собой «запись о намерениях»: как только объект создан, +{{< glossary_tooltip text="слой управления" term_id="control-plane" >}} Kubernetes обеспечивает гарантию того, +что элемент, который этот объект представляет, действительно существует. +Создавая объект, вы фактически указываете системе Kubernetes, как должна +выглядеть эта часть рабочей нагрузки кластера; это желаемое состояние вашего кластера. diff --git a/content/ru/docs/reference/glossary/workload.md b/content/ru/docs/reference/glossary/workload.md new file mode 100644 index 0000000000000..1a5dd9e897fd1 --- /dev/null +++ b/content/ru/docs/reference/glossary/workload.md @@ -0,0 +1,21 @@ +--- +title: Рабочая нагрузка +id: workload +date: 2023-11-20 +full_link: /ru/docs/concepts/workloads/ +short_description: > + Рабочая нагрузка — это приложение, работающее в Kubernetes. + +aka: +tags: +- fundamental +--- + Рабочая нагрузка — это приложение, работающее в Kubernetes. + + + +DaemonSet, Deployment, Job, ReplicaSet и StatefulSet являются основными объектами, представляющими собой различные типы рабочей нагрузки. + +Например, рабочая нагрузка, включающая в себя веб-сервер и базу данных, может запускать +базу данных в одном {{< glossary_tooltip term_id="StatefulSet" >}}, а веб-сервер — +в {{< glossary_tooltip term_id="Deployment" >}}. From 0d4363668e9b76e7f6071a0196960f097d7ac9b2 Mon Sep 17 00:00:00 2001 From: drewhagen Date: Thu, 11 Jan 2024 20:43:14 -0600 Subject: [PATCH 197/279] Approval permission for 1.30 Release --- OWNERS_ALIASES | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index b1df062cdb7ee..b3c8610269da7 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -27,7 +27,8 @@ aliases: - rlenferink sig-docs-en-owners: # Admins for English content - divya-mohan0209 - - katcosgrove # RT 1.29 Docs Lead + - katcosgrove # RT 1.30 Lead + - drewhagen # RT 1.30 Docs Lead - natalisucks - nate-double-u - onlydole From 0ba78d5f486f79a36d2b2f55f05ccbc30f7160b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Fri, 12 Jan 2024 14:55:38 +0100 Subject: [PATCH 198/279] Update legacy packages blog post with a note about available releases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- .../index.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md b/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md index 00ae52cd93a98..19caa82eb8e14 100644 --- a/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md +++ b/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md @@ -98,6 +98,11 @@ we'll only publish packages to the new package repositories (`pkgs.k8s.io`). Kubernetes 1.29 and onwards will have packages published **only** to the community-owned repositories (`pkgs.k8s.io`). +### What releases are available in the new community-owned package repositories? + +All releases starting from Kubernetes v1.24.0 are available in the +community-owned package repositories (`pkgs.k8s.io`). + ## Can I continue to use the legacy package repositories? ~~The existing packages in the legacy repositories will be available for the foreseeable From fa09f710158c902df38069e309d4369c1ee69e0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Fri, 12 Jan 2024 15:13:58 +0100 Subject: [PATCH 199/279] Update content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md Co-authored-by: Tim Bannister --- .../index.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md b/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md index 19caa82eb8e14..b186585263339 100644 --- a/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md +++ b/content/en/blog/_posts/2023-08-31-legacy-package-repository-deprecation/index.md @@ -100,8 +100,10 @@ community-owned repositories (`pkgs.k8s.io`). ### What releases are available in the new community-owned package repositories? -All releases starting from Kubernetes v1.24.0 are available in the -community-owned package repositories (`pkgs.k8s.io`). +Linux packages for releases starting from Kubernetes v1.24.0 are available in the +Kubernetes package repositories (`pkgs.k8s.io`). Kubernetes does not have official +Linux packages available for earlier releases of Kubernetes; however, your Linux +distribution may provide its own packages. ## Can I continue to use the legacy package repositories? From 0e05396f1b98af9f2be64c9604e87790be658957 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Fri, 12 Jan 2024 14:38:25 +0000 Subject: [PATCH 200/279] Recommend replicating encryption key When using API encryption at rest without KMS, the same encryption key must be securely replicated to all the hosts that run a kube-apiserver. Document that. --- .../docs/tasks/administer-cluster/encrypt-data.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md index 7c89b2fc82824..6bac400b0feda 100644 --- a/content/en/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/en/docs/tasks/administer-cluster/encrypt-data.md @@ -324,6 +324,10 @@ appropriate for your security needs. ### Generate the encryption key {#generate-key-no-kms} +The following steps assume that you are not using KMS, and therefore the steps also +assume that you need to generate an encryption key. If you already have an encryption key, +skip to [Write an encryption configuration file](#write-an-encryption-configuration-file). + {{< caution >}} Storing the raw encryption key in the EncryptionConfig only moderately improves your security posture, compared to no encryption. @@ -375,6 +379,15 @@ Keep the encryption key confidential, including whilst you generate it and ideally even after you are no longer actively using it. {{< /note >}} +### Replicate the encryption key + +Using a secure mechanism for file transfer, make a copy of that encryption key +available to every other control plane host. + +At a minimum, use encryption in transit - for example, secure shell (SSH). For more +security, use asymmetric encryption between hosts, or change the approach you are using +so that you're relying on KMS encryption. + ### Write an encryption configuration file {{< caution >}} From 9ce2dffcc0abb2d4129016697fd6d6add830c4cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Fri, 12 Jan 2024 15:30:34 +0100 Subject: [PATCH 201/279] Update pkgs.k8s.io blog post with information about removing legacy repos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- .../2023-08-15-pkgs-k8s-io-introduction.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/content/en/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md b/content/en/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md index 38ec5fd9db8c4..755b4ce04ddf7 100644 --- a/content/en/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md +++ b/content/en/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md @@ -18,38 +18,38 @@ This blog post contains information about these new package repositories, what does it mean to you as an end user, and how to migrate to the new repositories. -**ℹ️ Update (August 31, 2023):** the _**legacy Google-hosted repositories are deprecated -and will be frozen starting with September 13, 2023.**_ +**ℹ️ Update (January 12, 2024):** the _**legacy Google-hosted repositories are going +away in January 2024.**_ Check out [the deprecation announcement](/blog/2023/08/31/legacy-package-repository-deprecation/) for more details about this change. ## What you need to know about the new package repositories? -_(updated on August 31, 2023)_ +_(updated on January 12, 2024)_ - This is an **opt-in change**; you're required to manually migrate from the Google-hosted repository to the Kubernetes community-owned repositories. See [how to migrate](#how-to-migrate) later in this announcement for migration information and instructions. -- The legacy Google-hosted repositories are **deprecated as of August 31, 2023**, - and will be **frozen approximately as of September 13, 2023**. The freeze will happen - immediately following the patch releases that are scheduled for September 2023. - Freezing the legacy repositories means that we will publish packages for the Kubernetes - project only to the community-owned repositories as of the September 13, 2023 cut-off point. +- **The legacy Google-hosted package repositories are going away in January 2024.** These repositories + have been **deprecated as of August 31, 2023**, and **frozen as of September 13, 2023**. Check out the [deprecation announcement](/blog/2023/08/31/legacy-package-repository-deprecation/) for more details about this change. -- The existing packages in the legacy repositories will be available for the foreseeable future. +- ~~The existing packages in the legacy repositories will be available for the foreseeable future. However, the Kubernetes project can't provide any guarantees on how long is that going to be. The deprecated legacy repositories, and their contents, might be removed at any time in the future - and without a further notice period. + and without a further notice period.~~ **The legacy package repositories are going away in + January 2024.** - Given that no new releases will be published to the legacy repositories after the September 13, 2023 cut-off point, you will not be able to upgrade to any patch or minor release made from that date onwards if you don't migrate to the new Kubernetes package repositories. That said, we recommend migrating to the new Kubernetes package repositories **as soon as possible**. - The new Kubernetes package repositories contain packages beginning with those Kubernetes versions that were still under support when the community took - over the package builds. This means that anything before v1.24.0 will only be - available in the Google-hosted repository. + over the package builds. This means that the new package repositories have Linux packages for all + Kubernetes releases starting with v1.24.0. +- Kubernetes does not have official Linux packages available for earlier releases of Kubernetes; + however, your Linux distribution may provide its own packages. - There's a dedicated package repository for each Kubernetes minor version. When upgrading to a different minor release, you must bear in mind that the package repository details also change. From aeea2f03df753ea6a861166954d0145dbf180fa1 Mon Sep 17 00:00:00 2001 From: Gauravpadam <1032201077@tcetmumbai.in> Date: Fri, 12 Jan 2024 21:27:58 +0530 Subject: [PATCH 202/279] Blog for SIG Release spotlight --- .../2024-01-15-SIG-Release-Spotlight/index.md | 173 ++++++++++++++++++ .../sig-release-meetings.png | Bin 0 -> 212668 bytes .../sig-release-motivation.png | Bin 0 -> 179299 bytes .../sig-release-overview.png | Bin 0 -> 265483 bytes 4 files changed, 173 insertions(+) create mode 100644 content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/index.md create mode 100644 content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/sig-release-meetings.png create mode 100644 content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/sig-release-motivation.png create mode 100644 content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/sig-release-overview.png diff --git a/content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/index.md b/content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/index.md new file mode 100644 index 0000000000000..460dd27fff976 --- /dev/null +++ b/content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/index.md @@ -0,0 +1,173 @@ +--- +layout: blog +title: "Spotlight on SIG Release (Release Team Subproject)" +date: 2024-01-15 +slug: sig-release-spotlight-2023 +canonicalUrl: https://www.kubernetes.dev/blog/2024/01/15/sig-release-spotlight-2023/ +--- + +**Author:** Nitish Kumar + +The Release Special Interest Group (SIG Release), where Kubernetes sharpens its blade +with cutting-edge features and bug fixes every 4 months. Have you ever considered how such a big +project like Kubernetes manages its timeline so efficiently to release its new version, or how +the internal workings of the Release Team look like? If you're curious about these questions or +want to know more and get involved with the work SIG Release does, read on! + +SIG Release plays a crucial role in the development and evolution of Kubernetes. +Its primary responsibility is to manage the release process of new versions of Kubernetes. +It operates on a regular release cycle, [typically every three to four months](https://www.kubernetes.dev/resources/release/). +During this cycle, the Kubernetes Release Team works closely with other SIGs and contributors +to ensure a smooth and well-coordinated release. This includes planning the release schedule, setting deadlines for code freeze and testing +phases, as well as creating release artefacts like binaries, documentation, and release notes. + +Before you read further, it is important to note that there are two subprojects under SIG +Release - _Release Engineering_ and _Release Team_. + +In this blog post, [Nitish Kumar](https://twitter.com/nitishfy) interviews Verónica +López (PlanetScale), Technical Lead of SIG Release, with the spotlight on the Release Team +subproject, how the release process looks like, and ways to get involved. + + 1. **What is the typical release process for a new version of Kubernetes, from initial planning + to the final release? Are there any specific methodologies and tools that you use to ensure a smooth release?** + + The release process for a new Kubernetes version is a well-structured and community-driven + effort. There are no specific methodologies or + tools as such that we follow, except a calendar with a series of steps to keep things organised. + The complete release process looks like this: + + - **Release Team Onboarding:** We start with the formation of a Release Team, which includes + volunteers from the Kubernetes community who will be responsible for managing different + components of the new release. This is typically done before the previous release is about to + wrap up. Once the team is formed, new members are onboarded while the Release Team Lead and + the Branch Manager propose a calendar for the usual deliverables. As an example, you can take a look + at [the v1.29 team formation issue](https://github.com/kubernetes/sig-release/issues/2307) created at the SIG Release + repository. For a contributor to be the part of Release Team, they typically go through the + Release Shadow program, but that's not the only way to get involved with SIG Release. + + - **Beginning Phase:** In the initial weeks of each release cycle, SIG Release diligently + tracks the progress of new features and enhancements outlined in Kubernetes Enhancement + Proposals (KEPs). While not all of these features are entirely new, they often commence + their journey in the alpha phase, subsequently advancing to the beta stage, and ultimately + attaining the status of stability. + + - **Feature Maturation Phase:** We usually cut a couple of Alpha releases, containing new + features in an experimental state, to gather feedback from the community, followed by a + couple of Beta releases, where features are more stable and the focus is on fixing bugs. Feedback + from users is critical at this stage, to the point where sometimes we need to cut an + additional Beta release to address bugs or other concerns that may arise during this phase. Once + this is cleared, we cut a _release candidate_ (RC) before the actual release. Throughout + the cycle, efforts are made to update and improve documentation, including release notes + and user guides, a process that, in my opinion, deserves its own post. + + - **Stabilisation Phase:** A few weeks before the new release, we implement a _code freeze_, and + no new features are allowed after this point: this allows the focus to shift towards testing + and stabilisation. In parallel to the main release, we keep cutting monthly patches of old, + officially supported versions of Kubernetes, so you could say that the lifecycle of a Kubernetes + version extends for several months afterwards. Throughout the complete release cycle, efforts + are made to update and improve documentation, including release notes and user guides, a + process that, in our opinion, deserves its own post. + + ![Release team onboarding; beginning phase; stabalization phase; feature maturation phase](sig-release-overview.png) + + +2. **How do you handle the balance between stability and introducing new features in each + release? What criteria are used to determine which features make it into a release?** + + It’s a neverending mission, however, we think + that the key is in respecting our process and guidelines. Our guidelines are the result of + hours of discussions and feedback from dozens of members of the community who bring a wealth of knowledge and experience to the project. If we + didn’t have strict guidelines, we would keep having the same discussions over and over again, + instead of using our time for more productive topics that needs our attention. All the + critical exceptions require consensus from most of the team members, so we can ensure quality. + + The process of deciding what makes it into a release starts way before the Release Teams + takes over the workflows. Each individual SIG along with the most experienced contributors + gets to decide whether they’d like to include a feature or change, so the planning and ultimate + approval usually belongs to them. Then, the Release Team makes sure those contributions meet + the requirements of documentation, testing, backwards compatibility, among others, before + officially allowing them in. A similar process happens with cherry-picks for the monthly patch + releases, where we have strict policies about not accepting PRs that would require a full KEP, + or fixes that don’t include all the affected branches. + +3. **What are some of the most significant challenges you’ve encountered while developing +and releasing Kubernetes? How have you overcome these challenges?** + + Every cycle of release brings its own array of + challenges. It might involve tackling last-minute concerns like newly discovered Common Vulnerabilities and Exposures (CVEs), + resolving bugs within our internal tools, or addressing unexpected regressions caused by + features from previous releases. Another obstacle we often face is that, although our + team is substantial, most of us contribute on a volunteer basis. Sometimes it can feel like + we’re a bit understaffed, however we always manage to get organised and make it work. + +4. **As a new contributor, what should be my ideal path to get involved with SIG Release? In +a community where everyone is busy with their own tasks, how can I find the right set of tasks to contribute effectively to it?** + + Everyone's way of getting involved within the Open Source community is different. SIG Release + is a self-serving team, meaning that we write our own tools to be able to ship releases. We + collaborate a lot with other SIGs, such as [SIG K8s Infra](https://github.com/kubernetes/community/blob/master/sig-k8s-infra/README.md), but all the tools that we used needs to be + tailor-made for our massive technical needs, while reducing costs. This means that we are + constantly looking for volunteers who’d like to help with different types of projects, beyond “just” cutting a release. + + Our current project requires a mix of skills like [Go](https://go.dev/) programming, + understanding Kubernetes internals, Linux packaging, supply chain security, technical + writing, and general open-source project maintenance. This skill set is always evolving as our project grows. + + For an ideal path, this is what we suggest: + + - Get yourself familiar with the code, including how features are managed, the release calendar, and the overall structure of the Release Team. + - Join the Kubernetes community communication channels, such as [Slack](https://communityinviter.com/apps/kubernetes/community) (#sig-release), where we are particularly active. + - Join the [SIG Release weekly meetings](https://github.com/kubernetes/community/tree/master/sig-release#meetings) + which are open to all in the community. Participating in these meetings is a great way to learn about ongoing and future projects that + you might find relevant for your skillset and interests. + + Remember, every experienced contributor was once in your shoes, and the community is often more than willing to guide and support newcomers. + Don't hesitate to ask questions, engage in discussions, and take small steps to contribute. + ![sig-release-questions](sig-release-meetings.png) + +5. **What is the Release Shadow Program and how is it different from other shadow programs included in various other SIGs?** + + The Release Shadow Program offers a chance for interested individuals to shadow experienced + members of the Release Team throughout a Kubernetes release cycle. This is a unique chance to see all the hard work that a + Kubernetes release requires across sub-teams. A lot of people think that all we do is cut a release every three months, but that’s just the + top of the iceberg. + + Our program typically aligns with a specific Kubernetes release cycle, which has a + predictable timeline of approximately three months. While this program doesn’t involve writing new Kubernetes features, it still + requires a high sense of responsibility since the Release Team is the last step between a new release and thousands of contributors, so it’s a + great opportunity to learn a lot about modern software development cycles at an accelerated pace. + +6. **What are the qualifications that you generally look for in a person to volunteer as a release shadow/release lead for the next Kubernetes release?** + + While all the roles require some degree of technical ability, some require more hands-on + experience with Go and familiarity with the Kubernetes API while others require people who + are good at communicating technical content in a clear and concise way. It’s important to mention that we value enthusiasm and commitment over + technical expertise from day 1. If you have the right attitude and show us that you enjoy working with Kubernetes and or/release + engineering, even if it’s only through a personal project that you put together in your spare time, the team will make sure to guide + you. Being a self-starter and not being afraid to ask questions can take you a long way in our team. + +7. **What will you suggest to someone who has got rejected from being a part of the Release Shadow Program several times?** + + Keep applying. + + With every release cycle we have had an exponential growth in the number of applicants, + so it gets harder to be selected, which can be discouraging, but please know that getting rejected doesn’t mean you’re not talented. It’s + just practically impossible to accept every applicant, however here's an alternative that we suggest: + + *Start attending our weekly Kubernetes SIG Release meetings to introduce yourself and get familiar with the team and the projects we are working on.* + + The Release Team is one of the way to join SIG Release, but we are always looking for more hands to help. Again, in addition to certain + technical ability, the most sought after trait that we look for is people we can trust, and that requires time. + ![sig-release-motivation](sig-release-motivation.png) + +8. **Can you discuss any ongoing initiatives or upcoming features that the release team is particularly excited about for Kubernetes v1.28? How do these advancements align with the long-term vision of Kubernetes?** + + We are excited about finally publishing Kubernetes packages on community infrastructure. It has been something that we have been wanting to do for a few years now, but it’s a project + with many technical implications that must be in place before doing the transition. Once that’s done, we’ll be able to increase our productivity and take control of the entire workflows. + +## Final thoughts + +Well, this conversation ends here but not the learning. I hope this interview has given you some idea about what SIG Release does and how to +get started in helping out. It is important to mention again that this article covers the first subproject under SIG Release, the Release Team. +In the next Spotlight blog on SIG Release, we will provide a spotlight on the Release Engineering subproject, what it does and how to +get involved. Finally, you can go through the [SIG Release charter](https://github.com/kubernetes/community/tree/master/sig-release) to get a more in-depth understanding of how SIG Release operates. \ No newline at end of file diff --git a/content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/sig-release-meetings.png b/content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/sig-release-meetings.png new file mode 100644 index 0000000000000000000000000000000000000000..96c01b6a4dceb0ef4370e193b2a948d4cd171b6c GIT binary patch literal 212668 zcmXtA1yodR*F{AI1*AKqySqWUyGyzU7`jEIyIYiIDCq`~ZYc=~>F)0T;r-Ts*Fr=m zF87|;d!KzKOj%J1`3?RXI5;?D8EJ7iBM z?q#|AV4C0jY-g{g%vj{IpV(@pDg5|dTRASrg!kQ#h5Nm5uVnt?y(Bfe8AZj)g#b%Y zaZ%Pcbg~I3pUJ*ZWb9F8DEu9!;y=IarIPzlLB_T;N}Wy7eAse2w6`~O+M;jv?=vH8?T`eJlB?om2xGjLXj?o{Py!PeK_XymlxU@0w5 z)WifmoB;zRBrYj=X_*BElkDB68C*16%C>iN&%Wcl@GUYbTt7F++9ju)a5!e4%ay<5 z+cd4e3^g)dy1lu1u)`4ix)dw_`u1k*2yZ_|zJ2F%ORH&GhavvuC+^2n2!D{TQPPbd z9twZ-(gc?`A0E}y(Qbe#@!cV2WS-|()6nNZXN1R;hg>rHRh=-;<)u5l{o|4~gLigG z+4r^*-@OunUxq!0yZYYomPVU%DZCfvBdtUeZ6mcxCwuGFHiH3%?E8r|ftk5wr2aon z_B`}obM!(+PQS-mrZ^L=x!d}eulwGYqO7H&4A!>1b0*qyx9x32>2}{$HXO9)JP*8w z>~G)cP{=(0*A)=R!uoW~8ky-pF8z&r6*GCZ^2jNo!obl#7CB>+nfl*Bh@hLH%m`O9 z<@JT)zi05yp-D{e{O_*_x~I}POr89u)9Yt?hop*2dPR==ip{tV|RYUR7;E zT26_Yn>!{!Q7EYG{$`@kL70t=J*H+W1S#Sg6}*iA!gFo$AK~J<6nJq|~)~*h9VEo?*SYJgOe$HK{tl z{WCQ;KMhW8rb8X}F502pu#exNy`SHqwX)agyD~z3b0lYp*6}tqiIh?M-atviMH2z< z!PT=6o$<~X2^K+cokB2W;AA3ksmc&U%rz(-+V8o*uaAj^wS0PgwNvua>Qx-ceQ227 z34sW@2&VB=ILXy?yW#Trw4v?g!~Ht}krXC_G*;7Bwtq@37Unq5cKr#Bz6f`&7Qe?u zh>eSrk+h&HM8O-#emul)a=CVmG;$63!IUw4QL^`R+I^;UQ?GmPMmLUc+KtRddPyXV z2AOHTsTDGv?Js5T?GcVoOvuQ~7QhBVV0|2~UVtmIUYN~QX?|)!M>pVk8@1hX-{bOd z=RfVZf6hJLth7Y#q5e8#n-_$b61XR+=gYUHdd{k5RMphBCkna6LQvLMBA5$Wesy;H-(kS4^9a>KpU+TeA9q5(daNJ{-5rU+ z5qqwo709Rk>I%catXGB-E3n{S8{dH)--_rti;<6lPz&vs&m3b_Pk=tvn}$mWcEGy@l6aJCbE zQc}{>L-X<|dZGw=8SCdi)I%07yxV50El;mjW2#-YRpFvZj$RvjTx;B%3m+&)p!{4p z#6I4n?{Qv;;yxXSQ1d*^N_#36omI?F7i@4bafi*F*DWJzZ*O1L)#tmiOCJ5z4-#h0Ee|-RRaTVD;Gg;TykO{|N>|aNZc^hO}Hf%CB~HnZ5H7 za$w>%^yk#k(aH4vqk}}i6jNYg!mAK0f|~tn8a@ zMQTCsiyYHJMSYLu?gr>7S;_IO6N4sVkAWBBLeu41+bu~bzB(o4UyrSh*Ryr@1TTYv zT5jfCkW8EHLehsb{5Pr_vri5pA5pVofAT-xlaTlw5epejG4b9I<3)&0-MnIPzHL0Uu_{p_`v}T^r1PS zQ%#$pc~T^PpL&V?Vy~{?neHdxdlVWn1E}{O{ESp}gLCLG*EUHJ(W`PkR_mhWXHBsA zwAtW4e+KR*;^V{g;9ZS1Ib61H<-a0U0omJIzu8J;z?P>%I)5-&Ff-f4Wqs6+fi2!!p~q zr&OmJm)!!%v^P5c+qX}SJVQAW5j1pkCjIf0X9o)zXylTPi`O`gD?byI^?n7r1yOvU zQ68c% z*8MF(Y5nS%KhHnso8ey-9@aa~LuseS#J#+PC@UD~p)nDCs5m4_)-s4#SnJa9;)>A` zgeeiMn+89zwC;lvCntU9+BLq&#$*IVV4vRSIHWz!3e?$Mn-@BP!{u-+fmqPnX)FjQ zJ|V07bX2&P|FEU=>UcGc!x|lgt-v?uANTv0^4cIhWhix)&j6&?K?`4$T4 zVf#7wJ>6nWEG&iT%Rv$A=HWW~ZiWX4TK33wYJ9x?<>woR8Bb~17s^`7L*!D-iT0LMy1}kSM_#QA`VFxa?GNeigzsWuFgj3bN0$!1iW@?h=(QMn zch6T&uZxO{zZVsSc1Pg6hy}%BsSPbAqT8fn+a*3NEsSB1!JsKIiC$~Ph41*7iu$zdYwv>m*Aqxr?I^(oahIUwVaorXuM@zIPuu9dg(>XWq%ikQz+EC z`{?JIa#&bUz-H1Fx}~%OiHz!wNcr(``9qswL+s19Z68!HDP&g0oiG~Clva7~hnAb? znSTHNIj|m)#(k+)pqSO9<*DbnndJ_8lK_Ba92^`+*^hT2POClprx&k(sVNC|`(7?c zsi|Qk9JFS8ANc-@9lpP|bZ$H^*i``adCh$wTK1e=>CQQ3)pu$N{)K3KJbH0i1kF^l z-b_hZN$#AH*jM`3%?l&xwYClW1-m+Ruk&@MUCnelEUK%R8Cm~S=ndYD3Ykv9uza`< z)jmW;c`rz!!b9~NySlqUUUleL#(W%lX}Ue%I7nQdVEz*6#V$(EM2*G%Lr#@?F`CNm1$ zpG{!m;7rWS^nrRZac~dn84I}o8`60a-5t2pI6|GQNZ5G>UCKF8gW1l%Ywy`3PWdr#H}5raN}rWF)P z#Ggzo=p}xsrKdNjW#rqPV&vEV^j%5#UOZdKm*;ed9Z%4U1G^*%BtSy_l2^j6LrdB& zq$Tb1=U-XTjdcaVI7S}PIA8sfMZ{i!jyo@CjZQu)m;%ZsOrr#s)dYUY|4}ekGHR~k zbo<=v+Umm2&}*CWPc5#&Q_EKpJoRxIIx&~?+{uoq{x?X5Pe72y<3#4^>AC-gbPqNo z%|qA&sXy()P(nos(P?lbCE&8-SzC->s5I+GKWM!)3=a?2Zm>e6&g40Y9lGt$oSpal zD_-9CAZh4({U4RNCaSDfy~kn8+NPkQI)M84`o3t}v3YZH`a_po_BSbo+uIy)Z;uN#94{(D&+C@pi(MNMb5h+_=6qX~T~% zBVG-LfvhlHsauNh91xKpeuw6u0a<2h6uvNj zp=*ZVZ)zIbbh8$haQKKJxL`7esxRF$r)IB$Ib~^^o;w{)3<37WR?HpkiQjE(57VI{fwgnSc9f#s9kFYA^CG9=`>Jxp{u3--hGHP*zN7U&G)4 zpi&fqjAaW~$~5AhK_M+I`X+M>Uwj|$FV$~hph|}eC79{-=;=rVvuCBI;v(t(%0YUe zf{8fD=HGH8uw!G3CtyYs^XNRFcw(I%T~HjFGczJ`>_M0MaA-Yr@1l5CE1by_injSx zZmF#|ZbLo>|HJSyi-v{}Tc)Ck2^kx~D^Qh{Nf3U|D31o8?`pUEF%G6M<+ll;KRfCb zjxzmat`(mdAD$!rt8{K7U@JX3$6A{aT}j}E#aTE@Y`T2Ggs_r=qHFbBJw7&7#KcDcR&HEd^X?r#xY9m% zV+>3L?ualL+jX&JgY`<;YYz!RKUvv2iO2-de_xhx-}&UN1D3v0gHL7XK*_z}V#;y1 zBVui1vjXm#S$8-V90dghi{G6G7i7KWnyzmC9n&C{fWDAhjK(6-wH{`8ED{*jUIm8^aJ z)Y(Hn18z4wK`#dVA5|1JG$O+E`ec3H|M5OVAh{@(I#jXF2Xa8gv8kK(zg#_xQdlX>6KPAwqL~U|>KT75>*U3#BUz% zZe6Kv<8uj(u&5|%CZ_1MHE~%GTXJ%gjZsovEJ$V&9V|Z~)vT8jy!xjp^x%X-hho#$2)}BXFF%uY}PNIF1%eWAJ#k%=YZRCN-6>7MFtaWXs%cSil0cH!c-7 zrkr5LJ+8097JuFF-SQ84s49AYe}54STPD%rIK77HU+qQAb#Gq#>5y6i?bh#rL+r<+ z4CKSPlfjKpCupbZWAD2XZbEBMdHHA>xfF(tGg9i)n=|ewe&qqu3yDY4LF@Au!!` z!+&YHxw6|>xCX=DkZ42dZthbs(gL(svam_4vXkD9SloZH$d94c@0qYMi z#&tQEOluMW>_Q$2g*JaBN{4;7(WO|{Q(@6P;W}vFgnV5TE&g-fcRFQJO&b1T&{uQ4 zpPG0zte04Fn$zoIXV}1fsZ#>y5lu%EoPJTdY-4lg)fJDbn(C}3I<0f&GN=l0RSe|e zsx=Hh7zPs?2URqZy1K+w)#9&x76piXw}hT|yl*OZp2gBS;EHjWr^Kl;?tCSg$sZ5G z$frKSBPmH^a%wsuJzicG`UZx5{8_r0R!LuTgKBc}3prKr*_jIiHmz#XkPRiKjh$tt zM{5#zICM52=M-pa^KQ2W0w-5%3;tJ9u?htK;_xUf(1*@0T_A0QbQTHw2uw9<=|HJ zqCAO;Qo_uwsQuLh+{-5hnpYSS0s2}fTqQ{>_LLNq6no<=0imS1G;eg}Ai?DX96{;7 zYo#0S{cxx% zTd6p92mW)>^z@8MU529c;HrpQTZy38FSh0zF*GxXVtU^)=Es;zh)&gP&7`O60(x!0 z=epcP0QnHl;G@IgUk@d;Hq(j5rPdt$u96PYN^|jcNnW%3DqxIUN>yFmrArI~L<8gz z;YXiW?}&%k)xMgI)i3S&1}=Q7@krJ+%~b$Tf`muZOP+F;TVu%9((5Me++fG_m80s# z|0$vKeUIR>I~SCy{hBgA|4Zkx^dXAg?Z)STU^u8Ym2mqf+w!QsA4et3xOr!F)II1Nn+MV01G@4k4jM0?JvcqS5XqZ7!O8aj1No~Y^i=`CINuv0smF(2 zW8ApB3!-BWdRCV}MI!#V%*@F8s(449$YBeKX_sGB=tR3Ef`)3kD9A@k zVoEGuTNXI}HFDToaJPhZV`&ju$AL@ANhO~O_cM_?o97?zoR=aB)nOkXNA(>*Lx#z2 ztmEue!m@i;yMMbhxg5w_NWRKHfTn*?XeQKK`VAznyuy6a!8dr@+j#{PYPy=yFx!3E z=dVAD-f?oSZET=om|7miemAo)S2HpiEl?o%>&ex2XCm}&(fb`-ih&arw?Ye6$y7Ll zlmHcWv9Go|Xl6PpTiV*vcBSOwF+lEk^pbPG()NDkc0yWTPz}DyG1=^?V{5nv8 zXu_ZJ8+>KKWeR)2gGw9?5q>-!?HeAZrsvPt!S|1-m!cp{&b{xvd%#c6Nbhr9|7J}m z6NcEJ&ztBi$iV?mX596OF!@O)X={6?RsL3E`ja%S78HuktCQA1KL8kh*_KMn<)Sx$ zXHa=o02~1E?|YKHcj%dkeiN4Ugc;*XKaCmIiZ&;d$dK({XF8GzWjmypKAmQIdf%`s zY4~%*_c^W{dmy|bZ(o`2j6!a1E}SEHq8jv1jG1f?Z30V1N~ z%6K3`ZavGp_4yOKU{+0yI_UpnQPP{95@Bon!JWo*bgketa)^x$xTR%f$tZc##;e#k z6vW~gS_v%Azuk|6n^SGMSj6Udt*=Vn_gg@EldgUv z6L^-@F-tceArRu0FK>^huYkn&Wt~N%%?4_~8~PcpX>6ns6$eMk55gp5gr&hKIHIZ= zkMTlgB4Cnm8HEoL?(D(kdFOCf1J({oe#kuS?Tq^zm zsy5Eb$_lQqp8%YaFmD=uyMOzpGAHL8{UFjV8!PWkF@#lGQD9jdTx{BkA`u6*n-)^k zZw2Ma^DXmkq-xQrxNlCJi_0(67NE?4qh8tC^ba|j)M|r-&scbcfRH1iYV!QLu~A)9 zLsds7sJSI`Xb8!K=&yH;L}dh?0~r&lm37*?FI5eympgGe(rCqLg&jw6A|4rzIy7WOvE1EDyt~n^tT> z64vk_gb`v=tt%s^Kt)fUPzB{y7*@D~m3Uh04C+I-dHf!%F)G?G=)xIRndrY4^eEL0 zO8EH^KYtFy`_Rvya*EZxeAm{@q+%xi^vwLwu?I2(1`?NQOBsAceSB%Dyhtc6K{L&e zN&R2izR|+s;cbT7mefasGbX#rrS97Rtr3{IP?F*nwj!*6Lzgptj z6GIZS04W5Lk(0)i6L$Uu)9ePu$jYQ-=)> z(mNIu)=qF@NxY1-LNqCvk`(n50xY<=pO%7(LcG@|J-U2*#&qvVpao$OPIkJG4~wlrsi#i4fk`n2n4W(%Ke7$Vo8)5FZ@b)Mt z&d$X!*ssG&H4P03RVaFLa^{{idK-GNDs5O%uwsHnXZqKlu&QB>_ofQb>!0PAyVnOy zA6iC>%F8V}gQauV_ew*b#U~_0k#i*v>(wbAFj3RfW5~p^xE+12A(KJB_Vm;)!v<5V zu$ZU_dNk_&vnASeDZ8b8oNx-=-g^jG*Qj75`B+5(_6AU-OYl;z6oY} z7PI4&NPOF78$Nevm6er9Btm!65oY7T3K?7~Ko$YSVyGwify(|#V><+N04;X!QUVNC zaDgzwzU0e|Z`&qZgHLVop#|WZK+Vzq^2D7gHf|lAG@c7(Pe-Zzxv`$NIWW4Wa?|Qr zvaoGc3cQ7d9CfYR`-Z{6G1nIc5sAa~x@BF|UAepXf9vceP$d?#SQAolUt=(}$4`v# zI5%5%TG$p3BuViQZu~97nw*-7&B*-JZ4yS){`u3?Z|NG@E^Tq2DpBP~TRN|zn85@LI@iNr{4P!3;{sV9~*nrD%bDtCGj6RTJDrt5ECobDA9B}Y`tW2-WXci zL%x<~cl;-^n8h0yV>y~rTAJ9>a_75PSGL)uzxPy@WZe0RFRtBGVf&i&;js80DYsVQ z#Y|$!=J*6+0Pq3fO=OCbL!sB=uV3~LZ3Yj4Bm|MdXrfpOM3BGZTE<@pVI81(h|(;8qV0v61P#vk|`9=(rEZ)I-#IrV2p7vjt3Dx>qp<7qI{11 zli*Jg?2>$dt%_lS5E8B4HGW)hP$+W13P@22A$sH;cUFcr)oki=kwf+mhuI3eTXL-f%LRg!nX{1OU8aVApUD|Vo>h9C+bsHC8elW(*8F9) zoh~>3Q>x>0I^32L(fV++TU=B$vzog3)jRs-TkO5lOmEZUm2P!S%__(OUwA|WfNZPL z{LvFi!daE3z2hZX6>h7@oj-v$B%axwv!ZkPJr~zSZ2yh7>CwNAp;XpDxd#tgk~@dT z7L_u@!eHZ%|FN%J;zIVS-&2~!i<+vkMa6hhk%6FApd!3-Z?xCTZ_=A)dP1UrBnc2R zfA1;C@^ZfRnF6xLU=jvxK#7f+x%sjq&yl*9vTJP?!|W_C!}SBdtX!RO9EI2AwiFKo zd6;VR$uB>N!kTfZcnWcIHW#7@Gf`BDJg%t@xSbt*8f0rTY_~k{J~IrOva+&qoor17 z6Z3=?wqlg=G&vlDlYgdwK8?oe2re``(X)VZqGshPYjy&`zkRz?Sbzc@|6znv_hk+CreRwVI4Gm<7ypN zmn?7+_|K8oHkxvXQ~yMt1J#CSVuFU2K9_c~E19t!E;cD^*a6L8n*3`*D3-Mebg$B9 zR`u7g0?@y{>@98KxH^;?w&H&hzFU6ROq7t3@m54bV@hbW#2O!{uJ5TWFH7j-DJr4s zvWoosHNIcnl>{zkOliVD*x50p7`Wkqxzp1~pgFOusfkZlVq?27`_;GdaukE$*D74=Gglzw|X@E!WBx0y9iw+1Ql9XP&S9zZ1TCntsD;|M>XKGSjIi4tw#SfbIf9-yE#uB}7>HT8awpY`c>`WZzMat1#+XHq1Llr=Ph3ar;Q z*Ch!u>otSuY;)Dc^kd+GQuqgo1v5QzFQwgj3e zCJV<40Et6mddXxMW<`tr4$^4hT=xG2-rRTr1Q2VE_oSgSHk8;P4A8yQ`74%Xs)v-5 zKBqgbrsl{)NE03o<65mKqoilYD3QoB92?^xl2CE9;BkT{Ol%sgER>8NE1@fqQBVjI zDsdqWd!dl|{)WWe5vSjnEZsRL)!2ZlmqkKCqUHRLo|JCni(mV0tCzRDU?g+NQ(jkx z{V6f=f?gkF=C{()NG5}(-^FT$ZilmWTsAf~7d(e;k-Vsw5~P@KmTjs}Ui~}v$nm5B z8LC~TxwEs=aJ`X%C**Sl5hMpSzjz^VsbM2 z{3spM{;#Gd*H*vEXc6n?@g@J`fKmq6$^FV9F1yW;;-!{cgsOp|N&tZ5U%tTG?AQP# zyF{C!Gwq70&}ke)%FEoCrAmZh8WWuWtRdt(vp{ytSQx45UV8Bx7`K2OCAv({j}#bg z03Dyeee+#o8wh7AWetu?zhyVq)?fyCi7+FBjUl`FKJ+IpQ`fm?Eqw{4<5lTvoQ77R8DP#@|pi=F&NZ|H}q6z0`TnUZGJ(twb)Le$HqncLdZsThXmgD%qtH2|bV!u5Pcr{*X zjW(J9%c<32vC03ny4-n5PTC9%e~a7qOK&7gHoJy+S$UHY;h!Vnb8JaRIEmB*TkkW{ z`cA<#;KoqPfOzdZD%cxODfg)l_DAq?e&Rp?H0|{CI`+<7Mw|ZZ0EQgR#F)~KAvk3EWfO(uD-;r;Ne{uX=40`vOs7XoVCKJ^M=m+!$_%}bn1$+uG-yS0*jH!=LJ8T&acHP|q z?w|Vko9PALGpS6gYz&E~J``;by>Ze3JbqSTn+wRG^hFVHo7C!V&(+e`*4D~r^2AZf zB|pu?AdTzT<;@3t0K#g6F(nud02?ZRdKd-`pvc~xSNN~5rxcHJV&lSQwq^w<@cJ1LCngEdxU&RZm2Y zw6QTMFE4Lzi}7s*s&zDSU%zy-18FeurzJ)rcVVwv3eHLD1!#iH`2W z1jp0Bd;wzF6Nv|m6yVR!z;{A@fI8suLMg!LSw4d+Dqk)|)yN32YN=#%08twOKrJdQ z&9fZ+%E8Hb+(Y01hc+4pgTX(4Mx~J61#Y*<;bJQQvS4~%yAXc!@Y_qkdmuMp|6MAP zZR=s!-JK6GPYi@nf9nc?YRE8z zl9yKX5BK!?FOynTP0eVE@ck1qy`-J`MW3i}C^z?_4*_CW7*K{j_y{aJvL_|Q1ulhLzjmLz>N4c$rCC2rU}1lpYAc6N{ReH1sz%*$i?N^A7CTy>`e4Fq*{ z@nJCFQSHo=NdP2I;ASiLY;QIJOu&OdOO!BJhjRyPA5xzIZeFxXuH^Av^(c_Y#bsm= zK^2`jT!jIN0}LyY)?3FkX-}?wN{!n6Vz9c{*x8>dFAWou#bS#muwvja=+#AHDDngV z)65u%v-{-hOOf5{1ONF4O4&LMuFitZHFq%@Ofp=A->6pKSaB&(5m1rf5x8C<*3x`- zIz9$2>GufF(+kjS?7)Bh1_PPzyVBTiQ9=TN@{PVit`Y2FKs|{`HaUZ9pPmw%Ds5wf z&&z~UOj|t3Jvo7kL^jCw`912YV{CHzA4s=*?;8cGkgs}>=Bx@FpKkBR3>jT7KDDn| z_`Vfos#$ZYmGrEvXeHg@0NM;iM!ID!-ap`*5CTDs{JT_mDJqH-rc*|@Y;kiWaAN@$ zBliANdtLG^^?eixcd6y%)+sKx@$>MUkF~n}!-Fr#)`MIXdJQ(HXlc)$%TE~Y;{vu2!D_0pwt<#biQhLOn}bI}inM~YRUA-%FLdKa6VrPw+b z3EBEake8PS_#IGS`}>A|lF0y+ZezRKH!$?AybT4;GCe`EHmz;J`{<-*n)f#H`;+rg zGD;{$Ef|RsXwR?b)W347fnkHBqMRBtr`la&{~!yT zgqj&ijC%Fx2=G=2lhrG^m&N7fR10Yx7)nCE9?Yp?A{?ZP`rB;0n!M|iYVLmotKcxX^WkopRXd}0yxv%ISX#^noOSyxk7iB#%?S9SCVT(kP za|&1I`zYV0^?^&*N}?MMb7v zDP+R&8RBV-abFqp5^{>`4z|q!xdPZ6UAs(bXIWgbHa0AFc6JfCxf6h>q3OoePfOd? z-2?7W6Y)0o!N737+9s3B;bI`hE0kX#2Q^kuFa*8NHI^xQ?(y!%1u?#b)cOauZI?rAIl_W&hXPUHZL2nHj=M+e^2 zzGW65^ofNQ}?nii?ZGdZLNT^u70M=lyQ?pIYBL zp{q}&r3~{BZeTG3Zv&uBvYRI-fF1u0RDu37Fd)mJ(7EkW1q>2!iUP;tADe&q&zh%5 zAY*(|Q{)ZOskQ)$(9Txsvlp)%AFem0dY|k&KpN8o-ku_r+?f_n_Q$(T;r^i^fPILc zkqOE?g}R0YmXgplMN>Ju{Tv6V+Bn0cjgJqvxz2oqDEdrV{1uWGgJMp=6a=TPu6{J7 zWi$q)BEj;aku>&@$NNKnec$t`Ot(4fyn+Jg`IHvB+nzS0^<49-|AVI@-*%p9`H6ao z)6@FG{oKe|CZPdvWbN$k7F}E)c?mojy!Bg>jQk$b#>de?Oh4?{01z4)5kvh4jo_ZC z2qr7`Eg<;DOI@RT*-=?pS=vsY5HBqaDCOulBrzbsFeTJA@*5k|KE4+*EkaY6h@}X- zYPj0s(a=EThlOq51NQbx-85Qsh4l=k z5koXqOji3`8)q7v$e9&P z@S-A|Wc@c|@g0n>fqUr_%^UUGdx|dV*jQAh{yO`_#6+MniDkF>vd(2@msGTVg~4RO z{95$Et=Im^uX%9Y`(mx8&#bo2e*>O?AS@;#BJrb}7U&K?WYN|u^_2DoCYdi|K*ZD3F2~S7%3H1@OQD0`0Q*Y;7FpSp_!qD z@NjY_4Gqa-GwJuGbJ`Y_l>vK$6POI|9cQ}k{y~;d@z_YSOa-1h;9)@cETW)*47dhx z(A07C-`Fp8z2hvSENpf?tW1g9x6aV3X*SbNAP*_ug~!LAX}Pup!}uz&xdXnb8Xgpk z?{*(nP+`6S%GihKLEvo?b6VeskBggSvKzFiHHir${evb41UzD;mmrx;{@fn2uFn={ zvfeR(8J!hqxG3CG=z0=yxZV+Q6RM%VSR%I?3N{L?&Vm;p)U2d&0CC(+O?k8u+uZqq zXZ&_SmPrKgO5l7A!)~@EO@!rV#)Q#oYa093?_vyqK)`Jqwjf{FrXVLz_>4ldHC-W$ zhnEHz9(XxY)-j~lf0e*&YIFELQRcBB<=1C}&6m0i*ysu9pi+s(Gl1Y=V7zqb48=4- z7k^eV_1Rb)Dhd2qp1Wn+^4`}H!03$jX|zpS#7~s8sjihS`8~p!@PUV&8^86oBG-LG zfFfhuGqAo=7g>w=o1Qr$ikKuI{EfH*x!?jG;xT%6pPxoqez=x6qgoX`%A)c*R0@RxXNg4d@)kcQ{G}@E<1L`r(`G@8WPt+$A8V22( zC#B&xCN}oTzrc6IM;Dx&aXmV~^%m8}1zeU^iUZN}E)xpsT3QpiQty~r&&CZj-x9D} z$WOBD022Eo)o=a&4mP!3#HOT3+1Stl{zK@0cMSZS>|iRh=jMH8Si}6Li*s7PbFDui z_m+^|V#rXA{t|3cOdEPfJ(YUs`hb;MFDP11GaShnVqba9L)~f%WH^H+*QLR}3osoE zHcp*tie>?r6~Gd(LNgwZ&SgK>*Hmk(-E6_Rz77H510(@pr_L+n2RPBR@3-;U)@+1g z7T@Z?Fs0xE5EM>`U7rJYT1aOkuRnujCTnKmq&mDPm<@2*eA$ck#Y;JGk!(&p?Aw_t z@p$OgqM@Pb+GjGIh!Iv*t%?Fb<#Uv1`Ug^A$N;|0wEMA;r@7_}MV>eeMM7yeHxz)7 zY5Qr-%q`WFX9B=VqA!1AFAv~aK}J}WMy$-_d9}`sG||fYqqT@47P-Q6ay&ruMo%ao3)t&a!$I$P5_t zTBZM1V}#7Q8p)rLuHgO9&Fzs?EX88wPME@)qA2Xa*bF6Qp#Nfy_u|YgCGKjxyPa!`s= z9B(+-Dba3(Ot4&v6d0Z<;VZWY8@-APx zRhg1Qc`z{{SkPi18NL3ZBt$<~u@7lqrz#M*d=5ORsE?kv3WnaRM2dticM2guE#(V`#ciV%0k5~-iLS8zv~@@o6fgHMMZ&HQoiJ3Jw{Y~ zeCuv2&|f8QuYlaqBTbyuxeTb4+5L^{(`z8_{z1!*6#<1Dl-jPI9srp{Mi*Q0c#bI0 z(J^v~lTC-6n<^M?E(jj3yK;T5yM5qPC&qDwm!UmIZZCarB-3YX(tGOSfo~$-v8$U6 zY$ci4X|fqKx*YrtXlRhGKL=Lv(y=eqSyKmo|C=T1$zZ4&JBV9Uw2|Av3`QA(z`Ua(d{SdIQ16GX;{Yb&8T3ik%OqOO6;dx#@FD*S|hnk9_ zv$HdYiz=!_RW%f0(3oyu0VFH0<(id#IpN9MH@yCP5)_nF#8sn@j_mif*4i9`E4*XF z<9<}V@1OGQrIBwxXvfjKt9ix6v`z0-R8*e*9&v_p7}KGJ1V5q9T}Wob(%;(i%snL? z%Y?w(nwl@e!uMTIRie%XaraO8_XZF89Gdv_WJw5wm>PvpJO#3_1%&e#501~7v<_5A zC@Tx|3^Rr$Ei|$1)oPGCzsXHQ^jR**fb$Ko6FYjQp51fQH$gPBnnSBG0^+8ov=g<>JVV!IKam85V-d?QU1k;&(QK%LE&`e=FB@*<;XN%)~@h-yLMuM6`9@k_I} zbSUr=PXENs2T@G$wyaM|q)Fs39nOn`>dKU!5|jxK?Y8$vqnW<{lgz<%HhQMa!fS zy?EXJ%Q9QhbgoxT+HUc4U#Rqeg^f(SG-v+u?yg*DM;TReLV}#8*Bj#=mNPy*zDw|N z1poV70OtCe6xkrv{4Nt2YH3n54732T_%Ryz4U1m3bP%}lRp=5!bEKW(hyc^~ z&`#}Tt<)X@+X`6Kyit~4y}$lLbzex3Ebbv~BBwUrB$HvwQ4=rw!(w$re|9htQ{Nk7 zzI^AY&*P6>NRx9u?&a0kMXkQM6}JRN{AZbu`6im1quG>nbip$X@bIGlHWdh1@(Z3H zL6;0`tY*U@3&iV{)ZXg2>o?q_a_F!snS5FImhiuET^7U7o+e)vtrv3|oww6}D^`~V z!0Irs<3BhIYQ;R!z*qVWj?V%+{>e1LRxV6|xBO}Q0LUHQ!?&8lB#%fhudgYnjs9JB zhRjs@5>Q8zkaJQ74VB7+J(1&g2;VHq<|a#ZBB&HFiuKxsoScro1mho{US3W{&qMUR zM!Z_T>elWmm$(s`=@h&d&L-4Dxqpp9#mt?8HJHM-S;CBffRv|MHrLhFqf%|bxbvq% z$>l8j(x53znFfA`+pcebbCgqwzWHvC`p?_+o#-x%fa~(-iguaG|=A`tJc3i@fon26FNeJ&(5dv?{ExKWc zad9ei>Z#*HUlU8%T71uFFiEw?8NU#8{@!)vAtamSg?ta18OO(u`jtf%Okv7_KNhBA zW|n7)gqSam3HmTOgTN$4KA_7<-Rn%y6Iinv3Z4)5O`UGN_oR3G&V z2Mw;%89A#;VAT^0r#Gvmf)6+7075ueEgxm9+sf`(b_7-w;33Hc*v4+L<+^TvUnMAm zx$Ww+RI{+8y84-sgAbm$>M!&8=(qnef*1zZ03c3J|5cvVUg`T+6NPwYG;N{~c$+@` z6xo?}5HYFVcnZE?WCApt?0>Yx#Z z>`qP>sygB+4D1r=!_6$rSbTRv#KpzO9@jg*1cjXb3p5A|4?7lbALJ{i$9$7W=brdW zWu?Ieo^lem=PK;*_xF9GyG)4jWaxC-U58Za#IQ6I&e#}EwxxM3)5C+Gho`j+YZ?nY ze2y|bxX$R{a|cw~ppEmbDjfL8pW$?~ut{ohEFzk>O|7hG`plV`UT*lEW9cQ-{d45; zxXrp8DDI}klEr-U5aLbv$X=3(sFmU_!L`2<-S(d`RQ&lGZ zXyW>tMv?NHH-tIT(~}U7+Z$A`ey2<(9K|six9BK--Ma6fFwHdIP*FNnx}`e=q)WP_1?lb<6hs=NyFpsIq(MYlO1eQxO1l4j zznOnV#yQkM-sj$X_p058H`dGIhIE>gTbiQO7zSG}3JMA$HcRxqR)Jv9kIZrp_WX>Z zM3}+0C(6v$dgG90!I4-uS;SzASFBNL1h2jIyyLrNOp`;Yq!<;hj9J3UQjL?p^IaD% zR#X2DO&ReyZf@>;r=|M!#YTXb$3iyehdd|;J29Vn>oCXLQJEAreh?9vb=rG3J9WU^ z|A*5@*gHs-R>A)7q%wF>UUq&8ch7VpfEukT zzhW{dd5F(+<~k*t?vpK0C6w`Da3+wzU`x*3z23|#L9Syh`j_RLLZe18H8;(tDzl+G zm^jbEMV0E+iQ{Ayos>k{^w2Tfw~q@tJEVvD#hruP&o368`L$}D+4>S#zSP$T+2ON* zi7e|XLCLaGG|OJjtTFZPLS2HH*Ncdr*pSFbj4}*TnbZ7qNvr*(l0<*qMIqtgwe0Wu zesv0wtqG5FnBS9yV^pxQ<$g($mgB&|!iwly>sWJER@41BN^gYrn2NH~Pdkt5=bOyS zw~?czGdU%CRml}^CGAg+EG~|HqW=E1{)GN+C;98f*Mznnu8a+(JGOQhCLemVb+tppdEHkGiSJ&6j z!RXG-jx42Y^}?UkrZ{+5pGG%3$U}BJE=IJm8>;gafa92-7y1|&5EYd!@|7v@c)P`H z=C{GY?@Lyn4gpPmnuJA6iO(jczC!*}RYIsDnKGl|En1aN%gSFWB(f;QCM&#_rqh4G zr6BU*b!ucU{R%-rer9f>s2M-emagU5Cmft-^4iHstE;$v{{9Z%Qdg%PgTsTt3yoPL z8?fQ*Ip!Y6K#k$z_3^*(CmeqUmP)j0qN6$uq>9H!?AqF%cx+!W>8hx&=7uo*vaD(1 zb3~7H-R=eFx)?ZP?_*%Jj+K$M&*LY*TEwJw z&CeIi=lQn=3}0QIi4EPNw*F%{oj*kaqM%R-nO{I4&^o12Q6P#(+|9IPmCHHQ;YmJv708K_01hCr#oVOVEC=zB|lYpPOkK)Wn|Rs%*^l9OSrMp zt^~|Px|Of;Z#wB%#SaIr8cL=Q1yJ=p{LKv9qd;=^jbMGSk}#;TRmM}2MyN$(<49=I znlDwrj{G-fP=@x0Mdxh%*~cNO@jrVjjeeak?d>VtdEvRry4`x4en>DFl@v9ogF_Pq z;F0?1wRk>Gg}Bj1rVq&c2t_an5B?BJhLOnCs)>IQOjsnl8*mPsBX0f2}UQg0f@ zY1AF=@oCRhr$-fy*2ba&8-6V_t#I!taNF>CM9L>!z_ot$1dAl$U+KZ9Go>BhBYa8fc^K`8>|=y{@W)XIwH% z>9eJ5Cwa)nK%%nA-{kz|rjuw7IhJ>JbnCTjislD*RLyfa!}Ng9n!``&+3A0$hEShG>0A-8`bJK3A- zj1<0Uo1be`DvCY3xcK)klYDk`Q(rfF)i$I+CGPU8ZuBc3pF7PNTkXGdnUK5>j$fqv zoOqOUou~G2t>lmAsL|~o9Q;StmwfM~xcEm}b_TS};erE#CVH%APY0V{KGWm+k|k)-naVSWVcko_5mVKG@6R52?$R|bor=Wp*u;sYbRqGZ6^5mtHbQ}LeC1o?-uu5dw zq{`35#3Kscs%#T*SB%)`)5XUi&vm2;B^a&wb|LeQj?bQ#$dxsrk-!oE**quLXE zl8a8(uCZh{|7lfSpMz)D#Gg24rs7_(*B3^7LsObejl3JNoBda`P$mA0OM{X+S?Jv6 z{H4WIB^UIprsvUJj5-%gR=>Tw^-gEys=ojEC?$z)$%*YOL!2(>Y=pMoK9NN(*a_B) zH=G}|Q2gN?U}?t?moN@R3%n@J3DBP(ce zv6GwQjVv?KwNT^Q6jOYUdGBPCWvN<4>0w8c#krPfQlLFR5y`ACAgnR)ptq{g4p_wg zSwUbgDcjA1;V0%7MMaQ5m`dJnzWT3GUI`7Y@_mnWyIe7~5HtS!yyu!unwJ{6Nv~cU zuD<=t=e`;*?A9xxP;`;1=FmuaS1{cpy`Vta^K^FrvPg))C-PEV;q+Fu=t1>u>doE% z_V;rlDX#|@OXMz7buVrin86ak_il?y$LBn04}LYb^MbR(MO<^FUVivYI?8png2>2s z?P`+Lb!kgys`EULi4l#MaLH}@BjFOW%imP`?u9(3g1?eJe^wf^JT|~^e&}(!bKm=N z02yiCXI)S+%h^2HL^$NBE{dC5T|M6uLqMTj+S^lBd%ciR_L?y%S!|<#y$&?tSYe{oDl$M4eL@nn205ukF{%9~&&+F1Dy7%RB z6xzeX!;E?rA+Dv#P8Ub?H1bcozstmwZMHNFOGm54{Z^O2OIVK1de_~kRcHI`cx!y6 zKZ)a2hEQ|SZTGEeZ@QIs=?T8hzdb79)lwf+bFI{fCdl;m+vIfe;NcdKD4he|;f0@9u)8<1_!NOz7Ht zHg~gCW6J8hlDg^e#2xA4=t-MZr)2D9V>{+Y?VLZNvJaxLu*|uL!6keD0owPWvSpe$ zL&-W-ryEgr(<-7kZ3%N}G^Ia@yh_Dtwq|0R5x5^eef&&aOvLAjzMa5gI5pCR_+S1z z{71xVT#%nGiix6T$)%8w6DTHLs-cRX>d3E$hFlOUYx%oGVj#K3{iK0la(@NGdin^5 z42DwSoASrLw@5JW!UU*$FspKoYB)3~qHdide;H^#QN;p%XJ>c!X%W5cqEAwx#>1fO z7@|>O!^0mL`xt0%I={&ic2d^cXEnvp%0<&+$C?cMSeTet`5O>G1Of;Iqq4a8rcU*b zGdWpIN?&N}T z%Wpzs;a>c6a_-_(LU|TU>Q{B3L?|dQ|K|KIvA*8D<-!QxYNBL$tT5)q<<&#y-I2KZ z`ZFCHQ@-dJ7S_xmIiy(^MOvYB?wpRDEAMy8g=&c^^3s)I8D)ET0ecB=Sy8fvEqOiu z5|SqztzveCHoxjsDvVvlBX~Q=BAN4f^W-ds({lDBQHBEiy9_{HXS|wNk=|89RK*p-Y~-%3v40s?=$LkLA-VGm)r;rDp`z_HlX2N_z?8)Vs%deh@U-+yJ| zL$3&=$-3e*9D8BZwCor={C-4FAucI-Fjayf_|T{3B0C0k(Vid6_-Dn`ukGev+ef@| zs=r~ZHk72)($W~=U}r_Shm0H`5x`4*fA1x!cMZSzaIi|Dc%DkOMqyBJ2o<;h!}=K^ z^Q3(3&o?W-SUj^2=ud>A!{K&6vC$!7`^(jGYq*k;zA})@;0O?jW;?yeVZ6=HzCMI7 z1k|NF8YxE^>i~@*h<=vVtAC%uHys>~B` zC@Ip$T?gijNxSv)?@WA_M(wkFse)erNy*&b+5P)+g+{(mImc9e>$i=cei;J0{1KM& z@_38u%(VT5(E0w|!BioM);o6#wTe$lxrfEd(uY)Zbzi-9=Y`hoAm5_jGwpGjz9Q%v zEe8zp3r*H1fA;jW4-G|*adP}9m*&*hCqvWBZJ63|jb=(B^m}w>&N;c$^~Fym!1tdPKfk#+@okv(v8*YozLWL(;x<$n*GdDwSo1oPtGI>o`Sa1L$RB;7-;SSP zKf{v;l!LhRKQ9M17|DP+bG#U%2j#T9t1_EhJR|x1NbIA9(k#6hSLb&dh8@hCS&n=P z`7tJa_#ErSQ}F1{-#Y*2vi1A;YHnc&0|pyHDX*p(65thJy#5_%81%oZhS*HxsE9x~MC68L(Q8(Lw3gIR0}@3WLfU?i3KV zeGCYg`^=W6u6oEylwuTvmi1r>5fUd*gG_z3$XfBa}U!8N!x z80?)QsQ>_{R{a~2zIbmrpf6cYwg3lrQ_i;)jK#y<)i_v?%u~U7_Dt+H0TnCZb6dWu z@SpDEZD`p+Ph&a$)u~v1HRaynWX0T^_i;0Zkcj4oSNnPOjqRau6r$oyC2`a6iX89Y z;^G?()M7t*CT|;omnSQspulYz9`ft+FUJ{v@hCM_VxbT1nZr5QZGCc5Z{ENEtQ7u1 z>=XNSOyp};yT>3}pY`%xcf5R#az_gj^!-}VJ%bhcOR?1!GwFeif}&}j#|I}TGy>g{ zGQnw?@5!3pG3*jld#sbNpW43N-hB3SwmHx#U$GLvy>EikY0MacVHcG(A2ysT*Ag<4 zj*|o~I4%G30w^0vhL$eGD90KZQ(XCs6XIouQ&2y0CJi zDQw9IcmKJx#|Fnj^-1-*U*(cnHTY=N)s!QWGT!ypE%@}o3sq(ztQF7abH#gkva-=sZ0my;Tk?k{z9$g&-^p@Ksb)?0&;Ki)~i&H!CSR+Oabg#NN@{5vc$i z?jKJWRDqVk_Z|86f??bHJN;<_2#n{)?}Zcn35ttJ5O08FoW(z1P;;=tLb)UC>&q`Z2|k81>kBo*-0G0r=X;G zkv50-;NA}<%B~Y5#!dVVxs1c;z5x1h@t5y~1LlR$vc7megZDFW0?g&}JWq6Y4StUwfVI z4}N#}S^52trAa*BYp?qcop}Cmw*AuADrGAqqJYe{p&^W7F4DBY?U1(#5+B8t#pBzl zWmYGx&(6+1TXQerEXrm2Iyb!IB<6DUx*sh^0e5rTdnC*85)n9M1S%>)4$|Y2>N~qZgjWHl(e2%MVpqBu7q*ANTyX@@jUK^GW3J7B| z0c`ZCkT+qp`;_0gpo5burbiqeH>EsSJOxrLQeec#xrS#dI<#XMgl~Ge0!+ZQnMC1-sC=hO86JPA9 zZ?O@F8=IL`S&lQ5Xc5gWoKI7V%Mq|FL)#p4w9Rtma|SfiTwyB3fG?P-bZc$om#Y-> zE9~c=c2H8doBhM}Jl>Sj)xFB#_bk4t^CRZ6%2J{ucW z!Siq(hcx4*n)8tXhCNQ=#V~G*K@~AH?R^?06ui8I%D6H^{i5q@>bptmO0T6QC25A0 zmD9JW(2#w6T0qoZSy__a)l3(XoA~Nuz$ecO*WA2hdl~GkA46q|H1u zPQc9Izcr_Gm7y_+#nOeQv`~$LY;i4*mY@IAY?ChHZdDnp_-JwRG-Pyll3&ao8v^Oa=Ziqsp00!L1Myf|j+IE5O7eFa_}&BZ&*%_8jQ9{A z4f%18MD_e)RIDq%1e_f}+L(=#4lo|KDeHV;?U*px(Lf6Wf*t4JJZI@!VmMg#IKOOAX%C%6(w z>VrfEv8W&;QO<{0)OYX75}h%g^0ooIz?$@GO=x1%8ARTP$*MsN9O(%O1b{Xho0_V; zejQX-2fk4P7X2_P8BS~Wiu04W-L-C9IkbaV$O!_3Ev#_^)^ zTPq)B*4IxS+SyB~h%3YGi5l9~F4J5 zUmFFM*7t_a57%#M2g2QCtW`frE`Ln{k78%Uu?Tz{E*~f5aPbAGWW`K>1>Ky_(@+a{RlpA{LpS zZV30$*>4Ay5VKd8A58~zu2zOEp`TL~vX}c2LCoR3ya4 zN{Vzm4=W%P6N9|2B~eHArKP1@oss)T7;O`$DtIh)t7YHRGO515A)7H>Ihv{}h-EO6 zea1=69_>6lh2(}JlJyzwG5fE&Te8Tv`&-ZblaAM(ii(9(8SoCRbA0hq8Pl$7jFBSs zjb6-rX*{L(f+b#d%hW{YK05loIA+taXRIV8h}r5>nUU`zD;324jD7`vPD5hqEb=8P zf^SbKUEdWvK_J9(EqdRR#}^!~CfS6%?bw0yMnug*SI1$r`kFD``RdUJ6wgiNSRtI* zbtvx^z<~q%$2vlpRyK-H|e145Y*gS z6A}CUAODm8*8(I8pIQMvkscdsoSpO5_LrU}A3$-+d5HObO^es}v6(^!BKA?b7b4 z$p$A{P}?(9nGP(2!kxKpu{6xaKFRC zP+=ZUS0b-Nw%M?rl2RL3)e-aqSUZ@R6CT!R55VWa#fOAQcZD3z93?t;hzbLjC2tzP zOE#P@nHZW1_;<+~%=m@?tB-JvA>sFDI1OAH?1o(>q{Vb}hyq<@G)+rd;X1&uj8k;b z`)k7ECLjSMsAbMo%}`sNJq5uMijvSoi;s10y0IbBUEBf*8x1@w6t z|9pZ$|LUe$M*eze^TzEzGKCDGd-czLh@oPX`z~}X0PX#{s*=~~0vAZ@68omoR$Fpm z7L51LW@;U`R`1iuyN7C`w)US|Y2Mu}ko-EJVLKZ#+3;2XF(*LG9uk7d4%ZB1y%;cj z%J2Rj7?J&+{0sxbiF!6lt>Zb_CTIR{FUG>x4gRVZ?$x40oGWS!E!*mvPpY8PMM&#V z$|YWg!Zm35L@osc{#}&wzyPl~=|*`U4c&NSyK}PDjwPI!hn(*mdBLZu?T}(6!{~QE z5u${^wF|>Y+@;PNB{Hm~CFmvlAox9=O2EKDC}(^2rJk)avSSZ_2nDP35U3rL8L z`w&*Q(5cHBW#>4^FsrD@*Xx4Pf_rr&oy}I}E#Bk64G$WtG2&$-BRWR9)!Flh(061r z_azrCWRly=)Sxc*O>vZY4%p#GQ)SU@uj;I&swoFt?yNL57~IuW9Ye{4_O9u2w-MY% z`!jZ}!{BBCCyTtRt82qfZz>)sDJcZ>i$dTe+?gOwX15rjny$6!gO(8z>EifzYr-ZV zo3<@2LhTck48RSK;5SjGzuVJVUj7+WqvUAFkwO=A_wU~ah%-7q{=dbf+}@`je6BA% z{{GrN2Cqk25{H>eX>w!RH_32fgvkX$CS3ncF7cf}JneTxL@ktn&DklvMY<4*6mFYk zpoN*_1A^9$Hb)V{k7R5Ak$a2OgTZ}kVD$=M(y9F%8@qb`7oz$N!48|w^G+(_=^Zjk zO8>b=H?OaTNh_RiJwsk1VnYGA3+^rc$`V7gq2|LB&^aWrn>-j2Jbel`Yrb3pGa_jp zywjDww>PqS6TZn{b$G)`JXPaF+ZWIH?aMnBgV-C*br{L8qie4^!W8ozk0L3ZeafGg zHC^yO+iO7;v$xMnsgaEqw{&FBc*h^7+-ZR5>fj45n$BK4+uMXN03iY2nL)TIfTFw8 zHiI)y(L8qNYtUP%+sqZcQ>1;RI;n=T>NjWMS^noPeM47vUF`V%P6Fv>L#d{#K@%QM zlU8A*0!1AMras)yY9z$~WXX|iYX4X#N!iDqvyj|&@Ky>j(3!rwp`WRM3D zxK6ZDf9o9G%XKH$H-o@|KMjxrHh$-((E02C_SZmz20d7YFaOSiMpIv|$SH#XN;0zd zK&%<4&n|b9{;n`PWu7Myj;|?hefzWT8i`QAk=IXDB<8zm$?MwHkn8^*dBmNE#z(`L z4{~NFFw}VZag= z_x1uaG8POXv_2cWN9cFfqBOTA^$`Q}3KS(Tw;QshiFhKXp+SS;`Yxz&RCpyqqg0t8?jwI@yC;b5YKroKy}Yb+Gq;S@u;Xe!0&YpOpu>kOBc zj!0nwa0cS*J{p=)|4%Gqoze~O<1^GVL%BL=$W|ka>ZuqvH&IaUVG|O*e{k>daByiZ zX3FcJ63y(R2}kyw7fAu!(WRTXy{@?Pmfo@2mX}gk1&(s4cR?|OWw=BaC##~O3Yg_T zX>^V+sz?}o5FE0R-di^En@T-Q$O|L~)Lz;mb8 zFSc{v5YZjgw(oZM2BEur10L8{iL4(WodXd$4%VG6!0ZJFCACOA;a~;Tuac`sii#ow z3fAA>|NKS+Yl2<>^=rZ?kP!s%wIPDvOyG}- z@dxgq;pjE=~LG zpO?h)@tfc{f}-7?4cWMA%Kc=@Z1Y#vT_^*9ryAC1W66naz{MTdd8acp7K0jb=SApb@3IU=3uE(k>yO_Cb*%5EyK(Vxe>K|qdbUi4^1E#7Rc(lR zehZk@eR8sF)b!39q<+SbWTVn5BG#hQ@D%V9?Hb!qx)6BLPIjll8D*+%XCiJ(Uu!HS zK6=7sda};ZD^Yr~HxtUn7zRq8&cYblMB(-4C0be#)qtRGb9+dC)#`bHvbc;;5fg<< z#%QUD&)IibW{mg|%gL^sy)>H5boENdxf8(g?|qS=Kj=@qkqHnC0S%$p8zsy=U(Ps~ zx~t$h@93o5_@~6Pyn<7pT#Qen%Fue%R4CdQE1S1odU0x{q3*sbqvK-;odiM@O*&CV z3Gx-E^+BVG#Gd}2Z`SQ*HbF0;32u)XVz|>IY;<~RwVzk-Nsa=4Nyp4U!N{0O=Kld8 z*GBTqcX3ONx20`H+&Gwo(vkTY&0DToc{Q~6&I14py5XcqHmOlrwpYsWx`%N*Ul&yKS6S#PyIq;MBUHkCPXx+QAtIFy2|p1+iG8%HIVM&sYw z{Kr4DSSm5!e3Vhlj|;|=Rk&nMy#W;z|M-Lrh3K;}LAENRoBjilmpQ{^GR)$E($HLO zZf<@TmjdpdAX;@+Ia$tqb+{XZOH?zKCY#GvURuX)4#h5U3KS+-u?$7^dKEJ}{TY{B zvdi9Rj={IF&#+nPZ-Y* z4-fCu;n;gTdRU*w$wmCgY%tXjf{@>PRkXl;3I5T5_BU@Jn+tlXA!I5(KA>PRX%tdn zy8^Iz4v^Gnto60p#sn^ZeZz#&&0M>MmJ;2DXvmcXxu5&t01phw2sBNdzwkd46eN52 z3TT>F9S8x&l82-kq!+_!palWRst3f8BRY1dGe2Nd0IU5_E(vVg0Iciw$a7xyo9hn3 zcTiz!QsFv&yD_~pEW4xW>Z3B{{g2dps^+lnSreBj)yEv&a5JxeGbw65p0BnZ z|HLEJ+68nZpT{yU3=?W)`u;6<|MRT%+Dck?UrHj$&DTkMvG#Ukl*#(S;%=nS$#=ZB zkBKh$57&JLLWhLqA$1Ee?!gC8WLj;P7C&606aQmq@$os@8IM7H@9j=06;KUp*I4wy zRb2M-xo?G=0l$m29Ee3*t!HFvwz%BiZoKjHLqEGXXLFqu2kBzY!qZQ(dCM)RBuBZ? zda{y|{1Cde+K^8og^8k1a`Yf=w-Kb7LjEd+xgaw{bR4bL(?PARz5%YVTBIfMoCq+T z{5~edmQtoN9qUkDD-9J@Y-Ssh=Ogzd z4VxKCS@s7anI%%$x<$)*)reL`bJYtc^^5gL|(t9`@+dVTr*ACT%ukez0Z}cUT@-Wq9saChh;)rpoUvigZ46= zsZKXJm8@R90rXWs7spc%rpi+@uw&Oq$~#&z_$1_&#?7f@kIGmkC+(NBI`gx@A4l2k zfNToNgKw)zCq^JA;Ba`VDtxn_!4#ITRwRUA4t`uU7~tTO3?8g>n~&u7xP%{oe;bk^ z5Wa0VrF)6Lbn z?96|QYinHr4+&(QJXsXZ;Bx;1dOkBq&Dn6~k9>>#tKQ+Q;vM0JO&-`{Z+0`C35{e62VQ11s!b4&-4VSk3x>Q5|4f8Cf`A1hS#-fu@G43~tU4(IV9 zaGCA3-U<;B5do2%*HJgh69OH>k*6RyIG5uzKWR+!WxbL;6Mo(K8t}CE44%<^O+{?% zqJzOz4D;m4zjoo90D@iSh5q?6kQ@_lnl0aW^5Rh3jepjK2ju$q?ZW>ID8D^-I4naa z{smmxT<6y`fuJ%C2Nq%xO!uX{`KEo9J;w~++m$blw+1(J+Q9z~=*-?(l)2ZK3WT`S z_HP>^{#BE(AFM#U9EV7Fx)>P5f7QLtUuWoJzt$%aAJDE5w6N=xifAxuq|bPTx_@+2 zKlarDXMvph99fV>ppG3FShTje(|QRWgp3RNsu&F6H*=>}<}11_;h;^pm|8EJ z^!@d`48qmrU!|};OjFQ=6HZ*CEkASO_HV$?V|Chkqq%tsM)A|Rh4Z4vo#BhX#$R3Z z4Iv%v+_Ebq;KWrnRYh6Us2J7ZJXv8@(WJu@my$B%)~WxTs`Ax95^uJF&yxtpRUZ;Og zq{ry`LmOrtL*th|wn1Yit7TW6V2T}zv7W|!SOnCH! z+kOGU9FOZIbE2U6^H51-&WAKq>&fyvAP9xnQ#higS7!%+egB6}sHC8;l|Py_u?-t{ z4)H`$fOR$m)ejhMvPNn@TzVq#FfidLHM-gW9|*c$NXJ485EX&_GBD@EiU*L%0Em6Q z--&St?f(6Cb576QK!jx)9NE$qcbte|r^5==Gsx-FD2BKc<~7_24T$@MaF+tTOC!w< zyyqIgg0rOzfE*m?6NW4B_SjrO33=a${{;XyU(Z3`gg_F{Ac$H+=!@W{E!4~3HP}5g zP=_?39Z;x;3{!rJnk?aaNWgSlKzyy&OA!v99$L>AkJ<$G>cEl@`srld9L`EI zG;g8H=lFveeMPsWnHoDVO*a}zF}`?_Et-F}G#Eoj@%P30C{mXnuqJjc%Tg z(}bK>Y0q5@S8@Obs@7RBP0^1THJqFdf7YzQgc82YPXBj*pOw9;L|0mYoc+bqIPHKQ zYZ~?vBRrM>Q8IRRzp(ySk#D5uJRhN<*$;(AQ>|c1D3aoaONP@ufbmv_E9tXIk7@~1 z-=bqkwXI6R>{B=XgG#RLLcOxbAx(^akJ`6#Uhq9t=&yCgeoHaD)%1B-Wi_9o zD>cF{OWNI>RbN})f+^^)2Gzp{WIy+o?PeDiNb_U^rmTN#I%8vEzI;FOB;oa|Ao7U! zNWxDmAKpXekNYoNRO0$h*(lW)ZWf_iTr4c*7pG$}-X~oX&K~6t{YK`jq1_57_$eL9 zkih6)#rcd^kTNEyoHg<;AqdQq`NCo24p6Eu90%aQ^}piy)b?_WctAp(nT5qDoAR9L z`~@7!(M|ljtU4nIX+VJ=L2!$Z5VWGNzHo}_{`cTv=>FkhPWR|gb4QOJmf16>XRfp`{!-6VU&2>~ds9+uh&){x-6bKUqwE_AU$ znVpjZDObh~K_df;FrOo09U;vT^9@>_88vP+zl(X_52hJHuH{ECyrvpbN*<_W`0$Jm zriAycEnn6Y6Y+RbVK{I0g5u9krYxDo)JIbEcnieDL(dLUMD_?WR&o@Dx^64Ye%F+n zO(?)Zx+FtN2Ii*LIfOyVspY~CTvdaq{9P-8>DgZQEWCL9V8$xymH^7_XHkvtug#Xr ziWxa+c@9G~H1X}cu2@qVe*Pj|&mp{()iuM~+`E`0rX^|>SHE)&=$UIrzqwd}oG!{_ zYK~2>^n~$OUwPta#oAiKXu_B!1qCIhaZo6?=h)I8rmOhw4DSa>Ra2rehHP0_OB>G9 zDtXTdEdFqIh>EeqaQ-JHf>oG5l!J{+*deBDUSqs!nlo(vb$VysmW6!WShRRJ`*%@P z>Q~22%LD+=02?#iZ}Wi)2x>q=0UzWcp<84mA}uZ4KLnUWc){9vqR#cy{;Kj8gnsB7 z&f4IXVh3!O4yfH1{Xw#&9o7|#dB+r-RD?3HbwC_+0uKWGfD?lkTLDD;P=ZB8CF$vc z!kQ|XYi8XjL#Sx;$@)M%?{HQ7R^W8*9W8WLsdDmVtnV%*Iow|^{I4IpV}G$Kvo%)O zS837*ySKhC5I^VUj)&Dl3edBP(cD`>qoS8k^K_eLBT-lpi6A^aKeVaFBS?NcX8e((IeJSi^soRGiBTl#9n!32@bV+1OH; zUdwfdI4D6#eWMQCKo4q%m!unXsR%qTYq`j=E z_wA{R#NeP*JXM%1O9?)QX@1PF0(&)C>P`HIAMOx%mHw!phVzM+KH5jfQLBAH?IF4JwrZBWekJ{yOs0XY;443d8sdYr*gd&gIKJmx7vt3KTC~n*pl<(CzQLpK?NEJ!M$=EA16DZA2J95cqO6=Hd+VKDhLR? z(ih^7oVDw0q{4~0_*}NAp2ss4j(P99MN!=!_qAXz%nsQG)LeC}P$!{OrgbD!#9zl| zu+(JY>`y-@LSoVXZLHqL#Io)9t$b}7+6FpYP2b=c zOIfi(r8lf74uAgg9q~U~TEe@P1nU*t%fnGoywt(v<*bZg@;O7r#MW)8u=NqSqxIVw z_!1@jShBRb%*tur3X_KcGZ@37Ph>@Fwwk8aw7!d(A-Rb(iej>kMM!1EvgxoZJwVpy zXYrF8r_Foyi$KYtj1?+Yb7yIsJ#1!Y6|QFN)Z0R$BQ+ z%|>F9WY}X+J{!%bf3Ioe#?*6gk)N_LzDedWq?MkT-~F~N9jrAwz@%m?#Xx-1$V;2_>XTO4&}vMi@bZ?` zkAEpSk>^u$jb6V5@tG4r%jZ$)&5Jv|*{_f?(f6FC_2(m=xk}o=`aXDAA>kxgSI`re zi>qexudA`vuG(Og!2TLR@tNl}Ka{N;<|k>lFN*0nxf|#i>DmnIMrTW~C-oF)zuB^* zk(4D^YxJO|Hd|U*I5%3DTXv}H%@tDdUNSlo`C^1+e>RERrdMF_KTP?(z8&-sR;C_yy4<#kFWs2C&gD>1$5g-*6vnQ$D*I zGU3_(xj_0IR`i|4#5ClT``w^EZp(%HbEf_OwE%^+1WOna6>-Tgk8+G1hg2mb%UE8j zh2=`%n3v{`(rXJAoel$cUN~D+qL4ETG+0m0q#VN30-LeCJF`Hc% z$AB^WR#i(Sdn?3*hj3@W`u1mG`ekP4m3ff*FZr1F&E+_@FkU6&=~?PgCTgam!ehSI z)Z{0|3ZDC_p9hNm#XZ+3Sv;AsGlM(KxJnC=c6{>7l^8ZZfnco(<4>jY=DL9O0<%Ph z!Qbh~yv+&kn&i6q)UM&~r+vRTeCxXTgajw~yjvaa!d5)Piz?Lyv#T^lUDgbOFT$a| zPxOhO4Np%)$kV%yM!VLoTZN{;!kCO3BFU!1@~NGtLi=db(@kpp3~)#quL*ZdJ=fEG z$pfCzRLL_HHI;VSqWNZ==#*^I&$j1`xjD1wt3|Vj6AOmSl+)^^C?;+2)M68q zwN+$U38`>Hu`+}rtq03lV|vJ*vy&)tsCQXZ8$H*ap;uEo`JrvpO(2ae7ec4S6pj3I z5#v9428JKj^VmqKZZ`p`E+=~jp3Nx8BCu-OFj?mX6*k2@xA0nCS9LY#%Awu4kQEA( zEKQh(bB?@EAhv#J*?>H_J&1m_k~Vuzz=C^=?KhLN>1$EO!7s^PYFTKtP}P7MqNrCk zd3M*E``*iVwZQX`%0UKwq}q@N7biP?2ej!ZZO>Vn>vveDY(=?KcJ3>9{<^EgN4wX` zgF3m4Jnv6(MflY5C;2QSa>9h&a{lKDto#e>T$-fb9cXzEYnO$tk8oPFT73d-Zgtpc z^&uP3Dn=%r={z;%YiqpIAaQR# zsqdIcQj?I9@E_#>PGKXcRd z?p5t4&-2QB+eIZ~bw2TA7C>u4906!k0q!qbBEn6Uo@ z;UXwi2<^0$>SeH=)>Q;N`(6dQqklq4riqgk2ga*!5Fn|98}K$l5I?ZFNKR6w$0L>s zTPAxLjaic`;NCr0RT6!44=pf9dYZ`tUpe+Ob<#_+pyq6fp}UNXjIh2COO862bX7d8 z>o8)MB$B`@=}yjP(Ht%jg`2wE`oxfbj(%B~SxSTw@%IBd`C3c9UiDN=%)Q(bdM8aC z^Rd$~-E-N&FN)PQ@L99IqDkIenOIoROeZ_|Q{xvUgQxMUGjCgK8Vqf%M~vv6cU@d+ zsFod)Q*@MY({!;bx#cC(Oy8QJY&cA`_Fe@*Qlh`#o7;c1Pg^nS*> ze{7_Kx9?j8&sZn)eeWU-$)|NJOFT@nU$};SM-DRsJp1jlr>`r#iE#Fah8n9DmOoV# z@lT%#*aBIE{?wVOO5dwy<}FC&0zIw@duA^Z1hiUhZ4%zOx}wKq`1nD_63Tl;;hP{> z*_#fV)!H|Tf9ylepQ_$O-EF$YPfvXj*Z5-rl4q&X6r9G_5*&LM$-ieS$1|UYC6zUO z>>llH)lcrZ-zr$x=N=jonsnHXY+JvHZ@IO_n`tLJPOn=`jr+h6);trQcQ4U}bd>Uh zujF*y{u$6JTccG`{UUGHTfGShf&1H?k8g+nBza*Yv`qdWKGh?*zmO5aW7aH55taGn zOFWJuKM_)^@Jse6`1QH=v4E8F%eSJCAAd}nY-~8|JRS4&XP6yIoG0m7=<^yR(g@vj z118Xjk399#0|DB?tVY(7xx@Kg3~MAMMWh(E1>PKAaVDqCA=O)261uGn{L~`yWtFB$ zBL^Y0-ZZtuT5o+(+J?)PokrQ{QZ+957U$XBJM2lX=9T9N(3CW^LwaT#s(Y-tRX0J4 zC;lR3mM%MNVlOARAP8CBI5fr(6&Lq)#gz4T$FHYId3=Sd%oEkQAGga|?@O8BeR!V{ z_dLF0byN}4QNq%XY|(xatD0Y1kc3J`5}W#$xw+M$vc^(wW@hZG#pk#(1C|yw+LpRp zaJ3~9r+hXJ_#Lky8!A_>&4{LbCrv|+Kdt9di731XO_YjwEpQ+OXtEhKdaG`a&Y^B& z_9a{J=LC}4*6k=llC)q_49O7^l!F6Mx*`9KiuJ@ek!O5e{vI&H-KdshPeB3$Z#I|* zcUSEyTj5uIFqwn#c0PD9_xie`mD!a(q@#DOFY)-|mF`z!AKzV4y3HRC7uVZ@LRr>G z73G&&?z?duq#wYkg0P;BP{}t{Gkgbiw4-o;c83x;44nyh+%~(NFJ7Mp{m6!5cDJ;Y zsoJ9%hBzXE@TOe3+Z~3NE-uXl#oJv=cOy3t1yuxBLN-KBnhN{Hd88Em^XHvAw#)k; zq?EKZ;!o|OsDoD^ND6A*+x9CA-XqP{KczhS`33cfZzBahvH;pU~ziZ6gR># zs2X(G?H~#}y}TdTd2T}-{v}i;dt&BOCfsI>DKpG2bl4ph`4OHWk8Tg8xuyGEg(VKzqm~wj=TTHxtqb6f5~)jiq@>=! zz+gi+%zGRjzJc;Ak6NQr7W?DZP`r?6iTrWEP%??Nx2k83u6s?Z&|mzM{ttu5kFh6L zl|DU%`(D|EKULq3el4^GhHN_K7B;~2dJ74I-RyP0DJD8$SU^xP_p0t@5}A4Vj16Jf zf3S?3EomUu?Wdo)i*_6xi!5CwaVBswjHVowR5^yBA9icWWY}rf>-9kjd^fVYv73E$ zDxzH`GS(i$r^kMLY}G#|y}ySA6>czbiV9Vmy~aJEFNzs0W~kK|S!tA295{K`%_V)? z2Z+LE&%@2WdX(jrmspNW9P3zPw6Nu(8ogxRFr)%Sj&ou~YA4YKl$Q zbIP2=_h?Vo<(wK_@Q@MmT;6LG4~tmz>ct?9+#qu-_17#ufT%`;Z2s+!#+L&7UJm+)|){JS%{NG?X?aFF-W zPeka(obBz`rm$_h`lLXR4HuUYO3)FC7pv2T4_zJ7Hl*R0cZMWw{ zEd$#o!yWgKbkBq-F*%6XvxB;K6>{1!gH+VC{e&0S`^F7cXY}^FZ?k-FnW!u9*4AE^;CuU! zZmNB%eV?&BV#F9uhP>rjr=Z+9fPkZOaY$_0~ddEvepY7257Y_7T(c;{v`9G@OGAPTn z`vXM`5D*NyySqyoq&uXM?vzf6jkGjKmox|{AthbXC|y$0($Z(~&iT)rGqd*xxA@4` z`@XKVekpuSsV&)ep4O#hVxY*7b?P#+jym()FqGaGLi#(Cw*S`J{Vezr zf!FTuX23_MKJyyEi!&roharJ<$94zLo!HPnll~$!XD&f)BgK_|*GMA}h%s~b#JX9d zA#g0F%x~UGkdGE){>=`;cykd^2?$=FM4%((k6zSJm&4-193I^Ivr2cT-6^NLp;6xR zLIx!wyms@0f&Q-Pv4#mP1Jg?V3q^ICahJ8YR=x||ixZOX8k3Q`Uxv3Gn$sLOmRl~Z zY>OadouSV4{0tuoqKk@(vMaRq=V$h9IDXprcV<&K@$1{#TjqcH@<0XCs-G{~fdSXK zj#KTmQ9)Bvz4~?yz!VOzpPmn>p6hqSEq$zWGQ>*UYKVj%V%5$gW?x ztgW=zpWr2_v zN@a4<4>KhPGGNOYy(Bz2k}~1}fe$anH4||qj)Tn$taVyVUzNf`Js1tKLX230^TysO zmKKaHf8VyrV_GUK`|_Y>I#Mc6G>%H+V1Ok1TS=T8Gr{1?6%CWI5Y+Xfo@W%BlMV=} zk?*Os%xTtS>z;@49@JY!#Ihm=#Xt2M(IDmRgWvVIKUJ`xwfLBhpa=(|s`v@qI;CIkHICL#+XUY$5O}|GM5__%HLk z(Y}@Ef6J-#5e}a8cX|zF#v+@e-PY`|i^8 zTEO{Ov2$8)>!pwD2+2{(g;Ay~^QNzTy-x(LeHq0Mn!-%`bu2 zx{^byN({-qTyNU#?_A|U$5@TfV{fQzd>E$zUgY04I>^Mwrg zC@mMWMdmnF_X}k67e_chRyr`&b4M+~_FXf4e!t2Cv9#+Wh9adlb*ZV$Cso`hQmUJr zRT6=Lh^V@uudP3mJ&T}%R5twNh`0RWaMZ=>NxXT-bxYK5!7ULh%^02c`2pOI8evM( zPp!|R%ardtWr3utXwR__{e-!7CH;H?vvbDmdq|L%j?N*_vcrfon-=ArNI=|gatKfj z3QZp>Bw-m!u6)UHPDgy%Gu~SrNzOp2Cc};w3+b^EGM(F2;t7k>u=&lTbg*EOF(+Ic@Qsv@T3^zWyOck4wmnwG*7RN-`_owW3LkZ*CA^<#nn zx(m906wTHaI6`JKfIdxe&rR}Fg2`51ceB|&^mK{xm#CkU1?(dD#Gb3qpq~uV`5}wi zo!*mwuYTo@2XeO?5q>el5hfu1emEJ)AyIUi1pWXjn*@XI-ACWyJeY?(b$62PMGmK! z{UbHUtFYF!e=qzmYls{SUy;Xt->_Nvejj6t^5{~n%4!_ruADwfs>4AEFS5(J4~ZJ# zG#n+;>*bRt3cRJIhg9i8tt2XOFe15b)FxSp_Sm5G!r4?Vj(Y(*>SI@qQ>_vV;nz>zXjWqzWdX z8&WmnvegNB+Hry@Aubx<^zZa!8Tx{!N}bR$3M=go^B0Ne0-3ekl-jxVpOG^ZBPd~X zktfB3=75~A0+BdT2IV&{Z~AT93I0;ZRQGH3iG3%@{_-V%oU)Z@&CKkNEB}?Kuw+OV zW&C4#b2S>JxM#_czgJ?gfbOu>yBw|D5z`lTON5G)SlmoBuo3o=Eed$?6uArbaOsuBY-eo z%>}jg&{=Gm^`Rz10a4%$Dzm!h8<&L)1?u?C(>Z_o>S;!?8?(51e*@~5f7Ttk1z z6a{gvXLdrJ)Lom``Nejn`;^;qdx%7y3iKX;;FcE@Ef;uF^&1Dkg>!fwt~R^*XeYVT z^IBP}W{kOWy}vjdU^#%E65YCJVDxioQG73sp_oT$y{u-)`0r9h>C7d{Oi+BhBA;uh z-BJ3BQ(>{IQkLQDhUvlE$fgG?iat1}G);mlhL;7-Gb~R6Nk5yPSV!Z&UA5mm`nqi-dKwL2Sjk)pZgl5+@i%X$iaE)Vb25a^Rw=YiY(Q7Ce3w=vl1qPbwlQ$@j=) zPp^{@Nu1S)?#uFLoEH&2j~|KuySj&hf>PV)p{A@XVkJWtYl+E;*d>{v(R6V}^1UnB zAc-J8cG{s?h8s0j8m+P8zjV~@Z2i80ce%a)X0Gxj?@^V?KGM?CfT9OLxAVtSuZ~_< zj;m;E%a9Wn{v4N$Xbc&Pi&MNe_Um)X;Ka{w$PW-Lzv>X8dl&A~WH{3on3=)0EtGP( z;I@Ar6Jp(7pXjNH;q_Op^Pndyg+{6pcxMYf7;;+r0Bm);D~jv}h6aQWXawA7aCg8m zS2gc@iUS|o0;!74ZdVzD=^o7`6b{+#dMp1A9wffYbQkv$J3qwq`K{Y)ge;#gDTX9&yoKn*)w3FLr`$i*JjCeyTiTaHGl`!7Xutj@o&)8M;Q(48}KiaTACl|XyEHiTb>Q2ZZ zktx(42Bckm1f%Q!sY30ixS1JNmQPa(6aX33X&H@dk8Zk3SEn29JmbW-H48zeCKzma zI>^K{MNfaIhbj7$75DgkZt#QwRspTLhGq$S|1_f+71eCB7DAg5vS{g{Yc00uodQPq zRt#am!;bpkb-MK1NuUUV6;<0W#|QF}UQW$Jy_MP2w8j0;el+qMZb)vYJatgDDxtC( z$uaaDGW%I^4;juc`6X0Lr>o86Gx!t1T*nHpw_-Tyqo8|WgPZga+I;I(SWUL87w<;g zJp?&5vd%0)^3>vRC9bWlH42S12RO8xQ?op5q}Ztp{s*OIBXc|JAH>n;i%DJmgBS;9 zul+*ZU6TG4o}TSOl)z@_ewY-werC+>?9FWUsO23bph)1u|66JGi)-hFtIhe|tOH!+ zr9FC$;#pKtQhE6Jvg~alj*WI^GM|e36trdNnzyVELIXVn7wl@?>%L@9Zql-_beOWM zZaOa6TT!LT!zl2&#g^{q_L|Hv-}k+Ci15uG#>CGFWp(x7;eDD|c_@Q<7eLZjPCl&B z*Kds%U+cj2t-3uOBO>Y7FHIdCT>yz@>=9x$s-e0r*A$C0updW-|8SlEq80g}bhQ}$ zGl{~-iEjV=b_h!tl|wH4=L>ZmA%b2RktBtrru0cYz?;=U#n7Z6sEN86A6qC4}442It( zu4mQOyXI+32(OV~e8} za^Xi&QBP8su!YiZ@2O?_RnOYp+CdA<3rIX(!{``ZEH?|OfdrwnXn`Bpn5Nul@^{;$ zG&HELFNj5SevGWzFR-iZ2Q=l?|CH5M%&n`aO_E@r-WA%VH^9QeLJoYC*A_5pnGHM4 zBFXpdqk~gj2ZRqp{hU~j(}m4B#mL3qX)0OCJbq^s0EE-n@8|N=FQy}ttD~G;ToY~`>ec>|fkA?pbdE9>t+qZ^>2Isf=&RQ>wl1Xh~F*{Az z*i+GlwyZ(8T2MeW!Nd8skrX$o>+eIvdcBhAPo$QPz^kQ3!cWBY$pmNlY*|5HTAV!f zx%s?5s{_-@)r(O&m+ICgd9RV6mm$Jvtq6tV=QU=EAl(~Tt0~O%3ct%%g#iH3+DgIK z_vL*g^v>8)9B%xm4C%}8+|QuqPh!@e*{tDnS$Djv)d4fW`j6BOP!FZDzCnZ%2qr_{ z6O9%-TFibV#yeX&5Oe27IZ!^uP*EQkg6ckqV>Fg8;{!7N{Bf%x{%yv+)>}UVuT3fd z&J%|zzht3~6d#*{X7EQEPo>(^6Yv8$L;2;=S?g`abdALkwC()`b)XA046%XDz^4(K zG$8@l6Vd>`MarmP!s{@33NuC0qJh<<|bf`z)z1DksIM<8!`ziOl`Ir=M~5@c+;IAb+o>%G#)VMez)7 zJvuqz+sH`+Up~X!nb>SXvm@as-y=r|f4qn|+O7_j?kM=GG?0mlJFcHlEov%ChJuQ%p4IvrY z7!mjH3b==~&Vkr?zs9@;<$JFjb3uJQEf3kQ&hJTLTj+6BHTp`9jL4-(qa&J~Q^n?R zjI^~sJ3p7}{A@?J9@#4+`rAi*IN7X70C|Ujf30k&)Wb}I4d=V1qozjedm7$9OX75c zi9ZZH2ft$8u0Q4UEsaIvkCaW4%}W%M{7!4u_ki4*E;$eLTC{mYv((x+F8|`A$81x| zAhm5R3NSeb61n4iMH}e@wv=kpxxwYRfrr)X{R92T5AJswJDEyKQ6QICSy2bkhCeXI zCv5f$(o`hxRe_84HKVzYpK#S{MCdD%WJ_LqY*aVPKd&bG^s~SYE}GZO%tSW)+PgAG zJ(rg{qj2D1Yf-Z>zz5gCD09s7LaV<6$Tda7co7Xvvn-sbmfH7 zl_i+`q@F$i3;p*JjZy?IQZHx;`e2s&ir6z4UQJeLZG)DBl^&=iI{5oLf@Nh&)z0nGGyK(V!4=`(2+uzUi|L zd2e^Em}3QU=RYg`y1+&Y>3$H$s%B`2vBOW+LX=y?|6*UMt#3_B?rrnDFgivS2Y$`(`Ubid)`vxX9%A#JhmLIjY>q+8rCd!+HH_<_BIy z+zdk6fcV$(KKR9^3rPF!jdnJ7Zz$+4(Z9<<5Gt+KIof52n4o%;LI}6=J8=;V@wfJ_)*Z9D~p1PGBr2y!GH0KmmmNZHQ&O^LuV@b%|^DT z=SBjC_lFxs8V^OQDP=4lG69<#-}nAkc3wlyGbJ0F1@)u;(u#W`bhYHi?#s}JU5lg4 z{)et9peK92t9YB)sbh2o4Y^zW}p%L1kp z+s|w|{`a;A&)%=!52HNEk1K9!;wai50dPhvhqauzk{*vSyf;pQ6gPkDO-J@5MR@9! z%QSE@TTdt6#|6*MM|RkE81D)RXzQqoCFaF-Q}YnC-oATdQEc{izvbxE-hW}Bx-7}n zx4Ei?#$_zXP_X*@IZly8W%P7BXv}wFm-6*9E6dBD1b}^gEe4!tcfIF*aa6z}yOS#t zL`hM~kmE-=Z)CVvJFm&2zdTlkFq&b(Bed|`RV^WO{y(HQ`?ohSGc!7{iSX`z8TU9I zeN|jkWHj@|D&T_jHN<7IG#@{2(UXy)j$eL$bTDm!te1lA!Bl-?;ZZVLis+wV`LIQ@~!B zwY0O#`T8}4yE3^zPG}`J*7|%i#inv4)n6#2vOLOP@MQ?J<-q`Xd-m4^4cC#hRFiSo zf-=kR&?(cy8YMh;ep&3 zf=@vh(iemw+#L{v-abD8$xw0tGREMrY`M+;0;39GGptXSGNv7zPEx7>apl-K+klK> zl8Yy}B5GDY5q&cU zD?2Je^!w1o4nZmUn5i==1_u8PYKp=(pkU7vCJ~5V=+bzVxV1$e9v*@GAdojhw@Fz& zRd-~w*7OMUjSQMh9pf{BZAPoBYKnPfxnhYY8m3q85b#UG`o%Ba6qRJVEw#~V5)B$) z6sO$QU>ab*0*4`wIRrW2Ql#zHY2{0>E!#hqjrbmpL=9i3#3dVll z#(Z(S|{QN9QK&UtKN>ck^xToH=ijdNZzxS`kUz+^?ISVh12&e~J=#M&Ojnp5hoPA1 zy~nozk1kQ%V}G<6!=%B%K`^nro35!#5KfV&HXllt;Z8Gy8#|+)W9EK}z+Qb2+)^%s zT$6tR>U5m3DqKGBD5|U+t`puatAQj?FznDXFj(2m=eCbdP4$A#_0V(|L`canKC>Hl zB6mlr4KTP-@j?+a#}IE2bdtENMDeH^7z}|84G)|%kUGOE9YmeQ<|IE z-vu4+==O=8-}&14FnDvm11=N>b=8%V8yvcg;cj0meSJfSC*)_WfR&s1SMg&CHuirM+}?U%v)&By<5TS<~XAZ3kBum-wf#gzm#q@#%hE5VDuL0~Vh9jHea{A1K|xlX{0@5F}wiYkw} z6;bqQ{omYYXvFLZ&u|R;yPqsNO?{`}J>>}mg$O=Li3Lap=YeU*^?Mbj2 zr>iW=uC7MO8=cy%EpOHBA@)avW5lAjn8tZxv`1N8@5hH63sx8lD)4>j0!bZ5-$(H6 z{C%hQ_NIYRr#?U&{Tgf3zPeNx2i7b(q1#BTfh3TUMz2Gi-gNnO>-DGpW!^K44gp_# zcD&;9aIdMZR*ux8C+R@t=>MsU#U;RNRmg)lAS6(WgbO4Xk)*Up#bVDC11o z@l^XLW2GM?4@`HRH0vw!WDEhb3?q~gX~3Z7XgQ1ArBDHuSw4pq5W?s4dp@EFBgnnl zOpoN~9=WiE|B{y)BQt)G@pT|8myN>wiNx>c@1!ADL>7O3&|}soAt}+REd=M@-$S`u zu{a6tNuH+>JqKR1j(i!o$6jCfnY@|}xHNuT6LSVWf}A&Q)F=gogak}?dhK6ZU*Ib! zJqN@}4GQy=^jUsTzes(HZ-(R~qMH`8o}@{?>!zb4Na!E9rEz@Yy>IW{st+oZKLL8j z4f~aEPqLA`@#7FJvaY@H@wYsoZMgn-I75nn`yMeHzIB#}1H76@#2x_<#0^fKrN`<|WTq!{qc#XT(CrCldW3AKq6+1B>4KC6{P^`0= z_I|js2+z&_X?<4-0f5MzqzTkn9PpAt@!*3G!zDY6&%+)-Sp=E*f2*QUbf!OZt6t~U0B*T9Y~2#WkQTHbkg>~+uAVbGX43@{r#pRbU@5=v?>kG zxlyqhmw<8usO|1ugbMLPi~~zfsP!Fe{W~M~2ed?mBKDhO1%k&T;&)zD#q{30sH)#x z5e@K%;C6mFVjx=!?j0W?5?~HQpWanI)AsW1?>&JmFU5P~0P}mmQtPpH!sD;gbJ=E` z+-B5kaR|8>&B?E7?2fmE1I+8v09)#KOaopQVo&6nuJ%QeYb0OvKLZX*LJtE%NxTBs zOeza+1MVNSoh;t$zxjcUI;qFQJiLtX@6tr6$aTKK&3*3Wy@2XNXZwa-mb)AF7CiD$ zcn`Jca-N~=ac*;7mqhwP1Y8&WK3V@SAuS?fMF(i|bEw|=b9yCZ$n~EbODnnIq33Lt zhT2%`g23bKSvw-|2cAz3R33D$#5nF$_1t&7ByxARI@=KFareH;A^?TR#l;}wKSyHM zW^b2MzKuQ27B$~%b6AWcr1Ca3N7}O|)wFcw)M^MUPOzDKYd^>r{9VWP1K6+cJsy3n z$`;K4yF!#gLSh1(wo>e|`Nh*2G^*~wxu)kgp(H8XYgRrj+#qKUQWB0wEDf<_RHS^a zLbUN!ALkJR1JS?hdpbHgbWC*APf=W*(}zjKHJ>U6eS~WAz;~nzwcH>{svX#mrFz(A znO*cbz>-r6)IRw*tlAOZ^eRu|s^P`dWN;LzgdxRzZV#J&mphVLt>r<*ygvY&&%&hO z+>opsf5VDvWo<8Ii+z4cp>zls)d$7G)Wcz#hLd6U-$&;~6&3AsWR0Kt9}$2aNLH}{ zwc6ArGh|d+JyGzN>r#{DLo}ia3l|sEI7*nUt?W)lrl#HxZ0>MdqK0$?=RNcK`73w8 z%sN{5fO35}ZJ-@v!(}nQ)$Yh^kKR;UGw6kO(pd!lGVw78xKcZY%&+}hjN$5QI-Rk} z_($CM0zc|el$1DNfbo5fx7Scj%6`{rd*hR6$_=X`GsdV}NC_0FIqfy*`p}{aUpc}! z2`23IBwc%WFb$00x|*1rR8vzEr+mH)&$iKB_8~s!`|XOx3bodaOmAi|xjoFTt>tcQ zuBeEHtXiKB)isb-hzZOyu1R-f8?@m5VC!*&e_2hs(F_1o0%Rv+!yD#nmvIH2wX?4} z<%DiiZ|>|RB_;HChs0eA2!K$bgwDuulvNOP@vBT*TvGBOFdGp1<^=P#%b%Rk{~ZZn zfbSm|IER@G(nWzWiG-#3GXU#S(S)E37J(OcLssxE`UX(CP7N*nknv4Z2-E<}a(4_# z%=qSN)6vihEXo^@?sC`iZYz&$jcp95)p^-?0-f67Ecgb(a~<6j+r1o?K&G%9#k0`s z-vgp)m1zDgOF#c15sAfeGkI*?4vCy z;kS4OF(_fd9U0Y41+xch(+1rCKti%iqNFsveroq-TSh^q;;rjVQ-fYD5&HNqy)PN_ zztDk=h4GeSuUmL`Rr-vWe3>-@oB8|x(Lr)!w|hg3FxLK%A3;D~w9u#7%PiSKE9b^y z*9MTHZ>>&DbFCm)W9RqneySc5h1AY!%JDyL6y_523`7~c?BQ_*#eGrJ#yNr;Vh*(_ z#pT60qr0EV2VY5cB`xZ>$f1IqxNgCNC?FOmrhVInBJ=a}n4Ti127ZOII;l5r?rCf1 zFg?xwQvX2T-OfeALncn74?t90G%4dMT(4&0_`az%_iWk{HdD?FN`}7Uz4?e=Nm4#h z19X-60ewZ1K_7j4*WaJSTB6YJIEoa1c&PMFSYk*#w?o3tbIkpYS z6yFq?JVrD#GXvEtgd?WW#Kz#V1>Ws)a0@xkIrX?sS2i^fmj3L2!ZSCrxn{(QTmQEm zHI>JK*t{k+>;=ssP_{Lueb2EOUkCiOUV|CM95PnW23qzJW*SfKDd78$qrkld!ePq?L~*pS{k@bFY$f!iBeaiutw(yTN>JmzP*Kheq5y*) zKl+}M!9$Q(@27@-fB7ud@Z8{FWc@1py6;~ho7*ES7z3O#Q%?!QJP_UGQ1Mhc7s%r2 z21<6S7D-4c`r-fUUUvQGr{0o$3*02J(h0fbT=fa2siyQYw3vHwsnr@q#OzO=L;=ml zmZkvUDcrSAni_6+E?GiI%DTF*#Km7``CUD;xY{eT-=D4k(Jp5POFgT=ImGPz%RzGc z_jg+q<0g&FlJvRd%2}&0LEdO@ljqTCJ)15kK2@UZo0@5U-mCuil?uLe{`tP0{B!9gql09wT@P z-P%|E`ga^ry3q;=)@)ctwABx^th+`O;7@w5(H(?Oby%>Gll^=AWML=CJ?SkLBSjR8mp`k#e~ewf`9?A_0xE_(UMh ze=tQxEkc0hQdd<^%*qNh5*rT*L91sLmZXXCP!p9K$_-L-imUJII?aMSb|?v_RhSF3EGBSne}vH?*ir!$k5o!__1CzA$i(T%tLgLPMU z+uRc^ZVy{u?(w`d1C&8j;4NY#kv9{Rg{^|)|DQHt9x5toV@Aq8?aOcFeN6_H`@d)% z9TdW21P^-!ElhQ%el;Kv`W}z!3(aP{NIyJ0RD9PL-Ca}q=U@BGB;tzzn~H}204?AE zzDkkAt2+ioo}cWDc-nA*22SiZ6Am*Hjx-7i{`L~>Z-$869?@jJWp|HmwFp)Hb*W>7 zsI09WGHptop}1dVv9&2aJm-|x99g&M735^npe%_od@?tx$P=mJ>@*^Peigq z4J0*UOH--Veh>x5Hn<$JKh;L(SlmQo$Aq>AA`-eae*EgxXmun53iFL05*mojxxMgU zp?UfGsSIcHC~Ikn$InL94Td)75@v|T$S1v}SCIPgw(k!RMD#@5pwNI|RUIRh28x`g zpc-LL1xPgl)Xx^xOI9`=ALL{E@~aZH-VTUPAoKV3W8$eIceDH4+y&mfX8L7kK%uRv zZ2ItFh;Vd$3LcAKXz8bM3BT2)iO^czk~86om%FegVy)usLZoon}q8sQZhf83;@cOo=UMlw`J?tBlFw}50rZN$=Oeum4_rIkpb$a^H{_K|!#@3YX3ccjRK7o{C;x~-Q3m#a(S z=#mbspFNL0`LbtU?9?dLA0IN{3YyZ^-EMX>tIi2TfTXqN&m!vKZK!w-v)#8#TivO| z+Uy}Vzp_^&r=L$e?J#15u8e5Ld-eH3(|V%T(rf;69?}-~^z3eR^Gs(Eyk+$NcHm{- zw29rVRPPXz=)ydR=Yr06jkaZN4K|bIGbBrU`!*w1a8rC6^exw9_{xj}+YM;UYrJ|6 zX9~;;)HV1)$df-lduwmbjt8)MGztNPX8~#!TT)^TCaP8e8{DqW}=8~ z2&Oe?e->j@@+z~d-f%3I-F`Gu))yJw`T~L5A{uMfR#t<_oA2msG|D*jSfe+IX~u9!GhQ#btPKXGosCK65%Fs;luF#}K^vvv_{I z663b@I!5S#vt}`^N8i6W89sV`lkH+=CgpIr(8FyDlX^}d3@it9`vTQ8f4guP?zwW! z8nKR))+R}FhL_RK9shkn2L4WE|Y8g&fd<@e$2G~b5)71`;=L&q^YS* z9MeB8h4zmG7b`p7?321MCJz)4UQ<3F49-)jwX59v)yVYpgYBb7$NR5t zTYP8#6~2vp0R{t95l(!vr+;0K(%m!M+WK0m$A5}rv_8nXIitA4r-1>iD-0bI$GBCy z1Dl3~Z+!q;#Sr$m9sZV7ACu@hZMzo9yChQUFdx3y>P`Kt0$$Ljo2>yxUk91x^Ev;; z`5(NewDv8_UVvu_WhIy1IO9zYHhi?CY}a*Y8v5_ac5y|;Z=N3cjT96A*}ascBy5l+ zpC6S)@LF|OT`i6))q0;kIXTf2+9v zX_=Xq7aI3hBh{2vf1?g<9}6A!%-F7F_>trv<|Z4Y7$X0hDe-7#y%pATT;LNH=;Ly)ZjLu5l*GGw)@kE>eY>*$=+ytS z>A|d?=LuK3>(CEFPS$&`&(Bd1q=+~l1tgiuk!#B^W3KIAixnT^szho6G4{5LybUce}==E7km z+G)=v&L7J#;2b|_4uk#|&N|t5GW-fQHgVrB`03}cc0W!G^LtYltH)^>dSyaBSF9{` zESaZ!vAQg~)jNeWp7DtUOCEz%v;=x8$VGRg3>V8W61lxWBOD>gYZK9MbrtPzWs0@@ zl95`VN0wa8?ELU27uRkAE&)D)l>#*$s}U)JVZ}}Ez~Vp*>}0EfFREyGH{ZOpk>&V5 zEx@fLbI`0qYgEk;f2mRAlsLxa3+SZo23yvJP32A!T6+sA6`JbH(~+DGOH13O3`tah zj52qeVWA_;ql&Z+Z#it2OJV!=?egUsCE;b^;np9cJ@OXwJcceeKWb8)J2^k%6M(S! zD}e zE<2Z)c)UAF(x4YDmXlpkku>e!lE9%P5N69gAbz&^%JrvPrq9k|y3;Q{!Q($K^cU{_ zE0XlO&C%_Vf78|PqbuLNMUVAjnyJrzL>rkd)TKg(Z6O=Owsqo{W2i@-?tKF3-U|=s z4eo?r^~1XM={;X3^}5uQ1iQ!Flizw79=wi39TEryX@p}()AsAebvbmQRb>P3BfIFU zK{hm)cSe$rei2lzoc#JbIqeU|$BO2gN8I+WhsTwKh6->Dzpo`5bar4|m3~lYg3Y0R zcc^jm@_zf{6IWNC&&MzKnlH0_&N56@Jv+bT`8}&FtMzE+3bCCMHR(oF&ZleFUvAG( z`(08}K{nqP?P(C(xA{Rme-))~N104Z8DKg~RV2EpqJwil!*;!%R z5okvGkRMZ%$|#hT_1pMmuBHqvZa!V?pTCOz>j_O;TLdFpU(~$>;h#UpI=QjPOq*}t z=%){c=d)|$6TEmIz(*6tIE+VP{Z&%JSmpU3Q^;Z2FVk=d@^|HP)J*KvV~te%&vMo2 z9zVGMg_8#;+-2!tl;j#xmh_E}t@@#=#US807`ZcPz6^ZAM>rdqgZ` zSVidI%5{x|mfvZ#l+9)mCeaR+eu0yQzIZ{Sy^yoTcfr%c?)RH=ujx{V*!MSH%jnWQV++C&W^l-9+O)X^SyTZ}B^KsR9)pY;)Xsm$MG@R*Io4e^3?XN z+XjHMc5Z1fpo%WqR5o>f$m#G{GCcdc!BBzt=NMmZQGae($m9Swm-cYtc5oxDvUTgY z#lY*0kU#HPOk@^oY>C}${ZXwhN`z{Gstg>0eyuS-4a;%?0=~;T&||h(Ct>++{1y5G zOluuxp$E-p(1}BFX;{lZmm_n9v)L?rNFH+8SX2#MLqp<1MSV!t9fAvnIM zNXvG|IoIEQ7xW0nbSY8RjBG&J!2XWyZXS>J)Oq^%;woXbjOb%3(W&!smsd$i!NX$O zaM()1C#=hoqHjb{LJ(tmqTWkuxIX!5!18|St#s5$E^VBAfpo!mnf}qkMLWIW>>Tlf z`t*D?EBuf6PFnRSX0JEjLYgOXaL1Ib<{UFk)eNqy>q)-qZWPf&QIQ|v!6quQE>X8$ z@Q|6{okTt11x-#wEyA=;`%{5c37GYw)1Ar`AqmV#1?pc3>16>&-ye6A2UH zp`r#k2^H1ttxdkoH~#DJw~-I*7oq3s0)zN;$3h!mf`Ox!rk(Gfd3(_|X3(j9x)W|5 z!EL}=L(tKr|HiN{9pN>jX17vG?=0%#YB3G5$<*iN*7qAS;wJZ{f?{2U1f%ZVN6Jwz zc0O5p{`KqEe$uE0zfezb+c`K=M9qW(&RY1vVc}P<^hJk@TFVspig>DAYAie@9Ik7E~3-w(5Cu0aHlz z{IN^FRjbKq7E6~YyP7fU-$}m7oKZ{OgH<&^DFjdQCrl3EjvFg96pp@8c*PP5l6_iC z(>9yR!=YJJJYL7AH0f_qKn&jVPq@Fk^2QhoA z;RQ{0227q<$NGi3|=knupTsTp59(zy!~h~f$|3S>}BOju(<=#o6OoFMV5yqVE|ENXNr z#TvY_yTRgQ)v0LzJ-<&*US2MvT5MX_%*$UMjS_R;fi{57M2tEJJc4t-DlWA^`XoY4 zp{W~zhKC)|Fl(z#pV4hylU-8!ia9<^3v7%Dz!lNrT8 z)&lqxlH0`6>d8pbzwDY^@?jGG_V!Zrn#wx=mxqDJZrYnkEQN820KuY?PlFBZ91+LJ z%RYU=ubVx(Z*j#BGw=G2aQeUii_q|F!~!s8&(d!TBiy|G1O6AnO=4AtfXDv!_41|K zC*n5vemmcUDoGY-x^$dOIu9flBFMpoTXGDGD$fL6=@JA?6svg*bya)z0dZ=EiM1)5m` zs7S8rScmRr`&0`VM4DG592pYiZBy`@gNwQGl5c%#u@ZA-370fu6^p9?zi%p^K&Q)hCy(&yXO^4TP>3=0?Ns)zKW_|BqWY^Z;SshXG=(U z`|+VwL{9#LL@^oK=Q-pSva>|+Hw7VKh@Z_ax#{(op)!#yK2Md_!++B|;FxE$(qGux zx~Uh7o$iuMwwXwqOq`YQ)9XryLUwAtY^~oX=g1))5Wa6JViKQ#=Oi%GOJXzeK9x~6 z1Q9d}w3uY@K!I@>N)LkuUIwJdld&-5NLO}f+xKiA1)-%Y3iKycXp}w>6)FAsd&Cks zgervXt85hX0wolSROMN{WI{G|`7aXooFZ49S}lz?ocL8bKX$#WK@)-$MHH&XOaZLK zRn0K)BRnPyEU%c8V--f zShNl=N-O`4z9LaJXLo|5X108d*SUdE^yv)K(;4%pdKD-@>?;!cu9E5K>hKLBA-}bl~4Q;Uf z6{4xrF>;KM8=Gz31PKB({~$1qfA$lTE;!>-1~V*hj@CpI6N$q) z@t=p81Iq%oz>wj~nXiVjCSP@6>*n3z{-~>SfE1XZYloSP`68?f3Zyd3xmQv6h+_yq zzfMb-FJUN8J{sAhKf1@8Y7oTO*zsl3mN~DsHu~GeMfxk*9?ANYXQGA@I?_1!?Hs9S zPfiqyCcMIfrKUa6HAs}XGwFqT!qoN^px|!?b@(Q!sB%2i$R(^pt8pP86`w)=B+Zl zbU}fb92hvaeSq@BB|51|*+~h3;>j zT!{Tz3!O^a=g3ez8k{sdxN;djY(E-yy4W9DJ!CLfQ(0axG3ocN$Fy=a4VFiG(N-&w zs{-qUdVTtYM>8#!><*Y91=a_{%mH#tBzAAZn%_Q(mo0SK!JLA`tfm_T#l~i3;sl=K z+0XX+qJ(b-J}Dp&a=Hl?z)YD6?0vcVGqlhTAy6#7Wxs*0k|6(fdwaXM+~K>*!YHfi zCr#0?BwM+-NL58mh^3TZlVim1GUZmuAN_)wzos2)8w){fWKU7vu%)r$%N<2N2 zkis%nIu=#e{pveOr}z)Ciz_2uApZwnu{-g0bo(q%rL;<$DTM7+t_qw;YRgFyn1{jbZ{S4AwHncg}E- zBcCn$3-ipseF4|_9p?aLR{OPCRfVuL2=~h~<43WBjexo7ub86n_1im#fK_2eHvnoxNi zSBvJI%bQc#R=STaYi>Umh8{%R&1J9)6W8w(GdHe^K`x-j@j+q3(ca~$r4gclEcl$# zCcZC7lBnuuJC-s%iVHxUphP zJW*Q4<7-i21qFrOgf0Y3EX^^6LAX~AUSrl2N6N;8R#&U$j^Yk7l|L+Awsm2cCa1!S z3KyZ(Qq|P_Pmj4{w?st4lzJ+kBJnxO_BxDf;^Gv!w8mCy#5BnRRf)x-1wABkqY0MO ziHh--_MeKY!opFskSekJHW$P-e>_KiWTij_fkE&dfb1dEq>x05_q4@(pZ-c$y09;t z{GAapTvJrZKk2#f*^(1~pLkjU!g^K%7`mzCPV}j0#!urmQ|7#H-~LO&rh5_Ra9ru= zN?5}|`aL^EN+Zut7tC2}0OoAN5 z-O-Rp&EdQ%z1MPSFDob40J@;!i&U1*N>H^{I^wF`M%2->WThC z!xQuL-l`5zVCk6$ENxr_5s-nTaBgnZ%Sio!u)D1-zi zP^zw1y&_p}j3V$m{R$~m|D~sIRb~ufcAT0)u*{;}-1ob2tJ!_N571FqBXL;wyVFwL zCPuxzJP<-uiPHxE>$1)%0iK=P7=^SshJ3V%d^}p;DYPS6vyiE`6A_kuE+G=^n&P0m zdO?dO2>vbx93)Y8`Q(B%0hg9(_ll!Jo%Zv`a!R%0c5h>minCXk1-9xo>@uXdq#24T zD<{vB0W(#AX)8t4e{P#&}Y?DZ}LtE`JduXbTL%{Qb zZ^}BKCb#M8biyWojU`x$S;~-qVmGDVg@aC=-mEbW6o9HM94YjVd1x&aI6uhH$Z+z+ z%gaWc*e&`Sf5HkW2|n~g%KN$PT=Mz}7>EGi(>EW%LXl(^QG1I1-{;pqLY`CwVeox% zoCAo7T83#OQ%TSOhI_C$XV51bRQ5pc21@9ANfU^o;KZhwo}qt8kkM2l7bQjLCScGS z6Cfe`M%e0|Jl7*!NWPvXP%jR?oba3`j|`nL0ZrS?efin%)^{M zVe%I{rLtQSQjp#N8wv=aSx$-0b$F7pTZ?Nx^W~0fajt zHY>ehVLBgdp`xQs&dA_gotj_j>LAv?ury?Vubv$3Ih_$hPvzU8lM4gSF1>5CD0}bM zZ=UQ|zQ&MgaNl#Na^n6nep%^Pb93`H895KR?AFy&d5aQlDr%_RFe6)WZY9t#eSCw> z3~Rki4b@-KYyOP3^5biT(HQ=1Q{{CiW#V2e%0#1BOkM#nKKkh~d8y|81Grpmk4Y?D z?me0IpB)q%)x3xw`xhYENAw&k-C^GYLTIZ{bc=pIPNY&zh!VF)VqxL^9`UuP*H?h@ z*l`SxB@1=Shd+Z7BU`Z7ue12$C<+IvXXxkGQV;Ojmb_(?!fM6;?DP}dN>XBoM}~#i z-+Q1KF+NTXz?2=arvf2U6?%*|6-kGJ5(-mRPEHG~^4Hpncq64=VwAuErzwjyVumM> z!W*5k;*k{o#-`)tw*611vxWOD{7eE-f9q&MX))7~zUk2f`i?55j+g*+vFCWrOo+&}W7tL`yd_FR70rY>x})&{2H~Kbjkr zO>3ElTiY+=Ou03~&=CpYHOH}htk%P0 zEP#>SMd&r{I|}Uxq%tv*20D(G3}lWmy7%4Q;GKo03PZx1mR=R5U20JT+nhs!2(hDY zySKMpy9dve69S0ZsozB1soF#Zbc^pdME-s^i~9He^w5YVQg60mZm>pL z3!viCQt=pM(wE@i3$k?j`vkw^KPF4ibr3%ZHL@U0c#9p-nu06t$A~-4mXR}NLPI;t z%<{@tSQp;O_6$n6lgl+NFe6v8yifUO8}16}a~u?-k4D%WJ-!m5{{e-krA4P9nxHBWoELeoZG5CNFOwG*E`8XN%F~__Zyy z>Xs$oi)D=5^(9Ld{Z5vL_+WuX^PNn4!(H z0P*bi*$N@z>DHUh&+(XOc!-w2#OR%z-6O-#wu${Db)OX9|M^4jYBNc+`)MrSGlxBA zG`{tjY@bZm2=M1^PB3L34YuT?qdX{zjK+9)2FA|GW^63=J8yuI1xeV5ye&{F!>xRC zl*y;vKX&%-)%dL9I7M_1*Bc~GV0g@tlsW{W8LCF3-C=u%`t0VxtMEbEHC-rPg}(!M+JFDo@T`H#h1&fT!`diwUp{JhBygayRhA;9*WG1PgLLeaDV;Lp%@y5 z%CqrB{X7vD+>y&B{AmoI#E4|beiQccAWSzAU=sRR5-UUQp_&fk#4?Id=6~Xxs|^SU z@2C0u#pAUjItgJy@v5&9`TQB9o)UjEu3mqyDh*(g$9wZ84-71ZJ-)W-2&c=Dg?Dv6 z3^TFdCKAk-!EAjXp|77cMsxQY2{maSV~13Sn!IPrdh=@Df8=5YR+;xb<&xjQH>IWL zDk$~JDK51c6an8KMiz_c9Qg&PVNGgFE$T|%U1kEkFsI&gxaL(y6+xztfrR;Y2NeiW~?8W@wb18Dk>5nZrxM5R*1W zlU7Vq5F8QGK5dW)73_P8teL^%xQ5$AJ*FR`{R8hYhc<10N@z4#nkf-5rQG-6j}XVI zbGFS~r0Cj>1#$Iv4@~2-Qt;F_@#n1DRiL4WjA%=#q*Vt#4EjSK=vb&|rmcdg1XM$c zNp57G`A-F8=VF5G!Nlq-bkisatVkMQzIlZ3_xgc(j}51JQ;twhWB^*7CNY?r#PyMN z{rC9pQ%Om3`E}H=&bA938XB6t^Q!>%&zP|Da7&6dA{S_=cLnB2#_x9jo`rXrGqQCg z(OqAx1Aacv=#7ZNr+&kN{^Nbt@BW-G+f-BC20~D=RTHq~>Fz|VI0XO>sW`^sKtqGV z-v@R#`IMIPxVeCgl{-N zb$c%K+_UNHz^X2Miwih&Ty0yrr$SmVA3I&3@Ce;nuR#go%do2ge)-(aWP7`?Mg6$} zXiSvPrV%DT`q3Kgp&~nbZ{V%7IIWe>#$@~RS&(1gJUcT{2Ux%AwquHz6~<)d#>Uk5 zDS@?)P?uda?e9K9=u|>T1t-h(A0sEabSDz^Ykn&#jc7ql5>IlwRsk>>HX9Vt>P{RB zGQOFK4iFUI2C$|6R^>jQOA*ltK3r(FWo3|~6j?Byzfhu&VB_vN&{XN1jKSi{r0LvA ztI;A_eddsY)v>#~TZRS`FnAb>;e)FB_wOW*A4Kx+m#mx||9E+2c4&O#d$#s$l$q_r zK{N1zx0ekRO;{p{&@>y8-q8fMXuk^Ynm@jP`DS=>^c_=7tBPuO>C51Z{QCdW1%jqV z%O0hThKC8{yh))>e*bK^Rj2G{w>a1A@qi&~^K-GA%IqSsFEJG=gPS(n{XqPADB%5x z{d-;Qiv%ejsmzyP!h+^qSjGYAh{Z8al0V}LTKyOm@lfF1%FiNs_VC#g??TnwtS|Y; z`_rm=Up_YBkO!-#rwlK(uO7lQUidLDP0kqTVS5hT2@hn$;+&Cy9z0ykq(FleOZF5( zTOg1Q6NRGw-5uwuJd#f&EbW3MxUd*aO-sX-C7)oo6v|VQSJd$AS$`cda(?f>WfY{7 z1l~(W{;w*p`%gAZ{$SDJ;}baQHksZ5(OYSY>hfw~%XitWuK1%ucUf2w94niiT=f0` zZnooU0=NSN2%_;s051s=Y^xx9{wIqmHX8TdyPD``_{3Fe9T=g%P|8`KYjF256H^0Q z^j^>y{r3|@5^oLrTi5^CmL*sZ@I*u0AN=cdaCjIjUee0SBEcOx0GtLeLp;(TgL@w; z>D@ty{LZgjM0xVy9zy7m9<8bKx7HD1pD~mw^49&vrJMOg^Z&R2U`GT3MK6-|%iV@m z(1Xka3b_K0-Bpv-3c(G3ti*2R5-K8r@T=VfH0mp$W!CM9dV@&yT?*m~a^UVq=q122 z`7a$iI3sQ|y#g(?94P}>;s(6n2m@3rIH#aK7Brfv&we4ow{4^pS8_`@*%D_65Xxx; zi6oG1?kb5(eYXz=J}{E+m~v;2UU-Q*UnD}L(_6U@fIHJ}!ztb7xa$W&jre;afz3Ka zKy5g+l3mea1BlV(c2=0z#hp5-Kt&4nQFO{knTaP{?LkRjN7gTZO>}Ge;GffT)_kqG zolSF3pD%HN4z)_tjP_M16u-eu9O%U~>iKpADvpZz?-&#wniNmvmOiwbE9$HP^UT2e!Mxje#HJl3gB=W9=Qw(+$Xvv9|w)5EfZJbR*?8f@B

    x3k7fBn&Xb%lu^6J^IXqwQ@yZ8Nb~7%rp5} z#xRrkbVNiMPlpLpD(yJG5;?kmiX2VR)by!B=L(ZL9qbjqzf(bBRgF^Y$fBt3k{xZ%M4PLz=@w0fycEO~f{UQKmgMV%2xnv%{*jPa zR{P4yyv;N`b!kZdm5DnU2&XEO+)> z{PEeeX@M13USJ0$K@vL%_k4)mey;RHmza#vxE;pLeeR~t{A42UR%|T>?paBFP$e%? zJ2GXcaQWQ0BO@bW+9iVYk#{J+f#3b@-5tm;hL+(DF1G^%+nkHFwoW{!Ee*mEt+T)OaT!V)ZnLqQQ;y*?n;DiQ%%R1Mg0Q$wF;}gC5l12u9s@ zfO;Lb%O)m^^&dmsUjpTQIyixD#7n=MK@#Uw=KE7l>b5S|^-2W70Ko|a#A-nxErQp& z7-N`79nlsDdJqWm0#^JCU21U!LeeC~eU7FM_0j4+VegK;?e) zJ3_tvx{1UtE)ry&z;Ke%Q~`mR=s_vnE1GolNI5as1Mn6ELn^?mQjltD7-C25vA|$Z zf@dCgKq)Bp2>w(O-`9{X896x#%9rRt--nFL5>5(4SF`rcT_Oy+MKk5}-hNcaO2~2e zriVgJ*0Op?8r@_4bWP*-`mx8?DFxxc0U!13v~-Fe;@LY2LbM4|AZ%)0V1Us=(~@P# zA>O-P_z49Cj51=+8kaJv+i4venOVcIgyK=Db119&E3`IOC7E(eYpWP*Y6#zc6`+KN z=kw6{+ebbgPw+Sc9@AYcpzjfTqLZLMy4`pc38;Jw%(NJLmsQJ){^y{*VTWe(MNp4cS=gY({jJ96FsmVn}MSJe)az8qjsE0@w#$CWu=GZXZr8oC?!+9P=JG4 z7Cu3O;x_)Mzn>pMY4iA2nlk*3*J}9g?SHteX1FU=%x4Hy4qPk<+sVhPG?*xerxj=l zCni2;;5uqOk=6xyjoEQ#GdB{vS$r2ibrGz-82i~dTvi)gG`=ea2>V%DOAQvzRseWG z7ROkYDuOD4M$fMb4yW;PPqfM0Z4C;-muHmmh`y`;CFM4@~`C$SmN$=5_O9$M-!M zQV~|yV{#!~d5j{X@9o|XF8+yIAJQ$=zxxVDFz=7IRE}WhLp`RuAb>ddqE^EpNaKGn ze|!!EJWzaKqHqkU1cWUHK~{-s9=5cU340{%byycx!pX=oPy{D?dMNCVa(!zsFq&b` z2k(U;EMsFime4)}K>JcdaO_pxqQuit`VORg2uZ_9F&}}WC?o#UZ6+!plpq3g1b!sn zualD2Fn`l083-T`jH8j_Kh)_&z!0Qx281eayYy&-zBtz~+E3eu_iXfhHF_OXM-W*K zRyCKfaU*8y)jiDE&CdE+s^9WiJoR)w^Ydd3lrDCmx;O#!M)}yJXaqebn=*?o-nQ+VMGy z-*Q1K9Eea3@t2#=cC%@@w@ql}=^y@+9Gw_j$j)7E{y?`<(Lp#+xsP#j^w}O*q(Mv4 z>_3nS8oJ|i3YJ@>qwJk)h4Y#|QIUok{Y`%wURzt3-P`&vPp#-@uf}ipv9Ym{2%`-5 zhI;6rL8qfqu|r_8#JISR3&f;M`R;e6rKKryv{oGH-ka|j-dBzJsiuQ-hr9vJrVVc> z?Xm;6g-iV%xX#k$zNzNzC}~J!%V}54{AeZ9LwcTBQak8b^j5BrG^ESmIaAoC%WI+* zvI;P8k7@DiJ;#f6 zLzQx~sYD|2OiU~+Mw>O6zs|cn<>oWO=H_pTR06);Lq0&*!YwZ9z|egL1;oh21O)W? z2(@nqq5U%yugat04|s5?Bg|}}WzgTAE>pLkwdKB8OZ9q`4FeeDK6}Ao;ys(chlr`4 z+5Q*AwR0w`3%fA-JMekHfvapeMdMh0mgx8oFVXG77^G33Yi605nfJh&uGoBrRXCWa z59TMi&cbESuSw$d>uxZQL8#ciR{^oZ{5Qx|AJ5n5*;{D&k2-`A_es3Xu$YFXbe_^n zuyjZ~yzRU!N1SR%d1P=tF++vF2^aw1VN?X?yzTy5m`A}t>@!-sZ>@1o>Mi2$3bOCb!ufH->OTX~i*dR>r$DJ@__ z_uh*?p`cp%5<9K8JVSP@_**nno;)^gXtNaFaGMP$IzO^5h1mBgRU!Kp=H^koul$*} z`@4wau!p}3Xsgp9`XQU5GEQqx<&hSxK9O(zDLH|BB_V>Ot#MrqYX` zE(uTyawd>s2SaS)V3y+cP63?wIpSZ*w-FX z=9`GWd}s_P1YPDmOG(M-2KNvT@`5?(sy;s{dVSvi4RF(ZyReif8Q^ZyxUEg7{_}5f zci`rpHMn?TVeOz!%o0-l2j2Wn9^phMANpe)iC!h`sr~Cu=rK%kZEyXdk=cBT2|`$; z+lz??gwrNuy~ev7bj7<}tb6_S;k!K_0OLf2K?S76#=yY$QaE59f`^s?IBj0H!PYcz zoI{I|5Z?V;_d_@pp^&GF6o<`ON5k#4B`*MR&3CUl7%cvblaW=~|AS?*Fi3`>lSN2|VUNHBI{to+)p)yAV%t$!hdNCu z?)}yzTdfAn$2fG$7Y%cr9}N?m-VW3i_N;CfSo=`s=)f<0?wm2Td+%mYd z{b&s6N#v;LU7WDg-sso&l)_yRqlS9JFR0{cR`#G8auycB+WRjcHV z%(}~BilrmL7P_cX0p)7e9)gC1#fs_$&*f+mC=;S;)wWhxA-mhHA^MFPt1eT_AhxmH zQT0RPVgc{Z%zkZV&1!YJbg&^Xo2tet$$pYo4!$9sdd01}RyIzA0-R!5eFJ?4B?`)x zhMP)w>FsjVlSW3sIQdjEZDh7q`RJ7%lY+9jVGlNkkPy&9(I>apKQAt1Kp3+{2~$D@!sB68J@3so<5%A zf~6dIgzy1&|Gr}4wufzVICb;Rr$BaK$v|e#-;%6(HWSN=ofu%kr3q#xT**fYeh?T^;CYnq9IY zgk#%eb+m|W_3h1N4Nrz8@aGb^a6&Yv6UG`~%Yf)caz8YLXslcv4y*zYXqnj@whFrV zmX$AzFw$j6#5BVg*%{Aa%?_On9<$LiaL5HL5PEA2xE$KxoFn?=^G&VWZlF%gi@zMDlGWx=};R)6yMD%kgR1Nc@Sn#palOhWS4|_wE!h z5-0{_WU}0r)+gQ?6>!Flld~&BN?1vsR61I&%iUP@NCGi7Ly9Y`D;zCdy1@;AK?%yk z0jA5VvZ3K&-~zwId?Kfz(H12cH(9#w4DE=3ts+*DN(8#+Hwh@ygM2fEl)hGO4JdJ^v*dt)| zMa-BX1(Pt+hKXlBS5p%!H?ZQ|{@(H&49orvpIloqkwi+Q%Af#k|EXe18 zNhZ}_PxIV5(BZ<8ss96g?`rAXb)t^O^99kLD4F*>hh%+4fM6TNd1-)|CV&q{QazLvj#fW`QL z6u2SZ7LZ z<-z#MAzt>S2&u9t>Lzai8bIaw%daEFL$R5_GvmQi{82hw{GSLS2k0K)NT!Y4g?%O% z0{>*JokJ|Wf|N@v0c+*#lmlaU8!sSv)ZS~w7Lp#NMrbj;5G4Px00`h1Lz+|QX@Ls1q0M7+HYalNb@MTmV&wHrs zUm=3Z4qtSI;@hbK-i8L8{3x(o4y4Vm_U7y7j=Oa$KM+Z1;Oi%Z39@0Jrvl^?;Lr-x z(Ji{98StpftC;Opv#f7o?6`?)m~(i1vA8JUIBZYAR=8fXTNoJ~E=nHK1L4mj(WEWj zj0U~zrK+IK!IzXB;-z(t%Y;EZqg~i!)8rA7=cs~mk>ep{{aj@z^vcioE`N0B!o8fU zM1W<%w)9FuZ*ZRUXnO{&qQkRIC%rT`cLwR`##btHsUDf=U&M%82aB=>ym89bJ5z?A z_m%~#R<+O=^o&;HWYW`x-vcJ|P|Bw+f!tCVv8=)Y`d*G;&WK&rUeJmM1`vtUX9TVN zk9K;UV?c2EXU9(fPkH8`$fYYLq)+^yIr*7gT%KT*@NE0T;`U82mVb`w#Sn$h^;F`H z-?3A?9r6ugM*1P1zQM}SWgs+4g9Y2%X@?gd*!YXcf4q+2DJNH>qNQ!yMT35t(^U$% zFF@xa!EDr~&r~UZqbs*`y!e^@%*Bh`hQWMV_Jzw{GWYp%s@b2yMA%}IqwDBKzg)-9 z9Pw&dPrLp4Er8ePNh%tCNe9wPl%}qmh@jnMp9GHEX8(_S(>VwiFrKC^H@}(f8`%dx z9Cdq)EShJP5s+dk7=dWr{)dqC5N?dP`K}3E_Pf{3qlZla_gtFt}m;XFOj8rzu(fS zb+IUGbzubaG-oEc^g@fpv3teGxa%FqxH~$S_?&69eY3DMG;TNO69aj+CC3&lLif+_ zfnFy;9AhRy3PNlKBQZZTdCx@3=c9x91iMC%T}EhOs!Q)KT4CMq2WnM;M&xAK4p{b@ zZn-ivpR3}}uH-U+}xnFnD_u&M>jhla=E?zd;g{A&sx zYzb1~SS8<^NdfF5p&r6nIY{3~sW5 zXrf%mXxs<5ux@)n>~=;fpCK_dBDkSV52=l^(9i%Djl$G+iH~S~z-EA(ZO#e#Ro~Bk z?u73`{DRU|_NysIX&A{p5Q=$_mr z34@xY%<7|o9a}+*(PL2Z(BmthPsuVi1ij0%S?<2m4)HQnqK&(m85yy_0(CGo**mWV zfsIZP)xOFTN!jO0{#a^`9CkIHvZ-h(Db11vyslZfTV8P1di6He8_r`ovA$STt|%F3 zxjvoHV)I!|boG8kbje2FdyAHt==K0d;|sN*&(l|NSo;^(Yc>f47&{WLv0qW7?JJ1# zGIG|TN_#ynn2_d-w6G6^$KlV8xKh4K|6r3K*t94pJ5yJD{L#KR*_~%pLmddeA~Yf{ zyu|t$OyYqFJ-9eKcz85k9!h#?@?qre%1NNz6t+%@K?rJT)Im@J6EtdOs^>v8K+WM; z4~3d5HRxb197)7hU(4Powc4rA#&}c`zilHWJyNx z$s#^f7WY4A_Sm&2DA&lSdflVOa4*9n3~8_0dm*H=yul!Bq<@w+tWhL=#e?OCdKyhw z0LuwKF=Xj~P40aCj2$mpz~2+^;GX*y&(<6iS%mHPaQcTw4?MTIWlxYyOid94O~>mz zd-i{wEit!?IS$;Bd>5SC1dH~o4^K6DZ(TTG@KtAVKB4;|;&M7`kBC-BWPid{Zna5h z&-i(8UPE=QBJa2yo@BRH=Ji;(6RegVT=5bQ8GZlv-UCSd2)yf-=b9Yk;ge=7l{`e< z-4f83j^aNRPe-rQ)S6^@^M+PXElns{W-!()oglogw+ud50K0ncUn~^EHtb&Y9=P_G)(iZ z&8N%ka`QH)z1~p$^3@r6l4tX_flt^VhEPT!WX~nhr(>bNZZ#3l_Fw&J{9*mVf_7SZ zdT4m~q2-|7r>{SLPzMD`F`NFqOG|5-n`h3z^0sAg@R{qqdq>AdL*qmIkf2z`AGY_; z#@1$VY)E_CTTk7mz(P2_Q|E3a#9eShBU z#I>SOJUuBDYt*{ppd7 z_VpD74FMyYvc_DI+qQ{P{u$xdbiQlxbn(c8yn(Q!(j%MZ^yibRYLP!0@3(gTAfZ~H z%_JU@4Yk=E57g}l`f*3dAw6HCW^r{@nUasM0fM#hSxuU|`P`NcW3&eMQ~NE)q&~WA z?~?KG5S|_yW@|O@+HQn7-b7@yt4Amg zNnXE>@bmUo$dw62!JkmB)2alUu~Q_SYwVh<d|A{5U#m0&+ z_f(TO-qNe7eMBcD_yA`PKJNciq@+-jleHC?-uAI|7L^y1Q?f>_(l3uJrVT%2W@dS; z9-fk%&#%v=CXg!xOOPtvB@o0?$4R2PL=rkU?B;C-yrS%^i zWN>^F&QvNadHh_GTzW#AH$xA9KUxdf<$=1i| zQd`}vGqKT}xnG_1-Lwi3$k!P!kN)1yos5c#5>{7#{b+w5whN`UHVjP60%{^Y zz7MHGpFgj4*pH8h!2D8NA`9`W@8<64Vqi!}NHQ`pJAL#a`@pD587d0Njv_p4&xXc@ zMMOk$A5p)IWi}TM&*)RR7@>bL*$|x*O>ezEjHHv2`Un-3jGf)r)mhP$Xli@s!2l5M;uCg?OVG0!ny1QdlnZ@4MN4Z*?Am#-jVEGp77G}JXT z6;x8fCMDI@(=+&2WAT!MBc^h7V5Q0Xy+>j_QRMda!$*qoZRB!&709k#UPnTFNkR+FTcwO-J0c(|aE zD3!N2me$njuqb@EA;G)56t6OWvvVl+Rpixv^OfOMWMVUHPNSCi$&7U8_VTpy^UaHB`s%~Ig?j>m z9%52bN?XME_yR^o52NWcWsG~uq%^j+X?68=J*#6mwY8HEp4bEv-JM@l_4)q&K6sTD zRfHEP4h;^57_NkQW8f170bi7?QS!rwS7b~mTwH4DzcfF5@TWOB`TpID^l7w?zPXT- z6Q}lqTyE~`p{~{281Ow++}d7|?`L8Xll;)q+Q~lGc6p11hv!x8-A?<~dPQ7Rl!Th` zNB4uYb&j2mj-Q?#g9z*B2=H2pQj@Wbx_IaA2x?~2@h50#Xm=36GbDW! z6&E}8g?brUSoA|c2ZD>Mn4`1;SwN|<4Mxy%fX#q8<%p6B#J1M9wtd9n&UE}WVA8LE ziEyoX33okE{QrYJOj>5Qz`t<3}fBy~a)ogxf9Lc-gP&tG&?U<&`A|P5TAvVk`>jNi!1#(E0o(UbMsK)PJhnnY2denKPQ5Z zHPQr|9zNt^_p0%wsggTPCB=mdZ0;+nm>^QzGBa~H*uvYu-+=RpRcV=jOLyfS8L^C+ zqN}r#%8e92VxX_TzqO7*#O=^%PHdUT>)0FFgQK_+tfDppADJGdMC^g3Y!}WE&Ab494;V{=zW%;L)zs7F+v%S3`0QLy` z`Xb#9Y{w8LyDb$24FLO%YAZ}$xS$nvzdptR)7@0VfkYv@MCGY!TUuaPrRw)68JU{G zBS_SWPJC8JF}U}{erYlTy|i3Tv>F7*?c@+pYK+QeA|tR zt^CWEFMG$wq~y%sdFz~YW#18g|M?TQ+;XlTWJcM_4gcxBl1Ne7K9!$Tc;@FHTEr;a z-j0-k?|!uR9~v=lSU~q##K)BsBEfZ3{9qCG+c6oBb}f;P+KGuKwrqe%P|{-4xm(Hk0nOUQi;t{P6Yj?{d^U zJPEgNK6Zw+`5R3Zl0uhb2rjT~cD%&I#PI1h-&|j=O|HL8XhyRKk7F^8C%+3u?UI+)` zDeG;E2n)}T7gOIzd*Ggkxz}3Erdf>`n9WpWcJ|BSzZXrQ@=f6{4F+k-lq7;m3r^Ph#NC^E@O$U7?d6?;=n&U7 zHj?x5yuh)_XRX-Op5Xgn8>kjpL&zH+oN=8w-}QhR91 z4G&l}y_NwGI$&&(O*MGq{e-Z;m3jnoQ_|^_pz-%gL($c#7RTrLJFqH9fwhJZdWiW< zc_7$4S?w4-n~Uz@6-hs)n^$@};Pr;RUgLlKHTTAI!Y zcnb!vozC`1MS@-|wEn=Ttf{&8$-tl;Hi`(I8f3yO!cNaUlY~O#!NRa;`R-(YKH&@~ z{a#74aZsjaLi;R;c0{J~M{D3RpQ?Kctu?=BGkm9Y|d0T<|=bJ#O30 zr~mg4yRve;DP4+CI2bQ@g-df@SiI$Ib+=_}y2`V#kO8hK$plW@EY&ia{{DWi#MPLH zh*n?>R=HhsYX1G};OvY+8p&kR%MN8Zg{n1bqQ1ed$h3o1Dv1}V)BkOm*;E+3MZ@*3 z&ao_}8Kv&fpvlV0z84X}z{G4F%TccSvVt;Epp^-PlTxE055Q#x)5PR={v7MBbYp$@ z@;=x;U6-1D zqUkgi;qY!vl^{z?OM_bB9i-?aHCJzMxBcT=;YVqNJD$U8@xGOn)z7%NrRC-K;B8)1 zUQWr%$~u<>O^Sr1BqK93IUOAYd^}(>zj&>)w1_$N@eag)y~~tJ_-t$2Ha2!#CU)0i zuBzpDldaPAlC{46!2NV;YRcuf&#eB!?u4LD*^-Q#I{?*Ob^eyzm-OD{;?lO_jGG@^a_&QL|c4R~IP-g%^y2 za&jx~85tSSe+dXXapK|O=^5yE-}ZKryp_LUUs_q}jSeocE{>e(>+fQ_-gh4$Bu@GY zq<*rx!VGW9Y9}WsASs!dK0*0()tuF9Ya3ya34!Te6l1@YMOLxA$oUhi**RIuWj2+0 z70P}qx#7iMRetYU61KhyF!_hXPxT>@*R}az&P{viqD+B_EmO(d@J6L5_VMa~Yy-dG z&7Z;`YeT8Ssh>r?iEnok1~MtX^||L8UXH&}Z*bEnnr(0QhG|I_YG6P>fT)<5>;=>> zN)R%@6_9=cg|s7!aY@q=%z~+?p4~dTaaXzr*VNnZot!K}w*+(TCsWf8Ha5&dLqp`0 zlr%wB*4C*|1S+elv@I|iU0wIwCCIt?UJ$Bm4l3Y z8|aQjf8i~vT!$a*gUrTlG4FosR$owLSiozu`8Ryre3pSqf?{6aGoO14R1gOY*Ztcwh?*dMar&>{Jn0Kgy!w}h#t{B%qd%35&L>;4x$Xxru)u}* zUPy@1X7ZuaG2vHj#@s;k`}}7zR370%A8tF=o(pogE_@L?6?^u#yXoE~F0V@cNoqsN#0g9S2D7n>xgV?IlUw*!rpIW7h<+_cKD)h3Y)LN{7A__(MFxX;S}Qr! zlq^+P8E%fJsvg^GHIQCyPL*V~wztZp``wG|RrGg!Bt*}^@Rg2mw%hhIll=)Bx6_(5 zxacGDCZM-yotcS)+jyUhH&MHVFWqVcTY;GwGus}C|Jh$TXh{0U2;V1QByZI~8_;TX zp!ysYH7MS;A#67mor}xaO}#dNRM4lyqL1ckckbT&CcOdXN7b=f8hrerat$9cOJ%B` zsi_!%QBlkWqJ2ozqgi1r=nj7s?09hY9R7jg5E2v91(y(q-4-sOU{CP51Du}XC&x*9 z83R8(dGCwvbCzdKKV%GSM(@|Z1Dy;)I`%WtNxtD({EaYGW2P{%lLSi{88V7EH6lkct1J444CFA@X-@{+? zaM=JATL{;S$-IBdveIQJ0gfE|x%VT&YMV`|Xp7mYBJ;=41T2sD(yP=SxwnnV^HU{7 zSeQk&6odkjbMfH86GF}i@JQ4#HS8GFerYsYPFU@jwGF*|8y=R)d(Qcc5QkriY9hbzpo%Nt`+i%SKr_ z)@OVC!z064FmR-H1f@!8jK#8hz>ltxMU^5q>1-9rlWAWb_x$ZB+A@d|+ zJYJL>o$(7<1U2tpO|$9BM8+k`y{-^#p<#nyO;`4dQ*BnunXVMCL%%dheyZJWwRd6B za4Qkp?lez7jl*Ns!*$xF<|%u70O4H>+iogZcz0x?*an4KAco9Eg$ z0=+a?8j9o7{d9Wz1_zC|y!G}LI3H^~WD+A!cTr_4-aq>*C8tBy)zt;3jcH{+)n_zY zG4O4sRFsXf_;;0O^bsGS{OW2Oiv=gv`PXh!_Qfu(TipXoe=wg28f``+vy zV^!_@u5njU*CcYc73 z_}+YMwd_%jv|;<;m6aumfDo2M(C`?yFiwa$e>2O!hHzZh85$4~o z#Q)y3PPQ&z+h6g>#*TZvPf;PIf2iLC5X8j^fz0xDxy7cif$#&38aw2eC$v4v%5gZ~ z(Gm_y^M?tuU|PGXvLcLQvv^1IRN3)w^KjS(i^*>@_k%Ur`b$2yE8mV_;v(G{>^lJg zfmYV0!BE~S%S@%qHdyXdT3zEGy8Y}cTu5RvYwaX+mGqDa)8uyVe|7Hy2I{8hIhT%F zB>y|-_Qn9^`s4INbJTZraESt23h~MciUPR$I;0X;PUqbIWn?1b^e434-tgSLckkho zCyfIWI3dX7J?@u6R_Z%c+h;$*d+a}xVVFvNXWIG`GxGY(O01~#n(PMYn1K0yUN)& zK9SE5$^_;&v3$+C%VHRf0cL=UC*#Ws4aG>8Tt=W8*K}psy-$mkLuNC@V*12TIqJ_Y z)ZX3Tjpf*D{knR!CWFuMJo~#>aqG~~j~U*-@W*~Ue<^}xJOfW=YF@hJ^@FG9HfNuN z1BukqwjX=!-N2`WC@Yc#6FK)OyoH4&lJ=2C40;7bL{`hp@f5P&!FOP>(HRWHz-aye z2YgYd%V_@`9nFtRN~2?-V|F0^J0sIaj%#OiV8QL?1vGkwS83Fx79-^kHM2=--S_D= z3!PTJ93360oE%!x4Aj7A1+Ok7M9KW(g!o-_ z{_KYKTCD8nKm-oto+7&8qG!y^-pH7~NVlYaySp#rG% zGfqvWt?8S|nCbl1q90tSKWHdn zL_+jIE5kxk3EVLIqdn$68Em?K!C9FUn%cexL`M`Xl1Bo@Up7V`!Dq6@_vsmSRMh#7 z^=3bhj!sG>-SmGue@?WgmmmG9Ue7L_?U?bO<*FFTvch0BoBn;~HqhS>!LZchhA%i= zp3QMp#BiEFfZyF$5=@xQSzDl?vL-lZa3wcVt&$cvRt))BfZKsGq8 zgqn|7`@91@HCsuL*L9@KKr!s?a?&>#Ay&55)kZBJ-I!43qK07oqhcR z^x$L9%Fe;r%kP<(y-TyJ@%MDkA8+K&=ijP*QWT8q2C@-w7XXcV*lKcHJw zQqj@eTr80`xILAF=6-eYwnHjG{|0TY#9Dd?=~*HXTh{hsGu)!MY}#R!pPqf6=p=}b zh>~uMNs`u{#UDeeG@mJ3JzOtY`;%^36h8s`J|Z6HkyJy=sOu{Nc(kl9mLL7=KhJN} zEjOF)4DSe@EVq{ahU4HNgU_?qfYwPr_&6mmFEB7LZ@3)lxAAOk5t+H!tkdzwGP`@w zeau@eahfU>%)`57V>0LctB~qW6rE=0O`UV4?MyH2r_Ebtg6Xhsf z{nt3q6IEz%o#e&aznfpsZ8cG#LGkJpGR!cehmSC^-^3$#mYfk@UH;U$Oqk)lBaz5} z4SrO2(zBCD3dY9E_2o~9*ahHf1Rx`JvFguPYD&uL#?zyzkxV3BJOc)Nn z64b1+G=8}eU+V$%1sI-QNfR9c7%kx8`6Jk!UqIk4^h9ZfY0)+~b06)bSO*e$R-omL z=XJbGYijx;;rDPx9zj1{{`rmJYsvbv4K?WhU$MN2B*y7oxg`FFBUZyzZmxZ~QwLiX z{c+_vOtCoVAgGaEQMiQD!d;fA!MAvj?oTuDM)d$=#L)Fz^HM(3f@fniFY_qDYG#Ij zz98)KCptJ+B91Xf^s!t} zAl)U>B_N&B-F=8V=Xcll50bc8u_f)p(=xQeW;N8&c%`O@nrbX z&S0QqTrUB?{lVsAhJb(mXr<1pdgGImxDuYoXDIXVWy}0hWhBQ;ozsGQvV%8@5CsLh z?Tm(12285-?B|KIh6K!UrI!{GpmuPWz;0w{WO!Ijmo}&~Ke;EUU^!cgivo3B1>@mG?O0=UBl3X}((h z8@RrEN9)*elXS&z`UeLw-mX_q4?eOaB8qEV-UjqCB{(ER@iG;0&SEfx1Nqi1_p9>h zZR+gokilp(xmZiumL>rSmw1>0T|KVewqH^LjX<6*yQuU3?)Wkk{`ktYS>Sa_-)HRZ z55woO(dGGKm2Dy86c!f8xR3E~mY4r>=K>3tK!YyFv_X#9_-wYOk3+9F)4M~qe0Lm! zn;W5czH9jRtG(0q^oPZq{(s67iIWv6?`B4~3#WRXWv6hu)4>#NxXe{@{!W1P26sZe**X;RYj<52GivH5hd4eR9mVQqr7-#wpUv8X{<1b&Kt4PlMvFOIXNlG zQAWgObGv!y<|==DwBCdsG9MIoI|GB~X^pTZX2Z}0zQ@VQNnA!oWzxosN-ws_b57vF zjZ!t!*p}_hL(#??1HKD)zvfc%RiTHnnL~Cq+D+|Oo<8EOtw`>Ih5qmu%|~BxSdr^` zKmlUQH_Iv#r;SVdJT0ENEG<{)qIx&o9Jlm<;6f9N1nr}tb)iSjqBG>)tA9RRd0kAH z`&?VQGaad7cISLf9j&lvBZXK~+kG-18fmhec)Z)dZ`y}D zPk}Q>R^fkIfDCF#Q|Ko8F@9NYO*cdu2>s^(K*40WRre=3exu)=3e}@|QdZIrK76?K zyRCgexiHZ%;8%M)9*8&ug@n}WJgBg#WfaQ4Bq#Uoq)a7TZL0yOx5C}#1>`QP#dJWQ zZ}*)usP#>@&Vo@mx$98&j=GHEXqDU}iQZ`YuzLv#%WHgAr_QfR_SqiAD|Yf zF`A9<$t4^+M4toJjf0pwtdkPGXc}f8vz~sCu5No3zxYv$VAR*AN!Al9IHvG!r|!=v*@j=tZ2IoPlY6 zDq+u7bNR~rQ8Gh8ZPTV4BNrH@|uQy0z!HSi6=O4-ZY zmztkHKDvnoX~atS?Rhm|=dI`CuY9Y$}RB=3eA zM{8NNBhQuA;BB(PsQx?f(Cij6_|K{RQ01Ac@O%u>`BAYJ2LX>$^^ko{g$PQV5lYsg zX1P_{*qrx3X&e8+a__*o!%7oDF)=YQF2!^1D%<5TepR~E0*!)7$uu}mzrL_6b*%np z=;Cs6HrEtX6j9WD4G0O65SAw8w!b8$Yb1UNg^b*AcHb?Sk%BGs--!}eqi3Wp-9%e= z$Zav%?$Gjb*4q#si*}!Z4PfFtJsVZ3{7Y%Ewz+9!Y!&t``boQJySlojp|!OTm7}Ay zOy6rJh?EIMzGsop>)W?epWqVY<@P3|fuoL2jPKr) zS5x9_(l&(mXH6(am~b1@6%bqz9~MaQjlcGrmbmc zU98_8o}|SRCCH=LUnb^S@q1jdZgabM*j~Mmv4RsrW8N|ag&AHTY^K(f#2mjiNf;-)J z9(Z3sM;EEd2XgzjO}FltBvtNYN_gWJd0gc7?$TR+j)|#RUT+zp|AO)0!MwZnwANj! zM8d@JiK#{93PM>~m6FoRYVX_tVqX(-6bvko0loGa z!pZvU8hAYNWBrG24KW;I2p{Lhov%TcB7;n;wTiFn>L0wleqLgC{WxUqeyyhme1nt#kwt!C;ZI zV|{}SEewZTGq0)sO3G#R8lkIu>BV7Y(|CUa%91W924HAu+;E2p^8}IHtAQk{0@mm* zV?Z#Ml4R(CKT+)?q%CzgUK{H_)Y;h=`lqInKrJ5#iGOzA z*R~@9J$-ZIqtW8!qzOm!sUluWwL&Ci;dRya;F`-r_#KkS1!y!wpj9-CkR{?tnoqX+ z88!N^B>G_TFeT~;B@AhR)HE1jdEVe6H2}nI_g9Cr!>72Z5SRf&MX!}+=BS%rSPMun z1`8|dC+hL?@)mix(fas~qzmkPzd1A;c!6~uJJO7LkN|**VtzgXPt=C@GZf>={H`B! zKt=g11uJ){8vL44tq-PyPV@UTU0KAS828kJ{2#lGnzrB`hl{$h8C z_wwEBcPhBirC))L+Vys+Ph6}Y+O zpQ}`*Tcg3Es10%T>GitVQv#wg*HcDj=D32m?x=qNn2pe1>#uy#!$0$3)TxgOI6E6- zlrPq*Q{=Zz!Y+c}>* zKkFRsRH+_ZE|I@|5-=olZdh~XhYg50%y|AY{|(%8>3F}IW>^|)AS9Z5dms3ro;Lx2 zO0rhUk1Q5TtICRQoe?K*%j(?2OvFwxaWff7?wvLJczN$)lHM#-Af%$^w>CnOv^*_F z^TPwPmeJ}WmUMuU9xPKM1^j=!#=4*zr#P(lfh_S&&?F-xU7Rld6=zy-Ob*_g*Igsk z5=x`i)4gX*X-ohDDr(GVV4`v@v(dD*o`ScSGrqfQj%bU`G{r;q&?Qb>U`H2KAg5hZt?1sC#x{p-iN1!!0CI4|y`}KN7G% z%_Tg-;<S<8Pr_+Ph)1QuFm2u)$f+ zjekKf1=_!8#zVePG~6qV-*LmZabk$?;%wUwJ8JcGY;f@3{0DE)FnDjez_sx08fmJ{ zHfO5sHijj=&QtGK(gdF^wtv=q-9R;tEr2PRLHFnp)l49HG{RdkUrZK2$!Oc`+#6=d z$yWNbhU!fUm{aCz%FD`27h+n32IbXss$x>3`}?=Gy1Esw5h1}5KAVRsMcRP?SKfZ@ z)tO#pBZe8UaL6Yr3*}_C8_!`+ap*E}mPTlNq4^-xk!UA7K)`1Ocv7MZzWW14;Bm5X z*gm`}MV~c~`XbI!7SOAE6?)3bl$K*ZjDL+QxJ_3VIecKi0ky>@uKL>6err(3lZfft z@k~s%q{%1`p0YlD|1q4fNr~H!3@36y*Ur_bgU_zPSQi?mmV43;F@S39i2!DR;b(3vz5E>Kg15m%6 zni@>D!BGotzi^=l(-&^PZ4o{a*BxOJ7^9@pW>oS*7c<}>SNaFnAb>eg7yZzziVlv+ z2AnjYHqoPzAmf^zl{Mhu=IBzLI6?>pTD1WH^pwMcGVRe-z#YUXNOw=#w_#AQQn9Xg zn2fY?>itLe$jJryehmWX442wqSrr@_ZnChHw>uqyyn9+AL#FBbwf2jIWNAYtwt6*d za`K|kRiN-B9VsS7UJWWu4HQ3Xf7U7DFOTj^`Ci98Zx#EKtANe$vQU>G7ql=X&@8c> z?XXf8CD}Sr?emgowD372WBgLA@yX6?+XrvY*$o@BWx7Y_x-X1Zjp=WH*7d${IQ#R# zHPO&@VVob{oX?+OF4S+V^!*{rK%Rv}k4HS?r>i`S#g!e&zlHfc?%-@c18XOo3|(-r z`-)Ei$3U2zcJ`j8$XgwqXJ}|*PzE4d2AG-s=9}O4r*O9l`TCYRma0U!pEaiyYOyo9 zZ>+XmP-$wy^w~UB?n>L`4>#UftME^_?6*ksRf+`wTAR()fozVD<6THq)kfzhaPw*5 zBt7XZLhc7kOuT$M0mV0q96Jc$(AVd3(0DzMTPkE{IQZa|E#$Bk7JLelEz+&|;l_~d zOeeQ}uzzx)Z_$A6w`U;VHL8**CVP+pxiok_Bs>XF+OTbN^KJYAy#}vfi1c%gK=4Xa zFT!QTztqUY`nn`3C5OzSA(gAQN8B~(!+897(OsJurEImgb#fHX`y~dXl*+j-!;pQt zPhe?Vs)E&jytz8*AUc)73^>i;%yAYG6Qd;o=@q{9qDhp}h($;TJly~DCjsBpsPTT| zgT5Zt$UHPX8sA^rTrc2B1JH6=3cstjm*K-~T-fgb)JLRmn*C}V#ihNRC0CHYlZ>CX zZ_0sf+1c6kp4NDtUgAXN`0(8UwDP~lYdx>{U%vd=0D2On5K@|M&Fg*z^l} z@H69=tN)$so`?4S7(+AWDkUz`skv0mkh;4(>T|I)_fC7J_H^mbTnA8lD?z(WCVz8U zaVWSzDFiO5|F6Vio>tu(Xwli?cZ!WlC-XV?zKblA7Wpvz_DGgr{!;%fL<37>LOKkW zg!w8UZhfm)#E_LVdeY93Ra7Kfz;4Y{^;6!RQIO6%$70#!1GI#KY<}~VnZx>L?sbCo zKt6T=vtK5$H`?FosULoDaPQ$mg^LEApolGAw*XK;l$f2$5{^1&+k2~pJuE*z_U*BA z$d@$KWWTt$cyN`;@B2f$H9$gXHuseua4>B(@vnBxiv$9H<;1=!2HZxkDF*DG0I8vJ zfX)O1Gqd7S-j}@Lxt*O@Yl8?7jCG%vnSH%!Jrx$gy?i4h(|1o>m^SWX8NlH~!}m%5 zs!!$O8KHiP2vM9E1tfz}yD_5p#%R=LT=*FHyVuO@E1;23Pa*;(92O3qNZq4n_h--` z=E&O1Zc6sBIDB@!>I&MhR&2Ttxdg#0u?02<-&e0%g28xPPEMxl*S{TTyC;vre|qfKug}1O>%TK;i#%M#A|UuyIuIv?4+69-=TwW|#fDbKVW`2~ zP7#@zlpq#9XeiiNQpN=lKazYvHe~<>__z0g61Eb6DtH_9@coY@Z#qKV_IP*O+?jMNI{`T38Q3;6GfQk` zk1_ngGB`Twv%GH_M`xg#H)J_LfiAcn%b}&F5ShG`(jGf!z7+&i2wY8S-d`@-$Ck1V zxJS2&va*g-Jr&EDnVCODM3A#m20(xTifOwdp}L&4!hGx-#T~SV0MnvG$f~S^Ko;_A zrM$<7OZ!H$shsVQyTlC#;HAGtz~}Pet|nqz7y8=Te0rzTjd2@Q0JEDY4rXbDB}13Y zFG0Zr@1pc4aYMipMW?39T1eh2u`dx85yg7C7dD?x1~d3TuS89Ce4O!CRJ0wmoqpMU zT2Scc93?}GM@pR&67ul#_m3Tj3{#?sPy&i;49~2$tBcm|Nkb?i0j>WE>lP3v%9}L zF<#`T;z8zPOX)tA9Gf#w$xi+8=TG^#?G1~KEOOi|U@vHBf`Cr)^S`}++9Wq$W+tBX z@AvQDQK|8waM|2hOR;3%Lj3Olve?bR^_J1nlIY@ys2P-c3S4@c9)u8szIhxILJ5FB zF6tmz+TD5oJ+OhGC_X2Cj-E9&*z}m<;bUl%q2XZ&gPb3p8#)GtDrG2=&(`6yNZZ|y zS5-Zm_3gcLg8&SvBaZ&dUXyPmm^Vm2#er&tN}sPHMaRy?rDdY6LSE@bkKcD$s%bc3 zZHwvY&E(c~3?ZH*Ic`=4MTv2W;8qxvNVvXTqS8En-g0ib%v_+HC%miK-u@etnD}=_ z&||l~<}@?8)Ov^gi>WBG7U1BKAT;E*;B0k0r3*%_t3gr#YQq9;b;{ozjzIbloONLW z+;qsROGuKsdvf3wr2gVYmKYI4phQCvmw#Qy&dQ9e)9nhizSuS<2{|ZYA?Z>Ys_3s@ z#o-somQm5}?ze@#Lq$V-f`ub2F8&&bWl$C^tZ#=x1gx?}*g+vv=VG-8%miTT-{+bI zj%d2r^mG}cY`t31)Mx^`t$KQK|K0< z`z!m4Vkppn=>NufV*z;IvI2Twwm3OC>7MBg{`vW5VwpTs5$t@t#G8JsShrs`V^SCe-pfmw05GKuU;IQS3m-CJs} zC;&gFWrJ{ATwIg^wNI6I{X~rsk)F@hOBf{fa>xg#&ag925rnNf=QAR3HU#O~hPw0D zj}h11r0|<@UrjmU!@jU!BK|}$pcR=U-(4eHJ8`sf*@O=KR7vd zI?gq=iKwV}$YwF}-F`9qtCo8G;hbK>#lu{{Du^S)`kzS|338Dg1PP2Q@w7+B>M70@^Q&9E)x zt4cm#gH%wELTC$w_ho7tr>iBjBm>~^aLx@1RPMP9c5>2^OKBNmPnjHIhfWZum&&4= zZ&RtHLCq%F4X}*8`3)Z+EMWLp$Sz~srdvqP^JJUbQ2v{sge#LC@cKujuRnnndmj-p z0ymUgm~@kAR5uE;7YqN0tKS?YUwHvfU&dTKfCQ+j<5cUI4YN?0O9itE^( zcRFuB5PZLPPcuXiIumo`Qs#?OxbMX+sQIA+_l#7`wzb6(vROi-<1HyEdZ*)~Kcl0J z(M^vb2m|L9%#tIQ&*S>yt0;GvkA;YW+AyX_*?QP8JAf35R~nDwiK z5`PZJXQ-yjIC7wt9?cEtob#!=m<+_wvStf;Xf>ai|EolXm{DA2sPYLpi>N-IZ4%LsxF%i!Cd1+~>8^|EV zB8icrA+Az28k}7DZ{!iOvd}mxjXVnA9P;QNOk}9p7U?wzDwaAZemE*;h56Jno9x!N zK+~|a9@9bBQ6TX*cF6bMFNED*GvCL@B3iHU@&?Cf+?j>fQT`t;S%MlHB2Vm_z$bG}yuk0UpWA4r49W_>)5MbGQ_A&aSx z1QO9wE%eB{FOAaMOQ!%@rnqhRKRkO)#V@MQmb#3x+7fD{`+Du{9OzDb?gj zNTpgh(_9i`)+3|;xd8Z^vkU(At~@#x{qsG!0S!&L&<*dU7PU}+E1jAWa#t! zJXzNEKw5|W;MMJs{4ux9$`~wcdsqH}xuC~S@bR_geXuCOEzOTM-qERbqCdXXgj@q!I#K@bK! z7o-y*kN)#h!3d<(5h*DRLycJ`0qz||4PMiE&j1cy__e&5l}{pR-^f4XakK>W3Q~Y^ zSz(E0)GqU)(lL%2lnlyVvnSgeZ<#7ok<|$8m*H9z1_p-vy*EBxSGS=v)pj}?)>K25 z?Q=b+=(0P0J=vTIC(nz|2oK4BJAT0E99AY=R$`&LZo3b8bdBpkBzm6mviq}VDdc)% z6zF%koCQ<+HmpbWAZ4tyxsG|6#Nlw#OAE9w4K0&GYX503Z9GFV@*#arxw2iUbuLgt z_Ho3%`d0`jNBb`kDfi2>C*V(Btnbuwuvv~|yQcY|Fns06QNGlve~fl|#T_mamKZC$ zy#8M?S!|{QQ8K_1!$3IyrOd}2Qc_eJuXG>9d`VcZMTnQ}`JH8FX(G7IOrb zCbff)e(xS7&FYARJ*t2ko5U;|&GO5Qs>;f5T9KFdzh`T_Y9(-$w2^gZrTjRE*Ff(+eHS{ zmzI^)_zpy7W(qriv+}$MfVyUnnKeSGaGmzm$| zvJ$$uXm@NdZlget3Q7QKlg8)!009FP)fK(`r_R=wS~@jx_eKlaJfCtKz<@ZyNKC;!V?*a(9h;rw)pe&N!@eiE_7)z|o!$-svyY}L| zwh6aj%)o*gD?FAukCvA1Zm3D8xU2*<**rmGV^xj&us;k1Kyn40o#-N!QUaI@7hbm;{+bi_oOxhgC@ymO^keW5>4$te z;(*!5nVDfbWw-TwX8G>je-ss;+OmE)uw_5@`!^*yIYr5YHOxl7yu7rVZ#I8T9K3!d zYGyr?|2%e*O`hq@v7a}sr?{T*y(j)$3v3R4^Hz=IX+Phl)5+2b%H9YE|7)Ae0D(&J zB|G>W*eF;^!x02~`=~s}WC@A9#tK6|eR?2NQ6&3D#nnfrDt^P_biq2MC|Ylp$$`iJdPy9PG4 ztA_)82K&#dKBrYh=G-7I^^=@`Yr7ufULG9Mp^$hS?I!z(4#<{w&ZiGrL`!BCtpy85 zrOUsFLY)7z^fiy0foR{x|C?BB8S6B7JgJM+jG z<#y{Uhuc6Bb^ex!Ie*von8c{5NUJB|J{}e>ZeL@A=h;zA()e8sniTAk*{I~tf^KfV70N}0f2U}`)aa(`b5|4>tGV{fE+r3VZ8OPu-?z=r zPhWEWOlxod4^|JrpdfoT88)q6Rt~oPgU|tm(I++MM~lnGrr`wg8gnV!m3J^X1yiu! zpYmNk&5~?G>zQ4S`=U$s%9d1)|8SZq!B9)y?)_$QqaQf=Te2#ZL8RVRcHvn2A+V-> zZkBg^i=CXDJUBE|Y;$*)iRPy|1M9kzvYOi9_@DWBENfPRiL^AaclJz+?Q&})yb{J| z$f005IxjWDUB*ooV3D7t>{B0XYdEd&6fTr^Ja)IM)N2+xgy`%s&|$A@QO)&#J2#s` z9pzYRw$VMy4U=-@;xPRNvq_r#4$MUw9<->Kwj1uNKO7}$;A12w$Fjp~I}MnyS{aV~ za_9AKtkSJ0@vQfU&kwd(

    yO+q-g-+m8s!UTgLKINL|Gy3+>rUBC|WkE5=(n0|Z3 z4d)S3vKL>{)a?5;4$oma@_(~Y6#8wC=NuRIS+pa%_-`r#(tLEeJ5__-TL0PoG@4RP zOiDt@$@o5K(a?_p^Pdd<{R<=F|FF24{MJL1+9Gb!I?ctAd#cL%xN{GaAi-((6^9~0 z<=y=hVX=;%^IMMf5!Q2!ai_EH1!7c;dBWYXdBbN@{3NSC?wUQmPgQg+yk$+!te(tw zBMmeDcI%Hti$i}IEv8^iSgPHG6_pHb^1=AP`lDZEv2k(CMl1I4W^XlHl%VYOCly0= z)fcCx*As}Z^GgI@FGM)1TCx4VkP1s*fkIUTPVrNT%hU5O>R!87DDb}>CPeV<*1sR> zBMrw7Ak z{p2i`4+xK2Oxs+7QW`uR@_zi_q+<_#;QeNGzOS#(->U16{x~-cidmXt>OeU~L0^@J zsGS`;$Fvhm)wD~HmUl>}fZ@V|xTGwB6^pPa8NQAe?QX*%9tK8mLqsZIH=n=8hP9Z_ zC*<6;Ha4J{lpGfp{P~}H{#FU%a?rmM zdoOE>U5fN#8&+r<8{+`FL}}ubKc#-%=>0Uj5noE=X)jeDXHi2D@h z_q03B;W-T{LOE#z-cM9~bW35?oP?88FN(U`mc!(`L(i1k)Z{~Hy(zAx^!dn3h)PcW zHFL^q*STm@zmBKteSWvQr^oGjB8#zW|DyH{F=v#7iMHDyRWJ9sa+OFDb;={VH=Otk zwd32#pjguP^&vr=Y@2M9uY)G`;{f0Jr}TM!65j<0$kGd6zO3JyW{Lgs#l9_W%N0{3Y*^NEEPY^Hy#6<#{RS+$ftoKIEdtmd)TaZiPYCOV0)_a_TIT!8uG`kO=Zk( zQO}0!M|R3p7q@N0zbD(=h~z`Joi?>kpTdZRdxSlDa{tKF(RJ%Ixn_Hv0O;{4Qts{8 z_!`zf`}wyymcoUqqzh{q{xdc?ea3>ee~ex~jS{CcXVX+@_dtP#gzDC+RxU^>Nv?8! z3;R2H`#k4|t1ya+^ZrBwt*g7yAk`O#b^^0+$ETzyn-My<@A!XppWgSk{@97WvLMB{ zSeaxCWA*t~L!|Jy5HXj_@g$KL1Z*K_q#m(pYFEFZ&dDn%gghLR09QoR6wgsMSxQ;C zyu&_PK|$PAqGn@qlb85Fqhr8yq#IY+HPiKnUe$kft+GZ&cVNm{KwwZzTH0#9bJxHC z_gb>s#2CKJn`ii`RhaMVc0Kj~P%{Z7D9LiC5U`l-M>g^QDtOhjHhKLIvAYjH_Q+>< zeK+(!?YlimN}m(hKDM1sui|~fCb)1?8{6>U|5H^7BP1WyHG8M88mbn=)z)fmY;N#` zoN!A>OB0?DU~O-2{~aCuGc+AGVFgIf4m+ZH6nO zQ@b1caN^>}1}a<2#&JffBkY-&l+=9|(|&SRh6nH0 zzCMKz0n-4A$UXHC9*YI9_*c87UfoWnl@?;UGRx(WxV&>){bK8W|BLQ9l5f@3oou7) znbHYw!Vh1m|8~b`B!B+AWX>9fBpSjKw>op?ZMv#W9U8(K`wF|^i#&IX_GeBXz7)6< ztvl%5|Cg(Tfr0a_gxKQ>m`9~JJOr}~XC9*^GcTuvyiY+#_x`+JHMRXUOjJ!WS2JUM zgk|EN-Ji^11q}@W9qaAqERs-cdRWJBgo#pEQ)9CyJq#E1SIi<*Jg)n%Ar%b$Li+F( zBOT@I*U(+xEA)o;VpJ75W^&z$bIXNNkyf)X{_HG(Boeo_o>a#&QIw8?+~IbASF6T- zuopRckFB#utxBpjP0>9|#ADHpugICdI*k%&`yS&m@T_XX{!e3=X{`v)OBQ}{$zz)+x@u0o6TF;0gRss z5rFN!SfSj<86O=!;{!6dlO24P??fndC)?tK!ig`|4tf~dLu#|34f6wlo;_&d` zkzwF0C{k2aB~9FGI)qgV6=S|8OS`!RjMYfHyAz1qy~{f~<&u+QZX*ZbLQz#Sq$S;T ziZQ19lax3aJA08FukMx$H+Y@$iYf#4B*1ykx~^cHY=0w5P_(WYD&b*y(|>q)!9p01)M$M^@XCVTdF zNk0<7iiz>|0iF1NiIBX6ZRFF20x#F|KTj56d@1oDI>;YtNsTFn0vW-=2v)DR~~kFLHD^YpA6{z#oNW?#@JsbFvm zW;sfyGFPa{ikO((4McmSU!qwbL4Sz@XjO&W1TpLk-b&&2c$W8*dkcqnJhG@H8s~5lNutH-^nI-A zbCvBY4WsspX_#~yl~%PI#oV*K;&QUO8l4(Fu}M7yuF^&}73vNrO+uKdS9JOvs*Vd7 z3QA9>-7f}_VXDf;;G$OpKwy{;a-!Ry`~JJ%ZMYbom1&)4Z}p;MAZ{NVo($U9bja<9 ziJFf7#HF`$`9!)B5jO+PZ&9Bbp}A#JPqoZdj&YqJp*Pj>wnP^#th_Y1(ZC`|3yA$BBb;KBL8fUK}hEk`JN<+aqjX>^#KSzBedX*fHo2 z?)@@!s7fPnNDnj9oUd_3!J8OB_mS8f+})dv!Ci)-r4+Sy@G_ z`L&apRs^#Yw_NJVZluQAjBkB_{07Eh--C5wl7TZeW>B`kAuBr{;Qz|(tXX_-+%kXq z?&l$9W*%lioO^efm`WhsR8&!cfg4Y<*|A|IUBSr4zpvt`82cC)!Xh28qK#?o7zYn8 zeV7aJv?6J0u&UAno!ZI!>d~uy348k|B7t{{=KAnhxa!IhcuY17LSH>F`RKg#+nlwO z+Y`UQS64#TrE%c-Wn$US$KqpUZ{G)URKEhx^t964^FZsBx_c1wH>dHgYHL-Fjwrmg8~7 z*qxsSS8oy%lOS*`#6*56JNYt#A}lPbFzi3H7?x1RdH5qR`SmGf_P|#zvdYj0B&r37 zvTBw-kX16-T%sPFY#+=27l)1o2iQR!Tf)EP?MYFJO@xG(*X=Ia3?0X+=5(^#{(hLK zEx0D;?`+y_s_O9AA+Ei%GT&PhY~<&UgoB_s?4fqJ@UU)X=igUUv>@bU;;LMELq%rE zxDco;QaZSjohiZL*{qgLSS@Y!yEq;p&ox2HhJuv3o~zy9s709~RIT=lG)LyeUB(Wf zi2(s&Z;bOjl$BW(6b9jJ8&yp~VY+(aVWLQYO)X1K_WDo7OS0EdNU-G6JENdI7qN;q zjXPiarU^Wwx96!_-^sc(ZW6oE%1^C&!b%Gr)3StRQU;^Nk9vcy^zDQePzbBu)OY7N z9>9*GhqN7;-0XGXm-XHd07|_PzsZgwE+SSuB=oi$B12@JRO^{8z$4BV*a~E!nOV;=(9K_l!h(* zWbgg15IVPcpiBefVDb6&oA1^9^6Iu@(w)pKGfZsk%@RF`9Z75c+KjGA<@fxWzm_b% zpry^u%BY~YYI_=nMiChut&nME>>-`F?NXP-a%+B- z>fvVdwHHT6CJonOJl<*1#__Rpd1d+08hT4+rM*ii#FUZ!{gk3eQ4_3%sr;Xp-&Q6MDH?CODR0 zWfK_($Cs(yYX6>BP04zrw#F+z7E#>JY$NxZUh%Eg**2Mi!)?4ca76wzPiWh>_i8{9 z#(XHt6_=U0L{V9onfY}(d1lGjEGDTeNzYeD%sL!#Pu+C%DPFSoqr;VyUl@*ZZx$>c zQMay37;Y=Fz7q8psU3=O9FnlIA{O`{0GI7jSfpjG>asH~>tSkIOcTS#Hez#l=hlbG zM8c!O!u})bta}2Ouu&uZ`;Xqj>M1RqTrzZ+@-(ps(Qs|hQ1 zNZP=;&0O;lhQ}WrJ&?AhR$IcbyKWF(H8wY5B|O)ksOyL|VxE4%$Y{8(Bvoy>-$3$B z^GWpe(vU<+&XA!o--cBwE<^Q4WUn!O9EGS40d1x9GOVD&RFgM}7U9aZmM~M2T4Fe+`Ye4UNZ93qmuvZO!XZ z&fgU*J9`Ni56{5k6}PRu(V+kwhY$BptxwbApq+}IL0xhUooLA{UQvfypKQn`>&jef zL?XahN(^*D!gw3wdv@(4+bplQE$1K459>w&I^3>%2wS56rox^Kq$U%q7VEaTuj+Ab zQSA!<7rEPbo*3|3n6cjO337Yl0MFrr;NW1M%eA?ht!_&X9@Q*GCg(|~DknzRYYG|P z3kC+Txv+x+=I)+uNIwA*yIOkEz8jpGX`C&a1QWTKB_z5a{MPx96v-m&@^!Z8IC!*g zbjgFnP7{OrsXxuG{Scz1qsy$${Zr9UU5(zLD>wSJgfA`n*xA`8PZ5$5z+@gL$b8#V zdTqK@t$XZFh)dWF&;U%;%gz6hUjL&vPSDhKJTE`r32#(P%riXmYoBR;9Zq~uU|`0G z1uY}pMoCSEaMbHJFZ&7(|FE%HJ6R;kQL#X@Rw5*rZ~ky4eIH}rL$8!nu;^6Y$rUxC zJV#Y+H4`z%@#al?Yw-QZPj*~1EfSqsN)H;tPyDUJQZYH>fWYm2H5pFa4nsPR|X zoeI%HgNXwgNZA3RZsiz6wZhLFI|e%-z`L4!%aR{txUTnGt;o3w|m*Pp;r zhyCB!+TML^m&egf*raK0>Z>v0$sz@fgi9I>c-`HSc`xXNzA1m-I?Iu#Q=qH8obK@2 zHfY^*i$&S#5B@qzH59i)`*!8zM2I9NHdgw*FA9VS?U)Nb>7}K9 z;E>wGo~^FPuQ`Pmtu_Htl^7o(_>GK*{PWOfLkmlb>3io8OrK|nf;?zRiMQAIje72m zl9#U^G}7tS$xdZAknuOyz|IJM1-rP#NPXjm|8t<*B$eU zYe+^stsZ08yKcbp0g+YXTtx*1*&Uk!C&pVJCLCqwLkf!Q>6ukt#OWeKK&1g~-zYu< zpI~ZApe1+*Vt&s@O4+iDF_C;rt8x5;HZDy9U*h6ReSI6(l0OmSIyky0!7^AG8Md~z zwja7>@fu~TBqNsH%MPDol*D&L-hAvV2^RsS#lFDlZJUe|S6)WZz>mx(lTHqD{=f4U~8GxA}RR@w~a%vLXEC5?VqUu+dm)f#o z5)w=;&!5}$zcpj&D!M=T{CP%aXYcolEM#U^N1T1--rp(dik4O9IONRqog*MftooQ| zBW#|y$bUg5Rg*f7$#jdecwG~gL56ECdOS{as^!Bye(X&7+ABHc;pUjTN=3-0up>KZ zlr*l`nfqCyRm>epq?F} z>Bubk_5qL-SY5or!VJ51C1eTudKV*T*x4U_6S_b6!JoH=t0*zNi2iz3_2#a?+l)a> zW(ypPidwb2G#z|aEzQJ91d&P4~DU? zcg(Om{O%xTX6JTxE2;uFQlZYHBx~kXEP+H5c?DWpi!4|R_iYh5CdOx5zG#@UBDfV2 zIYjJ^?oUnoyTA?B+ceGp3a#&Up!4RW39=aC#M&F#{yX*X59Cq9tDd%2V-x>0g)^IK z7K`d8D(SyG=0E>sHki@b3`M7xtV4v#8yY<@$=3Wo%1fOJXU{YO1gRa1J|PgKy?@Lt zh6d$#XLTAaDYHtyf1hiF;l)`{n<1|b!krr{>2^q38Yv{_MeSKAcm;uQ(8k2OD!v&3jXRizd2LgVB?^CX<?N;8wM#{@J_mRMrju&xjdIjygWuLiU25=bVbQ zqOag!Ra#xdK)Ri7Y4zK%M89fEXU;6CPt;Kj>Zsb$hpXV9=9Gz3`v&(HZD}HbqOvklt9-k4u1!+R{M!P_S4r2>0GyNJNX~5QJ9*-4Ez1 z81)QT^`2nqee=-C*!{>s5r{`xKzgmY%VD6mTT&%o{^?Wa-uGcHdz9gi5J4l!{8}tM)}*`(is^K(J``t1HImZ+ z#G_l~s+WTK()OpU0~2NfKpKuF za|FN1M@7X7w|sDlla~3P7T~JL8gY0Ci1_E&H@7h-8ecn2-=J zbaJTonhJ`BJM@hKgzm9rKSX3`Xc!z8_8k}rx|o`cKzNYI%u$xQZJjBprU!E4U>dE zpkJlr+dgcbbpVW zPF9y|h-0&RKZP_21?U!&Vg4KtCQ8 zHC{ZXSTORtg9ei{4TaMr`k@D}hc`Va;vw_1=OliiLI)Zd-r0`U=R7=qdwZXJN_=x) z|45EW0BXBEJoVvI*PZeHSNz2b<>zMAGt%D;4eL`o)Nu4E71TC)J#a=v3{aEPQowz<+y&zWW>VAF_uk2_>*fNK5*Od(X;olKWSupr z1L03>I9Xslu(WFJp~n_G(W9U{3EC0$i)o^T>-Hl2)YN$4nnDoB)b8QV$G1DZ$i$-E z4-Rhdk?FXd|LA<_&(EJiy9^74>RdFCbx^Rf_ELBlR%o2BwVp!yp6s>pjuDNDnfczW zmR85&g2Fb#5;yaR9utSES2{Ev4J6jDTJ3a_?mLT6AE$70{TZv!EM#T%z$?9vZj*23 zQkSx&!|lG@w%UMac#c4OZLpB3J3+%-&O{jg<8ocB)O9-(a)IBO#{Jqq<+o0s->xoj zKF^op9$gDdMhyn55PDx-?RNX}4yT>IZ}E5H`Q$CM|L#5^#u9XLl8$5}Olcc22tZ7) z$|Exv=Zgm*|2Ueo$HGi@=zRV>Kuq}iAP`4Uoj=Xs?!e{7$nl21;z#_Y7#R3#x{y*e zn_gcZcK80ka~|^B{QUfWe*V1m9stI9d#7~J2?-lhE-#yqj9mfMPz_=95y3*m)b`~L z#jp8->$}Nqmb2fv=zT6zf#>;Kuz7v5=}~MnJ5;WzrCE=s`mRD#?VqQk5;p8?oi7;R zKTK4jC424OtxQhQ_Fq`X8^r1A;m(xpcU$wfYj&Rx%UqElZB8G*f1p{~)T*PZ8f;sT zm$S4iU|F*MlVNEEfb`u!K>=7WaqGi}GXxsu)2HI{cCP^s^4{^7jsqmY=f?U@633MU zL_)v-li6<`Kt5qNzKXN{7PI+Z^FO=UpdkOFB64ucE;SJ54?;#t!L-#}3 zeU0*Wz^zpOQ$u1K#f$IWt&>av>R0bl|M0;*!9vyH%;Ek2N7Gw|RoOOe!zw7Ef;7@d ztAuoSNq3h>NjFFf2#C@tEe*;dq+2eeyPJhHQX<{oa6jM6AGb}BSnE9InAvNNQcB8g zHwiM@4B_zf^H_^UVtkMY79#i@WVYKBo>`pm68>6fMLpooozAWSlNAcT8=$g4!%9); zkRxNQ;5#B001_0mqu6G5mNr_+b-hEF--@_ixP8Y@X$$E4bD={O4>`Ia`oBXm^!+o$ z{4-QTb+aMyKdzwQEe;N@%&S*406=JEJ*1^=Yq+>5$J-jnugVMNip8#!>WSz}sX6)f z{c%qV4sWOEGh;MgU*C=j=YJP|iT?(TcHO%I$GJx-7Vl$6`_nS;yz9&-`8H;S6C3kb zuS?$4l)Z?Gej&_G-+2y0;A#>HauD(*Owt?VdnxiV9PN77_`lZwx@M{;d?-R%tq0;p zRx?_Zgs&3F0}uQ^ID0?in& zUr!kuxwjWB2~=@!xEQA4UcbKuZ0)p0rJ zk=qQ<&PMC5i+mTY=2E2~Yc zti?0`isue}RsW`9HCixAj1vhQT*N(;a1D)$CkI<|Y2o9@jHuF=Vq#L*iBUgm z_HdtY_iq#k9A?nJOzs8TYLVVwBq^|#-NLv``}FT-Ndd#N8x%`{5TiOzNwW9HYJr5 zX|O5|u9B$B^L@d(3UX%Ipcp9cdo{&<=Gk?1-PU!Q*@;xA#qhKLPvr5&z$rS@U#-u@+&I7#J}*(DJ&!Rs|>ys|7rcJHmG>N zusTxdWUI+2@&4;R62Ie*>7Ne5ixr+k(ylFMKSr)?&?f?8 zH((+^yhjX0?Dh>4sUeJ5hz=oNHc}Gc9W)04;>R!sQv(gnVB7%88*z;hNI?iQ&RO)h z?Ek&`{3jHi3AmF4tmr^aP4W0#rMqkyrS15F)hyqW3(J0NS$o6t^#)N%K?jRbdu*w;_|uo_^#pgCL85zftfx^FP4u3ZGYoU*j=rH~A^!}Zt_Hc{7nqOW@=%TTQL9kMr_CFl~Vv4e}9|MjX} z|K7+?7@QtnWOajA;_s1H|8&cYT@&{Ej~^Klu8uwW_1@9JM1G^40YU{jmeJdldT=~p zaZL29;AZDL{X1VRn0QivAT{(_$raC|_g7P_&Z|qVICxaD1g!t8Z^xT|`}>m(8%jW^ z<-&AmjV;7;9t!9Q>=Q4P&*1$Gn0s~l(?(kBUTqjmx_V|hRu%j}y;`C*0o}F9bXbz9 zsp-)dF-9`qT%ww`jRq(mjPIY$ag8CyP6YTUa=J2u8Ku2F8a^7uZE|8fqVd0%Q! zS#DA#$v8IFlTOeKliHL=TGEI~hrB}*=W_Z1{Q#qnRp>-;8GV}fgX8&QO8E1WwcZ3> z7}L8G<@kEM|Tqh_IS|# z?U(U;H`~>>-s}MS;=HJzagKWLF01X?qdbKSM?A(Oh1behAWAbm3ro86-2sH>=%mR7 zhm5S1?DOu1${n5MNonT9n@!w%ze6Yn&DoSSRQz-MBa+}qL5a9U4&Go z@-2t{+O_=yzl^mjubnqD<4m)DyKfAAmbPzuVEpfpfkG~dY&4&O=mZVbVW9Ex-?p`k zA3)3sj%Nacbfmlmg^d)G>-tnW^86L8>Wz4!Ezv+Rroc#uia{W1AOew6!0;lwvX&@5 zBekrsP$DQ~zctxNyLNtR!MXonL%y^3jr{aa-lDdZ6~^;_56A7#VpqpCdkH?5KYfi> z;&XwmTNw;7WO?$bBI3^M_3n0HuT9Z$R-|Hl{;8*=&iv;VSut#c=TCl#iGOpe%Vp?` z85{f09Ca2j*fnk|+SOhvmTVMYkPRLF6gj?9sh;<}0Rse%dq*0s=lP*CcRu!cOxj3D z3BNDfe@|4RV~alo2RW{cO|W^oJf~>7Cie`S-}D6#U0pp6mxP4-CjllVC|d9c@lQ#$ zp2soroRjtoSU-i%9_4LPr^v|ocsr9FviVZRoq( zf$Ut^9SH7AnJV>Q-;dx=m$XQ8Ro^b3*={&!IrrXMdc3ZyD}q%zWz*jtq4@%oPtZnz zC~?|Q&chX7)Zbqlp$RH61tvrs9=_u?26yJhTGnNBXUpBx%%KmC=T!(sA18FA_htNy zTdjUS6TJ5~%1(X#hJhuLKWX8FjhuCmx{+T{RIpI4B(w-O5)Bh|U^zkRTr-QvO~Lp; zb^i`qDCLF*@qmMP_K-ujWj-!3K|83i zjZQ|9ciSaLb>o&E9a~h9UVX6HZbRGE<*B-c=HRdj&z1v^132Rpq(FgOF|9*u^w~a?bP{ZUlWYs(wr3(Y? zR<07WF`Ns&WMA^-MLCwW{F61>G>nP=to0A=cj~5nH4!-gs)H1&~|j>b#?g) z4Lzm)uQG&VlkjeIgMhwvtqJX&-&Fn9TqtWMuCGNwKMQ{>K%r`VM4Q*8nuBgTuoCEpGv+gu<@;3=ihM zMUy2+*r%ixB=ZXoPCny1T3J)m(+Z)C#(ILa;8L~aM((pNdbNMRZW@k_Uyqp>XlW2g zPYXgDyQQs7@}@#G zUD>t$CIJCq0Be%`mzf!r!ZE0q7*)Jffqk!vc=x2Nbop)$+A-3H(01F_&IDw9pzIRf zqGui((=a4ag$abYZka7lK8@?XX6Pdt3ZE09%?U(i){i^cE$^pn+J8IbNy(tzMo5Wk zzlF8a9EnLI7Rm-{t?k9QqM@jKo(Ag}QjzhSR|_c`-x&}EKkXoDdIa1Q9X4f@@$iDg zL+?y|D_boFodmxdy@Nstl6LFe_%}NiVPmb0O-@th?d+kCeRlZ;1@ECHdvb)_%MJy< zf}r%WQ?1_Iz))UMQ5-xgzY*Mq&NJkMgac{r$R0RDQ)|xS?h=adSpz=p5hMfqEY00n z`~9mx_BdV(y6-_P-QBN*hWI&%H(*|wW7De8^&1`@Mt}6+&+k{!zae03Lrhzn#}XC- z?M`o0%>hZ}+~Ec!@uSTGQAgv<7x9@dfLi|LegHDyCYTVjyr!0E&uciIT8tK0RXt3X%3mGP#|3!QON)D(D%Ya5ov9 z;%dQ??@)B~R8BvkHd@*u-Tj9%?%Pzb8n*k}^XDWa%6J4nEUtYCQoSEo^rg6Kb6wS0 z;#yx_%*A)F(El%m`5{KzZ-@h5!f49~S53pe@sx|T zGCzkU&IvZVeRH96q*et0s~TD+Y)L0(htFY$cFkc#y+r6%6V?45i)4#%exEUoS zyoY8-Ka82TS(Oiu&j%|`tP{ufECX;mYQ-rV|DaMgTnZtYJ%(A^rUAMt9m~Rjy>H)S z<>_$2Tf?)O${bA%+zKT&H9f?lQPP@m0PRF>LMth$uBrJbKm$cQrRx_^9fDN=Jr0ks zD`Wa!;ZsS2h4egF7>v-<$PmON)fG==1@uAJbxJ0c|*O2mJtJQ;z zS=Szfe40Se&z~Xy$=0poYeVw6T^a<^_Zke582L|wl z8eSS`ego9|S?;x3zBAS4Q^fZd*B)ohsgC1!Y`92{=bQ-vOp>+<{P>aE6DOxkn+cLy z)eHc9U6tuAF`UzxhQaZ&gkVBaj?%=!_Nw`v}_ z-=FSE>W*|H(b*u9kdpkt&GOi~gUMX(h}ms-W`dsIn&c0!vTE3nDJV~GSf^j;OO|hK zX!xEdgC)=ZmY*N9feZF;kftuF%hJ}no9%CNBTH?j*e))Xb>a>uy>u(@=~cZw&)x~q#ra-`{tO^jD^rAq<|{0lyx{LR z+ty9PoB0!h76AWzz9K3``T3;hTfC4`;7wUEe}F`XyWOo@jt50lNx0FwI# zv;`|ih``R^qPc?iNn;$kWXZNyo=PeIFX(`#9*BtWI}$ zIJY}a7(QLPUe;x+F7Qvnzzo0A^*&z$=u3h0L9vPM6e;t))U~quR*3lCHZTwgltn;5 zz)PZVfMsE!(H<$c&%J2u=qHan^Ls1iTJnUib4tIyhmf0$$6=*|FLxSN2!>Tvm7m9t zZW4*PkM*q}-nmM%8as5Mx}wJ24)8 zj=zwqO@L3hcX^Cd(^3lrJ%|*yame36mEH_t*p?@MOCCB$1wK}%VQD^VMd-rV3X6=? zUfp24`&B6r(CBQy3FAQmxKch;l3Xo-_IA74+I4vFbHK?CY}4I`R~bcdrS#hCZO zgVjBBfhISn=1c+LAU3x0Cv&uwj9+v#9 z{2YHB<6f05vSnwMv`CW#=*BV~llzY!Ztn5r_X>vo9aR29LX1Vz@A6@|yGh}~`QNdL zm3^yKB~`pE#LeYqmPNxV#(v>*(rO>1?h$z`y`tFnp~2Zw=WfV0=v-!dCi6i|OJ&DGBAFC)7v}Wji_dQ{{Pq6#EXExFn7kfk2EAjqE5WCRPCFCsQ z<)g5h(19(eXSquad^chU)%v4K{w)|y%1xr^E)591#Ki=fI~*PNVD%!VWrwr4i?S4E z0OiMi8F$dpd2?-?0XBb65N|p|n~?xiqr;opx}NteH>C55Y1mwz2{_yenNyT=1~lrc z`ZJa9V*s01=rTbg6&e}(lvRkleCiH#;(4{Xcgx%4Wu4ge9Lqu)`X^aU2H#e4R94hj zi6-mnzO}R6u0$v>^?jM1Y57fQGs-~h$`|*5mY&pIAQ~In?)=^fzjZrZM23jBK55bh zk$ehU(BHwA?WX3Qsd|OVl(90m(M&qRQBr?QXWf@TuGf8h8c*i2Yzjt(-ej&&e*5~V z%I#mVt9xMa{oB21Pv$zc)*71X;&dYwKjJ4uae!6~qeqe{I#Yat7{~sQMzt^wxJHl` z0bou5a{4TF(jsa&{KoKHX(PsOml38uFEAhxI)DD|@#DzXi#c7zqm_ziW|X%0MDJ(< zp78E<2YqIiV&3;=;M{PzI6ZF{EnQy+bT4u-iz;#(P$O7J?ux~TL&N|Z(nW7Iw!EMF zErL+Z9N9<}6qAaSdLA8y=j6Y@&Cnx1lupeFO)*- z>c0(()Ts<}uUvowKDTW|^*k!gHHKah{r+_{57#BV2n)8e7T`UGQn?GRz7vOFn9 z75!25zj;td%L4IyBiyW-+2Z25JVjH>R{-O#@T>8|$1s;c*x|_R=rSt-kiX;FWl!fE z@+wBBVnMh5rhIDfZAHZ&J+Rxt3Jxs3=cqv$ciyY5^|d06J{#IozI++AUceB8i|gfs z_*?35vF!BC+FIsggcNh^(nJrwW#iB*9qCW;AkJZU8I?S(3y)cJ{KiHqz|F;t|735u z04JQB{4qRYhgDEITXkr9$jlHiJ~;i&0(#GWq3Y`gMIrn+p}*qm=dojU_j#Mn9~#|z z`2Vy3N7l@>gO`HM`#WB>AT^bc!qDH=vtShFCC=3p}gAvoN6YeyzVjqp`Btd}E>X$0Q9kRln>c9AmPifBqcrfnus)Ncrl3#Zi%tkCXhZi_1#r zejVPoyrrRI8^%ZQ;AwDjR=6G@u~Ba)sjuqFhYEer7I#p_>Iw}FDIyuP;#hF-r3cUz z>;1)rz@vNOB{q1DCA^mQ)|+a&S~@z<%JUSQoaOs@kG*|$nxkozn8}noP#vtLyb9>T z1fyfvlIhcRAN+)du%q?*_$T%Zm`>A*_p6)msvrJO1Fnya{u5!*EiyE7_kHPK2VgAq zo86C=afp0B-rWaX%6jRrDv^6!-5)WtUC(rJ(KBr-a3!YCV_$nbW)D z%N6f~sl*#s;}FLbeK-ahHT{F2#gF}!Fj}9^m_(w0)m3SKYdAk*-J6PPZlmte;DqiY zIPi5n<*&cu$<#9&9+<(jJl@~g)cIFDEcM`jw%)vfzkF4|j83#3XfK1xv`FW&e4fJm2on5ILBj+v+IZL9e z4m|pb&f0I^Duo=NuWh<28yaHrC>Ls=qM|ArX-(KqJlVM)u%KJXS(${nk?MWCJ@NJe z)zI@d@6S^Y@AaYPa?d$?eU~mX>ACrIhs_$FFP!uS9)B~XYZk;Te8#CC3wECGHah=W z!^7VAWqalJp{5)hRF0h65&14y zwb^wqu$YscF1xIwqWCmFeL3%S<$9Lf4W;k}V4)$da;NpWu(EVXpX_$iEotm|YzZJ@@t`MiH-a&1M3k!n~AlUwo| z$S^?uy|CU{3+|h&ER!?u%cCQ=upjcBHnv;#&?^&h z6aZhJU<8|3k@HdlMmfa0k#ys@pG!6ZM$2Kwu6#zj*$(4II8DXo6jiiI0(P0P@0xXp zI2RlO@_z8VKMv5K3Ty#U@+2@zpq1#nym(3csNdUA^lL>!YQnhYoiows;<~)#gmHr8 zM(DLVv66rYtKa)a*uUb zG5$&C;(9C1{WZzqREKcBaaYW7`d&o&@%$E%=A`mhJO(_5?HNfu2IX}_<>_I9ZbO+@ z+Q#CqI!j|GL){Z_cN;@&x?*Un)>5ChN5nLncS{ladYK$zDSWob7xTfE~vGXqt^bnf= zz$XYggwx>A}u(VS{&ZGWMJkaCffy#iVlW zig)NBsCmml%qz(EDJNIK>@c~~`>abEkjbH;c{@1-bW}ltL`3>dzk@8i(_(XTVbu)Z zgT+7;6oaGPZoZ#>^Y7BWP4oRBCK>CV|#aRF8$$R z#@QtWufBRGqIwQ?nJunAc6!gjZ>H!Sth4&BmEt-sAi#SbW(2qG*_La;gZDP9jLuRA z@vivGYeREmcLUy+l(0a>fJCIaNB0;t2Xw-}etjLIri$hwsDk%Q$TtkYn8#JreCfBr@j)u=HmVS?E08xn zPN1u&$K!axqlSZ<#75g@sTCyd9R?B;%xC;^lz@z53dXASuaM@b;z6HE5ZJD^WO~~798!7LZ=_jJoT*Rujcg1tPY9NoQHqwW9`y9JM{%`zHW8R z7W^T)l*&tlj&Zf5bQOG=M3gGv5dePcBxt~V_ts5XeaVu#{P*n@;v^t-hpa@Y`rl(L zEUeBgUT3s}S$xUp{{p;;VXcYT4{fI9wbfG7DJO87VMnXLLE$AOY#g%P%A1)~P*cn9 zaYIPS!HHolb38dayHh1UI7A&X_k;V=7#|UrDj;g0fC2efu08ryRTav}d}D_I ze-*(BUjF-%czJE*-(Q+ZXTzT_4wd{~A9M3}c)p6g z7cSMhjl9AvV=aSQu&%y-$ch8Z^3De*tcISKmF#@iO+_eMUA+#oMi&Qs2`u`{lg%61 zwk|GiIOGKFqj9GF29+`2S!zGP%o1>`4}sX4_ItlkXi1|KT8(Is!2zu+jO*XNefKy* z4j4ZP5G+gEN+rEI|JU;|3%`6y-rb!$(Xc8#-pPTDVe7F?X;&THzdM1>eO*Zhz%h7V z;E{W5p?7Q|1x|TN8mTOlOoQ8#bidKl&|tojrIEn_D=f2rsA?t%xk7X063d;&i1YH4 z%99WW!|(<)R?jP!OqAQS$pV4Pno}o~-SrA$1JI7lRCRRxTV5~xY?6=k4}}V4YsDv* zhNH@#}~;&2z%l)qN@;Sm?3{a9DlA4oHZJOARO~DOqaDQ!NAz+4Ly2mQlO( zecUd$&DLVAc~=RsGRZ16Wr`<2{QkRy)LpK67?h zm6SnG?)4#C8Z)xcMb6x%^b_QZD*o#o@%z0(X!HbIi;l=$OiWy-aYr9jR0InZW*zj0 z7`eHX@hr{rE!OspoXhD#{BGM$8-}UV(%mDI!=E(p%05vM8yOMn=@k@}P;&@80(gT) zW^{al-M#(M#i8$8Z*S7aXnMi~w5NB21dcEE#feSa6fp;yO;hlu2R13Ne$ply2;~g$ zC#f*t9enYEhI6U!j}Vm zo{XH5dxLbGM5Jp=EP9X_>y?$FgvxTGd-dPnUb_*8%BJlfm4v2)yG$1o^z2*hpM3gZ zc9x&jK-#Dnc?(wEDJ!c>yl)m(=<91Jv!u==$94DJth!w?XtsqMptwHbj!0vu8cTll z@`cZHWaEnFf1ZsS!pO>pqNR6tKs2^X$TbQaGXSgswT% zJzr!qJu`z%8wxO?gvy(l{0uB?^8WA%L;i(3t8i|}ug0>~Cr01X4B5VX{b$3tn{w`# zsm=X>_m$kv!-5~_!j`btx<(z~=(Mw6zl(r1wvIIgSlL6JkI65{Q;?VMD+)LAg|(&f z5}R}$$E!+$Koumyt@bDj~?8wSQkDA1-^*jA$SDoZ#5#LZDHgvBIu5N~qPpkD+PpiRE33s+ttBY4cpRb~BGdmBcLhyg;g-ld*} z<%O%aQ0Za6Tn5+N_B_LmgQ1+}-D@JcJYwPBd zo)<4XE)m=w*V&QlTU!+}{WSL1U3u-Ak0czg+;e6_Y1hF)UK<*nTraqeisJEHe)(SS zJ(Ua&M47uz(di;c1)aVCyL$)a4v-^Ip>E<1R9{e0V&N^H)^DZm?Im2oKfw9Heibz% zWR~$&bSZm-`=uit56y?1IJ{4h6ewSds}kVBc@kcni}F1GwaH5tcXu^S-9JAN<>j%h zl0l&DUdlff&r}|?Tz7Ha9k#L|ith@`rt~fN5&oNwg*zX)Q~Nyk6Yv+~>CVjigp4jZ z?WS~?(6d9p5cH2He?AWs78W0AQ%;!d{0=-u($aEf9@z zIN9MCwMmDrTz&T`vxwvCRf>Tu^=BVH-CyheJV5=TBnk!XVS&AsSRvMz^kjK;i6;o# z?NkQDLiq9gN`{h9+a+%SqNHO2Qb5*2M7pGNavsXh*@9YV{!W%B?`&IFi zO}KfXV$xpqav8zVn2H?47({58d&l|L-8X}A`dod@^?bdD$r3-cr$JJANE1@UT9|BN zyAlT*I~raM4GmiQ&!4erXYL$^E_Hx}!6j({f<|ghZ~gQd@-zaObE9HKTE^2>Rx}KB z46-7kA_W6^t=OyTR_^*u$U7z?2EkOmMr@#pMO;$y`*nW4=D#5Aj%ZZ>AOE zN+{@j^*`DswPgJjPGW|svQ#n67YZWd3a2{~2H5c7&-o%$9SXj$n`}A;N zr8uRy!)P}oazu8lrQr_w)piEiuF}WPONoyKKI$UqmR@sdR8|(?JqXFGE-MWEGp+mY z;lrs4*N6VMZ%4E}lv8>v6^l-TUfvd3AtM)R2|AtJNec)tfdX~NW$5%<|+D_XITEV?N zHR!{aSIO_##2!pf6T{0zw(Hz~>%_`OMqY9CWGLIvHgp?U@~AIyTdvLJs8&2X^>w00 z51rgraIr}Hd2&;Y zq@+eXlf%YN-uHSE8gz>IWc-JOPGewv_inl4(zGKPj-jBy5PwI5lgrjg(u`BbBM2{p z5y+O9CxmjQ@1Dr0En?q_-56~hC;xh}S*bNu=_l+Oj={mnZGtTcE<|-qEljA<{Pil8M-GiGzydF73Db(rL@i) zJ-7LOI6s8F>O_^+-SXb>frUkii)=~m`tTtbJjs6?8m(;JI-t_i#db+L#l<8`y^}yS zHvSC*sG5P!MwYko{Rdz%`9B9l7IKph4L7*I-*VQ~XA8awjOEiZ3XsOj zuB^sz#)T<@qJY{u3kxqtK|vavq}W7~9y-qeh}CXWn^1YC0pB?W49jKG-KG-IpWkWs z9;W|9RqwWau-=W2i`z4YY#gACp|A(B7mW-th=j5jFzY5=I6Ansfo5lW{t1oz>}j*l zAM}u&u?U9HW!TDhN~rHLos!nO@Qj58MPz9y(9ix%km*@y^W`FT71Q}ArVO9%mIiNP z-DK9oKaTbFwr!!61P^cDzWw1I8t&HGz<)aBHUIv5s8eog*^C_eJW;%~R8k%5K}jeY z-P1MvfJ4^^?*T0_f`tGtZi369rUo^avec!?nj-c~=PO^wYm|n>BOIGQZJ#4V*TCQbL`EKZ)dlzU9bt-oc*Z$l!5g7+4J~M z5DWkfAQ+Qe++8y@zYlF3qFinB*Sors)Pt)&F!}Qz7e4RGriioUZ=W7O$7jIC<`Yd5 z3JhYmtSss64|CIm4zX{N(7psY}85;}gdMmNHx%ozg z(L@{zRnK7<+1xwyHMcgYH7Lk#20tL+GfSh5KL0xS@P*#lzjzQ7&{I;=jmR8up!!5* zN-1q8tU^lkqk#zD9TWMc*^uOjBwV}fO>FELdv{m2#EFo-0UHqf-SR~8%%j8b!h#C zGmhkt?R@5#Rfzie47c2%*~)hA)6#H^IzIlP&FDh( z2;e|Kq}Se5x)w2mmImWo--OW$q!x)IG)*dXYr*9pwdLt`ytP`XW%%C!GUI#k{Li*T zL$_&@ri%;q8!+b4JroeD&0hZ$Um8Y-KtuC^Bss|Qk9KzMyq%lq)K%w7%I^^qi;vG`E&DlX@GIqFR(4V}7ycn-xs%_!6T%2T z!^+>pF1k#zK>=S1-ZE>~CvbDwnXddNIqS0&ewj|s#u&EgbsqCXfet#0oVsGn@+mQx z4t)6pGh0M+XleOv!UQw1P(_HjS1EBZQuGqSVlbVF zh}`n`7lkhT>&OPF4yFpu#?FoqVkwqJ<|Y--Y4L+N4jpCG!f2!{g0J!;wJa4paIIC^ zMMG}~Pydi|2Brn~i=xp(M#AXW=-|`~L3S6S&Vd2Rrwq!4>L0V#E4idfM%bBo{uJG`m(CwT$goPeD$#0q!Vx>$0hcwEmhd7qwI zXiL7(jJ@IisAX^_kni?OEwUj~bh2TO2~wz}VxtMuues?J@tn`e+_R4Nol_n`IlOs~ z(yw=&BW!um9{+1zyKaSAX|Hdt3|w_j0>a^;;;jgeXI~O|*We9yEyb5j#azoO^%Rim9!qmw0v}gUmnU=Nd6f1 zenn2)%^ms8*!4bo+nI`*{RvcihUbh94ORSR8;8Dj{vXTgXQBnmuC?$adj$nuT-}G} z$ED<)%k_GKKjhFPhE~iE4CJQg{%A;r03qXt)6`Vd&zP8Q2h&NbJ&*4N@-3i2pHP}r z1xK*%eE`#f>^kSvhF8XeM-FL(mcdV{UH&bj!{f(qyc=o~U@)GmTBu*A9l-_QIC(XT ze#JW%G&T`yR+r{l-=9q=;-jTdX13o z#eNs^?_yr~R%a*WD3U@rJ{c=5-Gkjci-NY<-P%49^Yk_w2Q)YY<$cY4pvjrLln+$UrvPPjXH z@(dl~>cD1ECSLSne8YuNrz$nCT?&5ex7OC#J+B?Q?wy{U;eeC$-8)p#mKH<8%mZIv zkfx~V=-i$xib9ivTwsvVMOat^NEY(>K@zKTLc!DX&01YdKV~iO{HxdY5(N~k3leLaJt)=4mT)b78994mL67b@70y4U-AS?RU?b<* z3Bl!cW=qC+VrF_TaQFUP_T_;upcgpA1gnmI5HSXgK}0fvc%uIn>|0h;0NdK|riY|T zP9q{5GAIF{WhDv+4I%+AQ68jp7{^+N1P9f6-;;?6Htmn*;v@r)U$41ybH)Hk0Od>D zX_p`6m^`cI0F}dJ7nPhmUh=EwO&OR+#MIQNA*}U_m*;(Sj5HT1B4#^-Kv&r(iVeBQ zcD=y1Ce`Am`}cqSYX6s3-^|ZQEG`q%+0XZLRl(kCwq$Rp^s4*&ToJv-bNmULng|Hc zN~HKmrh?Of_|>ClblV<@oy6Wc?=q+)d_-p18W4Dnct|9(ys+F0!E0rd&Q+tSoiWTw zdmrWpA~)F0RrS`HWV^K*L#L9aWUvvJT;TYv9h)kTb}=rok}Oa+Uns~>D2M;`+=l#`q9e6g<5 zaq+#fGN`EN5+EPIY2TM9hR7C*#Yq5|4vDL8?X8_tN-C=>(}uL^s3I011K7*OIEpt2 zE{!>+l&PbZb8-~ips%mTQ+a2P8_`1gG`@j2nA^~+ZAmETt6?C~=l`b#Som?MRr+S- zdF1&e%AK0sD>RS2pzD~VvI*N>x6s7tju8H)%QQ#)ubpA!b8~a=U8a*`%gM@)pYo|_ zU33tq=uPNE@mfZ+)3Yrl0yfg|3(~GeOxVDn2Mi)qJx0yXi2Ji|98EF6<13qsgOIX* zNX3yXsx*xf7y$6^vr~^+%vzjx32}$g-WPF>Q^T)mK8A;jmyD=IWvt!*^V2QTa)X-U zFjzIyv>PkO43{jVNG?-daeb^fdeudh`8`p&x#NW3F{a+@;gONn1O*ZU;=8=%@C$M2 zyNfs9HUo=``~dX6tmOsM zf>#Tjsq)KoVSS28xKmQv<^tK8-=!-tK4^Y7`<>Mm7oVW4Vz}eVJW7~W(yy`$&TzK> zvPq2qGJsV{s*33hdBw$UA|3bdgZTst2S-f8bhL&uh*(D7TCrVuoHL!MAa3&tjhwjZ zrv#p)(ABy)8{5&l*$l|IKjfYh_!=(=C&I4&a>k{iT8Sq#vA5HNYev&$>)C17r^{VR zGC0=j$38jUmzA1{fRx~wj$W~?mpWjnv-v@ARAkblOYUp?8D3D4Vx=c+?O*c>o z4i4YW@@aNB{1TAL)>z43d85r<-vac9>V5!1N#6edxvJ?D+`34ZIq82C^`wGxupUrI#{ ztv8=J6J*F-r9?&V1;g0N#T79*SyM*d{XsN;BznCCTcMpS=&Q(WE~JId_{t}P?n8)k z_Fxhqv3o`+VrhwVIucHDC9A_e$=a zl2(coR|Vn&krUS9BanVL#rielNcbZOVS zhI2C#^jPNVLw|77DYaU;+ps0Q^V=i{$$y8mW;Uox#h5S@UXIH!Smg9;5ks8~B(Vt9 zlJ+`}Dt^jdR;s<#(zUGEc>Kjnq!gdB`w_YHYL3=0Cw5?LljOG_MRKq)&-_4z!IPc- zdAyYvf6*guBfmphiiYE2t!EQkway*~Wk!#!+u`l60tW%Kb4NA8tj|JI>@LTNj5?V2 zbjzILJ3_yF_;uxzWOM%alD#RR_oQQfY^KBF;K7Ry>Z3<74I<8Tud2YNp6u^l%zc}e zCmKG89x9qCsz0YuAuR{oG~AubUH}pIf>FR*yQJ3Qn7PVsetEUvF4x2tjET9IHaf`= zbaw-RYnB+SsVth|BfxLC*6PHRv=@$G=PRJEP3^LQ&BOhudZHK4I?6+92FGUUd7{su z8|dr|6M~xKw&|4HVfwFbKx^}Jzxz9q@%Z@oA0A735tv2&45)V#4V%)+DLhFL5yX}-&&Jjt;6iruVr|KEOp)HAP%>gYY4r`LiD+FrzfFgp&jB@6Rf8; zwzihHxsBFhBda{(ixGzPcG@M+*oCmY$PyY9y5*jCdsvQ030-;e2X#ake_0Uy#PA8q zRQK~2g~i{UZMc)XZYihHy^7rnqrBg!fTVNilga1}orUq>=52M{z+$mbRCMghO}sG} zAF(w5ovd*f*fFT6s{D5ua{@ zf}Ga$&K>8~zNPN(#Y9!s-C;(*3`1zmGGuCLWa6|m%Bb061902mXZqCBt^LxOj!$x-L(CG9h2AN((C5yQqD+dSW4>YWJd59hWV)CrIICTAjVdDSZ9YMGqv(tDt zHa0RL?9d|Pbf&<-`75w>PMg(s7G1+;h6ad#`%b63&DWf!GX`G5xb}yzVj|&1$-D>@ z;iqXxTyRE!B>RWSxt1YHECk{0H17HvGaXSdr=J~~kn-w(D5RKzkv&QRJ4*TJbo=;A z-&RlG(-*=Sz?Co?HK%vi=|&{R4YJAWw3fZL02Q5dB-J-{b1W8cS>x_$G4^@80QTR0{BI}M+Ie*G$%)(p`+)yRX{w<=E=YA!y#&}n+J z64kyF+TX7TeuK%9IP3lfk6AAyN~__Pu>K7Q5uHV~+MCuf?c8rRzQwzKcveO}{-NE_ zIqMJgCR?)nGKJu$995Xt#atDbd_4tQL`4h6aGmcU2WP{imI5JF`FED&6ZSs!iLs%< zQTggZG%RI>!2zyu;4&CO?>An1Yj)Nx2fTwtxk)M=Pd8P=R5M~%^XTS1_gyi~Env+l zU)BUMCg>4Q`vs4)0QUdRB1FLznmA=+-jf#&Ota@~v(+JS@w~%a>E(H;TrH4R-PXti z-u+d_iMiHYF|Jv#rycDMSfu|+FA!w^*omi4vPxj>Dw7J zQ}dle281kVNv28cNUPAYyG-9~@~50($mh|}IPCg7#=<8PWSk(ycw}%7lXS9!#qS7L zX!_{3RJLPL2uE48;+Q~XMWtgy4l1G~Vq;^3fr%x%u`>Jw5-;8?DP!zY1%DlR`j+#) z6(>VHH68lDF)M7zXl8N37@Da+a;SIH?xAd_-4lu0HVOIINJ(yUTobD8Jj_`Ce-(x| zTh&=rORwiT{rd5>=Mhm@UMR1Bgf;TiALmnNK%as5wgNyuaoqr9#6J4<6HyWb^yTU$qmCl4;B zQfy~%9$oUxOz6k3uRx&Y9R+BEh;HC zHE`-y?-$;OQUCuTx(g*#miNL(kw%7!g*znC$lL#0w``)6E%u=O$DS=4=69I`mM$$kWf)%Hd{kf^dzly9g91hk`m7G@qfP)3mia)lgDo zcS$&i+}bzq{iU>4d%8Zq#YoVf7Q*!st3`VIzWk5JWQ$7!!r9;I?nPm72vN#X%5YRw z4GzxsX8tEOb3aa2`MH3(oN8>$mqelPibh zZ~pSwzf6EC?r@>igvRhfWC(btcilGhTu1tlS(L&VZJ!e(es|uqNp$qgEnN;>b)aaP zyjmf&nLg2M77c065QevTso^2>vb6BKzhNc(x+kaS&d2V%tsNa9K+D!D#Nh}0w>nE( zdyg4-Fhz0t=egZX&ai~$7X~+y&Bi2-1|3ntLL44kY&VhT;igr5-gHcvX>8o;);F~9 z*zfFxk?$T6zq_}>jZ^pd3zPZ$)CrftJrpeiXC_^QTbwj++24x)$kulU#z2lfRJJtA z#r4vC+GSNfV`uNAR~*gb^75EhU!#qQd+vi`VNPvrQl#*8>Ri(QN7GkFRk?LvQ;O0m zDJ6=4Al)sZq%?v^N=kQ^h=_Dbmmnh2-Jl>{(%s$N9Qf9`@9(=~+&^@9;5_@;d+oL6 znsY9)I+8Vn_eT`@3Q|;yhI>kA(toKoBqb$~gqE5bauo%9P{a|&Mt>NRv2ejqxp!Bi z>ir$|hzQ@SS`jmDcsGlNFCn=vR=gb^ll0t4OlQXndFS>N=LbadpZ)QjvB#i0?%nN> zy*B7ha0GH`rh$+ES$vT=Ai@WNG5j^8P8BS$eK2<#I)}RxDLm27!9Lr(hr+6UNt2eA zPOfce3uyk^wHGz-OW*R66dbVDeo3^dCldAcjx}%)pgi&15u5h5W&(xNH-nnDnZ`|y zyab@>wpdWfR@HJFbEB1>M=CxooMY_dN`GTK07D>Th|26#-`y5W9IG*@kgU=Jz71dm zU~fna|m}>FX@d&uj z`p3Y`j-$k+ixx&{7yeUx{`@(RDJ~n)_OYPkemB!Gd6LdTeHlup>d($Bj3n= zqjhc|w#@cW|A<#$zY zK(js>k>)w)607&6aH`j3#De4cV7BUO)m;F~(0@bftl{1K+JIXKj&laYslZ|m3^6^Z zXP_q$dK7L*cZY>?zL(1$n#EA+^|)(J@7<3({prcKQhR^|Pw70ov1)=Kkr%w+;8bKF zOmhC?H)+3fQcHzYi6=WxiOa|^vNjxwLXFMRFfS9stjoT+Fkn_@QF#pgO}&E&Yba|e z^0n?scMOqym3ax?%lJZv;*lyUt|!UeRPIZ#ZQ)wR^7i)5Z`d<-?O!9(bkNs5a{AHm z`^E0i!_}h~m^bVY-0BBi_Pt66w#b2uDTXEE^zUsB ze2NDK*IuDSB=)(Lag;Sq-$pj1Wu@m@a7UCCRsZ^@dNtC!J4L-#ZNs-}@SXkr8`WE% zx-233?+dVsp~&$)#@n;&ZvR*4_@$z~TB7FLj^bzy7+AV3u7r;8&bX0V=H*cc+Wlf# z=WXyx`pTr%_SE9%PrKG*5!kfg8bCCK1%q` zmRA0o0u~;71W+JDf4^8*XgXU-YAS9Hx{XhM>de9oQ_-Uddqhnr$u3T!io8XEU5A3? zEa=Izb+d3Dk4n}?uz?YG1T;4h*xkN zX~RU%^)wiu(mM?)U8gN~l1eK84Qvc=_yp+t{>;kNTG@m<@W1LIYQ}TB_xzI-l)rro zXHn4En?#9F8*BCgS~M^xpndSr^byt1G5S5?Afw+4i3|Xr0r5)S;S~;R{jM(7{=ww* zfaRt!?8ZB!1a0eO8xr2(3ltZ$by=|l=pt+fghj(vUa$+cSenc@IchMMaPE^&$h3x@L_Hk`MFdpzW^(X1OgWHr%`y%@$Hf5Cp=Z-1KxI`bo;+~b{idQ3y>q=QX>l>@8T)FJ z+WUl@rE*ul5%bPwN876xaI1p;&UuU{L0MhtF3dipXJPSbTlrZ~kO8)YKx;`)r;|4@ zjaT6l_{%#uf}c&Q11QnutgwuH%3-A_4NZh3mHT`y-YdfvOr^d)p;O;$gYiQ$suO1? zr(&Z436f4lG78lFXPopOdt!gBn_XQ^+OzmbtG=Lhp4r=ahx_V0GA5xzZbZ8^Lli-_ z!CLk$;0CMg#rFXeHGP^qq)StSfTQf^^mFBAu{E?4K|J55x0 zA>6JIS)%r>jwAT%Nyb522dP^cEfLQ%OK%5Gme+RKn! zy3u~S?TLoEcvBiV8xIfHZmKr|T_vpDGFAE8;;$TDHk0kzIkGhkq*N!PE;&8@`LT(y zqLv4;Hvmj@pgq8o7XsC9ne~knbZ|H69PWc^p>i$88aeQ6OKsF-$EVn%StdOLv!d9m zT;E#YJy+FrX!4ywGbh6>lZD|ttBWhdAtzNRDOf30;OXiz7t|lc7-(9FiNtE#_{dEU zWsN9$JCMsspRbFXzHaO98s41{@W9n*;#pUEJ#rRd^J-m zb8%8b%D62ZIs#fiQycjYSfu+aBONIP;=1pJ9Yxq94&Ob@sI5VJOiNqcUgP9h5|!nJ zh>Lv$sWCFMjcRVDIvFcTe-vQ<+nVcs#Lc3@#o*KiQFwS7M#k~IOJ2<`P_9F1U?hPl zMgVC>pct>-Q+`)4);@8agra5kg=LRMlE`YfHIrsyY^~GW_wQmXh#|nYm#W{!EnA~ZBKizRSdvHDc$SDStjxa7SRvwqn`|6L}Cet{Sp7YNIXDb}@@0T$YOZ@T zXP5wLY+oPfmIKWfIn7Lk8nf^!JRBf@-|8QnZgnZpCP6Y>`?KWexh)xi+9fWM+O-Nu zwc@RhYz)ps(vhP_-SThWCQKdQz`!V;8{aURauNmp*RT)bav{C}h;UBhX@ALX2YmkQ z1|u6^id-BT@cZ`TLj^I>fS?THeXJ4|Anfi`_38~BlT&AlRmRHI3zQms%Jl9vYsaf< z$H|N20flXes7{vpPp8xRmr0jG1Q;0IzXK=WKgxzo&LYv2u2G{uk+dN>bisfpM|tdx zWrdCaGlLp2Sd#>k2Hh^D;Q^e-juYvrsiTj|gS%XQRAmRe&FXsYQklav^^7>5nHU>- z&p=N{n)V-Wb*2IO(jOU>B&768M<-O)pml)#UsXuE;r{(L0OWzi5fGO8(dr{FA_eKy zp}7oZI5>RvV65JhqCMj>S>Z5dr)-p?Rv;CLgnxw)v7)Y)YWxIU#GKak$BepOSMd~S zhvLxFfa8=Mlrq#a*Z4e?Qc&P##(iC2*eB+8$}Ye7_rC23GyceEam_+z4{b9N*r_uzv}<_qtbBeeU>Eg88mWvjqtKR~z2;-XK1+ITNA6J117 z)qyJvasDLMlFa>N7r6$ZG#zchPeA!TNem+LK>ORADhUF`6%HdOr{ZGO&?wEVkIeQUM3ia%{V}TBy20;T z=WMxlp0fSeIn!dUv?#c6?DqVq5Kg#-6GLT>Z(VmL0ENB(J3|wCAYQ+QEl9Mr?Pvwo zqHso9^;8$IlXdVTU-(ztrzlJ4SU3Ak9H-^9*POvu{pZef;?XJ>X&dWPlrk(aPd8Un zar=9>(CX`}Z68Y}NF`xOe4^QC_J@Xnl^5bPgJoj5CvnF5PAzYK?fU)t>n3Vglmlw7 zl}G^DY6i0&;4g%lL9bPZjI8kXh*@b@5_h63tFFTMpaV43AYb1-%SsJ*)DzX7 z+QuWMq}=kjTBC<|(;-i&a|;*yzp_2^T6m{?=ieU-2)v-|qCohB+yf4+7(p$MlBer{ z1j>(0Im!{A+s~do`>>E|zrPgD4_0&SJNZ;xM2J%=UAq0@&@YQAFrfI zclqV$?rB_{z}Q1*G&}N_1C0qd*OJGr7VOX}Y>hPP#GEYCiKGS1M+EKdWO<$4`#|BE zSGD0F&=`U1#U(f#4E&JA%Om!dlFuMasvoOrT9{!K5cr&Ebrz$EdQ!T^DFuYXkC#Hz z9*EaK6?PV^FD(4f5op){<44%)DLuzV4}TcY>6g=UZcGGrBE`SxGt@5hdnF;W;RJA; zXQ?i?1s%S4j%hr&)s-q}f+NApcX{XrR6w;p8Mu*W=IJn~scG?3yW=~??>~FMrJB!6 z#u&Qd&vjg!e==`Zbv0r?-~aPX|cz?GKUa=oxr5IGbE$WzdV54$*W69ugRWJxD3 z1wbM@F6ROAfz|RWX6Ek0I7@DWAs`;if^c0Knyz%RC2yF4W_?i5m&bloxASl3K*PkMYBxYV-A|&;LO>l3Vxxyt_ZK<9! zIO%eb_f)%la={il{N~3LU~q@m*w{36Tv1l8yt*_K6pUM^(`yu~J7=p4Gn&4vzNW`I zMzc{+?oLX7z6qdD_Pvalrw@KRQLl56^66;dpucg*Uj3Ta9IWSjQ9`*QLT|7({903` zses!4tGyqTY_KaYgL~_alkBH9{Zh|1QqLAMEKNMD$m07NVfZFI;p&ZaRfc$e^YR7W z$&-qSld_6xq3aJH-fc9gy?r~+&IUY3+Q(Ui@AvM4WVTNJG>n2}e)i8(q%`pO%uFHs z)n*GZL_tV!k;1m)A3r1tkkm~jn7Xn&Ee!O_8Vp|IoNk6$J*VNy@EUnq3U2x=^Muzb zDsqmm!QM`^jvAYo<$m^FGWTZZ=mxtvhyAgITK?N9Ya51JXfOy?A6m^;7qqlc?R|F4 zHF*U6tp|L3e=XfjBr*N*Nkaa7f&5>IT?)%b4Zk^%|K-aMpWbHD*?oM&ev^+m5@*mM z{d+N*G{H@+TZ{|xx=eFLZy#SCEri(}w!MqB6unyOl_salh|v`}=gaA>RKx%OT!4{$ z`!VGCjY_^Yq{Bfn?lppCWEFPQ6GnOYfQM>pe^{K#yYf#A=jMrDJ|_^WK=WdV{gmJZ3o2x9kzCo0*=RQ}s3pd0-$y7#l@>)$5$5kup zMzT)t=Gb;WEes%Szt?QCm?IJ)oyvntu*#G0-qhTFjD&;|H(g50qH7e#>K17dt(L^X zS_r)W?oCE>GckfVZu4U)yscbgHqT;-z!4qS0O%>Ec9tKoRN9OhB{q2c<#vy>Urn1# zQZjxHNvXJ;T-kyna(Gr>{>e#w?{kIt==c)jD3DJ*UsVa~?|(IXdEG-7_^^uK zf09E8Zq)BT18=8-l+&1Xn(%!!HwW4CUF=kb+aV^Vg-&1)}2O zUMSk^N`>y_{!Vmw4`&lKwJHDhmaMsKXLt)&Jg`sSnVoYDGLDp%d}4k)!Ht$9e9tHR zpCZ>=+=qARWn{IEn_s^4VYn+QMogWMknrBYO%d8id~*M)cK*>+zmfp@J{W{jtkI;D z1v{ojMZsM&cyAlEQNhb?*)G36SEr^&ZW0SXUdR_)~vAcw7CQtK6EVQ^BP^!kQTAd7s*RTPP`m~ zJ$^^&wAF{3*f==)Ab$o71e8-SQ97$(;GTsq88&hy3U_4>Aspbu>C% z0N%5yj5y4!{?(DAIb`@iNC*w%Myss0b@V%$Z&GS^vQr(7T+&Y$rDI1VGHyRbgdw7m z1)nJrh#FzRB#TFU)g|OB=>tW#L5AAFy{fc~+N zUO{#tD;xH$SIG(TpcG7|qy+Z5lD2j;C|4ngtftU}WLmyQtoV4xzVjCdyq3Fle<$%D z+``2bpBWF8uM68Fga+keii=^P?xw%~CWl32+B zSlS7YS_R4#ReNB@EGRGQrDCV{aOds_%VZ1G4IvC)zDwObj^zhCL>O>VV@ZNBL87&M zh~Zy3BKU#%oQlD-Vblp4lKxyj+L1Hsuc$sEJC*{1bk;U^DT#1DJ`0H58Tsbx|1+n6 zd`Ss6rT$OAgIiJv40A9pmrh$2iuui4uGw*1_@dFVKDNdG~hO`ugP+aqsCm97_Vc6uPI8ywR zkYLtDe9~U?T#?`o(UM~y4Zv>v_CO(SmH`7x#V5(cOtcXR3F}^*Pds->VCdR=?ku#J z@q`4i8&^H$4a}a=kB#yDwy?zhbZL}KCDp;5McK~{15$sIo0^$9WYgf`Vn1T+s7p=Y zBo1npyH7mJIx*rd{_eW?h$IQJzqvjGfu}-~8NSiMg4x-oR2AO)edVYoBFEd)OSbM> zwUfHW4}f#y`g9Q(w^7wr^gJw7(gb|lMvlJ#0O)Nv)sL3s=355?vO$w(YY=8fwwE+v zJ(Fe6d{F>t7Ae$WAaxgAT=4Z3e^aji7#=%I+u@&C8S);3LagG!%jfCU)q&_29Hv%w zc>`>Rrf8cx)X!c`KH)E72!KWzP9=}(Ry035sX!4Qv$Ct*l#I0O!Ove%z~VV`+-@)W zlD%iU<=Q_zJZz1Sg1rmsT?*nBz0N^E-@$vlID=H`UWrf zu!V0;zYs7PbQ#h)vacKNkz#P0L|d*biPa> zB7}hxH$R2i|FVc_=v2$4rJ>myM4%?tS?O4XK6(aDL{^{0py&jR{Hj)LVdf>DWKdhX@^ z-tg^CZqj{DGY4G97k4Ds^ zJ8gVmKv*Kmi5{XR>#R<~UQ|RCbbe9o#vj&QHLLsV0fOtt3t&+yTIR5t!Z<+@FDxkN zqf5C+Cie5US@sVs$K3tWY|NKeq2!?F;ON-!ibt(>e63z{!i#E%JtsDsGXVPf`>{l~ z1(%GBE)T{`PFG5L72kv_sH>9zDF*g(?d3f7Cshw&=TA;Fn@NMiMf{c>4mBbAAMku>(x@Mgu6@D(m{a*N5W%l5&^Y5*xnb8 z>*J?=JOVg3p&Y}sSYcjB?%TGHglr+)9lHPwTD<*$4^XhaqiJplf*>EtC z3ch!8K`1mqVF0G+ed@W~-(#Ll@x#NzN>uHq`fJ5RQXii!e-n>$KdMr3e{5s)_3NZ- zQwYW?qOGT$OdYkOHPy2vVxjd5PT1`H0qbl|vfv*xBQH^nDVR7RGFeYa@TT4_Q;U}u zCyDV3bu!*wgXjKjco@EuOYF+^bzG!v0<94+?5#@&<%hFAL#`Fg>C4(tvm6MSy?~Od_AcRzJ`Y4Riy8N z+9!6zO;i+K(yH=j$iJ`Et!MqNuO>47{MJ*<8Pu{p z;_gc3^^TL^<^Sh;d+}A%Ae&jb9n5kqI!cxsL;}xvBoIC(M!Sj_3+1HlLUILUe zb!Wy`hy6i@D~rE7S#3`!XQ)7Wa5bdvvD@B?qE+W5tm}o~{_@bA_^Dwv2|Ct?l^L&~ z^B;5&7La(kglVY>ZFb+wCLU2#!+?NUM56h$nVD&Mt`Tl6{{@NX@>SzJ)N z0p{JyVsX1khVn2ZU3(}-n>WkB7IJ!2p5&k%15`*kYos;q#jjcu@MY1a;sZc0(Y)j zf`^urb{gw~&OK`wG7=y^1do|5d6V<%uX^&0mC(DFlt>4rHi}owphms`uY$yxDFNdJ z1Soth5WDCoR`uHg9v*|6Q?UUJ5}mG0>aM~pj|3BYPc~7-^oA13isS#X&AFUnKVsVG z=MRgnwCvMd;Nm;Zrf=)!=aP678E?U-Fxk}Ds8MRT zmiCqC;{%ZNtrd4i$*O_>FgEei#sXe(_BS9jgG>Rui4K-ok**Q6$L$Gxz|m2ymK-!nfv{4r>;o$1zR3g|b)GM^mIh-sgmXYc1AFA5EFy}2QlCtBaBdc%6VP$0%>}juM z8i+`hP?nc*d45^TUm_**YBA@=b?dO`wcd1+hH8P1ufo-dM!=8;L2-?Dg4>a&>Ew6QZx^>5H-=iLdwvd%j*l*{-Bl}6e*CuFO5AhiCUHbr$|srZ z#)%rbyz$bngc$L!Vs@^+N0o4PCsd?~HAyJP&6rTy_u_m@S`2Ho(%!F~s>WyzYX3N| zRtH1D5Rd(aIxTeq04hl#cUF$oz0amgtW1LxIvpWijKf2!! zeZOtGww60nl&p=3A0GMZhh$by?PwKt4IZ`e%pc$HKYr}37rx7UxPZVsIrCbQL3zt< z9jY74a#?8hSm{oMsd5F2uz+*VQRPqflemUU%;#2q3va%mWwg|a<-IMFeYw2<;q2h& z_sQy4+gjY_=ZZD*loB|eWFNxlew13t94!>GJPJJAJcNKS;;=y*r<*LK(ENH`v@LK>E8_ zefFDMT5icf$6RvjI?}9ovpc}pqg@~D=@)poJ{9||NizCp(h_da?Y*0IrN8WK-);9C zO|*!M;mtUnbN?NZ-WBGip(3*#7o3po_690CXU|Ja2`bL zJI>c4tPVS38!^m5+WEmFsT(RcVx<{mX??-rit+_&udaToN-`# z>2wYivLz)Yx$b3p1-q}*>Bkn-MhQpT*h+42RN2d28r}uGb&9W! z=LxEnJ5gZW(wpvo{Fk0ixj>D1nwmR79TVrf*;0pAjjgZl)#bek#@CAXXScVc)UNkA znMQKy=8w1Zqv-h``>oj?tl=XGh; zCCHBC&#kX_FcpL@`i6B~h>JJ7L$OA*A_iMVsgf8Xq~uD+i0G0(Dg8OiZO@@fa!mvj3`{xjDFo9$QW* zGRxYAYiNq0rgGv_ix{?tiS9F)f7OS7DxY+T$@Mnj?7Y8Dh2BG`4yE!gvBd5W(`C6O z)0zOK>3!xWPoB8Ay6$xVA4p*H>%1kc&!;Md>OXo6Je>hmf+PJ)Ok%F3rh2Yya+oa?&C6*W+ zc18oryQvHI?63A88+)Hnwv(;3y=J_7@1C@bOyfWf-NH=rvw~?)nP1r$dgWgVa^FlL z6}GPZCKUDfmWFF9@E#3dDpvlh+e)>CB&4ckjzw8Y95Pc{K}+~ zY4-Y;YF?mu*)L#rMjkQ*e3uN9dd20Xi;K%ntjG32-ao7cvtFcZbvparum%mo&UB6B zzptGh7Xu20q=#IVeIF%o$s@z#+Qv#uib|Z@9B;f6+uL`c#1Jp4a*Us>@*w9j9E{^7 z-PN~75s5oxpK?EDv^&f6$;)F#F2Jl$*oYp#(<0l9SILJk5ri(83?0F(z>bXXv@95y z--b+;+K9N!ryoj=E)C{#%P(?N-FmNz5`Ctz^5OwOv;w1QZrk7*C!gKw19zv3dsJRg zA9B>Iym+yE)q#p!#Und?w|$Z0zky(yoj}!fc@s331r% zeMLn!OM&c4bmDZeKCkews+7psQAl_5G-J_%_$s-QB1UYvndwROhr;CP> zL*PXPhTSp`nVCamzA`G6s4+)IMOED+@{=)rxzzD`b>ifu{?62b#WNJl>uJ{LsJnj& zb5R0K{7(IJdmlYvk5Dq0{yo*?d&OFh@|!-2Zeep?`FnBa$KD_EE4$x(wW>UBfAGhr zDqKyx@l>~}I{5LuTNr+iFYM(rh6p@F!X-iyXCXDXQ_+~|$x~jQ$voX~pB=d~7O^og zG0*WyKk1HGIFUmk9_|n@>bajMt-U3`!o~OG~GiisHsV4$A4U2 z{w7;>lwaU3HMN478Dm%^bwpCS1gO!nhth`D3(Lw|+S_mEy=ob1oA_>G7#zn~KA6rE{4e*V6+caIXdOgn~h)GOW2?g~0twD$GgNqt+kI$4Enf{q3a z5$28M3x$kMyJSvMoHmp|w&$lCtmb3YOZdnQ-8H7mF*j9#O3L@1t)QOg7wLCq&!nW} zGmCKt9e1Oj(dFAK+{g{$sk^EE8F^7d78Vw#F8z!85oNighx-JfwMRTT>UrV)^$24hMR|;m z-cQQQ%ek!kBLDp(pc0lT9yQ62L#eEK%_`S-btKgx{cf0_J#|t2ZnVSMM{kmOFBcvu z1qI&fZH7fYK7rXyWioP2!O36htrJ_W!Et zvAe;@Lb3x+jz_8O~q?Hjm)$iR!0M-g;OzS7o?+1`-)!|wQH(* z@N|>bZ7g?_qa+EOg~d^@5?lt^+BkeS${Bv~a%yh*Xk!(ZAHA@$T8(JKoQQy(MhBd% zZV3ts!aL&ODgWf}598yo;M|GPweFl*Ic!YdGcQs61Db~S9GoDNd!S-)ISh=j7)xtw zg-jXwmw{#+uInolm+qn!){=@8-E6-!;T?E219EmLNv@CVTpt0Ha#43}{ zm2Zu6TAp{!6O?pi>(t#$l}qf=G@!1@V%FLvnsPfNv`>e(!oIyt#rN87zGF%Dr^=9W zbzTVb(fUQqH^XZY3JQwmq*|w*GXlO)GtDcKZIBl6uRp|WCCX)0cf%V)4>eNueMkA^OMhVtKRhgWJf5$b-T|0Vd#@0Q`1>ZA3bKi6pUtE;D@d9p0A z25h8u2)2GfOY6s{vg8V}o!r9xqXO z9wRUlY`LBM;~{RCw~$E7=4JPWmxs>smVs9;YRNkD{xuW3^@z{})5H;PvRS^RzKhlm znjQ0ZY&9P~TeQ9zHud_J8mycRA{l?8)x#iiu*BA4fzf%g4S!A>p2P~vN3|OgH!Rsz zu~S%=a~&+$%W^94E=C%su<{OOKY`{JG-zxK%a&R~HiTSk8U`O;x3?jZiYp{_Tmjv{I>qH-;QIEy69H#;v5@oorX} z_3TVp1gsTW9UMdkO0muPt;NOxkK2 zmc*1?5F#@%fwKgEN>&S!Fi0{mI4_qPxZhBwVQ-g`z{*shmQ!Yv=@tXO114JDV`5@5 zcz}_4_p6Mba`uZ%RWkHPahdVkNxCa#+JrQTG74HPv)@dpmA~3a_;apIeMn@N46T{j6<&L3RQ`vuQYKoRq~vz zcK`L49@TOh6UmwH1cpn!`4n;c_a|D4DY`b=jzu-^w;2{|?R+gxXOQuhju^St(uknu z@4{T{zNo^=vg`gi^q$XkpBj0bzkmO$Oth~-%PSk=pki3V-<5|Qx%9iyE}Gf9 zeE)HYSUI_Zgw;({PQhRr&FZS=md5??lPaTvora$;G&D3+vaGbB>i%dcG9R88mP9UT z(ssYwb&@?cg8S{?1(Lv5bm;M2quFdvitXa#{n`%0Ie)b%xZR1*kHATZkA3b0-D5ky zhdG>#yiO8dTevcneU#sAmNF7zwVPoto&y%s2S;M{P$MJRO;|uhvem*tHD^d<`;Zi8 zRSrrVL&xQ=u#t@;4ZAi)hTvo)xH>s)yxmYphhHO&c(Sfe&F{zvNoyslgK1Ald;V1xV=A|G7 z7Hvd?zZlatvhyj?r`qRm~(fRYC z8@fdEpKx<3dv!l=ZSq@??cVOMlVq*eJbolx?L>EOMVL2Ho?$t0tl%ikNv-r(kBxDs zrH}m3ElM^ERoJ*!ziv>Qi^>ci+DC?@tM@nf%26zJ!wvR-HL#7$O7DvvT|BY$rr+mj4W*)CXOFl|?G=4- znb98%=+m&{(0wrif!PGKM)-EOnsnZ|yXFW_xj_ zQ9)<;(pBWd-jAJ4BcUhO?+n?hH{LkumuULiO|V9_e_ts96M#L}q%!8H_Fy&Akk4IR zui76*#m7IX`f6mx!93aZ>dZmo3^1zudF)e*PHHn1s8m!bqod=+o*SvTnhhG2Qp6w9 z4tyNUPWWEgHA#fH*Aq7z4x^Ob~qasXyoEmyYi{>GSAY@BdvDN(} zl*!z4j@ef#QqC+EA@P}wpL2V|P~)_%caonB$(KSXA|#Q^=%|Alndo#U@MgIlEOS{7 z2NQQELZ!^@;P&s@Kg7m}oBg8UFC-*FmDH_G7bmwxsHI#^<Lu2^p8m zEx81)Oo^j)tr{m#cI6iy)>!j9=!sGaIxS|#>ZGghkg%f&h~vdB-EE$prh-X%(4Oo6 zWT$K+Q7>};1HyZ2X?0Hg=g>Mm^#g)i7}xI%*I%&*Jb%!Jk7^>n-?BPV<$6Gef_tA! z?{s&r_Iy1D`iVk&qd$K#$fpQ3x2t6Fd0q0Yp!e>zXfBW*wD2WVyw{j7CeJ{>@y^^l zsK(zUpfdP-d>)pyiHX1LQU@g6#7qmzQQhPtC8i5*c$+h=A5hUvM}K~6cEI%g^C2iG z=y0sk_L1oIB_~QxPtW1@RN{1deGb+0{vWGr%3yEvr(kM|L&ot*DMO;K!g}WUS0fa!Gb2jT0&PH; zBuOup`HXuJzed&A6<%lAtm(6n`1)4a{5idihm{UX|F^Z(ex-*JAj#ds!@pBa=nD7> z9^^cRZU5#}?d({>xlMMqwYyUIljGvvZ?`t1&d#n%ZH+rty7LBJ*xEvwqCA$#@ij;F zn^oPp!}_EjUb28nmi&}HzwQV3KBX6vI14gTq$5p@m9`54yp4^OUcxwlI1332?H%qn zPBqBkO~v{^q9$D|UDWqv={# z3K0)dQPBqdC*B*wc@|^EMEDB$=ZBsF!&?Fbc1MiV3P~SIN;s)fT6!EjJcLl{aqn~N zF46FJM6^Gn@huF`!J+0M1l%TwnEAUxh1JxX8YgD+k^H6eqYW<8{!esr3E`2Ejopd7 z*{a!h-H$iF!K=Wb6o~%T^f{xr+|#Vp>7eB(*cI^_kf}wjT_c^gwuV*9d1AKLEz) zg{PDCo-mvJ78*Lb>(-G{t%%#xkVGCrbOt!fXy~z&qmsGE^)oDyq%t3lhh5ZiYJ~jbey%o2_-Cb9@gnXMFq^W{s{E(TagmjXx7A z$ODQ-0B<9lDLy{_sb+E9PAp3c;D4}4=!LEa#>PEK8Wu-TM}l8;8$^Rjwn^4}F^Vpsc*To*|t7l<@G57063Y%Y#1gTk`Kb&B*~3JD3>Au1~?!^6X$0cc`A zoI5xB#}|i`?L+MOQC6=kx}AfCc)s>h=NKoy?L6s@!fAL{7tV4|3gAOu0VNA{54k`1 zQwiPK*%`*k0*kG=vopw`HMFnN)?heayR$ingdbuB_(8V|<=KdZTW#$(1Ebe)L3WThkfpGoT|(Dzd5LXhHS`m94g`S7N?TuRu!Mai8M>$; zpQDx+C*;cEi;3^Genw0Po+8dOo~^kWC2d_@i!hULC9zqykEn!bsZ9N|4a@9PUw^zT zvobSeRDrA}0(lz3Lp(({v@-ZU}a)qyPho4!8W=EH?f zTW_KINtI6s7Jo^9ygeS!aE;gaT-|$DA4TeH6KAi_FTT)c|^)*^T4hu>F?hc zYX`e?;$RG1>3v;)7!VZHG&U9wXZByIsY?CXGI`K`U2SdL=^lM8V*8U8eN3lOq4@(e>{B_e~tz z4Vx&=^WvD@YLf5aqere=Wg~COoV1G=85X8Vn?an1gc1N;(~c&NZF_y&C>UOYF!UTOHA-#Q*yok_W`7pobMVx zJ+BDLu7}4hG-$ONAolL z1G?WoUj$R|M@Br7RBrG>pbb&pxkIDz^OaJB*+_nO#f(?y*})1bsfY(3r%7*fi7~UZ zv{D<*=KAB75OPU7JC2Q!0+XI3e&lX~+mYSv@I8dE81v+v`U{rMSXPtyzX4rw?7lLY zqzQ=qrA~MsF)${Sm_@7YQ&{MkKhM)I}S`Z6$u-44@U=cG%r zn+^QH^*ld(H=L_cYB@nnLPB!9Io1Rlom9w$4MNsa^7b|F(O}qx{R) z7LI`D=RA)SvKw7DWE~W8eiyj->H-I!y*Fz+rzDi*gw9Q z1NquDLY+au!HaN&7Qs}>7(SV)&)gpJ{X4Bh7*#j?s<8@dYVDLAji>gCKRkH?^1Q8< zLu?m{ii(g|>t#`QD!|=@bvFNHE3%*L9ulAg5%-u(^_sgF{k;XlD3sqf|Ai2Fu+qB# zI4|6f?8QC%W@nUb%0MU@%%X&?B{Qg6@yb$%ugIWoC}ZDe>7H8)i-{x z_GJJu-w5_P^!fVgJ>A!ba$*aLz0Q_MKq9d^Qb66E7`r7D47X&p(^g<|G9@M+ReGfC z&_n9vjPg|rV=e|*7)EXG)(y9R zL$X@su%`U20nEIEm96AHC5zjk|tNOe8LK#%3_gTbi3##$N;-;e55QNu&9--@AxVvTCMTn?-;j@J`yl$BSk=;D zc9a%Awoywk*&);*xy^TO$%H`6Qv!y@LrsOvlHoFTd|&3L^#8p)EQqAhnxT~ZUG`pH z&DHZY&vvbUH#hsi2liU2y$i1k>ik%My0SWKl%I5qL=w5f32*EX!-tMHk5@v93_9Q9 z_@upJ%d6U723o7cqCnJ3%zzpK@j2KkK^dy=JCbgSDSj&{B!gnzvH?;AR6?JgQ5 z4w5%8F*BK!5 zH1H6s=&Jeje9&1)y`UC~Z zY6Q^`L_YzG!BXp)lm*E!;&qn+0s7^+QrzZ;fK$T_!-QNHLFLFO)c;O1gmPN;Cq;^_ z<6~p6KP)5Y(j9?}9awxHl-a74lt**|)&E)(bLr_mX~zEVjY4x| z2@lxGTDa&LV|=m`mu!& zZsE7^L5h+#`7WWB2_E~8LBH~lpFoce!~b5P1ab+S2Xl6?pUKF`AU_)|4D%>Zeqx_p zr>QbBm;3#_GAdO{iV^Dhx6KJ?3+q%Raz|9GdSr9Ck2iW4)VVWtOHQ+>_< z`^o=p4p~O^{KmN^|I|21_>%k2^zp;mdVV)q1gI~lM4oy;r5)0F`FpD&MUsnP03WMtcTnJKLOCVTeG9Z33>PZhLihmN(aoP-k-&hOt9Ba#L9$j~Pw z4moa7aWSnTw_`$Y6EGzN1rfzU2|t<=cti1Tp-aY{`e2?p{E?mfji+V6x){~$^RN&g znWcHP8_RS)?bQ8C0bHE%r25<6c%)CK8*MXAb%| zTsTa_zQlBRTKWu9(^n*NpPgc>F%_xCgd9$)0Wp?HLaOAKyIvgRzEA(;?_xC3&M@6`a6B_Z4ZwS`5=s#zZKB0QjA3 z*&kR0#|_rk4+)LH<*u;u<)L+Q_rS(cnqivMNk_?8W4-Z_G6sHz_BwZWHe}@Z zWP`V)Z8a>2%RNvR7~NWRwK4RQBGfAJ2ue-~C98 z6t$AHis>*rp9u~Kaxt0K6APT1tUk4Mk?j4^_!0?^;Bnkeu;r(}4oHxQOG)QXs@_cS zjF;`~CawQONyM04kLb49=nq>TwkEw#*Ta6!^gS_A#`#iMC|@((xMW$MK_;6V5dzW! zv{mY2Zt&u+Ps1!+HC1cuS#YRi!jGfEox1#Rs33jxDa})){cLO73jPUD$AB6bLjb2a z5B^eDmkj<7K7%?Wg$ne=pi@)UZ2@W{~1?kY=2j=Y6J z7f5~%oA{w(w)c)aWMbMGz>V0@NuI2I+zRVOrOKv%ES}g3hD9c}fsW=pI+kMe^Z63mEZea-(P!a);A99)Mw5}G0kmkNEK++y8qbtXuCCz zr>(91goGr9RUe&%$7Z%{RO`;G)c)NG%X*LrcS5}lSv0tJEPQ-XNT~r)OVg@##9zuD zHi6zXm;;?|@Fy0s(dGB}G18PY_b4G7M8tjC2y|$6&eyIF294RsF}w)Azb}o+Xvwd5 zce&3};^G~)Nl-dkFZawr^$bX+p*r{3R>ce~8#e%l1Vu#TR`oTlyaP`{FhcYgeyt`i z^MjOMcT1Lz0XNL`&b|KXz5x6)$K&nhuBC3@pxXBFB<1UKlF30OPxM zY~nmTU3^K2AmZ&)+bz+FV-k9vD}CD=<1%&ZFzj1;hWj~HCGT>ETLhhbZ!MtOgKXwh zcSHlSJ;W?*8L6R!4tY{MSqT}@Fm}RHNLdVJlgJo3l#BB_zq2^Eh-2i)C=QW8x8|_v z5cSc8M)JE)E63)rI>IeO_}cm8>E={z0Jy@)o5Ju;1%Zk&?P$|O?ZzS@$k>C`5fZwe zlk&i^*F|&tr~y3Ok3)5~o>OqTni?`zZN~(d6vgpvSc+h8Z~p=46qB;b>T0QrrvlC$ z5U*JX?*sG$8@rAE{=B8v7TCxg_xLrG#9|>&mmvK&Dr@VF%FLucFz;yih+>lvfF+Fa%lYhxMLWr@+_+RvyDx7F8Oj=db*CD9=Unk zGJW&_RPa?!CyZMY6&2Jc5Y^x_iKj}oN zhCVEIgo0FqUnQq2Y@GJx%Wyze`m^N7H6)GGoUSiHR#WOnAr;B`af}YY)^zbD{g9C( zdfWJNi!69f-l1GIKK!93U1q|ul8L0h-%a@{-I7|okR{M=`3BaQht70% z#*EvpOOiMZ-u#=&%EDHW0S#oa-UdD#af9c@2?PE^r5uHKISOg!u)XeqogD^&pu1uj zF%m&kmuzk~6gZDaWi>SD@o1HM2KBR_sj8_ZgX?e;42B8gkOCmsqeLHh^6uh~U=csup!bF7R$hzrn2)XF4hTln|>`L*)t+unE{v{y-WOndS-UuAnN zcV-(NFSH#D$E&?~(PF*0`}(|Yh?IyGT+9y*tnS+fE8ok49)O5yer`^UvN+lrw13rK zEc&e77TVrsD`h^^(weq+bkvF3I!o)aT9TBecSfPF&%H9Hkdw2snp#<0G>iYVrGSCS z#Pmx!FEZzcxfRQ=PzHN+!o2z@My+S3&d(74;9n?e5->S@T)OeMNPJ()JmUMVG%eLN zZ#iO|l0f21BF>6<&zBBzt-}%9{DITx5QyX!O%;i8k2U`Iw^H)|pB6wuR+egUTnUWU zJ*e!#@Z{ufwi0jq!QkY&smz-ehI}7y`5a|)jMloeo#p`{M6TLbbA~}AVE?Qjkg$_! z!!>nA%0;c#k-ebq+{BNTYHv^UBoHiEJtUuSMd7O6H-JNJM064saRQm02)+i z*!R@g#RUxwZLTMV&1Pph0bs2I@c#1v2|=Rp+1gsKKSiV`fj0_1PgjawlqR=C_r5G= zm2GQlYd?UM7!I;Y0zn##74KB{b=L;c57&nSz_EM=>={Nt7nYYpRAL7>A(&LK7pN-x z!&NNkq_3;t|(^7C6YK#^~(m?-ao3`sJbOd-sVhr$~~ z#Sw)=Rc!XFpSCCcUT_>gHL*q4?n`(JA*stwG_)tc{)6(#Aw1lx*7FY7tI>1~1!xUQq6dx1uIGg7 z)OI7h11N!t!XVcs4YKt7RyC54nAm$}eJh^pbKv_q&RYx4C3kNsqDzN{Q)HR3A}c_!?v^tSg-9*TpNl#WWa)#yLTW6gF9|&4zfmt)D^}N@*t2T5U_eSHb5l- z8W`a0ya643MJt;wFJY~x<+zsq#0tU=FrN?Hsmh0^s_py&13^dr6tE#2=GYmPd<{^? zqvI7j2TA$YI^EE6v?3Qz{$@>NSbCw9M@jzz*?pVe5l@^_WQ5;{m_$WQEi}6`Jipd2 zM}-k;ycf`=M7RRM2>kfcJg{avSEkw;=G{_$w@*g`#y`&UmN z+|ED0xbo#*Q+HK8w0B^J0TV9?Fq(oldH1t43`|Tm=>kSU`^eYg7(rcA6 z`{>?&M0)d`BH$(jPFfCR%*@x8Zzj=KTK4qfd7VV9Y;#nLuo=|LQ=p*gSlXAb{;xqJ zH&{Nt`6)Kq8%TK0`ZO`I)N~L%K}ID7y$kH?Q2;#Avmc6_?HDOHu-jdAKh%V47X1xMC{jfQEXDD02hefXq=^dnK zp!0m~?92x=N6p!CT*pTQdIG$d2xF8&wmij`t#Oe|nS>V=C7Y>R8LM=}LH8mg_2Vxc z+Kr}1P0E1sVnVu4`28ldhX@Jgj)M@pWHGYb zZbxf-vdRsR3O&*(gxa7HgBBK5Y|Bbl3cz zB?-^sjsDaQy9r@|Clre&w*I*JqaTA!9F?p>)?E~$Ug3m@V{EqOz(+^gglZv_a0;zGwRp!q3VBc^mn5mD&-j*2d+dcJ{&k(sa0j1?BA zCTV5$TIQdJSZ7F{0BpMj&5#C}&bPOz)60@pvsFmY=}86 zK(PN&snc_%JcF%uB|_%Ezir=l^5;CeEdIjo=ZEIZycdRDE$Sc_Ze442hMoL;H0=u9 z`I_LaKEQ9EVcXX=_vgT@EZ*ERhh)M5a==R44Sc}Tx}xrb7G-RF96L(v&3Au1x*tDu$se4pB;jCVH?{cToE;9zhIW1gZ!fFvqLr<<2RXiM2{%8{lh&#l=F|ima}e_MpDbQp&-HI|W$fI4k$A&RTg4{%z)wCq?QQk3bmBgD(%TD< zFI&7R^1tA68T2=u#q(RMcbV3Wh(mcC&1cR7V&>+lDNhd2reD{hNyqZxIq^Dqc--c8 z-4yR%VtbtMR;s%yKag8l&D?bTlMlGXITdY5f3$|8R3Ef@2jTIDTu$F2x}%_0T7@1~ ze8%%&rh2W8_9U6Mir2#OLo~T+WgaLeI|na&7|OhtB2=_fbwyIElSFfLwsV*OOhQha6gz(^OqfJ{TGOrMC5vhYg`_4nDi`W4;qi>azl!L%0Cm7 zJ!r@}KRg=xT(6rn4pc(u?l|osw`Vm6eWK1W!*kj3=#*04pCtCga3;YOj5l@ng`;D= z=q?~S-T(e1ltF4kfSv(CF+_)kCccIy4MKJkMZZ6s|7slAlAQO^R(cZ_KrPji1QR{F zqe?&#lCM>35;_WV`ztHC0JLw+OmdYJ75%n|9v&0Z3G8KWIE}(7fS3OO6a(%MaZ!pj z)Dyo+Q>IEq)uggR*)48$vOZPKSx|c%+xjF%G>BL(T@nuz9*Cq?;_cfdAm;%(V76UX zghV`By^I#Hx)%^afS?2d4`H$)Px;GhRG0;unh2w6X(=Dn|2o^K79{No?~ z@#*VLV|bOn=~4s$H;9282vKHEPf!2ofjkCYjzzZx70REkWMLne61_BKHce>tH&l6GrK;7A6t7o;LTjZX<-9c-FF>E!+;wYKA%~*?p~!1S!NgUg6dvIZC6y-W zlYUDHuJcr9%?{99s0MB=wAEA5#E6yPo7RvLv=;~#yv`i$KWTNnPs}%@`{U|pL&yCy zcF|3+xon=G6X8+Q?6Pvg8r#a>{MyecpH0+h-``C3q$ zHnER_)OW_;M@OzD{4EgI7X9lj!>>)+PJ^>TscmnOxE$uWx}z9$z;4ItEemWmM+7;o zL8i31wMlfd?Il#8py%&vnEyRi;mIg9lfPAdMq?I4ZkFpQH16=bG18(dE0?=Yb&o%o zY1e8oiCk~|%dyM9!;RojX!C zwLt(;L$KaEK1PV!5a90icA_cuzlS6|k3i}KF@0^imKW-)2+BIh6rzEIL4f4FNrJKf zDRFRcAd(Zf87uD-0XkT!Du6uVrLnH_rxkqK(ed%vD(fIhL-@g`SN)!PpP5$e=EUvB z2iRuV3ty-s47wICNG_1Tw@b%yye&pod;k6b@*wbkjiBKGR3h$$n5#W#8q!hR4wfTx zHhwA6N*K5s4`wW>f2*zK*LL2!3mcjsf(+!SFlDEX7wb!{j~2+v%m1*Mf*h&=aE_RQ z@-7)OGkW;6XNj^3xYKSoF2G{Our9Ij)ta)-E+u<2O2O7SmTo_3%H}*rTQV|>BGZ*G z#GJI*fFy_Zliy)X<9+}<7_9Q?cfTlqp`yWkM zt3WsykK(poC*tX z9KuhLw>Xaq614GBn*L{&IzjIPV)!|AQy# z*ZBHkkfa{xwfh@2{DV6Es0k-ERwAIm;ISqL;r-3ynb&#aw)^q%X2Eb;hzS7ztv}&+ z_Jyp;es@+tFi%4UVAq-1vp{NUMQcw0fZ{c)ZQ>`zg&L`ZVzkBV$C;6ZJC*E*?Tnlhl;$ zMIOxj%6vHs-1e%G6Z72`!+=g(`m=uW0eOY~wVMzDP$DNm#hxYJchEk65-Pj%#4U&(5d@~qDP5m&iwAB9j_m3eOR$tj63YWB&H=XDsDc<@h4AAbCGrQVkBZxp!1~bseeT>6U*+Br8el(DEzGm zIFj~|r*qp=)UKC0Gy-KN2gj!;i9BmOOwuC~gNw%m=Z9sLGl4D(yDB5 z<0$uibu5T=X>Ri3IMr(R#d;Ii)D1-go%!2eTzcr5gcN@NuCbDfd&16|Nxfo%9>4dZ zB6~NElgn;|tG)>O`0(?MWvwgxd#&!|EH1Vbs%RnP$DoEQnQ&`YNR5nGgiJKN_Db^^ zwcb+!`-T)t{J%vCRQDb_@2jJF3{X6O{`LF!M?5yG??zH^=^&MZ#7}Jf(`2<>!7I5D ze@}2rQ2F-oSLt@mdX&@LBU{lAER`y=4PRmkIy}967?mhQ_d(7o@j{9}xHYy)MLlL=; z8nAiGe_}cz*?QN3R}(($U>t!*K@G3>*!5<(iPcJwG5G4@nAL8C0Pcqv+}Ha=$C8bY zc?hIQNDmy4*TZqiN=B4e8FY>EhsJLNomNQjTFX#oEp@Qg-oElj)fE=myz4ajg4nYS zUuq~z!a0Mg?L;?rt?fky(V+B8;xIzq<6u=eYs78&iylT^G?8T~RgZbBbc#L};-Zln>>doMl%HX!|&*X>PsFuQ;` zL(azL$zi_fuoeMZj<1k^c4n0?jlQ-0eNRnoWRvQZ;-WrM@>ccpuuf`*Dy3(CC!0Ko zN|txGFG%NjKN8-n@ZLFD`)WoU^YG{Df3uaI~8z}9# zv4S)V?9d0g2bf*XZ6M|lu`XWYw-a+(Jh?gRb2~lXD1dAnRj)00^y0}n%1|E0%h-h| zEw#=_ZBAerkk8H>E{j}DgRWkP6AFID4v~&gZ~m>Kq3D$>oqAPKVV70*U9UjE<;7${c-1npq0L1IBVJr!wG5*79yX{9BxkD!Grh?Aee{Uy&I)`eR0qGgV(!IxZ*VybP z#U&-am4v+jnnZJ7pgrH^W?)c4&CPqTpxg!z&Fhi$#^Pe&&Uc-7jQh`KduVR=#y9m0 z-LKNf#}S_@F=WE0ca+RLey3MhTKa;CDXPSYV3;U!$Qh*)(RRMjtxDFp_@hbe5Hs zq&i_*=D!iawqrnqV9wQPyX}F9-CYciSuV#Ou8i}yD+`z-sMeMZ4UN(<>zOBnCc-)Q zv*>c(D@>)18}+E7oIRZDSqlRquGoCTz;)*LU26=Cu8*v*QA3F(W0>cj&(+FliuZPi z7krjs@D}mT8j7{cQ6}2|+Z@)})$#1b3-L#3Pe>-#D~;JdKAm1m7>f68@)HkOUXP#_ zxH-h(v0F=ts*dQmnge4x+?l!gsVb z#>SQ*+>nQfla;OsYSzmmu`f~qHkD3fjhLx0f6mK`Vfy&7zrRKLa=rx`47B9grWszb zmD5T7eqDL~ncu~65Aq=Fr(eF($%O)4qo5}DyyY1oG4cH3rgXbZ0uiUHZqVK9O^|oZ z^?xlae3uXNVQA@E|290LqB7*M-EIOi+}#{2^&>n#CVi$@=(>}@>Ae*hsoWFIE_PZC zkI3V8-~7L9oICf1wKQypR*T|!K0^bE*?5_?-u5Ncne_!n^0epBJO7=(I(+A2FB3fM z6f(}AM|E?5Ib;S$b$PfTs+{jAyfUfz+Yzt}iO-+0>dnsOR;tl(NSprT@gIq#D}P@7 zDLAJ?K)A?@?Bs-U|G@(ou$7iE`3U(m{FmbJ`9O0u6%o;zwDam5k6zrpJ^v=O-7UFjN~Tw=FK+FPF-zm zh@gGQ$&6bP$cF0wOp%0|7!4i?Tx^yc0$g5IZ7mDz;Vfu5KZ2S+keL0K+WGF$sCJ2N zEBZrH!9Ra>Yz-}Pf-YMDDHAKdDv#O4Nam`lEZkgM@-R?UR__WCbZ$Rtc>_UkH=pT0jT(0#_zkmF=0 z8uS!U@adzcmiqb>^_EjjXS2^WMS@>Q2ssDGvGxkjp)3_Ye*)*Uy(i*fl$-CE-`$SvJ>6UQY-44x5K_Ntt6?GY zP#DEnBNE!*+WG{|7ELCP+$QJ6($=!GvS#n7oYd?LGp5KKge|Mn*;|)S zU81qb#jMsBJD0bE#Tjr32rz~xM7BwQ`1%MuVLZ2;7E_*uvN9#PGy9R@GLuG6q_*oa zd?cqKDJ=L2jcllIKV~FLp_*_VRJ2We`B|6k4-^2%@J5C$GA|W}QxhcEl$fcICF~SJ>qk>3?L z(Dk+tjg&B!K>NE-kJ!wy&>n*G|t zc3}`O&Mq!`0ZxNNz@)W!xHbqnOFVC(TkcR+Th?EF$-DXuy-NT7{j*sgLNhd6xfjI1 z!GZ5B^cvbjY|9Do@UTcpL!ih5X>Ci5Iu;io3c#I`@C?zbW{^z443sP|y%@tp<9GGf z5{RQz`w<%}#7UP^y;FD@=Z-`72$kdeNNzX1NZLTh*c107wp#NYuq)A{8;ak<*{ z(2x0tuAoK;@GfdbMuUsvEfDgdwSz~3Vi6fy(wLcam{&^4@cr znVa7dmy&9R?d-~pFE}_NLHdAAMMX93dSU+G;QSm|8FzUFn*Y-R+FL0)%!1Ai2rDGWR*)MeCu`c8$|@_P5h|0E6f!OQxw`hnCOS+0(TyvU5yMiHYF3X1|&HKf{NAOKX)c`}V7j z&>W46i>uJ!4>6^5^eY>imzFhq_u@D$DLFY+#$akzk$yKm=*s}mfgVo;x%H8i2t+MN z;o;#wm2(g>6X3;`hgGy&2M5ETnKDhD1^`gvgXKS<`7eS-EBJLgCeF=y`pq~q<<3-TWrGsFWZ@+{5?dP={xwK&gu51f# zEQAXRJ%2=M7c{Ev;%9AmCw9?!#iZWF2j9`zdF$o2TB>N!JUlfWXw3t+d;lWo130ndchvAR3k-^MA|DY32F5k)29!zQ z5dlvNLW$S4ZOOKrC545vtpwUFLqp++RuxrM>Po_Y6B8RP(MV}&M)=ck68B!-o`6ms z5P?t#3MK&)Sa&*)0XD2w{81u6<5OnZWY(yw`dmwv5}l$X#k$i!8aNBLy9CY6)b#YT zKvV`WyDX1NbY&Vo$Pv=m+VUh+*rZ>S`0A{&6q#$cNfU+LC1rZa~ z9i~cu0FCP5>xnuLG6HL<3trD=dom_BmmWIoP|?s34L@*BA9QqH142l^sL=qz*U3o@ z#4G3KvtOy$McgVFz2#{PHn1I@!Ga?FokYz*LUv-z zknu2W-$_A>Y3VyZAs+Ovbcxr~I5SrJM20!>`-DrT&uUE$fNh212XJszQ>e>81%{v) zpasHaZQw3BIXQZce0y6<3o}R^y1Ke{PfiTG!fDu%aohpG=m(t@=*Yayp{1)~dO8tY z0z?A@!GMDKG!0HAIy(9tEXhz!-Huer$na03m>o&sMa=5CLD@`R7mT=%~t= zfq_9Abb`>((&|D#8ZIvGqeqV#0LW!wVMzu;xn{qM&IXjHe~~w}f7|%gxm*-~?8N@E zIrdszofzB(zOFSA*!WnfF^+t8xa-yVu;bh7x22{l$^}=YkvPJ4nw_>sD5APUBO+7e zvyFy-;k6ATx4T_jJu-d*R)dBnAf}^p3+DJsTH9s*gM1HSE9^x_>geqvgHjVp9!UoW zZZ$RN$Bbq+JMC~fm)2KmCF`Q2i`&#d!i&HQ;u-Z@5IfrlnNd4Gv~oOI%Q={;jTfe9 zZLPUpmy(WS36o20=UA({@uODKEoThH_vgTola`idJ6XJDgJK-CcU+E#)CjSBO3H1x zOdv361Bpl=FpVIVLUd0;JHg*nF--7KRaI3jt*xO634eg1Z-($=(`#yG)&o6kDDE&Q z1R*zven)6VRM60n20yztl#K%-EOA(Lh!|q9Q$Tx(@;==eDlR8kb*#{ zLNw{GKM{k!0d=or&=&BGI0AhjssiO)igJ#rCKo0&*+Xj_dSnz#tsfeXjENz_$H#9f zJFOVZPdsufwUxPl|Nc9U*I1%e8ZwUOZwC2)$@(l29(Vm-3gdAWlAjgJ@Ece29o zaS_-@{*&#=QPBps4EO-dPyG6Mfr{hT&iO#RdBw}pgVJ-Maz=y>uVFXTu8$D)(U<4p zIVvfHY!-X~CqCF&dg)(9)Bk7w11Xxv9>$cWXI3=psu*Iu;ZmW=oT{`Jiqa=#VX zfQRwaxEEZ=Qt@uTH)P4$^{$92rPl@89zsB<4{@(;W`-1!eNZky_|DN$%EAD>0kjOr zt(?@=)j^lU{LW4v1VU;irgk`g(6zCF-+`XqnV);ZZ3+0l)EgINAQ|$5?21#(?WxV= zW3bi7JeUYnY!snL*m!Yc`23mTWTzktg{ z|8UNPW(Wq4U8Fl(CQ^{H!+`J!)7fk5@~MHpjP%_(RahXuh8rJDaqDHk)X#>J`}-t9 zke_TjZs*0hCFj-zuI8xNU)ARn<%+rdTm}h0HDF#}f0yhLiQg|QD{0RDT9&acY|{1M zb^nJCAKc%N84s0wS`aPX{r3~gLJpkbhM!+_Z1e!gc7k?}Vua6iwIbRC=-5hRMAW5( za;?b*bmi`V(8v(D%a*n_^lVEJi{v1@swmKxmif+qyLq|3F>*KdWzV;7->C792xK5? zzjvK_qq^#VD>)VDfc;{Om+OO>ne_ReIO=e8AY^yr1nwxXvGx4vVabtvYYrbuJx>%= zukzWx{x$bs$;<23df@=*6EEQ4vAIcqyfy6|_ulFE$!`A1*kfThnICY^adAzs?K`?Y zBI-L>910`)>F9q$X~Qvj)tK=@)a+^A<66fqM%*D_*XUk{{5o>ZYX@8y*Q2Et$?w2h|)gK36sbE z3nIUFmlbeKN^3!Oc05T|SQ*Dd9p`xP;DL9mlB2qM?RkIOG&D%KBy~rTiA(#|>%ICV zl>CgBH=xPmHlRQw>*vXs=cRedIh}po${9wQVzaEhrb?}Yz8jnn=< zGw+RqxSJ_!Bf>a##g;R5>fSgkPT$0(gdfQe>vH!u=XHdb$5=Oi0`9O z-bD=Tn7QU;$s2VjYm(4%y&`}ul-~}w2P;I8=#6eGH8(Rpdg}W1)O7USFAEAJ`-7>I zPoF;Jehw6v%r*yCwzwqq#>)rG;S75TuL9o|BT=L0*-Sh0_j+8vxOW&t1Cny6k_9(g+WYmr(#@YnLY*RNg8eMbF3!>HH(_OCVapMVkm z&Z4|Q7ju>T?-)rF$~gYphxC(ZN=ot%f656(j+l3+YgUW)CAYnE;Zp}cDHp{gry<|7 zivk{)A0-Pt+%4_>}s zC4Y$cjvm~wq21|A=g7$L!i54sUsTLNEb(7@L&)2lK_q%(-tPdBC8OXbN|*Nw%3}bT zozCA6GmdIci2c>`mI1?n&I&RnSp~k4fdPLpO2IAwR*Osr?*Y05c+m&TomWx$TH&|^ zI9SPOUtAr}{CP8KM%1_biMf3s8^c>#idM=gvDt57Vf^L;xd*}17}hem6-#=kNRhb8 z&7HI-BDyWnsHXW{h+PD>c$+#qiK;owy|y3*dt6W%$=|v;YTtq25F?26 z{BK@0<(h=v@;imlc;|%gKdq6IFw$~0$fb!137Jg}$L{@M0?F8#0u=(Y|Duc!c~@ys zMW&CP?7fHkc-Rz1et=kC*H(YFvNGuZp?~C9zcW+ebLaYk`TNUD5*kEVX2j!Un+Zx| zjVdc|$QN0S{yu{OToSTm=pRqg!gvYUEDwxBgKcBD^~NC^b{~{p)d)m}ou>?MORiTv z0{@-E4zo`B(pI=5mIUBi5RKfMs&<`H{OWQ<(jH8C&=rt=6J+bi3T z<_^lm^by~N;7vFLj+(vWYA&AgB}nEsPp!dprA$pteE>LR4-Tkt_JiYuG1#d=wft~p zj9BT^Y)gxXPr6v~!SlSERf7=u`LnJ5DK7w&L2CQ zL~1t&(B1^p7^5SjfJ*0?z zNy#uN37NXyIZqTqP8~7?^#87Fd%DUKMyL!7$U8VMZ&p(}`G!=teRXlVWp8%A!0wfB zPKK}(`=?1PVRV+Yosiu|gMtgv2j~4xD(Tpl5;hy>Q3$>e<|-g^SC~WqQmWdj>Y+3^ zYAETOON|G2k4FRx9ig6cUltP~Ew#|3)gK(?mZQeCo5?0FW1!b(B@#5dj0As+v*7lBD!egaqLu&lEWjsYNXt36#pPRoqFCaD5lb3Ngf)=xl- zH6Ae4d4Nv2c}&W$RQbljP>g$re8( zor1#b{0s#+7xW2uNM}b;Nk*e}{2(i|tKmFP(M;ngTY3ZSn6}*o$cg;qW&!@cr6C^F z?2S}6v2Cp{Q&QvnJT|-qgH6AZa#%d8kIgYKGD4MQaQT)fQ0rx$NWzPjRK}>DO~VO0 zpD!;5Pj~|M!5*4~`ex)-O?#f0+=nNlyt4CUYciU}6g2di!7F!S_Nxm_v+%f7 z$#fz56}o{GFgi1+f&m>4BxLbeNped>{119+Hfou%9SRW@8#E^XK622ALi&i9*zv^k z`t?Tx11qQrfFuN14i~o&XzA*w^?MgPMdd~P6IQw(KK#UzQKWq_`8X&=U8(-CX}mS~ zi%v{ZR67-E9Th6&Pc(x(t^6Z_+}s`?bYHN~$K3F>E7q@7R+VLD$}$-UvV_>p z+@RXoVY0HZomy9m&i?7`B?Er9qdTgjdpONyL|*mXD^L^(-W1CD+R@N4Ey%ZsB$Q*4 z9#U~o5|d}cvIp%(@-WiYfi84-m1JEz&3x4X6XN}9B??R1xFZG*=maONV?w1wg1Cx1 zuS5LAD9WxO?o{l&KTGKRU+Q_Cx_NkisU^`am-UJ{Am>NvH-%Qa*Wyl3>#D zI2|s!>-jY=m@g!qtd`e8kQ^hK^b}Ml_dPK|H#6T-Jse_HuH939(1?5(r#)<1QfjQ% z*L9O;FymHZ1M1paxQc8tf2>yrlW7= zz&7c7LV`DR)rP!viYNDZ2x=khTbZ(GWw@o=asP&2=D1uOwZlYchI$J!xUx_ia9Eti z!kNx;x_m2aFs3gn+ge=gS+5u^T-@hqqd5-Wb=0@Uk!d0-r z=~igxWy)(ws1#V-CuQ+R)NP8&U67l2j}b5Yx`>X8Bd;tDS8TO`H5th6y_&!GH{B95 zL34zhz$<07Zwmq^xaayaiJEDdGsqvh6zkPDoXsxG7$6Ej2MLVY(%RV@5>-$zXcAui`T2zUotNW_SLKAyc%yTA(!oO`>|7h@hz-9gvI1g zHF@jlH2*CwI}Ue-IL=$KcKgjCM*h!sCikfNRSG^Bn6wS{Zny@Utd4pW($WBa0 zCxsY305kYjp$^T9XorXhLy5?lm_p#2?C(sA2KvPettAeOa$8XCsGda zE5K~{w#NUG)6fW%OiuwwN<3ZusoUk}&8@97z;IbOIOcPTu07Ja)xL}@~(Ul z6mo@~VJilco`JzP049@M&RIZtvADFXYidYEUpY89@NyejN$-=D)$(w}4aK}J7x<|c z96Yg=rbW(|jl_<}o2}#_GQ)H^YUV@3<$%z@dNYI54mm_6474Y}+y@IMk3WGe?5Bpz z4d(1wm$T^QN!s`4=Rg-ZC;09Hs4& z0L=2(-pUse^PObRYe?T`SI1zu8%{nIg%!WVsL<->rpL@7QQ2|kxl^HIIrZO4BX93S z!(THtY4X{#*!FA;Zy!lJ``kw`<)Pv)K&mibZ;840dDP3=Xu}kG`B5{!6f^h} zlXIX6pq$$3`>N|OP7%E@#Own5tHC_AWR@rtz-{rvk z?5c07-js#&IHBNHRare26u^*5S#7Q|q$@+3iE!~52BL{+Py@kIFBI@IzY_-#U%UbMOa^DxOuJWh zGy5HjVn-IEe_zE(R<5xJjGw71s@g~Kvnz(M1JTje(-UtPDd?jXA?0D%E)yLSD@RKQ zBNu{iefgrQZsNh$-PJ8FQI%YB8Ycci$Z@c=RPh)F33qfzY1BP=4N25}5&?wP>ZSc_ ztIYD(3-}8l$5;#LTXeq>xGj?eYbqjk>aP4BCX%QfAMT5)ycjhMtY~*1f?4b z*H}_;0?$E9&E2N?QpjFUcP4}ZuJFEl7myl^lUa4?`%sQ~+-dA5&cVXh7v9!EPkHl$dDYxXJ+w_1 zGTxqBmHevvt~{780wk8hpeztC&{i*nxs!+-&)tep3UF0jsTGzMra?&vNlikv%`msN zt`Og~6FZC4LYwRh=2tj;iQskNfD%qbKxn|Thlwa(ZLJWeIvF4D$drKq>Y)D%8DpVE z0@M0;m-#LnYQtcOUQjff%SzO7)iAnC84Ux*{sFiBE4IG#Lr{q2cm2w!byMGX`bu8t zwxG)m2?1j~%7@;`GoB)$pw~7V*v5O8MdozfiE2Qtn78Mcs=Q`KunNFA-u`JmQEsy_ z@&I-rz${Z~Wo3L)=iOV&w#Y4jX=4!(*l9Bm03`@}!s9nL&5Da(j;FzdSR6p%!oqM8 z6BBu2|Dkw;w}wFyFedI(&|NK%PO!#E?>d>^AOD_@8a zN#OBPN)Mn?sW11ue`aJeHO2q^*>iq|2QUm)UqAilnw{AM{+&B_?%gNWFy$!V1x1?( zm@W6ee;&NbK=E_tYookuJwZx1`~$fky?Tw}O6?lRdfvb1-QTzJ3-U97?6B#{;D~5{ z2G>18fYO47x-2YWALj+VkGWjcdn2Zuo|YC3om<6lW$wSY$1cwYeI%LvEM$NkKu(Sn zgybf`<=d1ZPC5C8W8jZN2LEpu>)DV zq<;WQMPb$+y-}Xry?gf{NzwUAg69zPR?t;8z2=8j?Kz}u_m-BH;7*8qXdueyi>9DI zO#dct(Ce7ew)2U%;uu29k4L1LQ5p3Jg!Opy{C%{Y3?n1GlOs2&OX0W6OFjYT8%@zb z;gnm#uBg=Cy2CwN9|BdH>&$QOPK6Bg$X}pqVbr?6(9w7&yh{=?DLj8$ zbtSYwgs$;CGvNX~UFeZCrHo_cNRPEXteL%@Fv!=Ioi8#D8Lj>ngvgWokrOb|6qO}K zssc@mip>7isGasguOsBjtPcAh;}a~GgqeOhejTNVMuLfab4$aY9(ZUlQjw8)fXUa? z*4nAAh3ITd&4}0+m@C)>Se#d%z?>)*&d&u0Veq?&CNQZaT#)+ zkNWy^v$O8i)z!OtSiq|Rr_BP~x~29M!6-lqz9B@_g4zG41qfNGJ(v=Nk$YImFyK2A|n|g%FIqeb}B2`B!tM8y~@nqd++;s zo$vQ|-+$bX`#yi1b2_I!uFrM7ulM`)dcK|m3O_`eE;J~+IXhz{N233AZ}U_v_#H_} zS!w@>CUIlc;v5IZ2sHTnWyUeyAm6j+V_MolOhHh%6I22L0RcR?widsYn2d~fwO7~n z!9NBbJx-!gA243U{r>&?_v6Dl>_C)INx|u{5Vu`UPL7}gKqc^DrM~v}@8XIIcU(6T z?sz<>9tY>3Z*WCsqrAI{G-OBC5Y;^&4AwI>XpOjkO5)-`ec7Z9hoKmg-|p*2LIpns zEUqe1aOYFQSE^{}mD3ADeba3cUdNg7+8l5H1|a_WQ1<3#t_cP#+AY*`&VR^Atb7mr zSe`X>j-conV&sEgEmyvn8;`P~vRbzYdaY};(p-eyCS34SS$SIJ!NgKN!}|nc3o6JK4anF^m+!KqrP~{U?_`}d@fSm zS%IyjL3B=&PSA*S$F44qwX~Fs&thdh;E(wQ1h{|FRTI&rx8rjMA8HSSfnhfv@y{^det1LE4zC3mHcnCnw#NY<3>%nGq> zkJ(w(NOrZ$m(d-TqkTSgD*W4%aOH&pzLmwX1yRa$MXq`udTxWabW*@|nTmcvG7|H- zvY8Vnhm7!+ysj3zG<%+lFbQM>BnMWeSUH$?0&Lx#OUXu>QLFV``Srum#w^DB_oKjb zxrnXq+L8)pBc)Bnhg5>SC|Z7aTgfq^33gFEMNkH{>+ilCv=6&XckM=<0K*HTV|YU; zX)5C`=o-rCwFB#QblUFj@#AYN|JY@>`Rk!Ae;XS1fb@+$F=D0G{Oj7XnD?0Oy_iHx zk?$~wU5z!r$EsWI)KOK2n%44!rL%%>HTg>Fe#1RsHd9z=5OQoaMA?v{X*R@CMM?L>4~@;9vr*lU3qkO@7^U^UPwk) zzy-1Hb!VNP$v&)b?C{|dFq_JgZB&lZ(SZ$8nH!TAeo5~DcvofEAK)3rYxD=k2Ik%+ zA4Q}7L5Mfro+Vet@e3>ixGe)j`eN_%_U%D11VF%H0iOf5ad%ZzDuDCI5)wPXd+Ex1 z_U_dMI#^^4)2=XU;$4BQ)-SO+v4D_}FQ>x5V}gl<04P%Dj4nSLrp&dPN>Y4Q<-WBs zsqKueg&j^fHl{_R)^pmJ>zrOYQPng|MKOrj$dFc9aE&{ zfRh^ct5>hq*ZY>nXN1+qt}YZJeoD;gi;;$m(b;EKODBNx^qi7xHguryJ@7tMOM1Nf$AkjI9kxK^^sLE8^Deyg-S20*9)TlEOS5Bq{YFXgX(rnk zrM}MoV{Bn)wWJbz>qH!iesOY@TkT$4JRqu=(e#c^lH#ki`N z{YF8rLCkj=6P!Kqw_dm%=mX6=?25e?3RAu_T`?wG+tdpp#5*#TyKIMK?&n5FAHMXc znrd?r^GS?+tu03thKl}|s;quPu079=8$a*HAl{724?fpja70_ci=X(FAC2+_MtJ@T`;P)yMo8(Qi!+l!|FE78q<;Hv{^Kxu> zzSCpqI^LN{oh@2Z;(5Qw(%gJ6@{3rC`(Co#9c*U5t-de!#BSE+$enmWP*K+Yec6bE zz=aHltyjNopZfWfm^8gl#YE)2Vd{k|>*a^WjV6XQ5*Ke;>{>Z+^2`}|llvcu z^BhDAX*3a_^GjR1eKQ;?#RXTHsM%9>FlE*%hz+*>{}a5QHC%8S%+9sG;Pu&=6dhyL zzmsCytXDGcf$9IVIkS_#+qQWqG+&eMZ9^s7<*?T`_I@&{HMU-wFU^;sgZp);4Sl*9 zhTv&w%6T>x;cL)yyFzz(;b}i60^PDeQk-_}*MTIJV0zU{GR_cM!q8A@taW11ZUg7( zA!q{x1&H7V>FdM4(Edh&{f0Gw|1qH?q%VLOeW~lkk_LSO&R(iAANpTlcCkj-aS!g7ZolH7^^ zUy>?#5f`B+?y~ON4__J>QYW3b0UVkd8zR0JbiBmX|IbXHlr|PFD=7|J_OLHu2K{QK z&sX?}z|+$pr=cYlEvL*f`g<{|VCT-A1X&2SJnykJ?l>0Y4&>&IzyB}nK|~}1Y%VbL zCtS`U#dL?O1LKQ%st>8k99sEd*fl}Uc&(Z&edo?Wa6ca`v>Ph_c%YKF*5N)^DDri4 zO6uFxpK7r_NnHbjiXLhi|ItI-j;5-rUo=I2UJTyX^!Vh$!zcYi17CQ6lu``uVY;MoI@g~K3q%o6odQ9xD*KJT3 z6ceU$mi4_t6K=8SR<|ddJyR|T@V7jrhu9JbAprKCfX6zoKPGFQoK!tma{c=HkW0|B zL2sN6zm~eF(zsRB+PU;o&Z8rZyPf{=e`)Hf+o`F0!MJKpFC(CkU8 zX_HwvM9%-h1A8Pe7g&nok3<4r8)-~-@K?Q(tR+|EFvalH+&m>C?c?3p8n2^#Q7s=! z$!E;^2m71Ok|K2J0R101yoyJT9MRTmb%o5OiS0_oz*E><|Hce{N@f4S7lUu|VO654 z8w27%)X74Uc}D)YibK~_A2#GY6B5RjNOZ<^b#JcAaU4EGZ3TJA8=`CuMh#Y2+2--* z{SjWplE5anQ5B!jkH9ri?Q-E&yLRfCKF<<(%5YEz;Y>F2>WkN2UWe>Eup%7q#215` z1}`7fIB;eF4|Rm++vNqhv8**vYwM#uSxl2LoCV*_rB&0`8%ORXU5SaKCK;$L@Ln%3 zwyT9yW96By%szBIKwpV9f_x3?wh*`<`duvJ zrN1jLzX5wxnJ5Ud)GepFyq^b{*a48l;V91J*EAwwaT$&iz=Z2_txO<4{yY~BWCJHW z8h})29(o=Mp*8qjT}@C`5huZdck1ljnBny|R^xyC;6a`aQb>-)m;|V)jP}bX2}4G3 zKADkEfUDs$Y&nObKn31tSoc@v>%>T$-3-+aK`&j4gP3%$3fzL&0z4qLA5~uh05ylb zLmO)wx*eAF_fI;$QvoDGmkuWs!e0>_8!4sS zJubd56Ofgfc{n4}0v$)Wbn@5JIA>or#)3h7f{zt4S@+;<0Yybc5JZAg`&gRd^Nh~G zCRL}fsN~B0^n?Fz-N1W^hbE6bF0@#^YJ8u4ALQb(Esg5Zsr-{b@Ec=gO;?-9qmq1h z>+)B>XBg|M5|HlapTfi!X9C3BZvImsh*@W*m(_MrU-zsJL7r+ohQn zW1v9cCDFXah4DY}uHW(nK_UcaB{8V|qo3dH#Ne8c{}yjkz;6*IKko99N#hRR~DJgGY(4d;BW^w{r&V09{=Qkw*<&eR4{K5f-D>twvp0s7$hh0Ju$|mfs zH`dhYCwQ!>D(`mZoB0s6iQfMDW=eyhU(Uq6F-K zdY3}~>nVrz88SqU9-^U{g{#jDqOwo;-Eh`3F%%nj9Ih7s#DZU~} z%Jk#@r!)qdo9^brk*^7O_67n_U%R=vQPSPkg7^wUxPnifj()S%rB^p9JztBdZ)Mji|N@}oj)n}!w@3^IxD&8JM`Rm3qe1mKpO!vI`g4+ z7<)6p9uwdI!Nrd%fIY$x#5`o&Ew4wH5Iji-`r*ZA!*voGbO^sW>91me*8=rMAB21S zf`V|-{fPq{d*x{?M_PCnC`z@fvdPmOJ$fH>QfvqK!e#$MKqe9uejw;WSS$VeGfPVe zc>bgH0jZeZVe<;&=6}pLNaG94;Jls%H=HofjZ%c9&CGid%y=R@3OL>+cz%Mo+Ji`( zHz&o;u(9=`ak_=Pc;I`Hk=+_QcR{6~cxCAdVqJ8doTl8jPrpPVG*1cM%@H~}7^WS$c2~c;wKZsc-3~&Amm7#>6ps- z%8EvRe zyNT#U*Y>-NJD|YxKo#ofg($A z#^If4C2^PoBd&lw7hc}(x5wS;_-uBy8r8{(*;!`D4@Vxnul!y9v#B_vmfnHuJ+Li`D)g{E5JPm$kL zR$l(vs_VJr)LhGTjRkG^j;5xh#4Ru=)M~dJsjR9p0M`bvqxkjf2{v?fI_;2@<&G<0V&Vu!yxR>>K?WZU z{+L~LFneYsje+Wx+5#K;J?kgUbk&{Lsr=R)k5Ha(U=pyH{)n{)MG$;&U=KCil1K;Ads3G6cF6n~S0S@Hz47>qE?rv$P730Pz^WvK z8S39nw*gsB^kiO>4vPSjN z-`}3omk{86HZW+d@jhHz(A3dMNoBw*o&`?-^*cH`=2jx&{e@!tL7m*DKi2=bH7ZL- zcHg9G+@1f#OZ~?GeX6LIgAEjmFZXzxeoSsgC3r0$Q(Wf+Rl0@y>-Aqi-D5I7f6mT5 z*-%8~a1-AICDP+bP6z_6<4&%uTI40NfH1LqPQ*)qipqfPi?G^~C(!BqWh0KwwWY45 zZ`Z}Y{HIp*AZFw;exeXC?q@r}_0LQ8;iwJ0mD)~QLOEy*x;y4qXjpEm-fb(PR$F- zD)Ce8pJ7^Z1$!$=T$6>D*A;Z$<7 z;uE#hj5M85-A4TAvP5YnRXOnx8d$)pPK~VH+*~sI zMm_Dv80iNKJQ^IlaXLhN|KrSK{{=NNvCUp2fjJ($KCK~_Y?hvPr#$mrll7zDKxRcwyhwUvKgl8_SJwIgUo?>eFig*N%e;>@@Gax^u zn_!q+BFM@lBLf?WlZ8Xh1+d8>nCixzwsnQ+pX5V_{C&Gv&tBLT+4W+$DO);msG&v% zkj%*oQZ}k>LJT6m>KFM6P81Xt-NYCjGIND@L5($uLNPHh7L#-~S4m$&?8O(yLFE@C z{@*2eMyOWCFcz>vU*i(galXLBhk7e#0b^;&rVKP zjT3N(_+xBnShmKPn3ztV$P@3RSH?1)_xi>!N_WZ6o%HrqDuc%~S1p#7FtK4Kffy~RRlxg;vw!c$kFHkxyx&0TAfIdr z-V<7EWmOgOb{*Z10@m8XEs8C_!!FTMQ~O_zI3=(mcv57DAP9rG|KY5oAlNCQwQi>4 z&HiowBM<)Xjzx-(L8&$ff!#Lk%BHeo&+KHX z+|Pu+?r^Bws_oJ!yZ2&);<$rGPW0uSr;CkCCWFmKpOrRcPv^?=b;gWsgpG}St>!e+ zv${`4^WoWzAkzx90^v88kH)>ErQ)wG>%00!F3fy#;px=ShQQDdx%(q7IiEc|Uj}N# zRXs?1+J1P?PTHFA>mlc(4YMW#4miE78aRF>#TT?Grhvh19}+%!`X)1O+0IRnEuNU% z)FaEans`vzH1ce;Az(P}2F?27-iyx-=oEf71!*RkYRbwUVD+JAUTz|{_;*soF*#Cr z8;5E`ytxw2R^@yncfq^CKHm;#A!={Mxu*`>NM}l3VnH3dVI)0diGdpl<_x7JX z68c^tF5T#M3EcMWHr5d-=O@Uujo)E%ANWp14V7Oyp5tTBE#-Q8vg?-Ry=;A9E{0)k zRkZwp@p}KEGP$_fF*9U6{M<1#w!6rm<*D!<@0N^_WUdFpT+licOP|kEXsxDlW*tQJ zxIX=h0^rE>->~zB>ONA)LW*EwdkC#?&_Y=G)I!(;y@wa3a+8~1kzYe_J&=&QTbc?A z#pi`LuHpKD$~<4%@O{5kHDxC_B&}&Pz;j4y=gE^nf4^Cn4?MXW-(;~d+eiW1mHWoV zg}4SCqX&R66O{nj_Ph`tuFiX8K z`jj*(>E`K!RAIZl+fDY;^odSaHGF?D_2iz~-2lMo7 zPzc8a`zEh$Fqo|cu71B%7>kt6BzZke%@N8JSiD1Ed&{3?@W)ai;XEeZ`g4-xbZ3yz ztuf)fq+?@ajrn3_WSidLP55l(&F~Hm(p(#{3p6PRt3v)rMUBmLu>-teG=Da<)J(oA zBQNs*D1S!Wl!@CIGO=@NnjwiWkbaKo=|^L_)4MZ`Q2VZqEg zp&6=1`Pg?c@84WyllzD6e0jIN{A&rR2t9*?HNRCN>tmi=mguZf4+;;zuK0)r zdW5jc=EuknYKG6)xHRRL`5af=Qj5QXh=9O77G1(CnrhOaN_szhFf}CEtlsgmp{e5G zttpP;;eY>jzkAe^^K7O_EK~k^j*7UNuy-iEseSsDM(3g36tGJ+U|gChoqYl5`v|rEWfQcIJ~^2-ISi&JWp^_y)GeP z%6efNgi6`)ic!dQJ1{v^>fONogO@kDP~t}U!;hbss_27)mP|}98uh0Sr0IYix-IVR z7R{kUakiIt?PvIyWL_2HO);_aRfE?VLvgu)e6Z08z+*G z_o01#V`Xo8PE}SX5)D#Y}F&n*-`s~#7dGdoXw?Z|O_{629Jz<}=!*osYyN#o*r6rA? z92p^x6cxR~zNuOnC_}gH$VDSk#@bEw&c>M`$8Hp1ib27Ce%oG#hrh^PIZ0AlTB@w7 zidpPUOGTQ?-=0Lpecw$&#>%SsV#4CwxpM%#2XjsG2^%w`&f^OAkElu5_Y)mMbJ<$;=~j#%=Bt=E zlVx@dMhYMhLPrmKTBI=~&+Bz4G05MZM zDk~+WgRqRSs~c0J0La3LU*H&2I#pJU`P^XGZi^2_R7DVvv(ZPsU7rejBdd{fuKp984#ba;mYip)lSixU* zGb={8XT#17n9`2>;fE3*_CrP=FJYF-T?zx7YJko@D2cpTkBYM6`fJ;PA) z>(f~lmKgY1)=X0cB+v9s*1xly5PTC53?JSH9eb%~W)|43yqug)B^NCCtj5s1OM1Mu zXvqY*;EFC(^wu~okq~s7d-j#c4 zWo9~{xs6t>wDsiZu&WkttAaQWJ{`EI=O`DSZWT~21*?gj+J#dE zT!w>WFo97V$)t8}i;-u0(;xKOgj!@d8O}Ps-3}W^UlNEkTpn5Pn85$xeBS)Qpz~UT zK%DzAy>b|?%;&kMuKpW$oq#oM_rcfA?D9c4@FmOzfPZ4J%vZ3nNyf2#9l$*W5dexg0kr54 z|GzFvGK9wvymAQJWb~@Oxw&h7!mlKkCv&HeKuq&ub-t&y+rF%-j4^tb@Jwr>N=bfR zu1comsm{w;1dT~%Y0w1c3R6&3wmB;mAKwyNK*BNhiPb@uJrEw`oxHhl;m+r>7q0lG%tf;uDYau$Kx{ZK~ z06qYY+EEwVO|q$)8ba}?rl`K&9q&-e;{hqa0&l7Y5J#%eN6iC7TLnq3aDm~4TeY<< z-zm8ex8Q8%uKZ0Hv~X=i8-S-YgClqjgGz9ZcD{tAocHK)IBLL_g|N+D$2x&_7#Nx( zKv|Z^VU|1B+evbP!HM_ z5;PuWZ23!l_Y!9+toXZ=RWE4ILVH_VeYz4ON;9wz^lxUMb(YYQW5l)vw=7}@(tN-C zQE=L?;vskns}x5RK3VQ@jKO*OI)Yln`aMd^ln3>qFlv8=%_sd)wa#c${4sX;YWz37 zO;jzx-Z3+0QZqQQ1shxuYvnWM!lBi|m$P(%&hCX{he5A+4rm&FIrrH3Z8x_gEm3bG zMcwO2(Ly%&XQ>NttIamC>>39hT2SjWa0e5|@u7uYQ);Bt+2?$Z5{RUZG*48y_ z;xY*>Pb%p{k=TUDs?+*?HZ93&Zdg2E4{9$@_dFZ_1CA!GkFx+}n@7SGf-E+l1_LgpClL7x_fe#$708pF#`?(E&4gpBV z@hd%Gp1@OkMn^qvGP8?rDdA|cn(XKShNXkmb^7$X1E~O1g#kL~{d~F2mww+aWE23+ z70yrCVo7=qSha0wCCL`m0(y6kShurbRZtub_pdr&`{^5vt!EwWDBb@pAZOt1o8Hu_(W)W_n;O6VK}Cdqlvaq$*JN@gv2_ zKNxY%ETu7z|J4vwk1^@Cx8|EGZLiu38XMAy6S&2Pu}g*RIe<_KZdi7lINk4Iv)y3p zmD7=hjwAC63+OATVx8pb^Ti~=SNQes)sC6j+2ZEr!|dz{Pbs9Or2(S@SY%>lb;GzE z7EYBL;Kzo-Ps7gc#ZjTb=P?BrKUI3Z7|}2EC1`GH#^GX54d?=Hj(mBfWXt?6Vfys{mV0-NOvuMP}8=`SsIpYtqHGh zaRjvpql6M%Kg230kXi`O5BM(ww=XOy*$LAw=)W+r_gMu%EP-%gvIECSKIq2QbmSk# z0eJwXfA?V#0YgC!RV3mr<5Fj(4=o9 zE!!TIJiz#Xcv9mnRN$Ikfc$_|Brdfx*V5ykxc+x|9#hjFy=h}}43s_OcQkx^LG~jr zwE6q*4cny@iz=4IiB1^_8^Il9`yXLpWSF!bKC`0L- zxysj{x2~aNqzIla9&MOH@e+5Bj9F^$J=f#j$K55Ap4) z2g`5Cox(sFct9`p!PmZ?tT6J$;9kA66Csqp{+1jjlVnBaCDh*b=M;e?hn$#0RMll}gB3)m^RuqW8r{k?33_s{RwA02Rk z^Kep}+7sGfY;Ib>$ zvQlwNN6BOKDJQC~p52-^zSSc_t;YBn^Xs_s-Pq{deY_O5+N-MQ#Oj-x3{Oq_c0c_{3-fNr6HRrCiJ{j`nVN*1R+ma)28$48 z%&Q4!ekdT~o}El23tpIUTVHLoQ%t7NX)@P+oSNxaXUd_uOjcOPN|bUhY@QW@5L?|| zlENuMNgDO&oACkB^c8`fQGp!meS83L5sgG_nxecet#M%{1zX!Fd}D4M6AtVhNH`*V z|E;SU+wT35qxrUK2i=t$mGB&_uK=9K3$fuB5L^)gx4~miT_}VjN;=LLJpVeYX>YL$ zt$U1IxR=$X$g+?Wj@{n%8|=k9;vO^KPd%~Qu}&GH?&3tws4nH)m}hCG+Di<+^zYw2 zUvly#D1t({7EDO!^L}@Bx3|lkXuDz2XE@&+<>{IDsYU}3@40sjBuG5{sm6AK;w@2^15p$r=ym-wz$V+Nv?S!`mKgUL281hVBdA|8WHC~MJ7}JISmTlc3zeMRc zz9KQPnYp>-%-N->PBExtLLGUz7NUa;6B$JG^(VC++#zMdhZpJIj>j?HL}4{~x*==p zr7F8HCnwFNyO#nvwC)*N>=qUK%-q69MJhtcExvE;;HWp=-u3m+*2nad3^3u#Kfx`o zQ{#^N_2I0J=nr|5{;oVv_tcw-@4_P^Yb*N7OfAfl17>$don+^GCyful2QfGy*0a!E zUbug7;B9#LJ@$tt?P=sBd{#@UXSFDgU92}}!q?XKz>;jDgZU=77EMxr)uwi`4$Ax{ zr`VeqAV?Y&g-`hJr%DA7zmK{xra%;BY-v@V>E`jZrOC4!*O~73E~g$##*Mj%n@!xv z(`gpu3!=W7dC%9pkN()GS%U?R{@0HEV=dFb&dfH)j{;UrfgW4=FP{JH+kQlQw!F;0 z@a=D8bz<(Wdw%_!hkHv9wM$9bbHN=u1Fh>m`kF1x=k9WP)lJGd-Ena@P=AU%R%H0G z!FkH{0P%`&-}!dpN@ZrkNzzEc3aCrT4_v+ZSW3!8m&v$Or|2^+Hf+MtlUkShzxO>p zyq}Wiq>U`@6sZhxpU#8Lbm76UX-l$(H~4kkThooYLD`lIQYe8*uSq?c`E@Qj5z<57N@AO+4k@`9%9}ovYN6#olpQV179FT(EZ;WJsn8PEyD! zd=WGt)_dK{*Z4ksEONo6F(39jJFEA^GH&`VT@6#|OT&gj)LfoHoMhUS{j~3Kv=BG_ zhK=emRyl?t94+I27bu>zXU4+m9sWbqhmVRNkkfv%dgM<$+_)BEwFt z!mT?tM1lqhElC=){;7zrt_PoE{rw_jYdXW8E=1s_?=0956%pC?r0v@$pl|!=t{#*# zF}Wg?7g28Bdhk~cac}k$_r_#?q&0GC)8wip(u4jUDh5&+Jm1@NEMTGU$CN?KZ^H9_ zwpz(N^;_ED#M0F|Q%@IHD=@fY!B1IUu9G(A7d7M6+VJ`UU zdvWp8#0}kbb5>eh@`rqZ7d?+-Qs?%+1rF!)Y!-TO89#si{7^Zh#qZ#w`6@hkZGi7x zxfH+MG>K>6rpzVAZdIeqI(blg((sI1&?IN4>ov7khj5?dN^!IKeh=^e*jI0?&f~&1 z&ILgnJ&M*xoFdQeze5~o(E$Oaqbq$`k;pwBs4~fqHK|R4o{l=>VQgt7E$-W~AYuD8 zmCpxhBD_%f)xlZkM@LvnCRdb_ww|WL#6w5kq-0AK5j87lGezx;&S}+bc*#Cdn{90< z@x5}MgD2qn-YxB(se+4BWm?MXL)#Db_6eBwJMX^bEXf8Z&MvF&y66{%UG}=WP;Q9; zaqz3XTGsopD*Gry369I>LmL!h++5oLH0rd?EAd+_GR;&R%`ohK^%p&O(19n*eOX%E zszL85&l8)#+hGB!$DJQG^8}u+A0hb^LH8^DQyC#fUNP7EoBDzsCP`kQTz)guEcF@j zdI4459v=Na^Yh?P9<*a^u_5)Yp1MXS?6%nXA{bAw2!_zNf5Z4%=KgJ%u=sw~o4V?C z^s=nK+&z8h44Iy9WCk@)^%0exU2!_$@C*n-@QIqm@6G;G_A4`FIhK3-;bWz{{92DO z;Ro(xFowieL)Q-D&?AKU-fEWmahZ7dqPlZsCc>TqtUOUU=Oe0uq=0AmAw;aJnoJSq2u&KX-5H zNWtgZ0s8B<=$SXQ584Z2GF*fEk@B?KW}mm$a)C)fjCro2S0tCa*4A>m)I(bvn+tsl ze8DrTp${HCpk!buJukfZvu2{blH(5)#iBq`iRS?l4{fLIV#9pnp<^l3Wj?bF?`{HC z?Xp>V0Zq^KAx@114cR*l^l%M=CNHzD(qnP*?{!~>Jg)rn6VrU%)w)H+73+IQz&!<`a0|Ql$Ip2tm zvtAX9eDL(>#dxnP1`L27)pMS0BYDE{q@$w~r=AZgR&{la)bwMoClPE|c@3EB9oet_}HPi$WEW1ZofJ9f^A)ZZhJ;x)zj@%`v1O7G z1B3C7`~bzo_IG<_N!CNjQtTE4UA^rBZ}yeFefP}m1(|Ql_ap~53!xX0PQ)_UIOXWS z2961w0#Nmw5M+Dnylg$$Reh3=F9_KcXF1O%jj>$ib-5$*?Af9E`rF6=L@%!myNLxP!xs^s4O{&nSn{DoD+ z)6oxgzq0l$xllyL86yJtYwaLr+3dH1*SFhRZv1*%pg7&hr*%~k*n+R_AlcL`kb?do zg#te9f!PA^m)KjyP!N>|Nf|KIIU*i9&9+sRIE6u6;Q4EmsdoQ9_rk1A|AU3K9q%4p z&A;_xWZ-e@Jw>UXjN=LQCA&U*3{oNZ0}R(bGzA}ga*pQ|!_jFB!fXr|; z9juuAg8g3I;!GHOBxJG2bI;%OF~%fU^`799zlMcP@@GvkPK715E{a000ZspLGOAn5i{I+)a;5~M9ZGHK1 zv(;7#XR5eeA08Gk%W^3xPzIq}gbg7&?4;1eVoXLeGBWB~S|pT|Xf=d{03Y)3DyUK( z^WQ}m_HO^*9Qz5PXr*MJ`I4H({LX%x^y!21^YesxVqqcGWn0^GiC>XT0kOh%U21AC zZ!ZkL5fMyAPan>@C<3Cx85sDTy5!{io!_`~&(P!Y!wroMQd*&I9Rmut1)H8!^tz}Q zSOy$5`QhT{SAS}(1D!H4jUV&r+;@EamUo*FimpJ;O@9kR#s6|(R*W^hE2*4Al&9Oz zug?sP7|tl;X+~>LR1R8GZ*<$R9nDd4KVV zAPS-?dMGYor%5SE!T2%d0|}#+aA_V_s`}_SdGABl1|Ondcqaosv0_RxIA)uBN4@J)VCUkHg$Efj#2C znDQQ&TB!K5yyv@6_NVxBSF)>-o{5~pn#lZcbLeHOgV|W@Xj`6ZGm#u-OVZ3P0)D2s z(M?A|&!+RxVCOY;^>N*3^(PE<+qHxpP%xZS;`IC{Zp~!5k?w@^NL%NzYTrf9Fkv?o z3~&A4f`d$QqJNed1MMemnM#aSgSWU?N?Cr)R~iyn66}ZihPuOmP`t{|zdBSC_NX)D z9zb;q(=_91wvVSy1q)6*6ttWa1$I}kIlsewW@ey`l9pPmtVZKY=VDr>>_;Z1FNeck z=N5TOf`N&nT>QGkQv?qq^Qxk<@+&r^!yeKeQ70l{zk;TUgupQh>-~6xk8;n=lr%Sc zvkVS?%(_j<5Y7g1e0N~n^ROgWgG~WRQghX`=F8)r$qe5;asx7XNDy)DOCM&m zr|p_lY3H$^le?Q20NQymtl4?j`g(gqOyxaPdZo6Su9X}%F2B9@5hEXefAj1TT5oT! zn>WtvXXDi1_YD;H4AQjUj~`AVXfYx+_HCl6fE97|Xcn=1{W+8YwS=5s$XiiaSzf3O z?*^$UE5GK}QvFm=pq5p%?X`!;*Ouo4cgU4;6{GTDGy-eur;E?HXlo)3pXHt6@r#U< zd!}%Rd}hXaZMiO0SI=f~5@|0{yGM8SoE&{MLfW)i1BH)4qgIs0+5w~XoZz}pJ~kmvxsbAk>wAM|O4YzwzxPLrrs>Jw zjG0uHG(HObsC-juXIAF(d_i~-TbI{U>OzOdM!-(-#bRKUJKooxJa|W5`KP&VC7IA8 znUFV@BTOJ+07ZeQ?C)O{ywVB2XZPMB@u3&+f_5R&PSCBd%m*8_2f{&!cF&|>+h`xq zrssW$R_wp;#e1|bIrhk%PM3v;G;*U?NtKqC*E-At8g_M_OhrMhHFseONvZq%^7oiHMP>B(1db;$dyg^E5 z$#|kFmh7oOuoIx^rc$Q zeUbr|R;BBZ_&2@pf1qc+w#eb=BzF)1uBK*^P2{&g-qqDrFzf1zJC5I_CP2fw*4E_3 zu-MgGQS$QOXXGnLMR5E6=un5M9uBwi4!(nfUCe?P-=Y!OH@}~Yo2$63G{#4bbGKZq z4Ru(YLiCvFIn`ydkr9J?SLM{C=}Z_IC48Sp1SYDst_hsVtcEo#1|ubK;rOsHcE&H@ zU3;=FO1HxPvzssDL>6CGwg-MsIIMe;vrXZp$cZxjf5g)9Qt-BFQW{N`t-)pyi{o7Ve z2Y;Y9DKEwzk<2g5o6SxCtga3hadP{I^I$@)2fU#WkSeaG>{sI>qcU5gNf+Mw*fw#V zuH|0mzt3NXNQ>9~T_vLLP#ry52xKOko4lQ++vV>`{%%gYiIGYk?{o?f!VnksqGuPY0Mgj{qr zGvRng0qm}7gjPwVSTir@e*f2fdrU$9aLV?IWvcH&HS}Q{NCE*;U{Z=@ifW@LtX01tk zzF4+)TS-ZP@71Jrq4C~cRnC|C^=XH}irP)Fml@JAX#Sw}ym3=DMt6vF-|_iiI-SNC*|c1snpM zzntj!lFTuu$H9A+jq?s8?ct;DseTuL0%5`~%w6*R1h<6T!eLt=NbOlhgKe1!9eJU1 z<$cUI^t(Rp1cXx9TFZ#?&x|$M74_f|;H~(Fa_-}YE+;ja(+;9Jb#b^xA}d=nIsvr& z5g@ofIS;9~#ye_KdQK&1ETL;6;j%CKTxNUFQGWl6HHv?q}3+siUneEiuop?L{9J_iRg&v39U_XF=+dDwc0g{yLMouljt2AiUbnjsRtsBJ#dy zEQK_)Z##kkqea`y7q-2yb7VevvoDY9i9W1azCYg(LpzHs&Mz)A{D z(}jm^^H1BAk|`W#bXR)k`q1YY-HOWJ4+g)=@ys44jS?KRo8eL7)aw1W z`GRPqe{Zd1s{Xe`WIdAh(X6^aC z@E$*`+Pghd1m|D>&AIP(BTQBYshiuGZ*XO$e6R?Gg;Cch^<9EdS1@mY*dZ} zNnO-s?G@gw+H$jB@<(3|JPi=`2v6?B z7}+h)Ni2F{ygfaX(P25Fu`pISW8Q=%k3Ul}!WZ!E*2Xk-{MobX+5fCy{GgJef0m$M zCfrVTX1RI#t=nRff)YjmT6UT?r~ai2Xf=TSJ4*Z1;TtDa824_BCnis`ybTKz&sX@; zWel-XV@w2kjD3O4$2VJ*j~+Wpb>xqeUHm&VgnRbvk&pTq7x%gtp%`!d(J3Y_s-G9p zFOR5{f3cCn&5#4v^GmAibbo!!Qt zj3=zGI&D*WrylMb?G8nKb0N;b#DYRh3`cxr@r*9{-n@z>;q_u1f(f?;M(=A#MGp%Y zoOn7pNXf`331w_{W^$Oiy8hspXLxwta!n!=o-1fM`fW|r6moJFG?##Qpj`m*<+I-B zRx|dUJtMOUyI2AC`(E7*{?o&Hj9A;M8u_gjZ$;CVJ3h)l>k24WG3R`53x~0Kf#OJh zH_f?^IC#&gWW149GI=^ZeAC0jLm89>!0sPqUY?hx-MX3ebJD0i+YQ5_d!ce-lwXSf z{&o4laoPG&IhQPhaB0TP^K}mYJ_t?;)V~858n?q=cvHP7)TBVIFKv^)C0d-xHHLdP ztes95mz-oj8@Z2QjCJ8{MZT-~tuHs2{4n2kN>5*Ai_33AF?jC}K}jyzJLFfvre!`DIyE>0uJ!Up zYotNf*Ryo3iPv#9xckSNj*efSl~y>;|I`u2Gp&nvDV^C2b&P9f?-_0@FE7{L{IR85 z>%;L?a|XeT!4@4kAp-Pv9<;1px=pW74v&teJ)PJUlRrPJ8?Z9vZ0#rYJqi-jQ_MWq zU;L7DB;|0YK^$6uJ=t#GN4ig(LUYLkx5#BtAHd1x%O^$hqQ;TNYtrv#_K*n~D6fRbK`zxo{MXa3}gOkdaxy z>%snhWOMusa44TwuS7B{>v3{ejPVkuxYw4KpSQ2)DQ4!CSD0BfNw)Kv6ag$oQk+=c z6XcMbgHuAqdD$pA-z04Km!AFEP2hPy8H6w*PxwV6hNP?@PR)P4E^~yCpfOg;?T(+Y$5)ux`WinEL>8_}(0xmuo86N&%0wBSU3LiiE4<_WV-yZuab9(pwzju#@ zy#o>CBMeapE(AtmqDkt5ipobIkAouY3YYv%IXT@GE$QHu8Kd7J+|P>=?Q>4EvZm^` zD+1yAJUOvjwZP|Nk*MZ-{_Hj@!OjjLxaA~JhM}M*3JuVtxLYhm;-uAh$;?pF4*m{y za&sdifl2a!=lOhX=s*bwE=Vi<6>wmLf2-s^I?R~AbwDvt5oZUYXxn>GR1H?|NJ+_P zvR*@;guAEr$-%CV-WZw^v?&Z{?=kju{&pKl{vo058!BoIV(^h&Ry?g#kq07`J* z`aFM+=9N2l)YU(^+{LKV_KTDM#kRIKYin*|!vI+ZH5DZzT~*I7GCT-HJ@M(n{QPiTDs|9#C3TUt z$^mI#A$twV2pYfzG1on5?4}FJeipo{DE)9kLWs}x{jzvVqGpLlL6F(RX0b><4dx=0=&v~Wth z#O^=-^=pHqB@I|G;G#lOFJWY~4>)+hw_NE~<9$a3!vIBJ@w14WtZmt;qpT$M;Z8i; zys5&HtwQu2Bw7LbyH}a75((t*!9|r!TgTG}-B)kNq_qO)%eA2j>!^jH1AW}H5t?#P z5B?s{po;#|tK9O>pLMu7mjYC@FHV6i^njUhy3XZq1^)O^c`5SnVcJw2{6KT=KYXH* zINJ`pWDsT8jO3(p#4HsR6FZn`oLS>Pe|83+XnKLKTU$q`2ub!TNJ_fj(_{U7P5vVZ zeEzPkThlPwU-3kwAXZ^{@TEdDY^Fo9|5Yb{6M$O)-s_z%+;Pkx5)~OV8ikEjbS6`e zta%I-R~vKxQfoa?RafS@<-4}^1zQa!H<&|0KH%>k-l^?s5gZcS1LM}HsFPR?&4OCL zs}4F#CRi0#Y!G$p+`4rL_XRy5FM#uc+LPtaASIMP-+uF0@UjXctSp}n*KKobNfu*C zzGB<5QD)qk=1x%1TGpxeN=sk45&|xn#{F)%U+o_6`qVZ-;~ZPz=R~Ftf2>cDwmuNT zBO1UF=DOnBm;=0IVf^<&4q(nmYeAbuz`J+yh!f`4l0rXdZ+~^=&e>hAt|->y9F84Z zU$eDvZEgCtru3SYR#Wt-hK2?(!ba2+*ziCmzq`cSq;$}o6h-}yAEEVV-p+9(a$7#R zt>wf!!*{;PHFk(D$rV)Bja~ar^YFN6T(){QCUQH93G)v$wvZ`}r3A=H05`(kUWw@@ z!_oKGMvly&#%uVdVcV8DC7+nHT{Yt?H@~}w7dYnfQ;8~hjx&8)C%CxYfc1iMvgE0J zQ_+G`Ll_!TJA4Eq2$}DkNx??I#e5u2&e3heAGx68|WWDi88Z{3Ph+;E)EfY;t5hzQ5K7AQ_hc>QY_ zU_W$Loc9aaZ7tI;;>66{e=pJspWch~AJu+sjGj!In8(t=Te*|TRw<$sQ#j+@Cop`hkO zE{i2>YGyG|QUOqC?j!TB<{L@6A)WpI^O!mM?g-(h#8Z^a8E<4H=nu z)87zk5HJeSFDVqbWbZuqf6;W6QB`iyR=r4wgn$Cljihvgbc1x4w3Kv%(v5U?Nw+kJ zw3G-4h=6p1G)TS0d*eCA{ozHA=bUfv6?4ut7v<9*JhBDK@iHu}qMtfEj(5akI; zC|E#}u(*AF@r47n>E@`?(!O{hob&nuA-6l@`4tz`vuz#STJ-pCCTz5`NY=oP3^_Ab!*3~csQe+`z$Fu>jsr`Zkm}F@l>|gRHxG_v zS7~5{L5HM1T~S_et!lCbCkjAE@cavn4yR&Zh@alDfS3#gZ+0WpCb6-P9JxzG{SaI+ zFz&c&Q2CL#rRU{gj|y@HE%@A2i+ICTVbHsx8BV?6XRo*P5%vkp#JvYDDhG=c$dOVr zkEZT~ekF=P8o{(3pvtQ7o)c@Vp2L<@eSKm;wY$Z{!Gof)G*CiKx$z!yV8qn3Wp zu+`a)KhxoBX|`>CjlrH=+8+>bE>r8EH9Ku+X{v_ANSBZjBMc;HgIyptF|mY`$%-gV zD1t!9v?p6ULX?F%Y^iJ)y>mp zukwe&Zin$Qrk4Amps|pFsm7R$IC*_r+crImzdjI!DU6L7h8Usl@!E-bpslS9^2?>| z^~#)Qg6?n;j_cSV-h!;33?M3Cjy}C6iyMRvYx(K|EK7L6y_U+>@KN*x={y-66)5cT zl`R9k0lJ+2C3qnPUS;6t9sLdii0>Ff??v-)0;j)Q?7c zerRmeB)46lYf#KleaCx_^FhD^Xc_&@iv-3m$OV-RAQ}%=E)dIkolWJ3or48lmgz#C zL9qTUM|I-%*i{<}CQq(B(LM#Iy%x}rP0j71VaOD|vz>*OVDPCgmejb*i`QFf zyv|#GFarsooAd8Ci0pEf>g?BX111Hy1ydDR&pqP&uC5Tr9kKB7KftQXQY|*P z<=fsrh~(k9bpqGv3tGQ|0xb7SPO6$8i(Bwm^Yi&Aizt^Ffxmt7Td>@dO0Iqj5IX}ogznSz&f%dW<4;wyZeWKOUqHx)7SoHp;Oz; z@K7~1&Xl#2rd6Y(yoZI-L*;OIi26}VhM7{P;g(OUWe2?j)~7+P%mE+`aypLdD=Toa zD8_w*6ToVE^aMzNfst<|2{HdUuL7@ZX;};#tCD1q$EGczvIa$8X$xO_yH9sd_opO+ z*E!?@jFAz?POaOsE53`NR+ydAT8X9KCR}W7{;xzN;3}gyJhcf6qgOQ7eTqd14OJfW zG~nzDo{CVIEdz!Go5J9s!w`yv6WSAS^T;F;2!aw{E%{F-&9L#55MMICsdm#Yh{04h zEI<5UFnXhz^jZzb`QME`k-&T2(VyMjKde1v3LZ7-=AiQeE7IKjZ<>eO@a<2yj{hs; zV`uFJv-#_mD3{GXEoo_%z`%z%PoE{O&5n-Juu)|EPG_j8Wd);r5gpm^N<>i?+ zD;l`YKnULr=K?g?bJ_TOZy$zAS>aZ1Y;J=8RR~m=tSM!k$LY}2zcI0n$ZT)dbgRR1 z`RwB6;huMt#Z#&^qqSn9(Hg^md^-u3;?D={GGd%M3-CQ&|8mo24H8(H7d}){0AcjP z9)kDppPiqBC(hyrSnu(Fh~v}%ZYwC0fyP|g%*q(Z7-Am=d zz_bh?$ni!($F%2zqwDoJ^6}=cCVDW{c%`Ay@Z-!;`z_t0Wi1=JPzkCO+a|q&-Z1`#xmzHE+g(qriYYM)!lruK7 zFbRM~575R+ef;D(49z+5He$thH+GOXlE)a%=P$LQLbL$oO8IQvq=h$>WBnnsSGC4` zK+CBx^B+fZrZI$=cG|`l4xO|0 z98Py}9E}W(61^JqN2!{cV?!MeZ|*Z%u1ygN2n?S*77Qs(L#nVPcG}nb=Ls>U!l0@9 z)FqN<5?E&gJH5S`X!+j zramoBmba+}g^871hKEO3KQIUrxpl7JZ=R90ORT zvv_GvzCdQ6yz1q@Q-b$7LFxtx113Au?Fphtr*SbcH{Xpcn$qOH`zUE7i)u$38Qj~*DJc=G=;?zZ@dmOxMKhbzP@PxjBZwjX zx{(s-=vZ6ZSdP`G>2Zm>L1QW%_;fKr#?-%mntGxg@yT7FzR7AkLa)qgJ-juy-QQ}{ zY-{?~=Fb8aR#iC#A|hBKvGQcrhqETN2w0qH3Rtm$m?Fqzl!m-`5yicY8Uyl)45ep2 zmA1@m9YPgO)!!3rv|<_cMuUUbKNOowxSGu$WjeN-|EgoCd%pWJuq=*--r}t_X-D=u zx%H2fp`Smi6JJd-OT>>6iILIv4-BtXRQmew?4+|~oW02zvw%fO=wKGpOLA^uCQ42_ zZe6QgEhZkRX&0N8CaJ4?)x)l}hUM`0yV1OdCp{4n5rb9}j9^uglCeCIj!jNX=-Or$ zQoL9cy|NP(aM2;TuOx;UFPFuZMMYmh+EHcl1KrG-SK#Owlj;1|0`7Dd^qu*Ec0H0G zzkYNZ+#Z6(<)S;MuJ3=_m9ruGm3`|+)i#$dj}8w(E@xt*D|kZpD3F|;jd$Y{lxy%S zA~58g0;r1Eq-7Keb8>w859jBJ1*cDMlGCw0eT8N}xAm1Wcd*L|Y{(%XV8z8Y9+pg& z>A242N5uzFu+iVeNM1g^AO<@to1V9|usWAVS)bEdC_!2L;CQp<*O=*@nV((;5l-Te z;bQFSMxAz45=migTSifqTYNw_4(~4=9(A9P_z1Z*X5DW#2LI?-s#Qv*i^dF>!X~Yn z-kfNcC}ylA$lvBRXZAwTw@`ipn?usl;pPnwS4Jws!K{$|FDj{0SRloSN+`w_{R% zbL%Pmw&g+z9jN2rIyk53p!suV%$~Bbxs_W~8kgMY#_Dj`_;wdDu|hX+Y3*kRDxexcS%%&gVqu9>^Mv1e@#Z;eMytw&9xd@WJOwtd1(kv6A4 zH2o(POsr9`DTqZl=Bm=&z4_0!?#7xQn#WgH_7$%Z_HX~rAKkqFckMGj|Bw3C<6p5O zoxLT8w%~Qstfuc=?+ZqH3-;&Iqx~xr#U*5e;?nu;?NJn~rbgknN2sWhyXOOPHXzy@ z+eVwVR$nV%B*XkW{$t|(>~8O>6BaJX=n}npt;@1J_l}D-C&9DuhiwY3#qux$x;7-4 zqk1sfaf2T{HCW~z-p@=&#_|GR8tdXu23IkU+5i$s34qANV85I6YXt?!RFGirq~AT1 z{s;mUS4yIwi3#?KSvT)#=T*~S9-o~Jp6JE1OCBwIzlEEBN&E-r#^%m)sxnVepD`>+ z3i-T8Bd|;U5j8+M!?S2*f=)a=I)L5P@)Z?Xw}I?RASqP$@aPcg=%Vt1(5O>R!Lx$O z*!bA6zTIAv>UX;|f<5&FcGQAop&J``j}eW7Klc0J67GQ;Z|qOXzA_20(P#CP@&7-CDz2*VDfm>7KeC)hmr zD?z?3F#;{FXtMH;5FWJN&bO?r;${;Vo&MZEJ35qQPEW$pkdtF*@HrfZwQ0$pHWpcX zRT5%SN7Xdc0(bwWC1#F9q|{RXVn~se@UbO!TpwMI9Imuq`QvjKCi|K;K3_hqw}yV| z^=tl&%squzWo18yuQK=N#6KcuTBIu=A)W56shU2#=oy!m9nEhjLUpWr7^&X3cuG(HLoJ3q7YNsEu4Kxqn+ zmDcrg>nVR1h4Q85DZQli`xn?v-QB%a?>a@`lG&gC6`uF?L`~eVsAxG*>87S!JaSi} zjsK)3bIfbgP0KSmnO?ZHV$ZJ4_^^lVZ(~M0(QkhdvOi9|pDN0-VI^t=HTJ#h>(3$1 za`*6PLof=R_1+qrP*dd6E}eMT^JKX3XTBZ{4}DcMX~do)a?N2vBQ9a~7Rx?QMi?`h z%lH0lLz^OG!KGaYa-V&xY(g9zgk^NMxeTA0Im!kGT#GT- zu*Sqmm0dQG5v(Cyy9YS&@lyumyLo8tjTf4-6ge^3*}8jAH}B5Qn_mY-=I7@}$%IDb4Q$wM{tm7Tw4VG5IOE1F{= z3<2iVzi&C2n3%D7?up2)S%^vJ7H(0t&FOVhQ94{RX7z3#IOJYo^0s9TGk5g=pbDo@ zf4L-A&&1ZC@s-+sc&R1}w4flev?b=QG~kuNFzN~Ff|C{$63pZT()Wl=&`pV_1Be%91*i(RXP zq6SUqz>BhuMfF0{RfqF0`d)&}+U1Gu?fQEiXTeu%4H!nDVa>=Ip7!|UR9?lAG58w2 zyiI@3E;nmW$0jDEBt0*=wVYkVq`P+=l+@f~udW`zY8H2;5x(cttPYeE*eD^ncqt<& z2nj8BIk~d^@JE$1Sd#paa-aFAut6eO{92jUm6&VZYq0A1Q~aiefz_b{W66uo+e@aR zQbnVN*)a{P7ws-)s4yl#Z7>2awC}|3wn}x9jqX zoQdqiNmgUvrsMje3-_lA{txqphS$A{@7xxMe`#-B%-jloQS?0>3`zTg_bWh&*i9Tn z&yO7y9(?%n>82fq#_~Et)bqrPRWnaK`7)tmW>8YHpvkdrqLl7Zo<$_`g0oEegaD%B zKLWwd%()f_zJgYcpK(p|>FgtEEb;M8)>ri3vY9Zk0=2g~V}2v;?aj!U_Eb9dquA58 z<>-|fV&r(l{(7H{)&cPXzVGtrxkbiZq|IfoCBwUuXAv-y6Q2p-_$@Tj<8pXqN<7kIBsG#08MvIN zU!C}jurUat>RS8=l>kNS;YxuRjyS(9m(Q)_GDf|G<2*hpD{In!Pl$LvWIIeHXp|Ed z{^r1f%VKcb+W=^73-U7sy`N=G>OML866{=D2VWgW50{Qcl{9qxhs{uj6EClQtbYpP zJfeCOc<=lP!uF%NwFCKJ$aMzZgmM*po!J01PMBll=^dI}8HdRK!!h#a1KA3cKZA<*`LUH=A zcN>g1YTuqrF1rjTrM?#SBE7eM5S5Vf9Bft}BmSol{2wyEum&R5hy#aUAh5^C1y7Ql=Ol#x9R($Fvi8C=!&&EKKPizV}&^l6Rd&Cq1px1)STdd z+4S3c)K#)9PP^8H$m(Z>@&5cA|IKvX&ec04!7PldDM@2*0lU`L&~X~Yzga>TrqkE{ zoAOmoJqbog;-wW@5M!_FxTcO)u%jJE&u$zirg-u3m(r1I;@{;Pa;8ZuDCCsaKaHO9 z4-k9x`1`LPB380&7Z2BkQnFR);6~>u`$dTHw(u5LR(9qGeRrut)&!55nb-w%CRZeiX?gH5|f2Cwoa?|q+m-IwKa zE6e+9lxU7W4$0Srq~l`Kdm^Kv(Dw_=69h7LYz8UXxFHp7kENZqsLW z^u>Fsas8O?gy9j%2c=C!_$kEyGB{H(Gy?A5E4ec#LNPiI*X>G(V`!6h-G)^ZG5 zS~FdlyQy1m=@bb2PO2v;!845#1@4l~uq9m-2?-n?WT?x&EvVwBur*qzV zL=kTVF&+mj=?yf**w{E25um2qqUe!{?i1D1W2|iZ#|m!Q*xJ8|p^ym~e!B`Q(-zMU zjNRJiU&|y7Sde#AeO!shdEC1g_8w9e{S#)YowG|zJ3Hg`C=4Etd_qs(TdjtU3v2@B zSkq42@qdw1wMNTmc#ngsW+6j0KAI;q)GGVpmXA#R)rly~9J`?tbz6 znq*;l{`TK}NFtR}U3@zFt6RoRaJ$o>$|1w->$p5@2)2O^=RXNx6sD_Hyr6jdYhqYA8Q)pkU?v@ ze@nyB57f~k|J$3f#%Z@=z*uM#zI`WE^T7~9gdCr|foC?98aQdzV^&Z8WXE7)ZW5fe zJYS~DoqGua_~6f>A6ItoT6y`vZDYe?UDcEdY<-IAn|LO0v|o`zk?Veh3*|d4y}`Hs zbm49Zg>(fPK$g~Ug)T|jJ3HyW5;cE5g zzmr3>Z%&_>NH-fKNV^!r@cnWv^pEWB$3NTKWo=T2xDSr91YcRnqC#S5(;pp5skN}P zqoL+ZWcI!o?506TDC{*RZMI)VW6;8i_=1dld~*8tu&}7hcKhhUZ8y*y<=ndwF>`ez z8SfdRzKES7GfJrRP^y5ZE>RrY#Rap^aKm0ZQrtkmu-S6a*){I2ymOx5NP^YR#iMXS z{>H4r!e0A^qg>Y4j^sto;=~^QAKZ_g!CGs7i9BJvkjSRrOsQ$9ZtLac5ZL+j^fDTC znXY_ps}TK@u>H}VUHb?TM+awS+M*Njf1zjYkdk-ia0wQuE0@S4sTfVn{Sy!Of5kNJE72JC=ii0Bd={Eqo5c{i@9l#tNyxT=o6orTc8Mn${2#Rh znv21#+iu9FBAz<41)S1m5rl$HABp%rV&!j4jZ$?@9P_?oxOD zkE>l;RrPxcCc^YZr)N61wxD%O5wUMTVj<#hCfs|}wJ8@zxPPi)AL`b5((5yDY+@N2S{RYP4*Bp-4BopoCh8rJPB4VrsQOb z(yCprGF&8AEs4frq@?s{Zn+~We6I(y+`W%V33=V#Cnl~LdGj+Ni79pOx{S}y_g3dg zx;YMRUo8)G9PG{7jZMz*?D)V+sW>pJ#=<7x+e#I{Pm!Wo$`6>cY5R%_}$S3*KvwCke^TA99kTGs0Hxp<^h98crMx{FKb zz*pvcYpPw)WcEO2F@?v9(`u^Re4Oo8N>+}N z&R5dV7_9WYU~Bh2^ObAfYh_*U)3LJ^Cj7XPk(eS4r5M1zT&~0ri|+kb^Be02H#+%V z`+AGDw<9XNPlP{ClLKViiW(U!69da`{I*aCKdXHhHxn_w_+`~8Ha4|)-S+aTamJAo z8j97=vmIaTd`?h3JU!iad*t(66wDGwL@{xIx>VNl4r^__LaA|igYTs9F@KOVgXV{{ zl$=YIkyCkP*YjThPTW=Q>a>()yA*2?M=tl8VmQ!fsMg4^WZJG%O$~SH z*mu*r6F-0co#(StffwDYsF2QJe3yfaKsBPGtfJNGgwJL^Oie{~qMSxW!S*8bQ)=8{ zP1nw^gT(^Q(Wx0)!CCP?TgWRe2IL!-G-xs?O~t(y@Opuj3Pl)=sAMS2xBeoLrs7SN5e|y((8%Vf97? zh`s-CmELsI5I?0BljW@*yn^fed|1~e-e-kZq%U|<2<(~zn~v77pArq@+TAi-pDupW zQ{=y3Hw!nNK8#Uq&Gg-@SDNAZVJ}gN#i_rJ=1Lgc)wwQoR%|pFiAbR+c>VaAlRz>m zzIHRk7XW@NWfFW!QpD*tN2I}|N=hCoQ&pF5y4v~+S9EVk-&0D9iA#cI{bs|Al(c+7 zej{bw+@Hsv@bDIn!*zr%Ea$zJ(H^|HXJx=V9Ep~1YVu}x+jQ#m?C+(wRBV7mX{QD2 zePK(ZaH=pUQX@+l*U4YJ2(6#0SP$*E3CygpRnW+wY{<4y?W4`;`1mc)RE4+RN@_Ut zH<{oYrDD}&#%Cb&9@{>lq@r>B=fp8AFAv`qne>m3$5bdNSqs6VdtE>6x>j9S@MKBk zR_W;ZhHlzCKUD|@wsrVUH<*;MDfM5>gm6rN zaJM`LCEK@x%I; z?Gr51P;y2Afw~OkVlhAatX17+YaXSsvE$R@dsvfdG}43p`4xq!dlgZyHMXWd2=c*~ z-(^I@#}^D1a?$Y3b$z2(Ke#G1-#m3XTD-K2{Kb=^#T#v&rTSxXQd&iYVsjH8+hntw zB_Aa({pZtzZW>C%&@iyYORDJ#{#3>f=m!x~5q96Ju!6p2{H0Il-tDiKg{5Pww94Vq zRT*C*scK|>eS0mnsYFIgUBK>5ib;xz{MbGl0YQ~cO-exrq#UZn(79XGYez^>yePH= z(-Ib|5ki3dnA4VAI~Jk=4_`k*b7!_-PaRw%?$_mhvYhU9-ub!8y+nFopo_5DCxCsi?&np);sJ9MdUbskBbRRx%pYF8hoq4I zLD*~p|6$o)w6l%Ii-d{viq5yY=CJIiti$#{s&Vs(aH2csw$o!$$p3N5 z#0HFE;^@K$q>Yz3eDp}fQXe<&Au29pC0SQjuHe(%HB?t`E7i+VwdW3x!YsJG?;PnA zvZu*W_=`Y^p~Wl9?{dMG@tmjgso%;L+DcAZia3;d13L|0*}XJ;iT5&X2$BQXV2sr5SidoT zGe+>3jAqTD)2Lw_EDh6N^L8msZk}v7FZLO*viburqpbf-aQ(6{&5md-`PJY1D1A+- z?E2^t6R6bbB|uCW?bdGx1D;!?pcdI;!-_2lX^1$Q4=0KX-``RN0JYEvfqxrWZdTjs z%`GievqW{Sbw^i@Y3F0!LT1-N)m$vY{rz|3_51fOe<*&=|B9d#HvD4$JYuQow`~L> z#kkNK9?^717MH$nB*a7e;naHL&zsgT7^mdDg)Yc`sq3V?rciA)rUki_ah*mqWdvt{1W!B5EO=?M~K0->BM9XDdf zW6@!-sQ)$i?FD{*d3i#~x43g}QC}oLaJnChwVRqqP%6Jwkl3nZvGY0K8)g|>Ovo=I zq5suFh(91q@M5m~JVHBw4RSIuSDFbmaZ6Ve9;WDj7}0&$u>md^PH%kIQhcjdBe{S! zhwkdbzSlb6#Kgp3aHK!_zE3P>_p)lMWYV~XLXeE?c)>p=u3{w0aKhx3xHV>UAFOF6 zWqI+UuB^5;j^_51Tk_lBOotuwQ<|t+mpP9I|9KfzCM6U$VP%hRLP=U6bM2jtid}jbae_eSeOp)hyL3>$rxjY0Q@k z9kgM`v(`|_uc@k;(q<^)eZ*IklOZRAR$J!<+e~P3|9}))mPFXc2ueqSA?J?PYG5*w z(&X2w1|^&O4&}Bc$Qc=lG8Awf6k6L2cgM2xSd+PakIe|nIS`t-y5j zAw|yZ%0~$5th;3s@@QyX0aioLP{W@w8_k3zKnl<&ryo_&_CPGQwEU!6^138;cDb-7 z*KcJ72e#$_Y884ea^|>r;!#{7*mIC4$)l%7QN^F+bAp zv*V%;%B;K@=+U$Cj*i$xidltl`t!y@;6TH3RxbH&;r}oyfrkEk&c9=A&$HdL(*+RZ z2ajK*K0d$BIgZYD#B%Zy(8qWlNsYsEVK{rqe{x16dO7E@T@KDW<1;e@L-=fNHb-mr zzP(7}&zPKE=c>}CBxcB}cyshc5vRnCgbu$&!`G>&1W(gq} zoj5zE-AAfiTGffYr-zENC|}p*Ov3E=E{JJr;{4=szv#hjT=#VEA`V)4qVES?H};za z)i?PYO4ho+t4tx5+U&OxxLigI4cXVrnk@|s44Y1k5Pgw+QU^HEui0PIEw0QoQ6v~P zEtccdaH2o^@Ohr?p)y8?;_C?7Uw&cx#D>@Z4g5J6*{r0PV>(suE8#rB5q2hdzs@Nj zI`#f2CN56)t@d+hh`5!YJ_Q7B=qN37bxlW*2M$(#X$xxOyLANQXFXG@N_re8TXj$s zgBJh*FzB)^aWVHTtZW`4iyM%^OCIo0mg;KoVm4xb-X*A$OZ#Sjzo?~%z{+3& zb7mg3NusS2oZcQmS=?f*73ikGN4$qOsS!%Ys@BkkN6M-y07uz&6w>swo@MbJ9!S&h3lcZr5 z_T2pE>$Ai1SOOdE#5u=!0}Z#L`%S&Jr~vjFqo$wCQ^GR2!4aavv3f0=kHQM*cfN9xdyJUJ5}(Sejq_g|QxDa63XkJ6o+fvr=+&c(Po<@+;P41#&!d5I z17r#RnC|@i4?&-`?vNz(u-Vnz&!2-tkuYAXI6k*BAn|T%Yn`*ZJA3cwW5QLN2ozw@1Q>?ZXl?qo5slL z5YnuCf{iT;T4|SH|BY!)*yr|wnYpOGAn<3R*}bqZiK*}v-MadR8ANUKFW+2GHc2VS zN&?hbOY~DSsq(p|$ zJmj zaW6dA6j@hAy_-&N>b0QD&TVK2jyQgN z#{

  • b7i0F7}C|>8#rT=-c|bV-wrho&y-iv9zA~MTvTL!ha#~*N9&6w$t!5W z_w@C(ct;EbX6rHqG60hnvKDB?Xqln3VE_vJ`lT(Zlzxz1a|l+7*~+CUg5HRUpFVw5 zSvrSR7$LwkY1&ZFkg3MyMxha<==nt`1T3R|`yvbyQKq(A!9famp4yy@Zsg?xc zAh`St>B`#On=LXD&FdzLIVLet;f=Dg<~oS2Y?2*WJryi9*G-P-nUV5XODpk}?hmax zR9p20xBk5*75aH+a^a#1Dvg{VFiM)JBB%=w13)GEYrk+m}33YA38;g_M2Z+b9nXl!wRo#$I zT|Cdxv!I_an`-~D8jt7=9+FZsp$Cr-j8Uwfw~CHS z!wf~ATCvqpY2|~?ftV%y+R^Hh8EFOSyn^DWpnv~fY^Fb!P$<-%kX&2JR-EA~(JKAq~E}I%i2|qT$Vm0u2L{V1A?sd>x+rZUUKPQK2HQ13X$c zPCQ^wbP9{(GbqnGt*dq4d87@kN_UGXkmAjqf5q(>`tR)4LNkgUp{ranI{pZN<|QHD zzpzLOE0|r?@54vaNKAAG8J=LD~ za2%{U;!Q`-^x2Yz{|26%@}IfmGU5w%%}vb`{N#Zq0&>XV2F0zUr{{SlE2f<2<w3R05-Jbj_KE=n<>GmZxeimcNz4l;lTSQJBA+FV55UC82Sbd2h_Y(wZ0dr-vEQ1q z#-i75$*yB4A@_M4$k}oopJ#o%6C7%OenVwxxrsYdav)i(iba6ir>3Dd48@#fS!Gd4 zNi5vuW?nw~>D@-%3ZsR+BXKg??{DjIlH|-gzlv`h|1)|4gd{94wOC`;451B6FDdKZ zK8XtVzbjRmOTxIGRxUg7YPFhdY7sroP>|I2;01UE=V{W%#7qTiYr=moT?YHpF#rI# z2d}w)Db$)oljY`>96v{@Zbc$=GveD!ccFRb_rYQ#|G7U7&Qm3) zMD{pf_?|IqeXGde>pf`=?CCM0paEL1@hdmYu8qyrUZ(+uW%`Ld7IxhEN|9h!ZY{SC zYh0G!S8{dzCg?Xjo<#Qz7ni8y7Ze(?rbtQ2X*czqu}5m12PR%zxOZ-V#1lHT*{I*1eLR4y|z6sVNPlrs(d{bNG+7b z-`tI&6dMu!CyWVAAaEhU-QASUNlp)GP?-Mkl$DkjtT{PL#f!#^=`!JR6e;G7Z@r35 zR^i1Zi^wA*#mxHnYTy{3LBA&c{2U>II*tLK!Ld_Jb;aZ(kb6h_3(aXonO=T*lHa;) zmk&I?7RpLXIk`CfacBz4rvmpTkWvZ&zbEpr%2+(_=exO}?XI6bk3pEL)nP;d*u&Tu ziy&(sZ+R5xDDhn8Uy*{9rPZ`kdFD&;L-SbZA~IaPZIrb05y5Gpyg57f8*_RZ+9 zXeuAc_|a|mui0>6JAl=pQh;tjJa1B2U%i*@)+=?k;~f%%K2|L1-hKlJ+eH?+i(>fC ze%HFS=|7hE??Rj{S&i3Mt}i@N@l`CPhvWtu`wR-g1LO#PM<(oxWcjt%q9Py*pp;IQ zqrR(N_F6BV5GYM;I&C;LS7B#jM}k~TK*0a_ID&;}9Xv9Uht1Lz%wH2v6UfchXkS7| zVEJ3Y7MmW+DpvtE|4_PuueAdHDo4sdByE_OZmT>d0+0w7H@PJTgH;De7??uSI&&)_)#5h1N^YCF{vYc6JTAKUH z;_dQzbzYvJkBZ9jdt+ruJsZ$QMS^zvk!&HGozZ#!>=4gUh$6CtWtqB_RQ>0?ybR0n z8koKSFhpQ@zRfde$DC8Aca8-%193@y^T#F$9e_Th`OQ!cdBxf-UXAwTmxZZPm`?wh+i3suD9(yaQ^le>m8 z&A>D8TUgj@fyjsqY7kWc=g74c~C^b^m{dqoCrgLF%uM;BO1aN_FfoWf*f{ML8zuiX_oE^L$M&s|r{KT7z^5)Wj&~*FX|CH#ft$ zc&9a|QSD5XwhbY#6DEjK><5k=M^amK74Fb;#j6u$)l7bA;Jnr0tIfxO+EB~&I&$S{ z07>`82_hYRl(J*VqpVQ^IcCf+`vmcPKcUc3a{xG1pLPC?-yWd#Hh?9cBoONes(#2C=(=A68F)xGJo^o|#L z-Gbs`miQWKx-* z9lc_W-9B*%onq#cJ5*sJY+B~BWZOGC*`>9P-6!U6ICbDQ?3vs^hGMR2@E=-PpTG1G zk@VzaZu?89kc3(~`E4YF4=8_9MggMINg44Tl$-PK`#fG7m|0g7MNp`=>WjsTK`DT$ zv+!F)&6G+&U=FH!vM}X-mKO{uoli@rGAA>81}px2Zx@)D%Iw{BFlJ2yg%zZ!7#Oqw zbQKK^?do5W(0Wpb4`%HQYsFa})UCc=8)qQH%l&B)5~*l1R+F%CVysaZ9u+AX>-Wu1 zp~&%D@tm~rh8!a{4?v-;tgOuS_^i0^I}J(s_>hvu!Q37KQ*%r6UpE0@i8<2}wn|D~ z4`;!_2Ui91S)TjfE!gj5uAsXi^EvInc&(@A{F9tR39A?)&6|Mxem|N~pE13G)QxR; z(0_+nzZ-k=j7gh+uTRkF?-%!{`vrxC2g5DgGqWols4aD7yL*7mSw~E z9hsnD=FpI(lT%&oMZE^Mn<0s8Qu&{_tQ&Ui@~Gxt+VF53b~c`XDCG{SNOF9=rz|X@ zOdcvdkUaFPqT}NCnBUXVip4t)wypeW^lV_?E_wmhPtZXmWXKyE{|Dl>zhAD;4i?Vl zqIAoD2K2isAVRhG`-tQ=dOgcC@od3+y$s72DZT&eUN*hC^lc+;?S-3V6;D2XQH08sQ-PuIa^#> zTv)P%VB3J?FO2d4P5>z22l|KdK?()i?f&}TUJ<)`pKL?2H|{X3scdHM0|<$*_A zo}#llEif8*Xc8dGk(QGKl-FLy*HeHP18`(W3eam8F3gkcWDAar2E);0V#-`v!Ww!u z*w`K(8>gb_zDh?ao!h$ePO8U>{~aJME-rwe`PElqB+YVk$MBIL2)_c-mo+scG?I!@ zAOi%sJaH5vjSS>8=2%db+GKV3x3+rS9GrC+xlVW4PJsZ<(Q!Qa>C3`L8AL=NnTcxD zFPf}g{6_%8B@zru%WT+;Z1v}hZD)>sNqZ~Rk|c`*9fDDVtCX0S2bbRP>{EF#&aV-W zU9i-PRdf0S0|NBzC^?Lu)2r*r3m-T+96kyOCE}TUN$7~nur_GWk!EmvEXeyyTg2O4 z_3cxpB>Lmuh-tY^7oEO7(Fq#51OK);UpoHWAfRf$`hm)S9bE*dR8Cu4WMhDd47`G) z!9Q&a7yH)l_>Z~&d2a5LT<)y&nAQ2CrWA)xZ5IFv5ftPBU!;YdRbERAYSDP;!a70W ziW3v0-bV#kZTgBZr2%bgeqjL{BYk*dj(aZucetI$$|=&5_z8BQu~|?5^m50yr)+^MiJI=0xO`7>g#u{Mgt? zrXJr5KCh5}&CT|^@|;*`yaEz&D0ySt6(GA;BM6r*1WNpg_}x$rTr|Lb}q5v2Z3+uFq?_*GjAEYbaUcPIx1s1M-udWAZK5^T7 zP5%Smly~DGeGLgxGVfYHQqp(f-f1o?vlhIbnFV;Loqyva3Xnu0vQjHnXI@zW0hGVA zQ!T74dw)%ZE7$?Mm_0=h5*bco8esd~r6uxCwC}xZ$vZm>J|npeMKs*uZ(qiOptnFn zx95<)68&;k$9Wj0nK^vDSIFoT2|HIEa#ZOK+53#L9N2vrQBfg~C{C+rAEQ$7;L zGP0%{HFNWfrGOuzpooJ3tGh5FFJDkzpU|-I>)WiI9nAeFfwFoAOWf9o1qK5yZlZk! zjn32x#z>{Hh@;KFj<6{8Kdgy~gxgYD8VBRP;a$P#h&`IEi#?jXe$Z9lz1IA15nzu> zE41a;>KGy`pnU>kxcUlq( zBa|K4A1i&Ab-ecZ7J7H_d39z$Qn$IK0t1rvp=B-H5aEMtq>9yxn@&`+jOMQ%CVinx z8HgApVtC8-JQDOkthEj!E%5nVm0j2j3rNnC zwCvNFeXsYb`n0RJ-eSeZo?jYc)Vi*_{ImJ_p<)Q@!+ZZ;L|j;F4;n(tO?;5^5u)=! zQr4K;FTc(Kquore|dCn3apF7i?s?e>t$qsBr*zwW+#(VA2VZkHn&g^ z^Q37M)vLf^|7}UB|B0Jk-O+)+j4Wt)v3Ay?(7tbrY~ZBqCgpDR3l(7A)|wm+^^<#FJ<6h4}J zC@7)O=G)(K{tf_i&n$|rPj(p5sc5K(x@t^StpYh`Vy4i7@N7WNj1XOt)>XTR;Mx#Q z>EVj8ugUEm(ffcgi&vFXIg=JjR_snLuFFRVm&tVvoJVV=%nsY;`*_tqi$9rApWW=+ zxtR~bW-6ahm4v6qCr-;42#5{^*KYj8P?93z==qUoAVA25XZ5%^2@~Pr*DpxZ)}ep} zDBE7Gz&Nt=$-{-(Bk|&^PmR7MEZp2-E3T`nVZ(0=3Y$}jNNkJXa;+pI|2NVyW+GBK zm8V=Rk>SI^{l&FqZu;^PR3jm=Fg8=yP`~(&TS{J5)b6ER^Yhp6k?j;Q;JG-0WN^pD z)8Y>!sUd61OT0*EG3}M&V9<}75WTrMNaiM5{Kc-<*rpTCv!}uH2~0_-X_H~2>!NvM znAq6iGuFg4(X+dSKvjSkN>yDofLad$F>Geo>@lKfzdPRWHGcZz12=wnF+vy54cBFd zCg=|$IxQ$E*y4bcY8oBES+0prfA#LwORG~tFnMM*p?)QjTT+6RHpxqNu^M+jYqYQ0 zSn|LvxG2WNbiJQUDa8mFd`dt6@2K_)t;86YuKQw-&!uG*`>Z*0)QcfPf#RWOj6xD5 zyOQ_d2-_y18YC~Qr$EocIqyafCEk~)vjrnim41J%A?d0Ce}DiK$H-n~)FPOFBBGmN zG$Summmkvj@V7~;WIkUO?F`$A|Dox+!?E7qe<2|uBYULBiV)c=J7i{OWJ~tmLXr{L zJK4!z*<_Qwlf74V_WIq=`Ch;4I)9w&>YR8!&*y!=@B6jxakmFxFYTvA`A5MkW{co^9y0|u0CWGE$s@$dW+zJ%PoJd@cOAz1MAD7uYC zmKNMxULMDICP9ggeL>ypneca5SST3n>`*Vn!vc?B7=ew(SoZh#2iFgc3Vm#=b)qSS zTS4X1;TrEF3g%0sG0prb)Wq<@J_SQVql70$^kAvGJMm-Ibg^ZNdSF0F1VNUs`shg_ zXuNAe(--hnhKHc}%CJ}XPdN#%c?)>5_=VcR!uxl~$}4z{&A=1%-z24PPW#wP)%3sRj3 z?xn*}g@Z>~!GEW8V9gnHQo=z&GQ|IQC@-wEd+sAyj^{6ouN&&&_jqvkVi-bLf)+dC z8(%*F4npRjHiA!t)ngTn2Clr!r6q$tkXEL`Ndr`~Q6g5J1*u%A^>CGqQ^+w|`8(KM z_)9_j^Sx>4o<_x1x8j@gSKF15TU2h*BF(w;S))EilG3% z0Va1bEc>G?Z|%gS_026hVPS)zQI@XIPzpX$q!@jD*i1>y%^pms)Rv1M6sHL7L@dKQ zTJnnO2%U8SvP3ZC=op6>XQMdRQo=Z;GbepqU#XWfI~FLF0W8?i%wX8)cgeiFSLA{X zAGNc@@Sc4}fYcdNJBhsdfc*F~@2}Y`JsTRH#?Mn1&38(V4Piscy&TIWi9)`hr|5U) zt<*O^ms6CrHUA^!?CRDAZno;3=OuLcZ9=)2k@Fe_LyI^KfRcfgxRz#StiDL`X1yRfh6uK*T)!werKcYaG$)WF(jK~n z{3~l$^7CS}8aflA?l7{jfDgEa?=3r$>9uZH9wU0`e-Es}m-B^u#|3&Xn>M({p#zB` zshW!LbFDYHLjQ2Em&2piv}pf1(Qv-+l}q~YI`8as_rL%~l=JO0rH_y`WbrmnOQS3n zf>nQ57A{_2)%v`ivRHiamUENavOT)Iyk@fvq0G$F+-*F>NFb6f*+Km3RoN+8V>cz) zJD$B2`+qF}31TjF^)f+Rj9CUBY$iF~GQ1S@6OnLN*U?VI4Vov%48|ca8~ZEMi7V6* zsVnrM4tpmAsTmd3Zn1&2UiOh0upqkIs*-K6bDAR10rw-NkMpP7cA{m)&wJzdSWNu;Zr(3jxhRYvC z+brb_l?mfU(Kz|PXf;J5?qLN0PhuyM)4wTCl4Pe$xSB8i@=*+@@T9px?d(oYPEOMH zHmj!|8&QlJgm3k|eIP$e^F7#WwUsCM|vnxDzR3OYQ5jF<~i69D-bDCQ%N(9jT=nZ+N~ z^V*C#jAUfQ^9C38&LRYbTa`YB3k(0O8vUS>MPKywMnOKgUTkM6Yl7V1>}*G1?MzNi z?H!=~^ol?Mk${{Zv?^lD|NS#j{_9oX=;8v=5^t>Dgq@d&r{T4 z{bp5H2=u?C-bpg>!nkL1w2`RI!C4k-Zp;z%u47SD3_g^#u2d8$rf*mum0#0y2Z_9C z1;zdwEg42={szxbM18xA5h84Hn0a@@$E7DWWP^jd3n!*cs-wQS1-5ORu|%ExXT8d* z&W&KIO?k%tP9?2%-nNyZ2!0HELN7qZ|M>t|4~vViHd_IrN@{4BsiGEmR3>M9=I-%i z?QVR}%E#Pyy}vql*(q214N~HNE*{>9Aj=pjFOP?X-Vv9M4?0T=6EOUqsX1}Eot^?6 z-1B>N&;4ZXQbbwzWl}M5FhZv8XrsG~CF%j~aP@q9k~(a3>{*yUbe(%-qO0h+w<&lW zg^4bW{^pHHM|2CQJ*8-A&j-xQfs_I4|K$-=%{ls@`BU)4?(Y&Ps;FpFU5l8L-b7-q?ZkgVy?TaUG%H&0epYGQ!z5I~OmjKB;6x=ow z{LH*Jd7bvrfDO!l)i{5K%YuXay8E|rSEnk|tRF7tsq3%a>q3wzd-Uh6<23$oM%6z# zbK$K!_L}k9ybDBo#nA{eoTlZNuR600E-1>A~DeY9U9c>OGwEn z+xVaO(qOz7OOrd2#tL{SS}POS5-b@U)Le+7@?SVID0uHzQZhG&PT_>9q z#ABfOi_W+n#_&Bp9C^g0f3dHzO#ZIN1Uj|n_!?>saDV=;a=NW}-R6^Fx_JK|`oqzR z&Fag(+Rm=-oNt+-hvb!?lOx3}-1&*rxGWpjV-+P|qtFE5M3KOm<_Eu%3t^a0o0M#0>n_C7>9K+gQD_K6mU_Ab z5n3#Qr^`jVdHNTgV;23t*BCvVeL8iIr;^zB@5n?#p3>L)daE(vo4);1Zo~;%_60#b z%XZR9?0S-^1UIr|1N5?J87kie4H|%K0t|3OCF>35gVT}8e)a+5@j5_9V~81=D)`-W z%X(#MP4V(2XU#WMMl{J*dks8{Kr!fT4WB) z74FDwrnyW4mtJ0ID8BD;l`P(lmpGl{e1B`P=xtfl(ESA?GD=C;&Oy%VJIN z@x_PIpPjjzJ^gUxUXP9Q@1=^i>@WPVmn&ywfBgyIWkW*&F@r*ips0h=pRszO#ivJJn4S?^VEcJC|5n->Kbk{}Vy@Rzl; zpH^>SA?y*ZPV#Ng`=d=}_nX14W~yqMN^v(BFH z@atzS;pdU9Kc9*C`=fIH*!<_tZT;tky0dd;NaZjugS7P+SzdD6Km zY2%wu9*eC=;JtsZpFdIl<_=v}R(y}?KYk$yBdFI4XAFkru=AmF089>nz3uF-(=hkH zeZl$R=2GX)#PW%6B2JMR(zwGje}el{f8Tdcb@of6QQt&^f1nD~oehOV$HtW{ejv}C ztO|lEak^606ZD*oHt+l_uNc1p?~_!^cw}Tx#a!L6>+9 zWXHZG1~O8iHw@o!w9qEph=Q?Rqc1fU4)W9OFu{kC^> z@VabUilH-b#AREKK7!H&TR`}=Q*b~fkB|W*>CdG06SB~fzjfn_X^lnUgAw;&P{MEM zNbYIY`q3l7^GCEL_j+Lt<->DzPmv5oX7_rkvM#}g19)hlm3rpxj=oMxiv91H;C>65 zxM=oYXYeg__I0IAm1{RNddg}#mlnQe?<_o?T^#SfG|Ua8bx6SoF@XQ*WH00)8!)QTo9WtuouC#YVa*8=z2{7(jJE9jH~dx1>%2;)=4*BGs8mb^KTY|OY`s?B&W z9%fMm_u%j4xXd;|7E>FWm!!fxtGJ-GOKUE(f))YHtXnS$9`PpNsASyQ<6usGM)Pwd zI)$l&(Bc#NCn;2kjW7UEj^I$%*O&kJF)%uKZ_|R6<|~X@-Q8wRlDD+^cq6Lc!D}>@ zpZhhp#8)Qi(`&|$?_1%w`}FDVH!d<+ImjaGL3AY(MqLG`KmWPYVO_bn*Ljy+1Eu>B zuiNStkK5+q`0iPqoDg9G9WBd;Q`a3T7#H+U|M0}R^KuZ++gCp`RJPcnM`~ly>Lj#=#0RaIhr3QwkB=l`|LcglPa{7cA zNf{X?Ny)Z@G4-z5G-d{6j)}N4%i*D6CMM<#h~L4#F}d~pIhx;1{=O6=^Vjd7i7K|} zC4&VhB?yLx7%2ZskWf_QQQvH>>xh$~iIwY>d1-{&czNh>u&u$QW^8IwaxgaeTd6W) zYD$ogF8MXwQ&Q5>Q1s_Aa7A9bnlomB6s0@Aby%h z`$x6WP$c#xBRw(Hk`xbegm%6W#K4;?+<9q3^oHgk0%vogVI3S0U*uLrGnU30>I!P#iX|_uOh+taK zwZIq+Omv8P9t7CXVxXim;^PE@)6;dirz`limazi86*r76S#HOx%gYY^KyWSg3J|w_ zQCv9#n76B+jYg#LoxpZo5_Gw{+X6OrS5p&w`q#)15lC|YV5;cgxyee)y1gGFtx<~H zAfftRTWcA9n8FJa=J}XF8Vv9?X!%O86NYxyWdFUxA10eiE5Hz#_{T|AWBhYO1mDiv z417xEnC1kUUpB@%jc z7pJOW9?SiQYK>sxs00Z*vXx$ zsQmoDa^I<1ZArjL^cE#gHFvK=v6?k&F(#a=~g|HXHrN3V^!1Zs_#KX@7{G;n!@qN6}n(N zp1!65xkOxy5v0mls&D2u@R5B2WlynXgFf)uNIp%X5G?5l?PjFMiv8=U#W|F%|4$@aMZSXooE94$ke1g3z>8P~f3VojI0!l8EevRKm@_vZ_b zyVw}Nrk7fXM#b6k_DEBE|D2n<5iWG470D7SNj_Tvwl~+4h>nxv)Qio0M=O}g;kGt5 z?qfs!TZj>ZxT1JVVk<-+z?9C#^_T-w`Wfy1DHaCk zRrdD}1~(i_o{2#s`sn&|4u%L297>tePfYL;5)y*qs`M*O$Kv6@^mM>^I%Yn!_>YCW zCUnTPQ^H^iup>XEYyihfInNW}zLOJ@bjH3{QT7!tLc=+^`T32K;K$K%IZY%)lgQHp zUTb=b!N@2hH2jmYR>e_dW6^(b?$X<*Q?|ps(Xp{lIQW}ePk3KC3xIC?HPR}JT$*UX z)gms=3z4#(ifWIDa^FPk6u(#~UMekwRJOi^1vz;+Bj^JkPp0!#PWHkoz{k+^1!x!0 zQ{Wsd#Wj?guL^js(KMd-7Qq-Mc+qJz<+bA#cbPIx{dXZ?)d!${Q*-mrJKj6}pyAaj zf1>x;k4EWbZCL5PJ( z)H|+ka(ufM+KA>Wc4RzBBw}x(Uxd_U%S>ON4a6SOo>w2$4~Rvs72#td0|@Sw+17oA zmwg-88Imq8r7d59MzQhYRMBl?-7L-oT{365#A-53s|oXGwHwxoNg=LYQ5;0*BEJeK z{ZILYz|3%UB@7R7z(U=$rN?0laD*=%<{V`|oQ2%$4F)--=HHklN+8$D5q)2mBuj|# z|1Ww#MMVYjHecJmepgH)B_>8F2?G4w$?}BA$RW~3R8CHdJ8jF39D+|JT+Gb=))H=g zf+HcO?S59Og$J2kDeBS&2KS=4U$O9FqM?R{hYt=-wbmSx4`gQR9aM{@;Q{K<@P!Kf zHoD;?uqhzi{+pa^a;(FX&-@g}mgcbu^S0$}E*Ge_WB^CcIR7CkO!=*YgfaYic5$Jl;BmCB$}LyjN-gqiX#j zou$JjczsS<6!)3e`5y*ZL2Qxt7J2u!6uMHi^Y+u7&fQ%ns-T{Lzq6HbaC*e@Mn9*f zhEGz{K>Bc?5f-@ZxP^>z14%T%qWS5N0oG~jPK7ZE>fz>uQKtW}=7f=>KmCgU3AR-E zkM8`cLlpo;AdoIgbwRq2Pb&zHgNn8~)%ujs2gN0$7Xfnjy( zOHz_cinP5OYqY&CMf|g+^v(6{Frtcfe;$3G80b7&tw)p*h$+_bzgv;5ySoD{^{f(D zJ-D8AxPe9%TC#O3WpQ;?H@k!tdqWP9KHR4-+YdW)S>sYPt#3!rI@z@yeV)h-;N) z`%PVBx%>@1vL&UaHZr&UJoCjGFzr1zGwv|wS{=Y=a;kIhRY-};$h^sC=!h{a)8_Ly z!p>3n^4ieTvz=2v5^*6+4YM3?ioyr<+g-ig55a9LXTQ&NOL9CIp8Y2&7@0{^3W3jV|3 zz^sdesU3XU#h)GLB;=F^R%%4ADysSG5E>#yk_0E)i;pB$7R zWAORu#;E0VP0Gd}?V({#rQX4}OYU%ra&vRD0HiJ3+Io)~Q61H>nFgX1|J%nfV@$H} zKzB`?ObX}KmNyh8;j0lDob79p^CjaKLv%E+WfbTkdunK?)FeVCvf6%Wxv+Z?#pH0@#4y((aFgcYVYGDzGEh|TgO7XGy>LDc72yCnTRi!+sAGI zr7W&Rw3M||#JJ{iku@A0+OX!`kTi7zH3STmZvd@n0}>8Y!S4bOkP#jqE zHa9H~g(=I?$q^4HFriqX*kqF%aOeBw>|4&&Ydbs0k_hMnbPH>t+EL%4bflzKN+VHz z>5v8;5bB_?GAyHf`(C*63Kqg!`^wPZ&5g$CB`cpeKS2I+9bZnS=xnZHmy8<@x6B62 zD?IC5`a|y!(~?H}pNjxx$RZaM*E2K(UtSvOxpJP`l=GyO>i9^pSw9tQ1T4-p1K0Bh zw}k2z9cCD8eH*Agpr5fPgsQ5lFC3rp+AW~9JbXAZW|jRd)6(wt6R#9{6#$da%K1}R zHnr0vvf#}BA)zE~@`!lPM1r*tpSaMI;C$iRnOXC-_~XBS5Us;P@~K_(t{NjrE7b4h z_-4}z4qo1$r)6gA8yl^r6@Bgs0XgIxW2u6oj3k-q-=T%;**ww>8S?;c0PbrE506** zn%B)gAtxRzJMmGGwlCz{D4t*56nWUv0-Ohmw+Nky2}EH+9Axl>u~g1@hI$^PGNYm1 z1Y8x`)r^M^{~aI0*1})A0|VG0UIkKe(C+~&vUw=Qfu8>HJ>mM-ZTki1TCmkdq$=G0 zA1Bj3{pUml8e8~+G60DHK0qsFiw*()E+JiAS0O6ERG>>VHZhAzj>KP==a?3JLV^vC z47eefv7ym}R6@UbG^N0Pova;RmeS=X_rfv^KlvfPWR0@&J?c)9T zkLjHrI}N=N4+B@G^uaJ-*0{UmSDp#St6_f>+(*3l3JY{)j_`pKlgQTBc>7o6lYUpd zfg9H!#2pKVZe2V{U7ekpzFGvthYVq~0pgZ3_NbDQbgqJWuwu|(CD%}XbYV2{#_(}` zXA5TpLIuYEdTZx0u7p+wcv(#<9cr!!VNpsZsL%V%(inqyQ*b~T$Ln*%0$wB-03uTL zpTXz>0G248VbnU@L~wZ4Hr9T6`S$+JKL`|mAwPkPAow9e4#iA9sq(XNiB8;Gi1i(u zm}r9D(eCPkFFRYf>#u}IJt(aHp`(K83C0+BQlyyA>!@gG<-Wv|m|b6afdmaq^b%Tb zu%DDKLZ+(e84cdgWqX6vWLQv`)E9Q}@AwcnHdDdM(MMb$g2~r=DGGshQQYK|l&c{B zIjPeFh^19V9=~LgA-6~*Xq2pLA1J#g40MmryaX&frpCv+Aik|?wg1OE z0Ga-CcHtC!`W}?+qxjE^_a0N=K>Qj8Itn2CZm3bDMxyC?8UF8P!)IQ9O;5L1&XQHm z`*Ze^fzSQ~&#K_@$t9=8YK$x$)R-~#aV1?{al1E6rcnuCjaK-=+XuRyhaJ_gQLIvv zTNj-n*Chyu0T@}77!BK|;Y9#<)X$w%qWBxo#wu0X5me6FF_2Y!020p0(C_GnIw*)~ zcLp8b;s1y7cZ5L-dG%spEhvFrjl6wIh}DJ?1y^X_+9ytG<+mI2X%8TD3>2CW5*Q!! ztel&P5bNIVx!L8X1E|_aWep@gt`=05*bT3|*FHHdk9wxqwArHay!wW_dyU(Az$#|I z>R7Ds#qUMS=^vNDHY}yBax1c6GJAr1y1i`;ObMUU1|g(&FDHox9C0m=8#+o%edj=^{kB*s!EVOT3J~&;z+~@ z5dY^0Iy?S*Ssz&*<6%q8FpoD=^251=puXfO9r(7wa&v#5lXKAnX3qjA9_)j%-M<90gVyLM&YuCSnQoq#4gGHTW)81Xp7VCSCvT_3It(W#F@Qj1V5? zDCnsyz-8A!K-}>pq16QNg#|}`Ue`6e=lGFmdE=^c&K`rCMTLQi9TUz{(jQ1ENewN} zR!5c)?*2DZ6sXU&lvKgHgn0_(+jLpy>Zje$or5RB{C?w`*`=lUF|ut9LLMa4smR3Y z(4KrrYVq<8%$^;cN{XPu;BGDk=D@X$V-QV|P>{qwN#G_61?|R5C8g&Ec2D%e1H-}& z0APW7y?g3;z`CIuD)zB69UPQhU0ow1g&AMJ;=O}eiC>_Plb8J&JBfr?^WxqBJZ!L( z0uuoHp;|9J7=rJ~jKELe_1R{Liu&=p!MwiXyIS5voeA?M&q!~nB5Y-VTGa8H-4;qJ zFt@-yl-$_1m+=#Hb0WLa*I&z@s&uQUsDtV(J*ztCYDQ0I zcndw?=T{o>rupA7XD5Jl0|1;1DEk8I?c3Ak39FaQ=c-$C!ZQoy6vm>In(Fnd{6l^rdqyp&Qo3kgmB4%=+3O!Ig2 z&-S@e86NGOjk5U&7qxDJiw`+H1hDCypBm%G0mKXG9lOoc*Y8@MwEfv2^Ygs{{#J8h zl4R_oWBctFzisw<)5t4 zb>NcCpYls}wDaofD;m9gC|eOr$ulc!Pf;VNA7;yo9r<1*LX-64TI-8gxqJ#Bs-VGv zgTgM?r>dgfK2|VUy_cP&{9X0EpQvRN_l9ChCI}9;`xFGJ`b`+-QBXkraM3LGJ?|}C z+?)vs5kW!#n93@A5$yBWsr%GxL5COm+zqmPpkD?%a>hW0MKKkQ=R^JjQ2XQO zJ5PkUxy5f9K27-cUAucR^;{6iYkfjjCe(VV)irVC3}gTB*jRA)da?$e{R1dO5P<>r zL@`niu$%`9-}fyB?lrZ%#n(m(|_)n1*9vEAPUsUb-n9>C7do*i)l0|bjj1tuvavCGa|aF^zmUV^Bb zhU@Vs8{xyJfL>}wvixA)MECmj;|};7JDH@3W?m!d%oG;_PK1pNyyW zt3=YjJFpL^O}+H4J1SIf7HD3%72;!R7Fd2w1mm% zpU!iRd#BI|?cTmXyYP;FLSBjJ(`K&WD`)oSe+`q_razbQoeRQ7T#$+$x+) zj_gm_-wiK^-g1V<8i^aEmty(PZLvT1Rn$o&B+)PX;LoGcsXrC<^@ z7ki2S?l2>=;hIh@>(~trb+g|n@NA;Mu{NWn|6dEc<^oS~8%#aNV(o%oq2S>+* z&V|uN4Id})&08x2OH0C!#@Sm@QOQ;|IaO5%R-ekA1=`yT#CTQaF>7K#SbxZiF7J`H zvB3q1vO`PV6|ZY#%HtZ80e?J`!9v(PP z3fbFIci>WgtzEoGK8H;O7Fj3&{MySt>dJiss>|0hGHvUQ9NhfBT2C0qf`YUf1%&yV z&utnNY+M+QMb5Nf_21%=i&R%H+nn62XX2MWoW64ID1A$V%}+e~JV8d~G{VZ9ctQNu z2@}x0a&Yi-h#P{LQmZj7?EA(BDc2q4j_-bcVvwT)?jL}J07?O0ZQXE`ZG55H;3m+5 z9rW?q1GkKmy(c#yFXN%OI0c_Q24t2F8V4s4L_zn|bah2~ zYaImz&e^wIU1=??Q$JK&&@#Xc0RL!d@j(LOWacNpFM-Ac;kD0CYRo_7{EqHIOiWAw zTYpZBbsiPsM`EgYdBuP7VXR3W=AyvIclKz#m!F?cv4EG1hH?{FX*lE#+4YZ|S#K1m z%Xy35tk@iTsino$VxkJOp!VYg*r07}+MYb0?ppw{h}63T*yw{6qZVB%0KCC;rpk9e~O5u0& zo4weG^Sn$_Y@>U;h73zyjw7KWORP|Q_ImP&((|f|P4~c!wRPEkZ=;)SA9(2mjT-0S zzE=zG3JEd3U>k^xAN{C=9q6_k-nhJbRqt>$^PP)m%5hjeKTk_eTbo}dF5z$O6d-1S zfD^3j&bK5BcyRwHs?UNe(t6ut3G>ISYd6=mJaJieX`)&lbG5;$6)>!j)MV$H*( zlke>}#A2NaU>@L4NKOvD^eJCFIwH459N-^n4Bq-QHC0z-eD1_g34_d(>u@jH#g(Ql z%A6zL8(v*%CMiW3gTut&x5Cu#y4Q`H`JZ$rSWchaRaIBl9lrc&%ndJ)(H-Fs8R+nM zrpu!M<$-Ip{YR}1YkNn#=^_ zC8ZP11i?&jTwx;ZGta==JzsB}tN*MugBXjlji?4kF$kwjkP0rx3Vz4k8$izc9Ig6@ z{^Hsgn04JE3ZoR_FuSQ~CxfZzd3DF`@sUHd&c!xQqaoC))#%Td7$b%H{o=SHWR(uT z@+si%ibV8kUXrbC&IkHjSH5T4(9>zC@!L3bf=U^qMi*eNdMC9iF;q%DCa&yzU9vQ_ z+j}F1&56rFsxZnwxDxcZY*$Boo>aJ%Go;r<>|m-JG;ViHNqP}Hj2|hHw8Z@Wjn??T zDibY@1*6KzJ>3Dz!Po4c6C;D^y6mTW$)KgCqsxLm%cz-OR8eCbJ4+Nub+S(%LPK8w zB*@iG3u)KFMLa8--|z^(joy=H^h!2X8b<}h8Xy74lFC(TzyHv`iH54uL-fZ$9Avv7 zhgRqMYbt`pMb0A=vsESCm)(C7$y8MCH=6E6>>h($9^3K(fjq62FKg_B> zzM@BS>~-*LX%y9dU0F)K+HUN3m7k8a`dfF&8Z6f>BR3S4*?1JxGbZn3so5B&TTxMW z*#0&YN1Ef4O~XD)HsVfF<+N?@YE^tz;_Ewz*iY;_pZR2p#k>_H*?-ahjsBdzXc z%p)SK07EGQPtXhB($^3#$9>_V!2p;u5)(_*`-+bTV(I9(B11s$z>Kxl-o7G--@FXksc(h3 zZM<6>v<_ZyXVUn(yD$Gsy;lU%U&3;?6Q%-8 zUp}5!$H;DeWMp44k4}rl^I)?7>+t63S_|$1{T>#&KT^bnjf34&echg9y#k2h$H`li zG4@-N2ZME9uPnxkR$nQ$%?7Z{fKm~%No8S+huYgbw}k`!ujS>Ixq*kdO{*bK)n4Xt z)m;ryukCE1&z1E1BqUkaqQ3iw5R&=O_KL2%TXxlB*6qW;e^2$?=G|^w9Y|ky9$$qw zW_!vnr>7jd&)M_iq4{QRvM|)D8_JU)g(C)qm}e@AeYZquAckIGr{VTHFv_&iw*gBQ zF>e5c$q)Q|P%Y*7Mu_?|d)omzgKfXqFNr%dqp|2f+fX^>EI_2DX19}tk9&Ve8nEc% zZ{4~;MFO6%Z#L`oq29xpLE<$&$fNf_%M|eVRpkTrbCg=81(U|FuC~Gw%1hHOGYe~j zEe^7I!NI|97Y?c6udqfy`t*mHO_zfmK!Jq>vqqkbl41LfEjx#W)+bk+`j@G7=Y6kA zWXgIL@OPy-82r72JOxv#zk#$B`Aq!PKdx8neWpPfRenid7A~JTv}RF zyjRH!Pf+gySuh9jETP!A1lV4*zM%6m7N3@S^eFGSVk5U(N@!2|Ee04SF7{VNmS?ZG zI!-Qv_#S?sR_hWsUc#D}%~kIwMz`h-5i$#a=GW~8Rxj&7(2X?p^a6kV*d+ByLilUOP8**?3X!WgpL8RtbM1tad-8#)0>k$w ze`J@EiQ+xy+*Hyv)9SxGp6SK)xhP_U#es9-S64Qe0r=zSlbd!Ks*LOm=C=0rZ|@lk zdx81^f|q07j+cV&9Y)Y^IUaa2&#`fEp!pO7^%0a?R>@h8d$7re5DSFs(je+v?f(K@ zTL!v6Xwy2>6Lp{%R zqG+s}mECROSL4^3k#?=90Bv9(bdDDkEfkEk;(87raB_wKrepbSl2=Y;dUmpVMyPgu zXQyRxk7W=;g9?;L@PELh$mjg;dHxM5+K`mxJdHBzOLUO)ImmN~aBwIukR=1GJoqs1 zbPxAB;p(b^Z&?oSl!Jkeu21|oy!3Dx9hTx3>0e#sKrR;PIcOVf8jdztaBbta%}T9q zhl}i0SMmD705{{l$OX^LLyt*gB!)R6QwP$S4onLX2q~!#r{UL^Hn97F+@9Yj0wX{S z$X27M!O@tvgBDLUL*;74vPZw2POy3V%I3cQS{X=vEpCX;$l5`OB}y|9sd;O!jDw*x zT6_fy924;74g*)_;xbN0grN-Li-ZI%h|5;^)vaN`?Gdjbs;X*f!|SX`l82z?#l;;Q`y*y%b~`MW>C_=I zL2}A33iOG$cdmm{um6eI@@B7irA!z@{_M`8&DGJ)g44#PA0#*C=A@=*EM(yk-pfe| zQQv{)0CYz&_RhP?Ix5YpUoH%%+8Jf;<&9UXd=Fw-KGVNGVG}%RH3Q?=mt(FbrOz6A zp1$LHZZd`9T4>Glw)y7du;AenVH8dqM|`Mhrr9p;^-1`*XsjB6zJp<(%bYB#A)>`Z zXSNqlD+|rp)8k_gyC&ok0`Oumf%aC?_lbmzPTPgw%6-XiI+h*#G!s(q06SyxM1T_~jL7@1XrnhN#Yt>2*ICX%p!?me9`&H)) zlEis1%gnP~7d4uWZg63e#!FQHZj%E`)2iOa4>L=w z3)E??KcKbId;WcR9SN20gR;s`J4-=Rqc8;43V;jkpkCzqrvBN+xM}7-8-fI@6mw|fnsCuj#;59b-5wJ)*A0Ji%>Xc@)U8_`PzTmmH>j}!z^Rm3SI1q8l;*cQYiIDx21y&rb`eo9NN zByuu9$m9wx$jj;ic3=P#Jo`;B<=I_;IcjjIBB5IcDWLB4U;4eSx^7+0^j1#E0=)$a z47UXbea(?4!Y2a{f#$by;X$g0@fCh?Q3HT?zU}iF&==&2Xjl(oT2IgNVd607__>12 ze8V|)G{Xx!nvF3!8GPA*XL<@__~GW(RIYOm!l(s)wZ4yW(f3J6Ur@5)E!BRRfviA%O%=w{QZ};_eB0Tvqf`0V_<-O-t|33r<46&JrJ50H` z(3aDAwSyfB2F@YjAR`M%lG@OnM!}q7x{U#RKo6UM|ypd4WvHb<2sYiKZrS9@=>9;KgWjq-Pwe6U! zKovD+H3`{W%hmc9p;1weLgdXu06^|$e71=ro4TSX=c1T zCyskCseg_2&Sl0mVJ9{^O}E`1B;-T^c$hEndk;4jU~LJ<9noCXNXXoGR>0|EVgjhX z1EHmt8kZrBlQCuvF3Xy~OS8t@FB>el0BWB87l9cqHz2Cc&B#5E;#Zz4awYA z<;=5ZkjoYUZcPw^LpzMLKR`L9yQ3uWWM~l?_tE}g80iRD>%?HqanM_LfK`ao)4Cc? z!Z&Zi`2gLma>WmKQ44HkLXi3`K%)uWzs-l{{}Dzq)_Qu)hpv%YI)(hIl%!NE;XWtR zb-pqxkpVkb6FyoIzA}XVO|}rxB#Kw~3Z1E@xlDzLCA4!CZpz;3*)6++DK_u+(}UH* zgHCm-!HzzT7^>%JC{K1r>Q(5A^*Er&!exm@jy2+SB4xVg5ESJn5M}6m(ERy zrB!15rv0k-apiPalXe9 zxC;Al0JE06%#CtP7U=l>o6$NvNs0Gq1~-BV1LK>T1)S^&paa0r3_;v-R|@PTt^7|! z<>WXY_sZWR{;@vu7PMAFr5xYiz6G@xN{Rx*tbnnpt(x2k4AQJG2 z0xi#5s^rifG2mfVkpgt;>u!<3(NR95REbQcwe4x@-8Cac=pPAE*JO>;2 z4?vL$Ff$01Q{b|O^v~91&jYvu04M=%SsUmCB(Vc*=~(yz;go+U?;;Q6%_={UDZ>AXhaZF+P7s0R686_cmRe?zMzh)ErVbzYY<}I zFYxYJ++!CMlz^HIgj#Bq9#b?x*s7|kkj4KDP-7sHq3)h0!ej^Qy6qhvN^Zt+Hi8Ux z=F9d+L{ZM|@JY%^vjK8=7|TeGCMwE9>yBZ9BAW(bGOTp6UpOh@J60PXLw0JVhJXEt zQ9%U>l@Wp+1;Ma*XDC2H;m>bqE0EGiq#Z4_`hb-$gaa3_T#xPgRNxeGDEZmnUIYK8 zKqb-+g}MPPL(Y;=mX1c^>;^*C5d}$$tgJX^XGI*C{n1o=;^H-=!p=JoNCJwq&CY%{ z&5d~-F06?HxfL=dR@MiE*h9n9@-Q8NxE+D;OQV6vr2qL3!0ym${*T5l9=6lJ=+^6!mD6@CzmjmrPa_D9dxq1M}i5jZK^bej03%A?&TvF7|_}KK( zD|6ffZbJX^jHjz7c{;F#de>oX;3n)T!VhIB!9+*J5X($Zr+rErQVRY>$SOj8maAmD z(AfkR!wcXF!PWxk5oU^$5@PqaN$hPTdwYRG<^Au;{v9mS{DE3sR^T;}iYL@dFF9^d ze}bHXl^klwc^LVCzAB+G2S*RcveQ#$mz@XQt^~L5l-|3Mm1Tl#LG!gM$Q)FL(o?SO zAqoy2g#y4A$R~yZTkLzswgi4(Tvxhe4_fJH_+4Q!zH9xJvOpgZEulh7r-o~1@=J#Mv=s_@i!hQ-&m{EMIpnoonR!+w2ZKPLGTt-Xl+f)%6{$0HW z#|TJV1((9Y5q7jm!c?-(eHIo>i3G!?I?da+Nhv~gjh|O`OKP|fe^K_8QH>1dUZlVOSQ~Vy?d2D-@b=Izek4!S&T2O% ztX9Pjkhu=N-r4aE>9r1F9PcD^7CenEPJ99B&&)fG$F<)?(Y6UIJ9=$qy#fiY6AtYb!Zd2ao=Ew)*zo!)SyO_4>~WVoJv z)$U}hMXB-?pXkY|@sX0Ao@molHRKqpyc~vOOT*Uq8l-8ZEJjbswD7Unl4Ha2ajJqn z>Zthn|Kt{a&&>Xg1#?;dYHcr-k^jtV8cyar1?uF^dVUiVMgiavwk``0u6z$#uy$i^ zSVm1+Y5a{!ajv%7_KM>0kf+&ih~yvo3ekPo2tf~AWp+VPJZ#zCyEsJ}BDixPM?mJy zMEV=PA9LFYBWMvxDJc{}_PiF;ivrH{2$kmNZSNK$7i)ivT}0Z zDEwH->k@!Scj_hk;(kVIVe!4%{uCcl5J%r`o1N|x4f9KXEiV4Qmd-nz>i_-Y4HA81 zCL<%etdMcykaalXlo2^rwv1zBMnv|`mQ_ZSy*C-zLiUb~?2t`Hgr>p7e9uo?l|f98b8<4gM+=&r z)lzzWTW2Lj1j1=eVGuzMm_%mh7Hd!y!uH9za@f_=V>F`K0N(3a`b@dtt~=VL@trxE zF8j$9RVtb{i(Wr{$_C?iP$k|D_&!WfQM6w&HCaouaXI(HpXD~jts~D>S`G6uZ(fo~L5`8^viMA>UNg^@bf>mKOO)BHArd-cRyPHhb6eY!|jI@5oaI)0{z;ll?aLT1VbEWtc;9| z7kU|E7Qc%s7?JOmNl-jzE|nxeq0ID$d&fl_9L+|{%eTRdhP`n?j_}smysf#Be>0hV zMbwbjBqx_fzTv``A+jKy+G#RE2^bWLy`#g6Owq<$3-hKh8+m<#G<4UIqBIOSq{+wMXC{@?U-*J5 zWbw1C-+>l*f0_CCQok+SfUEv4A?8LLXHw%;bt#iO0s31Y-1?dse6#Y^F46kB^#D}{ zOT1Y|dR-{I@(&~1R4)5N^C}~=m6y;+)m{Ls4CeB_KX(r=leGY6uyDd^K=`J-3MI%h z;ccD&@$DLbxMp{brOyd>_c%EGo0^zGq4ViXP;mm&BL%IltMTh)hqFeQA?x5ZYP$o88{S% z(zVaOK>G+P)8eJ>Mo>9xEbUb;Lq~jaOfX5(nF{(WT??RI`?>on>tq46CNAP2s|Tl4 z_LnaZvr0k6t3*SS00;9H*(>0y27T_!rJi706U*#^C6IAV){X^Qn_sP%ppQgQEj6t> z!9e$gg@y6iG;(lQug!uu-1~FC1<2;USqZmU^M)|lRju19xM|b9u6sB8c4z6kvWw*M z@`wCZif@!2NCLL)ebcBVYi65oU3&156+xV zjOJPqgivi?CXpp{SBn_5s@AF%6|X>BD+`ISI}>6MWg}l8ovtw=sbz<+mXh)ICu%!l z!Z|57OD=g`-gETvU0!w`9wa+OK8%yWLpEKn2UH-yyQYm82F6Eh?&C+I^r~G9I!!JB zI9R2*YQkE0WyRvK!g=~rrHcfdDn2Uhs#zC7#~ZW+Q0<Bd2hBQQcV{&zxsg+LQ6|0qn=Cm) zR+E&-G#%zN2B%{(oUZqB%SPcq|Md5-UoRvl(*qKtbiAE(+c`LmvvQKxFINLMRqZ=v z+PoTkE8~Tw8@F$8fy$mblpWT6-3pw5vz|)rw`vxFl9EfEf%*pR4+16@h<2t@uJa~K z%DhxV9?i4rjqeVtd0Kb9Y|j6FRWPfxcPb1mU6 z6cyd(ZQJAW(81lLr(bt)kgcAZ3C81CJ3jRQxDrTLE=J=SNUsC44$#G9D!gd&OlHNw z3{P? z*gRd-->OW4#d)jD#@!MdPH#C_e7a7xU3O*s&QdRGP)I~Xx#1yUr#JpJt$IVY zw(E>U2f7p1zjp&EUUViIUe{8-z>OR*J4HCIk!tcKNyX(ZxSg$sXYoARcDNmk;3)BX zOVIH3$3SzQwioGva82m^ENQvmx4K6;{SW~i#NCy~M{eegd*hTyyxP~jCHs4s5RYBd zbx!p1<ZV|o86E!1B{`nW4Mp+&3>Q@$@zh`PBrlie z@EP3AwGHoZEK;7N=f(^OJ%%*8Fi+1V<-Z+Ru!16Dzc;OFbR!ag)<5K{g@*G7P)8HX zPiUfULkpuvyByL-sGJ~jDT+WbiIBoF@O&m>#3PwdyCtofZ z3-OFzHpXDqmfZhhUmXn5ojr`qH68jQRC}^((|QuW^)N)Qmtk__4{J_i$Cluo3&8-G zgvzkHqXX_@&FK~I_#Y!9V!y6H;{xcAVt;FPx&8&rls{h-_-OybvPhOEH7bgN!oZXT zBo)Mo!Y}u_UyM&Q^QaIJ0jB5Hg9Cj3>mK~euU8yjl}m2_&Q+Ke)&&8aEYIfVW~wQg zJaIdS4J@wxfWVnKo$BS(d(s4J%`cwe3@FnKVxzj(5d26zGc&Pqf?%l;@vlJGz+rGggp<=(R6xZ0}*n;>=9UJt2e@()JsI3>-1Z zf=sd0lkkT3jyp_Y`8Qo0&Ui2TLOVE@~}gm6k>~oG$kQuq9+{Yc6nvPC=FM^wKLV>1~fLbt4tO5_1*G2eIDr4 zk<@uCI{d}+1`^_|{e!WpmmHb}dYKT=aGL7zFf}vI#^YE>gO85`p(VodAZO@l%t=>) zr<{?R;0qcW@sk!cGV2qMvpCh0ni`v}j^l>(qiwlTtdMI})yY`6hmzga$!F5ntrY5* zlcu~!@E78#`8>hQ$wDCqRRq9zw?-+%=6J#$-g^OO9aU|&WL7Yx*PjR|{8^GbBqZJ? zz9r`JhU;eU_WDReuXFt=QOEm(X+vm+H*23Au?NkBr+sY>mqZ_NR&-Wd4mmha8Mj-o zi8Q>49=yMJV@j{6aLj*ne~TbV!h`w-Q3qOJqFl1c(_>-CZb_sECEXb)urqn^zgrl8 zbwQSibdn5~X^3$GkFSi19lxBM+(}33$sL>8t%gebLjmMe#lhj@v-d{+^*{a3PTO*| z5T_sg65rDv&ZmVh~9v7C1mOFpp&{Hn(%_mK;%PUb>0Xg~y619_wQdfChGezb_o^ zT0)}|5|E@jcv3wUX<$w%c{EGn_cD-EN8IhbZZEQjC43Xc)<^u`e2X5_t~k{k%>N2M z|NIG2tlUlBtjCNM3yDs8VgCO7dSNIg4n1t4RpG=Vks3E$FOfeq*f;zmq$8>6y(68> zM5^RVZzBT9tg0f0yj<`Xze|-2KR+K0Pc{fIrdoay5bg~;f8g+(gP&mVE;VL=VGb-j zMkT~RKB2x_fz1PYHk{lub86_Ibqd^Ws$k!l&Et?}f`*^7{)`JX1!rWguCCM}?5v-h zqEA6_xgJ zh%&LGd1UF}u=>m8$rnl2#jskT66mh&7%tbpMI1nH>p|Mwxr#DTJ7HD?#y;uQPgg!B zUB&Z8r*jek5Qq3R&Q}fTI`~xwvB)_SXLS2xdJl zww`cuS|9gqG?xW$s0el6Dsi^@3Ll%Aj100y@=&zfmrH~%JT$S~_Uw~&fHy671q2 zmvYX3j!SgY)dGXvrN$|i^X1M~-ncj6ZI9`%-~H)Oc7n2Myv!2#kdetq|EHE4S>P5} z(mx^cC;3MpAI|V;M|M5Ink^%NDpss-}4}cn=*kb)kE-xd_#=$v#dK!nDT4A-pPz^U;q+Q8} z;YS1|W8|EC)8j8=?a+pU4PX_yUM)n{D9$0sUl4kJvB@d^|6&7nq_#3?$a2_zW0JfUzV?NEK{8Ux+9Fa`;qDV$NC#lm)G@GUWW zyoNdX^!|umx#BG^GogHuJ%2>qaJgPi>bsMw5(*G)7BNH>U7-UD zX@(uD9@{rPm9@swL{qmCdPc=L&fiATNging89eeWO_8b>e*75t{5hYQi!1RMycf@k zqmM@<-f+uLYuMYrgqgF+M00rIDv6$HuUTsGaa4FmLe%9qLk|LmEKJPJ15zx3FLo(e zS5AfL&rQrd7Q_=Qw)3rah3)z)9-F#dsvaI51%>RV(bADuxu0IFV9_n6lG}n_ z5@eBlHNJ0fkA^>930iuPC=8L->`OMn{Ezg=pj??-@ClRv1-` zHFd5#iIt5M7(hn_;c9p-hiMP=nzpNpJ%s|PBadtfe56f-=`>=mGbnK3$aa!zAh{4tcC&>4L z3|SX(9Q1tj!fyh33I=_vyL0x{f4DrVt8sQ~qbgzal3vhB%%u@p4&3z zD%)+j2L&&w-S?D$jqIbnf3p|hUzhE{MF_xa@yb*F3n0N*jHZN^t2D))JghmOhC0Wl zd3jxgyg`o!MmZJGQZ-qWsopCf&1&X<;k&BGcK@~>+(I7kS=97UQN4Go4wn>GFKheN z_+x;DGK$7KjgxHV9WVrdSm#vpYa4m!E>Wvjpg@}V;c6Ew$N^%j!#3yLi6~sbz%m$8 z^;e!nvKj~{^wa&PlaoJ}>T&o;&wWddo9dd7kWeL(fhtb(LvY&Y)uyVE9q1R3?*(a4 zX-G=xmad-$Nje?x9j6bAtvR_%NY+PKvf)?%#Q2;OM!I7qZPz5Um`F{cw?)WqQ zL;R`)K4o-u$pShe{lrP4#LGz^L>@Z9JiIx@`qLnXP ze*4yHywo=+hz%y)qK^U_dbvI%H=O>@lv*inN20!|{ z7Gg40y;yyRGgVgm^;Apk@0^Ijpt$s}Ln(H>-F*Ac4-wPl{loK{xNbjdU-RUIC}@rm zldH%i(r-H>L-a4MNzyZ0SGJ6DnEi>!t6#G`GD9jWC>xH@HT_6+l|BBI_8;wG8GpPB z%Nwf;H)1F=aY_VAv;*uGx;{$%BOJMOJQMLdH|xVymQ*USm&mbsS4t4RBMtkfF4qKk zBUyckX+!h~P}72{1hS>X`Hy}L;#UL;EAUTW@MA@{7l&Z;uGblBp?JDr!vNBNa3b+U zA1UY#3r2$BffA{`^}67%i@4Wu*huieatp}u8H^HQJhxgU!*bA$&W^JV59E_YsoluJ zB|ba)-6T6qpSEqoNgh!f4a=tn z^Dh{P+<38O7VOR!K#zKBJ5hBLt*B@S$1(S_$DUv1&o*CMInl+YFr>Kdk)0O`>axr4 zDWRCf=`oz`gzDR-=L@S6Qm2zb*fM09JWDL<^y=NbrgkZSt*ZD_Cc^yUc~g0|Z=MklCg96Bi7M!!-BA_ll3ThA z?&V#@ArI~lLX^0wyEIV*HWWMDH{=*qK0F*Tk-~~rxI0wH%;Z}K&@@^atr!$izB$$F z-R8Tip?Cx+SNVO4rqt64?Jy1TjH1n~H99I*=3X3q`$^ zvbnlUs#&0eQi<*}v#*)DjV~9OQRsCi4@LK?VCc%QQ1j{;;|jl44Ryof^ac1r%VA{m IrJsBMACn0R5C8xG literal 0 HcmV?d00001 diff --git a/content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/sig-release-motivation.png b/content/en/blog/_posts/2024-01-15-SIG-Release-Spotlight/sig-release-motivation.png new file mode 100644 index 0000000000000000000000000000000000000000..02cb9429ebe304d5e0665b01f0e41adfa0ab7202 GIT binary patch literal 179299 zcmYhj1yq&K_dSdO3JOSrv~+iuAl*oJcQ;&0=|)<*ySqVJkVd+sySv}HpYQ*-*6Ui- zz0ZAO=FBVjH`~}Oy3d_2y7m;(ildN&v z^)q!H-i?{3jSG3R3c)^I+smf z#UA-^2Ih>a&OFHu!=H>I?xJMSggPu9Qp`X9#+|<-aIE%*Bk zC?|>HiEotM4Q!1(ESLPm>e}D3TKIJDM$O@V*>uXCcb@t$e_zR_zIe2oN=MFXRB=Ye zNLH3zr6j(w@dnan({&m7fUo|zJ;1*mY$$u-aUtBHx$jY);}euI(iAzD`2TyL={noX zj`%$vhT`Jsd6maHq`G$g@u1>DQ`Y=q6^u~Aw&#JqzjAg%MSX4>hQ$;eM`#hQ7ffRP zYBQG38$bKQa`-Dw$M64Mn>sdE7<=hd-1Vs+uYV+#9es#Bw zoou#Ats}8Xje2?tv5B)>!p`W5XgPnqJsHKl61|>rAo}38QepYLhrJit!Cx_YyA|1D zY9NnTSRC3Ze_7zrvn^&L09jzVFX|_l{O~-U8uqNtb|Yi|>OdD?)$3Z|Y};Y+apXkw z@%Je1-6d+o`c_K0>ALRzT>CbRXb!Ijicl&Kd#P?e9h!}uGxi#3@k$WEt^1|Nf?+*= zG_6AXI-zQs78hgzzQ1_XUUJFMKD8>6<7s?h&m*EAci(Nhbd)WfQ6=xl@CCb-+Gv{V zisR5|C3%xQk-GrPakAjqlUKy4tH^%=3H`Pfez7}~5s=|&KXjEWMsjMsfP#*v6^p@y z{k|@}oZuLK|MW@$J#YF+?AUQ5c5Xew@gjCPM__yBbm}f`UwFo;xeAYEM4<}L_PzTV z1&C(6l4b|P$%M3+ppq}p zUxisnr8*J7;n@Q}HUgoq$mW(0B1+gmZ!&wpj+3kjdamGR5Y*6@WYU%Xduz=}{QtcW zxMbt%{1&>r%(`;_@1QNGX71O}53=gVEdF<$Sc-UD=s}$L{j{)}s+hw6U7(69&mm{P zfs=-c**HeA6`8@+N26{hyr89{q#IS}t$lhCjj6r#|IXT_oa>OYJMKgguxXyVWo;lg zZF?a8oP^n4hRyR2cCG8Kk((D>avSIWZa#J}B0p~^RSL4|QcrOAJ=bqV(PRYnS0;8* zZF~zSH#l~UFlN#0b8@e*io*9TC%u!4u7BHa;Qao(HgPgy0WItTshX9s5yr8JY9E7@ z>}}xUgi&fTzH1H^-7B=6={shjR}0PD($LEi7cH7eCkNKl#+|WsC_LTU&b~W4Jz5O- zHlDaXSI!rjl2Sr~4n`muHYs6ELv~nJ$DFx^#b^CEu0otQJ%$vP;Z%KLeHBjKpOi0kAUDaTnHxw)Y!b%coo{v`CXf|68OT#L3sHENWP?p(0P9a6>+jkJ5NKZCzaUj1*{oSE^wM~UKbO%r=n`m$PwADWKQ zT#O#V=QP5DQjnR5mv;YJy!KkFAp0vo;72{$4UI9xOIe%0b%tI$NN=|2B!04&_P3bY zwt8F%IlBrRo+eY5RmW5-(+oWCyt1MYw<>IJ$JVSDj_!emyS)%wJnn?!dMQ<@xT)zK z!qZ~SkML}K&Qx}x$N4e(GoibNmhZEb%Z<2g+W7h40}2d?iGee$)a(zvSvZq0^6%j^ z!dt#q`aJ6@`+ni$7{qoCdUd{%LaBB`T<=%pd{l6Ei{dng;pTkg>wrY=23<>mMyx7r zWaA*3$GKQ>)kRunf3*IL7?7f3GF`X1_{3g{^*A3HQhhZ<;Guy9v z}#-CNa(`tr;WUv`LPD zMyR)3g|9ssIVWQ8+E2nBnQ+bjc_&wstO~@i&|gL8QN*C`)iv=E?cRK8cKn;r3J(6> z@^IZkr=RebmS3J-W*kM1gCv6SXhRUeCx%u0;=fWBhpGk%Ym9m&4)qiCrN^sJX~h*6 z;c?lveP?3}_$@{tc6nl^B9*fzOA-0Nd$ywad2U`{taRG&N};Xw8*`a||>ngH1LMNI8l}{FzwerYqVcX02T_A&{pU($akWx%P;^A!wBMhpHFk{1qw< z3snb;g3||Bl-hNu!&dwzgi|wE&(Vn=xShF=tPQk3O)OeW0C z+Udb#ObfLxKJHHJ8I(U9nWo(h-;=gmLdg$)(jtTfI z6a1%~@x>HScCVMdjHFcLBuQuPBRY%(=JMdFxf~H~*CjI9-t7Mr4mV)bdy7QAGgtzj z=7LL5w$Ml}4+ee>PrgkfR51n@QD}w@Y13BUeWJvQ=Ym8<6Q@0$ZfAK5LG;@5TjL2o zHez*h3N%)?50q{2+`lUK)>!k*4|zldzcJB&`?gRWRmGK?N~`vVA4|Tz6pzwmMvlZ7 zD~SGRj$`Xm9#_0cUZu;kE)x3mlZ7K9t3B&RF_9L^|88M1lfc{OpOxhCn`A2O8F7Zi zzEMqGQ`ap9wL@~>)|{Og8@wFIqLfmYY+-2Uls+_G3VO)~B9dcq-@n%7Nw|sP?`*Mb z@JaCJYxO+%4kkjgt=L>zaom}jh2?k3J$t?k?s#OdgtKcuHmdJ)a99ZBj?1?kKa802 zcffyTb~|uy5V0i(z7@-?&qdS6RO4jP0= z7u+V^sqq_dFrmI4DQeJR_z@DT(AxT0Vayrd)Sd|kc~R;~$Su%F#-ZJgm~@!DjC zfc-mxUZ2@upX3OOj|tj55@{C<(w5JqY-G7rT*D@zJ~xpQgg(C%)ZP|{YAUhnPnv$X z{nve?!zhmm#U8>WMLKjMA4AjATdUDkY5ruY(KvcZ+&)@Yrf#UW8~16&5=2kKfYW)rGQb+)GUkOml3Japn5ij70ICQ zN=SN994eNgrm_6|q0_Lu_XGB9;Wiey@Q7fb!9w1$$P#o4r(pehV0}% zB28q3avZwNec=Y;1x5aMz0CkF^|-GU7z;Qo{iHF&$LLF5QEB1Evxl30sBhjfHIpZz zp{X&^G?xgm^y4XA9*Agmv62ogUYjanIVJRz{`FhxDJg%=>1&k@T@l)IfcriBMWAX?2+r6eM-f@|rQIMlznz*q9~uQ~N+=k@R2Z|!iJ_ti zD^av^dVhpWSt$NRIlMMvXEeCn6?G|_C3Nj@^p_ti4-`#rG@dndD5)6k}$Xp)s?d> z-75|g#6slS@<7mIh2i#m?v8pmd2E1wZ5Wx(%pXt62^8J(a&spqv6wQOo#WQa*aEZ;qB zX^ZRl*;A0bmsbhIDHTb(fSD$Cv0%gCTO00GHW)tu#-`$N zuWDwcTbrtR$_|FK28z?pf78f_Dk#nSUv8|?Kj+Js$-TFTg}9LUbBa+Sls-EmIxc(q z8UINbuea7LZ`%4eUuP*MF8+3We4JLj+J9%qOz6uO%Sb6%S(CYHpEF?AIBv_*w>%&~uJ!^Hb4(7<6fhX^qLJD0WUXL~jB{%kZejf3ko6DhRI9cc zrY`mcU~CBq%W*yUx<$iD$@8DuA{LdzB_#BhbbX?0Z*61PpNA8Meb6v5Bcm!97V2$Y z=-vDd+vhW>>)^27n3`iayL?WVs4}Few^~q$A1-W{EiONAIc_&yez*nG<_h!r%^Mcu zL3HTT)3=@o9W`wekW2skEFuDnfq@a1n5d|r&{<9BV|2u0%VIW`nQTs7ak)2q&d}Bs z;0KrC&}y1pz7c3p{TMskc$>f9^w0NQ(_v)Gh=v};8Z8~!{jDjbCIA;Eubz^+P#+(p z8tcM&%Qg)T-J3SrZ$+mX$;mu^%3B@0kCaOVoE;?ZYJu9ls056VLa2 zwi~%q$^R71&86J(tXO-e`?>q%?8<7ukvX_m1nr@t6wG!ib`r~mMdX_?^jpFGX8aS zezB-OTxm!YA@u2?cqd>mQKoq7by@LHwdD%K%f}ZI5kbbwn>w7rVc4($kA%ekFzySI z=46SSF1PEhq^Bn@T;7$V!{$l8iNURnw(BMM9=qoB^v!v?FR_t zE8GzZiQ3*nv*fWM&vcJ5w~i}Y$1=E4x9w3;$Z0&TCX@LxZV<@Y;h~JTH$M!CSftU= zPbMwLVYY&cnp7TFdWMb%<~K-qg>&r3OUOU%&U+wH_Rar~wa~jTRy`TSwZ%VwBu`uX zR@{!;D}@<*zIRakI;h+)`yVE%QW1GXw{P(WomEl#&Ft~foej#g!rtxJ5Kz zD`?F>65RDg^)9gdo+3sd9uXYya6R4WMpgi0a6T$93X7#>H)#0qc)bE0NvoCiw2H`P zcY)}v?m#B1o3}{#lIyWi0$m1GcK3%YH#h46q@<*Fx0{KM17wNvU%z%0D&$y1E>s!5 z!R4?q>W{>So&keK<*z3LJ$?FkqHbp}3JE0@y+Qw#^~2?iF7(UI&26mOSn3lAiRDvx za4->=@{gv4qr8`-)(iEU*DF31?)a#vsN&+{nO}mCoc8|06A}`JhK1ceoR8kFg)ua4CWLHk zZW}UUCvo1Yh-$lVfrY#pHY%_=De`XM&oFE;s!$C9Bv^`}EpBW~9u*BuLRvc4bTs{7 zr6VIz*Bj>>JQ}&(jJE4|gYAmq6BmK`)5Gmhia^G&&okn$2s9g$&U?bN@t+imX^V{q zXEg4&mmE>I-m!8vFgwYC#@k5D1l}J!RLGkr;lJ&z3eIY?z!P|QwI%yl7#nZ++z|BY z`UK<@f?5@uS<*MQwiN=b0vD z6_P!(^Sa!d;=SF7-Pqo)IVi|zI-0knqM{_{5Xl__88apucvi2n@&pD-bUZ1s#fp8 z%#+8^bxLopw1_g42Wmv-CtnW{V|=V5SX%vDQcAi#H3#jRET(e`y}g~URsmcNO`y%c zX|XLq#U&uPK_n15xm^EW^W3O5Y(XV!P6^=^!N4h9uKU);WeMg5G>^LmsqaTXh&SpdWHZNh?dKo@uJ&$1oW%G8QgzO?>0MaIdIFRT_Dgw%4Td@~T&Mh~DHHi?KyCZpdU zzyx;rJe?C7Waqp^MlSdgB>eR&664j~sb}MfVe2BISp9Ti{A}Y<^S)ZM6IB%N+1pXx z^C28Gr)MQzHG!~%icG)2+)A4MgR>+z@`cST37WdSey7o-h8=Vnkz`C|n!jaV=+f72h zEP_P}1#uSD=vGTZ@noed*EkEvkN$bp=zbQt+JD|*Pnc8dKb`T5rY_*Q@WjWfIBEA! zP68-vDxvR9|J-cOo0peYkUCpAXH{#nlniRjtAG3ZQg(KXf`WpDdjqNtk}@)RQi=4Q z_lFI&X5%k)S0;6p$v8L?2L~l>S`OLCWs-%})UczYqY=GF_no+Lc+Ea6HM@{~`s53s z;Ucau_xg^^xW5@?aXp=er-+YqHg zG9_D>^fq{WVxVMFr9;EUSPaomvmxPbWGSZRfUGU%?Q@%iB|WrivC5FJvWEYINQ+>Z z9<9DPHU*(WtJC^35&k4Zjrn6rrydbGdH#4`RCqWkGxJ$o zB$wulckYVMa~cvp_sQa<9JAZWk9B&ng%5j@vTT1u#xVR|Jck9MULOUy)mrMt{~mM3 zyS>G0Hsm%IU=V9q7*CTOTBwh?9>FWUzsfG8Ca^YuZ+RRkel5<&90Y2fznNz>`au=w z%*kv?EL}R}yw#Oe@ANXv==a=cPEj72K5mf9rM5U}i@ji;m{5D%r&f8WP5m2(t{UX5 zb8~FTP-8aU&wJW~77kL))M~KFRuG{#5hZ1?>lWU^Nlg{oN{fd`XPXRd)jR%QfFVNX z;DBMRNeb^LAU7THsXCYyTyAYBT5P})0pT2g#{THy3Arws(}m{ga#h79`$qG|Z>cd} z56y-I=CGQ83@5N@zcA-Wh%5_S-=vqC33E&>&)NNmgR@)u_NREVz zjQ+IWH5v}iz{T#QHh!d8;M)4S`*GX#&DMU!?8(fXC|5t1a+5u&Ux&c>Xov6(pt&LL zS(FIP-Gbv?$PyjbHnb8FfW{4k!aeEUW8ZfQe0^ir z&&>flSSE&V5nhT2&afW9!kW3@7B_GZuTy+r^fa0ZrT%YXzveou6S4;dbSQS1>~|6} zsfWRsq0RecrR7gBQ+D=_!;jyv%H&K~FV z#S!l3Tc^KXA^)9ccifU*_IdWg5+RkHsx_ayIhYhNGRn=Ub4*7YK;&EuGCcWUpyQ42 zcZ>r6UgQP-qM@O}tCw0>ng3y{T***yLmmwlOo zwHo%`lr%IXJTzgx51vEhXh6QJp7?rpe$J?@lxdz^@`ZOBePjE4^2|7#P+&Pv8CO1j zhn|L}q)ukC*04S#-*U0B%4z4vZvax+Zf3WgHbvRWvVG44rZcf48)>!0YJN&&Tz*#0 zQP}OG2TPfi3$$MI?mA5hMv~i6eD4Nm=OZE`TgFrPtt;}pHi&qaJhkxCKbQvOo5!JJ zIqv9DtIw&cm0}(s@dO0G=H}sNHx`Pks93!Ad1`|D25QA}Z?w`QKFEc2^;~Hq=hQEr zK)qqMo@Z4JvKOVt=KK+X`($xqzn`{fw!`K#iaBhMwUhF!(0uR)kBkhkzD%U(y=ryy zWi}15r#B=UJ|_fs3eWP;q_e6~t%0C4FJm>^@$+%cvWlyCE51MAI?ptv1pX}2!QM$I z6~DPWhbs*o6Z40|KbSdnbv0T{0R9F>|B$ee1+1-o0`ix%jJe($#jn`>o}6BH7v_~r z?+_3GqZZWNxz-z|-sC_QhDo>fhoOUabyRMWwY9BHuK7^ws-MtDUS8gAdPG%ST>=8> zmL+bo`}g_kV0kLjFg^IRG_455T!m({L{*{Ih^hXdv^ZW#qk(ws`KUiSL+t7gL$*5Y zjtkGNkl{Kd$wY@%!(8 zNN3(6saPQG%&=Oy;DWyNV5uc2JlqKcMsaaWe9}NVUkm)Zs7!64H{e#s&D)VpQ<5(( zSn1nu*5Gh$LEV1X*L^P5I9avxT^E1x;sx7wihvJ4NThrKJkf#J;pdKCwc|WFJF}>~ zNp6mbL7lHPcbpz+uvy{;<(NJuCWi4NF1ZY&)y@Z-W_wS+aOd3Sr(ur!jX;|Q#i~_? zGXYP+g)Bc9>@Py_DK5DDUU%8eE$al6$>HkA|0roc1IqUH%F?Qds}^$S9^NUMw(IeK zUVu(zFRuS4mKm>kFB12RtYWU;1+^lQoOiMI%Sn?rlX z-a-}>VR!eYgN2sF@Czqtax~GL=+Xn)a8Z&&G;WYo##qbpb)z^PsoumiW%{hZ;f~JC zBm(3KP<+>M$Fr=U;0pjQ-lL$P2n!33H92l4d#RRbh=4zaXOM!{8wU^xGtNyRI`;NV zUia*aqw7X5U%rGcNjkcS#>PfC92Q2#4<%EB?QI@r8Dm+3eg2NM+kr<;2Fq1xzSmoZ zOC88g_*0`%V-kudWjbfd%BQ{Vu6! zm)ssnGhb?ELnD{g>j_4wL&b#wED+|v=mzs;!8<{VcXW6~Z>nDUvsNK;tIg|)COl2Y3Coh)U zAgW}Xtcd&VZFs5NIQz?dJ7-}E;Cbzm`m_+Hw-{qnA1Qneo_?^k2gphg0PBM`qJoZ&jwR?=7H$E;8r|`H zVQM}#v2`nuU#^%GFLAWkz+@{SwF}Ap^~~?bn;+?s2OFlc54)2L+jv7O1jB_Zq(W4o!E`>J)TQ$ zMdoZ=h@#`ta5PXv`!*N`sLGNfvni>y4d}D9|9r3J4&^*nny03s{JlNasWeD4czSY@ zX>3Fq5`r%weIPDx$A}c!L|cGtk+@48_-s?8nwYR6|FHK1E;neHHS@1OhEd5SfAl! zZBiBaI1X;zH%2{zLN6`HX=oI}MOz_P*}eWL_O?q~{{6)|I>LOn?*X1$|_7U;QOrXY+pj3hv=iF78X!!lOLBM`*cSg&)&3{@9gdEJuk+^-hX5*+#>ENDwLhL zxz9)&j4+JBm1$e3%xV1Td%cqP(4adG)Fi(bqy9+#a&3s<$E5{QF?NK%Y*MI)5<1Q( zUxW?wYOTfqi3_|OxOU`?SuP4i&M-DXgtUM)PnF#^Zwo1w64v9<2yn{FuKo~P zSD3#oYP0LDVzn^Zeju=m=7W!)6NG~KAu6S_rgOyWQ(itERH}ZcMu!Q9bA|Ni2$oilq8bm#I`&7pn+Y%~|;e1dg|Rz2pO?0|jLyeBR%HPX?$1iS(F)lJn<|3X?xU zfrVyjGn%rE8g0U)P7x^s19HKngpiO>TNG20bX^RLiR0ASY{A#2Q$Q)j#>Mq$yDs&% zT`z}aQ}SMneIccwcvT6A=X&dfK)@Eh!=%;w_v`y-<(R`H({%m8II4%6^{BYGI7agc zQg++rq4g*M*{@$wzkmP!o{&Ek(8ag_+AKCXLMIz042!|!Xt7BeV2gru2!gV*`@?C! zI%xj^-B||-``c?#_wu9{OIMHeV@On#n6mP+_q}zq>+wjoNEjpb`*2*2$k0%P1O{DM zA)%Me<&!yL$R@+dBFD>ZmTYisk5>y+G&Jko$O1;7_vcKL6^+DmA7YIIg9CH&S5eM> zQidaKe2}We^%%6X?1;;6uTl#a$Ec|(AFNRFXngwARaELWEdLYm{!Qi4ghCK%td!!v zNr@STn@QaHU9VA6es<;jt;vY2X+lm%=>5Li{ck07rtQcYNQ%kvk;MGSIe^)PrFPQk z)64njkhbkVL7o2e!!Zzm2L1!G3EJqe=-S_Lq81p-i^z{YL!jeaDR*}UV zhbZ6Soy?u#1()e?FI$CJ*^=`CmtYbbG8FzEQ~)U_CmI8d2J(DoOJ9xJUuKM`ScG!@ zrLsSVOaFS5+|@w@uCV>K&?fP2fsq~^9Z78DlcKbj3z z>d!0ICN)j@on#N7x7(Fra;(wPFVu zZp2MuHpAyB>4*=KI*#2xd7vsaUaBJ54s?v;j&22c7$v&fkKB(gtsd80ZAGNTp>k2_ zJ?%9x4GGc811K^%PIJh)OB`sX67V~aSGxbP(UC4r4mnx90oSY5I>-*%&!$a{3mv;S z9&BYo%~Kb3K*ybP)1z9k@=RWF?fBFAFsw8`j7T6>hhX`lWx^+`@Y5?8U=kT+S4G81 zrIZowz1==Rt;EPjsAguFYj9-%nOLRFAlL@ui?}$YAf3hsTr9bM*)&k<4i_4#e4hCw z|45EI$t>4!eEW`tWB};HQk}NDpT~1n1uF|i-GPWO0Ffsum#9>MVT--Wu;WgvgYYU* zkjmyA`+=V6KNUuyW>}B$pLe5B2e-mkFGZhRWd0i%Wo1hlHuW|Ln_*vg=h9Ldo8|Ne zOw2yO2@il3C@m|CWNd6qt63iok}&`MK}|AgbT*}QGHb{v|2+_8eG3bV%l?}N^ znG{TmXuJ~?)_V!o*hNG~DuaIpDXD3DjM%gGxj}!^ zQ)?sRCj2^GM~5<0$jpqgs>&WuTvk*8y%h7Eab8|re8Sr1VMM|9t}jf z*mszWM!$cs5ZHG5!g`($a~#Z8z4|r~OEKfgz|0&2mPXn1@e_%=o7<0=n6LYm-vA|j zcd@HjalQg*QmD45kRu8xiuZR{hfq(Cd7z=7C^(MXo^QWm1kG(A zB5q%!{W>;_$$O|2(zKnP1E`q-CqzIB>jN5ok=Oogz?ENQ*hM20IH8tnqaUs@<&!in zv9vBvvwDFv3_60Tju#)_QX$wxD}ZJGt@h1v@5ME_lT3HDB?WL&5pP{`oQ8+Jk+6eS z>xeG9p2^ZaGinH{?I=-mZM*-K0+s{OHbZ?LovH2C@kU~vo~y=OQhUrnHs1w(dxA|F z14*+;BAjMhj|GjX+*SoTVfnl~dc16z=!dGIR`#uS#m)rVIoX&>tRO znPE&OS615b^6`#4r;Uv!*MS2N+djUD73xM3k?Y&rlk$v{F6vH37Ab} z-V>Pi_I7BHsMnah_<)Ws3pyN?a^(p*o{EkDJdz9WsAInGUYX+{F*ha z)<#C8KvWz`=fm~!@qw0Eki{+U)S;_c&<`#;Hdawlq}Q%IdO(!G(@&n` z)>vqUFuDKr{S`C;0F+j1ITNYf;!*{Wnv(J+nEW+RZpcYVUw;El9<(akuXtUL0}m54 zc5{zk`~9(WNCR^e>CXPCwO@X&H%~~zR?K%yQ)rvrkR>wnv??i z`_9f<_eZ)3LigY^0dFx^&PrnwyOXP;TJKFnULI#r^Iu%Qpbc`N!$vK7OU`PdUs+ht zcu?eccksLY?#N&a(mYQohY`piZ4-JDvs&Fc{scn(M8lyPw=g2{SPL24<>ldKO9 zkMM}d{r&w|ex2XutjGlzqFNWV7MJ+mzJ2d-naAqE2f0}5KkiruBMFs9Oj)N}-Opw3 zXA3gClgl(4rZ04vvEO?Fl-S z&ehd)cOs7>f{&Fo4&-s)(o$Lg+e1P_yPkvJ+)qVFg8Xv2PCy7K;K6vBDm7X*MOz(@ zLpCTBf4W&m1|-jHlOqK<=nd%iLBzF8TQchXf>9||>jYuYxRV_w`|&v1r_@!4FnoVWX5ZDxOkg3eDU70+}>We^z>-~QV3cs%9 zSm??pZYvs`?TKemC%QfaB?>0pBmTQ+}uol`~wp1 zc#aqgJN+3AE~6F=SHm=y_Ym%^4Yl4NESXZT-H*q`d>w z+It3!*pa(bs9-WcdX3b4;poI-3;qQn6M7GBd#y)sfL1WP`C(9zzn(u?bu+Ns@XyGn z?ZXB}+b3M0ATnW}98JWJX%?&!tkf&WRWvt^pLGV=hnWE~f@_BzSHqpl{Cb#lZ@?4~ z5-&I3^YlZR#x=r-CHdNRp+`fU zIf4K7F?_p<%0}dE1}NI}aLFxEV2TZLt%ZGFdS!oHcknkmbCSuaEsgUlDl*C~Fl7B` zK1rT{NhbtY#4a;N-|Wm{>f*KU6&ZvtUVN{8YxCl>iwb5D6_v0^L$L)lHBEkMG$t{z zbju@>%i-(@sF8i&UcAEQaj_~}8DHxGJZ2K0C|g_(p(QdmH`gEN<{%11XUes4o!Bb# zO@I_^wb&T#y5g0Hr2|O{W5AiB+%9r;$f2UmG8!Evv0df?UU0FJQeg#U-nBLOGze~b z2>z(7qnzJ&V4`FS42XVQoa7ufVGRoy5;I+G?TE`{n)x3qV@6a5v1w#%dZEYKsCxP9 zZ7`XWE*@}o5ghd@43uB!Qd07X>)#SX`l5(?INFEQY+B0l{U zII5))^fxO9GU2Y>KPPTVIx1ok7Qe18q4_#nxgeyF+R%{B;ia}K)QV7FLAEh+_Jr>s zpC?5N>e$eO$IkTm0PUwJ+3r$6k=9v%cFb3VNx~VRg0z zgD)Ov8y=9&J|R|9K-2wA1ucSPXqbeYR8D5)w;yBjkn2M!X=zK|MLr8YH)V9#oD^K^ z`5qwbiGTqj=3q$F=5dY5$OxKT{XAKhOa-%c0h*e0?<-h>q{|Pu>^5s56zRW4M@Ogh zLrjR+*+IM0TzT=QHv*F0jKG|% z*s0)NEkC{)Ga2CxC(g>G1bYaY9G|3?A6&;q^oC8LOpy{GKG3v)5X4 zfe0EK;_K@Pa&o0cSz%~sMux!ZDhk-KL(rh1sjU3)>Sb`Kjfi;IhsCAEss$^hxJ2M? z3Z63(nq1*bg|m_N720tVVC$PchA zA{B*159#;vduloAP#|^*R&>?E;cSYUac(wcEz+UjyA|wDFVSW}qZNb@1LVBQ%dx09 z4F^i8-+7k%3a{M)awz+KT;jB=6Tdpr%U>$ZO%5l1c;;+f#MM*xAWp{7o&i+H#`dPd zSFP}FoBrWpM1Xby1#)_ERbIpKy`w{*xqSQ+>1$VH! zkqL1}@tnebDH_p-jd!s2_Jv4ijts5!R$G{9kg&Y6Q$cK3Z$|88SB+VGe0iiicyP1n z;uT(=G+8V$2hVmLI_y-=BpS$Yw(7yuYlv7jH5}5GwTb$~pVGNUe)qfq&boC9Q|2(2 zuQme}x7@!QFo2tVPdf0eeffklzRcwBkr9La1k#DgNyd*6{{Dfe*x3HS=67Us)KAB! ziVlk`CkL80`1kKY2lBzy)fFKOL1MWh3WP~5`5jL#m%HneR=UTX#IlSWhor_y+{719OC+H@{{*X>@$j+=fpO zt23aRfhW%7?$DL-G{L8d8*f~i?`by2>2NxYLs!7#4}1%26EwIzH%HMuPYB|JkX~js zHmy!J5N4rKtS^&K$FJfiW>aGO`k6oW;XN>X3^icP1TGL7AM*24v9Y}W2zO4pDJewu zpn`IsuDw5I_WJ|j|J+}=>gMs*+nDC3^}P0aQAugB|*HG>(Uhwhb?jFR%^(24}_ zf%K)8k4^^=Rh!g^JUwTbZUrS_;B@=Jvn@l7oUf9$p!cgqN)?Fk-6ZYSIsNwJN&*5J zZHy^kuUQUu1d!M7X1V2JK)0 zL7AzN#S8XNjLz2aU)#b;^voPZrRc~h9i4qQpJTg4M1J~EowqY%NEGa}CM@wPH0&ve z0=fe8^_F5mJ;Fj7N^~5>`;atv1Q7*!rTENWMDt{%AFv3ckf54yCQ*iDNu9+ex;ZUm zFcjgPI^(sqP2(x~nt^5ucj{!e`A1N^IdE`r%8@o(IUpC5Fzp&=#(t3tPGG+n_f@Ku z!}dd>FY-!vdde#$GIrkiI*NmOo|C;r*vLuzrXmGi-eAasgl`3I(ApMUvS=@m)RNsP zG$i1~`_!NfL&F}}0yyuOL(fF4jWhMA6X={QY9#+jbSlm7Hbp)Cf_neTN3@75r7P5F zDBid(^8EaLXZP@eh{C(okInh|C8a%9?D};YAPE9XH45QM0unx|IST66_*Tvb`%i+P zZ?T+7Z)|jfnLxtNuB`k}((Bv3`#Eu=k19pr+8TJ9>>eBK!L!wJ;UTr(ZsGDjKRBue zIV|t5R1kXIU9FeoA*L)A{!t$#;{5Yx0PG*h6Y$opS)?fr^^msgvPt=_+HgcUT-Z{z zwk6u*g^UW>cT#e79b=`{Z1@4$ww`^5K-&4=?Ebg6s%97LtkiwMkD~S0{9~e1hD6Kn zcPDn|WEBT6G!3Krhv_1@8#ccz?hC3XGqF$4-u}uQM0maSU{EthNl*QWgf3!Y0yR~Z z0ziK@L?J$2zJ0!gpaKfwtSpeWfG0I#a<>QIV{dN)VBZ+dM<}JbT~U=17vK4nm#B5H zCoik%?92NsT!Gp4P9W^0OErIQ1l}Gau^Ghtn33c)RwF&lLr%Liz zXK+!$E=;e5$n|Ohxeo#ob0(yL#M;QGMc&N*gB!>gD&<-OKsM?D zRvao?+6{r{TV$w%5D*mWfYmOp1Hvl|;6QVLq2|V~vuKDE^JN1G3{#TPif2rk- z(K2+ii2_A~32^jz)mn@PgtaV*00ww<9p_-r&fktpduIGOqwPMj;?$Fn^NEYZJ(N)gL9#4*2@dAKO*;>b7SwPe92nHTf>_uH2hx^FU#OH>-!ECT}q$e5Gf zn~T`MNs|6Hc952qF4FDbKRO!zA(`jzzX)8dsCi$D(lp(wfq}59vbJY=xxN02dk^4Z zzND~Q{{++>VE=jt2SdRy8=9*>oKN-k!h-e{YM_PcGmMN-i*l((T_|WwC$ql136F@V zTL*T;C_w2s-kj(|`*$%yuO4U*57_M&H^7<=a8>v4aD+;k29w2KN_wrvOs{s)oYmja zB=bIoC8`yD{ry4TzI_ujK!%53-57`k{TT0=8a!a6AeVaqDJi&s30$AZlbY}E>h5;m zPIJ9^xvW2;$70fBqD!e|q(6?R8MPj{U2tS?n%~2#ReJJ?kI};0q1Oz4`Ki zT8R7wAI`zz6Pj)7bVS_728Dox+t%-WvoGV-oEmN?$=B!_YzJY{?IK0}2w`XP<_Kd% z^v(WQexhZfc`DJdIi&pbksid?KL(84Ang59byOxMCK%qYh~g!q2aT|Ca1<)i(QJ;6 zej71=>go;&i6rNtc^9EU7lXU$v~NO$bcIxh-)CsO+=`R;H6%6`Es4N64-Hh5rgFdLYm{R0A+95%$Q*Nnil85tQ> zx}6#Takd{2RzE?{O(C1A2gK#6i%``vcI$Zt{byLDNd8BBe8AVN&vJ56 z5LwyT*?E=1=pBLG-Tn1{JHaU_Ja>0@Jrq5$KYx67alyR3b$9kI(v%4a3F$k+DV>K= zYjL3ivJMG3d7$gEdyry*?Bo6^1Ok~S?G^xvrfuPr1(07@@bK}Y#Yx@V-A@l2R@RP> zM}Z6m1EoFZnw@E&JT6!qo~ON7p1=WNwcM(He{TUC5}tRv1;8U12-E?f9drR!cwl(g z82BCzKrRG3tIom6m_4qn-XkJHxp~b78`#i$Un?NJKR;{>Jb<-Ss?`+Z{dkupPYH}Y zFaH4xCzQ`+dH@|8*VLxlTH~KhOJlUgN&+*ZuhU`|m;S83(!?lzC+1oEnrX zJ(sk_7bc{?x+=Upo5M^KLs96MmttX|{%2SFIja|`y1Y7kk#6rwFdK2!(voz?t`+ku zwx2Ux#|}qS1z$6G91_C8BNYDdA?g1n6*y&NDw>@C?4!8ueD!|mqqODsV^b1~b|b70 zZDJL-pSjnyx;h?j{4ZyP^1~;qB%3>H2W8`>p56)xRHv1ej&1Mw!Di5vF8bH*OwKn4 zJ7N1|R!b^(b-u}cS1*s+4t{LZ+)_}}7eB`%_NJ5BdBWq|NLo^!gYpsapPOrCG4XOc21BR@&A!R;;M&B`{Jte>@;qWlcTcd!zcHdg0!bnfbL zDTHXzB{VPAfBQxmJl12Z47|uoD^a!?@c3uM&YL)-SKCs^BDl53py}}$VJ-$osz;Zk zmc{`X;os6^#It9+??yzlA6b0Lf0;<~5X&YkuhIBFgpO?ChsS_3l!Ncwr^ydgZrOI{ zA4YhV=Zz$)0}c+3-Fx>AFs&4Z{NOMymaYsbYrR8B)ynZ{|HKi-WIAY z7wS8!UgcX92kYm;Qztq~)sM%A&uO<@1B6mxV!(0!)svVARco#7x>*#LOJ#+#Jo&iF z8K07qwY8nAu2zhQjd<|>y{xjYGGpwsB&RD$8(XGKE~TsrM~?94zC0m%LXjgpNskxm z7|z3o*;!bO{v>eRTu8|;D)dVCxG8$##7_t(ETDdm6L-E3LiL1WpLlPvLnGt{`S~ke ztBGl8M|-F)tFEoBiQHVUy#L@qeG`9wRGDQ@9pc4=%<@KSPod48efvg(#rh8&KD>?O z$dMzcWQ?=_sz9NSFuC*R!f2y$#VxwamoI-wl*{{3Z`GP~hE>Wv2xn$_sz*UbhuV+o zpfX4J3FK4!USDGY?&HVz1uLJoe(Cn8v{ZsbO=)SlkGk?)PORengb0yh+Kdi&&igvk zCf=h~Pu0lkLf8ih+G+d?+eIUz#V=B`ttg2w!-jI}y$Sz}zsBUd%Vr0BxYx%ICK*-m(#;3QZr#;J+0nMRyqkgW?OW&QXUw1V=y+2Fp zyxKsARQK6~<=f(f%_7DSx3QVdR5!D9JzM>_M)GH>Cjz>ouNZ!+3+ci+?JaRK{q2Pf zWr+{TD&g`lR?O+O!z6vN!;dN>Co0R8&uxD^D{LYYqjiLiI_c}Rn7Jqjw5O$h*AZpj zH&`Dn)GCy$v>|q)t>o2oD`~Q_rHu_OEt{sE9%re91l7iSp0kd6o39mlBg`!AHK5Vj z>047D%$oM38WC@32sKpoSG9FhFB&N$DG=y(QbBdPypco_Mok6aqLHYbh%Y4UXQv#P zp{F8P*52XC&YU`Y5D4w$Q`_=E!{R)LH;(p_-nz6;c5P|04p?>*cj9e%0KCX?aWY=? zL=Ck(RUgD8vVt(QjVSPfS;W4{cD1)hVE!o(K<`5kee;;5lY33(P-xu@g$Qkqe(v@F zK2<32>QJN|^dCK2@Qn^u1utJRn?!N!zOQpmnCFIlm+v)$yoFj8r+nym^?2$0DA{-y zhZfI5LAD!(91bffDJf18LQd6}FCid*U6&fHrVD8NNn_r4Dx}nnl2J|#G=4iS_tR&+ z+k*Xg^M?<2xipOfMdqkzsBt3q?%hiqER3}&PM&gLI&p>MJXeTKL-qWhrRf%<9lPd> z2a<&AA|p9P+1GizkKKEckU+?ikac_IXlWxO!`UV4UkZ)&usW^GPO@+ojdU|Q%S1Vfi9@5nehI{y0gi<*H! z1=FJ-YSTiTpznoZCj;B_*a7mVYDd49IPLm?QXZ9~ZO-w{t6$W7Agotr|MtZ9UPSA>Q~%HQGU;(QUAv6QreJ^kY_P5=GJxrk4l-|y?cie*H#Wc z6jUe&FK>X{)_MfQXws)~k!YyVh%;NAe*Gv!>Pst#xtM4VqFe43Ev0-W=X3B-9ov-4B5PnmVFyM1P6y z%mv#L1IU`K(?-PG%g;Xn9$5y6Q>>57_`>h*f+Kk0mRM+9s!KfQWs`5Nh#MqRaEpZ^pH^Z1a(9_nyAYV;vJJ&oqTjo8*O>bSUg=WE}BZY{;N zwsk7$k}*gl+pw`+ws)Am?&`sPST>=|V{cCnj)xS;J5pA%dwO9wloh%0jKkN<~GL^!DFk)uX-Q zl9ICS0<^TWV0Fmv8s^@aA}ci(uz?IF^mZk*OssNujMtVvMZPe2bzmUVt}}bZ)B+<5 zM1VxKqnxV`z3B}|*i@iXtP4Fj4lTs5-@jj9>k{brZBxjgb~BQHSg0i5vnqV_$P1ySR@c_jFfjOOaJ8SRfe6KVVtntVf2;Dn9=|?!{FO^G z-6~=CckK?lH#JbU%fiCq06E#IQ>QfI#0lXML`x0c?|prJ-d0_GT#8*amfZKD0?V0(IXv1}s0O9KAi) z=96<(eB=!wwE!xaIzl$pgJNbmpC$F*}+Svn{{Ac%B@s>_vK|pWkqTln)^99*Bty7 zcYAw#LqPfInUF<-=gWiycEkqPn9%6R?v;$}Y*7;E1$J#}Ig;4-zVV-E&nWbmHCdkd z5va(~=6KoO9IY!_0*${4e0fi5XX(c-phFH+C1M=UPRXR4)CT}Yun)gkf8rZL_l^ zpYM&g7BGF^M8qubf1(PzDuM?-eAMvX+F@97HPD#+@668q>p#D!qva=Hpq7?AUDvG$ zKfhfN8UKvXmNg@62};YZ&&{24+}Zy#V(ZRl-(b10=TE9o7ufPCk-V$yeSm?V*2Sf+ zgcT<%K!b#w1w{AQm-t4=VG<-~xF>oFxuKQ0GFbJfDN!!5MRwy^()W^;&AN95KI@A^ zN|}As4;lQGQx6Nug|a@n9~U`B5zn`8r#`!7J2KE_=>=58%RtumA}zyN zP@J(yO$mTBxzhX$e@cOEkG(^n(Ke$gtI%caCMO?4 z19<4jksT~7ED#x>1*|!Lve!E*PQrC3Ng=PAhM~2#s0pBhm@c_$II<3N zHZwCbJX8GH2(Eb?jB6t8z)Ob_jvypk&KiHxI4UkBH9R#%aXL}9Mx6^a=S?Vby9>P- zRD5Kbprsl99oYyBfX39+6mpz1EeW0NoaaqV6CqC|>QTr=&z?DRc#)pJDsO8*Mql#A zFV#d@Z_mYM+0dz=^HCUE6!O```M!<3>i8&IBOwYAf=hR-C9&mI{C6R=Oq2UquJQXa zT&`z(JzkKUd8qs`N@$6E{3SgzpIYX!jQ#W!0Rbe3?{~S``Qut-y(JD@vQv^a z%CTBZr;Lp~NsLy}3VHoj%o$oKl|h%g?IntB9_(JRZcH8MDO zE{o-nn-bvTv9YlmUPUUALEKSkI6p`KSe~$Iu+-zdkVeA-?J9oo>+6H^7|_9q97m0z zy)niGTL+Zmix9L%Jb#`&eflyR#zd~WyIZ5K=pwYig0mv1y{koaQ3*~@_*sv}d&xMP6$7v8CsT(v^cDl+Q zHwn28>j-l0Qv}&`>+j5EyIiwW0EUsR?l>Mo=sOaRkZ$%|Falyfw zMTv_M(#Dr`FBNS_%1#ZE*2PwMxp0f#|3@V`y|+_^Uw!|>@j$~|F349hGgXC!10z_J zYioO_P19(uMh;N4hEE&J#~w!AHp=U$Oc{w_BkkN6(it$p

    Vetted service providers with deep experience helping enterprises successfully adopt Kubernetes.


    - +

    Interested in becoming a     KCSP? @@ -27,7 +27,7 @@
    Certified Kubernetes Distributions, Hosted Platforms, and Installers
    Software conformance ensures that every vendor’s version of Kubernetes supports the required APIs.


    - +

    Interested in becoming Kubernetes Certified? @@ -39,7 +39,7 @@

    Vetted training providers who have deep experience in cloud native technology training.


    - +

    Interested in becoming a KTP? diff --git a/content/en/training/_index.html b/content/en/training/_index.html index 28fe46cfc0c43..471dbbc29bc8b 100644 --- a/content/en/training/_index.html +++ b/content/en/training/_index.html @@ -121,7 +121,7 @@
    Certified Kubernetes Administrator (CKA)
    - +

    The Certified Kubernetes Administrator (CKA) program provides assurance that CKAs have the skills, knowledge, and competency to perform the responsibilities of Kubernetes administrators.

    A certified Kubernetes administrator has demonstrated the ability to do basic installation as well as configuring and managing production-grade Kubernetes clusters.


    @@ -131,7 +131,7 @@
    Certified Kubernetes Security Specialist (CKS)
    - +

    The Certified Kubernetes Security Specialist program provides assurance that the holder is comfortable and competent with a broad range of best practices. CKS certification covers skills for securing container-based applications and Kubernetes platforms during build, deployment and runtime.

    Candidates for CKS must hold a current Certified Kubernetes Administrator (CKA) certification to demonstrate they possess sufficient Kubernetes expertise before sitting for the CKS.


    @@ -149,6 +149,6 @@

    Kubernetes Training Partners

    He|UfbR`JbpeB)p6R^o$lf-GT{i2;|lf5 zd1Pd($nn>we_z0Ew{6WoeB7|O`pdVF-)hHEnse&%0F{0-*}833KbHV@zNS?IG31mJ zq|#&?&@X&fv6wj6SK$?nGEl^+UmD%p+GnL4oja&52w-1O@u-HK9WSO|w+EE?Tt-_V zDJfYlhZR=v&!NCB8*MzA=!$J+-Sq6-r1~M!qRGHOQ(cXXT~DxPsIYOMLl z=vazwj^b!-rKi_VIN3P_W@K;!SheZSHxq@)Nbx6{-*=URndbqH6gUmY5@td~o7 z@LnjY(}~{qYao$8Y3+MnKZ3nOfb3DXJ~Z&%l|DX2Ewl#@wgCMn1Y0<rVp|un1sv)Kz(Nw%HSYG`)y(DPQK9tlX7wH8=YKh>N_xhV znKv?^FOKzV`&alqoXOQ^;1+9YD#*`QtmJya^6%fpix9rVOT7?)RgP+*B?}HrxJCCJnCz>3kdkC)KB)4|L%lnxL{Zw-6I!6kQMXH%w zSfC@UYHbZ8OY}K6?J7GJKH}T`_Y(C(pMR4rf#rX`s{a9fRIIT7p&G{?-4mK za^uF0@P=%;(!-JUt?lh~-QA>kXK`X9g;@QRd&gc{7rkkB4VZq?!^OSkOgQ*VJqSOSE$*6?;4cb&?D8Kk_CG8(TAqO_G(L52)0RUuKrPaSWyGouP}^CVgcdp>Sn0H#b*> z8w$#y-hvSq34nYSD5>D|wMg({I6B70#@XW|cj01UaplV0=xBqY=J|Zg*R#Ul_i>v3wjAP%mC7n?~Pkl|4-5+r5ds!{5FQSWcKTY7?QsQKB z)k<^iC4Z}J>!GO8=^d@gDbtjJ`vrnGQA>5QwX7$h+&ofW?Ti&^e9|Yh)nU>2t1u;vu)iA)krAk zi6qZem?21_og-!gP^IiR0d|p?Gfz760AgTX1M?3}O+g@++sZtgFe(s?mIu`$fmQIF zPj9X8@^COu&Bk=1-%mB~r~h9IfRjToA|O~AFtMg4V{-ALDqwZNia)xMU)DG=NjkVP zKm2EQAhDf$Bj@(*Jsc>%Re1?@qEuz-4K$6Jo!7o;>YmrNv+P%S!g8{$-~#o- zcZWGR%8QXkZ9;(T|NT_;Syel4S|>q@rhs3G`u7_g9$nohpkEYM50#o-v3*=rv@hM- z`m@^&J83Sq%a>m|*xPnw3eiVJfjEa}37`>9DZYsN&~t=NT)MH|ok!B5=c2$79)=Pf zArCdZ4YpEuclY(FZlP%*Vm1jYMsS{3jCpX}gA)_=NH*%hMX<3VsSP~{P{GS{W2tKu z+$icNit(028vtC4jEqSc8N2kFXAgt2^wIn_`@JM|X|iiaO+~uN%~3i5lk(4C*SkU1 zvYfI%goq3ZmC)b=@l2ck;k>o!&7~EmitxNC#sO-?o2f{=ibiTED0wdVucX zJ9R+6@$m!$0ge)hy7iqKOWb6a%D@MbEJZ`UisLVId0b*x(Jv6I2VD64`SZy0j|t6z zR9UUXE&7cm8)v0Yg-`n+0RYPM0FhSM<_jxcWiZYunt{{v0*3(is&ItoqgNu_(*Dl; zD0Lq8b@wZz0RlJz3V|E{BT7_VjBlfrUHz3BdO}RBi{0Q!kmuW&O!?$PX*7|$cq4y@ z57-<%3-Le%cMPo32-#V+|=SNG$%T97(gASoO$3|^bFO{8Bff;vCc;2+DTEI@l3}V z4YGSH)E{_SfX}3zpI3}Dc_y4BV9GuvHAPk9n3m%khprGr$drt{P(?$j`h5u0dR%;3 zju*eTzBmhnTtl@*m79y}`4l)1Y%_F}`ri-RM*eALL;}Ld+|DFCKSpK2p?ANw+Kcal z{P;OOu7cR5rKN>=msn)2DCV5Z%*Qa?n(jJ|>E7?(*TN;5o14Sc($b!o5EHhT#>u|E zj$~{r$_z+dr@Ze4O1s`PA>e3=%F1>JcM)3$e85OrvV{U9guxLsi2_M+w^i#&3|@sZet2n6Sj(VY~|=svDQ z{ZLp*@nL&a*--|;xN&ee$R{|hG!G38p7b4CJ)bFgbl-Qy2XbdJjevad76k+a{TUij zHs^ql#D@hmA5d86nq{#$f!%~yM8usF7=c7??J2)0 zg41h-MwXaF?zONIW?EieMgc%|_r(j&5O$e{Sf}@w23O+a;_ePTR0N|%97~9!3=9lN zrlzOcP@#;DCS$ZXehY>r=CC+GgM(_?7wO~Cqesu4Kc``34a&;mA)%zCB1w-nwWs20lJpQ$@dPw()^KMRFGS6{8*!|ZpGl0+0%ja{TH7ZQDd+ZAxRY_ zL}n&dEc}MQ8!Q-eF^gVP z&0xdv=;%3YotM5`gH}hy6tNb&tr{A>fD&X!7x~t0Qs2Sv$nGMv6@DmbNP>bDT~f0r zq-{?fyXClB{)cW@VkiU}Z~lnl*8q`L9Qbhe-#+FmmXAhgwO^(h=Eis@Ki>GAB(y~A&Z@2j(w+7+X$QUsxdmA7WxkOq??H-Tt)d0rugJ$r3sNyKFaU8kI4X1p+9X1sG%8ul zv8A1^5p&-#7ftoam4E-DB%RpU*a)8i{LBpPuKu;ZPeuSn-Z6gflB-rnA4yOq7Z=A& zSS9ll>)X>8m!4lJVhcIc@$SipGPH1Sq`Y=t$lxrUcQP8^bAQerCmIh9bE&i1+NnuN zB>s84jv>n`rK{U7f^gr<5_ zSMfE>rJdxWu7`InT*`Wlg$3h?{=2ErBHlaCy>YcG z`3QZKKHa-dThh+%ue3{M@?4-zs}u0|j5^CngMIqjxbMP8F!n%~yWAN=-KKj_y3h7& z(i#|qB$8)_OB_6#8sKJq{}3c~_F8s^ygWShe-taXR};Z$#3cuILq-rHKk;~ zGSL5nbf98~cKe_69A~&9EUc_F3$5A3B_#GUFw|v5Y~q{hCU;Cm>+VpNx0O-(Y%Cc# z_#Kw!eq~ZY4po)we9Hq~PIvYFq{&s5!b}MX%@U(N_us$Y5cixrw7R-l#HJq)4+>pm zd`@?tOy!eH%%G!TYIXy&miNv-@a>fB3RL4F%7iayNHI=z?AT{+5xxi{vVeeq>o=}f zr}^`NMptF$6ytSW6a}#`^^*Sy4XuAr&>;@#xThnQn3aQRz)QU<=!qct6cQ23KylLH z>XMR~ANKh3Ze+1z{Krn`>Q>~JrT_7qcDsW?Ufqo}(&X3ZNR(rX9hiiE|KL6Nza8^5 zJhg6aT5R&yLI4%I8&+x0{9=Xe0Uo)Td-ps55bZiYqy%A@oz&BDea-S(4BmG-GIXtN z{gdttR!Fv|5>&r=PEdd}`ISyiCy+-1NN;;EP`A_9mq^jjF#7w~pAU|YjZm<&BfoSh z=76-SBwF||Vq(xlz^>@s*I{%#!^V|F^9n>c41W_%2#m82WSR6O%FQ%OgR8Xx0|Tf@ zr|$CG>)W6`0ieP3=SwSdtO2p@R}5fMUe(b1+->rGI)p}}CeL+sbdtPXlXSDXiyc@P z1Wkx@hP($&L3~C)4vXL*@D@OnLaG-ArqE+w8o`{u|PgLU9f0D#YRy1v_{oN|sQ6!&y1!_#Fny)xG zXeul31htkHLKLwmZV{0$@TLa^Q9uDvwZ6K@x3o?JiR_1-9wsWP&_5^b!l z^;cIqkMr>bg3f(lQgI7Fj8(ROmnYi5sqZCJcO?>=Yq~qi4afFxzUm_ZsCV0pWo?iA zWmpQrqm1TU_r(w;w05gZiOIC{+WX?0z#d6LuJ;P}gFb+0Cs zLz!B}X2lj@?m@_{dMQ;hAE0ik!-l?CGAPx*%%XSP^?#Uy;np^%McuOHslK8>Xip2^ z3gsgsi)aZA2GkVrPyfbsidoDt2!=%H#?8QjX%|JNLqCa*MbAwY9qXf+A*kdc5ry0G zOy#!k*ulr9ehCOz-bT3qfAVTZclSl~TPqrZSy?k(D_GpyD}#O{1XI@Uw4Adb@vu@R zt`8r*h|wRI`4iJHZ5LgdzX}RKaX)*!q6ndlyslw@Ryy<%-0a_`<@z}i54v7}F)KVOhHFzS^OKk@rV z0gR9i0@2DZ{j2`QWrAF0s(7bm;8j=iY1CUpqD$ny*J2f@G4>cKL`pdQ;!$P;O2Bumo0QU z=mlyq5Gg1q2(>`N$%L{pDMGz1Cx?or7CU5BOf3|51f*~DH8fPR{=gP{j-m7S3Mydb9tQ>=6*_zmz<>i?eW2~1XY=CXlCN!A*u#HPHyp=e5!&T# zvawq?i@sc#vEni3y9h4fwOgH|G6m1((Gm#I(GVDp6~II2^n7d*Ha8H!)?7<}8w3fU zfa6HOp?#Wgu{gsU`Sq={1@KMi9O=+>jWTxuqy~s~9o_p(e}&QSSI!rXO^|J?Sqn2z z#z(OE5=T%Q1irMg;)xmZS^{3>Z4!>;OhiSQha|!Ve zW>6}2cG<rHQzR#aTwCx59@W0S1Kb6I+zQVvJdBPDjyFQUvPgait{lvXoUX`RA#pA=g_6=qj| zV=Fr&99H4Aj2$C)0vQztTSSDm$Z#W1MlykuhsPgst80}}kS>Zz62Kqy@K(z+sD!Lh z1rtXaGTq-@dD;+F<2RI_>cKl179K8x3>Y2E5n*8(6%`fujjI87YM}F|kGH{p+dDWk zdcW7XZB}93%#8OPpqs_N)D1I1UQvB3NJ&Y6OPb~`J{_OUalVvfinRo1_Q8-Xx{4T@St@rp*#`w=oQC+CxDu_u(NA`dk4ORG@&{CsNR|*9q8oRf?Ux~Z-{1k3c=11&2@Xh~u+2&VCW1n; z#BTtQu@!D1A|isRX8t0Llot)eMF(`U;{+9h1q5iK`CQZtDrsVIK79Bf91Vh$Ovrgi z5qb<~504C36GEw$uV;#)E~^ilPGD)HsYwH%8v9xtjxaG;Ch0z}(LRfp^Nykvj zMY0RZ$|mH!|3{8XNGsjv^xa%2Z(s9AvG) z%>#d9Lp_4kpP%kZ^p8jc4gjo>QnX-LPUz&x zQEUN1v;#|>e2Y3t$AS0FURvp3XD!L9d`_`~Q>3i>8CZEUm0W1rXwC9N(J1IUu0JOu8a?vnP zj8FPYJ9VQjntfd*yA{WFYeXj009L15!32^eVFfNo`kcK0OCWlPGeTvo5%ow2x6-tz zC&1rgVE0D&y}|$t6PaoFBA$wbcouvfb4$x=2+bY?tGrtrUH8eu1=LFoY7ihBglH78 z2yFu)Had1}_lne6o&5kn&F6<|z#at?-QrO79zcIhIGL^OeBK6AFyg&}H6rQAGff2e z1zu?{SXrEAE3E8onDwE$1A3!7!-&e$rPSDHXSw^dA%gWQZ=7PeaYB!YsZjuUAVvvg z2u!Fl@X#cL8U#D%HFC0~+iyk82&grmOQ=i*WUk+MZJiSyqD`JYl8J&QRlC|V^36MY zc@q_mO%M8}D5XFrCLM90rw1+vG_-8{?pjpb0=KbVv2pF_KL;o_$;tQX9D9wUeTYN& zK7jeUQ+qFD>0t~nwaqraxBv=LkNFujnzN6*XjEV5q8AOch;GCRjf{+h#XZIKARM|e z6c!c{N7fMX_L!#n4EWxa2p!#hZn)s|P~InlHV+F6#sLDri~E zAc8`ij4W&E!PsjLY^@Mj0R50D9I>!&*?cH8+&|n`(+GGpX&d>46ZReA|MtxdYkb(+ zy)tkW63<3Vb}#~N6%Y`B$gdR{W_lb-a(EkuJ$t4KbuS2eZ09*OgMK<|kq;UO;$4uX7SuhK{atVp|a8=s1 zH*=1APH&a$a#?BJMtM;3GqMA?g8n07KI|C?(?F1MvjoTVcyY0Nrf7}W{>82Ef!V%M zI!TY4k4E{re){$}=*_wC!=1+LsiK79?} z5{tjW=52X)pam9W#KZ}P;L=ShUT^IqA?`*(;&A@?VOv~W+{LZto#+@te>43q~M%D?*#_#g&qO4>U%;SfmlwU@WgN@RNQdlEIL)N?dR-l-o|aX zsSzkn$BOnpDHjiqu7qnBDr>ce#>RY0O2i1`^x1yz+yCnM>5p%wsEt#rd3jz6AfR2F z^9UIb=~gQ;Z1vv&QqkA9U1p=fX)9Yd>)7WOmGF2??CkKZ*JPzo)j>S}aK-btn7yjC z@=o3h`-Lynj7O=ZsouEJ+TPW*JpH-3{xA5(Lk0cf?NVM|$|3BZObvE8U-!JdwVPIC@4uDzHL)B0=FMG` z5`Vo2h8fZ~TA+OJllzEr27^q1{RXF|f-nM284|Lx@0MRop>_LoXXQYsMvQDkR=bVM z(t_#K=1p!8T|m+S;Ji7ABLR6YLAlQO`O(rdqZ@c(mRh@VV^Zs9Jhid$&p)5p|GySM ztuoQO^t_G9Oh?R7(^o&IVo2_6$s~0Q(|qXuyc@&s&u@CRW}1B(a@u~BOocgsmbrBF zBAJ!h)%qk4U*TWz$%NYS*|XE;^3wJGdtjXzMtzWqhKD_&`D%A2u8@)-;!SL9qe`J{ z`uTBz^|uZT_}*E~vx9SjyTotL-CdT^1}E%^C|gimOsMd2eHb8+9=Jhb(nefd{Dkum zXS!D6J=agQMN!?<{~_b05KGnu-;Ca|_BZmT1}r?GLbtFO=8gZ}+Dd&)poDKfj9vj6 zfDUr9?RzT(M&?81?Dh+~OZyoacONjd-vxehbhHM%+NC$P`#*mC*eg*7vHDh_NB_NZ zkypQOX$r>FzxbPQdOPQzl#5r6XC7dnYl}1pxNrVr$;f-)f@Q%JN6u6VM^vYk(vSNo zdwE}d_-b&*ZadEl&0FzL&k9%E@zD^b*>*N{_xN8bOY4O3zVW7}m__69_jz8>#F7vu zsBkrg;b5Ob+htSJ7BEfJf!>re$iTR5=%2pdv&hIA)Nop^t|Cxjog%7TOt?vdvLqbI zjUj&76pn;OIq}p3W!^}0+*gbm%`R_Z=@v}0aU@}1senPC#M=x0J}f|*hgy>r-Wm%K zkqP}xjD%~t&uv^}I9t9Lk~f;5T8;7)1+co9Pf%fn%J?v2;vNj+AS4j=>eg&mrFGqx z%j=sp;}>85Dc$xX|%AB$tPU4c$|*A5QR zd-qjNH{!>{v~flt zn)YDg>D#yE6Knl^9|>)}S8A$s+FutsIyai`b1p2g&dF!Z$mf#8X*}yEztAfaug6zc z9XzNr%jSLzlR7J$K7HlGO{*H0fI#w=U#A^JnI!<^)A(1j+LHaIS9vcoQRfmF8AO z!t$~^W7;+-JpBMZmsfsGjtfUKeLxj1iZ+&8&F^anVame$rZ%*+ko zR|#p2Q^gWJF*!j@HlUSQk_uqJG*V&DIujd-rlzL!*81YFrCU%gdDbo@x0~S`)1OgI zVLQ)<9z?dr5oDFU%{XV}4}Vx)BO`T81LM|=L72BzTMEy|4y^Bl5(w2+3%pU(k?B#5 z?hv2!>gcktKNU+*m$ckkQ~Fzg2Q|IDWxz>J7svPY89!AU zNuP^|N7Hl7+OT99*^uorDqI_z74Q0j*GWkQB+E^tO{j8@A3s2!ko4~L6AXyD);oLn9uGxsUhiUw&)j40J?K5w98cSSJ zxvO%G^1;WSQe9rSn4+kZQT$T(2`R10-`Z!-j`}2;RBg#tJT%JqQQfY+@w{)i?vCE) zO0x#dz7wNd7ssx(lzDYg!uX%sU-9BJ<$_D7$c>Bi?LK!{u3mk>7!~7I8x)o>RAWFh zy`AyUz0(W_9ts?L-0|kUX{ZUW<-UVwzRk^+z3=GiJa_)Qrkx%0nH}AiMvYwq-nMnU z?|?B{G(+sEJGH%kH=D9A?Ilp$adCa=#a)|mY)N|Uu;u3xO8(3ussQQ z&j;6DmHHCOp>esb7=YCPriW);Dc@7ve>KA^r-+V=nfdqMf?w}k`-*HC{1t5uIK69- z+MEyd!8g>-pQmk%7R-3{D#UB1)DIIr(EyPMPkm5+8@?}OtX3CB5gT4#`M4cB1^g`q zYC-9xj`O%;fT%jq0uiVLql6153=4=+7$CSw`Z;ZrO8{(!mu|&~IkDp&xarPiZO3hE zXuQ_Q_RRT1#nc4Br0gMFb_hOt5stFLfJCazg&a#*{1vN!S+3Lw-r2U&TTuacp${%A z<#Sbgf!i#;oIPh60>fGn3E*TzunHN8TcJ2HwmiMhpQoO;Y=^B;kIkE6hOexgzk$tVF+41m2zLdi=w{8`st95f!bnn_NO8dQ5JoH0 zii_#*LRg-npVRZ+TZ-_w0rDp^{FeAL!0^cD#MgSLAg(b10Z(!r`@sd4t_v{rUo!0T z{FUr?vDlu;XSLCErO|Zrz6O^9Z{*N*@%1~T&~ZIhmws2;n6U-Ga0 z{I;#ltx-Xr!BC&|BT#w{Um8e#&pM3QQyHz|==jQ~2?h50WoJ;L8$(2)9nv*fGwmLc znCN4ukc-biTr5ElV1&$ZBSgyEBbRjN(+CDC$1{D@)NeEMzdPJ`Q({s440{DC9UR@; zcUX8Ye^DZ_4BDsLlU>C|dl^mB=ZmFB*2@(1gpq3e?QmvWCiRa1<& z3X>zFWMBCrXfIuOqvw+P(RYtSwXaOL3eI(ZqH_7MB<8XhEH_zj0^3=3fAv1t(QX?a zrK_xSESazU-R==ejBcTYfSJU$yskj~oFyAWiUZIO_2CW^=-${7({oGuiKz@m*}mxI zV>JF3L7pRfNu`kv`Vsg2ZEmS3D$c~ea)%7sq}DKxsE54hv@UGtWo-1T-1cS?xMFN5Z~8Ujo71}(g`MIwOe6fVbqYD-BaX{m=0BiwGb}cOvEi7 z+-P+$^HF$vb>U$ABK9G1T_i>bQgx1f`NvMSbLa9u#*DNyz`XZr%m=eF5*8{k;vobb z6fNZ3m}prK)kY}8y&t$}`ngE)Q#Qmm;s!0`(xi9kQQv3ZDo~4k*~T4By(fVMB^MP+ zu88`FA6p;8a=o+XvSP+w`P5Em&eq<{l}Js&q>RE>IXfpiGdJtw;B{0Ac)gg07Q&t5 z81sLi!S!k4#@DaC^094?KMj89XghP^!ckc6F*36h7#{yjNB%aWPbesd(;G0^6odLoWs0$h!wrs6C# zN^kNm()al!E4+I#=P6CW5=Zgj`|M`qS-G+q{v!xhUv@c`#12)_9-yb!(Kie*F-5Cv z-OyZeV%4VWFHg?L;dvbcBL(lv$E7^%#~WM3P&WsEpH}9i36F_Uveu6p*n65IeD24l zH>>m<8)EFgueu0fXuN}h4)@7UYNa>7jZ8|qa^uX$9}RuC4upOW{yscb>E&KHVVY=m zLR8p&N?bXJRY~5QW{>~b&vf2mnlg!fn~PWNSN|H|OkGOU$p0RsoNg@VUqdC=kV++U z`rIWtT&l3+VCLP^f)e>Y2NyTT9TP4uZ+D%E_h?v@AM?d!N4Qq9{uaPr507GnidIg} zKh1~#*%Mbg89A0dqJjVtAlUQRSg4m_75IoSza+kXCWd`{^5Fw96HGMauin{l3{3qv z@|a~u&_#YYs{C{>bAI=*Y2UVcfn<4g3fJHzbxX$G4>vj^Br5G^V{5k&BoD27P*4;Z zupn%A?V9a1r%!{|N!|-kho3uVX|<1Af-kJz;K}+-gYB6H7jHx3#^n!&hDIku zPkq%f@KfYJle6!kN$t@nRn$tPyZpkQNBQbzeVEBl?TSumv-9^4UaNo1a`>?9;;fW) z^Gy4Sn0}?2>v`H1L9eK*?M_G6e(gtKe49z#piAVUhuU%`EmJ*(5I$A5CdavgwIK&je(z=kgTe{H)!c`S<^VgoUXBCxHQuVS> zomE%Yn*aWslu}-9#AM{yyXr5R8)2HzIQE$7aN&6@`g@pECcO=($F^h5t z2mCp#Fz+e7xje=og5eDc=D7axFD6?e9;P*2zJ;KR9 zY(Py*tA4AN8e)j>1Ww0il9Hbr8?EY=w^k@r98M|5&;O;5*HY1S5f&;aKrc(auwZMO zS!Y(V)?2kn+6vLK=k)<6`J-H1&gh1umm9e+{_U#NIe%W}Zrh&SaZ+0Q#RS}s>Jo2Z z{%@%46@)}0{4z)$z~`#nT5s7RCN`im{OG^lS4c(ui|+EKgnS9{-O#$>kLIT=M2pSs z9n#W@$Z%(!S{l$^#x%9gNr@khVr=P@hOx0ijLcU>MZbRg=G#7@n59QU$3{$t`v-<{ zb8;SVJ52%r^s0?f_vg>Y%*`#p-E;HvQ#_KthnU#it7diKDEhnJ@4fjKk9#+eoX^&S zw_9pE+29Sytem{mv{I(R`iDQv>K1A1d0FOn3{St$ABvRQcbaqi_HnAiu4vkl>JB6v zyRtm>zSD_(w=pkt3ck=-VamKJTw#~s4e@AJmrEIM=V>pU-o4wn;q7Gs{4(3jygGZ~ zLHDw7)wIkGyN+$!KEHTfsJ*bmSc}^sHy5(-_Wp0*nqNvG=luCY!DZroGVAJt-K}=v zZtk-C18a_rkfVLZ{uQ?Tr86{43+m~^@H}o{z#Do~QqNp3^-9+AF3$-0n|t?c z-x&4@h~?(yzF`V}Q&M8K=Kr)QEo~pi_^-CTY`%9tNDOQ2VY>eoXkM!YGYiXG04jpS z$r6f;j0B#!A@Aq>8YZI~-aFRj0xtWY|lbAx$#j};H{6uaN2d&%{uZ^p1k^gPth zQDVqE0wH3S&T_p*$4tJ(2~k~>bR@>oSdwJDEKCBMPjx$Ua&o2UW>b3|HKbqO6y?Pb(?Hle%^~xKLz-o1F!#|&;yrr7xMfUAm z0*o|#UGkR9_$rs|;qa7{syi+17eZjV_I1E<2~bu`%uad-krgM{VJ@^7ygplk>WW$5IYb1_g@pdX@(e zXaJk1?rB{~bS?WKdh+BsPD<+s-;J-S`uV_G?Ob6T5k8$Qm;#G%J154Ot;%_Z-^m6Df#ogfu(LCt59 z7Y#&kFI$5IH!m-FVNcM-m7{DrBlnXtk%k|jhA=g(`nY2NJDW+;o)PM5<&5@K#k(e+ zOKxr^xFJ~2z~Ee1w2HU)<&xQV@~;j_bKHOWRIjS43IRN$=?Hv1g96Mi>eJWr@SuVD zQQX$oq3GgyTm7$m@KWW_OsCj>ZZYL?yzj|Eq?kygl}6>L-|itXEoF~ z4h!v%*YYbX^q%y;zrEqlEo9jI-k07B{W@8l*tkzl-X;|;jT5d&$Zk;6U}N*_n~`-h zmq?WU^V#C|@&q>lpWTv1^H4Y#v7}M9y7SIPPMxRqgmA*8cT;_2Jcn9U{zH3`Oj*~p zsKrRXXhpwmD>_~AbfTe;n(^Yp|L`{Uyt)VNqt$kWU;Do)tGkMjKYG&f=1es=r#m0n z1dmoUEg-hz&CMMh-*nEIXsN63We@fH8Ac6E4w!+`4GjvlH1aGB_gbB5$L~1q`=9%`tJmxGd_1qmd7bBZo!1hJ^Q5mtcsLj#xWN1dB}5Kk zFX;YkoxNxAfr<1xPz*#Xh(7b-ab42=`)l54rx{h*<@DOE?27n4Ompy{0$Q2}l>%?v z7(%N4_sftIt4n+C4170g&hN3?;Vv#KE7xULma|eP%EU4^hfQJH#>Vn;J~c&_k7-OE zMfAK7#;*eNu#AIPYYSSd2g-=bIqI-@8BO=#&`{pfXZ4Qd7Ue@%1?h7O3prkk+-c6W z)qDE+A76{5pxe1~fDN>&N3kvbH;Tw02v}ZjTGj8Vllh^s7dMv~+ch+J{g!Ut?hZK^ zzJEXO%?&@XwGm(an%4n|LXM+zH~L%_UhSF`Gu(bB&6R8P*Fz!Q>vofXG<=7#d>ETL zYgi{;D!pz|eRrv>z{X1KN_d40Q=mfNAzz816oaw=$B=8MT^at67AQ0LfXe%b(Lao3 z{n?TRCkEDH3>maGKfkw3ijBF-^^JJMs=D7fBDRWtAftPVvM2mbcK*R_6~7BwAfSH7o$xxl_`>Tt!Gg`_bzQ8Z^c z?Y8oVm~WZZhtup@zg0DAvAHs}8{`peN26!d;so6X!%8DG)R^i6{CwWl{h4_Fw_&nH z+U4FKI_WnjyPuF0`wZ!)t+(rX)|j&1TGKYYwOM{^Ei#hmpgUF^_mVD$vW61Xa7PZd z(5@N|ch0O3=12H~KsepfUs^_B0@ht@13#J|WOHB}Zm@Zy&dDfHUfs~7+m&^B>0)AI z6(C4LrZtAidZcj{hLxf|H9NcM^#iLZUGC*lk0@69WlrO;Kw-!@f0AV9hoEPrMj;O> z**n3C7j^Xae>=xXw>r4|)1_%<1-Q7_kXN{;uY0)X9`q@(qxTmVNl_aG^T@rN)vG^8 z;zA1{BRekX>>u}uZW~l{G#Ww8%40MLb_{#Us1rj=&dRAX41alyPeK zPv`)o2vaWgis&!3%YxM&j!l>O7eghkPu^*u_|=+jDlx-M6&3aOSB&4%8=qfms~63F z_D-BqR{NFs7%rA=$XpGP=eW{QzURZ#<{OnST^~A<7FiC`EB~*MDJ7^sF)d&HiwraV zNcd}pO}qG zaen{y?jE9YaqEoj~@-B3s4gF_;?1lYSSMo_cP3sJ`|-@3^W-_o^vH#Hp`=L#ZG%e*C z`~Tghcpe4?`i6#vUa^9Mx;VlAWZ%e9NbOvk|AA$v%hLU1w~?p1wm7DL{GWg@Xt6^e>F@IMWI%?cYM2!>VePx?WwM#^YQB8RZqzt57S{c z*u8gS6ED9uO{ni7!nsAHTS40TJ8`C#ASM-y`nvo3l`*9d8G+Htab(DwW4j(9 z_QQvg_A|-fe+Lmv1ga6fsqYaI^NTj*D{)Clj2Lad_da~PB0ufH9|XS?-*$h*5kXzi zDOpO~lG?Ys`lrv|KO`#T7*Cemt_lgv!Q^Ckc(~^s0NWkHNv7Too|3FMP249>X1uIo zoKfM*1hrbc=(L+cbG0mfE|98BwSepRal+bzakH6I*GbI0yBh;`x3(?65I(cIG0Z_1 z+6A6UUY>(GG_N2pagv9=gBq_-wjZ_oN~a)y|z>@-C|T zh#kMM*GjRvf;~?Ay>u+i)1Tl+NcOxgnwvGe?6Gc-r?QrDJZHpFsi^PIHJj}OZA>ig z1H;&)`x0)X>&^u8JefM#!JMDb&3#f#Y+cFh3}l7E*BjHnsC3Q{W0)`{5hK)up<(dF z)mwk&%1H#vTP(#3z9=F|5`iH6M-;=5n00riusY(9*)6IX(*-{bC8a&YbHz*@$bI~E zcEpwdY%^5DpCK$9-#l{B}E5x{K z;Y;aP2o;q+by|4rU=aXjz@yi_J3`uN>*W(TGP8oX9QDN450jGYct6dLDcTy)-`$e~ z8^igthX>m{9FCl2IV&s6k);^P&L_<})iM_FPE$ALZ6D*y?8?4NSMX|vE6Q2w(IQEC zdfHA^?bcWTO7WcY>hbyRr8&RVkCyz4zY@#SSIX{)vn=>6Q?MHRwDW(Ue>YF^WN=b&HhJVfwVcm<;#K73Dh>Q$#hiKmF0_{j0kWOy+MQy0$b zR_YpF2&`|1x%+*}y3f57%Z4h|qf-jsLxt@K_b{4QJTuzI;5K;S11%!=4c zj0pM@`y-(cAxf|b#%?4C{bx;suczae2bPmp2Qy(ZkVx-C+(Rkircs(PSM?a8+3IKS zNccXBVYYeGH+YJd_r1(-l-V(;Pe+iejV%H~n-5MRW0m+nf~@|0bCLyL?&j|So9%?N z=WmfWloDGwd?Qy~!HM7QxYrIuND}fDIOecChqet% zt^cPuI%trtyvLFO*Z`)xK3Uh#tn9lH+HrfpGP9&)dsfN8@}Y2bKBYW8sz+VRSjGnh z-MQLXoCUSpW!B(;m6sI08e&o1#96uo1OP#4SQ&!(xO0tODqIJThDZZ{IoY7#&?6ii z(O}>qV!+pdCGb`XyTHC_8|mI{cbvJTNWN3& zqG@f|xgj6fuz!?-hoFOU|42Y3Kb6o7~ci^QhK|CD9Cn75k zZqZSUCt1Up4o{=>`ga;X5hCKS68*(GoVy(rHBio%5Qz)YgrK8f4>xg19NnA)Ru%K zs^!+4nfDRLieWx`{S&D7%wo3^GRHW;mcbqcUOFmHBrF)0eYD({xIa^*) z(J?Wx%08L?1A%uj)${t_Z==n{K$*3}m~^tib%0U?e73|+5i!~ zx-5OJwI4`g;rHh9uKeD?IiDYb>ERI()<~H2?Y;m_9LA7=;wvPCy%-bApauz78lm43 z3+oFj#`Z0HNkL~|gJawR-q{>p#VXY(fEtW$ozQ)vK8nLM8DIPN=(Zap?uWk4*qfIb zs%U6P6?9!QFzCOu|MGcjI4TkQEzhkYwx`(&T-4buE$-NzJ8g>x?0Y`-Xc>6=&(3Cn z*nR>a(Ac;eq|I=R@mJGnG<-=(%P*UGrb}<&jf&Be1zBo)aTjxsoP##F3 z+}sEFZvgk#vHD%hVujt{iVnekZ<(l;Wcz>ALP*lY;$)nv$<(? z14?N`(lifjof2%$%fL_yfq8cW0=!h!Ld0CwD3v0a6^l+~=T+{l9+^LL_u$^KfU}4H zCu3|V0G1%ol$Zh9)QL>%ykPyPZ{{YNA1ssI3`5)=p29WoGyk_A-h=5{nc;R%jPz|c z`_%O8QmFxKY#1;`3KrBU46v0C&7GRsX12FUW^0|;gSXaO+ zVU@taK_~uZQu||14>6Sg?=?-$9EU5CV!(-3Y;FFj-phnYhY94Wu8^r zd0uuAz6dxzqtl}9DCReSPK1Ae#Rz}ZRfnrkRF}Orf8^StXZFu{7tqz;`DWr&?ISjs z!^!QR7JP0mG=zWt`6;PaUa5&(nH+y3bBkj+_A=I|jYtgCE*N3jEw6Bip_PYrUwScn z3_IOkhooH_0c?)o>X$?J(iB?$iZ^rm!*XL0-X|@6{RzMMrjG*EbT9ClSpc;Tdki@Y zBPwRwGYoA*+@j6XYc2BoH>2C=5zNFFABv6eU+n217F`*-{l5^ZiRzTGnn-T@0sS-pO+qfzrd?RN+xcSbGh7q4obJNNeZAwSf- zztb0M;kqeB=FZli<<;7))Qt_VZSa=-7vTyU8Y&GtlF=X*C&Rx66UB}9=i?GwrH-GJ_4R^gwpd7RR-H6#SQjel`hurg=eoX3q2rY|}dFDj|4^8((nKh?Ee*nc30N6jaQ_m@L`Mdj8Q7q% z!9o9#u0MQs@Y#f=JMDTGVD+)Tzj>nFOh@ZMl_2O*jcLBfdUXO1s;cJ zhDGcVrc!FX1RU@aJ$nfNAeui+Ldnck@X2W&OSyCW9t z4tW#1%mF1myd8lW?MJF&0cD?Knuy3mML4}n$ngmnItJ$!us4aA9DRUg+&EI((_5xc zrEuR7&W~4rpLaO_#e@n1ix0=N)FXpt`V23If=>Sb4k~J39XQkaF<*c&lx>jjpCjZ= zH=+Sum{;79xohmz*tTAKeBzYv5*aQ{QnVO5z{1%$gl@=T)w3qDhlsEaP)nQlEtHi> z@rsx+z*%9@7rE&+Zm%*=ZF)Tn$M|U9g#^k9pK%kmAB&7rQ-d$-5 zJ%mtA2-R=jvU5vxlu2c@$v;QYq&c>a$UerRLHL1Q7@n+p#0Fgo0uIO7ED&Y~awq+P zu30FNT_`#l6$Jwsa1;t_!?+7-*!!0SM*NBGxg^4HxUWu2UCis1msg~wIyipf?d*F! zr~bK$6irT@tF%8({Ce<+L zymZ1sw2ii7ns}-1ZvT?`7u#v%^7LHLe*MDW+mTpRjL`mNXqOH|WEai=67D|cm8hqx zT3d6$^9qfSNS#GUvghz2ZVWr`K^#`L%rAvJz2}(RASi&= z*48R_yQ$+CCutmaDFIM?v-+(RV@OEemd5W!lx_Kh@L+>f8nR4vIhbbRJ zDzGCQS$yfo($@Scb~=AcVSC|!@W&~WqdReYkRP!(GU#lc-bT$Kbi`tdBfcIBgXexn zy#qq3kaBz#f7M78q7~K>n+yEWcs0Inm$(TfdqxKL!B*3bzOK(7Af{pZPvPp-;0}Ak zEOtJT562wk6{&K&GxWIk+;V1mbbw7*G6hJDgX4(LpGSHd_2JRx7_Vs^y}ReCqutL$ z)88E4N(DMJR8&~GMf+4UYIxjbw0Ow5Duv`HLzUH_8#PUg=hFI@w3V`=0>hR~ACm6Y z8Z$S>W|7kjqWHY8`(H$D%@4?dzhz`%1OSEf4)L5`&@H#Nppea;bU9YY$K!v50;|x! zNul+*((}L2(nDWiMCxKYOwj!FNR~=Tc@LjyGxFKgR8>Q^G$r0_{rj?2g8JBFx56+~ zTLVl*AKuvQbsDJB)Mw?w7Ka~taoAS^aetvntHe=Al=kr|k4e|#8LyftJc48>baRIb z^vTxfUV}2k(#SNg>El~7m{*X4-5V?H-Y1{w*jmHD5Q1mFCS5DMf?zPnSt5?Z%9k!N zpe91+fXo4HV7{U2K9bm6P{B7WG=aw*xav@ri6FzGiQVaMmSK(E{BaG9x8I+kFSfR} zY=X~M-9KSH@=hpnbWZw`bPa zO#&(gEjbiG3?74r(7|48c^-vq{ckRne?#@fBbVR;O4U3D11&CK?2A!W(PS53kAhNa zc7sy8W8uC>FlT$ahVW?yTXB`3z9~0o*Yb*ulyyfq;D008Oq}P@z%(7UEytv#-GL!W zwkRH)Gl&GPn7wi_1Q~)lY+QKOH;K2V8?gbD!6c;n4seO{B=uK_K7-AqyXKiN63)ezo)epEYEf-Fk?BGYgK z-uVd<7!0rp%J9tF>|;Ck>?s9#&g!$Q4WsRTFs&!j{5Ed_(&#l0iUzvH?%1!ldMBO7 zL^0m9VwP@*&rIWu;iK@mwyzin=w#MP6$DdI?Kr+Dd|7@PU)+gD4cK))4s=y7Y|*%CiKx-n3|rp z$HMupX17kbq8cP91_n7G|3_tIyTU(Rw9eA{&DTBd2Cl@^3%1zA#my83!V1+HTfE zqNU~dV;f5?+}%jDLTt^>z^k(({LxglyIpp85iy_?VKWlL224f!1({a0m(gk_|lK#7gv?7^fgRd~0z#roG^s zK}V>HRR4=6?g#PT3q_^2Z)~i^amjpocIhr+=?Og=l7;%#`ka5%53$Gju65%nmD|5I zgbvNsnY*Lcg7|~)zm;iJVfx1zSjR9tF87Bm-aM`27y5fWFsWTR)*382djK67>?yQ# z7&I}|&g&%%T4eiV;fCdjF`;W3urBY?GCQy0EP$&QS6=kP6xm0beKR7d)-l0@NsLcV zocOo<0~kg`2qPc>?iJ|SkLHw=O42gP_Hnp(vWcs+AjOV6SbnU7^@Ra1yb&N>D$iYl6p*i{9F|qN8J(7T;#cZt=VCOrQGF8=@48m@HfJhAUHMd>?=+q zdnp87+uMtMtDjd+iC2jm7^}~YRL2hv8m1wgj*KPb%}q|M;IK)%Y5iu>2XsRvc5e_& z;r{*mC0G1vsqTfls>e?T{1N;xyyztfJ%X1GYFw}0#S3uC$Qc_;8ajNvoj_-LfcpZE ztek9@-HT0$^gDONsi~Cz4MFeLQFYerR^CoSY=p6&zCzW}@+F4EfcFXks{{E+? z91obxnVqy2va<3zz#`tfIC?}`U6V_aBl98ysflZuFh-8_l+T@$hL-|@FYqc904gf1 z&%BqppPc!@?;;zyJS}8Z$^xzqzBvohP&0=n@ZC8m6>uN{ojg=M7^N+}P+VHmXVP)v zp(^ZD#RJd&&*dV|b5xuwuCue4wY`_7F+BZ^nap1awRFFzq^CTC5`(}NnfSbf*aa7Ykb&({3NyI}uYJUp%1c|GbCW2#7ul|xqu5DQWENPG)n#=pRW zI?o+TvQXx7d~C_nNi5ZX*BTULF87HeTznC5QenIOIqnORyZ)~zAAVIE7rwPYyXan4 zksv5iMeIO@wT~D_kqzW<+UqprP)_t#-CDY16P+q;96g6$dxXS} zk26boC0t3o^utZO_IROF->)Wo7_>3C5`98tqDUi$?t(nylfDC7r5MieE@Eyg1KDhK zbu>W5u4D4sA>ZM%VNyV+!ctA|meqMvsJC!nuYdI`wS=?w+Ct>$PP?P!kb^!IZA5G zA-VoN=I@Nz7A&~;*i1Tf;&*Lm#=l)e{ko%kPo6`8BNk5>_>sAzB?Fty`};)&0}dR8 z@%O$C9IEroE(~VlY1=D}BgEOZ#j4)do4zJ7!izI@Vz@No${xG%a*)epd&qPk> zhu(*<3MuWXt?e7wt!Z$rL4QEjMl7$#1WjDgib-R^S)GXE(sVvDELe%+)`J>WH_@XcY5Nv8CbGB@- zUbFNcZC*Mdlw(MT@V(^aayN~;Q9tT>w6_zkBk#FD*F5%z+5Zt^7yP{Lk7de!Hu`f> zCnko^O*DsChXjmA=&eK{J6ey$X9Qz zvJ~XhIqnF9NP8o?4tUd5R5TiN5Vcx)J-K>z^)>xw$-N;ZWxGHXRaJ?j*MP8(x`qc%FX6#FB^N;H$@)s9>W3g* zuWcFFaawVsig-wEU0rwDt>q5oWV{$~)crHUMo_@0d#^oAaGNC(0Jng8LKmBK9Io z#3&pggvn*-nYz?PidPl1Y&kk>D)Qi`}dF83ew}L0Dz!ugTsCB zAOSdBJvXPA&o1 zhy^T~1T25>k5N-UP<`wvUiw&_D`u%k?j88hPvzR~Q*`EJd(GNeH=2fa(pZGP?IATOBK?f&? z0lliu3{qorVv{mLjP)ggyD?0kz?3i$_29#mwQ!i^unpb2Jfg_VE;($v(1B(9K{Jj`Q)zW8a`} z-A;gte-7FmFC$InxTR7DD6t@qV`0tNFuZ^el`*%cq(DQ(pyKJdbMVa@*7z!NPMyTC zM-M3RFN1H$6&Jd>4H6ZGc=o&=iaZ3;YhK&PAWC^BELwSC===`R7wD^@13P`;0-T)w zavz3UH*@Y0Zrc*H3r(MjwlsjgW<{8S_XdX@-r5@Q{`I4I{-^QkK=s7ULY@6dlX;Vl z6mwLOx7jHVq=>G4trt5X=2Us7O^VV*S=P}-PFC4*hsrH;W&VV15i0a4p4;q6(uU@> zPnJ#GQ&f9ra8P{M z^pssJ<2l->5QU$W%u{;%@{Akp%37ZkUaLz~)vKX%@Vb9Qg}NcyzEfPZv!f-ACM+U? zUs|N`{jzXWGY0|+%ZKFTEND!NC{jJ{b~RkLc*t$AYuEi>996I0V;FhoZ3>^o+LZB} z^0-K!S&P4eMgJHxv~2U^GZ#g^gFTl?|2J#Hz{HSQm0^`1|Ldhyjcb;t)eXnn!yEH1 z)m>BWdh7oTPU?$2cePAFm}h2Nn|xLq{D;728Cs{U^ACm&aCDTLjTU^#WWP_<@LulqCS4-Iv{TU(>gvjhSU z?U>2Rt4zGif3Mv!zFOqv*ITgg>1C4g?M*KVIm^bK9HN+IDa62a?3g9H0KIurA#=cU zXSp32Y@|Uv2jQj1%Dm^5yuW_A0?MTDohfr)iFep;7X1F?_g}mL@9rI%5bNzz>j?fP zAIH(t+uQwdu=RsU^+5U7HoE+S+Ilq}pFiC)Fkhn2c2Sv!k@0&WoA&&zD&~$hYj&0B z*(*A{(WWXfK@AD%>EG5$vR-YpvNtw0C8Q)=Myn6^`Ow_kxg|={oh1^?&(G!88D+XT za&vR1L`|ms*)?DvM{?0b;o`+U{Zo@+z%OBn-}Fz(jXJb?fB9o7{b!&KyKWo(##aO0<0q+#}M7B}~Wv#1YW{6g+* z>hdaZ%zU9Ry&;8TyS=F6ShAw2wF*x(=a-7dE{S^L4a38{p`-kBb1cx$$9`RKFrYmV z-}c?*l1>X}i>1G(Hg&2z(d6b7_#~F++vcC_}aF%532>_dztR#yHu+4#B#hU zJ}Z*kU|#aorK+e1p!vx&Z zzrHZWE&U;R{-trZ#`Q1r_7$$*Tzrr4aC6&Bcl;Zh-1c{4zO3*m4y=A`Wi@1xwgJykPOGymO`i}v^`O)zhC$2hSa{#EfCbJ6$Bi~P_}A)n~- z(!%8c#lc>mY20N!WaQ{Ud8$}8AiKPue^hd;oR2Vu>x`Ra^VV=7xb*fTos0{4KW3+& z)MVXFqiF&ZVD?%+x_kEq!(neMB(rt6_RhMLol*XA+j~Db%AJp081@Fc@iYw2^1{ZD z@ZNe*LVWz;!|)KMZ0Z5^05={L!6>%02MzlloMB>QWUQPRyjwAx=DrnNAbK&@;^}Gp zZ;V~Jz0U*dduUxtOCeHxoDv>&N>I0sHP2u>G{eNrrl4JanDnwRV?t`;m0R}YJMUa8 ztU18BH@L0nglY8S74GTrY|^6FEGjJUum1)42QAXEsAua0 z$GRmoH1Jp2(_z---PEhG{SS_+MAx=jeQe?UHVlw_?h>xq?$cT*6e z<6i#u_7FE*&kcQe{ua&^5{B8={>|9Tf(UVMrY3~v`^mUsjTP$(J-#a~@+?liCb;;B; zvpPSyDj;Ab_o7+s)(h>&(VW^mZA%qCH8q&=cqM%p=<@F9N2XTCJ+0${4YGIaMc&~U zVXYGqjs*ln8nK@fJPJ|=&4n4en8;ym6Os_R+hUnnRh1MMr$5ZvvGMPZ3(JivTJEs` zfB(9xNc7-JRb67Ly?NNQ=th2g79P$$S$2%tdmL42Gjr?V$#(tLjziw`ExX!#Po8D; zQi*_h7k7L6No41oqdOA%zN4MW)ZkIhH5kV%jwVSAeK#n7WS!~4+u z>L>3H?Nt?z#l@(urj{~xbu8e-{ffRB3>AD^S%*&YFr;C{-@(g^n5$}0jeZmK9EJi&o{NKg=|qXp=T}e=;4NLU7@{W7Um$^S*hho}M0ae)>KMe$%aC9+o{A za=gE|BS&*ZTh~O+M~;NAoax^|9!F(78gq=dYx?;e4m9(*pYisbqLSj-+gkkf5vdZ+ zRmP$$n)rcLC0Uzn`KieRY#pyc7OWi?tJTpKKLefkL*gCXoc=Oz3L-JVZ}Yy)(DXQp zoLFyfFSCRP`NOD(p^8?#<8JpSV-?3qQX0(JDapt3pUPh6XA8+RekjhIaFXut=C;xM zyKv=!UE_>ViC`5|=Vi3Qm6TMLpjLF=W3X@9?c)1Amc)BAkFWx&OU9PB?8D|$)o97? zmk)0*_-m5iU9d1;e#1?NFJA2Cb1ZC@6O8)0wqyYzj*&6h*49q8!0Tk9m4wdK;PXdg z-hX%xS~U0PA8=O{#)T`XYY2~h7@~kX2%%d@(MhQsxb$;fQlvU{qsnWbHtVUXrh7k^ zg|iGz?{J|3@XEBu`8Nf!o2QaxXpzPJAM((|yxAzEj-bLU1=R5)pd zeJ3T>2ZYX>Xm7C{=T3=GrH;&WFqY&Q3*b}%3vl9k*qAVVm|}|NA&+VjjQ&;{KhfjS zZk}A) zj12egy!)K~IaRm8IbS5%Qxwx5$kNYGOiGfkj&pk}GCv!|8H{@icy zhRKe;drU?oaHlrTEnOBd`mmOyucME>mbjG6OM(zQJn!_?sd=^V#CDbFv(d`g(Yz-W z=tbQ_4w-qH&Nl}&1T|Q=-B=*f?_RtpqaxiYkl0SX{{TNug<#_27hHf76Mf?OFT4I+ ztslCzWAYOt5*e7X2-1cI5ZEQ&F{*5 zZdfuf=kn}Hm$FE*m7{NjmizvdmHjBsPp{c6-t<8lj^@fr$%|L@sKwdlRMjI9`Z)~? z6c1V~q4+0+ap~Eu3=O*JW%agBwnL`irZhERtJDvRZyOhy|3Kz{TeB#q_3)dS6?XOv z{d_TxWzr&6aX>M34fp*ST0uO1x1XNwmRT7T8`0E5jMYy;Y%9j!IyeZ=-SsywCu&Nf zPEV5E#1*X;8cG}_0qNJQp))SkaAoF{mXeh>l@@$BXLZt_?dxw({J>nv?FbdT+tb(f z^CLBop0M!g658P6s^|V)mg4yp+Bc1J+7!H%j_K!L(Cim;-nAf_4I?g@HuWHUGa&Mc2)YOdfoWReYW3Uhpx3vIcSkI?VC0lPUyl{8>YM^$V zk%7_N(If8tG!O2AobKafPw7JKKUcLEW)xVyOJ!Vub|J(h}x49tw{08%vNapG)aA()2W^dJD zIA}BfBG*j_|4_%p``kgcJ&eoZQr+FU?>jn{3ai805Gv2Iju2kQ9H(FpC z;$QdjinVos%lfQLj+5`J*Sc~`BcA(XRd?~kzM?U{*fcy#{_kJTkD0mbvYNZSu?Jr; zo;0jJkl!95L-}>^8pY36G$7-hZBU!Si2j6w3SAAlkH^I#zmWGvweyM(xrM~R%gJ{X z3*Oq7JUfG$zM0?Mt8wTN2Nejrg*n)PO;$gT0d~BwY4GLndso1Zw&vuf7p?~cGJ9syIVJgsOOu%x(;{MSR8}X<=CI!habHz z3D$CN7nAb9o2AA5pktCdUX`?&>ecQns;sV{3FgAmw)-J#m-u3vCtW$IozZ4}4Q|?u z$(uS(_wGsx-=RGRj2kxp?fLP!BxasPqKhfqw(RFWAa9~eN=Uc4{3sngI|S~jAG7rU zEE!qaqwoI@N8+vdJ7#mf=%DMkgM`wvM^49a%cxE^D#&N+u!oF!wY{iADo%m0uyCuz zb~QCp|6=RmLr0^6EQDK~AM$A5f848MqN{c(+No*;%|4>pH4w&#cO%~P)}8hBn~Y4! zw)T!ss;YK}_QG>KLbq$(8aU3d0MQw%0m5l03usf$UGH~VVk6yQrBY{KLiw~XLyK33 zn-0!je1|mO=^S;9^TZEI^iMPUhd9_X4IacWX11vz3#{_=XU;=wu`}c9dheB^I60ye z&;&cp{?MK{G=ZrWf`It+`9p+BwUd|$De3c^w(Of;lVQVqcX?FbEo70XIC_f-C`VmW zoxhg9<3tg2rXF8b?@V4{Uaa3F@50{LT-ltytTXgl`8}wGBFRUwy|~2S)0bo;4Uri3 zR80XXsfHyBr74--J#Xf2467J4=qzt-bf;U}+6E!? zpujZRzb@{1RTaEsRwQZO`wrcP7~BvZ&Efcpp|nBP!h$B-JWBUp&L}h`UmjVKJC#EKkWBt|R{QTtPFV18<+MH)e^Bbyq z&%5g4g$maX)z3FtAm@qu&cPes4qZVkK3bP@=X-0iDn=F%K&1ofY?NPPQNNaTWvtLP z)R;!1{~L93q;R$ArR0b2^`dB~ z#v2Z$5x0VX>5^WI8(_7qknO~mQHdd*|(c*ZcCE?mEQUN@#~GDtE0l0m|;R84Sr z9)Wio8@Z-un2LGE8jb!3a31#5>ZG=Yn*b+=$;WsK8XfUHM{PzaON5M?-WDVz6d3fXS*aek8wmbC=kzD z_zF%yi7jnYQdFvGj*{`rlS<>f*^d|+xK}nA)iJJ|qx=oTHBh!;;bHuOl8BQL&C}bL+>7Z@4*GpWZE&388oO{q*-`w@3DYV10+1gX3tGDhwE`YNW|b>4n(3F(kJ~C}xdx{&{0x0tQDxB$++E!*#j&it4x^YY|0! zn~y;HhpWe9RZ)TP+KK`^pOV~S&d<+x^YCz1)1%I>7v5s2=(@enHbd+3(NwM| zWlV^`p!9ZTrPVx`&8f0nDozbLJ8y~YL*1HV#E1X!quHx2OosAu(+Ai}%9}?RuW{UO zvE0lqOjVt1QWZx^2iFR9_wjkKb!6V8n~p5brOgLR4Oh%B;tpaEQdQ9b3u6M zQNbo&#ax&X(FlS+0?`ZxHdb}CavPNfhII@jihycGP53xfun{0(Adx{)F#u$pu*m5n zPxbnri46FCrKaN@cS%GL%@eL;1QihXQUnbL*zC^_ie!({o$sm=!Nz>XDMR_ z{=U>KsnWXFExN(2U5vib=KI8rVOg9cTyX!RHkVgdUB5{B4omzia28&Ph!ysu$n5bs<;&pksMpyQJq4ua?aLX(j~;8ffZtrf6X=jfl`hvxH+8^Ud;9={0QMc0ba2IX9{1 z&+jWggpgz30+0d}M0mZ<(Jtv<$mp``;L$=#1U}BXaYP!;F@rE(YP|2sEzigz<1=Yg zMTFZy2>=AY%P(R^1nhw;!XUhpuH{{~f1K|fC>h`q7nK~Y!%K^PjaMmN;MoXrCjZWi zHICn7BL!+7xOjxh=H}I4U>`3{X4LxI05*bAh;#dpp7r<7D(fidMGIhRyjJj;-&dtAxl|C8$-Tf8 z!eema9$${^r_20Wx<+lABzr)oJihp`p2qp-`rjv#uR)913gTkkyGF9SOY`UAyDy`` zO@|>ZU}nv$##buudvuC~N~Qs~7B3wH_!(*51A#OE&Z_Rebsib>LEa!e#oIaL9lf+9 z02NR_IsEqrO~>kg2d0@A(Rjy?tVI|9mIg+?_cVW?#^%)et+eqUf-Um?h^9wUx3t+o z+*_9)ey|J4>z;A;mdw4t)5EwQ-bY(rRlfLa-dJswLtE}eK{}w>?yrk&oL^a*J`uPE zO3bypec|i$wL&W#TYjU0+V3RJ?B9Rg919jjH9%)>H#5EX=ilVqXvu|F(x1!p;*`9e zs`M8L1a9UbZawjWniR%iumH((p~7j*N_#kI!5% zd7#AN*qzIyS#LcrjhLM}-D(hmI(*Z){q0PDt)C3mo`@2o1AdEp{EBFAL(gHK|_h?C%L{cWkn&sZb$J zv=8tU2BBUz`K#pmm(3NEE83!eX7qXJKxWf~DgX--7rKG4s&u+ie$+qYm|iO$VwsFB zEHQx!R@A5D?Y-xhtLt)_q>80;R6{cdbc4cq7S1u}7vd~lshiI_E)?iwb(2a}IQ9-55!Tcg3t!P^qn13|cl`fe{ubB;$Tsw5y-JM>8OYE&> z%mdC~z-A8CW6TF=$OAzA&}%$V6Ay6DK;2Po;K0&juswp3qRoH*GP}B#0t`bsTG+d} z4@YeC>}_C^r%x@nPufSd79C4e=9fC%vfKlk={{{*0Y;7fRLx8BufskJ=s)_8!kbiZ zci%5wlQuefWplb{Qxzz;(7<=`-C>tMEDOWaR>o9%jXJc>-4~3z~S#& zaMR77!A*%tDe|-m%U(ChznX_KRochdx+N~Ff;hk)tCt=c!~JKM^myr1j>gE>T|sk> zE;P8o9KRYy3N+(Gr;`kqcfYeT2@B2)8v6FumY-izFs#dxBfbq%3>z3dnKMcpRCp#C zV(*#{HTOm3Mk|@%qzw)ZF0S7Kvm4#AlQDcEGn5IWQCHLzv9#reL-eeyV};e9+p6ci zC{Q&kBw5K7yPwqDIFZT$r3oUk4ySC1LA`a^6~UxW)k}P2pEzz=lyC!~PoVl7fu_sL zn$>!-;XBiw<=Gx7f+7F0^fVaw|oOmxQ9s?%f5&pe>c(aMdsOI5`9kJ%z(EH92R4lcE zG2a<@7$BzheCJfsQ0im~?>Q~(nEUlvePf816zGBKcX#yjV-;x1l4M^Ovsy4lHqbNw z*z@Sg6S`WN+f6eKw!&8glgr(i$^hRjg&{R;hmWk@LIBPLoyu2NeW}Kha{Rk&>x?ek zA27e-V(veccy-^pByKsE4Q25f>1hk$q)!Sp?Tk?}sapE_9=O}3Y-4lif^V(8 zTg9EpBvTb3Vd3VkBY_NzjGU>eR|FFmJ!{-NZqOKpR?yxr7twfSOsPPX^)^VcfQyn8 ziNdP9bVpx)S`h>(0LuvhD;XJ`r!^NY=!j9kt^!{Anvn!gtldb8UVg8MmTX7zrNbHA z@hV(2_~huVr)FlrOdkk*_jX>&dkVsIW%j`)!yO;3L$sqg*<;(j|8#+p!AEx4>+bdf zN7qPqf!xR2v%8O@5Yf?15DpPr+XrCR;8Er)Pu|$rU3FvjaaQTI0*McIRrOLo2`{@f zMRNu>>)eA*m5`Q%*;2&i+-v&QfDTdrxMHS_+|+-)%5~qFa+%ifJrquT)nD2%fl$Ws!j&-gmyZR6X3tF083C@unw9%#8HAOhBATmM|(k;sB>|?ETRZh&4wTbA(vZ? z8kdWKF{|2fH7oi0(v9OOWd3aEc45EpnEQNpWc1OhC56&~+SbL+POmX#Zaoe32zDeY z%#-&xqtrR+Sy@T_DZr>X2$RJxu5UvI39mI_fg{WzTW3`p09PzKT)v-x`(|~ zBOQ!84;Bpm#RWb!HQiIS`wszxdsC=pQ#bS`d!q#4huMC5)Up3b3Vu(99#uVimd$Ns zV*)?Zv9!Z!%PnN35x?(+G{{+M(*{|_U+l4>Ol!XNw$!9ETqUq>?{Z$=vm?z)wZ8kd zNgjQK`~}Ec@|!nmlw1PT=JyqDk{hSXizc3}pxm#`PSFnak5iwJZ0T2L@*qict%ev} z6HYkPW>nw(IJ*d>=bDNN@8tq#BHz>HckV2?eT^Zp=lVn(_LwySL@J@L2dfH|1+GDo zC)aa7*dH@!jDU6mx)>eO-R?BeVDU5)7nevZ4ha*QR}B>QJMXK(S5sC1<*hQ z)-kix)L?~T9+(HM6aq2OX!LWyHvAyo3#}CKeiO!azXJOgVRes~NM3iEL-Mepqo5#3 zdaWQpQX|#(MrOzDp&$NYr08#Wx!c=NOi;9`j}kkS&}qdVd#a+4`QusffNYBqPxM_2 zhcM_GuyhmH)LowFwyR;xGUULoP)C0JW`{>xZ`Vg5Eok+*g3C<5h@`3+<%nkY6^P0TzP>t|Cc+QHcW3`8Qc-Tx5ibEy2vk$6sNrv%G#HP#oUxun}kV^*jmS2|mlUN3#-V z28$i$(4p1b@Qs_AHa4?+Q2lVvr=WYieL?{2Q!N{g;Ro~^V!W2tnIdvy;!6)Z#kfX~ z24@q>AsU4EGMA2lihcTbBFJ}3#X0EZY^4a$4+VeiU(p3|(XAx?aj*HmCq>sv+U&dT zsE^oL>1n4v`s6a+wmTa1txI5mc5QntQ?Kb{P3eS`44DA`qt5Z<)YJ&DPGg3K&}IE} zbhuyKXeE^<5a()t`kg8!4^-s%_<>>_2TK=gU3$4t65h^E&XzXb%U2qI{v-+xzBO$U z4cKahjbbX+kBJ1@FDEVcvn9&?khP&D_{0`-zVcLoZ1CXSS2^j?u0tz&fG7U_mwF;S z&0Cg}>#sLH(vjoD_V0sRbx1%5dWuS8H9DQ%UDzJ4=U|AGg2MfeLDDs@C}U@5$>*V7 z^dO7?rewdH3X|;BLv1}=J!L`pi7-I^gJT5c2eeL2Q-?OLGX!h-+7aKACMCM^MJ0?q z>Ws;oG@uDHntE?;bG}kb?>3BXqml``$qE_Zk!DGEA2E;-3kUYfDgx z4Z{<+Znc6;wJ#HKFq+%%?~a)pz;?Q7m=gyqte;*9kU}hAVN*T3Y9(~qtSoor%TdX5 z*nTcZzq{~JZ293@MJ(Y4{pFbWmkvJDUA2oc;v>mRw!5pgTVuPGiDMPMge&wAaKCa zg#K=?y8B#@K4uc7jBzp+%p9+hp`^2`?Pr(!9^f;Uk08jvAiMtcl}n9#$9J) zKS+=~#h*82<`2={Vk_5UymQC<8z?v zBFZ-{Hjz-OeI@X!a}u@I(b4gJRu*|M7bG|0&8K{J<;z9iY5RE-f3MPR+URUx{+mvI>0zkg4vt7n2=NICs+mkEo8?k$Lz zh&z8pmsbubp)CayMqO4@y?uO(w`z0H6>EO0u@I$IT68HiQ!nz-CrRw_eI~XME;fE( zcai9hH=gZ8VDi_r(_4X*k3h6P+PL1< zAM$5y^ht<`V-43lgBB4AMz?zpV@j{a#A-w9S!V)WVlRK|hvn;NMgTKm$V6%@H-6m! zPcGN$>+Mpwg_Ts1JXwNJ!j8!mlFxO^3kxsGPcVi+!UH8n_V(bFxFXr7)h$|wZa6z% zuD(s8f9GT}J9DF$Q*Xojf6pr@C~#lBdR>_E28HCKB+}|@FQ97Bu_@yGQGQEGSuX@P zc1o8)ULX3#Bxvcd(K9kC5)T%*50sj3mkxZ1xykC!Y;X#FH(nat!hW6!J<;YpWi{iX zrYt>ywl@UJKen{+b%uvSLJHaxjmyuEUES>f_!G0I!ZwmnWx%IF$pu2JZ@k`!A9958 z&m$K+htwZ4rR%Uo`kw%y5+7}X39fO`J~E{lmlGBN2lZGb0aSSYh3iq0g_XnTk;amxktZ#x0xTMISSBe+O{|}E6e5>y+?q$o_7Fx zKQ(o=n{UFL4h!j9Dv32LpOGPNZkBs?j|mv3=7Z=mS> zHfAb@21mmPlCH<^EV;Egr>BRW*(U^k47>OHGy zi2v8r{@}~18e!WRFAG_y6WjIKXn!hN%Mv2&&`9*$POxP{bnS|iv^3Ojo|AI=$r%~b z$qdUd)OcdYi76p<2CEd%t?GRntB6)kC;Y`v_`1#${S(fPks8JwZmrqW?YkQl^IjqF zt0&%Ouf3zLTh}1Avv^CaKHhb((Yk0r3Yub&A_!Gmp5|?f3M4F&>Im^ZQr6ixv9l0z zaWdzm5l44nSY+-cA|(kHGYtN?HN$S!HjX7^(5-2MF zGqw}a@=qK}o(+s#16`?>af+7qOjN6~uC`pO(*-^KlTbHH`Pz$2j)$?3KqgvkRy*lr zz)gcY5Bg}BorpUDBliV2-9!PG% z#F0F@W_=54w46W&z88zi5O`9&M>I zjz?c6lhz5D#)+T?{LznAg~JZ_-)3e+?a#>5X$Ix-E0XffS!d1*7wvziMv)SQ-hE5+ zWu)N3NvIXuE(r)U|M*SlORzW%jVeQ82pW5fsVVNPlTA@mmk}uR{&gox{4-(}WZ;JP zaJoMKaQTr*oyytpR&F7YR?M&jRfqg7vSSxtDW?PZeGO*l%`cPQULi9pi~6w@=D=7V zAC4&5pShYqjED~q!@La008>IvAH6ND;h$!jV4KvU)WW;9#pk{nBd!B2~;Q?y^VOs|>u&})&VWjf!+!#`We@TmNcAU}P_j&&pAf+AB(ECt>=ozj=9VaH28=vcFMWv_z5Iy z#*ST#kOkG$Od|eq#0k406d)q5GeBmbzAJAJ9Ki7hL{9uiM#h~o*U#`%h3>?o<;xyC_^Sy-PWxwVM2UV&5avK7(bdV zeQj`qk%n>fFZ3h`Ro18r^y;p3eTSP1U~LD*8hY6f(+wvfKrviU>ZKf#?#aRxyL{ zTgQ!gvS&v>sgI0upG>84`yG3HslvzWUjpulBxAz3Ts62oUH(^Oe!M<*P+a@|Q%)ZL z*r8ddGtW^RHd0g9ghT^#yQiq4wRJqF=y~Gp*eCxDZ*c;UwYTjyQn~G$dxMNYTef47qkfy1E0NzbHd$MaM>7mfr1!&3j2f|M;Ux_8q9EHSPi zXp|uiMf{%;Z}ct3<ex!hV22Fwd*qDO9l->rL<7BjCDR zQ4uMRkr`@`1XT?1T#o3U&|YHfY@}Lx2{B>Sn=sbH3UXv`x|IW<3qfZLP!{v{N^mgV zhB2p-qS{&k0ER(QD5d|Y%M<$t90SVoAS;P&B*;n<6Ahi59#;;A|4E!Od<8#79xwXX zyE$6s)4zv@oxAf)=S5NS77je3epVkueor^xj-H;L!8!7K-ZsZ%!bl!p2Y)aWnSO(c z)|gWgr7k(={=7HC<`&i*6Rh2jM3~ z=f=tP#QjePgkM9Bg^$O zL=aGXuAa7iRap4^rcr2WDhb34#f)a?aD}&;XxvJ}`Xr(orvc9K zm(fFaqviZ7WIK$NAS-u5D;;nUFa}$A!2k3UX4cj<1_e!IZ`H3Q`@((1r-gCO*?DEA zuPPA;$D227IFlHtsL_9r9w8%{YBS4v_a85w+xRQSO`D)#bD#*?f92iE1w9oRjOwzS z7cbhwMgiFkZgt4Tz_$}UI{m1c6ceNSPm3VEC{>O8VE|y?dLUnUb1%@@Y+gTE-31x)r{NplS<~2tPmf z`g$o%J-zE;tRQz?%4Wh}mwlG1x0U{%129My5-$Dw3) zE&XhN+Ms6Nap8~ZRhxINcXe&`B>Ip=urE~YEG!ca)rkk&2eNPi)~|+aPo#K`pVuF$ zKES9$b%pC2;}{l(ULgcthlp;nE2M>UR3-XsruigSRzBRFP^`MPn=Wcov7!cCv(*|4 z0q1w-=E)EFefjHFQBg6ST>tww`~B6q@%i1geOte52}!40PsNsEJ=a;P8ru?g4&wEy zTJXE*`H=7)AlaGVq5A#Xt;RK^VL37+{3ffQ%M5ix2;&5{J`gs+wzRbTLrOxt5wW(- zk+@T_>z6INvoP;evc6iiL)*5qWx6#Da&oa@$JfVgIFXu>ew>A|Bx-#8Olet}eVI=2 z_sTehiOs~k9?l#MtL^g)A=$g`NITNKJvlXHU}yJ&5Q#%*nF&FSTeCwu7xcGAsR#w* zN0BWf79wKNKw_smVJ~V6?xkAS%4Pbw;^lbH@tp(f!%w|u;}~v?j4Ev`WK#zw&_Y9n z%uRs)29Y9UKz^W#2igKgOCvM(tYFniVqY@fYX5<`SE&UAi0kZqh4xOzICXt@KXtt; zj~ixBGXynB#>@J_o|37|qWftSVB$!|JA+GfY;d*Ys2ZetkC!t{uSj-mP~438LaQIa z2q&b5wh+VyoqdjvQpe9oNk0Ln^Mn3a99I;~mTI!|Y!LR!0d0op@AuU7m*9u*_+ z_lB{`0A3^1T?2!-Ke9An6yz+=ckBA>3vO+Np{R#->CiO_Nl;iSw?0dhSz zM$;J5x10_#CyxqFuDCr=rm_cOQgqUyPi8`v5tN_68GB+!Z)KZH{$Qs(3}}{4$m8*i zixoFbT?GaPga9xlRVI<8brzV94sTGdPe$+o@_F5P4m9U_#+JtWD7AjPZKyzqJG7DiyD83u6)iTt7?asVELQ>T|2(06XxH4D7x#;FB4M;sn{rk_ALDf?;QU$ zXZJaP=TPjY2zyroe03gl3f}e)eY22qK;q!BT@ss7@i%L2X%2jp`tG9l&Rp{@qtB|T zPkmJ7pEHAK5*!i1O;}j^wWGuSdqZ@5{CG|S!x*-xa!7>-D0)x%5b}=}(-plRjd}S( zwDW%VeVxVlSk+${(VeoypT9$EgjW+omezfQOSv3~_U?I9J-iv!H|yPO$VPrJGAc?_ zOKTJdZH#tkofz-VKRRA3muG$y#JW~abJQR%p0Y z)c>UwUl`w(w`S54mpT)79w+YnN!!|*5c8>NyCV_O%_}C>HatAMIYfW#fV%$u7ehOY zy9c`UT(?hkUbiWpG$DLJy0g*ncQ@f_<)ZT{V{u^BdUKVY<3`j3qq@4fV2|S?Dm~9o z4L(R{HK}xM%4Yd@d{zgA5H@mnk_{Ak4Ac1(D_vaK}GdMH05 zx<~VL{z_R^#}|vTp?6tx@3Pjs6DKO4K6yeTph}og2v?wctEHZtsXA2zN8DA%Cl`Gt z6Wyn^hnj8)3}6#@e+_~_2@L_bY0S9x)0ss}xlt9*?sEGN*w}6%rb|jnikgve0>N*D zND-{pSSZ|Gb=jG|e|&MNY_8|qB{lb*+kMJ~GOhb+?sAVVdVoM-jcv61^H~K*&=IK< zdWpO4nxDxf$Yj29Wb)9*1A6DAJpb?w8(Kh+?hQT*)X@F6$SZdC4l3Ng|5W+Zt1jy+ z;szPt)NiGPlH|BOlP$Tvdo8zv;X{w1YNlFf#+{}J9vUSiH1)VJKVu?MH9l2QeU1A^ zAbVg-R^772|JMS@D_$PG7s4p=Y4p?H?R~yYu6M0zSF9tNjYo5+lOl{+Wq=*T!b{mg z8I-H2{=>$rt4xQBOiOcQYr|1q@m8oz8pawoVLfnOi&iX!f9f8<6*KP8IWSOz?2pof}{hM6H`WO>8C!2q)kyw~;3&#eoz_G_8| zU2!yR;}#Q;7Um`0=i%O~;fhpH`fa<^~-L%OQgcS#Fl$v*1fczcSNq z2m>_*(F@x~_TPdx5SXxAy^u+Rwa~-_5|MP^JZ#wX1SZ#E{d*rZO>fb$b6e44Mrzq8FS=Q9?&(G*ox>$BZZw2tK4Cc-uQ4>2)uF}6d{ zh~d)2KZi`UYQh&`@C{{=#;|w1YVnIJZn%wh#$B@Pvfbb~#@O;Hm*aH8wGVxtt`9Tr z9t;uPA`KDQa^SGU0G1@z~nr+*kiejr1{X1bo zm!jp>2j=b%t?ks$hlnh3?=JdOH8$+bv_&U)9N6&OdDk|;E8H^cTK-sUy++`J>u$9v ziGa2^aqrdAjR;q#Wy`8X8&cKMG=DxYf$#F%o%?Zzikln}gV(YpJi5@YHjR*1b{u>hm5iAck_hm8=9UsT}!BN^W3qfH;tH9)a@s{fl>oC)wg;7 zOwY_PmsfrXWl>b(h&n~xTQ?_C(_OGts!(A&V3qTgFjHj)zDi4rQc+C&iHdIQ;__rN z{ak&oRPpSp5cjEIcz7km%d^7G#7PkqiA)*Fd@cA+nVW~=)0jDS;A;HygakbaakqLG{3RH7(Um}55wEMuSA@0T zoNeYa8kwrN>E6HRbR5}o2Qv<#v|EKJY`6d(nqDsuQwY3`PCv9)r}Xt}9TX#&Ej5m3 zcXoBk-80`S4U7)Jkf*l9! z0Kq|5;kE6wwhDPgR!Qr7hV$B)s&CaY0vj`54Qwr2c2q;%m|7HLct-+(QTf;-nCV^jqGLI%?q(_9?{-lWZW_wT#~cx`?@+`I-xgLIx$#} zL}z!1zM|ubYkzzuu?eBYw%6v_`ti+W&j4*=lMtj~O%j8+mk&{}n}Ky5;=+ZN;r!3E?kL>|z?h zk&jcipRMZk-tU`PK1t=1zUUhKPou=MAgV9=i{)vfF#1Lj$u7x?nbH(Tf72Uu#~?PGjxSUn)NW&lH=Fi{LnLN zR#2K4lUAd6LP<5*cfa_@iRH27zt|OKl&4vz$VPseCK%ZQP+$cYmYUYwUcQdxbWr{E z($eQn$_d7Ey;r0C35eillqU(wMCpYC$Q`i0HH7jeRgVq$W%-m4FM>3XY9TQ_51Ye##l@*O!01bNgjA9;6(Z{`n4$IWRKW)JIH#)JN;B=ZCrk(mX@czMccyFtXwt z8Rbo}%pnuD1d9t?j3#Y^UQTO&3<|Y!G~T!UohZ`bxO~L>L?cm;JTc51C^Gp4MFOJg z970bChrFNZ@%8hbqhmhxrn{@1TT|IpV^@Mt46Ux}kGEE>tLd%9s4v!zi4E({uU}>! z;ja3-yR%bRD8?;Vdq8ykAIA0JePWBY)0UR+v$JywOPe+~Y4CrL0$_8+^ZY*Fwt-K% znoh(lzGY8N^l!!&nTWzVnM*nMg>1bTcxhC@&krAdI7Rq;2ew=k~7w zBc7B{*43GTr`_|WmnjVF?Yn^z5}Ov3t}N1hWfi;e1U!d7Lfy# zhm)DY6w(5uEX`RzlW6zoS@Xm+n_TglGH1B|hwQ3QncGTR6+XBCBJC`fV$a+$6pAvcrrID8JStadh1{g(27 z@uV!us>gqu&c6!gw@cO!)lVT&R5Dd7H6x7*07i*2Teytl>YsB!b&v-vh4kYau*g81 zij}43Gmmr+pHy0VLz2n4yl~^V!{(oJdW%i!BMv1XMy=GsUs%p^Mp*1GiCo7maWxaF zE&pGK2D$rEZK$=fUIx6+=7s(W$q!T)_3i>AyvzN0xSh1M^#W1M%RoqJPPn9<$b7w> zPU1-Gca$fc0uBXbSd+uRXdO8^o1A*azr${}{!dTHVv0FV*14|ccx+Li-Cc2D6_ zU95P@Fm~o*nWIWuC&;4J`Kpf>`**KONpmed6x-Sdp|#sK?O<`r--+e(=TDcd>1cm? zf<7o{Uzg)p?~8mbJPE1rP~J2}!**H-8jX0&5#5t{VQix+{rlv~?>`=}N>$%IkN6i1 zgNOu*wu&@j7SGX;$nI9b7-+%+vh_L2kUg! zbk0+i`;o8bS90Y!gL_~>*Bz+-?aL_gu05^kS-AA0sq*lnS8jKE=wYG3)-|aVj22C> zXtpAbzbOAj+c-o%@EKB4QU3dHF)CZVaz^bpoik@7BaQhF(Z0{j)le>3Gv%6gl3sZESNQJfEBQ#j(7+4D!;d%;l1xpoFcy7|t82-jAQ|o)tenPXyE@vxXl;LA5AAH8r!gZJ4dR z#2k@mYcq2`BCzS`$Ly^o?e)#>$|h8uc+XAV#J;6vA)&JMZ$qAu0+l^8#0Hd3kNk@-n#D_Wu4)gI<464VE1b>CSlnYW|}{**!PU9t)d_ItdmT zlBHjdNeH%}0!Vb9tdnEVSY#BIx*B0Hw6kw!pop=e`axFVW)(e1G10_Ci&TQHn8lpk z%4(r~jq!C!N%UNT9?v9Sk51v@CSTZV>a%(eJw8cbiU1tZnWhMh4er5O8&_@=(X4^{ z3p%Hbr=@DgR&p)Z82Fc9rR4@31F1#EMmR(Ve$)}7H`t^CGN`C>zgh4U;YcMz?~3&Ws5L|L z4XWB?-Q65aS>~h6BxXcM!~U@Bl9gzs>Tt36Gsku@J=W5Bo1-I@(Zx)%H>v$l&sm=L z*;x?nnA_Sy94x@BQ*Gp9|OJut=kZS^Zo_mKfRxh-lMS9lKWd zYrf%72eE;?7yG$>&E!xLw4n&!)7KX(bD6C-+u z_Y6Ggs>D8i9Dbp^?dZ3rNg+u@aP5Y0HV4{Db4s!2U+1G4>5yjlRl8_dK6i9&8S`4q zmn<94oqs5UocsRjWP74o)h3hSMr(H6nHDQ?TilBk$IuU{W)!|)HJ3Xv=dop%sw4IO z%qKHG8VRL-7mN1szZbfDD^Zp+G7x6t9+t0>jX)5n{j8fw{V00|cZ8;(48E3}V z>!18*(^Dg}Fr)s7-cig&eY4`EM2GyC)iQ2fvPwuuzRfu9(jgn+uN4o_(6YU6r9U2`d;_pN?K;`QlQoq%Q}lneNiP<8-ns5j#qS=lJO zV5P&LSXNlrgy0G}xgd;b(2ia&QT~;1U;p9YU5EnOq25QW;ie8YE3%KvqQZ;rklKQI zt1gHNeJ?&yFi7UsmN&lMR1Y>)>k*yml9e2nyvfWk!Rxc!{m)jL*e2=U<8=L@_Cp(U zYw!sYfQ5XPv2@Hy!n7-*MtAyuFa#^xi6eGAxX-4_moT+r(Jnz@y7N%HDV02#sq$_) zg_DO!n3|l=E)#BKXpzUyq)LweY&@~Ga6s(ioZW}r2VZ|(Vm%+A!aTYvH?)6GP|tPf zfoX#Md#qrUdew20I`IbedIxEs|Le>K21PvoqJUw56`+0*`mpk?tTOkWW_<++C>*8!op8L89Lk*(vv4w4 z3gI^Q+~)O&pFCOc@Pdf5z-fnPiaD}-Iwd6|XeV_KN+?GDdmtX|+~QR^0+<5TJwv7| zDF#GDu!m+qc>9k`f~fu8cuZJ&_ZeM>952HD364rFtcOY)_uJ+$-oolu93^{C;t_CnJ-SDrc|w z?9fHkHyq5)cATCqa$FNx`$}$ghScoSxQijbHaGRHHtq6h$J5;gob+W?t@RI;9vLc#oH)oEWiFCpz0FfFWCBp8)WzsHb8y!hD?-L~z3ee!~ z=hNl{PmG=la>0yNDGYM)3gHNsI_gKTZ>gL^#e8_}#H|Y#WR)c^xVZ50894q&$mYIZ z-w)ls(^Zj^8P=Ujk&l@8MlV|P)8d9hHU?I<(bCdFP%L#(uhxtY;?v)=vn)S)pVUnD z=Ze2(4+J10`47cMBc6_d&gS7^Qb3YB)#A7{a)jd4DYB+cyu${ZjpYeJ_a&mB!-vuK zA?d+udmp9>1P5jP(6dibPQ0dV&5z&@U~`hpp?3{N$up8jQ>ZQ)T+;qMIgQX^eS5lK zDPLrOW&6BZywV}7wYhoV_wO0y7FXxZ3ygm~>ZF*-&Qb>F<`;iVUAzQl>{NwYXkFcY zet!OcXeOfDCTa`{x6D3O_*suHyCbwQmvd~jX1ec5c3H~YOpNA)TwKCNjjq}i7jb5r_{cgqwvEV^I0qmBi?M|oq z>b?6uDUg9@)~JYMEn)+uF3kLcsS}18FO_&3lQ1&?(cAN0=9Y2Piqpi|7lIh?7IsQt^Yl> zi^_B5)94-s^Tx(X2NLS%cP9?-ery$B{57avY0*%Wf=4!{tba+pQ#p&iLLtPg$goHV zo-$|`aH3$U1OULV^VjuJJZDZM>%pM9z*G~&oAy3=-Ia^anVo_;LO!h3Xu+c#E1S^R zphP`Yk%@S#$dq8|g9(YNsEn-jRImh&L$F!%t<#9hhW67_lri+?zu0;Kp?0a3wm4fn z8$(d&&}RZPb28|q#jjNG-LYLyqkhK=9OKBu)vHzuF4HJZ!fk z6@TA;8yqsVT!C>fyyLM#hMQY{VZnK}GUBl}=bub{zAT;syTr{}nc6WOL7(R;X$m|Z zi_FL^!T^Be3?K-y5fbT-5m+>0H+-B3(VW`0(=Uwi5ulsRXng{3&88@&ds?8NZKW_0 zPZ;@=@sfwA{rx^)&3Lwa(s}7+z z`I2=Eb-2J_vgK*6eCRp-t%)%7`bS1G`D`~<{cQ2ep=azf;z0z?M%9q_i!?>L3H{1- z#dm};CpYD70B-uh zVcUWp-np>X1Gx>4q{1-TLTZ;Erbfn}#jO-!DS8Bxv;5Ut>8i?V3%Xn}dv5{gf_#H42nxkxar=E8D)lAloI{|n@QwyIUR1q7V$1)Yx-k&61QDc+&${a}ZTI=g` z6WS9)xM`9;h+mBu{TVPu5Sk+aSS>P=MEVmX?r4yZj2PY{&lP)yAta^iT=)LO?x%GI zN~79E*DwU32V~HbW|5&jDoYz}!#gTfAbTf^{7@!0uSgvP(vG~m@3RPo%<`o>+4a-Q zAcM@!ty3#1#!6%Q=3aA`Dg7YW&kt0s>Ehg1e^6x!PSrK}IG^uI|KS<_2u1{E zlhwD5bVs98kgtcPC6wFrDPhF9WS*a@s%k%`l`f5<-BjB*w)o*g@y8ql@o((wN8Kbf zD}7_FlVHcxZPV|%^s9owvbSsC21JBCI+1n%0f!rNu9dB0Vs1x*U=Qd$jpG^y;7>5-ED$IdLx(T}IUoF)Y3^DU&>V913AV`W;w0Cb__=7f zHLbqmXU2NHLm=)N;HIdJR#9{Wh(*YBtTQOzIlAUJe_me(*=#%4!W|TJ&blo1 z-tiGT6D1ud*C@96=FcEN#BUNyPt$F*GpN;^|+&174h;y z-|(N&>19NxLHf-SWvTNdA0+Kla+EbWKj7E_0tLeL+xcpK*yFjY@?plBQW>2ib{rxz z$DW1{)YKp&BJM!dUwS~Zey>B}Lfq=N)C(H0X}HVH6jNtnqMm3= z96Qr2S8y=>c#95|{f#WOfI36a@_D$~xe}2g+lg6kMBBE8(M*}@Lg53cFhZb@<{J%8 zf)|=Ak%dmr)WwB3zWPD;L>1S(agqj8xa=h%-d3!^Y`HPy^TLV^VUINy1?VUvihIiD zM}BD|mqMUL_IGx}*`gE(Is4{>(5PlrsQzalS1)Vyvr8Q8xUF~Z~A%6qA&jj3)mB7#|^zzT?i0Kdlfl*EZbK#%kN0ufS z|9*BR6F@uVI^cM*3JiwH+QP!~kZd$dhAA|GbHcI%0(6|fsn)> zbjMo0t~OPT_ttWSEAU>i4@gawq&s$2G?5XOiY}8HlY+}FC$m#!i+B1<|6xO@R9U>! z)z;o#8d&VFU(n)>m$e5N1#EXg;PS}Irk!BC;LLNWPmSXdv@0Ahl}lc`*?eAl)5!wh zGQ0bHI!QrO@aFQnE)M?Kc(4(mcNX2~5J)ae$wC=S9zfusbZBVD($6N|-u%OaXSPkz`_Pr zX+JC?bD2N&=FE?#&0Z}QmqM+~WU|ZDe~8ENdUh2*#8$N%@}8w_FA zP)?`VT|()O+U?7pS?AyTkgakp-gbGi&C{l#K@C@Mj#A29R|e|~5%3GLvqjkm0RCui z;yLzoU#3FQ_~5EX-KTLMMtb^tE+)jdyW88jaLG^pp8C|Do*m6*;hMi+>zi5op}n*8 z@#Uit#K#y)1B`?f5Fdxe;A!P96JkT~Np1c;@SBmY7VB}$DfAC3sd5Mqq-N|KCknM< zZl-F9Q(TT6)Q{H-=`uk4A>I|t5LO7GV^Du4wBq6McQZ%Jdgjz%^9)Q|D&eTF2|E1E zz?6=A?TRA@=Zf6|DK>z<&aBwy^_0OpNR&=YAypZd(F=uC4IQ1~PbH2(bobu6b>!Hw zj={l)1CtWx&Gm10e7xxNl0@}z7;DG3{_EQJg+R{SHuGE9yb1v3!0`dVe%E^+8ftT# z)YQ@;D7P0olrXeLBQD+98qo0Xncqf35BL39S?TQQx`lTqaVX?beO`!{AcMPW|5DyWm zRKR1UQj(Op&OZt2AOY&(pG+Lp=i4@s9qqaazpAQnw5Mp>QWFoNLI618BPTNRXSNAR zv+pl-EC<+z-4%GsUgV; zUTs}tbNf&`H{DBp`Mrh4y$75AMm0}>MUuZIZ@2laQ%Be*0r^5P*iQ)kvwwT5z=3RD#T zfFR8;EX>&*76&y0;R{-)d{-xC^^88P%Uu=)Zv709ot4<_2*W9C#GLe+Q6lBpGaZ=0 zE|uFdqJ>EV``J0J%pvJw7oiquED`)BbjxmeL>tW_#*Y6|zAxq!=YKYY{SBA)SY%Dn z=y9T#{xUMxGdeGOM=8lpMJ#Q%Moi0vJx(e-#AU&UhmBDQEgyh1jxO07!k4I@?)I(^xl@d985K!qag0c%g?`= zu7Q0t1m_Ys9s~qH03)6fBSnFq@z2`v7Yb<_`r0awADcbKsubulEMxP>WjreiunU<7 zZ9&T)iZq3UpDpPavM+|Vn%I{N^y7}75wm+yS?TSuxru%aqo3)saD?2!4o>TLJ?WnR zyUyvNZ>y?QyMbrUm^X|&ATb6zTL6b(I>lRd0;`8c*DoP95M+1c-4}q%zap^?7YN4R z@SbPCXtcAu<17jSbuz=6Ib^s9I48*IpP%;Q#sReAFTn!xkTsJsqYg*v_7V9arlqa* zRfN5SpEwaG=K6f+;U3g@b6lI;G_(!3M5?mH2;=t>^SA(HbX!ees%$IPytZnFb_bpZ z&@%4+kVby!ulTABZ6Tfn!gLVQxzPVM`s%xxBafKww$qv&B)(!d%w!7gz{BEDrdk7( zWp7n2BalM4ryKlj5p9Kd2=vlvU6{Y{OklR=V_2J7XiLdhSq(}CUH+2qv6jzv!QeWg zuc2VHDn#73piy3)>%1tJo?zQ?2rxTUR1ge-gq~X<{Hc!^@W;|FJ`0n&r19CysU#&Il9(`@eLu5NiXq($_F;T3NJ6fv){YB4`%+CvWUG2 zpeJM{%_G30An%v8^?QgqVQY)cbCm3y{NkJ7D-8<1(jEEwz2o74jrv)=zE|EYz-h)E zI{Lb$uf`kv9F;@`gG@BN@gS!O!3qRGYcj`J6O6VBR}=y9(W9AwVlhs{@d;kyoSdA8 zOeE{&qBfP|+}ZB4UO?)R0-yXVdR7&hASbq4W|t+(zq8$0i@o%_=zAn{vqQ}bjkHcs zyxh_9@JgaD^40HPv`m}LkIk*9zIRx+)c_V8F>;&n8=MyrSy0O!^kyYitNR_XB+5YmN?;#6a z=`TI@HiCerQWN9~zx3S>?{1D?1oN_G4L*W(K8!63da$>N+@tsd7lNlCx0;hbg3jjDg|zLa^rifIy>(r?(hDOlZkLu=iLM zE*4`)fcL_W6df8y^Y^S3AjPHRUZqF-3Jg4J9=nI| zx7%j>!#iqILWEmBf0l$H3EC@||3YO6CK5O>F%W;HOlCimN$ER?baiP8$vR;^f(4zt zk!aju<5Wh`iUkd(5YA=-&;6is#~V$p26l0%a$Is)WFEQs7#=y)I|ACIdw=y6+2yvL zH_Dj>q(+DUh>D`7r9TrYkJ+Bk0mpNtUbuEysN4je5QQjO1a5X1C2M8o7XJr*5NejQ z6FCW=h-rcHz>h)=4jz#!jeg4$gtR{h6Wf<~ayfbV@(&|&ov9tt0!ENewUZ8p+%!I; zTcMV-8WAzlQmM-3wN#cCC*{Prp6CQ4bK#z$uhUgRs3Rh>crQzqs7j@Ek_Aa(_SI;i zB*j9)sV zD-c;KWo1vl7xEvG8Y`@ewBnNEL6Dc8DNCX>spNZzq_3TDDNE@vNzcu*((1n*apq(M z)$!diU!P~sV1xc!B)rtVR`PdHox9w1sIY!>y+QPozUP*q@Y1@9oV9VngAm>Ipw+zc@ubL2uR4aj$Yz%2z8ujLuTpZ>}-m1X8XWEu=j}*JOnEK9Kjx? zrDJ4eMG;Qmn?Ft38Mq35=>BS`nsu~d@Ihau|5Jq3I+V0Pw~bK*$uKseo*4$p=lx0A zMkJ5+IL)O#0Y?=RH>Ds*<|TuVo&3 zP1&bKB{0SI3Soe9dQ3ndyfI?NvjP8>P4#aWoMGQJrzLrJDboRLd7DIWuI zNaTgu8-dCGtTMp?1|oX7di6f3lu@Na4+l(aYd`;5Mkh^xNs^gz3oGCJE2D7BVX4+0 zcoKBNNS?iXmfi;b}#m! zSLhbI=BjuRdX?a}?%&sxB8}f}f9`5F(6+pAuD3LlE0&7le8eHBDvfx=1<6g!?a2_D z4L1&`L-HdAJTbo+sb80+QKdEeC7C?ApZTpV32%j;fp|cz?$Mmm+)oJUL*Nm?CMP5W zpt5pQ5Xm}K`j=LnOLdOkGZgBM0hCUVo11yjR#mmR zJGHk#Ya@u^3d0T!k zRbsylwT{xGtZrK1?gTxo$(tOFOzKvX(n8Jnv;NF3vGMRqpbKK-(k-1DgP#n15I#m= z*4VWSZG|AZlx<&M6zD%5+s{uec4a8DW=6)^T#^4!5YgUr2(1)WT3yb5U<{fTT{e*S z$yx@@NV5G((d?qlQya#|%aiTX-gYqUQ7DQXxc>yA`Dz41=4hQ_q&GHjcx1#}9eOs= z2$_pQ`rcGDO0V%!mJKYvAC*Et7Yfk9?C|VNj-tXsd#oMKGj+Sj6=iu?`u4cRw;`3X zfiF;~T3P+P;yy}*fS~J1*9dfK5WldxcN``vPMS0Mxh>%kbev6GKaJEzOh3?8q6i?J z^EhtjOTy*Hk$2l_BAw#?e2QMv#(!@vX9}nvivrNYuVXec+5KZh+t94QtPvpb2){6I z9&i3P1G}=)`+!wiKC~m!&Y?J|o2JyTsdFQdhAL(1H|23Ap66vZ2Ha3*l z57F}N8}CkLW{U6X>hlXB8xN0*e*8PQJG3#Rzb@=bCt3@Og!eJJ(u2O$9|6ARb(^a;9dA z!2ReGZ9=GGTc03i^Od@6ZxKzJ`^GdSu+OXTr08M@`oJyF@VV|V`U-H%Hbn=Zc_2{q z8(Wb?g`0uJpa}}J^0h8>X^lVSYz`jEcGB^SIq*m+ z!E!=ovPs^lsOCC+lWMK7K)q~R`8Z=ulxiLU-WsG`mgpQS(Ju;t)?JapU6P06N zB|SXulM!LF6V`s6Q>qFI;v|j%?y%bYOcL^k63^#mte>{}If1CeiLUU$HX}(&gm)1$ z?@V72R5-`KYRgF=-?h#Cx!zn+hnZw3E2K3L)5@%p)m^w_!+w&D7B*VQ(-0Ek!*uOK zK``XwfNRX=XC$r_n<%9WDyW=`qBTjKj8SaIbUB7KL1G?{kpqDJxCkLXx>&EeERr6( zPv4ts+UY8qTyLL$g1SmC>`B&(K8Y=q#ZCc`l7J96MNM5hzos94H#yf!)&7R$`2O17 zDGvReuVTw1$G6E4gnrwGIG&3N&2>n3GkT?esOjiNFI4^EAB11W*25F*5aH+y{;gd5 ze>8msRFwJm_nIJ50wU4^0wN;a64FRY3P^W%hl(@<0wN7kQX(SV4I(8a-7$nicfNQ0 zy?@TxJ!f51=6Swx@2Bo=6rONn&c)8t_~gpH@Kp0RMduR@j;jN_LAKQicHZj^yugR_ z)=7h^BNi!Q^TNY-Wo2b?$!)3!gh!wljH;^Q124&v5<^nxKQL1jv4V3B<); z)e8*uHD3^de-q|uK~V{%8oWb@es*@gj#iSH&o{pH|0`hs2Ko)aW9c(j$7zjkT)A^6 zXQHR^Hw!t-J-7}+*)j(K8HS_?`P2HL!57z+TlHDNQV)UK@N4Z>F$HS*j(5|4so~sR zcPJ)Rwit=xB!C%qsnbF%h)9Q>BZuB(K8PfR*k*PR_Cv**Hhtj>4e;58h*6oZ3m3Eo zQoLTv=$d9@gAzbZv_8U(m-K=gwC|#JjSJgM+c{4}fn$bH�&{G%pzzP+smTl0Y5Q zvfka(i@xsx6X0Uh{E}p6V18(e&YiQe>R5Gr^hhiziv@S+223T0guMbo zs8~txmBMX!ytr?jt&G=t^|1ozc^z2LiE(rxR;?rZ@aG@g2}LDgGj49QzzjOEO8X6R z0QQ04i0NB`)eO8sWTT88(vdnnp#?mAVEAsR@8S6GAM4jrCoMBu><$E_ZvL#tt)VL za-c(B6gjy0pS#&T<(YE6{r1b3^(`hf08hAq%u~aWDB`d|p)_sOKbWv23->jj0pu6{ zvN-qavTbJ8IAl!?TW$~KW3qIBOvJhBd;AkPD*y<8M-9pP|1{k9*%Pqgt@gR={>3>o zDvs}$B>*T@=t`Uiwzbq^uA(VyBnT!1f_q?pnsmz@CLRg@Uq1^{qWdJ|S!HE75Sco)p>+P=w`*D{xDYv@Ta@#V1SUJvbqir}J*y%+Q9b6;4U?>4U}wU(1J;lqeIZ z6@cYrD;`;O24x0JI(oST@j}|XL2JWA8H_(b0|a==cP$&?xq{-?tHsmL;plm!@eA6o zKk8y~3Oe(k9-RlR^MRqiZYN)E9{NQN=ARudo=`GDPY;y@6hg`OyyBzP87OJHSp85nZCM#_4dP5j(z_97WA6G6?9B{ip zfd_)t%SnZLI`pYyqmp(8&JNH6su$ptjKS=3=ltFDTx7?#hzrLLay?NN!yJ5?R8cFYmRbH?h3Xfue zt^z{oN5|12Qvt(MG8t zA|6Z*ha3RDOOO-y339Ks3_+gP84_aV{d7pX2`)4UngPa`arnjC|KK~JDuo9H?ipEQ zmnV6h`heZ9rVbV@$^y0+-3iL>c*Ek{U+bV)YTeQxK?;dj<_+0@stMtK3w&-NPM-3ng!75WG&fnU#x z+?RH1N0{Ji1W%^GrWBc{L$$~Mj8wVRx)>c#7}sUYzIvHfcZeHJC*ODK8~f_j^lARL za*nBI(|uZ#bGUByS8s{2XXyu1KTv+4Onr^!DppAI6>4f(W7c>0S4I9KkPgPbMlJdl zBJr<_Orow-__|GQ9Id8W%)FjH{l%Uq{Nsn~@*nyA@`=@Bg>6?=mje4Xkt_YLSYAV%fO|5;>NCYICKY-6tMc#n zw;{5ntRI#KN4D`f?lJD}cJMlFkgF%%1&Y!5qa;hSw?JZ3K3&51vA;+DO--^}<}t!B zqSN>z;L(-IEZ{O}R4VIVcO5nkyu&6-z^!cT?MMI=RHsUgJ8Ia@fR$u)a&orG{}fiv z%c5a(Zqk3e@I5Gv)k{LgtWCWQ-#HmpIHJ9(zL>g@yp{p37sReFSH%5$NPx*E4i zUlh}AJjxHF<1{HUgO=QBjJD>tBye+LIL!KXVvBrv`pvQZs2i7;=|Ml)(}OTD{=pau z$)jJnlg244{R9-{5IFUZeH9~e9&WeIe9YtQjLV3(F|&|%_Vkj& zZ@~`Ivi8!>2Xcfi?p^c?FVAOpowcMLTYP(6*W9{Dw^?6s4}Oa??mfv&XGzGV}nnl{oE|PS|+XQMzqRN?w`t=WS7Dcyd#;apAyz@uxBb6v)sgJxJ`&hW;_fd27P=PpEs12Ex*vYQ#i$Q>#Rzb8(jziTX zsQ)2x1z^r}s-|3t`#l^mlYo^J@Ksu`n}U?j*0+L^#sb+hT%Z9k<>+76vf*4+7}hzv?S7w(N`sJFh~|}v zuzT$d(T$&+N%;-WL1Lj^pj@an%sb`lr^yM}LrzQHiDcyzten5xT+cOqh2uQ%pZb4%(>>t-a_#odidygZtz8<@P=5;cE$7|SDpDk^1nuX|3582m&u}Q zl5c||Ol$J=42)q=yt9Q-J{)oNw`GOq>(_HB71J5&MIcg5NKR}=9{PRJe3gH zshXlEj#MdBg-Fn%k)SSAlVyq1eCs2Ktd5mUfLH+k(?fUrOQBUc(pR7IM%L-d%i);& zT2$z;|Lg8wR{_``piiz*geBxJEGi~` z{s`|hHm%8Uamm(dHYMcsou`|#e;*rbLitR`c(q^b6Xmn{lYJ|w&_NRixuq|Qe;yrO zSBMJ}p$?`?5Golkk-DF?FqE(MBY_k2&w}2SKbN6lOCoc=nfh?N3_4wiQ{Z^U0pZhk zOd}}azw-*kF|y3Bt$8guS3%gT{EuSI+>c$8^*&*csgT%1-y`XtkU*Qv=N55%Y(&n- z-!-&{t(&H(rr;x~7M;Q9Z2U@1&{?g`f7nnhGw#|I=9y3CoLFfdJKq>fwd5^_nZj=4 z9sSWe)7!K-&Pj84du;&WVNj50^(6-}U&2P3Xt z!4|0)OjibQ4f!)`uoR;Waip0Xr|X%})n_xKt+0A%!IcCx^j42XebZjJrMUOnkj2%v zpErz3`pA>*{-a1S`*3+a;(Pbir{k!GlMzW@TW0QdyUUHu?M%OO;U&e(BjGK#i;0FH zVf@j6x}pC5{xL5~MY%Bry~^I4OnC)(F;2U?nD5@Y&G-bJ9&R`|yGBUXDO8L|;I~HI zmSc$v8>`|=?75jlM)u#(y35)=KWHKyv*n~d6_2ATQMlmZEGcmsT3<63j2dl*=tvk` ztEb(vY7eoSdFo8ST|w%`xi1x5^uw0f>V@<6yx{SNRH-vxm-#Pk9T7B1mtSMJWugOr z;jHTi)Qqe@sF-jTpg58Bo0#~MA;?C0ODaR0Mi~w}-J*LnQwnwc`aVV}Fj}li6>^#Y zA~f3Og)u%kgZl|8kdW7+cB&g`S|VDfPW#U^20zWhbX|>Lr5_AsK_{T5nkx=Q2(#6I z#56;d`DK9`V9y|L1~D31^xGrkn7pk35xL*BhOAieu?et(9KP~05@ThlJc3818yUCV zDbt(!tRtZW862sIAJXn>O$FyKymQNn71x@UQldz09~6p_r#$R{Z{^UF^JYD1mCh#} z`WA@(?9jHWZ%VSO74ohnF0kfKf(eW6&vZ?Z%Yp5cPP-rhYzIa8C`Iqw?yn_+eaVz& zkz+NMxFEmXT9o2(8mClA=jaGMU{cO?f-;=1v$H3@nD}Yjgx{bIw9@b^W##kBG6r zt8_It@csCVJUs_sXl$Y)>ksZ)mga-oHN!JNLW`4>-}{*G>^pR}${rt+P2^lO~7xKg3UW8?q~MgF!jD}whdmfhZd zLJDLygi?S1pMhz8-AYk#8VXPwM#wH)M)L6sNO^lF7Z>xwdyB7$u|8#0R0}gFxhZ@O2u>y+ZjgRK?6IUfvXRvO*1M zzC~#AK<_6MD)3q`-|_wk3TU%#LLL$#+U)t0G2gLQvlD*?EmlPk5h#p#Jfv0i)3RPUv;M$sk%5NK4GW^!TIT48usGO+n(_v7-~vUT z>7$y-_jKK(kb2%B+uI=&K2ys5q5S8%k*+lob?QbQt9LeQcZuC>r{<^6y|PsD6sHs# zW*CxsqI*n(8g5^|3JD4DnS0+{dESH%%r5wHC zdOzzO7x*DYHOb*8DZL#K=-W`l#FHprt>qvVJ(O!0WR&}1!h%wGCNaUbW-3EH??ab~ zhy5kx=2T@bRE$-Amy`hNiQ>Zu*rWR{yeV+L!LB}PzSj_gO!d10P4-iK5q4Rs2^Nh) z)zMK+Gbf{zlg7`Q6JH>MgKNv;{xCDi=Rp)$3gDt$Xbkmfp#Z8w|M-8g$il-+p+p7CmE%N@EYT|kQwr21^NXt-BnX0>zT|AJJf%E!xUP&j?!$O?2C#ipm&Ro(|dOy*N1+ zLaB#o6$T1!u|(0`0)lO7ZZ!5CmiO%b12Ues zhW#XPJBo=-p>*&7n=8;L+PXlj14UigJm&G+%R^~0Y(!lnJ|&3?cebKy<|s+Hz3;sHvUPEh zDDJ6ngP2zix(aMCe;iuvXmr@W5vg870d!K|W{!HH<6*B&c=UT=eDX025qt?b|KSm6 z0tp!uckCUaEVG~IX)bO|3H(R(YV`MSY(;lzrM}4$ zcH8o!DR+#4jarKI{fDMd2?5%oh+cz<`BcdwJnCS$ix5#T|V5 z$VjJ+<{NOKor@S0BaTIc(va=@R%dNIdQHe(hs71;_IU?DkDG| zR*^}~)R$pv5YzueLLALQt-^BByY!f198c3`f@Y{%O-l?Zv5j$man%D+H#sQ?OLs)~ zlvwYm_ocf5CO3gO-*Ep{ zKGRi5;pa#$4LAP9r(_4yVj_BbUosQFdi@$E(kuT&%4EOHFM3{4K&&Zb`Yz{*l63U@ zsX1sPXI*QyPp^?+1ST{o#cK-o!v2P8#+wDi1W-Kt6xUjv;Lm5`G?_LZ2+x{iangc41Tf4>;8Vsv~$F*(? z{CHF>(WB$z#UsDzx5pJhW@52==Wt^R3J!u0aoB5(7u_!5(OFDZ%<52!g=SEbT*sy* znX<(|)taZ0eLlIL&~4gH+!gUq*}|c&M?D7gw|Sa$334Cg=qufjxIA|CeQRsKSOll|gsvIgk^bp9tn%3PfeQhh`dSE;4L_uH046u>xh@ZSg}wwQB(JCQr|s=q;i8%O z)}wFd0~v!`I)R=PSN@p3De84^;w5DVHD<8CQ{E%}1DCaIM(6~->3YN!XiS?}IXR8! z<_{|S$U|=c7gDn|H*NC0z&3=B(Uvb}AfBLztJm|d=D!f8M((=rn`l1M$yh#a!>v=u zp;ciahJaQ>=n*%jt6HXN+`w`L93QMd*ou()4Tj9-I||8yoq2<1@dj6S zK(L;)ZaK)3JxrYn_@k0Zeb8Mw*w#3p| z7q%TDD1}I;w;J%rK2t4 zFSaer5A`}3L99~D_k@a6uca>~_|#y~?gQ*7^N*dK zkKjB4C>09?*Kn2%t#OT`xc9XXFi5;)O!b}w|IT-LdVcP}uBCREe$1V~meez`(RJ^- zs7)AGLSP5Fx#d~QFJ7S38N|rO(NHF;PQm>#NuMBRf4D)hFDJ;wHtbn{q?ONfteT~^Z0 zmsC@0T$rX&OGLC2t}%+DM>oB1xdQ{f%EwDUz+3p~q%K`T3B&&Z`u@cX-23>^M+ATt zZ(G217?;?lF==PZipN}rXw{qk2oHtCc6(v(onnzAh}FP6;HnZG!% zsom)*;^5+HIhzzjvgpnq6)*7W^gcthp1cq~68i_?)gP1y_xYW>`6geY(#}aq&XA@DT2k30ysNKH#M}EF zOvp|Dz!0MV-HNoeO>udB`^h+|cF2u7FGI3~O;sNIF0DWDR}>NCgrrZPe%qF5QhBFx8fiX}tp3m! z)0+h=_C4(#(=TRl7!%@3VM@_}VCrfUHDE&0oS{8)jdTg+Hb2KU55ZQRr6Thydw>uX z-rN}0PK6DeTlo^lfca48(hqn@Ux{z`OA|HBfCNSz#{lnmf6wDNykBxgIQFV^BEWz; zUE`2~zC{7BfjZo8%?8u|sWlX#XZ@b9cdI6q@`*#*HF?=zq-%cGV&U*v#GJDyfjROF zOc7K^FNA+y9$sEtnb~fBc+oWC`-$q(?&9&q4&DW;Szn4@KC)uM=3>e2!l_rU@~7XW z@R|SXX>AH1L+T_BCr7=+l~r*b+2niVfMsW9UHK6@QXUFwg*dNL8&U*ZiZI4XA!j!v zw-t6yN#1nQLm7nM)VHPVKN$e#hqSjV5d~f;iNfw$oV1syu%L^i4~FApbC z#)BGvwk=Ng%c~;ViV4lHmcIa2Z(@|8mA{U2^IArKFsD0ZZX3e0@XNQ)cr<)v9h9c< zKC}v>73gKGZQNE|du=!fg&eVxu`J*oyLNv2 zOF-m{KkG|2(bKQa7)*h(+1)z>w9|f@H#Zv&DL3of{GFM&&c2%84)2%#2tAnn$=-dq zUf8%e{HHb=g@S{pZ+-Mlvn+egl<--Jnc7WADK9u981ex&@n-FLh5t+-V_-~ER*dBw zxKQvBZJ>5sb4wb_$jSP9jSBf73lMQ!B0&CX&zH$+cYck$(s38b)`F%Yq7(^f?t^4akk##=4Blf z@))VNXm>dpxg*eU>P0T#3zHKLSNg?#=Ql4XD4%&sGigl6_za^lv=^nrWo9<9Uc$;m z60iGFEk~`_pVptTQ@r{zWm#NX3-hlZkcUKYKHwq2wiIp2I>{Bhn1lxiv+I3)aAMk? zQxlPXW44RyNPCGf&^V+*)M^lwIim6K%%(@l+5Q`zfNXyQ zFTxPX{i6{dal04&eBT+b#pEqXMY^AtX?Uy`@>F{4K64!VD?M>cef3W;V`vLa`$B(l zOEA-r8WEt;FihyNiFm(soigk#c7dX5u1$%)HN~??SrKkCZ^q0g!xNh@ni zulqJ;eZRH2ARuNH5N2MNP-vtO>mz7P9#-&A6gQ~%Ag2`CO~?ULFNj5>=mT9dO~fF7L906KwsC9%hc(YAB~L`;Cc zfDK7*@5_NV)d8u5vXWBZF9f_cNS+ZQX28ePFV+l{EJ=Icq%X31xO(Vi8D(h_pj~0R zvrJaxbbi8R{ED)@`qvK_%WMEx^502vZDC--$vm1Slyq^sjF1Tadi5EqVd! zdJ}Lt^UK!^gXnN>+w+zbO{I=)*|3AaqetgL$KDYE0T_VPqj$gCUy^=vYt8RI-oEK2 z4J*pu0hw}L@G7nRxp_V@vxKUcS#0w6nmB z0`ZW;_J9eC@S&h?S|ob6g9l(|a`)+nr;EoSX=iz_Xa4uTMXX+o6^_cKM1swAcK4Le z(V6(wCkV1MvT};aEO9DbI$&+n&(hTNe=E)TYit*J=lWaNT{Tnm#bs?hNt=YB;%Fvg z<1N2oPJ|d4VSKkGX93_l>-+sESBRt+H!`xewf)dzoU6{HYNhtepF0_z4UED8n^U^< zdnHCWPB2cAwLtt$nPw0r9hD19xWDGf=qQPLflKAP=~Y);AA@UeMBhnN>6kt)2FsS1 zZN;HC50qcvwiY)G>&&yLuG>f#zP$Olh|#&40?zSl$B@QGWHS{eHsWo=Ik|a^2W*#N zD|jIw#fA}Nd$TjJ_K1lo;YNoX(eSnfUJ3O}gSFY!r9z^f`JD=^T>})_^UsYdELRb9P*8ZeO?n_AOseGNt!>q@t6_B`1-@gQPA8 z)Y@HuUI6k#!@R_icI%_%T_e5+$m7(_bKm+4GrwPU=gSSViWe z-q@TQ@mt_IbZ&rd$@zd_%E`zNil%Tx8@x@>e-{_m_XfO(18PP8#xA$uZ5YOLJP=nO z-eb9xQZZu+LtGFDm(Xk)z~s$`*7r`HT_06ed_Q+x9G^AmiF91*(;ErP%!-K_S5>-F!*P2j}wU3xPHu;a;(DhicVu1 zd~9}(XJUYau}KF)qW6s({u$(2GN%g{*kBX_YQFwMP90tw`qr&deW@nB#6G1UrAF=G z&X7GmpZ-rP1y6ZSDIO}M8Kefz9!98tN8ejw53QmRY5MX}P3?v8vVzGCa}(v^V->))8aS|E9K6owm}K9a0PML6M$PUNBqV~F1Z{LG?E z3y`ekNQ#A>-9Ey|NLo-L<}+fUT*H7TDhBt8EHu;K$F1Rsz!1IkI$t5Yl{TD|YXKRI zLsnb>&K*Nqa4#S&e$jKS8YfN5u@SM=FIMqvYtT>nLq2$l|&J zdg?2B$K%qxQoH(|^`YN(P(znViM5Rlpa5{Xc$Gi>*Bv#nVwLCQWdFqg_&!sw)v`>v zXhbGk#B98&S|$*r4s;I~TUXFn+!K)C`_`?1UN z3Im7$3WkAsvt0bEnG77KyU#^b$2KVaz!SlgKpodJU|R;m8X$oKG_V=e8#4dB?KMZg zM;|EJ9gzn%x_sSt_9)WimSkNG12RyvuABD zc*!H8DoSGD!noQrTfgBS5fRa=`(Q0F<1~~yR62f$CZ-9-+dfF^+Xh};Wzcf`EvKPF zi){rV=1mwuNR@a75O`?7)mX>-6&j6|Qh||By|x*)ExgT3pmp~aYK~%LP)H`1)cICa z7$r>)!7f0$KqL;hhpEXU@TsWGY;_SIT&kulCkyG)8L{AZPb@qj4FgZ#qqr`x=8dDu z$GNTWacz9WRB+7)e0%JSg@yVO=dzf)TABmjWh7Qp4qOc?ugp1ju6YfaBXiD>N*W}= zdo!{C-bW~yYbfnEHz@x6K_^$OHES7$K^{qYvYZ?{8=s7zkOF8~V2waU1nelR>HN5c z#sAX+l#KnzDb972qReHAhR*xs{DM`w(Ykonxe5Y3;<+ND?yUS|CnH;*^xnMLX?zt3 zPe$_gRp*Fg&dieCm0z&0!~iu^Wp;$4QP=NW?UTl*+>cT(&VFa4l)4f@x?VLOp7Dos zUqAP2gx3wsSx!oa^6zs05vbj7C)4a!2f8gI_n>(V7z-U?3~O%uU8UVLma<(z3vr z<&_R7rWx-gGN6!nIj2WLZ@?+Jz@T6c zL}+iSK;Kz0T5SzFpqXetV@Q)={2)gMS^&mSb~*XdF>AR0bZmJtcuzi7OrUAuR6r*7=wD#pXKX3|NM+vO)TLMJ4F)=C-^nW$3E8Fv< z_k@-C0+Hxw&E1W25i+k^??BXbP+E8BP?O2sY?cB`6sKLjdQT^mWiXjVwGA66ytB0yqYHy8P5WpNQv$ zY6XIxM<3QlzCpJMlO^VMPeVX%=K7cSLgYV#-{lvjo5vVm@@;mG$-%e|kU#_gs{o_9 z+}*!|e&T=mc)sZ^pwTl2EFkbN1BQS2PWA*7FK%m0`#4idd-{O5dK@opHZHjCB4@k3;nCvO%+NX+ zUL4(88)gEr3|eRaNRrDs{Ya6X5kQ4<{5=S=ksziIKnB7HxUOQO4vTUjok^veVQd)= zn`+ozA+ADP3vNARHo^yD(R6U+n3K2O;n1R6K_coinBu*z-R1CB(kvLU3g&yek8ruz zQ@n_WhW5|**)N{IOM}HTyL>_Rv~8G8;Q_Vd z#L7m+MXX-pBzkJe)oNK;h7^LS@{bL-mO9U0R^?iTZ+jE2t zwm%U**-#5}9X`Q$YtX&E&@f@a3GuMSZKs=4jfQ1wZ8+%O|FtQ}4bWX4+yxAI>~G~1 zB}f_JJ_po1;CZUIP>^!;_wZRM6VM5176RFCXk^5jq5!OYp?a8lfkd8WmU;o`n53g` z4PF8D=Th!9umqc2ScOss~=7~ zL4Y9_exEEXrqdXPWqZ|AK@HP|q9>1-wa;(k4QNSeomk%omI&qQHR_m=odzO%IM&q* z?m{f{;t(g2MF+x~Uy!Gy7G)g@FFC@o{nd8}#iAaGrpsS1x*0>0XDCC*ew^;3G5K?$-YA$iR zXZ8h=1PBy+OjWpYqUiuOI565QuXQr=Ng2`eip^WSZ)%2g-7iD;V5u&9^X*L{HB=KQ z*X8Bq<8PZMSm{b=VSUR+h9*`W#4lbkQ;2+`Q$HxTCu9QxmVo@ftq%RTx|n(kTOr z6=o%R)juT;3$Uka?jL(~Rdm>2lp{%)QTBbx7pSr=xuFrH+IbQxo|(+=0)utX+Z+^7 zK)-jY;1zPyTbO9jl=kZ!(k$)Iqzo+;n~l!EzBL$X+%! zu0moSAq*t))xQdW|J*lCJyV7y&II&b-a z+EIB}_?Hekbkj@-T+Gldcu+m%=^!R0C1n=Jx@PeR0}GJizIB+!2U!Mf&HfmriBF)* z%^5^dlf2J~`%Z=ptK95egINC_m43H;ogWa zYbMftY#W^Mvpb5GG4wfLu$y@H&aR(~IwA;x(?cEP1|Y62=4@L4z6dl1sLG%fep#pr zC+4-gp=tl%A)F@aaAW#$s?r_R0(7Vfw4sA$y#!cN5LrT7AmZ$LukMM2*$lLeAAfWR&bF~eegDmg)%Hkuz_J+A{f z3#fCGl6&sTk)T{H_PaOz)N|VqEtV{9hz1pMl#8IKqS%& zV4xpaIBN7?J{MP(K1jH=>H--Pz;K|F($=dUBHco&jPW~ABD7nv!5cfe; z)aRyuE|sbVy1L$a81>G$xC_&NBFVFaQiC&OR8FB!b5skH7r^xYPePe7?ge<(o71;^ zH=(tS=uMYk#}(x9JiVMM;s_ojr;~?P9+nG8|Ck8aEzkzk&eI_Y%pOf=L+^LH$fsNO z4$53aPvYG7wjL-15&BX8EM8!cOwIaxZ^rhWZMo+6iNDTXmUKCt){?9wTkdrbDbAMjAVQ1!@Y$6VMTA zI~(5*ntBUfKo}DhEti(GnQlh$3`^Z?WYwh_QZ*rBq;4ao4X4mPy>pIoQ)c+LDh0*^ zLS1DdM}OS~TB(SQ^?G!pNp2eMN%Z&a{5G#@OqQnt7a4lC3YnD^t3@MfJEBxRY^*tI z>=hVn@98^P#emow`Wq;B;P%Qa+PibtKhbuZk1UfE`zEX&;}5|Rh&kuHiwA(Yl#GRs z)w(eS`n2hb;ESVCyfrsJJfXBmyZRl(>!-Hpqi6|kn!biDni!SAJ~@MHBqxnOl|5E0 z%*w`C{UUA)j*|nvp#-4_o_oRYI6$ccmRT-Y2zS{I39*rAB*wZye2)_1BLkcCsmVhi z;`hVN0EC(7_O8cs4LH}y>U{0YPj*o@kG7g*F<8T$heIhMFUhY1wFVq^_q`S8eIa{v zMKRTE{PHx(MXcW+rgu_@y4U858Uu6;toi2j>#wc?gfS|#50wB7hBh;!sS#{0z`KJC z4SpgZ;~>GeX81XK!Uv(8^NsQM(l6}(Q!4#4evQ3+%%;>q2M!H5@?;1=n~k0bqnf3| zgp$6aVrA#*C0O~|7A;U|dlARyvkcDUrN;1whgYF^hGbdc$ROjF-x#rMs^n|NRJBLg z?}xV0WH8P<)__9*QkU*v2eKwfYDnD0@*t)Z)VH!C{0B&=54vQTWyY@V2F@9M{kjiZ z=G!2!vw!kc*VRty@Vsoz>ngM)%Hcd2CdJs6R0VkJW0xmYC3>&0(BOoURj02s8ChB; zZl3(o06hmJLn?n$#SCmtZm_q=l6eDUm_5I;5*)pXf)z!3a6NzQdiWPWfEs&u?{7Da zlKgqw$K>fU-?yyN2?;g1dC!Hx)VOat|KugvFY~;=*xY{S=>tU(m>e3>pWNwye1R|~ zzUPx!@6#rG%px|pi-y*TcKE=k_=6eJJ-L%`B0C^aya~{EiqbyBkJm&2-YgyGr-y(I zB=h?u#^fk)2nlUh?b3Pt@hBHsz7aMRyynH5Wj^Zu-9&wwyq*Zr?3sHR@dnE9+d|9wyjABDsK zF2l9v_W8n-6wbIYb0wC$t1dP07@;W#Lx0W$LYZ^z_Qy01^i3)a9~Z0)=#00QGWoGg zKhD62_a7r;D?D;IjC|AdUMEC_lVnHMcajg$w0EReB@17exWS3IFvsA_^cKg}8B97`O?RWB>=7 z=P(Oh(T!Zu$f>@lg%bYYI6ge(f0DP5TW1&l=@uzcq)||Fc&79Pax1Pl3qUyl;vvA- zKr9U11K0?l^#HB@mKV}u=2W-hg;1Q4iOH>3p8(RJ!^h5Bu80mf?=c@brb7cP5g)ot zs=Scg4ZB4bPthv5`hm-zlGElWGiEbu#l`k~`{S7- zj*C9OZ8F8=AcN^T(OG~a&W>izZ}lcW%lYRSbWXh*la-TAu6eUR^{vQkF#omwEQvJ5HdoR{GdyLie?|!wCPn zxc?O}gLYcCukW+5v32e~trrLD(gbQ?eLoP3rH~Pz9q_*cjHAPH4_M-oPC;w2{-UTB ziH4EPDNAK$Vof05(z+gWvD0_HpFuJZgn)WSGSQ4NG$UX1rOd`um45~rMJ5dExOM%V z#^k(&HC|4V77sukj5OTx ztP6TRzT{A|jd3+z{!99*T9qnIiY(B_(4Ai{>s@k(v=Zx`4a9Aqp7ADEH>yKFfL!=3 z$m2>w^U}<$KlG3?GAL8ZEGk?Q;8w6zw!?fYJ}yMd9J$cJVEGM@r(g!OfME!%l+gJA zds3wXiNw%Et~v|kO9gFY+MECW_7IM@F+&Jx#Salz+br|NTViwaC`8DBYDT&BjR9}M zF!E_ooNrMObA<&r+1jCKx=5k=wV~7Z9qSKCu;6v1p78(HS{0xu3-*M~Ku^z*z~}fL zlpmmBJg8Vww8;Y)U~%Rm zX$B%$(JZ*b4iR^ak2^W~K<8Jafe!RqFlsqLL7 zUNGiu*!?6Ju3`$X$F-d}TeAIL=0S_c;gx}57BVVe(BG|_VwyHV3@NMM(btl7m}yDp zK#PQ~A4;wMVqe(A;<#T0hJ+SExH=3cQ}SY}(*;6n9`_LssH?!umXL5C0#vu$1tD%1 z&>T4B(0Gk1O_cQaA3vTKYi8*dZT_?ppirpQ#d}8$aLLc5ADnAtIi4G+B%b3ky>pX` zKauBgP*j2SEPBtm-3t9!`UqM|KYrV&a!`Vs`~7nRrfV*3HJkM<0AA+}=Ud9rQVT6* z1cJeaF?5Zt&G0_cv(s}SN2xEm1^u}rV3(%f8~WH1UcZ&O%R8kT=UFJ3rga_Ih*u*6+8eOLb?` zg`Z4451hM`$HG!VT%Og$nO!DMjjo40Gov+SFtqL6D7{~1SC+*hv$Pt9OLyhN*0jmh zgsOYgpP5|le^+gLp0{)F?Mg7qoDuzppJ(+*uNfqtF)MzfaWNn)dRqw==H`31LCdYm z)M-oi{6U(OGSS&Zd0%^T^CK`M@;gt-rlz(Nk0but!0nk|E@NSy%V+L{i8|x z6r<2lY+)3T$pbgH<0S?VD)^n$+AI&#g4(vlpEoMyiEBAG#5lYTP{Y4YC*%3Wh?Ih2 ziRxmGs?z(I9inI;ZTzeH<9F1~6Ds^DMgSK*|Bb^V2!X}g+;Fkp;JCZo(-ASViuC>v zVPGjx-5m%eEXq0k7eN&aMnSkZR$2EUKj$+6n$)_!%f`x^8$w13Uy)7L+*W}ZKH<7W zkX&L=UOK4k%ufM7mNmV+5M-|x@99hz4z99dUWFL0#^3lYVl8mg|mH#d4B#ZF}iiO z5hglfl(ad1b>&CI1<~7@lP4AS$ba+O=F`?rTKrM>boz>Tu_%2Ev`_t(GDkkT?H!Wn zSlaxI?=>|OyPA-7oz@5TOEZrJ1kceNo-i;7iF0#v-$o=gek&PcdtM8~5acD20PDpa z%Ov5@rmiTIvO_TX!=3=EH%B0$nxW> zK6}~VQ%{Q9jjN7qd|VRrDH&tdj_&p%^eLt`Hg_Q{Xv_XX`rNG8X8(#Ek%VZJiI(GS zWumA^0;SZl(8CEq+vz`C)OWALi6q%H%1tvouB%I-8f%%|JUz|wxT_257MMP{aDb1i zNPw#d?b+MuO^p2fmn^Z6s-V9;{Tg20J(kyo0QR1;$;oh?5Xw*fc4rPd+}J5l6nYRV zM|oNY?)FfcXgb4^_**xESd*?#`(66{TKZMo3XM-o0*Bd=;^l&t4ONdvSCC<*wv;OmIkH0Bi{k1kLjWFVatQ#J;+ z=XkB)>7!T(ghzmN+v{twASK@J?rp%T2|}(jPt&6H<=@^-pyu`xN>Q%f(;tAnQsdieBM+CdoI_VRG2xRV+KXko%TJI$ zo5_TAdRinTXYhYofYa6mhl9hzvFU00C~0zuz_J)+Y$-Ma5UMxK^zH3&5)u+ZI{y6b zaePARGQ;KiWwR3N&&yN2%g3Pi(keXoX|$5{H8)?@-1vRPv`vgga+_$NDPI|$*c~4>=lVm zb9bJkMYe3%v+{FGR_Qcv9)cU1kr>VUWE3;PAojdR4@lmp_Q-N6P(l+eOYl;KCaLp7 zPu8Qw-H*R)@E~fP^095>!i@;s%m6^3;qYq1fvp7Rk}&Jf###LdZBhJEM79uEA0Noj zz|0m^{x(s;2#~y6b1!U{()vdxSr2?8iOy4f42&B==XHQT0#tJD;|4-?`E)CsGnGM0 zJ5;g{!puI!5sytyf+*@JrG0#621b2M=u|t0%;|p!7(}N%80zc4ajXhw42|?Dnn0P( z4LzFnID95_)Pz_4ggWV;-LDu9Qq)8Rj9!SOpe4d`INmVk)2{uDU~h1@vfBX`BXQKln~yc6=503n&yDVFt;#c8*F z1U7^UOYHc=n8e0(`0AIidf~wZG2Ec^cJ`!TsUT~j{``|YgAvs0FywWm;qK-Mubdp*QDJNwgRdB~NHW~7lJ_|+dc zv^zg>I|ZYF2d-K05Ia^^9xNx-ZZB(JzbXb@bT_dL+eDGHda2`(e9y#?!36a(VERoy9EN^xs&8;a=h_=*NY;AX{#Ihp86iB&_tzd z3jVpc5R!}ui4?ksUrn$`cEvCwR@m;BqJmwcC#)PFkEysdbKWA%D!>DF>m|2_<0s$@ zH8wK~(qWN;npu_U+4d&Vk+1&Z#OlwVKlU|K(BnC7&r1j$ZHYanr9D#=KE8E%=y&lH zMk>uF5y#=?=d=Gmnyxz@>-~M7N>Ry9LP$cAknE8ii4+n-HpxoJmTVG|Bos+VLRMDD zNX}E?|*c-op7j!L6_}tulE-VGlea-{en1nh}#{@YF7+C;yMtip^qj0dp z9l?`Wk7$YY2}Gyf!WSwW?;_s6JdAub{j3v8RCzjK@Ht4iT0<~%(^eat5_lAno*o#9 zPKZ4xw=uD7^+n>&RI16j*cewm@OJ$>4ejhc+-$$aZ#k^M4AtQ&+JiI)?$d`U==RzP z!{Kh~O`P_fe5X%J;rJm%dNMQ&5ZiC=*#k}gvbL6PlX?#QS!P1VkXENy4DawK_>OVe zmMuI(2)v6pvPLl(JX^rPE+*EX$n2$pIKqgFEWyLFyM6HXj4$wsiYjo@u+fIi)v8I2 zhBQf;-!qNY;9B}}wT9SIfL@XE>M1;dAh`!7{7Tt+MxLHNcEa#iMuefa%qwp;r9RM$ zR1r9J%hB=Siqxt%5(10`=+lJg*~rL??vL!lcFW7mURF~RyJzrvbcM=loPJSc{X5(> z)`Hi(RC-=2>@=UZ6`&*WQz&$prpIH^%B`=Ee(`Du)bQkj>_u17^j#pTpkxu;exw4a zLljWJza*=(iixQ_Pobn5Trlzid=}1RPx=Q>k{?7GVx|xEDqFdRU&dSxS z8*Xk`zxwZ%MfWfBDk6V1eLq7M&GW)na~k-as*QYH#B0XJw#M^yf4=P~@>rln--EO? zev$Kjjgy1R)4CvJJbaP%ijH`DOTG#yiTl&r5A|HBrb%Xk{#YGlK6ln&q4> z?gEI@N5ZAXIB=Htz^*4Z7e7GKkr9p&sjW&b4v{PUI|t3o%+ufJv8XuZz)dgkRg99vhMY@ z-cR=A1|VgtokaYGzA?U zqluHvqbs}*`)m|fE{GbP1){jT;)HD^>7he>VzASk;8b{3@RdJoTaj8w;1l@9Gg+D0 z1qD!;xeq68sq^U^8)>u!?wWD?HvSiahYSD~y1#2{f2){(SOjivob{BR_mQL3)U;H- zj8LS`p4$vgl9^ktubbSM(RvGA*nHE@W>edrCB=k{MzaxOX3si5!$KaEjFl4BweImPE7Su75U|`x+P6OAG7u;d87Q zw(L*^ZeNg^z)jQ`?zL$Qqplk7rf@?FXqSg;GUIwb-H+<)>kHW47)P|EnfdL53zp~d zjlbw%nzV2?;5&-gr0a(=8f#ukdbb-P){m;I>v+7XdR9A(ke{iHCD6h?5=(&nr%nK7 zK*ff`h9j4}I8&+~S4*TWorZ7zpY=#}&1lzT)x4{>yu8BO|LyVWObp)pOhj?g9JGFy z1qs2Nt4C;9xN*KV{L^&Ar!KuYS)dyS(mE1GtOXB#oISIA!b`NEw)Ji$)Oxs*{%4tU zkqza8WZy3E9$GAZdmtWFFo)}}H99gbt7pu{lH2kax-p19VR<&Q2b6loYZ6++vS`qnrb2q^548n?0-Bn>CNKNWT;wMA8&mT94<#5dYevX-3A1;E6iNUl_0@u?}AOx$(Y(^gwm z!%&t_*Hu+W-6R&GRDn-wm@bU6Kc2|Q{FyK#Prns}b0$tJuO3)yESFz^u7LAv>m~2Q z@{{@+r5bm{FY?F!TF%scD07@feh5kQz+m6&mC0o4m~!&geVsobCMJe?O6RPLkr+Qe zh!tblC!zg~12;F0bnk9NZE!^!Sy~3ENv=Ko(~%X`B(W15Mh3@K%yDo)3sVsD(!CaW zUO+(KT;=(ziPH^+ET7|S%aI=nC~iK^U?(`kwj`)^y2dC^a%t<+`?a^9KYwNcJrq5) zifG^R7#FRGxG)O^R!#ZdW19Ddu?k>Q!Yq(mT2z1CK;Qh%z38jit2yME=IBH))PFRI zHOrM};eB{LRhE}N&!scQ+f~C9*#ywE2Sx_AP9k3b)CPhvLHC0%e4%pk>c6(P?s@JM z53n@wkDt{yv2yjlV)1KlVpvVX1ve@SFd165JOqV=T$dw+-@lw=Nx2#X_5N9@wTGC3 zsz!e;rdw27YUr*`Jg?#Qr4tbX^}P=er$HNwf(AycRNt%Nq=@!iE~ z%GA1aF4TSRQF{7e0Ma#o<_KGE&xJn*Lv}^N_r|zE@=BY%u9D3W3hgGT1miL#c7BW*a;U~^% zHT_0=`c;Iwb*I|!M}bxLmLxr%?7Skvs~pF$0`)?h)!8@qR^*R2I5<<^u@$OB+k~yC zips+|7Z2|-MHebZ!LxCh?0^WM5X43G3Knkvm`mTjHx7BRczgpd0sg8)krWF%qG+oSh>PD3+aN(){)Clsb1V z7pd(}W1b4*MP~}hw#eqCA$1s=61k#z=Ig@4E1HLISZ>g9^Yo9bly4ovSSmmthRdZX z6gf1r({rOsQc$CSQVjhqW;dG`6zNGUL9A|W#qRgEMCW{kG3Vja`}*#}iUOZRV&l)- z;0J6$fkqpjpiBTI6Uqd#)Z9Cs@8(Kn0iWHKQ-6Jh+m0gK-i|_Q?y8JZWSt5B<`B7; zA(}+yt)=kQi2!E%$=`=JC8dl{B)i>BCd+r{O@1T*cY0! z8A$iJOEOngRRMM47ZFhsW;6rQ$dI!R-A&JQ4YIBHWAv$f`wq*m!yrU=~;*6%{A(+9s~4O9d{MS|W}Q(JSCo~dSf`Qr(%yx$YopC_CaT3@T|aM^}LXnAEB znm{L(F^G!R{Ay#1qP_*o;xvt5 z4K8`W-`d=gi&xImkwSO^zbTC9hP)SfX-q6E3gg21tn!%mwP=U>y1WQ$yo|QL`beTz z1winFL2e#2@dGcw^B_hKjp}C^c!);6g>jHjm~}a7GEV}Gz0z;M zD3R3D8^Bxj_sI9p7EdWNQ@;K|Tuyo+hsK*3(7 zLkL6_BnuZ8H0pYi0UfRH?T(V|+wZ6F*VW_g;`oaa>Wxoj`Ct3Q3IK8@J#IRo^dsm^ zuY|2=y-yDJhyk;qp&f;9#RV6Kbld7f7S}m6xJ;8;JP3aMSA&ew2<%K@IyMSABSX6n zSy`tn4t6f-gej+lc3OC+Ly?6f5K?k-xaDPcP1jOc$|=F?2O)(JniF7K+*>1#MXstk zEfWSG^J&5qBb&xMyL+b?%>NWS&*psk6x=gC)+jUp>HqdDs8OWUQMabFPRsi4+PAgm zrfe&*!GMCZhH~fq$#92vhc$H4Wzw!5k5?hQ#dFo;27f106Y+h5dQ(If!$j;`(R`Q> z&jPb!o=zr%&p+fz^v7IpGu1VH2^6gfM<@?4SPTr z%D#bAowTwk*K$e$6 z6D`gomeNmkKkD!|YEdgiQZO6>EL3k2EXQAuOj z4aPvWw&A{2%kCzwW(0R6g_;`PqdjL%Z+)PHb_b#s00m&=bai#Tv6In!&!Gec(>>F@ z$@O0h4FiMh2+qu1*7qj|eACk}BAO`ZOOm>iQ+`)}x3w2@PY+NOm=6?LKLr>F@D=7$ zR++9E)sz<|WOse&e;cKIva2ubantA(nv@N<*^eYg7x%e#xlRSzfdrkGr-@#ps{OVt zuaFR$^^Ow3GLC;;&g;hw)Lq?g^tei=WG7+Ug6{nyn+zM3H1b8rh_Aob8=5N01vbkk zApWpv9E$<0MtOC)$>me?FF$01A#AkO(%ZI7856gFy6}+qvI3*mjud)yT zR^Idedk%OK>@f{jxoN<=>)a@0yh@l-dXQkxkkROs=Cwz!zmS*0OY`UIdX~%LLi+a1SrOKvzs!JL+=P9 zU1{EzvH?kTZRzLdA!l}c{=c>vYXS*ZO|Iw|4=eJ#Wbuoo`sRQJhOUt8eExh%n4d5| z$Ec;A8Qm!KcD;!;g!a3iHf|PRJV2YwMGH|9GW-%U2v&!$nvoPjJvBA;9}ZLCl=TQR zouM$DQQ-3K4+hG!nws*E4Fm-A7CXlv911m0IlNQjw{`PHMTO)v$Kc7yqXb5po4EEF zEmCp~*MwhlA(3^}4`D8&myN z=$3NV6Bk5P)gIu$V0+c&^k(*w?31nKr#dVj;aaMYrY&csjPxW7DA)t!Rwo?|@>Fwq z;pdH(|BYihQLvwQw)V#?jz?%XtOZd~Ubjxp>}0i0;z|MO4=&g2QIm0B4{4^TX8|Lt zA9WCjYouOjaiJl1^>TEwaun@LydMDU54XUYHJO>gy!35gJ|%3Qq8W5_zMh6mxXNfo zfUmp7YPqoG;0L;NM2nUj|Q2dQJBy!0c4;2&;{wfh>ny1sFf2^uv#wb;TJEx$$ z7I7&^vW_rybltjS%j|9I1f)3yp7*dsGs_K+k8I*Jzh2YNYDq2VQ@7C(5j$zxDMP7*cHMn2g&4|$_8g<4&MM?_o+M_ z0cWEQ&}O6LuDTO!s-H4NMgIrXO_zZHlOkd+Ha^Z6oRv1>JM#2R#T?f-B&sfxennvF8Ac^QP45w?ZhTg8F-(lpZD%X4Eupa=Znyq_+LNmEVMHN5C z*jpyHjZdF1gIwve6HS^`p3cUw^BfDv+(AZSr&9EiklL(7^>0-RF}n6UEh5?3OFz*u z|LNF)Cy|*Q?`JsdJbUr{H^VG_*pY@ruLh6TW0obtxX}XU_RJTVI~V<&bR>DuT&iC7 z`{;NRb*cW&<3#`T^qaRvDzu)c<|&Nl{&Dw&TSsGN*n1HTskAA=$ipFz79+-QQ0ecW zs(7>WK|fD(z&OqW9^o4+9SEjA9;?jHFZy#~KNrAT)3$2JE`Q`|Sk3$U zE|M|HKpcaOdc2=VD#yXVyD&Gn-t_9r)p5wU z8GqHLAT7GV6mJRi7zlTPO@lRm@}Hr*GrciUU~${_y>7S8vHLAxTfSg3@aD_ni2={= zyT~8jW^TfeO$f%hi!Kw{?B4Wc)cF|E3x-QWN{F`EuI58t&0fQIq+gN`?rvXiT zt@&QBw5DxQK*2aM&{GlZ;txWkRQl=O%MYvYCqCG%3-A;ao8L-qxBd~?^FYH~ zwq<&5aA8gDUDzMZH>a&Q59F|7CkH5}-g@Tw(W;P4S}`(-5QeSc%P;4QEZhE|zmI4z zO}rnfI_huttGDlVQ142-YCGNpb($2h`;#s{jwR=rXoQ$v=jvWTqSN6J;TPYHmly~P zDtG1y4q0_gb&L8l^m+84n!swiKSegR<5n}n$FChsA9{|#KEYa04A9V4sRWn}nP$|X zhAzPuaSLC-#hJ&?M>+O8?{;soTa1ikI9o7Qxfr8pLk?#(c|9;+emIhH%v22B?Z9}| zq~ldinokc@nuZm!FJ@|upua*d2=uySr-Iy0B!1fIdhvEqFauDwbVAM59^p^RV-w z55v_>n8IO_7n@($QdO#n4ZFj^Y~bfT!~XwhmLqen=TEdSO_DGGyRaf~j^T0aksG^p zz};VGwC1*Q_7xM;`#~<;%ioM0#f3zfsB}y#gdCOS#CAVU;)Fr(;<}TiRdUNju(TQ# zO~WXEKmc(leT@KNkvEc;Y``TX8e(NpV2H#sqii|^^ufx(ki{F!5F1+t3HrUp8(l6M zU2iX^_mDh5-g4E*94|kAFq_h|PzBIYVEPu<*V3w2Y0ZC5T>RT+D!Z*V#DZ!& z2YRZ9?3gn8M&*;yM==Ibzy|VNt!EY9562?91EhS6q^u3FOj$X_nA|`+34H_U^(#yqUbq5wFb5XW|;nK$AAX&E|eQ z95>MH%DM9rjm>}Un(i8CYGRy#w8-%S6ezcx2bWwy@8O^y*x+im6uZr|)ej>x&{}1V z4;+3D`Ue)9?h9@c$p@-Aj)4zZ@}}+2`Q>Cc6Ne_I(RS3f^p!uVsf&x!QSGYtaQl$o zkNT*Snc%8^yFK6SqnF`-vj@c-2zU1O>qK!OM^}lriYX&YqL)He;P#+~H;PBEunv6H z-LkSo{{D|>e>;71-8v}b;U0|wh?`b2F>%dr?-ZFBt`-&1uyn}6{FrEi*rS4cd)!GvOq{@eL)lO0XOTyBZK{lCrdtUu-}7>gIa^-x9ea_~$6h&7ari=|ct4xC zLl1hR%+nfqRF6qBlalDJR{QrStE7{9D-E;MmQD?^%ZW@ZLm z?L_!kRjssUd;S&842*<@<@q(KUaJxY9{1x_1Z8odc3Ce^-Na}QU^Vn1*eOf&wq;9# z3#qDz9j_Mv6<|y_OM|}5?sepno44F@pKenMUH~70 zNxD>j{O{nP_Lkegn6!OztJ&PA)>A#M&9ceoZe?q8UyPK)wRgWnr&NJGYNjVgmGJ!@ zQ8G8`v0hTt30BR5wequXV>5R(K;sfU2FsCGuWtGKO21Gg2rr5oA3?GSJBmD=>>GFP zyPSGw{)$sN=8naHyzHc^Mck&+Pw1+sMPQw&*}%a|7jDU;H%M-)zM7Yj zl%J9GSRcoFvd-x1$^1&@OxfRIqCkydiI%B@If6;k`iV$jK~{yfK=;xfDtRm{LhXJX zUrm1*#E^9~KENnbf8#sP&wZs#8SOCCo9bFCzRpxadC&93mYibelt_JL=rL#>&dcBld*mhu-6|xshA1+jvM)ZU$br8^ZUVL$f$z^H7ep z0@odc1EBLGo*WE}g^i=f7>unQ-))r}k7z$iIu!OGnM6+?oNq=aT3WulgTe(wDrD-64zj2^dL?R$*GP-w zmX{G#9))i)us<;QsfT!Rp{OQ`gm@WJ#P#(%^L?sK@14jX_O7|BsQx5hxx;s4sTBw& z_-X0wSfq~>U6vFh_y3-^I?Wd0`LgxF557awB*)^7HEB}fn!wQi)Xq>V5pK<1wGKlT zbP)$dssCLDDY?|^uRV975Jfxa_{mQ6=0AHbWzO`<{u!Q-kQHxRqmxUn5&&^i)#At6 zV$Z$EeDNpv1il~8BW*N=btpV^S#~6ibGt$I2meK^z-DeVrsL?*Vc!ZD{Vr7a)bM0Cyz!@2&wO}x@kP)Ujz`S(Bv5}795P=}zy} z`(})nJg6CB@b%Bv4ftn`Wp*YiXN<8y%*j|kO$PxquQ4MxiEoZx>B= z=XfF-U?7ukALifno#-_L3)m>z@mN)&yo#uBV5?RBYFzn-ZQ{x)wBiIH!3MNq~?9y6b1O?1STlePZ_STYd*eNBdNk{ts z#yfbR9r-rJh$BL13%@;8%vZgbbP@TLEKDb&FD`Pki^i*>5r~aT9G~jCi?s!j^o8|D zapoLKsioaRcA(BQ>e`kz)@*G675bGpcpgYM1OsTqLD8};=qno`sBSa8mIs7R24U9X zj~E2kLU1PQE-tF&Wv5e2nmmj#K|zGzpix9C>6JLf8d?ygHnhiIS~(pIssXJ?Xe~~5 zpkhlmHn{BUl`bBVqz{_6J;Y79i>MQIZ8n-;rh`~T$dxv6P3b*D;|=e+ido0zg7paQ;%L>{PEMjZey;|54=4eA-OEI5DpGM}jAqn;5YI8WGH4A(%! z1FMSr2mCgj-+y%Z;4o6G<>NT9$SlSAWKp+$pSa%5A8FqvI1}SXI{qy6u^n~EUjXd( z`rIjci6n?sr zE>4ZE&}F4>rO&tJS?jcEjdx?7)SG{5jTNsZIysM3qJa~OiVH5nnoO+6UUs>Dl&B&g%T!`ang zfQemp1RTHPeW{N+1;QgI96u=rGaw)hA}Y*ucwWyXcs?Rg+`K7qJUJX$&^F-L z`T-~Z6Q!J?Z*e`5j*{rawR7i6mX^h^912b`vK>~)oDRz`F9>Ng`;#BTkfn&LcfZXY1Bx;#iV^wTAL_%8q`QsEW@N+ddV`;vdPKyP02~v7rg9P9ivj zW}1oJv$A^(#|S6K4C#q9qnGVg>KW~D4!Edj_5oDgfB&CiT#jP9Aw=xhZ5H+Qx%pL1ny?8}!bK0~9@JgR^>@EB zuM60ZoR@uS`n8&M)M!rZAeE~xQ%2*uo*S2@=5$>DZ;qBAmuZu)&Qw>d^Yd@Ka5phA zb9q#3n-w?rfK&vVPHti*%RkaLTr7RJ*vVgZ+OX-;G#0^q+)ir z=YrbPw05hu+tYMSVAT(o7DHc6kVto1YjbPqDZX*V`Y)!TeR+){R8c*BtMqga0-DMC zTJ{l$FnL1#h%m@0C(Mb&>BY;Hbr zByLN_T+)YS(8=u+`?Q}CWmK0663U`1ujfAru1FIc zgEN+@&|e^akAi`XjEoRolJUpO$kur!O_K=Q5@^vjH+QG1CEl{}^zo_q4>t=L)BN#2 z=AsN5$D|D{ES|w+=vtaa9b?|U=u0WJ`5}%(kNPe?JX^NPs2&O8B!J9N8Lu-%!&fXk zql{i5PH2|?$J1bWtEJ_;gy^kIO$6Wq4t&F&itnP+I)BDCrv*CvXfQwf8e0eL9-qFR zWj{2061_1Zcoyv|Lw`O^YLU0eyO1tp+M~V)y0{qPvk_q^~xL$2lPp&X@E#aiDhNSi0O9Q zsqgXS&5vrV1<)qI{)j(V+AeC?juk`UI0 zhcYJ!m~^C^WZcP5<+V7??#o@wr(%==y?x0pm1Is;jUW4w((vu<3nOdy-N^A~A*sv! zdHRHnc%XikIq-F>ysKQ%DDb#;OoZm;&W1kPZ^@Im=dgc(FIW6X@X{< zro$i`p;bJIf3zf4KDAiDt>gI%aI;U1jUCZOpKi!2XXru~P}Sw^A0D1;%>G=3jUbPw z4S}kfj~L`rB04d2hD+V}h)5-KnEieSf6->+z_uci<LHt;F#;|XKqlCAH> z;7C&reEzRwH|?(Qk@nS-7UDv`o~m%Q2qs+B8Mu@4R?Mo{MbqYOQ`~!zwmq8kpJmfH zkF|^xZxcfQcoM6uaxMSIQv)+~s^M$c_xD+?Lu`x*auh@a1IL7f$>&OOjb;jp3LzkL|8}+PqAKx~z6S@d+D}%id~mftOZ)WFChD05^=Daph#{ zpRl+4{B@pcrK7_w*u&2$517_&+%4uttf93dDXlIW)A@a#DQ@oM8n&I&WJsfdp(-wd z^gOPVtCK;K=P~6rn$?@-qV_iW?L zv+%Ru!6Q)2k|JHN+A6Q~YP4Q(62xJbm005%atew!F8f8a1cJk8Xh@M;J>OPzH?_T3 zCzC2f0df~!NlKgROr*rwJyRU^%1zPVpUY@IaS9G%Q_s*UmZXnwi^|NrJd*{tdXPTFPnyD_4tDGp`7s}s`rw8H@2Q* zPcQJPE?7k{=6IBnm$|HZscOL5j`?h9Vz2OmK$9BlF{=JOdtbU|b7#t($orJ)_Q~y= z>QsLpvnvC&y>oU!@!evGW>wF~stb&ko^_d}id~W2O`)4q$C@Gcv|f$KH-+MKMC`?d zvL-0w!;@GHWbLa2E<4^#?U~*ll$Uf7jvXr^6>QZ1qM4~v`Zyy-5dTP>Oi$9kDBB{r zwLJsR+sqzk#ERo(A-MJeE4X$|=weDM(QfI@3Ksi-J>eaSZ1l$NMv*9~Mb|$ih=>gR z`t=NJ0XQ3?!cI@XJXNDvY!}Apblxw99L|m03hYlAS6HBiIf1?HAS6N2X?H)wyT~T$!(> z2{_O6n|cnhgXE>sUkFQ2`I(bJdT;LbtBu0i2K{(W5jSv1)l?W#appYu?Z|q`R{zT% z2Fv^&3F^kH`=u#JhA5_%`YbtF76j$azOGk#Jh>n2 zqWt{g+&2ebnf`L!mF#QacgCjkzn_h*En@JEJCITtd#HPz(lEyIgPs0jhG3bR7savz z&EWkKm*08x(aNJTU=FDAkyZb@wh8!maAggXq`1fW87RJ{W~O+> z`5z>`{X!*+Xo|`R&QKlS8#iZ>iVpLQDTE?np(r#U&VJXSvb+2D;7zPRBH8%P-}6O4 zO+m&vfhVt9Ep<Jzq8?qu0PO)<=78CQ8 zf7<#{2=oD%vcYwSBTD2r7&AOEaJL;=otV(DJcjLN16U|ef`XLb;O`}1wX!kx_edCX zkNL#O1mSo9{bif;2L&$6b}aea-wcny8PCWn!>%tx&WHq}V)!&)x)h=nS$k^Y`tFt5 z&J)SW?(>sPg*$`C(-uFNN^YLm@M_^ZhAB{!^975^D!62L~ybaORfN}}7*6I7h;vmp!0VfT-=3c%eRrhNw` zJ{Q0jZ|&4$lQo$)DelYxoMcH0W@BT*qM~exO}S-d7;ndO6NL!JyVr(B{+NoPoO)%N z$$e!p}}7Y|Pb#aaivq7E$WobK#{C4m9(QU=h#AFseW(dcwP^0w)p1<(hbC{ zG4&rnKxi2{jvzkNq7=QFk%i+obMn8(?A;ySq-fCvNk?h1HSFx_cnvkmjS4J9fPONp$nv-xdzilToRXWx%P^uDnEu zxpGS3PBWF)`tDizRYUmi43#iOogDz=pPCGwHzIR4vn)`IaCHL)dsqFHC+AI9^ zy(RagYK`p0B?nTd1gE|pV)zf@P3+>3*iZ>Q%fCoMOy=VMo zPiJSR9wM(q?lO#ST!>`bgb8nWOl+43)cgaIYyRU++>{7P;Vu90pJC9UNTLVcow}S? zXbz{2vC^vXirlaIT}0pu(}QlT`Y0T~5LR2p=H_u>hZ-*0*m{wF*yjczTJOfh2@rCt zkRZwvBtc8C}jif z|8oJ(<>qR9Jqc%B#ee_-x6!^72W%vl5+40_pWKjf5!V-JlozHt9?vv}QFqLFXF1C^ zJ}-2!n?0>>3s?2$`Eh>P_}QENQaOo9 zY(o_CNpr&FOyXZ=7XUH<{>nNmBwG5mkszsx!`66NVhL>d&=D1eP`FgLCCqNy$)aVJo=%U za3+x3aW%-b)RX7%e_Ix;3mk8?KCF?o3Lq(t@z}A1bn7;-?8mrXrTA|leNUceTTya##Yua8`-Rt+*H=C{E5!+WPwRAKxJngLQ~xyUa^5tDtZ0 z>c-cAmtIq^35QUBu@LYd zVE#P5U?A)>{xR@u9(__uJ@lxI0b6bDbS$_-^F!v}*Q#8Mz&vx0}DgYk^6LYt?_`YL^m05D#A}(KW zSeoe(&+WAlf|0T#S7WA_GlmD++`9`fHW)cbWS9Q^V4s=2&hxN+VE(>)|L$?U2`?$y ztV>++?9r+tORj2p$MCpKb4y&dLv`}3Qr?kj1o$*R(bFt^)%<>>H}LQuf_#)1fQLjOXmAgb>iE%@08&jj}MPt-OpeXtrdZ2PI3|HUPdwwwW%~I&-Zip=S3O;-Wxbw>H*+t<8X_jx(sTX#u z$ZeH+^!D}Lazp4;@`>FQ6j5UWf5)u;YaBJ=jK%#mw6d}5G`j=1oi5@PSNNBrn5#Bm zp*^S(e=+Gxqi(@bW%m94G86G+VP;kQ>JlmCRhF>3Qn}nWI8*9|-UxAez<9Fm%<&EV zkW(tNVK$XNPC*K;6#7IQdPt|QrY%d{^AAW!ml{niHT#Z*>q_` zx7lEz)*w8I3#Td-vsffmZXW5UGN$N1U8-@3y7=+#gRgcIS z+e44?4`m8#FqLRHd}D3K)un37ly2Xr{#RGI=6=Q1ZZ3FjOP#v@mCj#UoXOnLF?23S zNg(FW)!x*B+V{O5cD+m{=$Xs~Q)q~88Cp9XwGCX6FE>rK{oF3J?W&8$LoYkDWl?qf z$9vH(eCZ_zbCQ}%<%aip_lzpE3V^>23g4)qSE5#Nb#CeaKR^Fh+_%r)3@xnL7kP>2 zeAp>FEKhku{hb#BkxJD2mOL$Dv11TA3HJ`bRO6a0qV@hf4RR^IoN2X`FBY!~Pn$Ql z21VwF7uH=5Gt$EZ1g@iF4zEPcYiMpsQ&p*L^E>yGq$(bBEvi;5xZ= zxpXx>o$7#pU@i62f}jR@D8b=wtj%px-9TRxp3kaByB=~WlAAi5;NJeR=ME$>B)f5e zpw=Pi84bfMH|cWi{p}0hC^oATBO9TYRYhK<>kA_gQ$$D zsoShHZ$Bt2$J;O$E2%qme-ReSsF$%Xo*QALI4ESxcU~e))=uxJTJiS7a{UZ@7rW0O z0c6s zli07^8^9RuW2jO~^t|+r!wT9YG-pPv^Oa0`|1fTuk|~Iac7M$VT<=t%uV9 z2UxUg^C9Ig|A?Xj&VF?GDbynOgo20|-qFx{&aFeg#2h%}dYzfBEl=l6cf8tsx13AZTf%esvRSoJZg{x%@zFX%iezlLlaxsD};vy+- zepn#7FD!MKZ@Vi+0;d}ss!|Mn6dt8Y9;Nc;BI%(UE6aPOyliC+9>4vWj&qso^&z}r z)X32~)P&!!X;$%`sM_IyZmR+i`_UVr6-!TNt>;(0EQ?0aGSl)o$=PGqu6IBiYlxZ^ zKYd3~@MqURPp*pWy<_DAYMeCKE{u&IDZKY5|0HX%UR`8pCpATDnn1P-Bl1*_s)&7Y zE+=z6JYe9lwwLfPm>CnFzIS#Cmv0r91MQzh*LgPY!>#KW9kuR{)z{a@HXPn7ec`F8 zhNk?-3?WY%bsA#U<{RmHDy@vqDzvx`gPHpNl2xdgv9a+&eqH3Is-`V-WZ8ZbDKh?O zgsG0MZZ>%h4;m)c8hD)#Y-6NXCQD~i-AI_QHEOk(gFY1iwv>?oQ z^w_I@{$$5wKQ%oAfCul%`sYvwgzs99J#;NqfOE5!$&1nhWJ*toS!-94Nt&o{s9(`I z901fST3Avvr{s`Tp8oT1e*)fl$ciU6si6mlp_IG(x0&x`P`Y3r-9O1vR~gN@5HQO{ zP9>`}9CVx()*=&sy-W2~rk0m!r=2!5EI9{K2Y4PcF~P?&9-%}k3Xc4$$$g(b&*lw^ozqZBQTT(BzIpSsLX#K*jiF2L{ z;bE2qIzPqP?pDsVPzt?CJ$m#gR4=fjQa`*DMtvW{0|7-isZ&~{vQzXbJm+~L~|q>F|=Z*p#p3e6#YH2 z%?t0E`99qwZDolP8LE%6UEP}XQp8eX(h*X`>VeJq>-dCzNpEAi^#|`=-gcsyI-hiv zOLt~yoW+JS*yxZe+vL>&MyZoYY)PV;Ci0SZ52_(3OCLP_!)YB>7SGKFG6*mEg9anc zb;3(7ueqN{mb>>;^}tS*6e^^Mq^J>+EHPR8`$q!x5PI{Vf-$vjS-oQ7OKmn=LNGa7wk6U%$E&x&sHV&X2Al|Nuh*oMr>RWp{3{`sd z&n8@=-S0+^RpwI@WQIKZJJFH~>V9kL!2IUgIYp{py=ZVoLpn-U?=Z~Tb1c42*=8*_w83ZftD zezX^}Z)ofD-T-qSZLK=Z{(TQZLqiwSzxQ)ndz=1nb#VVyQ$z263o+jkl@TPeL9Y@` z$`4gtn00)YzwH`NSf$>r#EB&)-ayX_`U1F6I(f>)eP#gu{o;hMU&OdQ97Gi4@<6+n zs`fzzg-t=U6Kl|qqU#d`rAIZZo0u33`0#Dutc|uLtF2CKdsIfe)!ggsH*VuJT5~>0 zD+@k-lOMm^D4z;u4NiY)scJI%Tk>(!1MYe#G&JNTG}HRxcu7a%wG4m^S@WFBNz&7? zPfoPKH-ygOpc2g*;VT>1ni-&AB%`IZA$a?+kRVIgOM30T6cW|K* zD!-}VAE1bSfiwL;$(kGQr<=rQ-w$*c=Avzw^2S`oo-)qynQ4`vK?LB`hLx z%hs0sX2%VEeHjX(ncmWX+CTCU(Rc5xOpzyS$UL-sKFHrvEUHit^4k&6slBkAoDyp^ z(;L{H&U|bUI0Ur^3&l&Fv=1dEL=9RZA24XZ0Y*RpQGAG3S#rs2nmV@9!>G73@Tu44 zYE{*DzU{DGS=5#ZO#X)$MjSEMOd0lD3deA=WNa&urI$6lE6bwGep$`8WeU7yB)sYYOW zG4sP1xo6=^(g#ASIGV5Vc64kVl7$b2#pr&u6%M^NbJ+V6(5;J+}fx}$ZoH+J=(xXt?F zEJJ?btvwge59(#UbZ#o!%`VDV7iqnwR6@Kbu_3TC#9Jb({mjh{Y{pP$dNeS{k9EWQ zBE@JOsIK#P?2C9~AuA5pmcL(lnI<26J1At!vF$HWc!=KTod^ zH|z1h(Hrp#8eE4R32+tZdOeu^P&EI8)2FkGi^blO9tGnlIa~@R1wL(mdDD|f#YOv< zj-`m4H_8@<<_xZj2HW!@RVR|&^|E{|%d$gt)oF&ah2PxzI~|3YN(JpY0DidAv(OkB z{jL$4?lFbHvQ1xas->=v6`IuG1zTT-)$)+#N;9_a}lpoffo19TCMn- zhKH`qD3iG<6#Ni*7hNbuc{mQW6#I|Gj)JK&8|QMLJB0@8TOTv;aveL$;IDnZo}<=6wMrRkU@AqTHeGp^O_Q(lqm znfJPc_Qb+xKPGkc=82l3Tht~;>msmo>3Y-GDbuy_O->2*WhlUarpaybsXU-^h&CY& z=;}41^wdM_cd{kiW&XtvEe|aTpNg3qs?Nj6qg;E09 zj2Qc~*~)FR&&yJxpiU`UcHp!OowE6>3SHQ#i32~WJ=5!2wfABtY;kON&pL?>#0=US|K?HL_wiYz9)>mUWM2Y!n&9Q^z)>Dhc5zr(?Uq8G=O4&T^br1O`27Zp}L zYKdTs^wf9PU0SXue;& zdP)?~;k)MX>v23fr*6qiE+Ka~#G;UkocWslwn&0FIj?-%Ld%4;ab7q=fN-=j*DSBC zdBwln2WIM{;OOgNFh7Nku`u}Yiin^bkDvjZx97@Q+jmH1JJk;e4qokNJAcli zcnj$ArZAdWd`!_XSN2OVo z%PoBzPwg`gYB0o0zVC7`0jW!6ZCD64shxI|1s;bt``JRH0O7YQDyrCB3*Bwn_6&IH zC?a@y=B4t)vh#knYc(_T$jR}6`oIJ6@Pzn+Z{sP-^{Q@a%{OP?KVj5&+CHXL$xP=> z>02w4bO*>CK&FcE#gWy`qdKx$>#fcp(chhE($=W0S|ifV3{_2&iPt7>bl(WSR#Z83 z)kdT4P-^Nh1p{ao|J(lQj7xffKmhb;noZ`1D%uvUp|}MIfFo>V*q$4Cxxrph4h!-JwK6+8%*rh*N^f zS!VV1B~ixNU>|$uliP*T`Du4K@3BnQ&0lPM*p_NGkr)w?RDY|(29p<@m-*08R1tZ{ zo&p;3(;@|TU4|Vt!+&L^AmxJ8K;N<9QSjLiACSIxRS;&{TWS|@+jZqcR21ZMdd|^b zuTn%0poa9C>c20pjC)e@^T^Zr2@!yD*Y(idnwoA@3i<(onwX$%yOi^)GVokJ#baOk zj)=0OhAEnC?;9Y~ZTej5LjBRwyV@`G$wFDUV?R)-M%BY0>VDkM5^7tqjzlg&uBvFV z=w}c%g=-uOqnD|jk0A>ja)03VSOHCx^nkIWy&g>tNH;DQpZlu1cQef~oGsRb8xa2F z&{4U{7*p%XDb>9)m_L6EA1+%PzJUAK%HH~0YwOX1#Ji+pa08 z7~DJY(PJg3O526~u-kJE8O)A2t?vq$!>y5S;3m6YCPZm{zEgTSGL6}XC4B698z1m^ zgu=k`3a3M)ZO^0VLcM)EYV(%C3J&(KlsOx*ktXWB7>Q>kBU_oY79z#2pL7Rv7mCt^ zLo>^{9%=r*INVU-F;8|q?jy(AD6?2J6EHn9v)4f*`k1>2ZSoH9aJj%Jk=e2O^~@J0 z5*$u+TG*&jNrI0pabS{!gbY&g2JLhhYghH} z+h`@HO-~dl6!*oUdV%9NKyR!a^FRmecmABfrHxDj&M-Ya%eP@&_XvCitk=Tke3jGvavtX@y(Q zj=5F7;5wJkR=G9x#MQ5P9M2?gPY)r{y4p&vjVGW@!&; z>Gcm51KmwELVgc}OiXCmK!K@_=s|K}W)X-S zKbBUGwwxSXi!p_oFPr1k&c@lJRR>B6)W3)jw4yp z)Bbdtdw;6s2#d1`|M*K?+7O3l3Ze~e%rPH0eNxrWh=dxqbgh=#Gj$a9PqzH=r5|S| zvMJU=5CvF*h?N$?(LBsr$J=*nDe4(j9EY9|LxP9r`f{f0EzYpv=-qYk#n9&6?=>4j z7ox{G`Lyo3o+|2}U^a$W_PJVI2#s=Mh zh|BjN_5sqoOXB5U26i?CtY^iUgB9XUR2RaT4|<926HA^lu(v15tgXb3YrnH~!tcgQ zNj$e z<{61XWjZh7{J*_JYOb56NlE6UPWJtuPJu##++%Gc?ZSHFlU;w1jM(?M8!uDvleWe5 zv}2?EoqYl{$J$CA)y}rvZp}!o4!LChdx0kwyI=P;j2pYSJdm5REIf}P;`(1lk}~Vt zU#bg}h;O70Y&aUkH-`OJML_*oX?-V*c$L;;{nZPi#Dg6i<;QH=^b}4TVyUDi{p3gT@+t2 zEyb_yt`P4<-c5Hp4bqBL)9R4=iDZ9xjhe^VX-UagsI|C{0|TFTK*j~mq}E5dh0iw0 zl5`(L>HU}>Cqkm2zMT5itvz?pHThXJ z+H=U!RrA@&{jWQ8t&4vzUIAhL%|O98_kIE2@hs!l)(!>7uWfHwJ+v;SO@ir)6%r2^ zV{$bfD>kZe{62rF<9ZZ94n&AIZ8gbnwK-YZ27~qyQoqwOdMJiO`rf&e(=@EWvn>ms z3SFLdC?FcpFK$P=|5N)<%~SOxKqFB-Mws4bdhBRV&W7!2_?0um((fsL8b#zsCZ>RH z&kzUd%=%pB$cYQsFx2K3m+T;*q~`hbp-GWiy%U8U9n-m&g70(_NT)Ly8uw+Hvc^r0 zdP|1s6ky;m0xFeQEoH4m@R57ZAJP;ZDe^@REb~7K$sSziLQWYAR!npXB5F9cSKw6o zzv%|vn*K;lB_ksf6cl8RRDdV50;Vd094hIKarm)Zbq;C>>=R9CLoODz=GLd{!}ZV2~wh;d{FV?yy=TP36bS|Z0xF)WyaC%tU4)8H`v6alv?55bk;9!gh*a`ow_@@Dv_&|t}Mk`e#X zH<)PS_4UC}GKy{xVcJLw9sIqzj^>`1KV!_G2ZvhyXU7|fE52R-f4EF^XpW%ypNPo51RUqSGf+oWAHM+E2mu*< zz){t?Mid{fzfYpVm-Er;>aDlwvQ+JpMA6YVFI@Rv#o$Gc4Idu|bVWx`*QHJv=bP|N zVTcBvM%H?9Zm6@Xe{61o0wF?hBWiNqYb^?&&fWa|^Yb+luYp;FWm*<8fHYvINM2+r z{XZ=L=|!#kl$>;Gl~cg1iK&eT^cvI%fc8#@Ho~=rvGHol z0*jLJvR}u|_^udbj;EGRasX8jN&oay^Tre>qD`Q#B6()&-)7wMSH;Zh?W@`mLylk! zA`wHn4bhdOwyZ)`w@m&D&3RoU<*lv7D3z7{8D%<>fzY~26SP7Yy3jnINNL)?|9)@5 z*k@q^+mvoaEkNDQOZ}Mt{rIoH3u0?2ZJ^dG~*t|kju)3n$}??1vt zjd9&a)qE+?AWU5Zi7O0@jF5{H)Ofz-PEA8!_mppMx-tjejN#xMKJ7dvEP2#nK0}qM z*sFQm$jQ8Z~0{W>-R1|8NZ53PiW&92`bdR|r+GZ9by%$LvHsiW{ zb+qqkCv`odB=bB0VhLBewNPM!K=M3tU4M0`c6F*J6S|*rVIdkT-|5)B&Kbr+6EI?1 z92WLo-@%rqG`{Vx^+BS&SOBk|y7hBu!|7%mA5TZg>(wHYa16td3h#jp?v%T(&k`IL zCUi{BTNiT{7qQfjkRP}pl{j$kS)b-#%d*pt`+aPSu79^=+IyZwNr^-{LA&}Af!KpNIw@sFyGb2@}m zBhc_bPYUoEz|C0o;`qPysy}=rD4IT1?~^C0=BoZ?E@ z&X~mQfe%&k9AOw6jhNF^=C*WK8nB8lpEIy3d*`8hVoHGCKtZ9ivlp||8->IZCm2uB zlEkJa-+BW>H5{du_MZa!CkL&CAS)T0zEGYZriMTPK+%&+JoEN@lap{rXC|ndgrln$ zF&W>d>Uqm|R|k-#{cLUSsNJk{6;wHO${W|$FKz$Z8H`=UwkNgMI8S3dTQpYSs*-ZB zYMT6JM2ScSA#gz>-Gfa=u=%UvPaaZyypgu>D8FpA`khBuRq8nw+B15e&&ttyzCHU_ z+}6Lt3Vj7~#xhp3pLRwcGND?^dc19fys!4(HUyyIC{6uvaK2JXNPs_VxLY|> zmQCf@#%Gcn4qz{*DEm8Z=XQ-_<;~5|o93GjoQk3?QVqUIU{|DPCw_9ObdR4k#~>Kj zVxBvJk1R7`wh)YA_Z3>7l}X!T>+Z*-#g>&gKU9FfwgR^;_=o`xD@er>*k@PB|{ zOJKmsPl6gs6aZM{rSHcHSCUhZ6ZMvfKk!pRN^{DT)vv5?C-La zg1U3aK9C{Z*R|(kNFPX-QdNn66HJxrAM5Adta}?Aq1*hdiK)~y%z13_3a$wcT|`;j zO!kyX_JnjHx!eEw@}E_Q66^y&005*D1c#xAWkSwhQk2<9J2-M~Ju>_Zq)3g+Hal~( z<@$yu-uO8~pn4OS(NV|?XHt4$=-Qyd0r-wBtwGuyqSc%AL>$lRw7a(Vpy0~YI&#pyrtxGt_; z9NXXclSiJaaWq@i%-KamjH%E3ctD5a)M_dk zOgO>}3=IA~-W;tTeg<0g$jHag*1nA!v@CSZ)-T3@=bDor%cTFuT8LQb6aVyyV`1TC3E}Up(?CM)Nj!Yo33LhoWkHH6CB{N6orlL2BqELw5zZ zOwu2p4Wx!z*`qBNe?3N-H$GOuSJM_^8=a5Ob}#_W%f0`E`qajiz6&}$NhUinTRFS4 zFz)u5cbEs*A8}(Q-4Je`j%|CC4|n@c@Q&PZeL+`e^1(h&oqI z^v)Xb4xCqbXrUH^3`LRGW)%73Z2?p^f(##geAr|mkO^oeem*9$J#Wf=9L%U*Ecze+ ziFwnUlau#3FZL_AP_o*ggY}=o)0U?M#uV9`E@e%3vzeZ0(raMvO4`euy7LvX} z%V-5jY9b`?d$KjWOEMAN$9Blm{z{udfAFL9`lb~c>?`^v^ZQMwO-1bI-VAK5%oaSG z=8xA$Cuv8fUL}n{#uXSYHPRh2YNEF-%U~Rsj_B6P;2hun0&@ekkGqxcN-p8B_;$1O zL(BA4*X&~??tz9UR8+cpJFij@;ob&FW^!TXs|*i?q@X7o_nLWP--In>Nap#b&nTCi z4vGEzQn*_f$9Ckc9$&{a)g5j3)DHv=Su00|c7<$~GC{Isz+3&>Z}QxT{zB~JX6-*O z>)TyUPfLL^`Bz)R=e&6Yle5*JM*73*+>CUk6jdad;fNp<+?VevpFQhLt#Z#zhwEg%|{=Z0PsfQgNL)1C~v+6Cg3I(j(aN%2-|1Jrx{{tBI z>qmKKR@R@HFX@m#p59v`0+>ezA)P~nNy+3O0Le-X65@62W%IF z*raMsd4KM<)u`Vb6V9sVx5T4RxbY2-KBvHj`i-C5*a!v8cun4R;lyjT^9|nhH#8wO9-NYN!;OB{1}RWZq`@jn}LqwbX#~$kjxR(ciy`JS)FK zeg#QFq17s5{*wWz5JR~pX6}P~-*Uy<6@%!V`#s-b?QptdyXt6T%2B^+ui6n5)xwE@ zH7iko@r~qUCZ`DZ54NOPKuCq?b{e1E9b&p7B=UQ1;tg(7?C~GJ2qBlyaG`8MIwLhz zHfMfpeth#fwNwN30F6KsVc1GX0xFlr(N8ET9&Rdi#8)Ml8#u90uXZ|~n7ya$`Fg`7cZwG>9qV@O+ zRT*?ea?Ri0(#pnhcBpmQQxWz@V>=D%Th(_R`Ids~ne-|4pKJJh|FPrS?I>I{4t+EN z_{}qjEt?fHqQz_?6_ta5AR^OQESeDgIMXN}CH9Qq_vdb`-r90ATyXZN>uxwRgavFX z6Tl3@qJJM=zZM)*JEQv_S#-s`_Z>F=kf&^JJtNoJG-FZ)C5dTk+|P;5ZkiN0)($>B zxHY}I5p8Dv7(rQQgKzzuR%QFRc>cBQW0we*!#Sy`$8X%EAll zU|E%At(j!o2zkpfNi>ZJ-IMqr%<&KzaieMj?xlU1vaweV6He}2+1md-a{m+>U9~$| z?dOu1z}4{jwg19=?dnmfK%)VdhNcyMd|cRp@JxA2#(hv27j`9kK4lH&qoNe@>-mvP zNUxB#_K#wkYT&Uj=wA4Pkfm`L_7_+~QcQ@p_Bgqew>J%2-dCZ3iz1l{&@%P@)>GKl zB69u4P6pf#F$4kz?KqLdDcD7{QB5!kFPvB0tBz^MC!03Gpn-1!rMDr|NXGhiYF2`7 zR9lJ=Q%6jUMfy%!`^V2z(E$d$Ag#BUgAcsqw63I8HbhF$HNzV@tugS1K2h&K0f9XF ztV&hme{Ig9?rp`^u1magd~OaQd*-<@2lswe^a6+c_UyURsgE6Zll#V?fO@$tiXuEn zl&(KL2y)nBHa-9e5K?WLILA)KhYYaW-mkw5NiE{J2LK_;A5@=DBJ(sBW&1~*he$u{|(RA-11;xo>;)}EJ`C;Xj3mCC*L_gER_-l~zPRvmRjO(Ry>pa{D zrVmew<*0W*O1Tk5f85YDg9Ojw%a_iW1zz}hVUl0CVy9S_tNf-p6IKUKLa-#?_AMfU=i)_~EJes4 z38Fwn>R@9o|GPFUvOk1xvl&R~62KnRh?abZnB^b9J+g_sYm3f63z6A^jR7M@milXg zet`N6JaF?4#KRs_)^XoR$XZi}p(n-=VQ`O;EoZ66Oj~Sc(cY7Uj2M1vIao-ZH&07+ z*dQ|jC)^nd5&#&6w;7sVxNz1&r^&w=SrCZYL4yO2 zFK42pkifDssn`XnEeYi?Qy*d2-nmg+RWKCaB! zAim*Plz|jE z^b$1$t8&5;%U*$-W+Mfd;PF=GKc$XFT)TOYEcxQ#3mMnX7D{J+hX(JgIt6yuZ5++b zwzkkPaRpjm&NG5D^(3rsO8=L*Z~_XC?7zm z>N@vP)P01L=fGL^8Gh`-=tu^h*J=i6D?OUtPrzql=;kZwXqWnCvCS*MD=?T3y;d>C zd|<{;c&O=3O}V(s9zc#AFe^UzYepDw+WiWT$lrWl%x@JYL9D&WZcLx`y02)$;duYc z!IoKHKy^Pz7{+BF+Ix4Q#f<-e$4!F3N9|Y&d%|>|DYyC3@HwhFHgZPM3Z}WBMnjn5 zbm3B>r*DJ%8Vi|K;q(0H2yD^JK7x{g5Rf0*{}M|CZa--6X+7rEETS&3-v;FjA}UeO zVs5sm@9(*^o0~HvS@sdQntqu5gftU@-oAe&KQmXV?MFhI;#w>tJdZ32*F_9uh zsExoX?X*4$XXnfjKxvcGMytn}bjrjwJJR}Z`A)UD{;JlqAh0<)yJPwGBC6*Gi?w^U z^*?r)GBEyuC<&!4XK+&x=JsZnox=n*RQ~bx$5ujsxk%ass2=BPjB}EJpi-NK1aO?2 ze~C#@?}?&r_}JCnwVjt^*)6U-4cV7tgr=wT)4JHyzCn0!k+hP(IvWG+!nbUv8Ppzd zWM5~dU<;GIBp}edQz=SXIY?fEXWkp6V2nDyl=ONM3LBBk$qtWszp$}i?{{6E~%m~w;!g-6e^=x1#pKnGNwD0%PIB0QZ}5HsTi53 zICua;N?h#~Lp&G{|MONEK5-5BURO7`3hWBbV2m(t<&x&?OE`QSlIHEyIwmJhq8Ao4 zcJv}rCHKw=ly4ogo9)-<2(B1ej{8{_Ez4P1ioB9$s(Lx{>e*qRnMVOt!5F=kbi z6VJAe)K4vb{LXEY@JQi`OPvZMo@hixZq5}R5uw}SXnyB!hH0>M-~<-Flwxotb|u;_y%g0n)-@+ zOP(EW97P>Cp;8xmvitAf!^=7={oSru3l@vEOW(Bb-#=M0y(vRj(I6EBMCHX!30Go6 z11rO+pVQ;ViT0?doDaHlO{D!@!iA?qFHhCf)Ls!2({pxi^vQdY55uyk&H=~7C9b98 zscbUYqy`uMakdyK>2c4573GH+A4ljdh{3SXU}{tsX@d0O>w}4Oz1aORrgQ*W0rT8R zxp^vjcel$iXPp0sh}NtO^QAp(w$C>Y{AD?N=ax*WRIat1O|!L4bXeisiD+S+PBq&# zSIbUz5whm2+YGf4m)d%k?rbI{e!e?gM#Z*rGVE&71xoL@pY4}fq=Gr799cM(6FJ-t zQC@W!*eoqyJ>5emfCTY${=oAPpLGG$jBd`CI$C@2A?=O(o%WWyK#AuaN}=rVpsFOu zpfFIPH4#y=KX=3e7)28_(!{vUt46RAJYD&C-h6G}SEDD=CbT#jZ1eL8UCHZPIk%rp zr>B){{&fTq+}hLQIlv@n(caCzM`{12k6!qhJ?N8dp(2_fN)U(Dh+)uYgc{oKb-Mn-;*6uzC)`sIAX zjG3Q98cCTVhazY2#MC5;MPJ|KyYWOv94N~7KY#Pa`)wrhr4aK|x(<5g=Y2QlLcNX) zs^@}NqPatTHFE3GRM=|#ucDwF2W|E~*?oKX$_L0!1sn3o=bU7G5wpGPe%-cT`drH$ z+lI&UsJA#u;(3CBK@XJ*jmb*fq41s|SGu*mPeLv9hixDUSpX~Zht!Sqr#5?^X2|U9 zu^Lgp)6+d0mU|g^_J?U3WvSD2e)u4zk=)s*(U$*Gym3r_b`vTUP&Ufk$WMoa#+Ls^ zgOm!IeV0G3JN46C;Wfd_DwBK%rBH5PnRl*!XDcCM zC8pWFzC7dZKKa|X$x)^{(i-oH+XUcAhU!0ANhWZFS^VAFpOj?eRXx(Y0B^pa7ouJN3wy ze$0yY){7_ZFJAuo`cfc{{qaNgJw^#*b*9!gq~lsSzCL(k!267ApxL51A|ZzR#Z_i| zM!{nr+@2_jGHwtPLzByu$whTY`rGjZ)Lk9NY3#D&tHUcKH(CnDLoiOVCc%NV}7!3Y{yU za^5adf;Ini(4RAQJ;6EnGt$uhRb@_zfU1|}(T2g6iBgLx3l72b= zc3X>+#{EAqcXXYPcM!1`VRS5MoUVqRdi5_DOjUJFP3Gu^T&b3f3~n5PS6qi!jFOT7 z*Gun&UE!u`;Js(R^u~1~c{d=@eg8iPh&>6lNKOl+$Wu@`7Jb$A(8Z7iAHA?M!S(b0 zi5PsY5ApbL#!uIlx8RlN^ZP5vA7Ls$y04O_+xA!J9wV;(%+zGD>$&=lW?CKCOJ;Zk z@Ldb0fADc&>2tV1c`xLUrx|-CG+gi;bBQ@r^=nh2H{#Jl4^3|0vDJ}zhSDM}kO=mo zAh}glL%=f{KDKG^Pf$+7_lCy=d>&HpGS@*k_H5dnBf{X;LmwoYdp-T~Kvcs+8KWPB zulRJ3*{oSkagKygu|x7$hO6xg-g~E^m<&Q zU7s5E|6y*0Ie6u5-HHqR(2s2H56ay#frKW}(i=@MvD3<_#~gdvf^>1SWV{jm&paY9 z^I1}!UA=R9o|2SkWgTRe1a)|}P04}3u=ye$@n z%-k)O2iSRL>x?DqsiFB!*2}3Kw^$!g_)B_M3)6le&lM1dxBB|myjbC7Klke|2w6Y_ zBvjuGI=lK#6&9NkljUhL<2abP`nA~ZFW@hx9)|tl5M*sS2_5>NTf9QIY zeMS?(;~%B-I7QbTwFi)WZ>pQ9%=L<|y?#NK@)u5rNX6@R4%aO3)|DFcr016AR&P7n z^~^TTq@O2LPmIpIX?_^rYHN4w@P5m621vlOl-?+ENOCbI#|LLo0SCMhXY3;GQhq*$ zGuv%!m5Rijk&0I&eKn8u;kR^>NBKS5?>_CZ-MP*GUf12 zmnHosIr*L|;?08E?Ph#8XJ^qqaLuyTwpfx?sVTbrOY!WsS72Z()u^?@iKF7BcVEY+ zGLD;sCYiuBZ;)Ty9%3mHFl|}bEt_sdWi5HcXlvNe(oDqrPu}>8(x~|J+~rV3qt9cQ z?=HSXhu+#2J{vjhGIJEnLRf&kqa_o(dl{RzEKg0&0}k1T&D# z%c`#O;`T%uQ+(j7$bZJj)MvPwUX%Jjk0H#<9f zHa0dUCMR@9=1CBpQd-!YA(wSbv(W@g29Qv}5qoWKBV^dCPu1uCezA(xxc&POZ ztX~WCJNep6vttSjd!!@ZmY|xMm6Ox>a&r|5y2|s#cn(KUmiVM(ohG%zcbdri1v{=% zdnt>Ly0wMOOZKHi64%&5CF3nblId=*$T4ZYd6(2hc2anT`#Q-0ninz@oV1sCewy77w4ucj4JGL=PqE(r!)Z?1Twqmicu| zS6-f|n9h2+;_vp`a;S}uO-AqOQ!gYPb8!(Sk$)R{cgE^aLV$C z#;R-R@9UPg_)Z^!iaUO zN>N3rhwQKl+;uP4E{hYa?QGWp%`p(5ISh-&;lDO^%TMZx|M_q;zV&LyG%jsIF_pCI z2J0d@BXr$|@+&-=<>W8&^DFRB*Gw;pwoP}o*wl|w*8S$To9!KoC*K9nO^7a&Q;5<< zR$Ke@vE0nt-V_4bN+0)WwbmM@FWHL_x!G<9wi=7vRh<0#{xz$)V8@Yx0}q9UYZ{)j z8Z#tlXU5YX2p`yC7UzDHONY>|#Pu%dG`=bw)jvBB@UheHly?=6d8jY$CPIaV%jSC> zT<2(2hb-%9ai27e0H~JmvD)!AT3Wi{?_p7yA>{|#!AmcV==$UuoDQ==dQE) zAje@8#G>naHv8j)do*BWmUGTY2{5HZ$+^MpF-TN3X6YlzO~kq3=Jg& zW-^hPRO$1c8kl;4*+h;MpvD=KA-!F zOxo#j{`-P5=k0r>naJV(Na3yN@*TXizPhwa%d1uoANh0) z*au~K9|Dtwt0k1fw4>xYj|{++BIZ}Z=BA{t<+ z^1J)m@ZLm`%g4ho|IVAzG3VCY@#i)d+#XlxOS`+r^d1d&=ycZp+6EuPd+2c{)grJ` z>;4y*Dvg()M_Wt#;>r^_m(5lFbJcC!FGs0^Ph6`{6u+*6g9H4n1k|LimI;QnFk#mh zfq_a1tYb$6>3yQ2w7E5%{P5_b!W*?$nH_cGi%21`nwic-SjY_XqmoKhz0Ri*5#zuO~*&CZ1C+K85PbKz=8i(tYFp__b zji4VUc6509ux`m=yEB3w)|$ejA>Q+(`e%tx(l;F$tFxdUj}AT2klpQjCc4A7!^$aF zp~#%r$7eq>Py}aCVBbp7yUO~qE#N-SsHHmL)zQlra@$LB_k!oy*oTDVU z`XAkFz-pTdJdBqa@jB0SJ4spCRqU)WZWr69B_F*<6~;U=rUU%?8Hi!1g(=B|#6kk2 zfw^SNMB9)VEoMWI@MuJErx(b`DfoQz>Cn;Xv^2E4z^)Z_mf-^RXQQ#&GiTmKUAYDP z2D-)Tu~#{Bn_m*I5u_6k&u`L7<0n7x z(SicNE7aQ7c8i&|YDVZD>#++|O>5GQBM#SJy<(S+-S1g@x)9Mw<>Fr+uw3J#VP)`d zY44NA9|p-kbAEU%;Bo6wVa~I8&xyRWH0dwZD!Y0uCFM8DqeG`(K*Nx;ZFA2lzys*aMn;}J*_x^oTL z4Mcm__>MGR%!??Mz4_LFSdw$fo02l(&0Qllji>g?0iI2N&H2j9MGuS-Id3?L86HOcmLW%fR=8OM6Kp%L6ns#!2CR6#Cct87^5A$9r9VNLov%&-Z7F0=%{b|OmAqlxN9hb(iM=aB3ofOVI9@10h2QkD1q<)AyF-7r#ksRmD%a<>q z)wY;^{~nsPUmYFzFX1i1n;+P>5cses(xKDeUqNJC6x)lcn%dg%Vl&QDxijDbXz+BB z9w9qbs0ojdZQd{6&fg-FG&Y>tCtFW%ywqu(OoB!whEsi9QC^9xb(nSS5+rdz3GGWp zq;%@26M zJA6&eqwTe2_W~6oH5?O|^-ESq zqH&ZMdG5~(=Ojv|uRRs};ZbqqZ??gYGPi$xcs;nTcTd%nR6bv-vsr9p%x{`)_3ek$ z`nhihD-mhbgh(U17zdGNHkZqEs6ur{$CK~j0CoGNgIXP7k&*fnOpMpKT%<7CeeSM;2op0-lT&ph1&6_?60i!X~DyBKk{X zQSFfYB5+z6(g2>zm*w%21t~0MmT#U9%_#97Ta8bh(wE_}-Q!=k9i3px<>3{o!F(RB^OG^kmh6B}RDzlBOV7t{YA+qq5lFvU;5g2& zep zbQGBrK5-bvF0s_y(N@C5MnD~Go%GKFf^6F==ymPa8!l-f+lgEpv+3OrK}}M;*UO^fCvtWx?4;7#Jy7<-PW~%bJ-V&F{-L2gncErN~OvOP0;P0J? zmB*zv+Zj_qy6O?pBGXDU{*?Aq!pbmEUK_nLM||VP%&*k0LMs61K)9;~>#fF`tB%ay z5EtcZJTodACcC^=16g>*ZfSgb6T-M>A+BL%#XV{w`@V{rXv#T4+MjK~VNr9L2 zGR5p4B-Zcq)Hz(AEyqTAnwEs{-Te8(;GtVAxbjw}r&=i;W8=`UX{eVZ%eQRHk5`o4 zf;@lL_X(OL|7>zl`SVOc0MrcPMjc$EAqYoXg;cEKKQZw+L4mDGh}ZstFFLZX&tADX z@D(xp$It4V*=Ua(u3*IsiclVW3rWpUhJfwtrHL0V`X`sy9~`eaC!5oi0MI&J*?;Du z;k_CV5+))RK4Tvi8z1I~n&XhUUubuOkF1DaLAZ(5-z03!schv#lZ9fY>e*w5D^kzn z`xlKPS?QWLb-|$vmD>!CvDFox_wqPuZy=JcqPnAd`IEHC?W}+D8yZ^_-SRWaj(pMP zt;4Zj9Vc2J-rHvgoE7lBAj8q&nzJ{qKRRs6F5gR0LI<+uj-#X5$4vCeF$pUk*^i*2 zsG<7lCoL!=H1`)G2{F_SJCjl>TDGxp*u1|$p;UFG!reDQRJcJ=?_E<9H(#`^=Ixna zX)pRr4ni1NJCZMISKi6q>iraRUXOv4)P~xjlIM?nsY%|V0Je2PXI6eq5XP`iP-J!I z4d}<+Nq=*E*aO)2eu@`y&Hf$ZShdkU9oF52jN>4M!~*9{nxc%hzBY*`I!vikUlSR3 zv`@=W-lQzu-hNf73y>t=+_@6V9^`{?eBt%Q9Z5;nbL70(%*5i1TaaH4znQ0Z)SH2v zr)DK|c()VpJVXkBySsG4$|{;WIDFjVII4t&-T}1hT|c}s(SPY+I?O4V9RyiH&9bS} zPFHe-uwB&QamYR>hkv!ATXJIapLm5kc;v; zGrf4ZCyM&>9+&#ue7<>5_wj&q;T;?p-v7<-%lMy~Ph8mG)plV!6rFTYgwW##b%GJs zdG72_b6z_y_P`72yuEK}nVjL-z7O9>#LA?1|HLG7psmCym)Qnmy%^%#;vDjv_<}{Je~dh!yCDo>wnsAt7~h-wHmi{ z3^e0uR?~KU`6BidwaRvr(q`o+Kr?unGjuk?fw@E41hmp>yea4=Y5e-OdZ*)_uk*|i z^ltiqh5OyOU-ID-8_8#o6+QKAuN=F^z|8lzk7(P584 zb(}%r+WA2(_uV`$MGcp9{uiK-uk~^x)h|xO+wfZ3BR!4URV(~F|27!5GQ%UGAc`8@ zG*z7?!;+tZt407%J4U3Gs1aUkznGo|Z~PmDI+ipI$6H0OF4Uh>d^I}xj>zLcqb8m*q&G`M+9lIt&n`8~{1*hyeQFJoC*!ASj7oOL(H{dh(aIQ2y?pqhQmKiy@Y>SzG`x*VZbktA=94;? zN0P~dYn5xZT-AK?u&zay+G>x!_G8cDqKY?q2l6sdl66>G@&$Se=p)EvIK@fdy?J=#uNOL36&)6BU$I1-phk!BGg4(1$~I5 z&4mR@%+|57MDEuaRhBVEvOi+w5@b~P5kAVM1?F~`Qd z-aLOZm}wbQW+oYid5!dyxCzJ#noB%=4)@M?OWpO0a@9(JFdjozH{v(0|2tYl2zEq|eRx z8*0W5n3@vG9>6OM;KqOMtbRA1vZZ>Shpl9D~-c#Yb6p8d&pJK?X-ZiS* zpok!S?Q!i?v=Lr^y)1jZie^(nns5mCD?S?6)=*aa8w~6OtnF*5;8>F35bCV4_Wk&p8}@TljA>#~RtI zf_aiSCR+L{WM~(pI2hybGmq}c#Ett^f@cNNgM18~={e{~JQRZ~z3G!oT#WiX2(YMs z#E2r zUHhSIoAA~kadT^D-{1aH!hC}L2ptnwxlp2U1Z?9^fFdXmuPbG%)|;0sV8e8znikmj z5S5#H)*IAd>*2tMLH+MQal@?3>V4>2J#=|6(vF@}TdUg?KOIQ>b-L}TsKlF(hT)in z*9nhSGE-7e+t9xH-<{hRH!U=&?1PaeJM6o+AW;sN@12yY|5~+awD@>RKMR@; zJBig+t`ql`TD|uqABW->v^%~7^m^#(Es$dUf*NAs5|LAgtdwOJ*L(VDLIp#b>g3GK z$W+fP&t*{wLB0H2hg@i1SxL-&FX%IO5<4QL^eO5f^)V4#;PECdzx6l%F)KFKXuJ%N z>M7mPCckmt97WQ#eFPnin%eQ*t%03$AV&!GgTKZO6btuQ+pLPTl{nzo8<~I8jF7AQ ztT^S$vJ_$!AK>J^Ahrp(qm@rQGEz(L_rmEUUD|{nXE#?P8Y8?`Gfl!FwRl@x4CV5v zcV&OnX+S8LqS=CJcg_(?4W>4UW z0IomS##f@v^f#Vs;GX}(Skl6k0efaE|x1`=X1Ud)_6~7r-h^;0%}+`!)G_I9CK9H8e&@r4it#z?*gt0?=x<9`@^H{Bye1{T zB*=G@jm~+j7KZ!LT;EWySFE*9-3cd;B}(Ti3g`Dh!T?Io*?If_(e&N%SpM(Z?NmZi z$rd3bB4m%u&_c-GBxG-u%1S~ANk~FSlAUCQtR&eh$==yK$MyL>zyAA-SLMF$>-|2@ zW8!f^&_j%PTkD})d+ka$$n47IdFZX%0YgAk6?FvA6K;Q0OKylVG&T|AVh=7wpVfU} zn_YX?4)utOyLczppHx#Y*fG(NYQ^Y7&wSt;Iw!@>ei`P<1~YSOr1~(edaD35P}qcV zpP?2uXZ~qupCz)hiRg${8@=RT&p%P&i>se)LM?(&F|U8M?8H|be->i7km`qYwSu`- zT3m&LE`^~B#d+KZ>It~FyJ+!Xg4Y5wGI|HX4k1Dd>Oe&GC#Am_nc?1j$r zx%QqsdQ5zB$K8IXWR9S(-OG2ujzflPu(b_Eh1eqS?3=QE7tg@=hmo(PrN#YKgJ1oy zOgJkZ&Ipe#6UDpSH-h>9$0@AF9O#I`Q>3#aP^M*mK{Dl1F)J;ihPb8E5DK}g$dl4wO5%&!Rx>7P((z0f`m zupj=P<=+vZg^p`S9~z+%=vhqsu-)drX=>U8;8XKo^Rj`|=&->wQ|xLxZ?IYKYi{ax zAK0(`?Dvy<{3$Ir@7O<$zf62fAqmhe@_K;u0H2LBTPhB&{&mcMAQebSPWA(GR264e zqU3u0SnY;))OAgCBQ?#|-NF_OF$LHD_uO5~*Cenvt6g^$67MO!|0U67Enp(5YrBP- zoOOyWf(vuY%4#6@k5P%mgCM4COH49wZ4|o39}AX4$W_C_f{o#10U(DQK|4W2xF zKUHrRu5+9{78VwT>#O6t{1Qhz@KB^?k`BetN{WTELc9q^8Q+NVW@jKiTp3*dF(8_= zD_#&g;_)TMsj@0rXYz~OR-&x0uYYug2N)7=9^AN5M~^PA)}O(=!OJUr|IdeG> zsIIY5=@CS_ziP1oB$B5biSa#Aoe3d$Ds1SCGIezHQj&UAEFyHWZTI`(>IOW_MoIYhKMDCawj)x#xZRzN`_F za<6DamX?Y`FS|V$;Wyxr-g6HvF`ibaJ6(_GwC*DbgB_;Esu8=w2=Ki1O#|N=KhGtkV1Q-@`BZ2>Z~{Wz(b36@X>umUyvyb9@!!5l z7BuyU=BKsaL@EKnX&@O2TT6=o^ZQShm0ERNz~Ybw3xu<5v;Ua7wZ<$Ass5njWD+U- zWcR^RrugU)udwh1fS4_cRC#&NL{y%{B!6#D*MQ5iSQPHrx8NG90akI<2SZ|l&ARsY zRLA@yp;!`n?mZ$D{+sk0R6+JWbt$c6}DGyHxub3ng^2+W}x<*qZGx_nzu0 zzUX?1e5A>Mpjq$UmB!fb&-js&PRO59sPfO>g#lz&sgTYu`ED^5EOef<)!mB46S)^E zx%tdE=hx;IP*t#~H~<4(`#eKCI?lu4uy6McY$$(5Mhbm4M1-;oQZ+Ngqi>cjcb@cF zk4PZC_<&=RTAuYd_7=GphHB;iezO&eRK{`0)cGVNuqeVshEcw|%r!bxa{X}GYV_8> z?y+)wxmPZ2Er;$}rl91f!xCDtt|M%f~uhm+1puNXXlP4avdb-}WF+s8k0M)?v zNW%Hr+|?6Yp9zY?{&NmivR$c%EQS)ti=eIA24F>!0zdm6)z;d>ZR&u>@ym= ze=WQ1S67djvsp|-$U&C~M1P^F3^o@&Vd2V{G%JiHSr!x$@g5zZC>g|`TL8{Q*qy%b z{Ap;aNgm2*1(ePyDU`%r;#>5H-zYU*Gd+1U6wN9D@-mMelRC~0%BAO}Z^-X1VK@Ud zB5*!?^D)w%9&sf1K`3|;YuAWc&ba!BdkEd6R5GdgO;#>NihmYHrp3)lV?nLycyhbG2fq`v&AQVL5!@Y_#;X+49ORpCx1b?VdZAIo5x*)BTwhy|FZa zx7NeM6C^7DWn@ccWN;BaXOdkLDtq`|I2c>OkumOU-8Pmu_l*h5Sb>sq*W+EpJ!UcD&<;ZxC8g%KG47+zEiU5Enx%zX;s!q47Ib;zpc} z2p$+1Sl=1@PknTFVMuhaY9-1vkHt? zw|qClj1vvneHp(@Ek|=u?MK6*&&IgHHIAdR$f|B=I4g4Y%knR+8+UTH9X_znKF^20 z(ch~=fRAQRjCzo6)*XuW{(B?geSWm*?OKL$ zujv}e#MJy_9j6&j?JZC9pBx__8EebOD1m*SS90qPlHUmN;WZ8_TtD{`DQu%}JTFL) zg6IJgm&1zvq*G8*fBQPVmnHhs22_G~T--9DD4lh~mmD_{UW!QN;j~W%$$ij;s zFV7u$ZP5rPa9O(?>+%5jJT9ajfn}I!+FDFNCN#>^?1$&fvUESG7z;})SnSo$Zhvvj zX3;+`%4*5C-Pt;iGxQH5GK%#i)+YFEdx{o+2tD!*Zp`ALl&#S9*>EPbd80A8q@<)T z-jIg?q@Lbduz)tsVLZ;RU~}<0!BCZ!x^st?m6kT7Cio~bCydlZa_N?OL~h>o8KjSY zlP>Nv)cq??i@FHXDdxCZ4Bp>1_L92^Z&B#k%}8R2IXu#6Agmcp2ne6EQgyi4QWJ=n zB0Pns>tST-4`=~H&rzL&1QZWh+&0C!q896D_eMIflf3Dx%pH{~% zekyd|S^r*f@+64eM%Bp)gU)%IfwNy?#yA_Wi;0cF?Z7 zs4Fd!{v$)HHgiMyF|N7J&};R z8H)~9D!JjhIJ@tXyi(V%F9oih-w*ijHWTAlaK_YhIaq#@S~&iEC0R@J*3`WIUrDCg zeA}^vu7ehSegLQyhfc-*NlncUbtwGyHU;05Rny5vrdpx!8Ux=pNiV>poN(c~!yF%oqk_fXw~$_*$I+?*DMU|bRR8D z#}`FLonj~9K=@@@5RmaQzR1*BQU_MNiFR#B*nxN%XOw}~qo_hkvgC5%vCMiz}f za7W?uf@%k@S>VL*cfhsEOEvgsaU9p!{8XqfcjZAGZJbz<*bkIR-bqTwtMjD0r)qo_ zj1%{EDN z)8R>&V3+dwBo6Egi)7Kk$;#gAr*u18-W_N?4oSyoEvMK{Zj_X?4UwBq%` zI&bxtNp0kQ42a1XuCQDG+L&Qi=ca^AFL_Yn@@_7-**BR-QEcji6B z33`MAv@l8ohZY&ea^lmMEV-+}zAx&80Op>nBhWcaNcaH&0zS0}=E&Ty(?a8Nme(mB zU7rY#@F5v_*y&(+UxvBl(n{>@pQ?$P^>wX2^uJYp&;ULM%dz>3C#>HVQHb6Ivtox8Dgwaeqce#$=hR{aeGDlQwts8j_IJs+Eq|HG>~pH|d+ zn(%Ps78R|=mmMDIBfpxaUT}Me1~4?rheb_Q18A|`KV`1Is&=$do|lS@pU-^{7M2@& zX1A@vdN+MAJAt!LtegRs_-;B?KQy{Lk%);;NjZrR6s8)~J~n&Nz$k-Dk|OZJK7W>i z=g;?)2UooBjG@J~eEInK^dt;bowPqwQ4@{ZeZZbNbala?9oUy9C%kn|ddI$0??dGY zn1$LNdZ6Mi3$Ws!zcjE+1TwqE~Wv+ z-_H_a`i0Lwh1L6e;BNK=b?bx&EABAKNoMqm6!1ydZXY^xd!=r?WMj&6{WrU$nU@1) z!t2rxsa$HQt1x`qm8~%pCC=9>FwS+PCLsOTHotfyw3TG&Ij8W6npP5ee=Adb7{D&s zBK}OpcVXTFm2Tnnn!pv`<0XKp2u@XI;RE$jOaW!*rWr_lE~Kd&-*k*vTbcr>4}P=K zc=q2wozZ1+27I!k6BDd_>nC%xo+C|(EdnX@F5(lHjj2`V^D{?{BUX*yaUaNN`-6f- z4*Ik8gwLMrLEwEBe+NV1$DxKC3%4jnuf3!#qW99_Nv8GiROQx}JVTaRXli$+_Diz= z+br(f+}vCKpB~EKMC0QXAfjDSk*3I;)cD4YC(g`gb2~xn>7NZG`cGY=E*ThXg~eXq zB}vzp?{}mzWYu{bu4nDs+)OTH?{AFp5xbp7I{%7yFxw#>fdEoWJt5N@$`02U3QY{q$ zR6$7;q`UU*mi6}tId5`m^4r0BO4`n20j2VA*}cbc(!}VqMS#3pTN9;AuC&^*uUGEx z+|hgZac?l?$*XLcS7S7K+S=NBT1EN0N{cO)47z(pMQF^;w{O0eb>ugQcGW$$Hc zYX&prdnL^r9QGFvE!I(7za>ZrWTrRBk-_4%T--O;&~AVbY7Y%sz0O-K#!K$|XtyDG z!)tStT}4f8wz2qnLwS5)VC_x+Bo6Z%brb4C%|Ih~?-vf_p-EOLuE+;ZwTwL7VE!;6qoRN84VVy_0|KK}3 z3&}Oay2ZwnkI$DrF>!wZjdRx!idFUmSIMwNuoaeF0vgoP?D6SX&&RN-rup>eAWFr2 z)&n5GnJd)o<6?vkh3$-JIQLRph27lxsM?MTNXJ+-&e3`nFJ2KT)c2~*W^Sf@Cw!Ma zn>$9%a5Fh|o(mOm|GOEFD6(zv#6K&uCkQ_uhXiymfNCkYy>SCSv7c;3sUUSkYf4wt z)lAJ=r%wO$wy`h+bjGANJZ!L?zR``y!-6%Ni&mC22v@M-xtOV$oSA=UVY4e$j%P1+y%PAkq~l-lK7aEi$Ri->yPw(5bKhPo%_ka^rfZ*uopg z=J6*WKIXTByTsb>P?(-QGC4eIbTc|^B-*21!u7!tZ*F&{9GWpdKiSs>AX?{in3cju z3unVm1f9^#2s**_t+CsIxBR~zGd!J`-d zP73DR_Wnk5Fa+qtUgM-!W9y2eC80u8VCAM$*NfuU{~&)*5$S1P;kG!o*O)Sp9q1iA6iNgBv+~gY%apjo|;p&~!nd zI#Q^YH~kA68=_2VC6%lD4+myCA;7X<*Yi0d3fGWtpc0?1v#dFZt^DFi$Zcm9{T zITIAn`S`w^K6(UgjNC`Ts_^Gp;9#C`>9iv!BiAbOWlVtKXL%QDNG`H7{QSLuyi-Ug zAWw``PRUL`$Xk6)Gvi1``oD8`y>+OU*8Y}4RPnKbo&2+A?9mp<7za8HVt!t~!ax@mpyQ2b{4o<>7ffSui^HO@I$oh6hcx1@ZB0rz2w@u)hySJ#2sj z_D~ZwD3onIsllL{rn%Z{?s~3m;J>Up!~<_iZM%bhz2nu?_CPG3CDQF3QJPHc;!N?0MdYnVK#GB*SkgKQ^M84 z3ugmGF#i^SPt2k<(u`jh@R)nn6-F}*(t1IrzZ|Ysr{h6-4!wH)!zRXlKZp<|^NwWpw z>l_6HIcu48HPBoTP+82zI%}?i)s^NmWrhEO+JG$EVk~wV78il2D?Go`!~v zdjD-C)r0vUzA?&GCo=!cvVC?b_EY4p##aOFuL*r9n*75QV~SZOB=6kEd_j;usj(DG zCaL53SK7w}XhS|pEM@I0CZK&pUU~;og|iyvXuZ?P^e)XpINyH;-G?L9r_?)QshzSL zkn;_N(oGY;#WoE@449rhj@K4-Tx1H=U@s{Hjq{fnRhn&yOdK3n43a*TsR>>x4!#MB ztY5IJqs~iF=etttno^a0w=ut_z~cWWShxX)9-Jyv%-~9A(Q-N^U-9HJr-i+5>yo01kq-1 z>rwh5CH(D%U726kDJ|}!+((1?^ux?5ACFF4Ikc>x%H3!cf)`&Q&7iA|RFY~OlY<6{~c+FB)FzkE4i z2Q^gU-McRi-7Z6L&eb$js0iX_!fy`a3IV7%S~S76^`b(Q-@W(Q!=&uPcl$ZGz)4a6oA-@w$eqxPwAhGJ zFSIwhi}!22ETC%d?8~C zs5K3bpQOi4o3<+I6i7}s*Sp5ZD=fC2toHXWO*(oYdVNOpJ_-q4LcfLiH>e5~Cx|KE z_s2+OW##Wh>8N3o<3Zq;P^Hl#P&X`h);M{R7C! zj5IXn#Uw4P^J2rquJT}E3SFSNLUmg>9?Jb4<%V|eJ3Y zA;Az4R6w*?mzD~#ur5vYO6PUBjZeDbuh;ZhiW*PmplJe2k7k}`#)HO)qtZ%GpNIs8 zHyxON`)Tll&S@9d{EqJKms#;XZF?Zo8=1`SW2Spt@?@jT20Ef%k8yhW>T3P3n>QNR zM7ye8Wjwb>iV*`<)6Ny@Tc?V$SV(s0$R?vj^mH`J4}OfFi_K(v_KCD9#J2cO`-sWx z;K|KlgDqDteMZR8PbPS;?!y2Ad@8nKb2pb#_`9wNH!lf{v)Z~PU%!3hX2_0)GYOhT z!UBu^^~YG=$jp?=3wfL*c{E6F06_D5T%BSUXjaT9KnH%91YDM3FVeugDiTi=FOk)R z?GAS-4*99%X0od zxG}IVN569YB7%wmC|S3 zt=H`Gbm-_SIiou#xdf^^AEKcOq6DeA|cVON*KBAuUlA~_kqgc`dI0tlz#;6J9l=H@*W7hVl_7NB(LoV1CRJiUCsfg!hlL+ zY(4`AcD>V5+1cXbwi?rJo9{U&hiFDZQ*kb>eOx@OIpAKFVV=$vjm0#^u0UM_Ouwy>Z6k;@7dS`XW@W(}QlWoBnw7@P((Rcgt1@H;2qeAj>5)|W zmP0YgbU$rPr5jr(sugO}tg{(Wct6jX4y@BqUf^n*LT_T1%%0t|@dIr39Kbnl_c+VMAERI>$H{W3?aO z#E#*CuU?Lr(C24{2a+OPGE_O^iPjrW;L%u(W|x`Z_5(qT++!Ir26hVG3uGA@RiM~| z?iurGZl1g{rs3!mLH~lmCT6h4b@U@C$I$~U$tJk-V;k7Ywq{(Zg5}U4Q21|iFGmnF z>mrxETd71h1G%T?K719m^z>j*3i|~{*ZD!@aLq3pL2gYhm*NUB$tH;CPy&gsuj%*E zPu0n|4(>?a=^Ao>z26Ya=VwNyqoEPMdc@~;eFR|0K}B>PNeC~ z_oeiZMozVs;3V`IGK5t19rgIc?s~Qb? z{?(Lq@^$4BSa6ARQ4p{epb-#gP?Y=rNI67B1fS7~oZ@=C>_|LBx9_{c!g9P@7p?$q zJ^O=!kJNMPxBCir&8qi$Oo37Ff&smNDq`f0r*|BxpH|x;P4TY71|%JxA<6Crj+C#T9ajIv0lsspMt$%}p5j8i{baE^~t$b)3Zi4*WmK$|%~TSI(cF}JfZ z_sQC~Gs_G(M*xIFutZEBU0unVnRE7|+Y|5d!Zm~SCQntG>QEQLpWH{rG`KYnw3n?s zwD~7;Gb01|i7$*2xNDJdZNzp{&0dWP8}+aQ;N5UBML2*$7ew%5>SPM*@l3dQ_T3`6 z#G*_oSWKT?6KtJJ@9xmuEbw2J!@lbI2=A(2v2-DtxmMI(Y)ggiLm~-Y>k9ZQfrze5 z;_G#rKTXW5VU`nGU-nR+K2zM)g=Hwb!4#%S^f%&$#7c!ze*VS!vA+@-MH**-=0AK5 zL+inWN6HUmm@k3l!k{3ghq~4vP{jWoM*hZ$2L@#1{le z4CnCsQ?|sQJjXFNn{2pST57MDKBJ@BF%Sa)ulV@+D;PItJQ*Z(VMN+{g{tgYNFv9> zrRx5EiusWyesS>%jMY-YkB}3D^mwPj%Qqf2-(_MMGv86aG%&vcohGOmHnu4AOsHoN z2e(wavzL$W)}TB)gCI>X0a}69$6v&@yPy${GXy(9+=>!sWCW1}83xg^hh!mT{8#rc zCO|if0fT#}Cs`3q9@p?sC1VWhNq!g9h;Pz8oNgz#{MA?m{SA1COyGtp?thH2#BZzM zyIjf_Xe$s$-l)J%ZFo_`v zZOB8TP3;UK<@Hr7;)(!^;i^Y6o?F3(N=OA}Du*siFWVs%9vu~U8Y`(=3r)mCCvPGg z&vQXZByS`MK;IWY^w^D{$-UN-oy38)&|zvq%q4E)mrznWJ-%^TnfP~SU8m?)j5pP* zP*|pD@f|0-*XGd3{W#*ukkYZA9=6&gEfxNVM9ZIvm*O!Kp{dwjnweX&{tTD1pC4SuF#n>_s{Tx|zQ%vY5Q2k)q{b9g8b<&z>($;vNfTued~hd7G7x}kPg+n-!iB#E)z}Hr#bs-O5x7eJ6eH$T0U_XS##9m(JSok;OBm$`+ zCRr%8@doI+52?!6RAb%1BmHeL^L^#h(!X|Gzt^8#&G`y}VOaf^+J5aT&thLd4$~+= zxv`x}&IkfW9CZcW<7_LsQ$PM?TG3#o{eJ2rH=okHHbVS@xD8@eYYVLb${YDNJTEb{Z)^xuZ4y(mE7yssplQdA44E)+(Mmr zcRN}(?$x;QFx_FLndFju-BxM4TNR%MfG7ZWWvjzm{gRtQEE6t!XSGW5$9l61n7Q_= z)xLT5T+;Whd2)HXfiG0pEb(f$NB*6zcz2cR_{75E)-N_OymR9uQa9{cEd_xxAqeaG zfh^-3!~Bk%v?i@WW@X_CGPL;!7H@pLk^oiGj{#kWk)f4;KlmF*olta!s1+o<&8@5_ zXqcht26{J(KYxgwdE`&iVbEC$$y!wPj%mN};M$*o!-U|WLrgDH`#*s)FtZLPhOLZ% zq_0w}D%=c`i*LHIy-GxjF4i#|#*963H;Ln^+E-R>l&-}cY%`a=LWQ3m?R1s`6ua)i z1svO;RszA0wez~l=@8#9HD{n z^fC3>^ zn;rLl@^4I#P)>ei=5g6Li-|%f?J~zv_}#==nq_hfS$86FlW6_UmF0{a z^14cuGXKrtc)MGUYHkZ}<$7b@>vT?NV!u5r4G!))N4$#4Dat%? ziTaW~1(&W+LAp&!dcQ#{j}gT}z)g1!%wT*!sLB#?j!Ov8nLfFxwhzzj&miOS0SZjJ z(h~to3EuzqMOr_=n1nE|#d-4k6^I|=KYwobJt=&I2zBC&1SCuMnoNnFA-vvP8^o&j zt%JoqkAd3nqfX-Z_u}Bt&=6dY1B)xjo52L}oQxfyew+2V@3OlpUM)C(QH%|<_bkOZ z_NvD^C+^p9aFZlUTmxEV1FDT{Jf?%HWGoH01-Hp?2;2ck00UFBBHlM8Ru`odvfG8- z1!mc&Y{hoMM&sM^c(cwtZme+lLTiAcxvA_{p^H`sGqESLIHx0 zj9g!y6M#t&J~Al9aPAYq2|$RP*f!z=N>kTfCg)JcI0bo0DB#1Q-ajzw0SZhwzOm8z zW82Ke6EiAp=_s=bp;trnC&bUWO>g=f5fdvqa$L8_=o(Su8cGg*8fkzGI(|Ix_6A2yliq}cu z;HlmVGUT zWQ%7DF9F;m1h;%dn{b#GX=+8s^+=VaO~4NvNA^$H+7TlI?1en~C6#@f6VoILN%FM) zTn?&|-c3HM=UWbU>Bt8u0|6 ze2x}Cy1;h@Zeh5P9zJ{s&>J)D+oN17GB3cxz~G0ML__1?&RcOII1yf_rfQcs1q$`~ z)KDbLjjC4~^Y8z6?zK8kPC|FGj;LPKL1~I7M}~jZEr%lf#~>gk>}NA^Eo<>s9mFYo zopI&9n9wJ3{7)D50eoMXKcID5^J9KKL^UTc8j3^?4t%G)$8?#4>KQg8BxdqN(`Gk? zTIUWq6$V!CJx<3k@O@Z_Bl2SPm`iGAN{8j;3|f8qAnqZ15e%pQb-Uzs9RK>!v#BF1 zF^wtcg2?1ce3zvx=CabQ&-}YeDJoOLwV)eidOW%-1clb|;tFhW((TR=)rA4i&9#8% zHfFM(QI=v?XVGI;<>%);qqY_eHY0%v4nvTHXi${o@#4oYkNY&pQc zPS4O?T%*9a@uG&D5n(`3wQ&Oy6P?yKbMT-EHXgl!C`$U$9&>N!NV`ufL5L85%D!yb z-}g7b=DUU@#TB>54g}Q1T>Xd+_)yb4ct0|gxOwZO1l;0iL_>snAEf^ zKRHK0Nc8@F2})tUH6>WsTfT`97HmX_Gf#e(sZL!_!N8qE= zR0oLGkZ}=N78Zo^gDpy8MH5m8!{5hyr89cQ_R;3)wEgvK907T4${*8fcng*H>4 z9h1P;rugPYepzDkasS65mk74ocV0-cV#m@ zS!zaBn&9L2p9>Lw z?bvXDdnQYETC3Yb`;(kkHC%0;PkZP?{8t_As4{*d&*OWxdd^zmLISI&rg{xY@;V+; zY!OB#9wFd?F={tHK7LcusY?wM%z59o8VsYX| zre=%4u$2yF;p8sG^eNX;7F4*(?%m-aXtyfk@}IMrR!%Aup)&0k3R*1bxS|$n z;Ge)wC@A#P9RqVih%?kDxDQ*x2H&KjK8fUyWI{C*f1 ztv}Rr)mC~cw@d+E{ z05Wak9f&l;k&c590@MF|Qw!gu=+)TCig)_AcFcQ+pIm9GB#~85%Z*l?0Te?%)i<=7 z-}esvB23h#=Kn}X8XFupzwAI91`J#iE;R@EN(6~9+`5Wal;0#nWs@@YHRcLfZqKY< zCb-QP$5)UZ&cm(F>#%Ggb~a>#3LmXYY88_zB?hD8Ei3ZL1~tqV*PQj@RV zc-8Ecr3%}dRB3$s=o!7F9^2VTp}r^GeIxz-clIt#IhUx@xryob4^w#S zA3-xO(W;UnliN0taat~~14_$Z6aUz&3yGa7=mh!!(>d|6X0&x)j96xdCZS_2fHqdX z%SFuZ2P6Lun8S%}Df@p}F_`e6{mAci_piU+YiMu(Ci+#&^op%u90=;1lJ$TK#?dYr z4_Ym{FS4{~8Js$wDzDIQn-{B|A-||!sGD?|gF4c))*IQqS_sPb^ekT5xCxx8>lRWR z2J8`oew>De$a$9H4QQI)dc5+X(@Ok`$S3}ukMi14qD?Oz|82F>TW@Vj%W6w|s{EE) z@{eoT#z7(~HOA&4k?62;V0~iRr;!kzgg%0D@Eu1~?|H8d&fTiFhmO2nyF6O+x%PLB zEP#46W;Lq`sn!saocqhKb!oj#yQF#R{)l>igJvPF0g52@h}tJj!-^@_2%QepncVf2 zLw=S158vs$Ej4}G%cM^g#`|3iq|d?mFD}JBH%);1TOvnVIR+!WNaUBv*_Rwg!}luT zt!cB)%je`!q6GJXR=pf8rg-HR8$kdHkU?<-puy_dX&r7768uyB@Rv!Kr6l3gK`HHj z=05D}u`<-qc&o`3ruYS9L)b6J~s1d*2+wh|IV_c}eOdo5+pQUG<@i^AIHmr4V>3!Xq1B#981aE5H24RgVFs z&~gv}sS^=zh4udF0@Le!FLNktXS(<^g-6ABg;Z%(LgF#>Vg2Z2sJ~Lm8idauLVG|HWMpKD^bAQ>G)b(-tL^B`%`IYLVqmW#+NeEBeu-xC z7%NaEhL+FeHlLHFr(yUr?K?{j`s@9Ng*$zlf7%1W5#L|)bM*MJwMUw+B6_3;Lm>-5 zpRysyYx9iSWCe08<;(p{K4oY`u?(X1Znn;U%=C&;fzG0I$qCg|g4j*g;zUPh!ZOV>y1=VxK%N)~4-~{;d8H59 z$IU#fW79^D16DsyO|lg4vrE1npMoLopSn2{44sXr>#-~IjO4fYL(RZ&Uc*TC&a@k+ zMurB&?chi;{{Sf^N;9O<6_ptl0=WSAhy->ic^mB)y`Q4TT#F!AHKegfrubayVu>T_wMJv z@PAqWHa2Q{`ijZf5~@iZ^BX~d|NW}v3Qgj$JoAQ9^~zH<_jeJ79F-VX@m<%OK*dRQ4Ku^fmO?-iQ~S^EdcdfaHj$U(w3#)&V3&KhYjV4xo9ROB0jJWTD7&}H z$M(D9y@z%Tf;!}8=<*;kg4p1p1=E#i_jE7r*`voEp_FU|)AWv=1H9!@?^-h^1qUre zr*CLdnY=q4L=taJHJkP?D&o01`hQ`;#{YHW#tkvAg32G?NFC$ie%*4pw{xdA?H(F= z56+@2e!lay)vE$r_4V>4i5g}$HqQ;20$7#Zyf+W~Udra0bcw^!Batwj;UG&TXA?gb zWZT&k=+*lrqV6E9p{=8cwO|}gLHiy8E~AwZU!Oa?7T}ao<4{N!H$E=rv+!gw?;KgU zQc@TPaIR-BUNB?8lBAgM?85q!f#{2+4lM%{PtV}e(p?sf-w1&!fG|m=Ad&K=9~(V- zia$jsRU0&OM`Bw3(*giKVtIHj-WXxwlktd!|I{$ql@CL{c5xWnl(wBODbSzPZbuDZ1QZE z=pXZJf0sU%R#oz1*M9`6F@DW`2fxyJ%EQ)+QIDkrM{2L<)=rt7I|=m{kwUxlZ+Uv_ zUmq~RyFi@qYW2^r0SRIMxHa{;E8x>p(aDpxrrPD^uKkNE`xKIJ&45#T28Ve0z}+y* zmO!$%&dOn#np`;Phlgum-0=s=FPDQu9Do49&Gk{xz|BkMpWHq&X)o-N2@qYa0O2`Rytd_`fvP}Fz}i^AE~^X zo|=w9F#U%9RlD%$K+V(#>AIZ9GwBqlgpjX3W#2zfE5Vgy?-0SZeLGm()?t~v^iqw< z#vx?CzC;=^RP$u3H@M3;%TycpcKLbbW?Y*-}$)7wOh?`V_YfGR2_B zQDOvfyU5yY^4&ae^ynG%#*@Nq%GT2(7@?Wb#(y^pb8ekkdi;kBbVF{`Glxhm0Id}W%c#aNs=8` zQzPZVO>N>GrhBc2t}!r#sFfHd4}CG<0FXcTHjDb?Z=@FhbA&jl>qb00J18##8Y;{$ zgdu_zjZucY_nW2_w%NFd-rFrDk+bjNk2EJ>_|?1EsD2BTZ5}DxSj_HFoj^-e^^b3l z`1+@kT@5I9(YfqJNIl~F04flzWspC?nD<0P%+$^4=~7my9f?8-O~%tRl%+$H8l1F) z)nTnyO^^G7&ls=hwYn>^uZV%~Xz=dTRx6vefWAX|?IF8@uhvoseX9#$X#tXcJp&bA zvmF)*4uIRC2jm>ZgT%t7mU__DSFgr655kSx#XY3=_dH<@ylU~l2ce{zsVc=i)~!D2v8GIPY?P0w zPySS6ck!>VpPc@X=fuV1^Oyh0k=>A>uwKN;g?M&+ci$Hk-7Dt5O+!aBRi9=+A!p;l z!r%gZiED3Z-S-WGTllZ2Q~yuKnKIr-Mtl7)-}-10AIiAXqed}DC+$hSIrKZ;DJfVG z@s7Co4_&D5*?pyQ%6?&xcdhU`w6<`uEb25YbPMl*49n3Qja+6^eWkc@&>LZH(ZqX> zzoO7_e%Z@MJ#JEK&;n{22-hx>Pl1{sVl96ErphUoE|Fk7I-Kn}Ewax4@fuN*M^>6TI%Tq+4~eBeGTS^fu>>{gVx+qtT&C@YH9r**m0omZrp0zw(Gxc z{d+N*%39CyevZ}be(RxwMYjTq5gCXm;GB<0A3uv%8RrKS1cpRn6u$+yDS=9kHW%v} z*YAV~fJQy`*>j0YePZ8kHWSagX*4QYNMQ0o5Ut*YD;JI-BWv4FN6wsOCJemakSw*a zny6;l9kw44kb?4^>QXn4eyhCmr`XEx;d`b0l-Lavo^3gMV1wKMgha)AZQHBv;~|Jbl7she|DspO==>Xym+6vm-AX+} z6LS<1K7wX9$Xe#0rq=&ake&{&5~h#Ya_PYwVV?XecOlUZN#7$Uoul>Q!>xd%7MG;- z(xZpttjDXIB`2@%qF(wl>KLtT{IoGuOpMTwv;Mqt{Qe3TH1?b46V06N6ef5rJ6Nd+Pd-dm44c6g3sei z#7d63@e!Iv#qOdn^x zmb>YIJCjwpH0r5sjEhi^D|XYB1IM)7|3kB}jKR_TwEiTO_Gr}a1h(QmnQIIb*05G5{da$&?}@V4rUX1#q_m(@kM`tw#>yg6Bw&L$c5FxaF|Uf8`$ zn&NUMCz3z`lKystqzsy3kXv<;?+-C%jI)oq&lDkT3W*!0tyYA;!*ztrKdquSPej!7 z;ry|qkDU{4=6A`PrfZJC&`?^*6RG?lrh{KsON$kQTF=zqo{FN=ZV$^HT6x!P1U!0W zdRQY;y(kfA8qNtqwx2~TS2_h`+77)GG~pwfvR5#w-?bvp37iLJ^He7aMfc3grkv+WCsK#xg&qhd)mH` zVp5Egv^(VNeK@nW0Yr%9Xp60ormWfSjZ;_HsK{7?P5>ln$W%=x zmxyC_cDvIxS$@)eb(1ch=U5U4s1g;t|6#vU&=iDZA+*3FlH#2+TR${?dT6B2%(rr` zTMK@$19C{CN5T@m_*n!uB?7erZ%qHUJ zu@JDds{iH5A$7BKLmcV5yb@o3|DeJtS8hlWT-90DgwSh_-?ir7)$2}z*~T0RY9pDl za&k&z)u~ELHDhW0DyPQK+OwvS^I~F#XTk{C3Qu(MWr4<aJe7{8!Kwp zz@m8!jEt>=?%sWOD98KD5%n|s=WTBp&xN-f5&lMfmf)?~o!Fl(Mlu8br=P?F0E7%MWjHyxP0D83w@DhTZ3fr#CAdA}J_BYaqQ&f}}S?6V%l&dNRyiN2~7r zIwXsGLP|>06l$f~-xBHRS2NlOWgxIKH!qS54Y}}FEbi`3IbHO>)M;_3RoAfpy2Ps0 zr)2?u!s6mN0POF&COLwP-S(82MnoU0ZRHwTp8 z%o5A0ciuY<&Ld|>1(0Y5B;#jSz?X5p0nvR$IoaTMfr&xM_^am}sk_OnaI%TXw?<-h zvb>6x5*^aB#+ZKafJNSz@pF_6%&jP`AkwwaHM`{^I~R(BA*7iq5be{XA(d#B@&Sxu5w zGd&r4dsb?ES1q6p4hi(itb=e0K6t{2G&^U8m;arP1~v^}lIw#FzQ?mv9k;*$6M{7h3@g~!t{&Tb=}Ap6Tg> z4#l449~BbeHRPsJWMGBA{27KIy*xsU*lJaELwu5%ABL?IFabBlB;0Xr8kmCiD1&O^FS4 zrqB@tX%@I|h=ekVzq*j1SQJ9O&o_*M9yb+Q)9zezC0F3uUAb=VX{6U z=z1oWC`#g~%_a0gUXzMd+Z^Jh@&TjwqXIz9`u{YHV*!o^n{xL2`3DuFObo#+PMjz8 zBl)!2M-8atE-1;gJ5yE36!%mQErRVDf=C$-)6%Cq=zBQ!*&&JWCY}>6L{a&BX`~8{(goJXA@{elx__d}qnNt<#Yz08Zsnf7460uioP%(-VBn~`z z)4?)()9E3*TH%+Zy896D=Ep|k#xrKc55@+VtTx;mK_a|`j1I6yLjo6|5|rtQ#un~W zV#M-xSrYuLQiX_+66mh;k$Qk+YZhtHI0p~J+qX@5yhKlRf!6Cjo7%9`BU)dk*k0ul zN)f#JeG8q~T(OFw4;n?~2_y4kHqA3GXQ$7Ammvs75?&DbBw!XsRRvx)4P&!!<#G`@ zRr6tbvoQ=!g~P?5v|xz~15VZZYzDJ`f)RxxlN;xJpTEiPW`&G3$T0$_1{hCo$nXWA z${KB5vA5oRLE0(do1EAm4bM;|w-=w-_GX#`a)wyR{vx1?{@HQ@V!P9+Ep2I=WdLVq zX{l|ruPhd@sR!|&tU2*=foF6z>Aq#^NK33@lq=nFzB%hg>YR5y?fVpOP^g2tGcOrm{hl|d zh!ugb9+nXxF>y713s)O%;DvGq#vUG!z5oc<{<%~;TZau$381h*Y>w#jfQm{=PP<7G zL2GXRUFd}t@K&UF__og8Y3aw?Htu>Cf#_eN5o+Z%uNBXT8jjBeBe?D_jt z1hih79DU>sf&pTCqP_aH8SBl^Y6SwD^`#gpUZg<##6-AKpEC_Ar7{a0U{pDf{5sW zJ8%xe_!vCc4eJght1kR3N;y8p`1npC`5ZTU{<7b+-j*0fONdL8!RRQaZUrj8Pu`+s zisY|y04ljxP{o!EGC^K(+%o5oup(H`L4p$(X9D|TCd(b7$WP^@ez6~(1rF{*vwQ!dK)GWtCPAd)lT_<7 zzozc>7h`r0?z${Y4oz0!T74vo5kHGzAj`mn4HY|+YiA8T;$QC@->evX@#0t6pBWsY zfZOjs$>kDiX>pW}D!fABt{*cHoeMWnR5vk6-Fmm@mF9dDc-)F&%_|+?#n*D*(YqU# z`QGI#J>g&Py5exmQKe8@(44?g@v*?#ei|BPcmC#MzZ89MB+D4W$sE>cM2`oe>Oe#H z$8xvjf_Q1`VmatPkc!FEg|ibSGMBKCYK1XtD944OD9{+shGHR!s~Dd>58YV93iLTO zjATVYLD)}om8&H#M51Z2L5pq>6agG2q;QMQV7yQ7T8=HWb%uK`HcT1q9$$jq4hprq zTG36N-{`LOQ#b5)K%@?mF276TA~9ei9)nU-V2qZH31K#?(Vmcu)^6;0xENwiCWkp?vA!cPp`7dS`i#B@vxhq|z5 zH?ctd1HQ$?b6thl2;I?@e0Xld)9NJ1e$1gH2N_W`OthhTQ#@lcNl=>^Us7UV|4y<{iS= z8w@pK6$8)R4sIf5WRR-Brwok@s|Qzgn(X5;pc^TAsr6Do-$GjE<;|8P%Qtx_Ig;4e zCxFq#aFKnU_Y25&WCEQW!Q@mV5lwZnZP=yPdTsav&V^Fh+6FMM1|HnMwy>zF=N*DM z`u*39Q>XSbMB8+4d}aX>TsL~Lk`al*L2fy8T5;`wh}LWu9V%3wGq}LKW7ZDzJJ2=$ z8^HC`_U1Deod)MresDE`OA~SrCOXfw65m{Cot2Dl-BTgIGWteE4XntZbVfZf50aLK z*MtqJFsgf9aJh*6!1w%R+)Kj!V=l+0Tww(yNB#@uq-N;>-WqJIg)*4 z7QDZ6>Bn!ku5(`26DgNxNJ7QQJDogfyGE*ewWD)mf74&ceZK!hfbsmieJFg4NM%zm zR}2xw{A>=ER4DiV!4;VJJ_H z4ZGk2k3#If85H`dvEV~PBAFKAv2iolG_^JXM%GqlO>U{ z)p{2OpZ4a1;j^%_zeiJcD?gu#b^D;xjm%srswx<7kMs?MH+)bqP;lqcz6W@;Pk)7Z#f1=Ic3rI*~?8)b0e_CBRvejDcpq*3jX78G$nod zbX(_Rt~F88WX`K|KW&)F_;mW`2fpz5z|@6QWoA$4swvD(>`g9W&UQpm(ej4L*Ot%s zIx3N17mo`RaRvN4bNpf-*9y6+j;W?ejohURl^nqLFD%iWYd&1@c?jClXxVRh!$|Zx z972YmpU+RCj0r`R+jD1iRCE+3qL-5+X<{kU-~ASvI-!d}mDSd^Kwf8058=UTh3H`Q z7<}F_il%+z<8=dOz=?K3Ze^9W)l>~+R)HF!rRCg!EH6XSyG^xoXn?<^Nuq(X zy1u#ru6lSGPlG_fVlc*s#6WIyorO``H1_Uypvpb#uMeQl_dAuX@pZ1<_C6b%+Mqwf zoVD!l3tZ>aK@MLKhu`597H3QCTEd|=rA0bA|GUP`EWX9V?iT5aDoHEFWlX1kenS*= zR1g{^+;7xS8(}o&`)zYkR3%>nm|^(WOH|Bsx6&4!#&GqV{&uR|bkZAE6YO1Gb%X!h zdi}hKLMuF=p5Eta4Loc=O2ocO>e zBgNT48>jGm{p14~PfiEj>%(>pcUFbKWGK%3W)#jW62YncST>I`>+c{lDhyiI}|t7Vp3(HELN}%iYiA zv*|K^{P!x{^{1!$XBS_9baJ=t5&|f9&YC_NIro1L{?fZ`mXQ+@s+-c8Dm+OXo0{+7 zJ2{m)&-MC$T7Z*d)8m;*4C~rD4@j3m*VkVL7&* zED2L313Sy34aOdO?yf$82D_4e3K#yqoe<`=f*j%}>To9j1~O9Xo!WnTY)U6w+y8x* zVQUMiUWDLeY2mb`$dgJE>DArpY#JL$EzTrdh4yo(;S#cSL$7hALm#0^eILk9Nb6pZV=WTIAzhp zO?^NJA90GlA`jhm@?^gBf1lzmi|Kp&Idd}gTS|AlKu zr}iqS| zJq3xu%7<8gh)u=)+cxgBp@neU0%OQSxgD&pNvXhqFP!Mn0-r|n*@O*iLeKHEKYa{6 z#Y6QUPplS(8#FzM)zmwA736!C!{UO$UWJr&l#Te(mFSf)UJoa$sR3UkTHH*?a@Cm{ zU8bdzxLDJCa1SXG1#r1-`nhtI%}#~^ya6?Gz^uCAKT z3vZw!Ur*J`;eY*A&8MQLw_t_L0WPrDm|_zR#!4@n2>5_u4gvpm^XWX-KL6RFzSANd zd`&_02=I+u2KQ%pmtl^w{zWMjzdg-e|78M{@!_+Gzq~U>G7Ks? z{i$&8C)U+rgM~CcfgVzv`rrs7yNvC&*SHsr_eYKTQ0^5vyq}94nwAt8G(K<*q!;8E zNHIue4P3l^Ii;5glqE$)x8Y0fh}AI2W(zOc+6eE86Qp+U@09p-0^TT>J@`5z@(z%Z z(2yi&%ER(yfRi>`u`LpF6{`}dq9LOOd?S;fx#5WZxOC8l zb`I=K@N-y>L2UwQL>G6_>D!3HurPD2-&+?y+09+vkxrFiXa86%(zfRXV%|LU!jB(6 zLUey<=Uj)89Y>G&;12T;b@ETEXJzu?vb?{n^uOU>Z09chnrod^00r?m=AUT|B;$Wu zUkcgA9dkqhyyo~Juj6Z-miK-Z{T8I1ZarT=4@sXgJM-JsR=O%H8p8th@GGOLE8h6!tI5wapCkgsUSyefbW zpaONOUg;Y9_CMpr6V?!5016#|??A$ptr`j$m=L$3VGKSVN(vTb3Yyr)C{tIzSMP<60=LC z5Y#rBpY^1wti1ed`sw}^2M0n}LQ$l0#kviB*rJDb!2Y?Ed}>y;9%Lj2s zLS)>@3dyPI(v5VLacXSfcn1>^(n?%F4*v&H{+XKQj_G}8mv>7W-uYQ-)!=a~ZFDCn zI0*2A=^g&b-x2&a5cB}GV>f~fcKh>2;m$6A0pf+Zo$t<$6THHS@7~R>xlF-X5Map} zobyK}ZQ5Rk$coi8F;~I)ze%dwEZI3nnBV;hJ9SJq8QiCEoWn5p@+DN1?dY8_u_0-h&!r5+3>x2FJWpiGF&8-~qGow;;nB!12#YMpxitJo&6gs` z_gDV8E4_*mt=Ug4uUvPSX@;2mg#N5QR6-3xQ0O;(BqAgvbbO%XBgv0<8P{Jd&@U&w zpvhG(rvBDhwGqASIF5qJPTxv#0UJqhv+NVHOA5pOsr%Q7p1^8mM+>)xx{z1HLgbt> z^v&MBrlpy<2)jAxa|~{XwsibPEpq7@JMTjI-N%#wtOwyer4K$lmEUN5;C(&P3Zw=Q zpV*3t+$>$hMk}$r4IH)_TYG;yZzyvpzuxQzM8@2M`#eHAi`{)>jSn$WX9K#v>>ZR+ z#01N~O@C%CQsaw^vKX^frCqOA`hZ}RS(g?ZR2Z0s2n zyuptN5lEiiuR!nwV-duxF?Q#wX?lo3m5H>Q)*$o0eK3-`Jac+vSA}p+Hu^)$@Xc%C z4hLV<%SUM-x`T-SCtXD;cT_PoOk-3fx($&(f@wcLpDAIW2I1BsATJPRZF{tP8|pyA zgj}pK#QcV36hLV~0RRMFeEs~H1x`loqUu~!qjpg_c(t?Q$brOf!nllSibq9mxFmKk z>~UbVU2+6C1e|^Si`@(M#&@+0H{Y{$aQD9dD>2+)#TAz6+57vgVqrLW=zA7i7(PF3 zF5rXu(#tC~O62&BBttj+MPVGV-3y9wwKGRzJc?PP?4RkFeo&0MbBxY@lFOQ@x^HIF`W!GIph>iZwwlIG3J2_-rvFBWLZT!qc3 zS6p>n)38ZAz6$9M<6}iczEQEkYJ+S!glZhW@>Q#*riS%e_*-We|MT19{e$LAiZa_c znBi(G&nf2bo669IgL=Y>>+e5d@m~42&NGj%Fa<_w(1VSwT4o%ap9{#q1R53S3%PUG zAyP*q%3Rya&8K1LVH3JNTk3Sb8x2$n56G-6<6RlJgZmcjVSc}9`RSbaxPa7l7^V2g ze-{|UT+yKKFB{OX8jvIDFARd65JGo#%K<4-0caHlY=LSC!B_)JPhsvg-Xe*JF#JL) zWipU;Q9`NarJAi;O z8sjT6j9!~{t~t59#97=M)qAx6ZsVw2A1-*@q{8JpvGsydd`W> zF)bJ+2mbG(Z*Xecgz}VgxIECVOrt$G!M&UDe$b*u`5wN$=z}c_SUvccVT*782t(M_ zHa#%VjU;q9368Sa&d0_)TAmmDhw7hBF&YQ>)U5Fp&pEQ+O@_dKi$J)z>^xF>i&{Dy z);5iP{u~Ba2(Xj}cH6+k$lONz`U@sXJ8yH$$u8qg@KqhRoP*(2p6@X%m%K2+;^WXf${7GW@=8$d`z_enfYXBi8m8qy>Eqr|t*aBlv*99C9nR*BNiC;P|wr z`CorB|*swdTatbvFj+JXHhv;{-Z?iltQTGoc>^E|8L7D}- zx-MV6dKC)AOtd_-)zofrv*PPB_mo49h%Vy~Ne181x{omI!k7q)yQ5UXLEZh+^+i#r zjR&KBw{f}e8Jcy(ZO5zm<@AUdZ~dA~KjZdjNSC4Ss~>lw;to~nZuWdm{Rs_>q2MmO zlik={P1V0uAMUKn&#lxgEF?>AH}Y#_x7VhZ&F+#z=L=(4BFBC0a2& z*<6dFexRre=UK9`mb8jGoLz8>X$sSg%kYMghd$T(N!pq{@xsX|PNooP4uvMD#$^l>+iMKRMxIvz1IP^lh~=O%f>?0SCPUdk zU-R(k?eK8KWmr~MCdQD~Qf)O01Iu4SZI;x@(@CsA+fB0g*0I#dW5DFAs5CrRRXMJW zvR-Q_i$a!eOY2f7gHSA!tMQo{l~9`1ROxYHDt4&+(<_Qa5D(Cm~zRW03^rgnsNI!_?() zc_s-Sa#vh1HQ!*B>z`(BbHN-33zD_b*Cv(VR)72?%NG7VDsd>1h zxli=S^z0o_b3AoAdpd(9U)ZL$Y-v)Ud=2i}Am>+oM8(=lqs^-rl9A7H%HS1pm|pciQ*t?*gK8(pE$^@s|$3 zh@d<8&5?F$4=yA~`nj|jL7UYMr8SUHe6GG`43O^KqLRwP$`W zSu8TOLObL!3Nu6nenPD@tp{0A?!^v6qi{scyw7&biU;xO?fxQD^vqz3&!D zMC!hqx&Xh9zP^#2L7FI7uE1yj82h>t{B5;>1%NeSB0g=yt)cj_a5Pj_0hXgPye7>P zESiy2!qMYPar42QrF-(RuILpeNTdp34ng~~y>=CzESfHrzuL~*5Jj&c8knhRQy&8y zL;hQsvt|HjMw*)%Trlrf1QWRQGq?plgJc!cv?l`DS%5>x&rJ`saD`1+8-cc7Na*7O zJtQJQE8cCcml_FEKmftGuBEv|ML`4>?q=5Wo&HF&E*YrLVZgT^E?IR2sn3v78S>gY zOqT+H{8~7+$$ot2w+(J2+Rx|sx6$_`JPdK7TXMY9((GldSY;rfBr_?3x+7|);AVYS zV(s0HruTwALzjcuivIoISyB7lN@pZRbLKZ)V(!7)9IKhRD>?o$IdaiWl3~DF?s)J* z;8^UhZxP&UYW@LCfisxuiS;g}pF%@dcGBJk*~_31tDlhrBTF}C+yygB^cU(#{nthC@o z58h;CrCw88kqoDvP~e&}b=o1O_u9us`l;ze^(Gt|Qw^hEWR;;SYq-IK)sKBSE%3sC z;$t~Tark5+XmvBlJkv$huU_w-0YfxdWn5mtuX}O$u?~KY8O(PEJcI=VMQApDP^sgt z`oZ`L0RtSjIW`bOFd}aFTrSUXZEpExiQQaL4Kl#~y?E*G#lV)W?5H8)YNIEGYMNe^ zZHNXOE)<+eY92yjShy{n}J%o_Y-dvTdbt6q3Z_bk%GCH5r6nc(4>?(RGzc z#hd(AEU7PEfk2&~bfQer@(gmSE_>W*vN7`6->RnTgYS(JUS}>Z&N>f#q;bV4Gr2%a z$GAWCM-e>}Ky#BsU*rw1yi0k||9M1HIi`4J;%NBG z%Y=eot7IrG5nd6v^{{U90#NyFsrp-hXz^pF6e*RrH^RyX-dol9Cw>u$Z*6|mb|CqW zr-n=UsCXRK!9i}2Bmw8itFSWml1L=7pkTr=Vph>^3f-_$5ACRILyz9n+O;jJrLD{g zINL(D6$qulWZNxiuk>BHBnjNJfXV=k64N^`n>#r1Gg?zP@<0t$QT#`DYhu!wB=mXY z@|FePcL>3Zc;OEb#df)|Un)zvmGX6#yFOhOp|-L8^W8-49+CE;-Ktxf44C$YtW{X! zSmK;nUA||+Iv&_|0~CB>FJHUYlek7+L{jz@i8ERfBlOtw zg>ep;LMBpafx-gCeTFhcNA(zrL~b_Jc*>cFT)p#O-?-c2gCt+y3+W4I0mbIvi}gO} z(TDI{>4pjEAvHi{lPuS>>G?Sfu$4bNzpfQ;tft<6_qBDwqpwavS6i6L=@oN%vPLZ~ z-$|go+xhL=k1b)E;Xl$rK?|7$nOGNMiU%$D0N7e1B7I3fnooN1mqis&lRs9DY#xt3 zsUr@jmlH0|WRd(R`yA(G;*mF@aR1fsqF+q3*Ze!D==jC$3baZfz!dfu&G;emn{8}Y zt76GM6j%&bpm(|y�y$VS|czr&d&#r16m6l zXqGuuj=_zam#i){RppW$m*RBp>3F}=;q3qRjk}x!PQeiXBFPXt?m3c_BG*)f24UqDew$ z2J_PJez-rhyV$boY8?pHi5>}IGO;*GF2Pk?>mC;!hn&jVZp#|3>9Xv6?+KHB@0 z7V3yDeHL&0rbR-0=z`L@DkEVFE#gcdd>k+1=(*e_5mQ&RKB&Xm-v=1c`Edit46YZB zhoDs=TXZqo2S-ej{q=jSg`bbPVf;(7q;0fgRd`} zW0VCKL%>AU^@|Fif^+fa#NnMnLtJ(w`D#;Lj`76Eh$9Y%Q&ld13ICChrP!4tiTTJs zzvQM&5PVvXOeK0(TsDTR@_h#>ZwfviloXC@=BgF}Zwe9$C`l5&=40|;v!9wUMiNC5 zLJd|Xkhhxd4B-0gb2Ts8fNIAGx^BQYPnBv6C3X}>&DXJ&ny<|?drc8u^DE6|X!j}j za&ctNz?S67A}Qog!A)de_uApr4~Cv{m|bKv>N3o!KrREPNSP)_p7aQI@tks@2J1Rm z!xeUBm62DGKGNtYki$gx5IS;U9^|C&VDuut_Vn%nS9ta6*72!J^UOkm{@V31uj*v$Nv@D=rsP>$w9GFDi+>;0@s@$ePBOE?aY8p3pz9DKu;%QcUz32kGQkb2)C8`tHxzekpkThiC9&K+psOo> z46bb*HV}^aePEixgr9Sz*v7p+wS6|Vi?OL+Eya1(41dZ>6g`CTyx|f#dwsOG4pL4` z(-9q*SacelQz6F-_`aYzAEmgbcSJnXQ&SmWg#d#CU@yjwZ*@48m||~DZn_cQDJdZ! zzQj)Sj;BrI?MB72o8It%pygv?a-3<1HI1#-?nJKH zTJH+ytJPzKengw$>GEI5fGP)j`7l~Pn+@BNQHt@3koiiGch}2pP)#Xz5-4b zHa7P5arTY17wJp&bdtf^#AFBO^q5OP;DzW|xv@#g_bb*YhbzT#kI%~y7lDt6p#51a+|13@1pndBBm?@A{>c|xYB3;@S z*mPwGnO{eB;T#6LR$cNVePrWiT9BH-O3`KN7jMm@; z*B~T8BRjK{vfve*;JWu$kIy+mBGbe8P)P=gpjKeV!9WOi`r#oJa5`PiG>;k@@W^oS z$S$W-60^HH1>9z>wsPrJeOdL(SC}98e3FPv>aM0|;(E8jGM^`1+teh|Wut9Tu2f?~ zR>5p-HwJ5(zpnj)2Ay5-X97P`T3OmM?tg@!HOWk1kV1Y{=-@PUU!aMWwYA*22y3=< zTZDA#i!8AsjZ0S;Gy;s-q&O4M+zO5pM2p!H4=KWMv2tI36Xt#GhM!gY@L$Cf^l#%f zVdexPS+=|`~b)4|3LbvJ(Q;9UD^8d!R(6T`>?n!MdxMg3j~ z;m{7F)@pb8Yjdp*(kplqBYQd^7_WH30S;1_^GB*9qPPn935cim>}avkPN33d_ufrE ziwEH&#~=!RR|q5Q>SCryPkioZ`A!z~Ybp%C9|noq%bbm{=jH~!6BD#h znz=u9)_K;2hykf>CU3-cGq~`b!zzg^RV^5@oE7NvjramrfOdu;IiHN7!=zlwpc;PF z;0q^Zo#AY&noXVS`kN0q4E0&l76+_rKtK;sEHcNNu~G1$+FLuvtMPQM23|$(8b?bS zg~6k=AeWVHR4mefm@R~Fh(OC_f7gr-32|E^MN|<2xAvQq3WwUN*Q|G>_b;s- z-K88ocaG|loTQjqJ!j+`jvXi`-dVI+L;&Zq9fG$1^~Qv>gVfVg^Lq?(qa_)-bkupI*8*;xG@pg+BO_E-P( zDyMG!S3;kCMm-oVp}p>oAZ!kKGKSyGh4^|QI;%N%DL>zkloEak*M4WePZvV@VH(e9PX|N~auK}nA3(AGOh|_dhL9q)k;z}H$+J{J za>8jiSe)wQbks5}zU=%R>z}5zpi-)M#jr*m5e~>mvslw~d{f>qG&9h#L`SuweMtPx z#^ADayj`m(`c?OqocLhnbGu)6a^wM%JJ04|Rm97GPGgX41pW*=?tlx(05N6M_UiG`EX(ne-x@z#(}~(*0KU zr`r{s{!Zz2Cnw(LRZA+c{AbR2FhA zp>|S}x|PzKVL?@p6B=Jb`buEzYLm2P{q#y;CqRL;v*eA5fNS! zeS2Pz#RC*RJd=V%{a2;gzsjtrdN0Foy7Ds0ZQCpmc23ylK^_0urRnH_8c1~xpV`eH zi8L+F9EhpQWvS$x11@k`M3ZlTbA+MWo+xT06zAUU@Q|T10ZDLgIi`Y^{&Y6iryEdyiu%6eV;a~l z0nQbSy_M1fYs-;f_25I$fdTUXlp0I{AS8vTF_6j2XJ6RTk`t*fz)$;XH@7Je=zD?i z3G24kp#Yrs*{TLGdV-vML|o?q(ae!vp*oVo0v>0GLjmV&O7GtjLT_2YRD*xj?MH0l zL77*Zl)xl3YBnuMkYiw|MGS%tm4KQqJMqeFoZSerg;y@_+8~G7JFzAQ^9V_{>whmS zulk2l^+jwsz#ti{9Kd(I(i6g(Hs{&puV^BcM{=9~S3PB32 zDac+y13utP4IGQKk>TRbtC8wnXS);-OoHR#=yVmjcg?lHYt(mPbIGL<5=TiQVtN+k zXdjNl4gslqb3^K3Po%Vqe%_4QCYwEi4Fri!UvE8GUqAZ&gZDb8?u+-z0x^kCgo{MmQu%z(x$8_WJT;@X+b$KnO=tp-%?o+O=%Q;?GXYV0|c;pY? z&3Te6^}8HnuDHn1j^*gEl~p%M@7%CrEtf};+`JZLM76M~N%M##$ACl$1p>vRUBgYU zbSS8ZM{?%x%VZ4*{Ps;FXfrZ{l7h8fg|JSmRp%7o0HBSloB`DQs2DlCiTCMMGX_;b zEA;}!gAanG7*xpArTAapxJ5!-Z8uI7NA0&r()CIF&7bk3&UqJ+{a4&%dpM=+Rw)^SjbOn0s<76U17$zv_{-$ zBe&Pe>&jX|vhzK^awNiwz~E)M)tK)hY}%1?s~&WDEVwxa;2PmpsIVz(?UxvK0!l<# zfdNx;(z+$=93};P!1rIjn&f3Kr8<*6hum=>2;rCtVJ3m!%XrHTD0vvO+PRN78L(EU zb6>t$9dUl1MiV8vNfh&8@lXioFe=24+><@S&20bHH4O;X2abGAx&@3jR%4mBrT)7o z%viK-et^Er?_1Vm6*6P~yj8p>mT+u4=(ZJU<|~PdkLXc{cZPzxe_|BCJlGJcjVdah zAeIaO1mWRS&D~)dd0fklKNhpHsYSdDhVkBshMq1&1 z-~b)Rp3sb~bC!0LRU~XU+0h28nkN9?1D$9ikr4(IA7WTxVff<+86snQd~a=w=3M$z z(iSf*GHXc>^5RV_9VKFwT-#hv6%$7v}37h>lqe-YBG6r}f_tYCT zgl400+@n!fBnZFM-b(w*>GAK1cS0Dn-2=iYXON#(KpY)~}yG_lcAgdTBvdQZbr*uwR012SU;TJn>(OwT}%|tofD_n`SowA1~Ycqr%G_; zqv|}|~O1qBp2p~Wj)m5(t8t&z*pm3{z>-~xP052IzjC0Z!ajfy#8v3?YY6~ORmNR$S_ad4839qCKuPs zrr3krtYnvA?eHSyCkaJ?xP(d+S!3<5O1RLxS=mSJ-*mV!m$(PIWAeP+&eC z(T(b?lMDM-NHE0x?xnVYE&`g@V~CC(_}^m<%NrLUUd_jql2*-rV8!O0 zJ71L^9#$H2WBYRV3x|o`ciL57mX{g90tX5B>MGGua#gJ=GY52Q8sW}`Lss1*ga+iL z1{8pS=a{1ls9<^ckwB3!C!jkZGn{?bMg+c*BasTg^J^4BgHydq!@=>xry~NmzU(@4 z`?Q0~Ra;O5FXV{E_{m(zee*D$c22C(e{I;Ua3ZR7QMgx$SPX8Vp$Or03S{ z?@3>K@J_x)hcMTk9#TUJ(9ZlOj1_T@>`rH;K*(|UHxX`k+Yv{0{(!}URsCj;49%H5AW*|b~07vldvxlv0}BZI6gTG2kv(mn(gDy0Io5#X^Re9~o7@7ncoX6^$rd(?8y2+KFaXB;eIb!jZ@7Gv zG4R_P{)Fm@oFR*hbd|IF|G=EFGV>bk5k;bi!WBXAQ^_*PW#1Khw?T}9(@(;5OYRqA zIgY{HZ~N(LvdtIiG(cdd_c#Ej2=l`JYrp(vp)f`lQ=a{D|*tH`IJdl%! z9V`cupk+}c2#`aKHnt)Tvk(z;3N@gB%LC$8Yief%2*A}0&wKmQYYnA~#dF`xewg!7 z)#{a6mwv=4bG@K248Ec1C6VD6)TKBB1BTzxuf=WEKruuLFOlcok?4Ey9aYxu>)5qB zO;}SuYM5BpuntJtp4mxz0gdu!3+X2glb<%P#hY9qUVQ~Izvjt^?elEC`HcR+@{KZ9C4-(0^RPv+e9;_s(+%1;1oOgpEjGYnO_Rcv9}98E zkgKpYf$>V0iP8YQEQmsti`4W+jiCF+_GE{@cJt>L$OMdN{JALMg?Cl|bad*npMI8b zwv!ip(^anRAP7a95ES^npd(CDne0{~wHqCYBlNsXJQR{pFNB?|a41iM?MQE5qV!LE z2(#?1Clu&XE5`AmVPsDQPbpwcUQhi4OW;^wbn5EBM^~HIJOio>)xvxGts+UZH3hmy zM?J=`pfrmvcsh>pyQ<>-a*o)Z#X8R&Hqp@&cAa4pAnSXjjr8@Ur%)E>D1yW|6Ba>c zy#>4m`sHvjX?Q5kNW#sO9w>O!(({JO1W><}S#k|nG`@37$}!iB#(_JaZ|dmCrx%X- zXnG<&1f}1;<6ym;7kmSLN#~I{Nhp9$zJ`1iEoTJ@)|{`RtHoma-qosr*Yjt=2sSZ) zecIJO?{Cj1T7?8k*8~~7kw?khdZI>9+WmWk54sw(tK1jZ_yPOSD4MM$h&P9~CAm1u z{IJYDJ!()BtAy^R^*dtlH^3wEMx%OW_nME^9M}cY(4GGYZ}$J_pFGfOaDKqTMJAk3 zN|m#R`8J3;K57dLm&J;Gg$SkkMb9`Ag&S`GL-Xlmw_)7%$O?{U7Jvgm=3*-1jOkD7 z5wen-;$2ubX{up1$=!3GvB_WbPIIGIdeFuHfV020cbIN3!0Czi;1;wF1Q!`jIZv22 z@+mb(^?%~*Z~C;y)7p9^>L^$L$fo||(WD5b{&aGW=~LwJsMh+)-XI#mg9YGxHRBC4 zpaA(XN)GV6mX{erhrcqbSM+~wxr}suKN|GV)rx7}JWF%(ID2+__GgUl_gQ+AKET83 zm!_`DFSvwBf!=!eW)oo!%F*Y46EjdeM`*%Ubu46KPWp}g`ZX%FP% zFQcA9EZ0L7Bs%B0;JRx! zw%$B?X7otu!3)UoM#v{VP@+^mv$AZ6m=owvT?%3rR2WoNk0|QJ_dZ(D-~5w)8uHza zV)8D*8Fkm$4}o;Lxta$xv5J`MrkI4sn1rBA7M5}nfoOgz=co%RB3{S zsyldq+LwLAfkrYeP?H7L)tPd>NcZkdXJvZ#Fzxg&CY8pCEB5z;*r3T!aTkWoA8YAN z>lIAQ`W|1sUQ0#C*)*O_9*tl$cXgW5SN^W{^lK{}urE?##wsRzN@z{{8;VgFw`Ob z;y-w>R?k^YdTcd@=vs&Il5-3wE{96`8S{iLVo!R_I9ZJ`jqBq!r!=W+x-B<6Qh8fk z`nU321-Mlm8cjn5`aQ;NC$qOh#QQzRb1_FLr%IDYwJ~IU5H{6Xx8=m5IdfO#*5%VN*{ zeU&k@Z5~9#yYaY_i#$Il_33KXpFC=%@Ha`~es-I8d8c)^c5Zt6sI);B2*|`7K-BoE z*3#uD>o~#nI#sSg<5Nd`^Bg&gq@1{7-)5>9!}0;k0nbnbOWoPL|H})HE{UjIyk6XX zlz)A)FMM!eZ@KeS*6mT^j9jz|>5U8cNv6At*t{0KC_Fn_jo(xL+>8oOBG`ap$+=-N z{FS>cO_NvL4ek&If0PMiz2X*1V2iN z2nKl##;W<-`zG{Rv&Zq3--0`bEIS}Z+fSR5FJ7$+HqqcGmOY!d69S z_-BXjd~o5UFB(~ zDLdNQ$g3OuEk@j-f@j;KTls^sS{$vx^^q>y&5ZLWrQ>^SxIq}~xjmVlbYbs+lY|nk z#$a}1yYINpcmM3TFF6Z-bHuOD5gWc&dHd=)F_C7!Ox2FVuFG#Td0d~kelfJwy`HLw zy>m!^EGW{IZ}5K9^4v6SkgA+iola0ee01!*Bmdj~{-K=nAhgBEuYXsv}&^GyEdoO?gt z@7FPqv4geOUTZ$j^Q#&1RZbEOnE)9M4h~J~vzQ_r+)Fb!ICzKGh~SyyVCW?H_0ma1 zO8GVT=k?k+7(B*z7FTyxvNLsdGjKG4Gqbg`F=22rax^iqbuzbeK1OI00B>S>ev_!9 ziGj0)o$Y&N3mX$SB?D&{M`Htz_bfc`gz)9!7>-Ma|)x#>~Urd#9Uar14xWI*qij@j;I5!R<@&7)4GJcne@&7#Rll=c5{qGC)|K&;~HE+9p<#te?+pFUQsBFI*qW_B)UAsq{ zTe2k>y9es68I&q)8`-$!fo5N-?IG#1KP&R!a%|VROq>|epR5h)L!Lk#8ofp3oh+Tp zD#&RZ4RwSBddC&l@qd|1I=ss{%(EFCHyymxw5=M-Fx8^m&AXqg+0~d&X+2`M5fLs? zP02_(Qo$a)TXepvh!>P@viBsu>_1M{uH0^pz&hFOnca!sfJx zD=!H_IPYQ7QW;11eO#8@u+^!gfzOBhyrf5a#VaLc%SnQ;-%5KygX@AMuf!EH3ls(2 z>3xb+EMZPc0_%3`4#|TGSnCzkQ82uyUPn@;xgKwZE0%}VBwsV?g)G@nUQsO-+E z5Pm_MG?}ErpOjFdz9p|D&uJso#uNn;9NvE^ulBg!8?_LZ*^(q6cSYiE*hD`c-ES4+ z0LAqsE!L}wF43w}Z1LnME-o&wsO=aSK&G>@DlRFBu;AoW&lMOs$iw&VxSy?FIt%0- zu65=bjPF27lS|069wgj7Ul_0Rm#N)#Ze-`$v$(7>k1=V|6DNr1xz@~Wm6%qY-kKRY zC$KCo9$#cPc8z(5f&c5Wr^gE|MoM!JeK$QH`bdAnU}x``{dRC&wr#ZNb{^%0@ne!z z-!+fb%}vUbnWbvRzJ|A|6+6MCWerbRL-Ay9{I11WPW&&^CIK7WIO%|F{|{pvK zz1?Fal1u}!3<=PDb}f%_ryeLYV>qRb`M0lNC>Eo&obP>94|$>=eEc`0Fh9TVhC?xA z%mx@gzVbullaJd-Gh%}1-W#n@UDSx=ihM&YE8%fB@g!A$`Lmq5H*xzE(n%C6jk}_V zg>CHEVb@4Dcuq-?a*snezSVEf7R~9KcSoDFJ?bh*aaYOKMy8T}WI9^OVC+>pvwToBM!xW{oVL49dmTh2h!`Y^c@uXjPBtQ0NzZ2+=Xx?nKSh#fNng?~a z`Q{jbOxI27je}SKfBQfWPKj!mY7qq)8QJI_*Up7`jixg%F%1pPjx%qyCd2I{lsD~d ziCl_DqiTxT;SfWH?+qy|ph6;BSfOx;i#J{{@41xhlE<%*D-K>ns}Lj|7|m}fl)rx) z8M&2Gch03bx8#nGisYZv$MMcG-CnfNOG{Z)(uxtj_ zNAD+_^S1LwJz$T#>yLTOWu4ot9s10qlG4)B0(D#6M7-{B88%I4P55&IRR*$|nVB*V zn{CQvy8N<@CT`3yw_uBLIME)jEkXLh`>h2E=ELMxdViXXRR@g-LXLrIenh9Gq=Y!K zwp|GpomTdxj@aH_qrM!}K_eL_nWSl(iZ(JE4P#Z+yzTy2!6m0KucR6}QOJ0+gazTX zcG<729G)wUjQq)2amqt3?;Qf)eHOg)9VOrWb5B&y_3k9yd`Uaz-!uFF_R)4*DP(2k zmuwp{gzav74Tj8^cSvWlxpE2xWzV7d?%EQ2f>cI?;U@cNh^V|emaUVuxdOOP)`$~9 z(f>Vt)eJ-FtkbGC5PEvNnMpJ=zRmbOWjUtt(z+65M;*~`{A%Sz7@7Devog)Fk9N=)X#2O=H|^_qE5sgDa$=^LXRQ}YSuOWbwP?zG zvInZFs%kNwk^iA>>Csh2Q8=d;I)5^c{ZPUpI6J?TII_l;2)|pVKd$soV}a6(KV6 zfr;by*kvk`63Q$n?z8gu`gL~FG?}CfaUtX2`t%$ojz(1A=Q$ZICOF$D($5=P zHg!~zv^+Wxj(-}>Lc?1~p7ZGcM?zr)>C56@+caqY+_jc+Fc~H>*c&*h`#Ti=lTYf_ zUwM;7QyKX~70c6EcZcvBc#N>#9zzC_6sAV0lFqdXL)0X*=1i8FVdW@Vod@aU#^F1y zOGgz&NR8%nkz${{FlrR!^WSyv@u@<^!r9uXAi;QgF@;z)T4scvnOpuBDL9a zA7W@YF__8#6#bGcE-ryJy^)XIR(n0I%Jd|Kv1XF1h^6dk!1UufsL|m8xt;EAc&Uh- zBQhA7+wBt7O0|sq;|3#dS|o?nbQYITD9JgKgZ1^lZx8GqMHTGMezqGidw7HxUpg{cAAZ_`d&yDx6RMdiW%Ar}q_n)=t%-*2zQN9!Y0Gr=w9V=H{@R&Qi=B zXolIMz)BwZ?GaYUmNVSmR8de_8IxxV2?PQ;ASNoWtE1wfN%Dj9^{PF}aS5xd zvWD%&4Zbj+EMUoax)VHDtVr9RDP4nX(jJvE-gECln1!5WP{ENcm&$oe6WjcVZ;ATQF?%sFiHGHte8pdrb?tX*26C8u>`ZTHh%LZp8nNJ85*Izi_`ESZNT%_PUeAZu^(UU1r{|SNy?}8 zA8$2tDkHQ1Q46aw8+}JW5ZcrP@!_J;Qz=w@<>uz*dcbp{DDQbs8ypfz$x0jD7yO$1 z19@;{Bsn?x_rAW@B1g*<+}yAI3i>{i2zdE)qmb$1CU`TAwKzd6 zCyToWY6#Doc;*IRw)6zMJRiVK2;SCD{%^J(wV{v3$!v7xV6F`vo{HeoVz<7 z1_p+hxcED4dQ~kdzK0djmD<|YH#V-Wu6`>jA|!|i zB<~JY$oiqiNL=yXnv4CFE%W;?7AYE~e}0ek{b+x_up|{MEI$GR-reqCu#Am;q@;}g znJA=aNdD%{o973KKZQgLMUo%hy?YlN7D2(uIepE?7{9TxLBH?dAlEWx@6gddhi_)K zZZt6*B-!!Z-5slIsZ%uY(71zrJN)}gGsp2op0*dpyk0xv;$mVe2M4J|$GecLBZtia zY}=*AxDOpk>HH8@mp$dYhg&^F)W?_mYWe|Dsb@Q@qTj#6zj=%Nk(t?V<@fvV{_t;* zQ8!jQkvzr&ySl`Vpl!VmcUS4OzGa`5yhT(F1ZZLoQ_TvA5YeT~|rG)j3gYbj|uE@y9uHIfk z-?g=1`CuwCfybnQfyk65J`$2wrza=OkBsK1^H{VSA!e(8-92%7CMGcDNB?s3@R?~% zgX0!x9u5;(sQIv!On>Aza~xRa?U!-;rUdj}%I!i>Our`KtWHRudH?Z(yH zP@mgfYH&jG+u7M6qA7DdoIl^23Ik)wo{RdYqKR%9;Uisw_bIGN^s_xP8JSxHgewtT z5RoIqnAq4@vbGj~1jZ3Y0AW9sltM=?%pOvCTpXqBZwa7V^vQN~2scBE__jyW z#EYiRBytBPi=ckC{E)F)8%V9qg2+?raS{xd`YRmMada%b3bNgCv^yjr=SLlvu5M3; zNP7C*bpFI{a6||h=g4ddB_(CgH6JHsr&ElTTItI1aj*Z~mB-17fM!YjNjdZ1&cF2z z5BY4!4(zk7+y-NgWAf))FqFVD;UwL72YmxvkN9M z6@TQ6F`CXPt)48_V3Ure{`J9xM9?P{bPv?tNVXBRv99X%+Aeiswa_p zoxHG`E+(U;HG>zpp`d4vHIhVk+Fg6asLMSHZu&SXhoh@Qrg6Wba;aim?IGXSN@JQ( z96H;Bsf76jrnb^0$#5bYA0k}BunZ_M{QbiTtf})bg=?WZ&M~p`oI#^juhJH`}M*U4`?nAmcKMtdfftT$;KJ zs1*b!BwU55oulS#%iKz{?@dBkbEICAi7hK&1*n!Ru==c_i-}46rbeFdxk;i3!&zC| z8(6U8GTSR-E6~Yjr1%o=X?U_J1!$;8`j2gF5}Y1?q$>~mCjoR)ffXOie?8})nBT+s zw()J{hGV{acXGw$(`0=%JnNv{=7R>F#-dS-g{~-gqGh@*c!Li(dzA`$n;BB;coMiX4|dJh<4o!zqW<&Xuqh$Ma1!X{Y?y7V_7OGYHJd*&C6$WKQpH+8vwRJl9bfeUMhES&h(pt`N~O( zOH{6ox*W{a__O89^RqmqOj-TQv0z)anF~e6hPoelX2kPwfB0gNuNv(sQd~^I4W>2q1)Pf`)cB z(<3-{Znr-03XPD%wEcI-`Od|%5*kk*`W6ZuKtJ_d%LV6uO~MH{LWfhh*sP}MQ&Ur^ z6|%%?zu~9JNq+wPx;qqmkX=t*9nZ3cAVKDP8W<=aDJT?jK4U~jN0(PrWXh%SGI^m= z0`d(<#9RK9`&QesMl+I#w=dKG?s*W`*)G4Qpm+st1Fc%A$kR7cg+fQ{=lc|$E4}UJ z?ixT;*L(6#EW|0BT(OiLrql}>oE5~X6bJ6|FxP{(S9&7}K%t^3Qr zdZ`K21w$i4Zl_x;v(eP8pxhd)Up$xJwtVgVa>@>rGy$n&ann>!ba!)$fhPF zC)3f5UMb9-scmo1^Mf=hs5w6h;1DveQ(@n~AGiK{6c7-wo-O}|O{e-F4vs{IfVaJ? zYo2b4r*f%wl47p(SiOVM;?hzG7%B7B7RA~P(e?G*2Zx6iV_B~-DP`ILCIj*qo5Pxz zm$x_Q1puJ2Sx!;|1p2CdvQR0B&Fn3r|2K#A9t=`a`KdoD6?Ju^AxbZV`uNw4t4#)4 zyqw|z2yndq_u?%n`{QB@VK{&oHC8jZR#)lI-zJpjKWm6eLu12Og_9bu>k)GM99uq* zCNV6%!tn|CNt_TN zCDBTu|g;G%g z5?P6H2g>bc=#}VO;#qkip>~wGDxU|>WG*|o7S9U+rnh0Ef@a$zX$Ol9F(|l<{}B_* zDk{En+8SE@mnmATUh#b-jSsfu2F1X}?vAGTV!lwz0N$3PR;CMZUZwM{B0!VfzdlG_ zuLhCUd*5-I48$5d-rvY%2&92mp8u*?qsrdrZ`bVT0M-hFX0>``{9W^!p%IVs4qVXN zgKbc;KLP?2vsG<)osUG88ZQcGerFb+#RntHZ1(_T+76|yeL<8tuXY;3jKv-K{`&$>l~yoOfoE-lp+RWEySX+b+{>0;Yd3TM_Xg=&j>f zmjkF$*=0+KCC>|wI&nJHl577dx&$TAvl_1sWUta&s18=~EDXa-vSC1Ewh zWif!&ZGq!lUtj-g^}gGt&Hj?Wh{dR#*xpx@=ayxAOMM=171`6mx?X~^R3Mg1!A$N7W z=P#8~duTD4Llc0!xk$wKBzEfHV0}5)6+i6jbau_csN2$A%OGIASf0MpF2w6{C{eb2 ztW^Fr^WOH4dpE!Q`_5>S_Xy#Gy@ImuKLFelH<(aq)BBbrK-}=M|7BwIvU)zKcES1Xwf>PLM-kj#h5r>tOFaY@M;N-U5M`k3?4hO^n)#4jW zfd59F<=X3`w|0JY4m%k|WSoEChg^AVIi_!HoEn|)FQmu^`ivxWN^H2_@X**nMw)Ys zW&z)8UVP@awG1h9jom@nl5Y`CYzI|QAFq|>-FCzPE;?%nD9fX?<6s-j$9U(M@Bq28 zKkqY`F4gRhC8cBmc!-GKB@%oW7PD#8ynF5t5`GA*yL>fvAn1nf+>;-$r0wd%rpvK> zGc{i49luqcwyOQ5Caw>XksC#2tyw^J=<4aIw3wiLmOQ|;R47yiPbk*e>VU;O+vLWS zz@(R_T&M^{1b>(PX#*P@Ss?!;0X@ZRBsJ4wA`fsm2SD%hHFlvX}j1Lj?bnJ%nPHQaF113<^(>}%w>PdceOHIQrnt-f2PC$)JMI~A?*AkZv(O`q$5@UmnegUyU5@ zj@|LU84uoe1u)M^zh|k_KVVSxlhga`FLfl7CD3-FzGnhprB*h?`Ln`!3?7F`S4`WG z^-`{McAhUfHTI>@>R)kc#jKYK7{5RRNyfzs4h=W%t+hFrt&J#Mf{eEsQ7J~h3ki$- zC_om!vhp4t{{Ch+Ckuy$cL+y(c^mARy&31z5x2 zP-H|6suim$dB^iG9$h__CDf=j#sEzl@wfDpWjG0pn3&gfYj}_2tih!$0muep`Nu)$ zyLV*${r%VX54b5@58d*DG8+%*w+{E`9;)a=EeMqq6@?Ul zSb{?Nz#fN;Js^1X2)eR}0u~N~W*5}=DIz6>5Ri70&Oo&Kh6aa|6=5J1^_=fc0EuYr z{s!i}J07sHVVs(lwmV%yxIbNz{WVkM{vI|elgu9S3Izus?x`X*v!O&5P}}jue6GyS zJ71rB|6HYsMw2T8Hm$P$M&B<~Qh`sBBLQ;xuT~DXj<-I0$nOK1Ypq@vkG4Pa4h!q^ zA+HPm-GkVCwM|q}idK5VoH&2C^G+nYlddi%S7nh0p ze!Y)y*92E%DDg7v#zXfd>)QJI&AncR$;Y;iXF4)MfLbtVJ6+tH_>r_`WGu{CtVP*;QrOG-7W+chu{N}vM$ z4T;kAdN`b=Dy5H8S~FZP&?=%855+OMY8CZR+!hRpK%8vAx=QA-!qKX=Hn_Vy++r_L z{i3a{9S`dU1)4Qx&N|fnA0go&IMvh3O9|k)Ot|psByW$>2?(TvTb}k-2clT4eu~R@ zEOr0zFk8Ni7b_+6`M1l$Wwp)Bx4?*$4bLTV-pqHe|8Ew+3ZTPsn<{iFIik+N!4#l| zQY-hxJeQyEisWp5ioa;^`PP#_ke+W6e0#NqllfBK5=w%{-LxzyHkTAvnJ;L@09<2u zT``iP5r~OYva}!QRATW%_d6GcwFE9wmGkA&+qaL~>enFsshps9Da+~fJjO&Jo~%6b z)5g+t=Re(IwQ# z7l&@k!@t^5@u;Q_#}?`hCoXNYo;%}}h5V)p z-gIof)scqQ7yD<4X$%lnJV9I33oA9V>2p1ciBf*t(#4hh!ZyXj;k}!sPp2;*5K#?} zJF@Au&w?Cm0~rLWed_R^9&YC1uf1@hAS0jU7gL=N_poohuV3(c-dDw^j>^1>T#orDbT>o45@u_ zjtzhI*c(vFgwYaArW6>?x24oQ4ut;*G5zK8v!yTQ>#-T6th3^O{P@VI*BY)_l4sD_ zGbe{tJhLAX`kIQBHCn7BGO_+8Ir(1?d%+)xI|b|>gdDcgcadpu+&%}?tqI|xY0~Z< zCe$-MJ%~|%yJ-|kY2{vpVG@vp9Os6;L`3`<%ZqV3aRzIG$=qa27nR4lrX!ja=WK_A z^ve3Hm)EdOvyAcIt}Z^04y+m8r*^j2uUKsFb3P?Og*S?qy>BbMX9OPAYvMs?J6TE` ztG0Sz40=n_ciLD@qlpFdB)LY{3*;p}x0ML4W&P#mR5Y<>S`iUe*UqbRc1EQZ{l{ja zU4G2}Rz~aee7nm>pSl5Xwt!Z!(W#c@`;y52VbBc+yjisEnu~7wUaIMm_yxD?1~Y1M~K?slKy(-jL9JXlh{5baO3WPGz`||Oeyp|t?rkOce(cVj%2jF$^1=j@GDze zJ$_Mv##-^hWmGgY7^t48p(4?$^48k#DjZHfcJ-R|L95hArSsnIqcjkPcjyb{4&3^d zOXvQb%6?Blr`%ohSxV%C(J261)YK=1L45qjf4<3+cP5Xsl+1&;&sv7XO(jLO$CVAv z&|MlpkL$wf?0Tq!N!Y4lk9+eaNGY6lW`}{YaL-FB3}@qD*hg9#8Bqvm*hFlncgN47 zp4)oQ>e^Z~bhsZEP;axPMi+~5nGXE+X4Za~W~=oZpj?@C-qyr2sHGRSjpzdf&e8er zmtS?u1J*#|s=>T{C~0DIBDxj_r1o z3VlPpiTE-?xLq$LCx^JA+qaa@i-^nRCaqQw4jGGHM2T1%YCw7U>eV|;;@!a*rXSPZumebmZwBkYgF<`Ji{X5&Taw>e^~O15SA)8@o(+ zWwu1R_$$XxizcI>%lBjUU;ta9~d*qGu$_YM+crA z9&Yq+z>C)>SCG61kdpwXrp@ge383`Zi2-%(2#I?_nY2Qg;%wgALdbywQ_LQR6@P_S zjb=nl7#sLdbERmSl@&jDb8G7gx}P`5#xDCDpV@q69UWN{m~_1Mj2s=D^1X8Z)O+B3 zI1%PSJ@f?CUbdM|M7XGKLx~+lGM}Z35TDAN}De%=p{B=EpfR8cCI#>NU0> z9*}%q;vul-&FI`aB?Yok0O{uJx*~s`3Mg4Xo&~c-GorLzy0)JEoWjjfEum=_nDFZ|)b?Df48+04yJ^c?9c&rAKMKJZDA@7aP3y3-{T_ z%-ONd=;8f@6+TBWRJdM9gOBU4Ss9}Hr|{8^>ZQ*sxnN)lrdC+>x-Rd}0p*Hf?&Jz* z+4j-)`6?hpeSbCAYDMZTcrYp-Lv?nc_T+I?SzTDf(NE;c)0wR=JYTyH*A6_~&wz+j z4c%ot;px?N_#;gK`S0>@L9)s9aAzVP{px6G(6LSJn`%+6U$-_2h(9sQmA=upxv+-T zCfg2uiK89fMNum_#S%s9+Rp^Y^ZvTZ!Q&8WD)-!xZWhUZ=`AiU?asGQ>7#xEGdb4g z5%_GOxJ<$r$Cb0Z4W=n>Gm(dIv1MN|kb;JS$aC|#{HEdF(D42x&vw724!<^Ln8&i& zb48G6L$k~L8{pvR2(LdKu9xxW=-m47;Hwq;>>RdGevm=N)1a5nZSJMeAX?eq8vp-| zLwjv*tq@uu&Z|o}CD%?9IKb6Ngv!3VIq*fnfdQ*wD48Ww|*>JPu1NK+}x@8%yPJLX?-6Z*<=MyVNAlC2VXP5*)m8 zeY*bfKK;M&v~LPMwRp)*Xd-7<3v}7vW9C33bdA3Or*m?7N%`^P zk0!Tc$BjM=PMi5I;HG+cz&+SSOtG&SXF!8lh6w4+oR%1Ik?vI6TxH)ZZ1A9Uc9zumVH^!d5hL z@M>#o)wQ%R2?<5Np6HN#auqiQRJjMtOdP5KFf+F{1<8Qbp01~_4+o9B4K?^6 z!Fto1s+B9*EKqwq|Ewgd12Vkc%fAqyF1^PU=E(ocsrBhd3wSLjCnqaAW7!&8O`aFD zGo?D&K&%I0nxFClH$Q+fq0s8(Fh0@L=x6?8j0N`Rc2Iv6;vYy10y z&*>4xT;z-WnS5Z|05PJodGY}CjotBF6d*Kb`aV6P;F_bci%-_IU*$n>vKz)%6 z-oehV4W`NSYJzQ#BK=n0WtIOF1tJCab|cpB-eIcO?#%^Nf_v%*#u96e-RYdz{+1mE z3C`t^$yN^f@_xsaQCok_SxijK%|T2@@wJgfpbcNGU9NE2o=n=AXrK)+CiMY-M8%(s zGL6_%$d-P^TVvG?X78{^v?2t4vDqPwC0p`LwX@OLawe2UP;PB9WWB*vCdTJ}uHJKL zt4*W9OQUq^1JIcpFIGUyftziyLV6-#4F*!7abH4eDrzXuip9<3(l+w@*EMPk@k8F6 z0<7?C)xiNndMk}{mI zbD6*CHJZ1WqvAWM!i;swF$IN#rK+$u>pdq6#k<-KYhlth;@On44W4u>-E!wj?${Ei z8x|YrP4)T82bf&6KhLD;E(JuN|07Nt`wW0M~(;J&`X@3Ix=45P<>M;#0On zM3&>`0Pr>7adB~<<7CInEjNdC(Cf27CZL+Xm5e0H1ol)cgBGVO1W1lUpognhnW6#H z$@JOQ0J<7@d8`!(0Ikoku>)URp+K#SWNd7Vo16PzjaC#@dM|#PoC$P!X(*Wuor&p~ zYD>NhvVDogpcy{3|0EsL>U75mw8)T<2#>r~6&@O3JpvPVtiWMHyU1ws%;aFMCC1WD zRX(N_poDOOM>}vied_GiLHwZWxHn6&u$~Z0Ovq0V1lWKr9Ewf%oDJc!(>6Q(?g6rB zgv^)B+^*-Z37@nj$FjPqwOT*r%cmLl|GlBt;LZTMJJ#(1e{K9OLlU60S`jgwgt z&qLefADtlZV&5rm*PtB`JiOQ}UxGvQwzf3Q)wyx~AK#1JavTd7CZJ9U!VI{;sz?>^ zjs_OCJqQYdCwWWaD>nyDkDt86L4=31wiYOBFx4uz*%~K4;PvEt_sSJuW50QGx|Qh_ zn)Nd=QA}C;Q)m{vH}dJ5Q>;n%teuP5`8g0kR8^e@#>78DkcSdgK%G_BaJW7(U>4eC zHK7KB@zuehl#EP{VE;(On});3$EO^MToZ>)8;2YxEneOI zPa{qtlI z8nK=79~t4O@68L9aXjysx~gsscc_RK+oH0mMz`FQy1tAoG<|gP(Gw~=N_$?{Y`%97 zg_mr==i@PRjI;>u?bz&6Mawse!%MhebHzV#%d%cSwfO_yk;lzm}K z$)a}b5_05~(8?G8o!G=JBWFWm=J>B4jq^AdD6fLIO zKi+GAQ&;(;I#|P7s>@P(uTt#p;4}~9E0u7hERhy_AYA zN5}7AZ9gEPnV$V{AmVZU`kn1bUr^>I0Mu~ReH6uy#g@T}4?#SxU9%J2(<5*FmxVId zD3sL9E7v+6szrrt4y`SqnIDF=s>Kwrva-l&jIHjq&By+5G`ZSR0jcW7$tPQ~Y#F2u z;ZJr}5#GIv`D#%-roN!q-tp_?#NN4I${mX~+}|HljzA0g1hAn0?N*CPihqA$eQ@x# zkX6q>p=hdN^Ed+RBFMRDI{x=t!3d_f)Uc|uLru)HXvv3UzJjvsoTC!omJu=3sif3~6LWn# z1|Epnu>ia6*@oSwEKF|4d7j8-P*4MOl6s#90)si!6d;|FQBVXVCMH@BhDJqEfdweq zn2>-wQ>M2KNP)VB#wr;4py67~RZ;+g3;0d;nE7**m(=?lBY{yzBztUSb2A`|8i<^+ zAi|1?ht~)G5ae3X!Ma6Q0nosCZ!!e@ssaYrvqN>d-m6ir|H9SP)q0^e0yrMPANdg$ zhSK(MNr-^-*7z90mjG{Cm#=w!_%X87X8*x|G@kd9gWH#c0k@e z4VQ~Sul^5*AeoGxlQK{w;8R6SjrUQdp0cv>N1?zK89==y-;!>0Rb($VIHiF7S|^8Y z>%)Ucf?*&O2{#Z=hu(ggEs1xN!8EpianFA7KhXm`wS16p7*P3BY2WXdnwrKI8`pY; zCgj&92x5@D7kdajOyO2jrJ^PCF4xXGxc6tUDA15eLYQT5{ysEcL?0i=M39t?KDhXL&%SgW9;{#~z zYvE*J#$Z1;Pt#XWZs4m%snEqc+|ObFUIjuP2w>A0U;yg4_FXN(Tm*Dh%9b2pZS7#w ztr`7&bJix?5UTREkmI-FudE3JGbK1RF0PRbzRm`=eBhO5nrxFy+RTP0?z}c!UjsEu zBK~QQ)s~!t?=0L5;Q@2b+^4BMe%q-5<_v2_9!HYo7?S1ryoLs?-9_FV~y}mhs zBq7P_?AQl-P3EX?q-elc>YD~QNxfNLz#q|fC|^|2clFH6n~BZ(+CC8VG587?DTP;I zVG-+nV;@ra-O}6r;J`^!>lWjY`hI$8cWg##`ZJA2@M-8`pG&>kUO3+4-P-zGl^YYE z+tFI|F~zwj0s<21Z@o5jz4}MkHq!}I&zFLk`6p!rA)Cc`mo-fChot?<2^m1??LZOs zIH!&s0BE(+2Iq+mTkWVq{n5GQwY7QLH^}&rA1HZ~_h-s5fG7^Ks?Tvip*{N=!kMzw zO`UO~jq&{p5G@)?)2gfY+^lRs5_P4EZwb!SyH6pdjMxT=U4XG3H;B9FjzJSaCAl`p z)BA}-yCL<4iRm3CW=Le{+E{i_PEL-#*>R#lO&$ohKbzje`!m-oosZmne1wn$YUE4< z46)uG13O$fn46Y8Y+fajn12XFN6HyigyOiYR(1|T<06Q8The2@UY;Y`U(t&=R;K?* zw3m740-Fabs@%kiCNOa^yDL5*@wn?V5m*r}E-e=5X5)0Y9UI!1$a;yu7pXFCZ;XAw zJNJx^iJ{TUB#(f4BDszJt#4`osh8)?e6RRXvK38Iw>W{}?rsG_ww?7r0sezQKoK7R_ zPIeR+F01zqRWEPvU_idNI7{P$1OnBy;-!UHEe_)~sl%y5IMIV47Zv3d=_1l^FuCWp z_`Eh=11>01qUh8+8a3G3`Z2%B0{!)Cq5K(^&HN13gR+_ZH*eo=ZIx&NWbo~G6WCz( zA1auX@`!*-e_yW*<07#7~Ao6MYd z_h~lvJ!50PK&&2+;v4HhV6&6FLdNR*sS7x=mzUS)&!2_zCroa2ttJaFdZS1si>C5+ zDbA+U^jHkLUT0-zgYcU?CcC}8y*|K-fF=7sgTjIWYLM{gTj}rz1t zA_Z`@4Mdtji1Ll;~$DK@U7r1;9rk^`1C1!Z^|l9Dl8;&Yq{mW`Re1J zl>EH3p`!xCLxnL^Ll#A<_Z?hDZQK4n2yp8k8`pcnd-R!C4%S3~On^I*VN^5Gt}={n4U?0+#31?ia9~ z=y~;l%+u(@u=7r~qrm2UKWmp=1v5VZ~s-vADL7gd+j?q83~ z!zKSVXd1i6{$$Z;CAL*?RM%dz(62uW^Cm16L1m|99p8_?!dI9gH3Rhj}#Kjl$j3xT;+6 zQvW~-6NjV+6ux?!D+f^7o&!ctU|rrt5?lQHjlo-jLuf^KK%Dw{Y|s6KI#y1n3HV+k z*}#PWUasJin1vIi=r9qdYOPK{B{1`B$KsbN*Sl}<B>f{^5=(HrU-RtsEgIiJA9jaO6B|shqW##xeS3}3h0;XyBo9D zTZyyS)PDXg{C_4>>Q;U?9n3eRTtSaJJ0;QIprK@gB;M9N@Zu1V&_QIRbFOL|&fd{A z3vy-ayg$z|(XW&-wL6iIFX%u%rZ85Zj7)O$%3`LJfz;<(IR5TOU?8hk*K2a}@XmK& z>h*4Cpml?o$v&4Yv(q&F<iAdqh297rfw|b-hLdH%f`dvkY6N^8%`9~I@&Co2cnH1>nNz03L zq2HY-JJsO+C>I*)s_bg0>*nANnaU+?4OgX$J|~R9u0chRXaxDr^aeCaV5N!u2r@D= zlLUAZP-!s0dLz75YXrRlIcV|vCO>>J*aKrrCYRX$Jy85)2=`!(dkJvb^aL9PxA zkJELwoSB&HZqe|>8qToG>Au3nNt>jjUi3ulZ>_`tYxygg{N9w^=YGXpY5=w4Xw@=} z3&(kQXJkw@>nwVIP2MCyiK2@&(4bOdQkE$HXh>iX6>=|^fKeb)HeLKs? z4d{Vvm0NO^&A#cQdS&oN&c|BoWf^^;_e+p-v6N^TMK7WP4zO#;$i`+k|LHMQg)YH~ zYvV;G#@GR$d*VXJRpHl)cL6B49eg#C(mVc;or|BvvTHpTMT@N-{!V6cU^mfs|1hMH zqX6n7mFQ`kd9d?F#(f9jXtA{u(D1Js8c!K5u<*z~dw);ZIFu$Z-+eZJqvM&d3^^u_ zGZYrX636Hsh5zpN8B;75*MeN-`4y&JekE4#tvi-}uw@DP^O(oZ(cM4)H%MBC&;Oo73~NzY|PwHkR*5$jO#psjYVSSWyz?o$4`1Q7?WmfP%QhXy?Pzi9;n#6Jt<8oQ$SpnZK>|sR zPP(Q4nE0BTTM9LbID4arbAjQ{Za$glkRiV^^9q*42cguA2#oN36eiQ-_yB$Kb2v&P z<>JmZ1s}OH!DROBz2NMj>su0Dv0(y^pZz3lMu%~at9rT8*aG+Z?3tNS0-w+K4$u9V zb8^S*+S}>JK4g-SDHnYG=GP7fCh8~<=J1~8xRXIbL|wG8FZeSYJPLoX`i<+_N7tjp zH$p)5-5GB{0lNYjeqM>V-nV*kfSsA*)L3JMMv{nc34(n|US@!j|CyTl9Uxy|m~CBj zlr@xE#nGxH3fhrCy21f@P_cz-a&IhxnNs-6L$5EZD?^#$*E6Dp{SyC~n z5z%%_jcOBt#wg`iu&{x`6qBf70 zqM8KXz6HPmv1$zcn?UN;wFU~AC8RSXrY-3YyEiF(gJ1G}*%sGs$Re8&&uYXYuK#IlyO&-YR+ zBzh>7pK0OFUfQv8zec(w&+h4)^TA|5`H3RWr7wt;wBP((tb1zroy^{Mh^5o}26hlQ zfh{M`dyllYR<<(4W0D6T$IWm2L<)^ZH3rA z%Wr~Bu&IK+I4Q%@8LbZ$>Ls(*@BbG~XBn0S+I4M20Y#K9DW#;lTR^%&q`N_sZjhl% zx)G#B6hyj_Zlt6^x<$I-+xPPw?~nO0gCoj)#olY5YhABDvlAV+cRl}AeQWf0zIiB9 zUyywU)PTfX=^Ni)*=;Wzy)lqOK91$_39X>tyZ=2!Q6`T=0abY1_IIAST(9+O9XjBT2q!gz~Hs#r3OIMINthrI`PT1hmiBsps@HM4_ zBJ!%rNCfR<*Bodk46p4TMt<#Yzt>OPvJ5j7R}?P(N=n@WX~RA<68b_mn-xL5Mo0dc z)4l{|=|UEz7qp@e-#4N~zuW$;D3^qB_bFEeouT(RH%w_w|L&w-3B5%avEMdd#I=Py z=5V=)_F(b9Y+!p51@qO2nQD87%M)fm4z~`l&KA3-Sg)=O&H61ko0-p2d3LAk<&s3` zfuN@XQ3Ul7$;xz<>$hnjtTUQ?JS`df%{pz$jb-E|c8d!97Mi%MrxV0eNBrY(;$a>~ zzRIZ4U8(kdd}}s}S+${NJEh0Wv9ZLkR0MKE1}Po!@Iu;tCeSaGd-M@pU0TpU@l4ALda!Bs!_ zflP2?rh1Q)?9!pVz5Umx7k536wgPBE&x_fwVE)8UB z&y(7wwc8W+npW4(ort;49-%ghP|wg6WrRiz>LjiW zew?v8GbIDq$}{hccf+A&I=`Dp>2KSZ=j?Qpt(&$Q%`e*4FWx6D`Z)n$T+MgLy4p5O z6((EygKIZLyB3`j>B%=#h&Yjm@wre&4MIoRAIPJRB;!njncX|sFhXYNsF+^q2^!4C z=Dl%g8G*FiL3x3EV~&`f&U=HKoR&2{>yIr+Li3e=w%b>mmQTgd!LDhiU_t760DAu1eu$%F{xQ+WFkqRat8Ucauq5un#N|9>&xnM1( z0t0daE@H}X26YA{8yg1jsH`5WGR`)5;C?g+kt>1&mzK$(;XdozJ-h26Qa*`!d=K|e zK#5RsQB(H?3`tY?hKeW-6~z~x9ak^Fie?q|I{M@hv8KFIUFEpS!1H!Wyv(E{<>DF- z3<>Dxf;1MkX=q{5$*)r6fe)ecxvNK&giJ z!Io~VYOy96%vX|G3=mW|e^nnFa#hNlwW4x-UFq+;Mlc;>(yNI9by9S6A50V7Fj6uk za-fB+&f0tx2M%&mrR>tt6&8z-FhVm|w$zM@ny-d! z{L6&c?&cEk6+Q$C*yuE+i{CixjftFjLsFzH@Aq^IxE`eq>) zl$_(TT?GofF&FXv(TNo8>zIPk&KS@xax=vBjpmiHlfhsN1QNKawuw$vO;{dq@_%x&7hb=jbZ~#pzeR zu3MeU-g&gN|IsGz`|w1D!_7(do#`^N@~M8b+<9}5w3u#vc0~nF+7LcL+^%SczdOVq zCRW42U23gSAhNx z7WN6Eiud?abVA7>5UlHFKMFTO*M~r~J! z8XMn3K~t@Bwze7n9HzFaw*k;o&?oUAnCCl|nC25heE>U9zl+7dSt{j~cfLu}nm*Ql z{{_%%b40?2zD_yFH<~&d%c-0k6Qj~}ZI7PiD-;Zt1W_jki?PqDL{XiV0v1YowT?mH zeO9TkQbi6x7ggh@;p82qvOHiAUy+mwD(+NFs|_SZqM$HDO7^gF^psPUGB3>N<*>Z+ zF?&seN}h*GjDbpx^WbB>YoXJ`-}5x5T+hnSuj*N{6wfH23&?&!Whrp)q@{Cqfe=7vlf>`g*ou5{x7kgDI$dqiE88XJ>eG{p;G_G=&;{*hJP0;)#RA ze-aw{^c7}#OX`W^_`R8auT~_Ue;|oOT}WN-bZMy9`{=KqWk6#_oBqH&({p# zcoYxU>}wQsyU(bf)K?g7N@H5cb_m-9eQdru2<~lkDfCoGn>y% zk1Ky0Y7e}Jm@9(na%W>cmvGMWB*(On1!b$$rgDo(zal2l_BW@+PT^Ih%R{gfWh+H7 zV31x3+(m1YO4aMPH$<(np9+-A&rwnNrM~&LtK=h56fN|;sa~c}IeKdYJlFcQC(1bT zKT1;B_%T<(kU{J*}7i;FRzN#z!I>uv^@EJ5z^bH`~NfaHNN$~ zR>{%X*OT0GwSJzGLAmbKCIWa)IgxYlKx*0nwWkrc5vFFe6d85_DN5i*i* zOUU&^F|)zMj)w%?9nwq$>iqHhdqBafd`Sol30Yr8$IGD1&gL($v548fHDj;uNG%-j z+VhjqXcx8^$dHAMgU`CvEYQp>wPA{0b#)PhNz!Gh{Bc)<{!6>k1|M|!yjR=5GlU%C zhE2)2^9B@xyCUSy&0;wX=I28@mZaq@&Ml82sABj> zF%+gA8gzswx4`0tDdK3cax-#1MuSf29ROICTW%T?Fdj-5X_!>%=-;r^=7(6&=BD*+ zzs1P)kuD4+$0z;?pVa1DBPZmQaW`HZ-F-?&M-(RcUx&#HIy@YMFI>=KE{|V4q9Z0y zN;8Ot|D3H+NBN4Q#B_1Jfj>us&#x;>qu=Rpsm$hFE&2Xg$8A&3p+^xty-dCuH4c5J z_q{-vlt}q;eJG`ke9q0C=u(_S73+>g0n&D^pCDDYBqhVEBBd}KAkA~Af4&qCt8q)u z3)B)ab4+lg#|gVvIUS!v)AryY=K4_)ZU%_WpHr+%Omd)_Cg6!6E}jZ3)OlI&O7>lc zsT+@BB$6Of3ODRQn9M`M&Nhh;N`-Ce`Rx+4RLqLe12zNd0Y$uJ;bK8=Bg zjuIvtMomlo4w^PFOLoH@&*%5|=iQsM@nS7tw_wJe3uYq>pTk}6pl_I@M^7XSDcXBi zxD1!@)bx zwl*^&WY{cz!PcTz-Tf4P2#Yb3_EO~IhZq=n@Mk_dKd=28pjnI$v3mxkZm-&V9>mHd z z6Rte~4JDF-ED|`1sw$_ z7~h>C%@S`EB!#t|(U5~)5{ZR8)#ZXf3yvEUJykQEj|4$#vK?}Xn`8MTfO6*hWs!Sd zOc83xmcDacJ)pUnu1giJcU3Erdxa>PTIJ0RFZ8li{{2iTizE>Y=0!cV><2mrMrQEc zK#(?_IBA}Qq7D?BX4k!;s%VP!{^fr^?=oGzxx)+d_TK{}bgvlXlIi7v4c(kCcgys< zsh%g64U03bupb?CvD>K`8n&sln`>b2TYuYpCtw3aA_QxL&U6&|D^`Co;8gT16e2p* zaxK0I4Q*yUrOMfq?GWN+B_~ez0`F6I@?>gS+JAE2I@6+ko`u}~`uO|9mt1e>(sp&L zjmxGdzuR-)N10^O#FIlg-s1jbv0DeV97r4VJ+h&auq`RE!rJel;&V(+Hn36E7WIUM`YM zH)%2Bpp2DyH@T~INH<8gA{Qr1&HYMRCL0ZK;mZ@ti?JTN`5OPStPfqy?+f-div_>Y zKg>y%EOK04d%1l2iqZY_oAJiT$64FoUj{Ha*M)d?ZnX~v>-Vs+h`Mzp47;qjewZIh zSzMpBsYkDQ_^k-`-&!k`?1I55>IrZDi`-5GA2sdr!>{`k3UQEO5a}09*J#K}LuoLa zWxFlp-&v?fdk-X+!`cx&Sk&4O_QY${M~7Ss@ar5QccUpwC=B3#RR$k_y-FPyi^0^c zZHeGAqZ?%|?@EHU1<#P|w@r#?rVNS=pP@-wF2ip*kZ@GvcwM5G4I9AY#40Qz`Z+MO z9T5Z~`)9<03<8ah4Mi8cKa$|$O6YkDB{GPl-7GII{(NrQ1xRwo`5|GA=k62y-gV~d zUkgLg#VrdVw*?BDUoo{a4Kkg#CSx~6ufRqdWIaEt{rB`DYMWHhGZJPjt*!D0rwh`6 zbfN&1>y_tMKlc-E(UjZ6A=rlO-ji$-UY?DQLH9xk7+s0(j_CNF-guh9#N|EAgF@I~ z@rDGWX9N-S`fD#_-6I~^xoZ9J#?Mkdqp+R$x)y*b@)R~--#Jiq1%}PO2uum4(hh6= z#E;1Y+Cj&mGic!J2q%QUY{I8Mtz33vDZqsujP9iB)j6|I)F!eT`u}{3VLsaV2!84z zz?pK`&+>iI{I=yOvjFC2#Wb#LlYBXE9$#b_=>J*waH5zg1%X;>APr1#NVz{-ARZ19 z1*lb3RX>m0H28S`J33mL9L_!38f8_^G9_N>hcE{)>Afo1brLVqu&8I8{bX#)@T%m$ z(!GGt`qJl0QVfYdJjX#J*a#4N+D)lM|B7L&Nr!cUD<8baaJinZ`5Cg=?+|rHk;Uh; zmT4(O8~BjVbQK?y2rWHO#}aC6*q9QuO^cJEHW^8smVuNf{37sBL>^(9kAmAoioZOFl@0wk?DFB~_x_0~Q=PJ7;Rzc-pXdXBeV5!&P%p5)s7h(XTq3=jSU23~su zY68})#OmP2#fzrbS-w|wR-2}S?jlD!;~_2Y#ey+CqC!J2y{{H8K@1T}RGR_dz(}Qe z9W)Cg^mI=?c(mP zqL~JsQ~-9sPq8nwiNF9H2{bb9G^%8aK@O0(k=S5C4RPnOtZWZ(pj=(9Q~TFrMWmv> z|E&$A4FmWjm%tRJLHTp>9TpjG8xRULUVG%|wO3`RO_-wqn?5EJ>Cfqih?SwPu$>?X z5`UqmM|ycmVbt>@|9%kim)B0=m5)OLF5UL1aKh+xOGpuc%X`hy|N2UsO{!90Scd7C ziUFG#5Z4q@KM_J!{noCobo%(`mSHSv#pB*Qf7NZqJ*xx}sEhMIijyRj)yD-Yiz zxqG$CH29F?>%ZJQ^v&4ZTSfq)9H~sUVbg`7T1*z>(~qJ_FBf>@iTKW3cy7+o0Lz0? zG@O80YPYUbtxRoIs1WaXXD)e-S*OhR8|SMLGY)K=CvufG+@Dp8UHyAa>U&a0pDQCN z+dti1>oD1*wDh?6r;&yN7~Hfvc#n;^VCI=%qZLdNPd~J;Y)c zcl;L;k|5w><8&NXZdR>PAhz|)@^X-@!YcQZ?{a|_69JB?DII}kTDMpAcdfDaSP|p@ zwXe(RjEyhM%pZKe~H^g0&)YqJ3gz~JbKOo-hk58N_HPY{BQ2)G|SkkTs+5O|b>b z-Bt-{Wf9fDp&v96L?@kp>=ydiUf7S-SZC&HqqjB**Ps8nj@28in3;Lo@^tO?2iuU3 z^X4Q0h$m}r1fA>-FTddTr}77cUY-&QTrmef_S-HqS1`nDI=4X{E%27k>HMd0vAy7j zbV^0(_~vz;Grez$$VYJV3B{qt;tr&9n_is_IeOpDgyEiVm+nTM|GPU~{Wfcz|E}Fa z)5oxQTH~Q3v$QhP1a?s z_S(D;dicQ1HQ*Lcd*?g!xCAUZp>u!57-Cf#Bpq^cO@9?c*tl$sS?qL~?(cheZd#+{ zyF}1d?ETs-!+yBj=lb%feP$+o-sjSk>&aA|Ij)!6 z9`c{#XKg9`mh(=Tt9{Z7nfm-bThy1B6hkI!+ntIQK%ZHwRHGs>>sA_f?qp>iM$QU7 z0%N+u`pLIDM52p~uen?e5CA4maUu}b@o^#7s3CWm9<%8_qv4OuS|412*ipLi%vZGs zcmIzC2&GX=tF)It{7v?K=9wwCNqGtzi8GOl4y-qx^r)6kMna9=AQNDr2f2G*A}RTa zgtWa#GmzF(z_S)$rY%p^7j(tKCid4`4eOo3EK*RawimvSflm93CynbPLHf8{w)h>H zmw&z!srIfCMWTiW;te>(bSCx@vXLkz(32@WGi06Emq0t=T&cW+$Vv` z(-vOC%^5D;{+BS;5@#fCqN5xJH-EY|)z4R!(NH7F1YJB9gNWawmujrc$g1o8CkJv) zt&eDd7-d^%b@2WStEi~sm30F85GHgPtG|ZhF^Gj)%*7h)dMMuuJ>=THofXe_%y;)X z!&>Xtjd_!v*?92_Y`KVLY?#V#^pm|Jth@*a!1l~`n`~{9H-=BC=?x>ZZnekKjc*2f zz)N`oClJyqo{%Bmkr5V(=`nMc$tO~zMbKVhQ5{xX*hE-jYK}Mr5s21`L4!^ixK%{f zP7v}#81*<^JfdIe9xeX35-4yjApa2SWE#N0-bBW(Okpp6-zz>aex)c_1d88*Dy%_m z5g+cN7mLX5l9l#zX@DL7F1-!t{!F*xNDTd$##gOaTE!=pQ_l?RocWPp zufAv)uYO6?t8tH=0dv6euKcQ8qSZ)V7$e!1vF5jnk5tmpY(CSu^eDG@^gTVbQiED{ zo8xJq#hqL1rY+QZZ&G?525?V>#^%-lHV?$L*;?c#0y(W-L8)PWk5BkG06RwPMew_)qVBZ$t>tZPZ2>flzJ;@|4G#uh<02J`jh0AA z3#{(nU7B6prprf`q#QPNE4VzNkXg97TMN6nx&O9@W(0%m=C}HTE``wO=d`qGP=4Dl zGf{JK-?ycyRQbEf_7_C^@+UwIXlOwOt!8%3UU=GVEVyxRQV{V4u$ zmF$SV`@Ve!N+7#+FV}SCp3F9ZBA?4apl(JF8W=51#(P&GpKz3Uu%;(g0*#!Ak=J_q zihrn)I(&39M^NTcNM5rVmkENS@TXZNB>_6U z=9u=XT8YZi=I%D0Ba`N|>sBZDBlw*zxF}=q`^&Ub_Hp*b z@{VhvTtXJoqaZzhS{jr$Y2+byIhbsrm!0!EvH1Iy0+Pk}AVnC_{6+8WJmYB3N%pto z=!?94%4_dP$wQk4j2io!Ubp_#V=9u{E8t9qfLV;_F}qNfG`wzd^dK;n+TBbw&FhHh z525f|3Qy9$zLXQW-PzBV;pBAcJYs59fDV1K@s@45Q`w!RRl!1p>=xyigO~z%yC?`0 z6IzS>x-sy$#IRZFT7a9+{psZv;h(SXouT2(BPVZQcjg0pJnzL^8o=d3{k18dY}C~G z9j=HNlb9F#SVeLTOaF3x){R%|kocDnL9a<21GEA#jfRMlJk;y-KC6Bj46tjPKu68U zH@jT!W@DdkdSjbe+BPcr%uT8tVwP5m?QC7|q22?N)w(zFWTRDRJEiCGMyjR6Y8SiJ zFEOcx>l5{qSMyK>J*SZmUezJ%GAXMwsGlG>FVsEF1eLdss>?5pGXga#W38OHGs*s7 zFw{-D%wri9g7nTC3YXSURsa#YY8oM)n*5}?e7l3X(j3JM$biwi0+)4*%xg9n+`cP0 z{^sG`j{Q(9@S{h$rBP+tJH8z}M%B3A-)7=cQbK8I65G#+;+DYrP$R83=95G9H!cG! z#2`L=niq-WX_Cw@8?}F!Op@mZ_-wjNlW&Zwr)quHdG;OH;k;Mz@-(i}VNV+%dL;El zv-HK>YeU7;@?l&O{GO8C86-5dA~cH#{Pel-IpZ!f4wLFBJrM_w7qm`Ezj!u|wJ12) zw&%;MZGEa-kG}|=ruvWD_*iGsWXY~X3MX?!*x$^2HLMO6ohV)Y^Ya=EBFKZiD2w@W zhjJZq2u(q!a$BXyF)>-{xStgcD1~!-lO)sl<}9U;b)_PO#P}JMFU2<|{GM`JDxew7 zXJ|KE4|ePI`If@(S!OC#-(*JpgzcR_m-9J1ngqjIqZTpq;vIwGFUj#kGCB@sh;4NezMC4Fb z`g;_sA^%z4mWLxxyUCe7%kSjD?WL#5-{-aGT`9Mt%H1o`$_u@Wki42_)^oM1ApF3~ zbvI8tBB{2jFEr!Mx>8F0AF&&vi?x}fy+bRVjnf6i6_CB45PlsPmENFUtfUWeMVas1 z6Dhy5{lm-;>4cFO#;Bi+b7_YhXzep;i75emGu~Pqy;X@%3s)k?^eJwKEQ zjk@EHMPVok=a;0KBZqj|z3evsw#613ZYr!$SW?|)jypV@azPkx)L?Q?mWyP@LELo5 z-|EQI&h^fVm*Q-Bo5R*|Wz#!=+5g!kd9U`i#ZI1*n;tu4Kn`@3BHdE*%aa{(Ixc8T zRTI!@UP?${JwP!cd>SXqW~06z<6*>;{;!+no6z0pqvMDHi|4Phf}0CRjtwB&?DMNa z7U^4&{xwnFe~Z!{3ui&e@)7Q|#ZPoSKhy*yOO!bt+C6yq@HqnmPI=D?!}4bcKZN8{ z_^De=#l3_Z64bO;#jgq>Argv+Fen>w4Za*b-0g{dU7(QJ4YYvXLN(;c_y-vJec<%u z0P%YT#}bC&#eRl8^?Qw3rk6fmuA|MT0cgSSk*#4HcbajOf#%_Ae;YAbqXm+8wtmP5 zppRC=a%m4ZJBONCa-2eV@~EFXfgMn)@sg)c^IOj$5u9e9Zd-oB81>`E1|3rGYxf}3 zs3*(od(l~?6vp{-!fKVW^!T4t7|w6%!@O_jB6Gjz6O-$)#=|RKHnc&dW8|_4yC_sN^5~cQ0vB0b_ySkzpSJvs@?~^Z=EJpPw^fM=jB27A0@*CKuLUBMx+dr6m=}+yUEyapyM3v9>0|oXP14j z&qwM?%}4jTifMf)^Jhv@=U_9>aDhHr!?@g-fq_!AXgyi+)ca@5k7~tJ3#0JDR{Wnw zY8FF9^nNtpaAP3^>|1NyixOiVmGf=-E8Tr~{D%sySYJ0E(n%|E6UAhJl2ND zX-6TjKm>_JmykVR)fZTx`IXLPtAt2kt^UI+a_h_lX%@`CNN2Cyv>~Y1qCB zIUX+1IF0rHtCs$=dVR&XTPVgjT^aw=(&#R@=G!eQP1s3_ zU`puk@9%zjwzR$;J+;Ht!A2w<+;aN|KW5PqnmZuJ-!2v2S zx?!PCQ82mtu*)=)@kg6Qc_Y_Sf4Qu!+^zC=!P)agd-9ho$?DmyjHH*BSV%N-2}a;` z)%vDcqF37ra9fSnDa-!;KAhrA1P{SBoU&ns1SwV_YWdZClFn6c~Z=(PmYG@@Y>mUpNV9?xW4@Ur@BMqs|NAY2xLD{S;4+P;NKigsFl&Z zM+7s@T#r7@o!J{gqzJ;Bi|9QbG&I6Bu(=>LT+Ux2{^?H_OgEP&V0Y?-#&%0Q>*nsp zWRZO4WrO>o5GX3qM>ocg82kugiPK1t|$}^>Ywi>XAuipaK#r0)yrAh8z=zlw~b>d;Ib)o`S|1iLiGF1HZce2IaOH#hv-F%s55Yl7TKH8VA5e3;}az`IYHmUe0nh1(f z8kHhc=vwWRB&gN1Cv5)3^!(HOqQdaX`S0(DW7~;8ErX3-ZZMm=NBH25*i$@XiBOS& z_v3aitYsuvUO&aUA0w0hc|5aZOC>c{E+5FcLjN+d_S9AxJUJT0G#<;YlQ)nX5LLn2 zJa|~QVB_UMX_=|06F*1Bzr40DDLK2oqrDzrS?joJ1zFTk{DVz3GbM!xW{@>t^9S7@ zGFZU1i%3C%Ih%CpMDE0P`O!KAjpNuM9a$@>BCKP9$qb5ROC1l;(L0A0C}L#-`z3;5 z6gD&z4W`gPo2!ZW&3<1Px-VR8e@N;lFz5%LN=JKaEel~j;kK45Ct#kcG!^_aE9}X~ zu>9-iUAwD8%$D;zyr#crr7zAG0{6WSrq)@8sRa=_>sR8@@<$Ux4^fCs|NNQIU+S-` zEGDkVB8#k|;%aNqq4(iop0i^m5l;%)O)e@&Swohk=L`atJ%3ZItNe8vq3BYPPh zh(&G?j-X~=_G$jGZlm~m<3j@#$2v$|2Z@6lv|h0CIuZYW@UbnJj+shpOE>+Jzy(pu zvjFNO@y$u-x)2qwGQ5zYRG(9HNWy*B2uN9mL`s4P_O%0ci}ERU9j33>rgshQ{M70v zxWFJsM}DS;NuMdwMBUi|6U7J21~?xzCFH&YZ&(%jWh>B1Z!Sj{PUB*R-P5kaRIrib z2tp@(R^d)$Q64tAA%h`6_9E!xl3bcnh}KS|iR#0kNfeVYgL%*)xO5&N-@AVgx%ahq z5Qrg0W7d#~LQfHWIYL}yT5ejURVHvR6x*nBnoT!Dl@o?vNN*_?q<_!|2?>4AM{~&| zR&-|&`q8kE?L_Emw-5}k^4vBF!wi;1d1BVS8V1|_lOt_0bFrNEj!RpKjI%YqWbYAR zN`t!tgyGyrN6!J*%X>~~POzneQx+IKc*PMABcMXUA|t6GoEKysCkQ?P@Pu5A-nITw ze2*jm7{gX8XJxs-C2;jkB0dqV&se~TbenO&z}qo310)b}aq$O?ufpNC&pkP6k4Xw{ zTNGnRT-scHsiN`^_mvxTh+0W|z%a!!q8%@Y!AwJcDUz1^IQBG|SsTJes~3>M3zGl! zwb)et@LMqOP2qn&Q3gnl)>DUqPo~b>^YI=|77h^k+(ImTs2t8|5l`PWmkQGYL^OA& z-@YhfnSPwPH35_ej~=I$F_8fb;vvn=qO|d0%~kgBs6`x@%s5Pc>v^8;-fFC!ULR3d z59i&9NG@GE_P<7&MUG1EI+%J+f%qoA+BMWe**BW$iOz32nFr05He#F4jmGN1C-@jv zE4Y@d#_O14W3fS>iGS~Wr^>vT2VsA}lxmdU95Dw8Hd8mjBRqj#_XGW?1)If@mqO;z zBgHiC!kQVsHPNmCk_m`>LEGGHTX?c~^6Y}J%;ivO0su|HwQarJ;m~m#msdMKg!2gb zkiJRDtI45jrjy0@wC__%58Jqew&RFL5VlQpg|xT37q(D2iuCp+%BiWxv8O7ypA)wB zEs9Ydi_zgxVxeP4NQMR?_tW0>{Fnq<><$l!XXA&l73zKqM#se7)l14)Il#EE!X%Yg zRRV|?#Di45&W$Ry*is|;c3hzg0b*60>G&xFL-@6qn|iY`6{#zUS{PB7R-_hX$6ut} z;Xp}-4!g2A3pS`YJ|_n0?DhchdmjTsoUVtVABoF;1S3@;c-YEpW=+w9z>;*+qKEbF zkYq;Bzl^eaD$CiGmVHy{S_%gWe=)Jq0>yoK){YE-+FtB0b7njx(Z6=Vy6$lL0Vwe z!}cG5IbB_Z6ciMlz5?X8@82We&OYaO@Dg!X7b(6kr*c}6f|mu8PT`PTk@G?>%${xo zrxcb>g;i!w5-4RsQ+6N5?TG(oU{icKhNF@sH(+dl21KHLR`lgP@M@?P zCA2;poKvANG(?=f8J1Uj1wLJau%AUJc$0XT)81`e;jcKJA7&<{TL%6#`sA~{RD|r58@**&J7+u|e=I@qNK`8Np0G1C)Mv?zGO}{*HkFjG>B7Pys9NkLsBx%b?YKVm(N*IsCu4X?;5OiF7M!LBu`xw+|s2dB% z9buzaJbC0;n*pg=Yg1@a)HpCO0TX_O1^0H=SRRU)E3BRWZeK!jPrMje=DmwIg*bq&+oX zo}l)M3O?MIfU=hFBAU#57iRc43bg7~ZyrAB(D=oEfl1o0>|{|(dg*6adsP$)Vshdh zt?$5jx#d)|AFFv^5*0mtn0U~C2eZ;D@7RFEI&XLC!Gto>bPJR7{O?SucCDvy>7$JZ zq&rz3ZkJLA+Xf;AAbIC}XEYiS^_Jy*;?Xo%Ic-MwyZSchYM7V}K3Aa)erT~W|G^~kDfTm*F!t0at^PrmS}n>Kv|#Z`{XSzyw}O83 zg}9lIjtfVdd83dPXtP~N~jFAYuXKZi$$3c zk0rh(bS$v_06f%)=5ZS;5qde)ps>`>S@b&r+taR3 z`I#HRC{hHRDz@SlhKLHxZTM-9%X>X|n z#aeFbu0y94mql0_zt;%{cd_P5E~b=utw(TRAZ#zaCUIgz&En(Ovewqta_^ee#Q#39 zFCIFKebr%?9~=LxFL)??(`GmGBQ;5p9Ad40W;&{=$zs?G&AI#hsN>;(?;w};;`Fb7vmcWD>no)x z$JIlZrVg8)ZX3r!?)-S{Mvt>!Kbg9M#Ge68wGOkyTlDzz_%_!kH!D`Ey5+8sx>Vi`J=phv!IfKOI&2-h!={Y==3$NDQPq1OdW8h{V zj@6#-7BV|KyTB$TZJ$z?E+cYD89l0aGZ+5rmkJnY|Fjr$n^vcMpZR)rfdU4z&;~D( z2>$K09FXBYO~ezCM0J=vqh}{C(~t_6ijbfdXTr%nI6;jiil17+IbTJmLH0+A=!l#i z#r;OhEuUpAK;{sOeGd;kN3L>fLmg*0pZ15}y5WYi4l?pXm`;Ue`5}ok`F<7_h8P}q zPmkr@p+L>tMdzpm9!rRKX44DwX-)Z>I$)1 zfWHcjawwRA<(gEg(>5G$3AF?$$erU#)HuV>qvxm_Al!meKo8P#(w+ADKXmlaA5^F^rOG?C}A2pPmNJI zgmy9>e%-k@c1yY1`}!03KAd+alYnsqSz>i3b@Z!leOfwi#_8OD^AvMJ#0x&69|@R0 zCSKLK+Vw3SaZO^x;oxRawRPw*uiTq!6SuRc^@%uRB0oOSBeKCn$*MZ)qm~j|Ip`2+V43X7ph#wc?yx zIk2TW;fR~MT)CO6FPT7xYYX21=)D?SgFNAarxJlMP6rSj&G^Y=j&bv z<%vk)5G78N6*`1VhS9v0oV~_ZH8fHYVU<1F`kfl3Tb(;@wehRU+&`y(w&4mP6VD6R zeL6W}`p$NDGrwY#xB0+p=$iL%)6x*U_SOppC_nGaH|P{UxqET60tQ295J#IiI1bGh zyZ8@@5)Fd(qkdj%SFgFj@Rx}5LO6+4H=}RL-oOm;ClG84`R=n#z@pdqvbf+8c%-Wk zi_CFvULR=HJ66AQUin{q*J1*ywpBh+s&G6cmL?C$}30pDno>dr_DJ(MScIh7CGCdZ)!NY_C1kx&&${$%=Yp^Q_gdBVNKW zXj(NHOFx#Ezd5{_Q6vY4SDEC0_;-q)Jo5a8>aP+iUes#BW6F^hBS*vH-m zN-@oXe_?1LOL4|k<%@Hw-DRmkF0G&4bhsYNI@HhSa;I=^0bR&$X!^cf;S8Y)K>0S= z==EGA)$yI%?ri4zKBv{_4|*6@W}k0QJV4);aXiAV8hjwO3t>TInz{cNWGi{(+0lDB z&R)_Tp4U&CE@nlkjC?r9Ee`h2xoHHBLTFnUxKn$9G_Ja+joGcDb+ z8|waz(Q-z>&3q}1LEAPepPJ3DD9;8TqxaROB^akXybdp?A63|=`x)NjRZd=f8*McI zUl1OvY8+7iznb0Lc&^XU)(0~dVMICP+Fn&+k6uT!vvT+w(NL3+?Xk6Y-ZBi zV#&H;rFB}-g>k~eF=lQkMdgeZLA;YNw*_^-!IjFMn^H^0-KCkBrK zVK9sBS%q5#PE)Vb73Oin;_;Zcj7Xh)spL2@_a2;D9X+l=XW@e%o0jEM22aSArb0Q1 z^DE}+_3Sx}%cuA}mTIgV0R{*9KArjqM?g_Q! z)J(H^zrB+*FPTP3H|e!E>GidYL^txHs4V$2`;#d40jsarV45f5#lr3A&6}&0&MZA=|dl`M^bjcEoLGq$&P@m|0isrp zqk|n!^u@>D#nZ%Tj-`u+~`_g=y2cJ|E7bb0wF~gFgWFI?P3q#!OZ>E3C$d4z$E{%7>YN9$@_sKho0UG%=|-t1ua zvj8~yXkg@%?=WhCcvo^49-nG3FLo0adSu@Hjb!4^yU#jNpcWGrM`uj5UR+%8@oB7@ zzr*4oz`y_Skt(B9>|tGrDtQ$q5EjBdK48a7-L$6e=%P&SgNE}t17$`<1zwI}P+U>B zBppF~W~{7ZctT#F`^czz+4rKrvZC5vc~yD&hha@3({-NrE1li(FK|+s$Z$EGI953- zD%$BdIKwb}WZ~W={=r2l5%9nVTSm&00WtxPHpZn_wVi%;ymY}-!Ft9TP-LVU+x?Gi zhjHptX{q6ch{f94mj~lr+VL$Y`_G7xljSRE6W1eYzisBOghlh(YTia>W|BilBx35! zCm?`dXDHUZCrA=JAcR8*KQk0;$U zlm3sCPoKnIr8bU@Y3%HhSFSrPjj{agdh(oL zwa&iL0Q|nD#rFMNCf%ku4@3MLVpfb)J?)p`pY}6)l4%vwhXXD4Jc*th{M|1*u;m`gQp44fVt&zgFez4c}KS+OBRAe!DXTDw~3PEvy0NG>Gu6Q4U zIR~;e$z4&h1H{TE?JoH}{naBvZF{tR46j(jHixo}ori;Z#T*Mn<>!2KDybv)h@L!I z6$~pbER2SMb3SB`jwR|kBRtjH={Qk*h3=Q~~SPfd@*jbSPzs7s|fJ3F@8##SnO{(-dldEw78t|gdIp59gz zT*+Ax5(*0oqrwpM&$Bip^DQ+9+4^*aJ=S9^rm0im^!HQM&R^eB6$gveaC5tb3p9!6 z6wkElA3JK}oGLwTYya^es&0?&D5ZCKCwMF;mMF~FVqkAVOk7@Wn zaxB*G`Lz$0pqCdYullJsue4het_@`VeBM~cZhE2zuc^zw?2G37Z>PC)EoxhPf0s8U zJ=N*ozcRJMv0itH$l*M0>$8~q4?KDn{ci6hkXzi6^8XAvWZ9W(jMwEYF*P@jLe{Fb z;6|LVy~&&#W7<@D&9-`j9~WU{at{raW8Y7`2x^HpI$Q;S;@QpAo;GG+4Xa#0E;?=! z4K;v%%^H`m8eT9Y#wBD#a&ZToO=@{(HJ+#z>3q{^y0qEe_*7h|tY(5NekYISc}x!T z3tj2|K76xaJ%BI>8HBNv305%;*tVID8)m=FGA{7-jr;0JVqRCNP zI#w|nMK;qdxyLIiG+GUVjLl5MrR0!bZ8ywW7AehnLPl;VA?tteTv5xfZn}jk3bhr5 zTF*f%41ZCUrVNfS?a{(7fvFkrH+4EWqK7(GJS$Vb$jV0Su=6(o&VX7A5=%8IzPCUU9Yhrz&b)12Tw9X@iPj@aC)-SV5C-|C*4D4SiYPd0ych7@ zktvGY_Ms}|i&xJmPFyxAsOU)Lg)HlzBfaSIjKv(-7C(B3mo9$IHMUeSzGhm!#9!cW z_-jaQ>n4%iy|P$4^deTa&%ZFjyT7u2G&EGz$jIpZMEUxeyH}aX6mN$}$PbI975WT^ z+U_>AzZF&^?^pYpUuLVQ{2U9s@$vkA9KEn`jK!URYo zwIn>@e`^Pc|6orPjFM0B&{LaLHZjL)<#}Cq=7&y2Z~lAP5k6b*1R2NB@S{9jA9}|2 z=UkBd*e_ZA`3Lrs^2M(=4*1NvRTf?I&04kI^xMBn)}r6kpDnH%a<}&Tg=WmF87S$LAi6|`{fM~-+gYP{$lUT${v_7Gmog{cdM(*Mn*iN;tUAadu!q1RD`aSk%)xGU{=|oGnfjU8evQ7QR!OS=J^cF_GfgZ;t=dWtf#?P1l?F{`V6$gOeuRhDP{Vz6$(-T{ zF80SE46bi|q6{jxY=^hbooqfC$0n$2@tppPJ{o= z&XQ?Q`xb4+QcXs)KYFx)NvMe`T^Ww|%E@wKdbUKs_}W?k^> zNEk2kemEZwdbTWTuQE^jxr85djx8-FovnGEIU~x^U%Wso$Ka?Muo=b zbxO@P;ca>{Zq4pcw8|ROUR%$~nV?6gTNuGht?$7^?B5VxztFJt(0HNer=D?o5+Xoi z+XU~3=*&mc&N~Jgk9tR29!!qo5{tfj@QgU*{{5%dr#SF(Ahs`-fzc3Rrm+Y)60Ou{ zJ~;7)_13e4u8G}n{rNZfjDU)e`vi|)a->tQ{0Gr7ypDTFufdwHWqUxaw)g7rR3E$? zQf-^BBfU`$6o!ZP_HjRp(n82W#qY}}7y+s!tKFkCLX^3^KrmIcaiCom64jPOmzA|T zI(`5Sg;YXx0seIweT?*3*(Gv+2k|kY*QGxH`$y4@OXo<**WMvUfmHmmL@Msv9@~FU zP(($S>DU|{Dc9FG4B!4lM$(1aR9(%&#VP)h0MM=wa?!w=NUqR6xww!r*qZ?PbP-L$oj|C--ph|_Bwe*?o()ZIBj`}M5>!#xZDb=szjhf>Up9@ zlQGe4$^oJb?HzgrmhG~8HZ|>?9K2NhdG|LsDxjdC5ObKn0{a7SN(7tc!-ExB$Q*=( z`#YVTory_FN|_?4z_Wp6$pf{bw=g%+s}`!>x3aPVOH!P$-V>Yatx0w;+eBjFWN&-b z;wr=oWa5Q9H3qd_L~ucv^esaiYx6@O2PN*Qm!+*a41Aql#`)9qL%^;yUoZ2YC}mzb z0RcfzQF*yeeU+I)hT(qexm?ozgTX~~qL_+$9AJ8ET>QCTKdLJ zw$ARKT?j2r=jxAEI6Qg!v@m`>wFe_fu2VtSGb%DZcz*sJ+C#GN%*+?;rUPPG*=?Dk zK@*i0q<=lU4)ng6Te$X5j^=4xA3lUNY{b8+)pG0e9=0$=4|e<2eh!)kyU*ZsS?jdK zgXIJ4i{xR(gE|a$|Asa;ei0>%P8(x+Dr=>d5=qZUf^M&aK7URCEa00rFZ-Oc%{2dL z%@1~V(|(iQ)dz?r$>ZL5+S+OdY6wza!%i#D*QjU;yvcYzUoTv`7MnHU;3JIvOt`-y zI|!k=2daKJ8Grg%i%mB>r)ZmxU+_H>{FZ_w&7|wjf9vb>^NNp!h4uBC?@_Z;pkzvk z#fg;q!KQbLk1x^OBC{wjNZ{zPasfW9_97#dQ{e_kOjdtYoGad5q(}RAxQ#?# z{#i6pMEbV+cxZH7QdTx)c^L%bxWgVxWRjEw*{@!USaYyhV7TLw8do|};_6a<87GUp zzIdn{!mi-i7J98G}h^;-~ohiAP6&xXN~^$SE)g%DzE#Qe)Wow*JVNa^zxa=@ySV#n$V?a z&X=^bsmk4|Jj+Ena6Q%UPwD?`K=EjrN$iF#M*XI1ul|Np-hI2HovjwnN6Bqp=I2&M z&J~}2LR^veA`sU+tJWD#uAIvE(&p~?SkEH;2a@wTpwC8}6H_+8`kNe%M;pgfw=&Z(V%^W|b6Xv)nr~4fhpu)&tAS z70HA?(9k}ID?$(p3kzOW*Q>dYJU!Rs-94Vgm9MwaB{fHN-~+tY9LrC8`>L%3e#gwPaWgA zt0&_JQS)tUd*4%b_9~H6fXjl#$SE7#*GUMYUq(<0az03U!$+Qp z^GVSkfY_mK!c0XeN8`I%Q&Sq#Q_;~$pFU+iqSGvpGpx`^s>vw|i?89bug9vF3xqk0 z7WYf+=U2)i0%#2~1`_{TEPUf@YAgl5nVP~6C>}SmY`;@XpT!Tu0ufP?RQvq8M#)g+ zk z(iuo!0B2qC!h^$Ru(bcmhJun?h98@6A2T+8^xF!3XW5 zHcZu1-ci*{A90@vQ;PfyMx`s(&*^Z$fmfmhIw|@@(1Z5BM$41~L z)0vhJkNDN6$^yQ@*w2LI;I}5Rdb}^VNHC`*Lj-}0N7}#$j{+HL1dN(JM?_U&REjN( zg<)l*7u+2=-zv%E`h;iIphDwW_q~EO}5%O>X{(eccTlqAAKFtY(`9YKJ$5q z&~gj{0u!#2O2gi74~nmk*IG$d=L@GzN*i=df%geQxM(s#kI^4ywrXPiY1-Vv-QUxT z-Y2*%E=5E}VlRazzHcyFbLO(ud5Gwx@TlLILZPmM_$0s->>53zQ60=OZQs4h?vyv5 zsiOmC*X48ljDyub5u5Z%)R*ij{eK&45&iVE%XT(+UhJCt6VFOkW?%R6@jZLa!Ex6u zId<7!V{7gY-wT!3?(X#VntYW<9OU`|(aH4U&_R`^3pF(0es4FV*V4>Zq{Xqa$fO#Q zARq1+n(*)Ile>%jsqm?@R&s1zB4Li^si{cxXO05=OsV|vzF`6*L(9N7Z`FRMViB{c zQVr-d+9&PfQG?lzsImw-`3s&2H72EYV>!p~8}%U}(m$EQs7s{NwlE9j}*rgE+fzJzOJm?gWzA+DE_51%V7+&%d+ zF;mUQQBfkPyxz;@Q*#AYr(~AX4iWwYz#FR?mt$?cB$eL8w{HkIE&s_uagc0oUiV7hG%??i(|v6vWxi!e3)1| z{ekB!^Srh1XAuXy29(Ia!DHoQ&sNH&=CGOd<+7Pp`XSNJCRqD0VC#D>=9=#BroBpw zp>jl%hDgmQ9M|#-Of^5h;s1-ccYr_w_@TmJ3GzZ)zr|{a@0)rq>-pqQ^SC z>J$S_p9*7ZsO?vU2VwU;)~B4pY5VhF_w8`AsARP>2oeR{&j65_QHwest5B!Kr?;aZ zAtfb+&h%GzH&|`R$jM=`va-5*v|yM086WRzZAEr)FzNmp5^^6}MfzyiP4z(BJgSF> zNA*yBdpl*0GTm2>ddAWQ1ztz9?g5>i9gKVWiQr`6ttO_Kx?Ccb$EMOsfbETx4Q9h|lsQ40#D$&+{+!M$hV z{jy$Xpa8E6BIyY!gh|@g@Mxa=L%Y>o07y=sIkl|jJ;1S8L|ndnPMfR;RjfHOxvCD1 z$~Hbndw1R^FfTg)Gc1+rfj;r+FM8oLd2{n_bP7HM0s@M7!*}N0?Y~qoZCVT`aZh&t zMkLkqT6s@vyrT^NA*!}TTF7SI4q{L^mpW?;qAp~@?%e>ioLP*ys1}<`17qEMxbksC z3dc3=$V#XT0Fvr|nH)N{mD4*Ih&kVj01XwE&b-^H{IQp39G)7+l0npz)UoFkGrMyr zu}XaLrk!`uQ5AofF8up!QBVNkJYV9|1Eq=s6e-1IwMo1X(3uFx2Ri`(0|1b^b?wX}#WEG!C5fCXPF<_k+Qri7UE^fzFo z4Tl+Gi3_JfIt=CHPz=azIo>HLsTZ+5IgyqpqNy&kUZcwmY zvcZmy!%|NnJ2p79Dmz`wSb!EaYhJ}!YU=A}1n4uH49#a2I`J|bn~Z)npg^oNjsUwm zJzRn1tWJwF)gZ|RbOPW#o?ONQJkWT zxNqJ5I>d5KwlE`q`snVo`8kQ2O5i1aFS7qRly&gcmzI?me~$B&Vptp+%cKIjZ=Hd` z0V3^MhA>?uB_#on{DM6p8o0)B-#*7DCqFibd1LyGwimM>ry`!fKHxK@1$~8*68+}= zdYwq+P1-Yb-s#Tg>=b^VpZt_+7fCHt>t!EVwb|c4Q5GzFD}~AkHJ`-Tm|mO+QT$Wd zZf~+flVS6;t(_7V+F=+MCI3b*AYfr>J0Kwe2B02GrCGgn%V7>8d$-bc;%F(0$hhlI zYP9%J6Tl`Dw*IPCRsg0!55-phbo*r+15`BSbNf4q{63j5&vM zVl5nP{Y@?<-K_EbU;QxlCxeZP_9s{ncGOq39rWseg!x#y;D20zU1oj{4+OdhX_-dK zHZK$e*@Exc|6H3g)WYToC^cB1bEH}k-#{X+A#7Ev_4EAkK}h(f@>^e&CJxD;l8)Kg zbP#3{Ofd2ABm$`$tlB%8uP-e|;EGA(FFzUA*Qhrn@(aQ;+Kl|`xIPqelW}BxJ*7`1 zbighVNu0)jp&&Z!x=&6x?qC+j&85x+T~9ll@Osbfx22UWyP+-?_flgMVOP7UYQei3 z3R6(?dTu|Z7}BI&pxz_d;{06VPD-~ z{f2WAcsbjj^wEtun>38`0Kc!JFvF*x$`#zW{Yf-ia*HqQpT&YAv^bC!S`zH4B4s2?jdQJb_)&w3MakwAtv?b5Ue8I^RQ&$JO5bXkTTQ+uf zwRFkTof*@^Z^sCX5;x?xfAYlx;`sUn3k#Lc&k>Hxsr=4a2o|#KFxxIRhdC{B)Ha_w2xb&O``c?#-ZNM6SO*$~~ zK#th)1>+2pzTw`G!O^BLPJ)9OWKWUZ+;}_gOhv$!4dKC?{+DmK+T$UlO^RJ&lUmH= zSe&QLqjw|5OZZx0M{IxC>4XH4A#G>(@gRZv$U{9;u<^ji&5GUS{a<6y%hwlT|9Ajf z7Y*aw`HrrRM}&J#Vx|Y&rMfHo*+DOLt{%XuOnJ*&1_f^M)xo4+039K@`;0{8&UvdF z#;iLJkeaW}d|IfrwL2Sn9ZBk@duMNEauhu7Dx9xP`xsP_=BFNWI~hx-t$UT0Ts9#H{T7Ulz|NdL`3+^J$m)GuE7)17>{=9`8E4)mad`Uz}?c#xt z)4f&25RT*UzV4WhH;ZO&b1wFgjm=_e-Dlw==a zU|^^cG0wKQBzU;IFS;^1pjZn!A1h+9wzh_?&U0S6`&KC0`_i@FT@L6r?2k7KB3*f`KOZ&iqd(dDgZIo9GI9D(N_@ad zKsHM6hsECp#*)gBrBXe+?Br|;AddO@YVz3H-+a?j%zGXk*^KhxhkuvWhh5%r_%;A>el zv>yIg7-6=*b#nSLQ8)u`GvzXGKYLQqLe-vIYOkNr#1Zkb-5ym#)B_tLboBvodtgM$ zP~3XC$DDp&s!#-|-u8fr@KJffD5A183BdTH?a2qX#U!F|>)Q$Dy$sWWcc04dm}6B- zW}>%xF1mm)^AvLPJ!D!#6bD5KDr_>g@Ebp&+}n?@cU}F@51Gi#5aU5_{Iac1nmj5d zX4Y(Q9e#)y0`v!=+_J?g2{EyV;wz*(cLwics0s0k`?M9$Hjfb(^cQe}Vl(`0j=eQkbnvy_&c3{uB&=K|ya5j7K zpVaMLRUYF2fM`gXno_&FUwB^rrN21ZRxdQ74M&Lmi=0X0H1No7Lg&9e2k0*(W0!qr zw!Y-T3(X{1>#+y=Q}6-R;*>1p<1;idNsB{!@1GeROx<96Tigv|md44cb>rPDw;Q5vT|e!u(?rE_(ZwC(mq|p+k#-NiRepm`060*T%!l z{bWP5mh6X&>T8L%t`K18!>^U<+AR&vaT^#YMGtm{GaN4&8#kx(aB*;m(a3Vx6~BG( zP~n*#8oF}5%=;DsK`)eI8-{3lc`7C@v`D5 zi_5~sCQ+OlSB6B18}d0f_l11$3l*J%3dHOwj=5S$jZ&yuVFn-q#$RUk!?yc4bkFQ0 zN<&i5%N*7-TGR&TOiDfD=uhB85B~Ss@6JjPXP$-wTtHWz87qw~I!rVGu`6Co^`)@K zw4ChbzHXEFU95>InYW<|WV8wF<*@jdRN~34$@<={UDILkYVFUbN?Kh!AD&swkqtC9 zMZU-Y94+%74p3^98_%XI-Ha+al9bwl6ekBF;ganNd-4-Od--(f75P*s$5f=Gq$Hxc z`oY^je>AkGKYvdA?-zS14@83?Vv~PKLj`{XJu_@RJ%31fIkyiF-|yP!X{l0i$~8CA zuP)s1y7K{i6yjg%`zbgwzxsL2o)I1Y^iA81WSG-?s$8uYO@CowaqDG@cqYyE1*1HS zIRN&#J@_E$WNWTPc#bQKfYETQQ0=8|L#%B)lj!r0j~UeW`^UpHs@_xJ(X0_vHyp1Q z;9A1KkYBhw)9e%j&D2=&Mxc{b!8?Q3LD*^Q*V6h>KpuK|T~`XMxV!<{3tZCs2YZS_ zrnw%gIq(Fr2+!!Q(Y-=dB0q1RK2B=#q%echQ-F~&@UTLo?~Iw6)oQ@g)QdNu(ZyD! zI+?;xh*V@(;o|Z7nt_o~SVTlgp|P!;_0#C+=(_@^Yavlj6ug>Xhy#$z05#G8?5$?t z?$rNN+BHzxGo4}1TJPKuQD2o;RLDFvsbf%ax2ED5Fh1 zf>;GYC~$LQySh5SCf;HoRj8om21@XIy_U|?IWO5$vLEYze&lu1YWNXXt@f?$Y-{J_ z=I&pIn&>pm_dvyyacY&Nb-kYD;`G?Ipd$z?P#X0r$ z@@SlT9lZ^2Wi1gFt|3YFm(R&5(jYb|=hrXz!B^ahVI~ss^OKg9Cf7~&XNj_(7GJp- zV|dEzDYf0$H8K)f(s)uxZ}GT22%nci>J9T{G}+bVa}sV_(?uYK+8duIRam$RLu$ac zN+;B@$}T)%Fxx!AmQ-aaYi+Ib(Wm!&cRbJYYYBm4$r}zo}2JkZzm{Qdl%QVhW zs@8sZ)tQ4r-(sqm7n&6sK#ITm5g?Ud@2@~W5?A~>I-YKOAsSi>2b`F(;v)1bS~XQjT-g%&j| z;Uz=D(tCgrL6gJkeq`>vJr!r=@#+;)m1+MXq#6}#Rt3Hg4SJFAE0N8KSTgdew{z|` z2Ml#>y>y@%BdeQ3Sn(pZiEv?(%0raZp>XUWw8 z{32FAbo`qsM8%U<`4$&iVGgFR3k#15O<M|`_j&HwTQN!`DluQAxrPo1QH~Vfpu=Amq+Xz9c4uC)i^XM~cQ5$|Pi)&dFiYjqIPNeqGVTcMiIGQtSUr-4ilSm->`=Rk@zUoBfhdb9}i2{ z5WqUUFJ|npTXvV19{nSAFn0WIl^ecn1)heNH#h1w9%9Cn3Rix19~@hUSat^`BqY!< z0z_6yG_`0eZ}DDYbsLlC{R=R>ur2+=mXM|U829GC zZ|34QW0)w^2eV(E-gd+b-^_>I$0Ow2Xe;f`TG&R+r)0Wu)M;P@zxwZR-bEm*Ry0$w z+;)(OT3#`bIaDl*{Bmp=9`I0|w8{o}tL8E3Vm2)Z*j>?51Y#)%EJ#!04%F$n+dhD~ zS>xM5@4vB2yc=HortV8Jf$|Ky?6H<7WS3_I8%;OVh+RDNR|pDNO-YgXYU(>2Qk9n=dS2k|e^giJWIh7EXum9PHFN+jXGQncW z_^)LQS?Kof0Mp|O?z6ANQEs`;lwIdB$@nrc=^o|I^cgAfzI85^JY`pLJ|wntAKA*@ z?gPN%?z}ApmZhborH=oyb})fnLuWde9s#@pt3Sn=aJ8RZT(CK9s3O)Mf&D(QQyxN) z*$Tdi^Sir}FghTkAnzR>s^Qr{z8oT*tGq}VRYipzf$wp0wzdCO-FA}}J;fvk72d=I zp`nqXDmOQ8hME5N_IB{)St*d|vVzITc{|Nwt{DY;tZ-pv;V0nWyxv>)xVUO~T(-nE zAwX@WdKz6jcljy+vsh!F^dH@Rdq->p52DZO3@3j3E+sOpVQ(_gt}r;^%a_lIQW_Hs z)lS$aYD0hithQHBTsiC^A?Y?E^u6{Q?X1=2|8Z+x_1A_I3)ZN1#ySx5Ie~RR(}~yzJlZz+PXiUmbQ37KnJSIj6+fj34vn}VKy@Q`l zLXtewIjsTQa!J=B(`Lh@fZ`AdSe^HULGIM4B=pj&eV3s(D8h_Nb7gt~!xbe54S80l z>BZA$9;IA^R~dLjcnX|($x<@EbWUxezvbXOe*6gvPbc*^%V>7ck9_@ajk3MNz>;>s zXGs!|lvHieh)=ET=U#NiaJ>~bee)w;Rl*qRa4H^_&+Kc=39e5~-*4Gu0A%TA?Mb+v6vvJfH)~(Sy;3F6d9+37IM;6sK!narKhiijo2g|>pyr7YW z_*bpzBnsIOt37=>QGOm}FFg#B0arKo`G5O_3JMRKDsO&Z^a{tdLnI>}o=UE{N^2-H z1RH^?g<+L{0=K+jguEO}FF|l$AI!ii=Tw|@n+ zjKE{Wj6C&uTm}Mm)k{R;aTTnIg4x9%nVR+`riMG$w_@REt!H# zmIVeeF+*1HFYD}{NMzJ@Q7&>$!zC3J-M@#4X##7RtLyRR+F5m=Xahsy$nn^GxR7&z zlz(`(KD#qxRag$%S+0`Xh?p+@yy6tVmTPZcfoxnHmYS^W+{|BtW(3^l2g-l;{F;Vv zMB|&*8R`W>0Nu7WxV32lVoDOHRkr7sRm;jRgAu*bE+2GDJ0sqo-nI-0`6O`oOYe#r$j*0^w|7O!hfl?b+LvP z^~?=t%O|00XS~j76AhX*De3U}q&$Yf1EQ?>cmii~Di4Ea=xqDg<42>nQMLaY88t>g%yGrF^AcX4+gb!G1in z@J+Q|*lT-}oJbvPi%CO8XUeFpYN=Qz^rV*z2a+dR&wKQkW7ck`#L)D`qQ-q8dA5=c zC8-})S-jCsKiQz^8oPk>a!`4+mFhNXRGB_tH={Qz;I^4<4gWVvDCjIuG+xR)x*nSf zq7`D}xafXqRpT7x@4s-ZV9Btw^6xcN;zIXn1V7OvdBQh9KL!Er%S3;Zk&crA*AsF2 zxWW>JUadT>4Em1Wzp>ca*-gH`iQoIe*lO&-fM5`<{QJ2i`EdWpwGVKwbBA72L!(&g zeDHJn22!J~iK=I2Ymq<`j_=)6Pw!S6OO}~)T%8=H@#M61Zk|pn9Dg^^R0d3%f{895 z*%^avdErWix5lqeEhoe9`2c6mVycM>3PzpRAzDkxIV!V4l#W-i<~1I_^KKp>A-`>h zK0j;LE`4jsmy+psvEY8Ll|H9UWw5)GR_~t#;C8o+qFZ53IMFF@t?lgmNXH>uI>IEV ztab;g@bY2y2lKZq$-!CFEj5<6Z$Z0~%L;=LG1vRP9@~UP?^`lPt!mS?^p?=SWr1G~ ze|Mn+j$Z8)$1n{)A9D^J9SFQa6W7-TPURI8Xkh($R>z|=n6}VaU4&S%pOEq`Zp~E4 zDZk`wnnTRNYx+J$8%IgjS2ho56rLhd)`2Ks3?%<%dm5^R4WT?T*FJh6mI)fKrIrT@2F6U14K4=_l;SvBqE}_XcsZ@$$AoHBP6|#0>9?21YGx?F)mKTU%?55E|}_+FhNjV(;GT>+5w$EBo8%(ly;1*60$q zf(_2Dt*N{YNE(nWq}$;5I`iW>X7ge~hL7=>LQ#?s`z^`x=^fw{nm9%Tp#$MmOhODO zRIkPU7!8n!0IK+uG%a7bgA8_hK%5%pW&x7IXJFcY`641CgE10|pHnb0KA5YVGdZms zH#j;ng0y1R@^+i=cd2#)NI;bNH+{<}(UP8FbVWW}8`mFy9z%^oLaJ66%?@>Y$nMYa2>Pb??%JBH-&9X1bqA;F@#(4PbDXB?7nPUb>G_NuW6o@& z0N9WZ-tG7Xa9B)jm2@fVlc<2Cv)0H zujpry(JA3)uP+YeifX@~t;7CUA}VW0;fWK5>iBP@x;wDH!vIm=PTCPn+LxM@{vmiY zl|Tna)Pji$BSb1zCpEQykR$?aM(`h^T8cA02K7w1z8#1#CA1LO%;LPSOc)&<9gbVi z%F7E9Q$NoKE^KKjlY0Yix|!|xSljQua5#U`dOaW%BKbH)#xs0Hw&iV+oH}l&d}8-i*>BOmhj``^5oEoKw#|%jOYlrm9{2v1 zbsjHKf2I)CRk%XpLKe$2R`wi$!Gd~8R<=lI`kUO9fcjB*l)hrAvn}ppqF?z28MyfP z_h@bZaKE3_+G0IfUz9V4ec)I1jOLg6=WYDb{6k+OTQZnaxQkVE8$a5g_`o)X==NL; z3+ut16)X=xkSkbO!PbO0p(?K)aIDPh&Gq$n*4DlSNkn5-zjHu+``!94_26k?U{nS` z5ugGlc6mQXxp(e>j56nqe3&_2B~tb<13l<~jROn5X#lC!Ho>JuB=cT{2Cy>45|3$d zfr8|JFCeRUts^5hrgz0ZuxZ(34-@=(CB$5LSSu<7ygV~<&IrGM{|7!Y(MFOjyVlAJmiAMuzg8ixI`mBy;Qcp>HnbfFwc!Hg*-d4FS zZEifVRf#L0eJW@tQBwJYRxqrAr`F_e=iJyxcMmd!kx_Vf#Njo+py&L+6)*dkSmp3i z=V;m7D<(aG!A__8LrX@+k`Ev9JI5H_LwF4TpmHVYSrW`j z{rVplU@;t;z=DDTDGa(ft)H#FnG_QHqlLRjuIW)x3Q8b9we>|t=CEMeB@&v|JG;Cr zC~+v%Ljgpc-T*C@jzT0;@w}N(=*y=JY*60tmNJ>y@p=TV*&anB_&J~_5fk$VQ2{2I z;D@#OPuGb4Ccb292;ig$;eMZBur^Z4Hf8Mex(TqI{GTSm65nGa6wQl@M^b-WVUzHN{5A_l; z@n572bvOtfGaUSbY)$~a$9nc=bMk5NLmyI?6r{Ejt%OCNe`=y7mPt@8P(8i^+r$;+ z)vA|6+$@TMQTHA)pDv9EpY!MuJ*1m#vp-l?pehv8Y14tPk@dP zN0`ny^cCY{t0v4>ZU?WYOEM+aen@M4V=L>AXI5+ zX(D*i$y~Ou6p4_%e#+T&o2Z`u(JcT2BBefNwjGx02{?`1)w_%Sh?ux_O5cY`xdj)6 z;wZdNi5B17!m8*>4PP^A@-;5%3!Kj;8!5+^h3>9DUgF<-{k&V|XOGxRg3NB!&!CQ0 zP)N|Kwo>W;gJz{o0%^3LlH39WqH;6e^@ykbDh!Xzx@U|1;Mp@?3e-?s;)`b74AB?Z zQM5jG)G5-pDKcGe(lo2>Q9(_qUZNl`Z*n@YjS!(krZuuSPTYff{0RU}SUI=q|5)sS zfOmceVlTmKh3-F{q;6^-_K0?-sVfam5ihIt`z=S+k$Ov zAi{XhHHgY5-dTBR1CSFjw?*=veJ5#DlX6O&U zN(}j`RaEy-^Rr#0qBo>WdajM3b_LS+*Vl=^TA7E#*APq9XH3slweusOXGIP*bjt}N zz_PJ2Lb+WDgHJPx_L7x@qrDqwl%gnd^8MvNqwMS?NRf#Hpnwe^<@|RBN)s$|yvf~3 zPmO&HK$>`yvfPy41fH^NNn3t>EsOa=#|hbGx0@1z0=2XioAW8JG!H3ot7_z`{zbeW#Q}GKD-b^>#7D z2M6Wiq;+MBsM_Xq_pizN*BiN1fq-+&CkfIQ!Jvdal_vqsmuM-@DNKAOlP+^bxeGc2 zMyp;YGv^&|#)ikoCE>x+t8HQ0q{JrX<63=*iIJ9hJ1{{-Lj#|G`{CLRd^x&f-msZE z`ZrxB7e0x7bNvLtWsjBCe`jgg^9jXgX{LfgcT78O!McfB`D%kJ|{x}9X1s3V=sFqtst=~fsZO3DOhQnRf za)OetG5jUTVRbl5&1!~87a;(##KWDuYPJvrAseU`z=S?BnFkN|;ERLV8`gJ2^CDeC z72wu*i8b0_dH9d)SLYD5~@lwY64C=zF9`mVK2nNb@P~5w?V75 zuP-)una6dRCtWyO9e-nCy-&%JwRSx`ZzsLZb>U@kv31>BF&X)53@Yr-fB!5ja2`GS zlqGUqC|?nOM1YIiy0?+fElObo3Vrl8iSX8bD|IQ;qUc8pguIT=-xh224*O6sZZph) zQ^KK{g4DOxg9D5@*JHGi(GeU10^bUXAaWZ1l+CNwHW9nU34=Zt?Y{kM4<%W<&hB=9 zT(ha?sORTrgd}aI-InIYSd3{Gk|lfl`;Ue>7IAS2xfh;c5%Xa|&Dc9}e^ACsqq&(pXJA?ZzDdP(_SA!tDQ}3-O_r|M}lf(S@P5=%A_+{%L1GGLow7c25{*>aT^rBF8gneLS{$YY1)l z`sn!MHv>O5Uj7Cr4{T6vQN(qcegm?TMw2ya*W7eyC`Qxa33+wDetG_zC2lUiAZ!XU zZ@AXwkH)v`Zz)xRiw~g__-ZMC|bveW+^Xu1pPV(~W z>+8Ot#)Ok`4`YueWCvca>)tY|uP-t%F1TEOoKRley?b|Pyjr+HOY3L#9FkOT_wyG* z*kJ^H;+`{RFoY8=(a0@oxGt8AlRz-af4}>hW_Rz1Z&Iy_ax|9*Q&!sBv#c9;SKS+c z_55r29I^}zKgY*^dQBr5p0@Wei=1L_U>b9G*4<7XQg#HzCB@0<*^q7L++T}|;+d`z zfJj-AMwBAGFWPs}HYhaJAgi!4^oY4*4%Mpkis7M4B(jEOfziKEHH`+t z$7DivlJ_{Vz_#|o($wQD@=$nDv9WRcRmp1w)qLK*ns&b{~ekU%MV&h*c@o15#wnL)Pe$;8Ce z9i-I({a|3Iwf>%Yy2)kj3xCdFSJs(_f!M(B&gF7yjnUU`@+Kx!&EE2oZm8Gn>Pkv? z4COixniellMey;jxccJ~)L*g5#)4~<&JPCD_D;{|q~puntMlu3(Isg-dw>0e60%p$ zSIEK;c2iH%zSxh7^v!g&&T042&fJfPfJ3vGrhn~Jlq`nJ=2)acxEE+?Qse*DHw^xy zx@j~Uzc@HNDF4?|UA|JezqEhQ@vMXBPc?@4^m9IXTslzra*0wbNgTTW8_GoCQ&rcC zjf)fImSyNmFGqpL0+WCMRnR4UZxYKUPF|f#bVS zE>ShL$20l@exF|FQ6K7NA@1@=?5fLsb0Hu(EFccd>yiahWK9D)S0E1s1I;*jPwVx4 zItvRdLLS0J!$p6dHXKtf+rOW38QyZP9c}b~&TL~fUjJbIx1PjXXm@|7gnQPtnS47O zPSlsyW!u@hw|T6V6g@1o-yX+AYA3Uxd}fHa^RaC3Qi5A`)rpE30|U)-ESmknV>1mw zT32~b5oC%Fg!cCKpXWaX^+Sn;Hyr{Bu&r4a9P%u~ZsP(n+UL*zbJpFdwLQL=EzHk< zrD}ZFt~k&3<1CZct!r9w>Qm>P$%pI?n81sUk#9#^&n;6g)(e_Qe3-~*A#mm86)ePP zLwfX#2Wm=WAX|_sBO10~>T|f2;BIjJck|Rxjw(87-*x{fCfFUH&9Z!b{KR29+dM5N z*Gqh6O+oCwGaB_b)8iBWBFu1nd{k8N?p}ufhU;l6t19OYZ-8JoTcxIMr1Xsy|fYK1vZQ8#hFqOu9=9h zU$E{UpxxA7=)7~1?_W(9@l#S!37VSNN34U8{)6ulK&cSPhr14pwwid#BO`>I?vTXs zOe0T5wc{n`MSNlel}DaHwz;JK_>Io4nvUw-uXaAn zw8`=7`BF9XfrxWFHX0OeJsNkuvb5yqp97HuRGG!a$nx@xh@%Nm@ZRb1rLt-qF#6=aiJcjmuVS=YM6RPgK~jPiu|9_1QUy z6FTR4bMy$RuvnbnTf(`y457}frlzKW&Y9y(j94B~MRB)*t1;L@lvfLSTo5vh7h45R z{(iVRa|#chdr8h!R2wV8X=4)eji84Cbi#zZ)+|V0MbTehU8rd-IeA?kcL~SjW$E93 zI@X$J*}a#d?O1A;P+R}*+HiTLjRaNPVR)!JX-Dv>T>_opm!z_Sg5&1h1ZL@c+B{}~ z4l(f;y?&(Nbz5Wq@-i(g4wZ3x&S!4r@d_>dOJn}BrDrnI4t~7Ik6!(_V(#l>{IGD~ zB;a*$@3zq{g0cG7$P^kjc4T=)RapXacy^xsIU{#oJt+5;~zQ&|;iG1a`=`^?;i+@GW zfP!={?4GEmW`W+R!RqR9QJw1!mUd%!_{)C=avF6MJu*J_P3T4XvNi^f-TV4C^($=u z`|l?q%Lf+Z>+4`H8`8gM2@h*_XHm$rvfvJh$@0{2TUm%K(^r}73n%&@^CQdrhvx-h z7>G>py>H)GaP~{RP}4KR?~k@d0UJ z^K-g?n6pjZsD5t(q0--jW)hkT5fyEc(9j3BTj$dgO$IOu)uDTPd-o-BqQ_7xhz4Pk zve=$r-9<$k>R=bv*Qgz;){_Og|5IDN77^(AYHVgdK1ivJzDV*Z8!y$01Tr556%~=N z_th&XjK4WKKFklX-m4Px=Dtf`5^|rsq#&+|4!^1E&pI(rU4balA*N zFvEWw_infz6WZFz3n=q@tX$vTDB&s{*pK0pq`q8us4 z#!}Zqckz6(J1>4dUdX-@pHlrmFy|GX44&5ReAx z77(OELXeV10qJg#kXX7AP>?PKQMyyQLy$(gQzb<}T1uq8bHADY%fw81v*tioU}c6RoI&6Sr=(~8jndg_5TO6;>2`I4*a z0mCC~ReDKTJ75VX+TJlPnD{i-7%#yx>qKoQ_XF&wY38rru4&J=Uphz5M8%|wr|u8c z+>fhzxshR=qP{B?76^m3hruf-&d6@=!?!6=D)!nn;GX19U zb&zR8Me~IUNg1Vu%J^d!41_NHi+Xuw$2F2yXcHu#dvkSkbR<)TlK+YFv-dSg6#3Bl zoQ>ryt&pdCAO|Jo3r3Gfb=nBZmoI~TN2TO{HSj2C`npen^nPSj`HW6{dFA?>!=JiB zOkEe2hiB9XR}az1nJ4=Cl#EQBhhV6Jz03ch#E|VZ_4V~Bt zt!3oAM^VgK5!G?_8uixSbH?^jXu#Qd;bg#|SnJ`Dot=$Es$J)cQ|FirojHx9>um%t zfUfU&(Z)EIlRu^~FpA+uU>y$g_2^*2o&=+Rjh*>%9MD}Zn@y538_j%u`gCA(V)zco zv5*3LczBA6Lf;ExNZ~8ac^8>>zD>#JDuBQ9LnSgJ;^Gnu_J;M=Qu3#|SPLd3zm*E- zC%&&DwZUzi>Lc$FR)_k=h&na}MOa}ZTxgtI-{0RTAzD+n?d661qkxKTg8gX3>0YCuHA;NtPk5gm!&oq?uT5%o;HLP&fBOVOUq5+yV?Z*uNRX0FvmSAXaEk%@draHW|2H%qz z^q=*eQ5&j<%zP-=*pYgb&RBhJH0i#KjAEtoYYXj&K%*vay6o%@sC_b0Qbg8d>3rT_ zd4+`^2~O;6V^%18XG#Rz22sWF?;m0I$KKGF-g*J)PE19lvNo6f7ZcY>;@N8l=-~mHW_v@w_ zMMo~M~8)kgrvzN^JteE8#}$4 zLy~y`_AHFoc+r3DA6)a3Lc#uX^!CGtC?^q-uY-f@&0V(e z%gV|+ubsa1kB))7BSFZpR5LM&9bv&><>9$+!toGBoGw64?y|CmpZ^y%f6KjMHbbv| z4i6!Y>e^#Bf^Jjvm69cVLc8pzO13Rc!SKfj_|*wHHl5Nk2BnXWF1LuqimtP0MeLNL zINusk>oM8b`HtD*XgTYpg+~a*2v2Hs8N2B-+6b_^gyxWT%^j>vr&#JxaRHpZ6}#_P-8ZwAynqG2yu+C5}gJj9Sc|ayiTu)ZOi)z z8|z(2a&2veu+Qb~Z%x0*(#OB$JGJ(rAlQm$h(yqWj>n9(wb9X;nW59_fG4O9`jaK< zQC(-l+C+Cpm`u7y9YuD}obF2U5WxRaRJwR-_mICKsDx?*b8RLxx|H+zb1R6KLeb=R zgXC7^%}%sp9v*$WZ$p({#6%YcmaKLJGzX6j)KI!0Ewmc#BaW$jX3J*M zA1U~rBQS7jqF>yMNSpizT5k%pAUZ+M%VQCL9@h4$h_(2{V|2(T-Q1lZ7f(w=K`?Yk zDXOaGj%HdN#db8L(Qq0I(?57neeeeh0e1nMi}>W^SAQEv36)7ZPr0Zgjs^z?oNaGR zXe3|8+J39@AclUi>hz1s*x1-TN|y%vS$u%Yz77t{1q4Xg86-Wpd;zn|Pm1}?^WSH^ zA-Tjh*%60r^%#FsEePcehmS*W$|>8ukm4#mg+#GpqBV-q^X=Kl4^OeMck)I#Dg1fc^NTOy0oYQ z22>g)YqvYrR8Q5_i5R>3B}BkmZhaw&8FWZ|U(l8ly2Z`kTWE-YONaSYWp$#a>O>`a zUBqMEq|M~GDn40Z@p1Xcw3XIb6uC(vBDzrMK%Y3mU(!k~B4N#R+?cW932YdmyFNYKUs>J^DJ@mLZ15yS+!f`(NlvEp zcD~^bxW0^#xj4IXHq_rQ45c0)Wm zJoPuWfkU;F?FXE&m4sH8kLljM+oYtVP-~gn>_y$PbY<}HuzJ5tvcQ0dTYvh4&-(i< z1Yi!L8dHUt6$FsmAO6{B1U23a(>L*sz4l`r4T$AKgv$3iyo5gnjxY+MvcB%qcqvRO zAB!v!C;nr0!j`KLj&A>-7GMpQFQ-Z!VMF zjV3>M7zX7EGjV>uXSuPlUZovoi}ka5C)ye3Q+}2$sTL2jH`~bZ&iZQ=!+FhAgxTTi zCfObd#9!@G95%Ku^w$u{mOYUFU=mWfeS{ROKesLtO71T<;YsW-R;OD!+J|+((CN(? z8rMEbMkfN~pv>hEva7l;eC%u?dUhr1G{NVVhw^@Asu`pX3^}M2ACnEIHV>!Bz>yIW zTTYkeciLOTx5jHZL&IrOj|y(hS7k5HsPJ^)&vFJKf2mPD#Wx|RyNu$t0t=>xI|X`N z3qGxfmtDy_ycfc;sRsmo!$y2AE;NsP@4$=$NT!1S_k9nai4U?n3vKA8cZkF5BmcN^ zdZtFfqlY3+SS(F%X{mTN{8h29RkT5IOG{f@TiD%<$A7W)4NQleWsZn=&4*uJ<_7AN z*xS0E*qGmz6!&W)RFA-YyFT`+6(-$~_c2_tnUBIesD)&Vq*3$p^Yd=I_AaDqb6T|* z2VnvVQ-eS}p!xOha-R6-`Y$BP%Aw;@?l8At%jgn%&9g2dgM#RLmcj6*9;F?u;zZnw^xcHI(KlB;eLMsv9Sv zT&8tS)DJ5@*r?KXEzM#g&XZrMkK<=K{h<|g!GHi6TR5oAUi&CPMtE8}I`{}h3le_R z%VWiSQ>!nEyYTY~d;Yx}aFx?=Q+g_DX}olEc}{%cwSNl%a%o)oUKW}@^D%>vUY4hj zbZx^LU})GLJsdQj9@S#NxMn%f z?ZRp{5RATQ9_mQ>Y*o2Wp3LTBZpWhAT*rUUP|+@*m=HaB)NDk1!p3TVrY%-F(~Wc# zHl8{zR^o%Co>6)k<*~LL`mVkA7;MArIW_hpqRx!YsPYBf)Zr^1*Ll-TK&n^Tz}2j_;j%ENvNl%4q2Zc2gfI~jBkvH;)1$!K>Kwg(5sdy-);h~3A@ef(tQY(MXGO#vTtt!M{6syA)wS~*cVL)+W% zu5p^~gu?X#+lS3o-dWM~nHAJ+5~^70KjX}Uz76}4=jjiZl?lOUDv6J3@<2ZEdHlKc zz3rm1zhs*i;usu`Wz-I5miWOo1z`#Np1W&eH~-o{Q&Zj{nKPqL?G2hg z_<(ZcCABePJpYf0sdHtjhMes?eb$78A-{Px!`H8h_v`fGga2X*wU0_l5(1T>x&16H z^hAo`aa|junFr^S3P9+w$kFgg*sT9tZ~9R_JO;3WQKKuG68Ui0ti38^w_5$X?s{0$)0$2U8sgC;J&Eh{O*Iua{FwBBl-mwgdSKcp|X=o@|q^Ty>hQ zCGE1Zb2G;J35!_TdDMbThaLt~!aFn}s+kg<0}B{00TyTz7k&F7HOi;P+U&5JR82=+ z4sfcGOmTFo7>p-uY$QK7x@I@Tp>KOq`~)^x*nDfW_E!xFy(Sx=WHY7Yd=XlDHG~S; zBy2DcBQCkk9zbUa^ji01AHmzy3q0W4Bgqd7M2Pl6#U|!k=XQo(Uu-gTgJ|=@J#euw|MQ2 z=d9E4(9!p8OSQK6EblLGttlw}d-t{KMn>x%n3x%v*@)aWngolQBLE2*`sk@XIl-?s zq-CzEua9MsljFSmFesOgk0S|Gj;&{RXI(2#vh8P=LYqgydIqhXf!47xknT^+_%^4o z$hnv9$~~PEJq`j^zu4E@EQmhM_q5Zd;He7iSJV2b%z>m4@7!5cH`0=|+y9==vBD-T zrJ$&I8wr~T@yP+#x4I^=cG)y}&xs2<0H|MeKAF-O@VkY5S8=&bg~M_c@EKvk2*cm$ z$wu>=AE~RZdh`B7Wz`$b&*#96n5ij}Xey!Guw$5zm{{T2Ga(|MoSdANM zh!C8nO&G3!{)Fh6?~er&>QcDX)a~QL6bEm1aQ0h1m#cOundRk8S%+>mR#uBXSg>|+ z=D8IWzkC;7_|W%tcyJJ%H#eVfrb$u*w4zt%kF|BubV`kAU>@Xc%*45~y0(1MOKfdT z7N7K13f>T8@ZM<#V0qGddK6M9*C9dOtP&l=&(jYnum1G7H6FXjLCq2l+!KIFVysC? zSNdSYv(27eP4hY_7z!3z>QGNYzYTCQ}Ey1=U-5(oIPBuiLHMoKeahJn!Ne> zLV(KpMiftEe%_X&u~~R6y@6cJq`BrquzmygQ|7Bo(?Lbri=+g!{f8A1Yj1P=-br7< zO~w?HJacQzEApY!xAVT+BS$vR%vT%L8~qQ(RQ)O2)_=VVp@dktdx1~7foE$BeZz10 z+~M_)3xa9eOMQBvSDv6wL|BHY8w`l}e-R0{IE+gc^T6mMA)6^tL78r;8Nx_n*P2rP z#0)&6K4Q*1iv-mz3CTcK(?k3_2`*|B*0`NCv~~ciy4*#x6S05e{>gEvWCI<>fYMjmVx} zeBAEj5|x>mX&K@64EgT7V6rJe-gKTYvR8S4X$&YX%+tNz$@_7T^Yr@Fl@W5AEiC0V z1Il4@<>&Y1s(`D1Z=m~H13|#w&w*jUn`zwqDih`PyzIt^n@j|tq$4TjW(6g|Q1meY zTH2#4Q^-_Ao1Z>E{`2S0*P*-{8tNmIn(OpPKZ2Xj)ZZrhuTJquX(o~pl`lI4F<_d@ z$|?#k{e30`j~gP(?2lb;x~B)p-zJ@Y`wRhEsGx@s)YNWWnbcdweH{0AzS;62*>I-j znh&)6m6qEqX`(Oh1c%~xWp&6z3{ZJwFJE~5{564|QBllx8wX3?Ig6g{Pg(D|!8fy` z8QPHSdlgl+^$g1HaO)uzE}RC{pVfOyIEMD$!qL`6vo;og`Pr((^#m@s#19`5l!d0J zrl=h=NMaOxd_<&QqrOdkLS_RfTF5)st6XdU#V>EpQfHw~g?uccD0Of!ceL-*naZgn zrn)m^y}-`Ifn!g-XBF}70Sqz}BEFpRGYk`YKxftO&EW-Ie>a4-FZZw-;*G_Y{=H)~ zf)0o;d~l%(R36fd0lM~&;N>VODN&qtBWAmopSOIS@`FbiK+mwa%+*H{-<^3n?Xz|y5gbVH%? zo3$oj9EH99-5W`lzyi(-+@xS>$2D%zmxibH?Yu`$4%xm$AG_aUe%Z01ni-#v5R>@x zo`!bJ0`I6J(XSS+@<~CDp6@yQTYskxb1Q4M@jsDO){N{tAD{7= zEQukXyJMu>FO`=n;QE+vOAnYQz`hNYeLd}i3M6fl_(J+( z_8P6yw%-*{f_v$MGy&W^6$toc2Y@njXGr28kg=@-0s{8y?u+jlUv9G?xsU}xTA(#G zG!lqNrG&yhyKbSz58ax_P3N95!Q_fCd8pfX_5V<>Uhmo8N{ z&Hs{?8mADj{)rn5h!q1554nwMdXWdas>2W_$Y|OD3-EqKK4Ywb0i2r{Z5Z*;3l&_? z-ML7p&q4;Z&l~|}PyLJU{CoaW?|~ z4iy#kq}j&K^#R+TB>CJ|^10&=uQlGS>~9C-*r?{hf!*1mHQOJ{U9=Q@II7nTjy3(c z%Y1cy5|yZ+pvURr5=yoLxBgv7$;#epHM09sylBv!%yO7koFit#`a2v3Zy{LJH|zAW z>a5*78qTq0h%!_hV3?pd#6cqfjF>_*TL{_cAchrEEz5Rt6`g+e(*^3nI!TE_C19re?KR$4wDNv?S z;2iKf_3XfjdkA_W1`Is9fx~7>&HFA~qJucKbsoGg{%EcK9q+n`5t_+_uvW$#Z-m)Z z=y1$li;UE`mX@{pee;noDs7eYh=FQ* zw)7`O%mN9#?JHmEK83F(*KACCOB6a^-X-IqFDX&oW&(WK+??U-2+Ie`y_w+>sZR42 z&)qRt{2MEJjvOCURHTN&Y{eP_$qgS~g<)CBFMrLx0usOY?BnpOzCm(XeV?G~W~=p| z2C`Z-=;-$|!~()izXW8*+205?)jLwT6c{ADC>_8iaU=)%;YWTal##SAAs-ug!lPrl zVt?$6Yz4C8aWZqoAX&AYH-q8Vi3q1m#Lo8`dS4pP2?ItT?T|gzN0FDVjG;Lx=1eEIy2%}>%zku*@m%{AFbvZ=bQT#9h{s;kFm#(_R8r$N)}dz+kB{|8;Q z_T-}v2Y=_4fV8?gqznFcCdK&SPt9jD(6)Au%&(wbP&uYaR>Ag2i-+FR3n#LXpy4pg zs*bE$nRK_u2E7E0m@g_+Z~J$Oq&mR11)&6onvM8BtZzGWY9+cuGqvgVQN*6x@VNh? zVNtK8#OJe(4yV3iqDnp7eFGz|GSG>_7?CG5gROU>@+#X_0&@J`CZww@kV1hBDNYu7 zzW(#~OH&SNL*?Xap1vYJ3_#TWny3XqdyP~af;YR;b&F9sRSboEBwb3{pJvwH5PNU* zYaki`P%coVY8ootvzjLzC4xD*Y#)KDa=b2hh0h77CS9U%j`Vkuo-3 zi#z+PKLAllXQF|PaQr;?#e@J1Q{w8wdTh_4XL?uY23bmbjhU#7pA$fqeIm_|J{?aqtGOc zOF<4oAX+NF3RIe3u9waFLT@+~o&R32ic;GYcHNpeI^r-hTfsSE7+WF$jb6AVd+P|Y zR)EkiKJ!D^&JHKC_?>WkFoV9E?%9a5`|tU?RYiQP-0T)gFWx1+edU2i9Y8`d`~)PQ zFf+EiS^7}`sN9$5yXWM#;2gOJ} z75e=EKEIJlP92s@eoA`DUW=OyV?+?lNsYs)F&q!Qx8JLo?tQ~0 z>hb&R+-B-M9ae`xJHcnacPSrtNg?o@;SQ^8f2hs%yk)cMi^# z>~f>Kh9dK$oOix5AdUqjpMK1?wdW<%dC$d)t!p43s^waDSCal5{Tx{-;HUM!F$uc7 z^uN43M1v3a_v91qYiVi7tqBeQfZ|cpDH4MI|MIPZ!1|6AG69zLkM1S{k};_ZnU)XK#VgK9nFp zlsFA{Lj9%-vOqg``=(uF2MV)bm!6(>-Ev(>ULr~VU{rGAR7JN86~f(iiSDT z01K-$|6y03cn=N`F5QFDnKM2i!L^0H;uK=JL6-I0ejpQE9)AqVdh5!6(l>tM}f0QEKWN zL!81rp?l`N69ZHa_rLcYYT9fw4y|lXLQK*2>B%0Sv}!T3SUlAT(03 zZ!s{astbD)dN+s-y_OG&0rqlztFo9jh`sW1x*^C7#p|perY5AiW3=xAcbE&jT|>!& z>AAW?%`vI=Cyy`Il^BtVsLL(OqM{O4qrB9qyWiDn#Xy!Hf6V-r%c5st2EV#mWo?&{ zg&W_>iWK-=O8`LT>fH#+mzu*Mfq#Y~UmMVTI22h27hXuEFcRPCoO}CGAV2_|4x@s` zksrhYrJt#g5R->xw4snn$&Xv8tK~^{K@3C2&uo1|gDBxi+0b?nwsweuz@fXxo4k2J z>mCcs@=*Vpu-orj-(J%qU}I+J`llJBZUc|1u;_1t@FXPiQ)%Y>!=ngy6!o;+{Y@&1 zd=iakn{1CLsRV851YMx+fHW(-_JE9tsAFRNQ|0sXr|`G7NuAk{?NgxQF}*GTW)?y% zI(~$ydbe5Dd0xqb5Kk8JN)UHJC-4j(a>fpy2FqM`Ny|82@4QHp^h>cdY_g`k{??c; zbq4%tf33Va2I3D6w%Wm!Xt4??QlKv1LI7h-w1uvtBUJa4qq4TzT4^6;bDUr0#V-*6 zn{2l?SI=wid&5`;Xo=kMI^0XY*P|MJ&l!4lrIZ}~j4*I&b(kqY4_PfXQ7p-dGM>a^r~myPXBZH4LlNJGJdhyf`|K-=FWnb?%A zh2cAPcE7uqbTk?6-bG+Nfn}~wrJp^c11UHKpB?U<)zyQU3p}{qR=0IWwuaZ&*JVT8 zz^eq1u(R{he{=JqS#kD~$1b}|tnU-%G*a^Nii;>C$ztG9V&GANd+B9tfP>?k0wNoB z$`<1?nW`LHF|wg_q#o4c6wjQcfmC7S`SZLr_d3>u%nyAt6(uF1q@QLj{(Y(Oen1Dp zF~^}pGA`rT&EKx^2=N_{x8KCRzdQ)pD7J*e-`;T<%-e^rJI2hJDlJY70Gj*NFI>7x z`|0r!yt-r~nZcrG^hcLoTO(I}YMSquW23Nf`2L%6E;ar_1nHb>Dc9{WASQv;HW~K@ zK+0-4KCvG2D-&iB4ci#?#y4_uFg{2=j*N_yh7B37rZZm}3SEW${r%Lv4>9Cs7y_Cd z`_E1d|LwfxM=T%yL5JN;Bbr}gBta%b96KV;XVXTVA?XuMKAO2Y*{3%l0wZ8vNigze zu8-xOnwrYaEet!Z74W}Gi9D__eVf$FoyI$vZ~ss^m9(^ZMCqk1tf3@~M zEkIc~FjnCAuXdc#|F$3{uah*Wts(=WD6DLVQ6vL1%|||ad=M5L{CkfHirpTv=^@a1 zz5bhi>br*JR56QG>H;nk21Fb{c|(V=g9(5Jq@8F1;J;#a6%wutKr@BTNT||TN@ldc z5RCKFjn_5*uOGmPa$;HmHzsQPVNY~ifBvWJQB))pAh=8O6^m1fWR4HQA zADXI3AAX_Kso(z|T=exe_&iXvZUPOfoh6>7x3(vUp#QyC*~~_hWyePYrmEDa1|O7k zKl_Dog~jtKu?4^_WC=?=;ACQ}_9X#m{#fx=DE^K@2%D~!mKns6H3pnKKnlR--8P5` z$kJ|OrXrttB51GR*`@qxN zSooc#l$wg6ySUJMh5yXES9;+@3|O?tVvAv21;!^zyJwz4;3@12SGV*&V*DKx8VZ{* z4TI*7$l9-Z_+fBo;NwGyI6QR7j}5&1`wDOZB=IIz@#6{rLcSNj-I0VjA|4P~Xs{l` zd6azml#qr5g5YqQ+1vu?rlthP3QYsyR>WPHeo-YEcpWm@(ts4s!GCry+z73-zg_$6 zPtBTw2sEXCZe^VVN?==Ju=mx)(B|bEKI`EE6yi2Ewlr!`f*a4=yhk5EcSxq8LR@@~ z-St5i;fsO6!NcW6+V5ZdsF~zrIzWSAX8ZiIZ?h%^G!$Wgfiv8B@s%72;)ms;Z8hUKiFD@N9bZ;Nei1Q-N=X}JSV{>T;C+X}EgVgkcq zEY0^grZD`<6P1idv>ZAWZwd-@TK7lsT)0KQmZA<1Z|i~)AadBy>%iR~X0h)3g)2K- z33@QcjnmQ7hmk6guYmB2usrrDsJ9hhM2n1yRMRpFfdIwWrVRsw1&W7<^y~(qs}--! zZ+(B4qzhE#Z8(C@WrZI+n8*g+^!|p4v$H$n$cy`9`0J#{wXiG%577=3k_a|GZibj| z&{X1ckQaqn$|}GSgBaproe8SPH4*$n#~!5mjcMVs$kRaH@ru`f&~g^lN{AUHF~p zG(wQ710V#LFt6=bUgRDGktNrIU+*!I%5KLt-Y)MVf6y7ZU}3>P^3ax>S@NkOK?(SZ zHpjb)rOxuQY`4@_arw2~(HjNdFlrto!8~*P+nfN{3+b#T_Z1r0b2X=Ia3jm0wAc30 zc96v8(*LEi+5UeTBDOk7WkxaU9J7xTUmSi_`Y3KgA#YHZ{XvP|VW|nzUWe=cLcP=c zEj&CGi`i;!Be6iTmU<_-r%xXg|M)t03rsCtU*-Mdi=KS8B(*)=UBrU+V<wmC}qcB`BzVGJ}I`#eu*?s+aBlLoo*Q{Y5U6Wa#^4;idcL`#NVm0SM;hc0~P@ zv*E>F{JVGm73fdXNk~XEhegK|g2mIaGmnizbcG(gTx;*cM8TB1ZX19%rkQ(m^oMGv zfzR_&7L3y1r47cXePjm4*G+4yA6b4HYPIg54viQnc?yDVfx*|2IaclA2(uVeBnhNT zzVQf4z+qLH_}9#A5~TI4wlDrLy6`*Oih@U%)gluopN{GFGdjm&cOr#?)2JF(UHxsy z4K9LHUzi@Md7kk~3RJc?#@`xN_tFg=UgD5(_m&85Z|}5d=w3gk7-k>iG_FNxXlNj9 zxT6~ufH9kOn)lgONRu>(>tPRk2iUccuEdPdh}SuF?FVTucF=V|!$EFQ zGAWwN$TXKDYR4!df(0Bxd*2)djfe{s?IZV~L=qA47c)CPe^cK5=_}!6W9z5bT%cAp z`D{UK+lWQW%*+g+pVS#$Y+Z(%o2Hi5ZA3R(Lv`eD`U;44gPp6~G&D5XWuKxz$2QB( zr3X_v*d@IWcd)Rdun%GHAIrn|{36M=w*9x69~A!4fLuAWNp8cp;y%<*n9~Q`oLVKJ zw|bl>NDV9iNYsA~xyjf%6C$q%5T>iEIbtDOFMWLxP(@|kmHZ+_WI8eNfPz1O5p*$w+Pf^U7}dtsReNiH!&G&oH4X{Al?%yiGXajf3w221eMrrf=OZtvzF2mT^apbM zD;r02=jcB@-ju!cQhYKiX~)9HKnK`0Ou4V4YjGWRcBs?9v-;-u#@!kI-Rn zutIq)njqO>a8&iG{4MOTL@I{hjzAdnb+MzPSJ>ix*;mmii-=6io~yMIjl{-5!dvxi z@Y_IjOrFu?_E5pHol0afZHpG3NB1dLYJ6JStsuH)M=-sQf8YW6jx76;Fz^(5Rd#q_ z02G|R{Jkd96%8o<>5gc4z)Rmdj&OZ$GS}0)a=ZNAI=u5qhf@x~>-siit2~`@0#eD+ zBO^PU8ez>3Jyf3_*VvukAt5ER82*PRmdW%G3{3;mh(x4EdPPK27d|2p;c^%h6L4#- zz)Y#$T+atKOa%Z3>Aru70=V7sc<%6{hz*@qNvDnLdUqIg z*J!zd9A!j3?a=3p4D_>WyEt~TdE4h^W%*@jV8w+$J3B<4>9XZI1gz!|HE=M{MGI@i zf~o<6s>NvYf6@(#ta>{IsF4gmf)WdGHb&Zyrj-&uyqD6@z=q|eL7)|ar($ktLm()4 z68fz58E+vM-(@NQV28PRAsd!;$C%ns#V4pVQd9C2y-7>NZ45f7rNHWLL#X4Ve=bw&#NFT z`zYqZ>A=NRX*Qyaj1CxAf2+bc1Z*4Lr&-6xW?7PZx(XVL%|5gcBGTdiD`UFO6Ry}c+UFD#Wk&=Ksi|MDJa}a>UjGG;IY6Zl3Ns?v6}SuZ7g__;ns*r z=!-QQzZB8?V$BR$UeTZj{OnD6BCV!YIX>CW#=7vROe*a~PHn+ctwhbxb`p1_zZqC7 zhf60e!zBn|<#qc44yC$9zZk3$e+{(aFZiGA2bHJb*xl9IXL{NX;JVe~Re}8oH z0$O}QJK~oY(CT_OerX5jS3Xq%sG_^^LcStolQKmW45gDbz(xE1wx zN(z$Nz~B283;`*GFF}ggF(9}-mT%vH5o4(PJ9VaeD9KTj2q-+BjB(8doeCq2SDvV_ z*q|MT_%X1iVvN=xFRvZf@(NR*<>US}J&0f6EH1$%DT|ksTiOH3Hq6tG2f{#%0g(5m zx*9uCTMOw*VkRYJ<(Ldidi%cYr1j@IX?%Km&rHD40;!NoXa|@l#{=8%8Z|4DztDSG zi}>fY@?MGDd3^#MKr1G|9>0kcvy~~Ny$C1z1Ta6SvIyy@Gz!_Zkr5RDw}53^K91IO z|Bx*u6zJ1?%+iVAJ*4kH?m6c^y(2x6Skb_-KUn+v1xpEkL0gFXaGDPeFQ5(X?sLN? zsc7*e7ahZ)@dbkW%XF1IdjAgUM}h!of8Lle}<-As~-PtmN;ND6-c` zOAEpD+J9`UNgVr3d}Z?|E|+7v@93M?uX9|?WSi7qs7xb;{(d7c(V!=zpkc0^7@8jM znD@;z*k9-%MZUZLVq~ee(YV?#Y73zJHNt#@9L(=nm49!111{t>2%z--yG*y0@`B&m z0wO<>-jqk4Pmb>SSt0L$E)qX;irk0tPEHG&5+K>SzG3T|HzjD^K4fNpn1eGyE-O8 z4Yey&F^opJ5x{&e)0PmkHvigKLPz@NF%w6J~;bmE86bCF9+80uWOs3QtNGgEB_ciKl+^ z1tz9~;(=N4Gmw%2&j+~$GB+r}2PgLI0JSe~Y>)%&rijdIbD$bvq(H7 zG*Y%C5LwqY&;&>YSy{mWR}=97?9;+tzev7kN?u6%dC`*gQ1znxZ5W(j%gTGI6#g;f zhlQ7E%Mn#pIM?eS)<}ySlNLju2b#P7>yRd7BTY2eqyO3{RpapWEX{4y#oES3;`3e6 z{m&hzbmn*iiEJF{ZLNQP{6(%O|vEmsU9zFDWbzTv>0zqlG>iKIeFiF1?+ykQCvi?&*=jYyK~MfpHV%{dwp)=6rVM(Ldu} zjE(==i|VAxVymEQEKlZ#y~770jRY`@t}LKydEM4YN(iMLr|t*b8$HeJL*N*sAg*U?!2=))wYiRdHwg5;3u6d*h>T8w{qRA zIz7nO=IZTJPMA12aKL}u-6Lx`bijZJ0#=}NVj#uwSh%o2B~?m6fgB7ey&H)nMI}Nk z567ihg<0b{zSX*Y_)kqutMtQ-DU7%v3=M)BS6i2w)0$5TZq7H2a}*&Mm<*f(jh$Ga zExGEfF#U1>H+<&42W(%W#{Pr7Ip0D6%YMS}b!Nm&d87#66WhcOQ3^rJk^hQPV@6gh z$0dQ~Yd=Rw7^C2zR&C%WTKU$em#6j7`nGt&&VD`*e8-O1wJk40bEm%7Y&vwoCP zx}O{qQPN?+VY-t>^Z@ea0kB*56`n0qP|Zjb(3aDAR$kkGyl{)ihKTZeuY5$K3)TM(O_@*St~3S@Sgwq-06JdXzrWuuT-g%aF`Z z13D_WhS#*_41A3kN@O82(;gcJRgF z^_8gI&2e%KA7I_lw1Uyi9q3O*&*Rd0i8Kp_gX%pesRHC)YbS|l(tn93eV-V@&5L$m zZJ_BhV%ip(A4R_0-X?BT5koCVbL|y8)`a5~nDSdgyUbXBvMjZ2uIeQRkOM_8gE0tt z{*dBV-c#KS|DxzaU!wD<{7ov3*E|EF)U&d0_SpTE^%yIgj+k6Q5m^Ui*0EIRY{nH5 z5s#%43ArCfU)3t%w6e-Ry0Z5>nn?n)XxA{H4aq*2iX8E|jfnA5_@8?#t_-CW51*i2 zUd>fgK7an4_r*Xh`_gQwz8lg&E6hrm;1iGj!CqNypEK6CuT#!Ht!VV zH(iSzNM7mFG}UeCkMGZdY~~K$3j5B5rI7XYyQPW(%UtO?o$@H=TUptF?-NoIlBum< zt}qu+h`9@cW%Uhw{|wCQ#MZ+Zm`e7k>`UJUas)}UZ&@Ti>sbo1GP0vOBidqcKD#iDkb?ovA;c4Q@ zLW_U>i?Q0WI7nTpcefW>F@LWAM6b=6C_MOsjUBJ678DuD4vhmZU=iLYtLU%ymbzL+ zQ5-1eOCzJA)Gu2Cb&MQ<6I`pDo~ATz_6*w%dbK$lXjb;1kG)w(OY4^Z>3+|)F3)&@ zu^(g;Q0oZMp3?;}-Xh1^v zUlg8E$4!e#6nh%oB+e5R7p|1P`q_*`B8C22d>tGXr_I5OhN!>7Tm@x4 zh1N5XU%}nCIMYON>}hqYtv<}$XX{_EL1xWU?v;-OjxaN$;~_)ywzRje;KBuggzc0f zeq zPCjABy^oJ?hXYP{hY0C4umG{Xhd~3c8Q1VTyT{4==jZ2BnLgsyt+2@x*3Qh+7{pX>#7f zWr?MYu)LuyKdW<25{%G33U-GzZ!=|{S@nJ=dr{WI9tU81xp%*ni;KA!qbBKB{M+|( zwu)-gn8f~WkU3ka$i_ zjR<5dE2Aj=Qhq6fQ(Idt@9pm2RPo}|CuhOBU){cwV~YAs69T{T@*0p<^WJERNa)iL zLDiAiLJqFIt;^21^n4{`rYKV3Np~tGm$N6Y{X@Wr(1A=Xu$!swJlj}bH*X1}W{IYJ zwfXf=@Tbo@`aEnifuC;mH(TC!SX_appF4=FJM8-wQ0idr-SYuNm;lci5;Oa2= z_jxA)z(BCSCH{Sa%w)kZFYw2gUSM!DYI-#fHbH1{l5+hXJ;Q~|;&VT-@)0~O~ zjm+#;xgVke!C2Yp1_MZYsLIIgsL21L>AS$|jWT@toKFeSZIS+()-A*YzIf`C4a})WchA>+6$;)mKCRts9Cn zSTk($(LQ7uepeL-T+q?Mhj7LxMbKd|@26-S34I$N<8pN^pA--L{bG$uZ;IJK{=98# zY?yS?{%7dBL!sMFXG}z&=3>5>v}H5wtm=u0p~2v_o@87tR^P?JpQYbrrU!mI&=$pxT~zz zCnm)Ydjdbpv4)uTse*Y`Gk`LM;*BUHtWKDzW6zhw-+WJ0da2XxTdoPLUVJDXEQ9Ee1A>7k+(Yx1?yWDfiyY6qQRva81@gDJ)j z=;%T#_&iv-#y>Z^e;L1k)s+>gfEg^|z(aF>yg3}E$W<%ckqnVUFKt{u4{hHa|43(L zHC6c~dHY&06?sZAySX+5RYUfuU8wD40I%mS<-87XBguS{kX-D|4!X_neIIN!Up_c~ z_?n1e9-LQNM00X2RJ-1h1Msm}!0_imywp29+_O4Nugz*s$FHsP;#VOXQsO9~E&Or% zqs~(H%I>4Pmq+J}HD;}#)4n#7eoMmkZHP>onsN!eEK8LMj|}l(#D!u~!_yWVw2|Lz zUjz9`xHCt)w5jDp%qRjCJ64NVSjqb$WE*TG|Dj^LQlNNO9Bu}wZHncCS5r=QKP~>qU6;)-76Yx+Y!x>3%v+9o?Dvnff~|p2vZBRYX}ZHGr0bBdF|5 z2BxbDdL0(25w;!yX(u768ZZhrE$^edCIY*Nkqzr&<*l!W!_eCq8^o?qNK z$p2Q#!wy#jozm?{ow0&>cx9-ka!EN$_c}cyz0O%us3cJ4D|ltszLWp(I_S(m51X&_ zG)QbkBJ~`NDtJQit3NkQ5V(?e80g3r6$;jT9ph>5)3A0}pH>)1ZX=3LO;Akoy4a%U zw$~4f6UST(AHD(+x{DWPy9sh;BDMOXU9JBN^Qw|X7|(15Km zt*$c9dwa63Sjh^vDvE$;Q}EUQp}nK}SYVKY0!u(0MKY2OHzJDC*jAp6eGIZVuD zDrmmZ42!i~|FG*9_6x_oPCl!-QQEM=Kkp&Wy{@1d^I$u>x-&}m_KPpa)2!r-M)gdfq33RmdbK*cIwN=XWYh`(HDU47?=`zqz z*l$tvIoeNGrO?te{k(H~te^b@y&@y$Ui!&jTTc#3)MV8lr3f(3k#Zl*qaQ6Q3v80Y zzEp=jgfNU0cfpt%hFd;?k>AnfKRg{wyK!ot3CZ z^Gd^HX4q@b&x*2WF6=_?bdbqeQ}C7>#I8VPI{d3BP$z+ifr-h4B5~^VSM8z!GNFSs z`r#@ybLxsL|4V{X<X4P`3k;>k_`D|Y5KDxRnE7z z{{9Sk$C81L67o3-PtUl^>#_JKl;B>(0Xx{98?$^c z`x%BOOO)om&dcjVde5EcnsIdjNNE9Qct;rFPTc7drjYkbLQt0~rZ;8vfBLOFInvHN zN1<#rjuoAdC~G8zf-6%5GO1>W?SQP)*7*(}t@_(4$*o(`jFI1_elJJEV2<{kZr9m^ z!;;;j7D#YiUZw`b1W7ZrZA-P7Zs7ywItESz2mC@J5Hv36=Xp~yl|kyOMnRi!AdzVf zXIX?je!%A=R<4kvQ%50L6;-R?32PoKGd3|M!E@XhH&Y+N3vN>~df*{6?&w^$98v~D ze0htTO~FA~jovFcCNeG&%P%33o0{4+c3nFUZUpxhTN6*Gn2aVw#JrM#K|%;HV%#PD z{HS*nez(G}hmae8nb?ucevXMJR-kBr40yi7=kj{`l1q>hf&{vtCsP+Gsm{W&KDLF` z3Nx|T8SiMm7@5zW(1o#Jb=tMh`R)pPhWp(b_&iy$4rms(crGa`D{FAE)r%TV`w(v1 z83+q9l(Q`F%|JNZr^vLkf9+>}o`0RCNDr>LatKRN1bAHf<-*~A*e zcNhP2Flha$=d+W-%k7DRdrBNnA*KL;N^%~%K!^qGE*yQa2QUt-LGk%?6wC}wJpBm! z@O{3ol+}j$`}f|R!z}_ydNrgeJBbih_}=fh^Wg9yK=FXczMsPz&BE>;&V<8@0iuzRAu`x?yG7C z)^6KpjgNMK1Ls39xRbMF!5B3)^%ZPvY*=(x(b2`_A(|e_6{xH*0g$tKuviL9=sHN^ z7~efcI4S`{JzK~Cci=&*s}2Copv=EnDy(O;V=26^GdM6RK<=QaO4E`2=a=`3O!n-; z5!OJCOyL4$zqj!uuS4J~RLI)^wD&*{*Ew(F_z8`i(AE zIPx!ojz5^sU$i!lTeIUo;zdvJ#d-#fs$xcKICYm)g4ck;+~$$_?4we>ZU5jSUI}Tb zdGPg)Z9RA5 z3wv^D{ClK>b}Io4(q=vs6#nQJmX>x$>q{$@iJ1u%n^4T=LYixj;`{dz7P~UTWQy{1 z^wu;l1GzW?6$^L@ua9zd@S)XYn+(18y^ufGxt&Ti3<<`Ashdck)zR*SAc~5Skr?K? z^+4wB)fWChBIbYp8lQtf0wzU}hIt<>jRg2WOil6VDf-S2(fQUVNS8b-AQ19rj>gx* z*anSSf+N+3o)I<=m2s;w*ZJ{>=fto>Y8Lqn3SU)vS* zM>@)8bGj0p!U zEG#-p^Z357KO`4W=}TJ}eq;-uRN}|-%1U+gJvz%ClKus(p|fbp6BYx3SfETQxq=nt zaG9a4o!xF0*UtPuVxO$aI#|&7cQ>dQ; zaHMxMSEdu?ZVNlU88O}4(}NQX21^QW9sFUc|6=a}IS*8jh7G^_+Q!DjUmR>>IM{kf zu(rRJJpsq}RX0M>g0bwv_ZX6pF==5TCapw>oWyXQe;sRsi?m7^!wf~mU!C@b4(Y2N zEPcQZ>`M#S#WX*H?mYN5e8Y`33hAO4UhEA#sa%}0!){hC9AyNwq zAGDP3$M<06NF5z>`oLAh>$rjjov3-WDqptk#g@=DomljI{V1e1N8Vg3cXq6x5wXJ|4n|goj{I3SC^}`oMNam`;+R#GISBcnJcfM zLvIoZXMKf7h=k_O2wA7bn0RxGp3yzU4>(TX6VKG10xzztuG5= z?_I4-IYGpI`YjGIwsSy&RXRAXhg&&zXXXbGcSn6HQ0ly_E#bCfT6;hgEOSHs9uBmw zm0okAHV#e!U;&uiWY*J}hX6BWEtYL+NxEuBy;eKgm<-+^MxL{UhOY!rr`0VOG2VOmvIiWsJ2=D+JXff0ZC=L(qbYtL8E*cq-CqOWCr+ z$&gHX6hKehqcT%^&jP7jV7}tjDyEFSfnNWxX2uyI*fezmS^0x0K=inObE(5N>r z?T>w8Ev2T03+E@v(Qw0~@R%qOs8wuEVZDgT$)%orrwI>@p_b}PY3S{B;Ay`fo&qcl zL)~=8UBnSq2a~`9h0bk?wkb1m=7PF`His)c$~JQ;<)4M=Xv*}@9cK(!BWkTUzkgu+ zmqZd9PU=vWDupE8l&v5OEW|f%a2x{?34k+zt|KG0d=^^gFb7k(%%6lNaB0~6=pKA| za6$L-)xVFUw_|h#jSYuvG9=Vn}nv@+pKpYL^MiMc0Xaqzil>5N{z>j7kkSj zJtVKQxU;|Vj}fNrIsRbH%YQ%r^9KruXzHxQh)^gvyk+IYp;oI^lF}r7`xYrVL@N=h zi$$y;_jVKF8^D+{(g(;MjCZ^(~Vr*xts6)^!E1Qcw*B8 z{JZw|wB8;~AG?D^>8>yXPdL%tyEsaO?gN=mh`rplCFETaP?`_V04Hy#HY+WAA||P! z@u)!mdT>_U{D3_tx$>t!a_^{K2JEL@`Bvd-Qo{9f{#O)fH{JLFP!g5jKjWizA28$3 z@OsvT2Ref?=uaN5%_(nxa^F&=6~5~L9L$i{JrQrXYmReo z)kSJ?=Y3ILG;~`H2j-?`i(vi;kBsPsV{~Do1sfXk4qy))6M1;lf!Pa>jb0$nR)9|} z@ma=Ug@-&kW?;+4SO1lT$W4-)S6eXxoZO~Ser>7a2hcU|LHnlP!(6K;8l56^FlVg4 znDmNz0O49FCz#9^KP4N`%D0-!=n#vJrx#+F%cu=)7~B2?p7%?dCDuNSefXf2iDSs} z_;L3;7R#3>zu3eAcb3+S@4@7Ca$t~<@L?I*<4-*kIPVGzvEX#8{9#jEV%-iG0y#Y+ zu7fFt==jylz7&hzAsV;}>cJdt=g>X3L#Lm{tvXZ2r2C?aZWSli(5&svQ%8d;8|W#c(I6cU0b1Vf~t(3<`87r7;?VDIYv(02f4Us)&6*Mk;sAK9E7Y~*`+=>CQ_;R` z1f(Oq{a%5A^1etz!)!MF*Ch1}h9F%RsJAzr(MorsQ!L$abafPiB#7Z}+IpoONCeoG z@?a{7cks~fk*DU@<}k;>#f5wzr7Pv3^ABOd3Jm_f1)=v{0M4St3(c2ju{(2n z&;dwrI4Fm)L;kdM?(xYR9?yH+ z2k^_DAc9#3?fAX`i30}}(KD}u7eD|e9@xUM-3||To%~MlhXSSNsi&kww7diu=QK$Tv-1xui_ry|E!GBk{ub_uSi|9>5; zi{1?6!275lA{BJIm5G=3%#R+5A9+XL%ZqeqNO|q_xYhhL)m4jYhUGoFqf-6#e0dxX z_GMA+ua@PEOvcg5W@?t#`8TZ|N)yjdCvZ6GE>x0V`10&+Ovu?BIv|WFhGyzHmtgwI zhnkz%LqIji2g;L{lCW1r7_r_~&oYCK9~sYr;3jYrJMheNX9#=g{ys%c0Qa3Yd%q3X zK?xl=l>{rzsuRK{ZD;DFQ|q=RxVxYw2}9iT&z{|#@dZGru<*4n2ZjonN^kwLp12Wz zYYmwtHdLZk5g)$m0W8(v_OIGsv&+x!aq9POQTwT1Q2+u=90?pSYKa!9(4s_6-mz#` zd1E^{JA2d(HBGPleg%bzRde04d>Z8D?Cr2WLA8Ulz2W5huA1k`t&QRLr4dwEfqEH4 z=g(*`BBgRcQ-1@26L?rZ?I$}s9IeS7-QkOYpd$!B$?ZJ!g~4EOSR(uSKd)7*K-D+L z2NzFVh`{?svv)sT19(3zS+(W^$}Fh0o<73P!O7YEJ5(Rq?&4`#TAY-?b-i{!otF3S z*1B5MJwdb&=87Z(fk%(%_+K$wo56e$Hm~1jy6OE8gLS~DsWJn>pxRX}zdH#3xAE(m zRA*da+i==;Gl35cg_>Vqhyl_wBfYr^x=qlZ@-R< z6QwmZb*ZfG1_c+d&jLHNPsTHTMtN6Y44mQat|*P&=_wNYv^%>JQyatRxOb-0;`{GS ztfAyK0)n%@k+-A?pN6h=&ccP9OCvx>K9ECVyG2RyvHK;s9UPbcNM1Y+9iFYTk-FIN z^acr-jYF{x+@25mw@35z+^tUAx`g!eBm(Cbe)nTwSvuVe;gm2)tcAeI`g(yp4m)KgKF7e^>4M=Fv>qSNYL9} zzvQon_2z7{8X|zI6|~q@&Vc>00qDyLi#{G|x79IvXD~qLbdU%`lxTTrt4Ne6?N#Ju z%~N>)0k4V~Qn)4&d+7YiLc~(R@Qd!PMpi3h{RKW`qwrK1QXlzJA<9iq4z~|}#|9vS zn(2O0$@^!o8TwLGY-a(D@tY36fuYiN^e0}vpvq(jnBN>yI8z~my`*yz-1U`y6+9~g zdhIb@#;HJNkKt7v@v4Oj2V3mY61v!U~*#{|s^)d?=GS z?Pi0?>zSbyh5i-JNfDTHg!Ii2+{k73gp(J`(z0kdg9DUE5O|4PUJxw|r3wb~c0OP( zqUTy}!d>>?b##EuTHfG!AzKZA&$P^nJQ>_8!pQe=2HtRC@srSFT@~4g%?7x%gSkm+ z>-5vp3#?-?N{(1eBaKQsdnh1ls)EDj@l>h**cMqlm*l0uBf0#Ol5RU@13=#t} zV5--q%P_&V9*Q0o`+WP_Lzr?>|26asel-xqbU-eX!{XX?=*)v7$FAwOdS8bTOvM!} zWk|Q(+uLi@+^7z=AwY92-j@y>{v!&0^uJ|j0n4yeoh|vB#Q5vTzjWn3C6f+35k7~H zbsnAM@Ad)3;BYZZhC-z)_Dtg|3f%iL-5^UmRc69skF(o$RT|SP<5>YaP)JkVZ@9+t zZJ(4H44+@7O+xl*u$`bM+9Uj}5R4xcht@)V2RAqGY_iaXQ(=jz%Q|s7JqWPL5deA+ z##1~3gdD`(G{DA+*v4YAK~j8+5N-;R=4<_b@iV=v)y%rWK6|Ma&M=pAMM^n8I_!p*3o_WXZ$C) z3W$j0X}Upw?3|NgXLPCX$2vMXb+*PE|3tCEpbkf1QJ6jo@(4t-ahw0SNn_8->gtmD zv%A&K)uSNObJ0ozs0dix3r(oE(KhDz|v1Z`~2_Dm0y9Fh1eg!moS)=8+!> z17yVIY-DI|v)clBRpY1})RKIj2? zrQ_5p>i4zT?u;ML)IS(Kd$Q$>Qpyl8o0%+B$@Od`6+Mf#aJi9ooGRPjTWK3VkJqsd zLj0i&p$I@AZ`ZPhZu^VEc&tVK-*AJ!Jfgbp$TkX!qR%iu5>d64=Ql!`!%$qTtfC<~ zW;Qt5IfVh9Hl!RwW>&zN?S1@4^S3TcS$v(I7y=s)ab0jwQUaER#8Ky)F@r$o4SA@l z)+jKft!6+P8jW|}hMQTS@tP=6X8@3M{OKpklAc3E6U!Tm649~OP$U`}Hg3i{_|3?qiaODiHTfsfLcztZSQ{qQLN1=cXI>63e@>PX z4$r&6@q-jsiqVd*uUICZRnOk#DL4EK8b7PKAO15AE|p=x3uPD%_d8Q8E3 zOAgGcu=jr;w_WKufdh{H=c&z%N3>(_vjHA9ZD|O2h-^3 zGQEmJIGk6G#~uPdx6I&9L!R&cMHU&k3uxy^lY-v1 z!(Z>~!(ZV^!%hW7P8ZN2{}aKXxw=M^`}}|#M9k@{-hVRCde9x<&_fkuMc@A%U=nst z|Ho2Nmc$cK$q_f$ejli_|9ut$1~<>f9u`n7K;5a|<`y#TK6cn7^K-w+_Infn!YI@= z0`fq(k@vQzp)S$3sz+11Bpa@46FM0NWdYg~_p>i4>k|d`t%<}MJ#Ur|8rHoip#}tj z2@#}G`)7AajUTrZWeUH5b*J7XLQhW*IN~BiK995Ikjvc1^39E~Sdj;JdDc6s8}E6^ z(LmzX(KUE=(?cNdHIag26&omsF+ni}af={sx(X+tIONoHiUq|b$6eu1CxBBrAg&bML`AFT8kz?tMiv;fFJ8b!cniRCTA|0JRcxa&o~QY< zhln%~aD|r#``BPPd-}n0f8QAP?tf|H+(nvxDTPpyTbU<=W-Hfn%xvO<94jY#iOKS& znKy)z37Us*IJvuu!f4=H+p#L*G<}A9u3HUmf`LIhAGqX*Yg2z(Yq4~BO)8@NL87|* z=V#9$SJYh&f{&Bss%klXyG@q^ZiMc2gcLoBX+^&*E-Lk^aNrH1{B3`iS8fXv0a545 zznXLGJf&LF+H#n!^I=81_G`?vAM~eobAQAQXD(cu-~fdF#5okhym)_oOu8=1HJPJ8 zvAr*!*5;J(W_vM~@%4MRB2NR{_h2W2B@F@EPnRzj;Y#cs>O+hF5)4L2@Piwhj$OB% zsg=%^>Qf&(hwvHRDVDB7`?(Q_ovo?1Kn9?3+D_wv>4f^>Lkf`CB_7xtv)+cIH4vz2 z-P@_{ura3&?uFlC$)KfvOd1ifCv*8HZ}!j(s26a1!S_V|ZbrZrJUl$)Ei*?cz(LtC zo7w|131FdK(<@-8NV}+h`xGOUtD@8bFpNqvTtG`u#*Wtk#0yQRSpF-QaZS>)g$6T0 z5YOfvM5rFf!_WwB`!kNa-rFY%%9DjU8;li9wR%^;bueXB()K>jIC|-+e&cVg)xU_W z6_ls>b(7_D7!Rl|qGl%RgpnGg^=C6k^w0?pnbrTUPiwarJ+?b}R!}!-KN|&+Tqu+n z?Tadli#s5dL!o#9I6{yshH$GDd1K>jSia+`YQnkh^@=v9AP-fBJWt>o!4-6`IxObf zDW{;=%j47I#r2)g6No9*{$O?Wqu=Q@SlHdssaY>pAKw;o;*^({r+&aZI1$bRYI`U@ zWfab%5b*44h%*eJmHrJyY+Pap1Sx}2A?sw&~v}8e3W92$}TC9rlg=G3m6~H zRB8X3sR%q1q>{i0;i7HBhoYRkIl!;HQ{o3GfD>`1P@nfh+tO6IJ=5TU3pB5O*&&O5 z3kI;8FJ`pd{xWWHmm3CwIPVHdDuz6$@$W4h8)nk78KW;wURGX32A0B^s7t-6hL6A1 zas>oui-aj)ex>ohY5vT3EfDvq4*I*>%;*{$cxXVy?65ZPYvr}F)d-X_*9;qIiQWgs zykjvCv5;|K)>0tC53*Ppd|jPiTzR4Rh{L$^K74Xn+j|0)?=t0Rf-#`<1BbHX>DzmW ziGMaHS&+aS@Ja#05j+9YF-PB+TFiCa04wOSqRdI!o50LAUolW+PERW!VK7jBu_nu# zn3*AFF+`wG+;h=2?$>R+o^uS4_&mQ7s35cmi=_Jc5EdRGw*hHK zL|-2$t~-IPytBvWFOGSz(EiN+j!?tBY#0|NCnqT(q1~v%0WO+I_2g@!SSgRLnje8# zMDv@vKGL!t*EKcH!zLX+NOB~ubl7`Co*wj}Wj%k#Rlm_Yu3{i zIt=zC*?r}o*RR!nc)}$hBQFBqJ4!)*@9eu8QqKa4!D_O$tDEj#arjswI80^cUHP%5 z6X#`7Q3>L5a5h(v25bYq%idhX7#Dv})g?if&OV99Kc%`y{cM=xZhG0NR zG-HV#gnq(lRSDEnnQnbY0pY#fl|gF(-y>A)T_J${zbu#U!Nii6`=__TsRvh-DAXwM z;T8c_MmoF|33}eH`T;Wj^TQfCgfDKmdNh}FQik%+&c4pgXJ54E(bt!%y*;;Su=;P} z9gt}@x|a`~O~8edcxO-;Y3cPEaZp6Wlp!x3UhW6$tgiVJ-upRulm>$Pspgr;>1Qo2 zd{BfJ{nhobg@oVRFbLHDYt>5HxjO^#ykDd(dwi{eG^hv*JC{~jw4>l1z;MdD!hPJW zuc)xx5`Xw(a{x;F5$>vn=4zf(E>_M?$PX^Mk$*Mvow9;jYpYvA>Y&J3I#edFlWxZX zsN`f?@@sW9w=xR_eWAuh^X_AMY&MlRWi_>)sXbySo^aquvG|eC3`o={s0-y0p@#WD z_ZE1D+&YEfo<$l8z|NkguYyAFXeXR7=I%iUe3`um%(a~qg4cqO$Qzg6)A+ekv7h&K zoGU-sU0q>0xn5@D=1)|Z@|Pprg@TcHpr7f z!hKLi-|I*oKWn^#diihT!8bns@gr}qmR983qw>x%>KZ(D?WzRK>YYfqK2D5vwRTQB zYQnMExp>vNh=L8Y6I3DA0M&>G;^8Er7u+ZNwIOjTxX{6vJqgv(kAkKRyozc*%g~81 zob!W}4kn#no4G(|^Xz%Ln;EdBpDksrgc8Ybl8^Beo;54xyCMQUx?K z@^Fqj>^jVdDSWx&zsz`NL!f)gaoe+w@a5^DC$2$TuH3C*H9<#Mjse5h7n<4X-5r8c zn)p!=r5&WbZ*TeZxbZ{5LhTE$+Tp)&vTRMS%i3bj692wnKo0uvJHD8NH;5}=P#h{? zl)w`+0Xh6%^T%&%Jscno5(w4hTI3Mr-TQcQfGVh}^rB z53O@kgJXLZzrkR=4R;}%8jBGB3S0!>kpr$n5~Rc#0=~gDHR>o4JG;j-_^CN>ZkP?G z$AY3>na~m?0=y?wHvt_+puM;a5{&t+B4Wg91()x{Ns2lJj}$aGtk1`9BWZrlE6kr3 z^W1Lpdz*l|SbN4L_`i~yoU!6oV&x6JR=2LulaJv$3Wob@KPd|o)1@wb&$G(2pUu6y zFYyT)l7Upg^bLu*TrK-M0^T)4s~T!rVejAH{5^Ys`5%WuLZabPSyTMC(SsVs79t`H zH@9`-ckQnoz>iA0Tiig;$S5u*cBB6MeD}{XE{t%b`0_>e=+6UuW9p8zZ>>PA;v!J57s4!HvdmjZk_j|vrslwZ29UQO_Z^CKW{@fsF5k%#hH~joCw&irm zq3!-sYpDKh*c!yGozVG%<{sM0|1q#w;A7L6lFQX`rqpkC!Un@&cyxr+<~Q3>d942D z*gx6pE${&u+h3cY08QXXVH|r3w{^_Oh*68*Aptb$z>mE08W$dZN-=w>+<11B@L+hBP?1IJ?_3 zJR90^fO;#;?R{*dG?>zNJ)^naL`2(jfnDi=JpPCMqZ z@1TLH>}ZdeZHpDjNJKd~VTX0`U#rhP{qrEYPvZTU+=t@7(5P0uFdzB+X_xt7!R%pe zwMDcC?nQ$C@99QL_(vD}Q?NS_{{vK=p?DMlfT) zNC@x{)l?*4udYTMD*)h|n42OOHSE9+D1d;S=~{{2tn}NlYiQ(MaJfoW3UxtvY-C7H z4JYCuVn*b6}w6k49;y zHVz8bE5ZtH*;Kr!+ZSFnz1gku2K*qad1r zk}J~tfFVy5CPuw~pT}mkuZ{7uIp}cbO`PFt@PT-0o%lj9A=9&_I|hC{9ydv#yV>3A z!h}Ms9eNm~-!U^|E}CRX6OMckxuP~h!Ob`MvQwLkHkXvw`Q$#N^=6m-NGL9Oh?S!* zWAW(cM;}I~WDXcM{Rx~c4F{2ZCmvrwoJrFuUId0C0!jk|yxW`@jg5`q%#el-H0iT^ zINNRbTm><<_Ld<@YmdB7j;_P?{)mZ5;^CD`p@$pyR(ma=>)4t5NDciNL@iUbQQccv zDVwTBc-Jc5L53E;cTvdDkK`Xu0pgJWQzN4NzP(0~0~Rm@8HD(sLT~^{a?ipVs4h_UM<1K`PQQ*hLH;5~L{sA{1P*L=?o)2?(NhoCeio0)X&A6AEY;EM3@r5svUfE$dKnJaO1vZx$PGDcnG(pFFSFS6UesS+ce z;I{rPR6>mRH@k0mFM5?$PT|m4X%&`t#f& zrL|N}l^~#Zk;2c##YNUAlxo9Y-g;3YSL6F&nuRtrB+Bt#02M5J>Ou(pWd*oKF!-;V z_tcfC^TiLxy|7Wb8uH^!p4-T2y6WaiHJRS50D!wBD5Iq&E;M}4iHA^EG1ap$+k3uF zLJiyg1^}Y-&x6Qa&{?BKpcNNr-4Lqw=`Q`sHmj5=(0%vq=pPKx1cF;ck|qh~A|NZ;&X2Z!s3Iqy=Iqw zI2}ltlOkaN7b-7LDdX8s0kXeOU^MG(a`G#v7WbX^XdW1%;dU!{*h46Q=9N3Ppf_Ph zGJ-8Q$sxN~MO77z&%*=6@U&oA|McmTk&#h2U@b-K0#I43&6Yh$NYrRIVc!E3@#PL( zz*cB6oC^96+9iQ)pr;QA4#xP}=KUYVbk^1dx{QE-)|x8G%*zNN2=3p{HOU_Ud_pn_ zKu$Y`IH4h^6<}CLfU{`2x^_X-Q9K!4TFNx-TKNgWqhJn|KjPAW&(Z34jv=Z}xP532 zP(OWhIE=geOG~11Phb`T7#y7(#X%*qd7c7G5>7DRW zkp0|xlEB?Q^I--T4kvZ^UUA|_M|(k3@3bmNna4Avohn$#tK0<8oEh)e*nK(bin#OugM3s@qpkkSFqK=*Q{& zN1umH|JERuA_i(y0MXk)7`^*vHWV4*cAlaE#nR)$JKzficnD#zfX_kH-dUXJHkTPc zkRjOwTQflhPwJP(BVHglD127kdV1#UlOx1b^FqeiFOcYlX={lDHE&np3DI4B33hRtX@22YR{5RY6S!G4kj;qE>f#=j$d ztQ**T1;*JSBKA;2)O5WaHZif9#pUNg=2OBu!QegJJsQmv5`}e$i2ju-INUlVpbij+ z6YgN^ptE=Mg|Y2eT)`w2mWsquZ`y)n9l5Z&dCreH22e&bnE&B(y2DYBXckqsV-#`B zbj3caM&K6^JE~)<#ugSBj-kA&szTY7g+#z`p)04Pl;@WdG$(@VWE33+I0Sw%d45=) zJ~A?n@P!FC6AR^aau%+`F#+F~-*qDpo)5w4MqWd4`3?^}FIpAPXc%bjynCG1b^M`V z6nx#t7**i=%%2RmHeZ44kr2>c>!#EP>c}~JpX^@;L4EJwdBE%W(_Wa=4yftW=Jr)+ zdLfP{2(nD#GBabdP7hh3WCLCmYt258DxCd4JZ&B?U9li%NTMqd)H9NQ<-Dw5hZ;vx zxSxCYI74K%FOPi|sK@lU?Zpm%3sQsI_RuxF8Wc)M;A@(o&y8C{nV%v3?0V{v_DFxR zyAb9<)m5`QljS|a@dba*07^Nz{lu3h<_L|1I13~2T^Tnfg_)Sj|Ynq$UH&_2n zhZs!#@Z1);s=`)z`h2ohx&61@I)UX|ZMS!G_cjThP;fFu?yP!v&nBlQ9}ZM<{QbBp zxa!s7wtaty4DHI-IF6hlO;hP-b?LB@se;qLkp=Gjvj5qPGbZ9YLD&0T_7y7PN4 zN5;R3x#~U1zN`8Lhvzz0Fnh4)+@k>Je6jrWBs@A5vdgY7y}j-GMe&8Eu?Ei|_NvU` z2|1TtU{N^-3bpg|V@H1UCc|uKaXWNRMZ?1xf+|@LNV*dHZ?SoGb6ROH2&<5J$(V-hqMOfNW~WuZ3Yu(eqg%x+Klq+tV+8t+Ank+pcE%DFuBo$?|m7 ztJKgadZpCSA?m~>h2;l9if`d#gypK?4!M1A_n?0>X#Up@Q>o|qow-4<5#H6K^kT0%acyCiB3Hlr`JbCw zrTVR;P$}UEy+8{d-+`tdYd5rf)vKUqmeP zR6e-JjmPEpEXfbgef1>4KAf=Bu&^r^ocIC7z4aA_l@`x@PYha5@GDJIy&CJje-xMA zclaIhq}~pVNNRZha&yPYHeRG~OGav_@KMA{R7-Di@hpqy?fF=rwvbCqygN~pGr=Te z6r48q6Nm0cBo~pPq5IJY2@%xQxxtbOXbpl|x(i8Qx0)zcvy>yIQwq5}_X>aY3gaOy zI_BX{7s0R~Ds^Fsj$?n9dXQDm77>N>?jWG6N*uH5cRf$@?#6cZ^f{g*HB5CBf7rqaNNqlc2>3bxC=%`ela$2##2k(oYm>qcw z!7v1IY|0PcZESw55I9HviB-ExM=JPtZJ|l%4FCVM0O)rFDl2AZ?h`R^yqQQzFr|}! z2Kg-f=InfTUV7SKqO^5%x`u}C8n$^~L&>KK;cjefT>V{H*#RzLA)e2KR?dBpKanc z^76@6o2CTWd8Lkdi|F(f2s&^=l(|X^=B9UZ&MHvIOt&se}4lJG_=iUNfxV zr&x|dXQ5x7izOOxAqz+rHhf^?hr(qTK0-f|;tg5fXz(skNLy89*`<3`Pogl2DMc9b z&}T=rU$3q)7bq2yuLt0guuShnKW!5u-;*xCHT`uehy4e7X$#Ehzt@p)*hicd($97Q0>%ndpe@9 zP{t~`!>E0v7mI)(rckGZ8~)<%rWP7*p{Z{+wVr#yB1d^r~{Eu-{2I{DurQK4{tO9m*<0y<{FkWNsub zL$ggD=+LfSqjE_Rz}v+{@lF&*SdN*KR6eA1b#+ZjNulQ8Aa<;(s@buzDema(ya9iP zc^Q&$JLeClpffUBqeRrz?;pJM>=h`_&!=NzE>o`XMTbF9RB%Lt_*YU!hV@PSn}p|@ ziOL_fb!O&wU@Y>-eq8WzXw>jwpk?DN;4)ltd<;zEC}p7dDEBBSH;hmX6(_+^$23vn8?BX zu3r+uxWEb~DQ7>uv@R-V|0V?XSFu)o2rOIJtnmLxJ+&vs!Vn_~dCzqo`q?Bngt&%@d4p1mTAD^0?DeRwNv7&m?(#G8Q z*PVw@?H%Z+y#tRIVkOw4Wxqqf!JCzV5a&x(u@%f`jXQY;eRhjZ zR7M!^q1+E80Os27-P;h??=v`O(R;bMkj_Dk3b5;<(Ln}@=L49Y}yO~ z4-AyW?0b4TrPOCD+sP@(Ab7&X-rEa#rUoY|li@$Y4IT@uyRn!AVGwO6vyX>-m@lt; z;lnWC{aRVklu*MEi&+0TMn)^uh(bNj$z?RK!VReOUKT#`nm2-!TQU@bfrlqrHjN7D zs=P*2+V|!eV#pD{f*hPKAUr9=K+b+;Y3LS|hQ^lxyP2WxW3V0siG`EER z##3x)O;nuIYBtzu9FKwx2l3L@*ZsrC%d$7}H^j!Cci;`N zn}ZyJC?_&ph*7*78`kynSF$X;d_RW!W$Qd}hw?cUlMrDgVtaXErt!I7$BezBRYQ*< z7QkuuReh9>2n#19JLmpTGQ+pa@6A2&uR=3;P03;4FFI9Ql$*y3IPOSD62)rGCFD~! zASKlrY6J{SOlkpv(lqA#@QuYxgC&q6!Gxy%m8&9hY=}@jA~20eD|%|F0GVu`(EWr_ z?G4!RyGIM?!66}NDByVradG>d>XEOPZ)OJdr-Y}jZuX3xwst4nyzmA=BGBoTc?+6z z*(O2cBN`K}4%o}+62qT~u!5^4sy)?AB{g-4p=$GgkhioNyEC==p!B(Rv!cPc^$3xW zxe_{2KF7aJ;jB&@HZHCpIFE0-kAa0Hx_R_Lrbq>O>_YNi z^rE`NB{byMrG|)Bk;Q}jTcXLd=HufNBu299Q#-X3Mf8y3Okd7X>0Ynw-d!Z60I8@I zVz$Or+N?bFBHG%Ic<&GZdx0~XF=)2bnMi?!jU5Wt0E&u<>85Cau<;8u{A;11B*xsx zkH3i(k#>w9{~6<*#1Onoc!)=|3E%m0v$L~Na!-do{}oct%SF^IH||IxEI$@$ZZo*L@y>TPIOCe{{`~HMER(PVCCbfK21e_6AZEM z*-S;E)n8LM#}oVc{?0{Pqk<>i@VosERC^e61(oLYPZUsQ5;HC2f`;86eAFpt-4BtX zH@LYch$tyTc6V7JL?W>&g5%R@}uuLQ1IPHCvrlM8dn+(zi2Pmt3|X=-Xl#6UbR8pItVgLxi3s(gyg3)=;a`rh5l z0t;fC5IDO2dm+mF2@lF-HR){?6cny%t2#mSKkJKc`qNF2L~*nDpX&9bOOBNuZ!5T1P?^xEjh!jQM2fQF<@>O|~ z>lma9K1aMlP{5Iv=`v2=METdn5R6Yu#Jx$2l1MjXW#@i8>Ik^^{QO!lyaSA@S3A4& zQ^aaqkOx#2+D&NZQ*(^tcA@EqWUN9KllQ;WPO3QJr(oA?22 z9Cb@s=sOM$2%x7CgB5cf2ex4_LooXhEdy&=gvI|Y1q$^93FmyrF|(TGA%muDFGBOH zI%-^_W0ROvQ8{1w2AKZsAr<4-uQ;Q?;Dlqb{M$nwAnRp92cH_Xr2^A6V*LjVw~?pz4J|Jx7ZIfV`KJY$)9fZ1y7(x zZl9e+TOlPiij)+Fd7EN-popEG9{KhyH2*E>GDdb9O-jnh_(<@pS2!4epKyGQ%Xk~Q zzwd&~=-r!SK`;p`T?SN^^J@A3qv<=qx!&LRNg<*rdqpK=?@dNzl&owaJF+F2kxlmA znPrcRWbeKAp4poS|L6TZzyEce>*{o!(|vK_wYfE+Ijl|>`f#o5oON&jap8~$>Wr~bTnrSDPU!&Pk$;D z{`T-l>!v~WAKNSRr*l{V39v2y+cS^6Q^S&5n)C_s&iCQFa~2drK`AO?%V7Aar3{bh z%d?>PHy4?C5Dt>&vTA#5SNT&{nK|K{2o2-5N-2qqM^zQSN<00-hs3H{<}q=x^b?H8 z>)t~%+?7(6Zs7jh-ZcL}iXn~uzu%^EXU~M>86J&sg%&e&(h2>`@TL9jEwV%V?Jw_j zYx_pXh)EfmDAnPqE0x}qx$(K)Jui;}>UYR(@&njRGF}3{Z!i6?oez3oy5KwUeCvNJ z3p31Dz}O$3ZxMWQA%FQ*5-mXo%+;B8%0}f$9Ico8v#s#NX=s4+r&z`lpFBpS(Vdt; zhkF}3HbwtfHRSEVCGEek^yR-je_xu0l1VAT)q7TGcAqm#y3~BuqkI!~pXSLm);Du+ zyvI0PM#xV^K7D!A`I`RQMXo0teVdz`u;YWFz_j8e|GzgYc0Z0I?U{cJ*^B>{%6)8W zpIh6_vq7;27>>-+UsH&Sru^{(5ex$ zb=-h*Dk4iA%cof%YE-z^W&1Pl1;BTAi(-r_G!(CIbkL_J{lSFenimYmH;#vm6~o9;^lLZKJCBPN9~}-l*{E( zVTE#|bosE9^M<+@vJMUPVdbq2{N{qex9icJ(4!OJmc+zCbr=MXbL9O5mVm&y{#G=I z?4)jAD>Pi>NA_qc+BxJIyW12OpAwUhHP+YTeG;a6`qTr;C*{)T*KZ&vNKLilv&ks= zLi+>sw_zPR*F75)zO=>qTld^!7ubJHEn|uwniQIUUlu<6Q(^dVIBfj6KkvrF_9hpw z!9;qt%^E6*r+`-^zzvtAG0r80!=~BI@nZLQ(DB#hF2T?38wwg6TxKH;?jE1}%Uv)4 z&YkFUFT{q!@#FXfGz9m`)>ke zx7`%_8KbXENpthqPD)|!WeyuE)IYj5PLZ>GN^G8Wj0*{P)C?u`Vk8aUp^#2SYVQX= zI1MN7b=f)$8KVj`(oMoIKM4PFlhVB0{~PYf_=^0YP3C%9em*Wxn1fj~*pOOPWZlVa zMh1m(U9t#*I>Ue>zUzq#6gXloS8)6Vl5pJuMQg*ioO}Z3YwR#llET2(+$8b9CmxL~ z-s}x4!&{vQg`3hcFT(sIoOlX}JAYTRfl*KAnbqx*0a>1IROEO+*-_1?v+VEj(f9;M{dQ6wv6W$u4zx_{A zMu{&YcmJT(al%H%rWpA!aQUx;ute77^5_XjJ_4H4Izn!P97~Y$_HW1cje{-%U`vjI znH~;WUC&!D(7}sAIkmjgvsu4>W(F1ZowRRAmY1hw51rU>3v?=Q2-_&d!d*P)c18Jb zXBO?goZkkFs8!kT_^Db7!1J1${;s?0E}t_g{L00h ztD}}M?*pqbXAznQ4?5~P{GSdOWaXsh{I{gI7tkJZ$IFv*M7q~eiI{YTof*1aTc98K zrlBTBjy&ix^T!%LO?}|h zjrRTnk5-%{fkQ?qkDivcs%~d-adCJ4LI6p{;>dg<7QYh2>U^e*IBt)Rk7roc{+RRU zGmeqV)bbF3I+ttSrn0T4rv;$(Irw#|%$k9hE+5lO8~IIUt4N}lbYP78QfX~Y^ONdm zU7v!U!yPX;W+a|V`1;@0zq;qUA~*c_$&-LHttqo8n9*xZ%XpH#EQgB$y;^jvg`o#R zrcflN3w@pvc@;PLG~ zc_Nd}r&OZ4rEif8)PTUx_X|B+@lXLY*42x%eOfYs66i@8Q^wP&R}zOtm<#YR7#IaW z>-NXg6kL}jz$+IlE|J0!ia@B7cWrFzR}bKZg8X2Nc(dWYZ|b&CDYuj1VBfHc$riT@}=_SuVVdiH&`ok|Fx><7G;AaTotp`}G@_-*7Zg^-j-| z(Zv}f1G;H6ZmHnysmlYb!5odPqB2agBLe5K&%|B5DghXBXMRkjNGQVo+D16)BHbAQkK*n_=qZMeV zzKGrzwNb=(h5h~Wy^gHpICOyvZS`nKYB9gvdLU?O(j5}3GWe6j!V<%G68ay~%e!#` zh6!yBa#tXyxTEDP!Vld-PnXcqCJgZIwiJNa-Yc8JCi2*yLc+)s z&QES-R`oQUK38I3)VQzm&L}^PLj1bvTl;c#eX&qDQ=ddLwOlwm0zu@L=zN^|(S8!E zv~U6XD3!avB}CYM#`KVIad80-_bT*pg50>+5C3PtE8x~X;d}J>5p{H@cbPnw$-ksh z&EIA?ah&G31=<35 z%SFN)npwO}-~CZVvzWCFRSgwYR3v>~B=)B&8UGLdPZDwpOx&KNlaiN{<7^2b@w=Pl zl3f%S7Zcbx%97lRQg|#V>WeI}b!uJx zwkWGpRZtgxE&RD|w9>?vZu0QR2t`y^H~H+-(i|!Tgj2d(vFo2j`0Z9&WyoOjg_maL z`Yj!>0Fw>9o8(M#=kfr}RcV?3@Ar}rNb<(q90O{&rsftJ=nMgyNCA=z#B{q_AiBF zfD0X$(w|buS#L|^iS@<0A&OW~tl#3Z#ed5ig@uJ)ab~|I#LQ%{AfG``-%P{dvFLqe zYH5wZ_t_m-%|BQXZ;TE$G?XODNg#@=uL$8dze{@NEk^?-R2mi!_4k3J@e})LWM_{|*!>7&!L!tcgWF zdTF%=Dh0)<6~B7~CFl+AcpRu|U|{g{e7Y5^+P@}5NLY}~IZ`cZKbu=?FB#f2a|#U$ z(|zO(6-g2lu!_gnq|rvgmGARh4p;rlLNL!;W3+mu^eN8wvnW<$BrDa&x1@ISx@VJpcavMFU(6 zPEX{yf?xqV@yFvkZ^Z`UTzL*B`IM%{ncMG-zN8YlUw0*3<*@N;?e{xwGMBR>sRH2( ztJPz9aK7~eIoYdOs^gj4unhiUN8jtr9DqVQyO)3s?L{^(Aaa%$jufkxLLd^IiCR~K zHKPE$dQ5CQ`1Mh=JcCY(%>(cOVuo7)>MCT|fgacE>MO?GyUT7QuL%GsAnZ!?mcB{- z8V?ZI=IxppMFJBz9N9*CD8;|vwssf>>;arMbOK~+qbDCnk@=2?4Vj&>4KJq!qmojI zjj4}25f@J&JRj0tia}$IkevWfC~X=L5ZqN#$_-Qc@PW9Z zQcF!uElShb%U|-J;~(X8S_tp)FB9=;tUvl5y$2TT6K7x>ftr%Vg(~*S)bJ5AGa>xF zF)yA6DF$NC?n8J0o8z&ap!3o1rr?i~Q>$Jbr~p$2nV=|6#b*P_qPX#}^A!;~00eND zt<5x&fO@JSRD5R05x9EE9pMWGxzEr3VLa_Hc}?*_kP`i9=K;rsC_dmyq+I6p{W<7> zrPaM*MRX$;qMuHiOo0rF$ZGepSy`ig|LfDGoS6`e*LT98we>;ywZvhlTgQIe@~jWP zcZYYWu(2~+9Wb4=9m8epS~-@u8$g-yG?$B>QXNg%Ix99c6fb{zzxmJIR;$xKREC9h zFeXwN;RDPnmsZZN_DOOpT1e|>(fcW;y?_(IZQImKHEVrPyYXRvEp_O=WqWaCvy9(@ z74O(;88*}=oj-gBE1oNLX;xhCj{8ZsqE3JVoE&dqB4iSN8H*tXS^>~NQZ76t{9tlH zcTlmSplFm^es;npj9!~*hYerlrn+#D6~f3dO!NP>01B^Px57i+JxQT{RQ{cn68*H% z{Nx2Nr1j7ne;@e~t-dF%4qBWiN8>XyPq!U_V}RZa^Cp%UP`veMb z9JfWqJSTX^9slvQ6}!Lcm*3xzz8^LiR4X8sclYqn%b`u+;3F6OFc(7hx}a`$M+vZ72m+XuNyG{zGc6zMV%<$aR*zSbRaVoOFlzi`T->WDA4$X@ft-W z^!45OuxXW^H`qVyy%9LRb~QTNZ1W*7o|i<6IojdZg-$hCCjhDT`q=4Tn2LKurMQ;L zTu02;!klLXf)LW~=ckleZ#Z>b(B&V}r7D|AsCb$5D9b;jz!;W7y15yJioF`$&de8d@20Q^U29a>+ z=?0NX`*T2<%`~AVf`HBYyQ{bV9i80IIhfx16D*WOIkX?$oBXwNS^sY?mtw2GpI^%t zuJ56V;XxoXg{i5`AxAA{B92V?1~AIbwgT&(dk-*&Huv zG?Lf)KcmPc^M~4S!gD0R!<$E-l?=NMqi{aHI#*@iF?wH`;{h+j>I05nitB4MIT_|jegQy^#y)Wo8*bt!GFIB?3Q zOWk@ZV`Jkn$wqw3WMfTKN)uy(pC7UVJ`~NOMJ~faAjIc8AfsLUY5PUx7nxuE8)eUcxCkC{WVsbeC-GFbiBW`t~Kh$c<+bn)N zpQA$>=rtdu4~CC{(&sDDvc8CVA36~1`swORXEd_{LG=3Qd*9&1>J*&|bej{sl5xPR z%me@?zJ4{58oEh_RH0W%e3CBP{Ut<^%(nAWwVbVizCfp>%8qU$__4)B#=)vp?+GqS zYRmBQ#?R~>=$qthyL{DZ^y%X`O;z7LW{vJ_9+BTbMk=8cPJcdVgp3TK%mJqr^M_xZ zL1VXb_2pPeCtArWGo2zCa&1CzBy2ENHtwg>XE=Q&uitxr^LL51dJDY>to;4~g#dA2 zaFI^1)B=!G9dYf?_y^Ie3G;g&cwLw7=+u6^`P)6D_LB1Ys*VemMK~{#lamoVlET6nsDA4_IcF3lmmi9F&2_5*$p?syE11ryMDz%Ue zBEWOi2vkF?ia($fh?rr0_`7bdnYe!yH_%LDmCjTvy@@yB*0}^7%RjGn$?Z~K^Cv3G zen$ut1b3Yo`T$%;NPP$#JC$-|m8Q%ooxF9rc6G4BVH(8P>n5tpWKd(5S%@%c%VnR1E2J=0a<088`a z>mYNS^z&QLCWE9(AGC!wA!Jlk7$+8*)<^r26QcL)c7%_ewi?2gzhg~Np>%aK6*@I) z{Br$^57B<21v4(DucE_789-ZzL&_~S*Gn~4=up;WumbiDaN*Fe2A&o*G^M$-fPoau zqIL+XLQ@8#fV3RV$KapLYrjB@xYL9D(R8+G{N2P`Gd17B8fXK$61fti7MOYf!DBV` zH}`P)1{E4+!T9&+(xcG=ZOGbS`LH<=u)?I#FoAggF+y6!wcas;CjbM-t@oD= zkJ#-k-dg`@;QO$109S9}kRw#KF|5{DErH2&8F9?PA1F<%ZBkM7#&SSG365g&ndnb} z%qn`*KR}Zl!V6WiZ?M0Zn3!N`St-J3fu4n!EIuN;1gP`f%V|vrM7aB!Svy4~k={4# zi+qsy84vBYgH+5%Is=7IA7%0>=@2XfnAQM86ISOVZoYoO&mb5nFfdTh zQqN<(++htQ6k8LHjKiXNKax#p;O<@NN--yVc;2NNsGPR_;!} zv($S!sdF!s&FLSp238F)giJR!;Y$Y$_ghVLb4c^D4JzhffNFu7jJf!}+R64z=$`~W zu)@+eFeo%%#l1x?7%>tBKi1XNm6J^eU=4FL5}eY<@Li@n5{`Ee0k+9ybaZz&XC9d& z1J{**ECJGp;kRbgaigm&`S!4l)LD7~crJLS=^)`$E-8~dT5oWRYmOnubJLYo{@KBV zflXLh!cC&z6T4utiXe(tKQwew+D2i&vYCzDCl_*xiek~awIYwn!wQh{P|e9{as6~YMRl?kz#wY&G8NG z?cm3fjf;C$8!I?w>Pkv?m9&kc#`kcV6$8~62}wE4ZlPe}+-!kGIrsMMn;uWeQo+N` z&36?qC_{+!OLU->M1w9MHga9;^Fi_rLm`wEXc%f8d4ehTqioVzfIfiD2y&_x_}aZA zRiQ^juG8VCOd-Z`m{49m!d{W#GkS|C47?AF7Pq%FA>=7Q**+L5)DNI)o#c7nhi=Vf zKHO4F@V!4x#oR1$$z`~)@^z5~hC2Y3`ki0wp}4ODK2o7X)ndIG_FEu@P{M#gCjgEU z!%yB=SSY3aa;6MnKpEFE9vxu!Eu^0HH`y|1*&j`e7v-;h>kWor2D=RNxkAXz(kf4$ipW=H!$anB}P%4m$LoxG| z>Ha^mN{bnHgRIMpyxxuu&(5|~PM`6))W)LyWP5fBS`QJozNo8eYa9^M*Y)Q-^Kf`S zz2dQF@N6MVt#S_r9xC3?`h$U)!5{zOi~(2rjq`+*f6B+DnOJvE+8lfC)jn?zXah{^ zjfwC2u!Zbf*?5O7>#db(8a^YyuGw6>+OAP>EFk3$sQ210gq42W)ftMvTyUZScpyu9 zeS>D6dk-U25P=aGN9k=a*xVH!v>H@v7TFj$ZcR~-vKhcj-we-M*ey~*^frjjPUCgkSDj;o z-XP>mc^SgIJF}|tZPA9E-D>G8PeQe0TI5|8-~Er7e!GWb!DRaM=92RO-k*Li;9!dQ z2j%D5Y&8a`8$#o>iMp-)rKAlFS9?7tLCF#sX^(84yHd9w0OPDH?A8D#bU8((9W8J9~BHx{jWaN6iAd}T0E9p1ZYFuri3;?v%*E(cH! zM6Hhwg9Z)GzBE1_AaAUpU`ATOatqL>e+&Lo(<|G-W}t885BKq6b9~5$i}@!rpZ=jI z2fPNvP8iXzp;#@9;T_s;e_`IzG>F=`w=P7VUkfw`hCCA!gtN`R7P|)8IXogVS#$H| z0ZC}oQ=;O3n)tcQNTqzw@;QnxAD}^RPL@Iu(pS8Hr_R3P`hK5SMrFS_M ztGH89b+m4<O`KkogD9V$B- z`yIIw^9P_ObDnomWbF&9Qpu%oqqEzGJY?f$tBzU*p`&71;DytrZkv>>F6{pO^h4wKb)w$$z7gcjK#{Bp#zVM& z0D=X5!_C!vilVoF83Kuy6|=jG8}6c}O3zN<#LFfsF{cUU2c_Mi`V@&_{<`4nnKO^& zz`gLS7g9h2-XT6k3d=f>5DtlN03?oZ!QL+Z2Y?*O#qz2$7|M%_qpc7|6&4d-1_M=y z)OoO_aA&K3TF>hLR%pui^;r*8R?fxUK8*qRlLYJIa5`Mci zukD^1g**-W90vg6i_DtwEBk3RG&D^5i@C_nheV+g(y96I;x4MZZ%FIEagI9#c+?r% z_tSnQo4W5-`E&M2AiL*)i1{geMcL{Va6_HWR0hHMtQ4Fd6Jt^lNbIR}r6Ve1!@km+ z^ybFJ%8yq2r^U;FNUX9p@FwcmEsxhmg-A3W}nwohwzdyF^#m&0r0 zQk|Ydo9K?2F}V0;)NR}&#SfGx8(HwErLw4zmffs{iRRt4=bRQJTH9>?*!{>^l6ge1 zMEsUL79r6{Ip2Aal&sKjJ|w1`oJJlAiWk}2T{+jF_?8n+WdpdU;(Ha97(*2bR4rDT8kf)0Xc=?t~Uk7yfQCJ7m?t%156 zCcQnO%)W*5C-nPGYipD7DjWp=0>vkbuJ8khP+sr#7f^z>IIw0$ijD%G$-<%(PP-7w z>nQHZwd((bnD1bk^k#*ow?e`J!H^BG0jW6|lJeX#s;76gMfz<81rsQPzJ?_*M&>_+ zu&6t&FE3;VO%SEQOs(^icd}xImjLwUnEc%qN|;~Ser|i`&!3HSZJ&R3ktnt25$Qr8 zQ~GH+^Yz@79tRXErO(G{<>Mlq$Y`2MZra$`>~3uk(YJOL;-#|!l!mBGhNj3tIj=Me zZctgS(IAH81trx{A^>~bm0MpY9mGBf&PcEQLxDuMt9gK8vo#A`J<82ZP4(s%42gG7 z?*GuPxyGU^nB{T>-4Gzqx9m5DTR|TQNQ`l4i?yLk^4(nYhk4J3`rg0K&Nfqeg|`#o zf2W4iY&0hTCO8ZRc!^>;Y~3z|FhL1b2aE{-Sj_{d^9O%p_)WAj?9x~deD)YypP#;DF4avZifP$p3Bw3*i3(hGh< zFue2`DvzNm;ORQ;MB5a#ewLOtAa8KEx*#HZ&)c?vRqB=Sdms$4nGU7~D|xz8AJIGz zqA<q2EtS4O6yv}D2EvAv!d2j^(-&Bmr$gdk9|1#yE=uH+1 zjlJB19;z#b+mCxg1O#`tD1^hfJ8xiq7x(4wgsT&I4YgW7%4zBVpkC_j_pgI!8}2}< zQA;5d%!0_?SS4kj$2>elWTThjwmsy0AKY!ad@*;cL!eHL#q}x{6U-v{nskF1=VWI( zqeeku6wQ4|sCo5Ze#h~p42!6yl#kJ3x)17{O=U!5MC)R|s~eQ{noVLIkJ_bQB2A=@ zptHY)CQqtuwB=agco28p*~un-WpFGy4q3fRbaVvf5u_X<<2!kSH3pM}fYQtG{eH3# zi;gnNteaL!jG~wSFX;j!Bk3S2O4W))fHJ)`un|sNq=5ltBFOj}pjw2#1v%8hU>}^m z*KDz6t!!;}kGIT!IbHaZ?m}A=%l(0V?XMNE2XMSf!7@XdjK~4%O94FjkMA5OArTif)rRKJ*RNc=(LQ;J zLU1s8BM++3@it1T?dq>yb-4ugpowigcM*B7A%Lx*=``tm=A@E3_Kuqy0+}Q65fRAN zUoDWplk>Tfempz7G4TnI$1R;f7~2i*HY!Q|o+X8oUkh`8FsR!2e-a^SUny{4f~JSb ztPS?6z{zHK9Ll@tDyHRxP&=D8fmzUw82rJis$dOh7Asj{qBH)nRD`1UHVf0b1|LOQ zCTtpMdCMy*W&KtIUfLjsHV;pkxHI&w1_d#BgWn@_ugHU9!94n&pLz zwH+c0ivfVB=_PbxYIqGKIAOCj+oP8Wg0QQb?*ZlBC9J=7?Q}r?r_X<3Cn(I6+lP0d z7SIj9WH*$d41U37^{@0cECQ@#x8Ayw9;S)&9oX22-Uf!7V%GW5YR(SBH?mnm&Jz?Q z=@zY3)s^N=!F zg_JrAU3{@lA;6`SD#IiMfr)wh3w3Q?sDI?2QR*}8`-*w@aDs(HUhGpQ z$yeQAr}-)M(x-9(QF&JL9XK!`BW89d{0`Mi0T$qFYpSscPp)~TX%r_=oqXC!G5#40 zvb$R4Klsb`7WZxj#JcH5WZ153MECOAz0q|QU?k+O-b&#!YMKnf%*w(v?d+30156$% zS@?|L$w5z#sNCpVZ{639 z`@GccPtqgD#pq2EWWGy=s`qU$d;YWO3jwD;Z;_+#aZf@xBnSZ!!fUlg+>=x*XG^y^ zQ7N9QFCi&7h%z^i<~FgP_Ndd4e@+r;*8fc@Uaj$gwEYW+6BZ%0th6TumVW-FBZh2L zK?B&|u{llHA(_3sx^8t_=eO%t4~k~ZdA2J0UxiA_bVsP5iWe)UPDTasR)~n$_=B>{ z;6z8OdRbOB@#Eemy-J!&0#p2m0T?zw32AWmF6aAkEFkexXm*+~a=~XaDqz$8n<#zX=!J^KrrP)ZIl1PhgPLvlHHb=;-K3Z1zGi4Y$iJZe ziyO84hK-f8={T|45ZARign)$kLYT=(P+Oh*Fv zjzgsuqo^=sZ8LdP?waM7`q$l=T2kQ3p;`2_Qp`ig! z7$w`Dsgxx1y^xWv3%1ZKG~?4AQyRJd7nVYW?Ky4PJ7ePzp>y1h#A%|O`~cgd{bn(N zp|tw5svym8!HMnjbrzk^cpbM8!X;7~;~P>9V0_iGzi`bt+p8}6aTKhOuqMhdVwbPnra+=+yc4Kl6>dn4&2mvB{ca&D44c?ny;QM z(!OZ%l$1rrDwe;G^pz8g#?WJ$o0A15bKbBNa9Dtupk15~f#Omx)0Cp~OSgc|ErQQs zR#_g%e#~spYA`sm<(Y3k^h0*goM zJno@IY)s0qSZ-!r)hN92J30_H&KL*+EjQ)$)AlJHtrFRReyl!>H^4?V>+M_&v4ckE zoSDULYXl7rz!-iZ-L|;aMQQ~(XOuh7?)&vtU2Bjo+7fVlFt>+IE^@^3B7x5bmJ$eJMiOxp8Iy&yhLg?_qJxX^X9L%XtR)kPje%7fsPFpNvbJX<0Er%76Wbxu_C@}w*0 zno=>Mg4b`GE&crfMJ|CevRvzH_=6`L;WmoTG6=cXnG2*N0H(!N$%wbmB0m_0mWa_(x8GnX3_*lET7> z0s6z4+Mjhd^Wn+9S?cpBy$p#e=LUy0YRBY(`%c=Oimmea>apnVtY^$T^smp9LG^E0Lt{>5%|?oiK+6+>fw!$MmI^)8SlNlF$E%0M zUMv8YJ5;`BDHTkDn;oJ3ET^3tT+US!PWWVK^&_;%fCgkf z7z4$56Qr%0P^@_ZU(!_IbsccXAk{6g1TZ;}i|0%_b~%X3`x+G|!}lEaiz(lkVGvaJ z;FOfjIt9;8;f&?cGBjBZTV1_Jsvxca&2?XS=qFsi+7DpS^;uFjN~v@B`(y*0s`zK& zcAL`rfQrEcS&CGzj^b!Hv``ikW#F9^Z-S=*o%oxTO{WGsML%0dyIhY)_?}@m^vunD zUgGQ5aZlYr9XIPC+iKbAd+^x4VY!`DI#kE3U2PEAfp3=b;8FlqbL$z`VJ$?+ z5a3b>&<~D3+?GC^s0rs54gC@PN?E!rGdCczj7tRv6D2J@4J%MF{2{e4WpDDbz(Vu) zspi&JYG!6#>7RZQx!QRX_9p$;C7VHO9d|qj&w|zA&?=CG2Nf8Cr{J&xVZ7A4t+%01 zz2Rti@tBKmI9FbiGdd=Zhl49!7^F)e=}S+;X>1g$f5Td5R8qgVhj{Z}9Z`X+28%7t z(8R=-sEM@l#6S`u zKRyoNupSt)3CMmSpCQH9@uWb9(AQkU9|6I+L$qxkw+J|F$_*+yAKpg+PRH9Ih_nK# z7x%*2?LS3`L+H11?3=g^9xgf+Hh->llW+q(1Vgg{wHUZ9yVPzcO$_ z6?lPZb-U2-irw$O*0~=CQ>99dalRXhIUeYMiE7vjprerCqk^H*Li=i;p&$A%th2RT z?XVbi4Wk8A`GdLMzP1+=1hFbQZ&P6|m}`S){)|Z%#5L+>g~<^ym?0FFYg4IQf({h~ z>*_2a=1L@Yi2lkk=^I8g?9RL_5WcT2me9EjhAb~K51QaA!EQ!Bq)GDiwj9mX#`r#J z`E^n_xwmx%$9&oCr?s}naR4F^tVcV0t`c(x@m67b;4_d*aM*hJxeZZ}$8k5-wTJFBV zN=FaeJiY_Mfq`(i#9+4LvF+pw?JB}aKHAG4_b{(Z%gOxcGuBXK7qa;Au!nnZ*75=! z2bmqLoCGN=B9`aAn@vw>N^)oJ@xcYPa3>|itU9Y+6D@9X@+B5A#ey-{)I1JO_B23k zZb-bBy~PM;qV>wZjBDxc&}nH4Y7?Wp%Z-*p^Z&+0F9OO-WWD^aOevIAUAX5sbPqA6 zFsgcyd302D)aJG;u%2|l%F{OQ&;ambht6zZQ5c0G_Z zieUN;1 zpZhz4Om$fwmNmIpFsvwFTl=#V*8dP3u~_UEPu#b4QipQ@T{1 z1q?OesRH zf>W09pP?|V%LT#eqiXT29&*EQeEAU;$Us%QSk)!PD0=q@-TC-A-M!pMmiE9j(fbP6 zcG*m8=|!OqjxXeWC1|v&KjjquE@A`wtM7+NnP;Bbgq=^yhu>;b&C+x-!)rgjFoua> z>s{&8PQ4cn<NgiR zC)9@mmuTFlLVEbB{RJK0ZK^4$(O?U<_dV~rV%Tp^SKEpH?Ah8o@o?GASBh3r9h4v@ z^ONv2e)+l3p_}1wV?4-!ZGC&*FZRdm&x}X{smhPQVPO>+K_fO+YX5jjNHBoq2dd-k zmt{BaK{BJYVH9+JeAcC7BPgJeX{ac8+|V&W3NknFnNul2!C2Z8kD&Y9rKzD&|M@6^ zobT*O*-aD`aDCD!W4JZs9BB_3LdHavU+s@CJSd2##>R*Tjk*|$nNYy7MqwN3zLi)r z=wtE(jw9&Kb7(&vucz;6XQj2NT9-MgHu!Z9>*2M}tAve6GPhe#6)Tv&-E3wz5g`byKe{}|p9J~KVm)s|zW7!{SRlc^` zSq~p05girI=Y%WWu|a-|tyYY>%J754tR|Q}x_^BRG^c+W6Txx?mC55zucbCz z%PeIngPCbF;fzOqNRtf`MV8Zx5c`BPgu-s4M&sKf8!L3VC*R%03J1eb_A9j6?pPml zp6$76zJp!$QA;Za2al|1p5JTz*a1=bb;D#o*<2Tv^v_#eQ-{92RgCjt_-oUp27X;> zpz`9i+q~zn&F4P1cU~dhA|NLDV0X5;tHq<@Fq8sl@s9WsUc8?M1Ng1$xR0Z7N%Tr%aQcX#3uF7t#)+xm0|jok35Xn3Yt zwQKk@Ls>=rw25-VE6ofQyw#p!s}Bcf1dl69au?>n0KB;)AtEN5`$2X>w{ne}dC5$l z1UN#uUhZM^2)T7t6o6tr_rI+-fs&DHFDK815twC4TAQclpYC&IRL%!WWLh`=)o5!p z$A-)HA${3dZaB$pDnj&^FJxqtm4r#+V@y=$P~GF5=Y=?Y?L}1O13vEbY|*&QBBB&l zOHRZ=d|cS1t&m2$+TT;HNBKQiI~8!p1p50oE!+?>XjZh;`oRIwsb@TQ_qIyk?_T^I zWHUaN>x$UzbAN#a~_HPAhLcx4WkwITN>b=5(SsN{^E} zPMxT&T^7Me1y&^qtFbWO6m$CYZsW5+{ok!XvbJ=*9pD-4D^)+BffqW{8~t6&w%^G{ zdgA=i$>2QSCE+YUGd>*dqOxW~Kfjys?=c(jD+^5} z4J-^kw<~2X7TCM7PQn{tg*!uw*NxED?O!a1?9Da;n=7qae~48uFQqjDb?!+1WOn8n zN(!3};x+Ccn5R72N_0=sBhyqmLs8I;v`I@~y6Ob-=j!EP_${QNK*uGJ^dhpw0Oo@i zCrxLq&^5ratm}u_2KN@PHSVQw;q7VXLk4bvXLI4Lr>5H{30+$9aomkVe`c>`PdLX( zH+yHN-16uepZc}OV$_q=XgwJe6jUD~@~PFjhMg4#xHov%UDidcSkp^?@9o&bP@GK! zS?=eAzON0lRhfYdV4%b>5Ekq*`{6GQF(`Og+1bTTSU&1+#i;~JhRV@4{;Qk?1F6aE z*%a#aks}XfhGw7JuPXlTh@9@M)S6jlwzRaw9OCdeOPk)0;uwxkW87EPwh^1DQNd2o zBtIhKY&w(IE>aN0R>uQ^;2!x8N zUi6Lo+S+ZH=krlxe8wbDx$Lh%*94DU4+g>3Cf)AaUKQr4-)()7h;}1_*QKz!8YAZQq?W8q%Z*B&x|H)tZw~Q&^7V&2bxtrezyk$fs>dDN;9x5on=fEYpvtV<@fH^!%iF9-njsE1k^g@y z=tRV#w|{?OVZq;&!-%b2j*v;azCByz-Uv5$4F84ZkG~h-lm(p6uU{K=O-Z^Cb`okGtes7P57%W0FB=4F&4!B`cSCjA4S{k)j748e zWx`RiIZ=dDt$eMQ$VZW0Eq0VI^`m$M2Nq{@Fg?A)@v#|dlMJ}o3XzMrP~L3~(KB*H zww}fQ^?xph4vDM?e zx%ofdz|99s`r}jSifm5Vy1&8?yo9(;2}ymCC--;qw>0sn$O4w1y#9_u{u1aa5FX8! zXEeh}?_;xqcu;sVz$sMCf`UJb&>YGN?jk|kxy5&Xnq zf$sS^Ima;fY^SBR0vaGv3{DSC3&*#RcXsH43AvqI!i;qO4d6q|YCCeGv6uj%2-fJo z!7OLYy&B5iUAP%;eV`Qn)k|mmCFCD|wS(niR|T`?FBGVNzJwG|y)z%VEtJ zmqNjt_ayZ$d$D6?3!q&6f=ktY{Z^Fp!x+|MS;P>1x_0d*(Q6(McRZw}y)Vp72;Pz{ z!=2GX5hh5Lc^0He(yXa6Gl(UjwJfKuC|X@n!H%_3*mtrvxoC^T38;>YAXAJW#_sWB zdvFI6QC#*2<%93M+R>y9d@#|6`0W^yKYqw?nUCm4SfcP25f2Ph5;|>fQxaz^YbXwU zd(N@)0pIWXOSI$^kYp5=7uCZd&KJA;mYt+0f&bN885M4%h3pTkKOnbPkmhI#5cIVB9=dJ6J(!J8H(834UhqiaO*F(ak)mDcg z%z*+zd-qDS482>kT)%^tpWk}HD#s=vQgR4}e=bS2;vygmNS+C&7~exQg|PGXSBxbB zEN?J*m4JcPCVaNVOFW=Ywgna3aHE>JOyI=Pz^F#F(0R@wT-!<=YNTCEj8xnK`=v&Cw+gnyOhLaX_go^YzD4_fMvr& z7zCkVJQNcAh4nZDqVFI;#w3uKt4gc*@9Eim-TdN*V@^!SNWnB2P~JM5Dt6&1e?RU8 zQR?PF?ds$PEy2bSiYnHLcXJ<~iPc9=X6*Ao{d!*+@^I^GEs~N zGtI5ZrO#Cz{IK_OZN6AkDiHq2t7I`Ju+N9;Se{8o0lwmyU#=OMF>G8MNFj@q@jVWX zji z6tEt+7wqH+X9)LuwGh{us`TgLx~HSxKlcihHG*Y)kyGPGuI8@Q>ECtR7e2fvtGU0j za&(fx(${Q6rWtW3>G=p2({NDX*Isf$R?XHt`V|*jebiPpa$UTj08%jU>LY&1CA5o)nZ<04&8M!4EKCgKc)(i5!FmpUS2OMbHyyS_RkW6kceN7d(3 znl^<6MwEXU00CcmP(_*yXELpyoi>0y3v^V?m)zz<*&Y+ylqQqE(I7h_2#S60!Bv*U z!@r$!w8?3wuG=9A#PXc-2CL;vr)lO=WerYLib~OKWfOGoBMnX#R+PO<1)^uFQ<(#$63OcP41$k6NT$!2P!LfD> zuj{RFCox7m+m7p;rX8=^7}XD-;8Fh{zveS!aZ;BJ`i*!{6^TW9lQLE zy*DUdPec%48wC!!SK{sC40*J@&Eh*JBceZMpv+O%_Uv^0ny-5uY)^L~HVxYmp#T<*E&ch26=exmD@_snTXt=ky^ z0wNX<-x7gkNClk8paOm9(R)bn zf|C5+y_c)0DECC2n8ADs@rNcGNKU@{&|uMl_j5GPt;jL(C-@XoeA{lWdc_#eYWp7Q1h1R6D3G9i>Acc%RT9^~ zuHm+xtzO*Rd@n9wH(qFUX>*ARj+JCBgK4zf+_#J~c7!PeB9Q)GcBFH}~j$)h_tIn$7Y z85=v?QeKaJge*@w^4n)NDYLYmRb;v z)3n=G(Z{3+1ZuPA!NmC6V{p!U?}Beu7?p&?s zgqw)RAs#5r%D%mM2UR6x_Xx>FTo=mxwkg*MkMO+;5f%Oh%spHvN!s&=Pdy}!*Z*wk zJu*HjyouABqivG|JrXez>&?tsC<4*w>uf^mzEfezslS*lz>WpI`l=4^)Oc}-bk{TD z5{>2p%@=v<}aU z1HK{zY%DHZ|43nXvjZS%@qrCIh=K~}tJrt%E-o$UW-5766RP+lb95d_L{AtyO6;&Qz!*IK6BHC&S{No&Qf*pyaZr#3WprmGl^-n7{i%1^6VF1M4qG{94x!9 zDARM_Ma$Eh#p`#01MSkl7ro%nV5AaNq!%yrvV5-4UKec{{w3Q4nGDgNRcY3^_rMNr z{iVLj)%SbbTHxmD&PZbt5}-XH^GY4XJ3h?L6i^CURG5ubRQiJlEHsKlMX_o*`L@!G zF>$s8S#%ga*Vq!JcBucy1&~G~s<*nj?s|Nf3v$&w36fv@CiEs7Zq$B>{Sn z+S=N9Aw6B!Kfu>cy!atv|7Q6eqo8}X**C073chP5IsM(7 zaz6DwT6bcxEX4er%k6fE&VK^8*Slz=NXZ*Nf3>_)Twa=3DGBgbP4!El@5rQkfM7M(x*hSPioDH#zLOB3*n5Ad zs2J{qm#dK_f{ussAdh5$$-@vb(D(?U} z?xa(qCs+iDUaiM6HPA6-vo1QO!n74(+#zu~3D82 z>&`MMwE26!*&9pP*Rg{ptM+xZ&3u@~r=C)0YtmZaso${ z==OsL4^%~{;5isYmaAZS`udp`!cb!V`PYu`JC>5{oZ(>yFfy=EPI%HuiWz`+@16u} zG!fZU%HV2I4)#|CIDsAltyd}O5n&XyX!}Sr6QX_i^=kxDc5p#}s-vsZ3I${Q^XCZP zhR^)A8Dr)PrjG^Ue#ZXejgF3vM1YkwHy4Baohv=iyLtH`-99^$9iWGjERM~e$WL{) zz+n2z(~+mlLez9vm3m_Z8ybuq*hs-00VjDC76;(b+WNZ_EzNc7`BI{ixu5-6QCJTS zpu8nXDPk6rl8J1>e<>xK3PPctY%1%DJeQASvBYMjCGa+fAkp`tcW_MMhC*;hs$HV^ zl>1CY;5C_LVAt&}4`TJwOT&ELDW-csm1i{20Lpj+E zoXoB3u7UwIUYaa$u7#9Cx1GsOGtOUu0KV$h*hL`z9yIPLcK4|%{>;Rt01YP{5Ut53 zOH!QsGe*UpNm*Gjmv3fDMRlvJj-H<75TbtwWeCklVNr=^Jhszz?0thQNecMGOMq(k zAhHbOB!KZuW@HrZu%{@(eqa09}ufA^^9L~YP3UurG+Q$z4!=>p&Y7&y#q>nEqN>6~n z=qpMBc2%e}gD|7F3ZC=6aPIv9T^2|5vx-39`Ne^XS-!i=qnNhW0b+?Al(tY)p`2P5gL%zQkYa|zh3vHm8} zI@rc6>h9}={5GQ!pxPUTqxehD!r$k~*eTT#@RrhJ&tQ_E12zt&(16*@1w@To+~naI!KlRQ$$T8ImW7-I zn?-{ReK0k`(G@)n)lM5GimOgPyTjT|m@8{y-Zi6oxBc$b-8$hQ3FH2^@wLqUKn{fD z#siy4{bEoN-`j`|P~Z?29xdI%DbNgs&yU=6^xuQeu^e#O+dhr@rs4Q^5Xrkg;ndbd`XizIGAwAfc0{ICuf%|eVBIHJhF zeGVERR}S@ZXlik!10z(YQvnItY5EeW)`rH-sSIq~r0Xwlz`D?N%~N85RbzlzMMg~R zf9~3mRbk&qU+`&0dy+(3QW7e+?V?{t%R-D{O@)*7D;YeuQD+ z!s)*QhF)Z$m%ATXKjt5T@U*pU1mRx~5)Mhw&z8!v#>*;dBMh56bUP5EPRp-iTJ*&5 z^gKEAcFJ34x6F20!FIGoctIm)oI77MC8r$0WN=|3?XM(b%q=9V&wtzBGJh5JlV=b7 z^);kDg?5b%!0Ymp1$+b`f6pqUd=ijQD2;PM8Q6qi-@Qvn5Gb~{`~r+iS)+Tpe=?01s0meNdLy)HZt)?^KUe`M(Vl=fKS6lkLr z_+BN*3-+a3cboD2O?zHC63|zrKsNTcSK>8!RF=NBo#`vfZ?Z#N?nJoIS^~lYUWag} z!@qcmrJa$Yqo%uypc7qyi393oE6=$Dozk8=<%_sJB3WY2B8Sz2ggZqdQC%Y!K7{C6 z%58Gjf*!|oBwUxbR|is-YNXmu!lm8ddq*Y+s{9Wz~Su(a*$NtN9|2xv&hoV?-yYYuOKN zbiE*6%|1ry%{ndL&&y6t-{h3};-%llH;>|64@Ett&0DU2vJpQbvQ3(L=Gey^C)v-V z_q1KNw09$bgZDs%xHm7BnAO{2N5gOzN5Jr zDK*vbbe9$rEUfSp+hO`N{=cQ6lkX?Htsa6Zlw@7&zKsoL8tPg<<3mI*a5JnANcxd9 zS>t$6)RUAtnbl)ap6h1RLYERw5Ojr0RMOA9v5=naivB@`xW+`QfZ3ca9_s9D9+uVm z9P7`{Kb(6jddrAWKgUlg+_Rw8auHfN=FSR4pvd)N-XEMYFU8_WtVQCr$kVi~syk~` zO%p8j-e`Sb?_FjsnFo4>yO$Us<%zDxZpUw}5nw0WX%Fb=D1A#Vvf7VOy>3B=hl+*< zadq!hnLqgX-GcvcKlw}Ce&&JnuB=S;vU(d=DVe)yv;xxn_LrBIFj4$&K_?9*12m|t z+JC_E{XLa5yCo59iD1lqJo0^KXic}0jsR*hj>04_OA?N|j-Z(scUNPUqvB+w;?I0Z@!(H`UA;K8IJ zJp7#w{rj*Y3h0epIS@AIRt}>AMOXtp~x!W8ndiU^G+f?@yl~N!ZK4u=3c1X zPmAk66y{0AK2Iw{E)iMH$uv_FeI|RHr*1Yp{6-W1ilvgBK{b|yO%a2*wBw3V(FMo^ zS-+Tl!-Ua#Jq$I?3xZ8!S5F47XNQrjbkT<1h3BqVKF^)xjBz|3Nx$_uFg)HDr8k|c zSJ0%&>yG6YgQhZN4-p>bNNKi}EUXnxQ43>nGo`b{wR>jSd9A>&5KQ*s`#tIqsfhap3w~!U#5=x8r8G=hZ(h3Io28*+-f{^tji5r znQsR8AHvDbMyc0zv+XDRo9KgZXcma^%*fupqoSU1g#n@1@_4dTu zDkM=0fBw!zk|BOqLHJhAm6)osx#g>gpq(tb$i4EJud#UF7;jfvKD!OtS}!k3Dp8-} zVDlDNrjJj}KUNq7ngvXov#wP8+=@e*FbGEOSav3s6v6Zgy+aj+OBH1z7RSxZ9J=Au z&YVotwZIZd`{qTaM7cOi+$0C42Xm-;tu#@*Hf!}{+UC_l0d-U+(MlYTdaS;qEOESc zO`F>1@)H*Gtg3bciN*4%)o^63{v@vZL{VeDm;tNN91k`wG*jDJ?Tejp>xxB~du;^2 z_Mc^7njSGv(|LK7`J0SXnKa9feC(O@*VDyUrBK3VU2$4$)>aG3C6=tiiu#FD$RS>H z{K$GJbU##*!@%83H#h&QVB>d=6~~o|hki{jwzzLX#d-w0xa>$N$!hJndAcdo{(V(w zBD!MPe4r>P!FK0>k9q7k*0;(=JVOn~!!w{liZ}u`}>h()pDGY{wqHGcCE8^ z#`~d4!|r`>~V(wp&J=meyt$4Q10uf!f%ZBMu%z>$3H8HHoKF%O8x}X=O}3@K=S3bx&qBHuJIZieA;&gu0w7wT5AEGvd@a_}vSQCE(wT>N z$iOoNfi**40+RaIh0c}>Q%qWQ{p-}uHkjXdz2%I>lMZy4iL~81-n68OYKwLSnAdt@ zndiM2TcN;8wn$jzbUrT<#7Gf)O~GQ9#98(IVF58nec<&pkZQ3k2rUSqCfJJBWy z8vlZvcu<%{IGxkf?4`?-ouXuNUQ+R+th84sJ->A;w1;R#?C3Gy z>bLIlZu6stGQpqvtLx^NQGEp{pQmx-9;43E#pCsnq1}1Xh1s{=>hpqLQ)P1e7LP8~ z2Q9`l&Um&DM7Od0iljgWQ#WHR_NkWtYA-Ol1YVY6^XT?c zN;Af3t@#H#R;#k&6XV)->b`%@%of)d9wwJjjpiwQaAC|f!p??aRc5HlX zvBINznpyA|DTl~kN0+->3x_JU~^?4_S5QZ7;_ayarmtVfvZC@;r+sdDW6K{mHC zZW>_UZS=h;f#Dtlbx(QmG0~OT`M_gs=1pEbAta*Irq+Y(s{Cc{`Gm_E4c4vh6KTbZ z@K4hCGX~A8{#~owBuOHT;B}ezx{i1k%fNlAC7Vo9>6S*6$;7gAE@Vk z9OCgjCEpcl*hJgDMhd&_hz0{@^niI60|=4LJt^Hu!K%7nGagA5kwt7uY1_~PYWL7XNlklo37=FT^lx75c{0&S?bq$ zK^tXkYGo#4@&B{QVli?k0_5pGF=5bXvc;lcx8@;SEWrT5*v3YIM+lbW3+=;)5|Tb* z#U%(IH+6$B4SKC}3sWDzuG;ybC6IA4xI#x7)u^HOrkkhq{9a$5IeSBfMfZGlyk69X{gQ6=Fag4}+5T zKth30O*9_$*Z+NWV1By9&hk$rt&$YlTYeb-`?2wJq~zG6->Jm%qDob_c1_?y%Z+GX zT@LRUgh9N47%j|fj>I$w(^2}!mc|i*Kk#zwWhlr8?(}8sfc)(q9=^B#`T0Kp#a*Ym zzZL#YAvJI&@DvZ{opKc_`N=5AV5>pB&jIZ^BF7Vv|MUskTkxhs$M))v-Frp(F7?Ox znt}}S;_{P>l<43NL>HEy3n;ae6^)FY9X7oQch4W0Q!~7(X=FrNm^ZB`2f{D{@uJV3;Q;L@8XDu+STp*{*oVLg zkbkNyX(5M}*Z9L9WpnHPE+6y9%Bx>vzQd)`U96iJe!KtDt5TvBa_AX&{Zu2$E58K+ z>L?>42%jpV?}S#ro+L~nUlYKoPLQkO5$xlm5~gva@GcPDx7Wj|fS% zwB$7hdJ9lpUK%_2Jr)xyD=(Lwtrsh^w#TB-J8LSjSDyU+yR}oUvC*rCj$N-pwPaQj z<-ECn6dN$ghXMkKTnK%AgT?iAG)rym+S=}ft<9~XT|2l_?fSw&&07#ViH@&4lWN z$WcZ@W#~Y-ke!!-zz z>#xi+{|DKu&>~z(ZW=FAo&r2I2F~ix`ygGU>maSE3 ze9rgopxzcUjzo+_FqS);M@Fzx=jPz?X>GdE@7lj9c@M7xy%T%@m^X17$S81Xq7zLA zNYR3g-p9nmcc6T1XVcFj&`AS7ihiFOCtZ31TE0V3De3v5BQ<6sp3u*4kJfqnpu36l zeUE`EDrYV9Anxfc)p}w8pEc1D@DR*MM0}5l;F&x-cVxlo6`r zYu%uWlWovF4}xnQhZnEwW04=6>L^$)VO}~P;*7dsr-+mMSx`Uii4^MH1InU5x zm++MI2w!HFcr(O}@e~lj1Cnn2`JXuK8<@VpLDC5xpy0HRUao@;d+Z053_f}e!bOve z>>pl;3=$FqS+T#UCj#yOg69g$UgmfTrbr zy;vh)Q4BF2XyExAZg}O}pLld%x7wkN z&x`Fp-gi&mw)F%J~yWKfyg)oO@Cu1?oR&;|5@2AA z5Ou(`36GczW2fHL*uf$)FyeA?dG!f9COS2LqtDUqwKqEKLK^(A#myy57)Kd|$F%b3^p!o;70C)nog82x7ehZvoxJEWM>PRgsY1QWGTtAdZguWBFIWfm2R@ zhCd=Gcf52ycw6+XQ}1_Q>i3GI1IxcU4o(5?Mp(BZ_}KuvEY1r`Jo%JxANByik|k=^ z2e6NicV;6HLuIQqPrKQ2iu=NDa^O`2G66pjvmsKK*DhaZyR47iHfV62P~$@X&?{?Q zuROwMHPv+@1{{UgfY9oktdc`Q#VsJ7X2x_G!`;N|?0mQ(j)z6c!@NE-zgyH z$!~t*5(8+z_Z191nByLKpC8|$(N+La_U*w`G~XI8_~D=ec;?llz-!U^S{ z2Gi@me=q=g%{034(@>96TMwH7nstjAP||=1=INL8r0^mq6rw(Qt|z{U^`d9xV|r zMgQdS)Mj8|!3T$>5~-&csI$g93rGMggYg*b9w~Z~7VmTan*ZYhw6v)Gw?K59kI-0H zSo+_NKa$fqB&8q@6i~744eCkN;I+e8EIbgd!>Dpr$=~@0hvyG;;YF` zqiF4$)klCc!o*vF&x0Xa9uaR3qdx@UON)lzFI~@OY6_9@%F0Tx=jaGUA#4%^s4P_w zti@~*JN_{;GLkYZaUY~>V@o`+WinpPH?IB4!BSUOhbkgS`>WyN*}r@&hN0trOXh77Jq z-|>A*&+c!hrV9H0BZuT%WC>C9-E`WvGUpQ?0*^*iATOC7r_?1rawb90xlk^S7gqX6 z!}*n?91I?M4(RuPIU$5ZO&1PMKUJH_sZg_D>w97dAE@kX8DOL@ZvN8{bUS=VNSa>d z?lA#zK1`uxtxN$CB^-dxBg*?vDcI5SsBp>w-a1rm1!>m7VIh#P%33)PDWE|HIc zY;A3I^z_=MrzvjTx+O0!|8i;U``aT-$PNd$bx9KwIvyS#L;>0#jtxYw*QpwC^S*X* zd0!cZrEf61u)TQ8(vlS3N|wb>U0{v-#l=<6Sx6G>-hL<$!)7Tj@sijIF~JeDrV@V} zEQ{sS8Md%`>M$Upl)T6B?$hmCjIr1ms=?*UOfNT2F$7)r1$~mlaY+Z#I)K{z^6Zl= z2vh`?GM z1Q$F`5Pg1oPtSmNNX=$z3!}mhfsIcP;RsN`c8uKxIc_~kgamUu)Y9}!4BQ)WB`L!n zfN`aytPGW2$g?kxZy^E60CA8&jP>%~a#yYMDh`M|Xb3_C2PYA>gOEhE686#}8M*{S zX`7co`u)dukkQ?#-rRg?ZhjYx=wZCIp=>7zvUnv0){=z7I99a*<|ch_-)O+s;`*XN z2GZ~3)LiJudfzPj2vg18GrD6PRyvqqgOVVU$nUl5vPA5?<*hkU=^A*4rumZ^+@50f?!QV`vH%U ze@{I5?gDcW`$XT2LVW zcyX%Il6<)eE&y6FPQ*!SUgP2ZHq+rt{XIT2bg`W|l;`6$lwsNikc;-TpX`yH_J0SA z*XLsWa_lgY%kbHY8@ZU=pJhH<Ho(Y5Z%s^Jk6F(V^y3|`3i_=vqnPNM-NB~{!r z6o%4^V|}Cyg|-lA4CXuc&{5asDg^@XQX`6ecZdT?755D^eRBObHVO!vA@`Wl!@YHAG5vF`=@}U5;J`zA>EK{!m&<7ID_s)h z^z6*IJs7|H=TBKVIkZ#}kN0^hX-gepr0xfQ?}Gn3-}qguyRte~%y2A!{FsQ!%j@h8 z-hrLBlwHU*69-p$9h7B+{G|evTpvn94l42Bw-Mk$$14X%sYMpdYu~+55-{@b1l!GJAjihj_*Y%OtNHkNa8v1Y5z}7=3l{ zON)R;p6UMRKScd!yQd)g_U+^C*@hsCpUG|Uah+u%0LAG4cuU;a*qCq7;1)nxNw0Kn z!CHT^7BcUv=LcoC$y&P4Wc4bN*v_?VTn~UeB%zu2d>suMRS<;^geSR^69wyib6A?2 z6$Tj_v)U{o1s3eic6WE*rx}Uz+0RLt3c)8kdVDA|eS9BLKBjor2?-(CZa#YDM7$Q> zcPuRvoK67jc!m&B17{zRX9w*rP$%I4TG-ysupLH6#evc}TrsAgz&c6YY6Dn9_hci~ z3+Uq%hO4YKpaiF7W5WV81;VvkVCBkR&5MDbGBOh3YRBZHj^#dzleq@qSMDOIb6rgg z4$1)G{JJ;VB*2*}9z=;Baa@w@5A{js*2V5C{j)v2$=3_f#CmLd608NlCnx ziS`2nocTF-o=d^0Y5mU{X2>wm*C}MAdDw@b0(g;ooou=2i}>Q4P>TmNgoz@5=IhAi z5N7?u_$B2NvRIT+HnQp9+>gm0p13|2^EX2kIbIfz#hZ{MB_-iap&2%Mg?wn287+K4 z==`_eugN#dWZHf-pVrN8KJdYlsKq95Af4*fnyh!F2*jrP&>|fukxyGVeSoIDgW%5 z930X%qxrWyJv~8~F*KwKMIJDo&;|wu%D#R38oF&IOM^$l&re(zituKD+X)D6I60qy zxCPPPh8&FC!3fMD|25FSL6&vXnp1R>X|CZ58ZPqWZ(GG5lT929spO)_{C}4^Ox8O3 zk2}HX5>OtEzdm-*7M{e5PeK(5L~JM<;K0uCIQWYh9S zk0u}{u-W(KDhTZ^`NFT2zS`?Sal{9NhFf|WJAq)uhw!d)gH>w(7ha0IL4(4>M;IS| z!BKs$FR7OisKi^pOy4XHw_Uhjoip%G>k`4O*8$b20zD~$@l}Z6Y*kh9d7a|jMgs6B@Y}aH z(XMkpJcHnP1&9o#rKQCk*a#w`qKgX)NTHc{l$6j+VZ&+OGCE51=+Ps1M-oa(*Z^=W zEH3)Jdxykl|C?xFK#L-Xg_iaf89V9xXSZrt2E7~}D`2?Mh;l?QTgH}IehWUr_SyC-h%VoCac)0Ms@!eTvSr;og)_0cXF$@AZun(5BTH-yxKnTUXgzv;KJ!|d!nY`CFQ!4rr>)*rhu zRz!N~bp=;)pyP5Ed~IW*nEmHY(@tosd3mv77@xIImYeRKv^165U$}kuxgvL7y?zIS zxLDnRUkmWuXjpP(zF0;}*RBNC*S$^V;AZb_9F{e#E$Z zhbTkuhp%^4`K*6oL!v2z!d`Mp$_L<)qrct1C+Qc3fA91jxF|5h3kV2&`?Yfy0lzbg z7O=2D1su_xt1*q|eixo0vfqVgV=|`BUtgTrk zCMTP&^u~cHR~MoTTOVV)JY9|gVg3gI_dY+e4@G=B*1u4HCJO|W*sm}v0v+<#uU{Wi zQu^(%JT7o31d9DjA~?X%1(FA*)PuNYlO(dF?t!0vS#%pCQ86H40n`A77qT9yW3LOUS5uPRoRRYC?;_FOEh;i-`cN< zhzM70@)7Me17wlqyNGBtwT2w8u6KsttIpMZro;VLW|pfDr%5z>z=Bzu7<7cicF(|6^vk{I7Bq9TQW^%S*&LoJAw|HM?P`e|*mohes{n= z9Q&_(ZjS2s_;_uy{6QrLJw2*Qsz?jmtb4nQ(suKW_fu0-t!C@_$psw32fhd+)KiO# zi|9Bwa<5-Mv;lq}H8u5Ukv8u3_I6oyb%2EGqaz7*b%HLNKxL5Es1sda?jID*{0Ls! z3)Ul~C{WrSm(l->{vj%%B>7P~=%^r4w55Up%kg|B$3$76FElQP7@o&lNDxtl?nQu( z($V&3=Io&RTHJG$j7qDzX3>*TG)C#|t88s``L!Q!0NuhmZWUt9q!LY|(v(r%{9!6B zi;vHeaq{_@6gdX1Xv~~vu9vtJn#tqrTNjO``o_nGo+bP!{e~AW1}_@N#`@F5jb_ET z1QOb_>90?k#)3QOF0Za$xKG=ko}Ry?;g-lzr{i9Gn|EQO$w~}<9QKj(jjw5^Ypyyv zBj)$!8g}xdNJ;pESOf)KC~u0?3-fLBRNlOKV=<5deihg4@6WJ?#Dl^n z(g~GGdE#8n0OjMdG$Wtu5N}WEg2Lj>imUEnQyrh1wi&kzx^@$8UESXX+nxM;e0V;` z*u%ro^qpx;oZI@}4kq*?GBkg0Q~J(dV%>PU-sR-HFMNQC_;sGJUdYNbGI9%Gjm;6t zhwvfRHZ)Ya{8P8FwSB6hvbr{$MbE$x{qf^FK%rotz=s{Hz`&Cf4i>vUS4Y|~l|e^G ze+e4;@cY6f;^IwIVSEe>4Be%ex8fCY)-j)HJO5KBFJCpe$L$nbKk8-#PSsCkW$PAF ztQXf)c;7qANi6)$s?87n+H{%n)7Q>)_{UszY ztqye5Jm%~he5K)5rksXGprEM8!p70oUgcVfX+%veC4Hi*uO9xxVBWGZjnABQPOK3m z#UG(jd}#jrP>lNEd0tIT{LBocSzR62qkl|}k(M?^0eo$AYyzCZyLRy(2oqbeva#kD z=Yub!Llhf74+6LMymJRES9TBgEqX_-{VPlo8ysS|BmZ`c`Gxc#JqP#tpxx)Z=Tzez^!oPpCo;lWM?`pAC6_u}H8{JOfj zAif1mEEGTw7?H8Rcq<^6@a3W0uf8UDd=(--%Ga+VCG&gpz*B27y2ee<#P}&Cw)^^r zr*1VYziDsPzi=|)$mlFNT+DJgb`m4)?fPGz2ym#yy61*w0T1{X9X+?bI`=+4o}_R4 z#lZd@s@92D%WZySM+3l#_b$@x0H`ZLY6ACDS)(|9jda3wssdGJN-!RT&O^D_h%>4N4^?rH9TAHs&|?(19LU2IDcbVMd4CGCu$ z=n5y}eN1Ep|0}<^m|pmzw{xiJ`iP71S&IB~HypL$)ybMI6`zYEO9)(qSJ_H9nST#q z8!Id3>-y3DNj|Ov`I@XPLJw$O6A}=UwZJ0Ga zgVe~UgDK5RO5&aPa%ZI0Hx4eYCmE`{dwFU5@LSzTJ4k)%IsM%3xL!Cpe??z;oB~62 zbv3)r!?d<1QM)Jez8aePO6NI>^o$G{Sy?}SulWJ3Kms-90)!N}K{vtluh{r@nKh@W#gyh?B3gP(GRPUO>efz4e`(X(P zcn*hJ1nJfBbeRC(in%$AWn&WYRBU>0|Kc)G$Kr8ybuIb5{_h`m`_yfipyn!l39Jlb z5;deMs{?_k-WJkX}(6{T(oB z{$+l$u(dqRbg&+3>pB2L2*>?XZkV7*NnLuVt8=Ovj5+Qbz)m3HdeK?Yu+s)f$=)H^ zdL%pG{$0uB!n9~?$->^Pt^IEe1DrZmkA=6*THAZ>kt+Z(Kx38qp0I<+o#P#A?G%`X zEN*a#nT{QB9a@P1M1IR}F0VfKbNHd6g!8q8-t_gf{suaj0zzZ7cX(*Fx6~0E7l%(x zJqY-LyrLqAH-Ws&&Bxb1H%ohDDm^);^MzE!olgKHSusz_z)KHwUdudjA0lnbD(4R-9~kApnK3-cQLop z-jTW-GuX6#u&3*Q9mAx&)OfL-Qd*YiE%%hY7uJ2+ad znI?H?Gs@gf#|`)Snj-yd?=k@uRf{55lZ?hlTrczd%`QqjNxZwKXSqoSro~`N$mm*c z#Kr+vuzL9}DhgLIVOH7oD9+#rY6u`r@9poK{rlAbofSD$ zs}t9L1`iD9#Ndp?BlV1&nMrx>p@91NO$XvL9?lASsuaw`EtZP-bNk}rl095>vw`nt z*hjd{)6;jf1x`4(T2KNKzTv{R5INn=LPA_l{&!BC&;MYwwherWO>Dl{v0ErLKPhvW z67?o;oTL&p(20wSuV8W^wH!=ge9Zdk^x&t7t)WP!;N#)p-9sJK)P~!N6^WCR)1W@@f&%W|q$D!auE>tIHh<`rLAm}^ zL1787UU=jYOnFFBGwlpFZh3#ZgjLQ!Sxak-c<=VT$1cp!*-1D%bcY|hxOQt8OWuOb zkKbf}O=dKo0VUbu%Ci5rZ@3QIRNm?)dh8@ws?2a~-yYM-sk)7d>cBbB)uFDgue4cr z@4L4b2ANpqMp$VKY{-YBzRZut$AQ{Hk47MNx!}ESV>=x?HJ-3`Fmc=jr>UfoQIqoN zr^al1lFP{5{lh=o4Lfo+%pK$7Boq|3@W}|@4Y9GYYaQ;v7Z(?Y<-5mgfz4SuP_jSA z-n1k3$4SWT*lkjOpn2X&gTe|sN1Z%0wAN)WlV)J(vh3!}lA4gpE#Cj)r26qHjA6eh z#`BDdBi+1{xI{rNU(Y+;Z#3B-wN^@feAnvP(wp^m$K$|livzCY$;&=Q#%HOm@Yt7K z`URcaKbtjBge4s4kU2QZqb4N0KW06xmeuvpbK9#k{L4GQqdUeTf_E$B>Cu2ekolF% zS|g+YDy*Sd;Yo^mXy{z_&3RZ^dmH!#AYIy}%Jt(t`C8k5qB9Mbl7O4w+giEQ#V|+T zgEYX&?Yj5xy=pFx*%agF09pM`OOlBUzXTqPjg9FmJ-yZZ^XFY>=Yw0RY8O^EHb7YN zhnXv&CTQsu6`x{bi2%iiDl)IQxLDd4O_hnpp=EyF$bcxjswx)LkViinAh+c5(hJCR zaOpy^*(QHC2WCcl>z@VAv*rDuR>BOB>J}Pl9mDX``mb2brQ@MXVM_A}EaT0qyNc|% zdQ@5xp`2`bLu4`997Glx2lRR~P@v7K;)A)LFpTfxNNBM~Q-VZ+=_U+?RT_<(Aou(5vkQ1~& z)zGOr4BY$wm-G${#hg z9G~v^rUIuj%yYYedc&=e2_6Qh@8e+!6+**$`ujnQyS%u_ZPk%<3>y9qA3op_5d11R z=I7@J=&{h~&h6V7d3jIl?KuEsba!{hqo4?rr_V4)S+WQW65KF7api+0FU{!WO$ zWqPnEX{`6=?o{TmZ4JU!%T7Q6G@Z z1V%@5=RKobZQ?4X6Jk-b_Y1U$W^$Rp(PU*%e_-n3;*wubnp;+eRHr{@e8T}M*oDod zP?#TIU;8P2c@z^8lULlmB;a)w1R zhbJ8H-y=cDKQ@+~`>4S}-@u@}s>*JnCttmQnVDHaTluUfOqd&im1~o8vnZG{S{S)FV+T(p9KFQ=^ zC1b+vRCgIzOMP44-Ll^&Mg2l@+hkmIklO z7Ef?~+5fe!{o?J(kE_+lf2e8(EGE)ev3FhbHPacmB@9!?jsm>jm4{$Ni8a1|LT%JC zaDVzmliS@i?|pm~u`6t@s~xTI$1L}KIY4~0_Lrx%#~K~{kFv6>J|yOMKlk{8^!bky zs7!~(#?(TcQsnMUE!9d40*{sC?%I}+v z-!mzc11Um1A*N5B28$zVrotlOXD=^RbY%`g2$@dKakAgRFNsx6E$!&fPPfvfC&CqS z=-Al8?5AtgbafTL?G=VRh#gHt^r57LLm}rA_<_sN;lq#{meQEFn=%@*Y4mGfOI|&u zp+Pb=H9g9ehG2n^kPxKAq@;4MGpE4YcPif=u_4vg*B$g%4muBdpPWol>OqGp=$uqU zD)hfbRf;uE{e_yJK5dgZ^&d~H0L)Kp#5(K2{3$E0 zfhu6nj_8~=xVK2{DMK)y=S0PnR%v8%v}nVdz5SaX%>jStEq*3JGK#k#vrH0+3^7?S zKObbgWfV8D3kIXj6$<;dNHHoUwx0`(@BZtecDkHYGt|9eJs@S@tmc-XQ;QnMSKMhN zHEPQ6I^GMqthTo;a#oIrfVhX(>wg?`pCwCbnhEw6jk8UJ#*E-e1xB^M$rp$I78?tv zWo9N*Z^BTa0iaPLV@nl6LSos=GacALgIptIbkV^T73z|S|6T1!g++y<17s>HD$pzZ zw%0Z?Qh_cF7H@KLa$$MdUx^XX6u>Exsa^mOkStwv{@3A&iLQ>0+qk&6mzS5LQUeld zT3WKbD>ILg08C$7(`TuGM@tUCTO^>`BaRzl;*J2U9;DN=yXL3CrA0Z0xa8#I%tWCS zts$dd2gtlbWL^)TqtBQDQUa|8fHJP+QZz&SW6G?Cp|4B=ibyJp`Bgi*ng@+Cc=(Vh zgg^G-PgqDB6S1zo2wvw={e6~&*@To7@UZ{x%-bEbFL=JGfP5St9-h-nPQRq*;!229 zDTP3;pbKiR#KER>xAeSGG)HN&%eLbpYqO^lw;p*%MVE6^%v~Wt%%7P1iG4h0;}>m1 zy}mH6tFLd+){Keoz_1NQDt$RsVbG!hU2_upfM;TqkjPCJ4pcYZ%lnnG6~nh#SQzl89# zFb8qDl##=o@mt$I3`)|ndm8RW*wcf9VMiOIx4SXI*4ItfH#X>)nWlJ-;{~Y<-q{cBg@p@V`6OLms`Z?5Pq>Q`;|)Nh1055^yj=dir*`V?au19;Nj(?R)y+WQSnu+HF@ z<(|4glR@KoNb`i5Sr{1849>HCeZofKyqR?P+^(Bwt--|4miFcJFpY$rt+j0`;L4LuJzKX-yi0_c5T!D|T69#r^M)je%(lJ7DHhllY#lHwMT9(UYNumlmfH}k$XpW zNhyKrIX|&EIexJ{7dtvE%4l)(&CvFerbKqZqu0MJrgSgs`xE6r8?lL+gW(zSo~e?< zZS6J7{DYCol8-kV@@c(soFBZRpZZ}6UI)a)JaHXAr0C6adIGAL?RVGpc1LuN{rk&N ztkbBfS7AmuknyFwWzdm?g#6<;dj6%YPobmGd3&J%PhJnEb1HJ-{{*V1ZGRuWR>U)n zu|4}*PR>5KWu$*tWpZ)J=5F&VubiIFB^&yV&NJJM$50A{kQ_0Q!4In~Xgfp0hvM|1 z)kx87kdc7s)Za>U09?x?3KD;X<^xb0ZkKZoP>j-mc$ANi56A>BfZ!XwAEqQHe*=mF z=rzBfpca5l0rXnf*_q7_ifL&P2QfFWOm~Il<%2;4p4s~|GBV5SDV%hEe*U)h_GEyi z;CBTC1cpE=ofUDSqQeKN{aJ0L<-g)}%WcJqtGUWsE7v3*HO z=lB39D7@%31SMq4KB<;SM);3 zilbH5!`5S`qbHU4V2WY7_I^kr-7{Xm1ApMXTV$>jIQ}3b&rmx4x zdgpOn3p;8MRyl0V?MaX{b#=v!+pgHTyhrsF`(-wBb{~VVCx7n8i+LGUBNUBjLV@kP z(%i@~Th_5jzNFODVZ)1<7}M|m{uMvsnr7Xuq*il@l~q*_KgfWehltom*Tk?HO5G@S zhg)zs>FREdAHY)GjrsoF#{Tl^CmCGZXlRENUU%&b>!mo+X=C$BF>v5a~D^@UIn@qW%P;l7;_Fs(>XMUnej zg#AQd@r8U!6i?#1hcjziIohlX@?%w93qN{h?2zPJfGGO@B8-w@;KG+Gy=io%t8V90rpNX zn})mNljg8mf)jm%a+#4}9Nz-4IOa{!6BBQlQ&S7LK5@aXZS6%NUJ+!0bTXmD!^7A0 zM|{SW9<{ZC2g}`!v$Kg0@R@=ClmToD##6&+CXm(tPQ5aOaBiZcp?F( zMxSLokSESrecAszK7`Icvc#RY<&_c?{1TP^Uc{v7P&3+M}hEU zX1mK_)>T$m7b`o#IeGM)=nw6q`?Xi+uMy>z1G5G%4BRnlD)FK{VnTI#VvfMbtbDee+M(*?bPh*JxBn#-n7*mu zy&kVJ=8APY12tXnVTN0QdY5lV%DpF#1KfnkTt#p1?j4y8S{z1M0|rFK$DSgaxiddc ze!Pv{M2NuPuF3iM{JT0Wx~{Q|lXwi;T3bFD4S7P#*yM*x#BGHHY7FrJg1?}{0fqBcWXiIswYa8cEEEK)D+l}glJfGX z^`LBk>aC}h2FMX~kWw>^Tq!)!qI^uD*4AH}^?gY96`}^X!Q3WR_-yH#oq zAqCLeKpTm5OCpG9sX&5Ml<{%@*qG#(OULEzjm4KzAB9r}V?VUj&gnIoe4?U%#AEz{ z!2Vu5%2VZG?~KFZtDs}uJ2q<;Pybgk5Yhi1_zbx1iCd#BL`3)&dShQ~y4#1R)6d3Df zpl&4@y!;IDwDqwAuLPA`QuQBnNct%%vd#11v_l05y1J%j@A!B*w`yC2`Da*sd^bQ` z<)7AYyu7?%>p~w17J=3E_0Y)37N8*|RaEfc>eStys+h9v6_DhUqIWCdPRY)GtveSH zI1ahr;IPQd%ahR2A*G?A0W}yMJ$+h!64Hm^QQ}4@M4id@aj}F;mdjSw*;kNjgoc3NS3-_{^$TsGwqdOH66pta%&_a{?9)q zE$WE9M7~u-6N3I;ChB>@pDxBAVxb-`9k)OqA7>vIA1^OOomt^}g&Vn*Bt_RB-@}Et zKlORCt}3aiNpwUS82Q9`QNQjR5n0s5Ksj$SzVy_hqApc_X%HRiOvK6BS6SP{PFj6~ z0jJhUv`W&c;a?+aG>7&vgzAY0A!9ex|tusb|VID1Za=QseR!+RdAm#n4#hjj1i2U>^UpPG; zMo`clj0fVG%BA1+S(upqrIXg`1Gx0Vf#;>310h>eG`utHMw{Gm@3gE>cALh=em5Sc zrcxoG8zI+OnYVB0p(5NW4O?0&aN8mIADp_XZ)0oQR=xRXjb&8Ep>JrYslELk$bP;f zAjLJDmEJ@eLBRwlOo0ZC;&Whz>_*U&1%cva9^fEg{CwtRTwDZzr-j-dsA1@Yp>@da z?KEJslMI6-R&8zVMf^t!Z&juB^(o+Js%uUjIlzHKtf#SV`i5Ki&fUvdWp z#sBORaJ%NWFD;FViMF4ROZmuE(LC~jb_pHZ%vMsxJG=ePy4ex-_;o-}8>XV^#$U_X z#;wj%j@KUV&hE#AKW}`yP}vlnetpEPi2aX<-)TSQqP(Bm=@ctC@AO1iKIL`O@H?T+ zjYX35zZQBzU1=+f6=sCJxnFRq+&oc^JvVZS=hl|GZ(|B|U_PyT2Ief6>Vkqjo6V|+ z*SB7_E!ix0X~Hz$M-Pu4Qc}_Ae*7r%N%;<(tlw!`Nx#dZ@{7`=K}HN2Y_;{RYDkl{o>)c|ZF{Zk>hlU4>o*{SVKh6I>%Njexy}uTlkw zRZOrWqBY`Z?HXh>n^Jn-s(;X_dR}DT&G6s#S$wX7jOv2&YZeO563ioXsuVWl6&e>tg2~-{;$qEBwV|`n8JzW~MQM@kHqF1-`ONw?l zKHVcDzhrbi*<1!~|6=EUTklWcmxgi*3fb6szU(4l3hb+wO+5IoIE{m%2zn1BD+dSC zA3xF($RJIL$A%Jm;>EqrGi+NM8^o!jrY7d&O14X-77!4CYU*u#Z+pAq&#}_t;-=x@ zh=D@3eP%bos|a)gVbMR|q%%L-_t4&5kzu&A0wj2MuvaQotDG0B^`_*uW~rxaY#I7t zxRZ?H%V&@l=G**E2)%SO)XdcWG9pWX76i+N$D2K!N@ne~C?E5SM^J5L^}cWPW0~wZ z>@$bIjoA#%)w5JZ3OF=Na8Im2pIegjeIeVF_e$i z%+%kl7iid;#=SDytY(}qWT6Y--F(e#iNU^+`$n9eQ?I3KyeozsQ=Y{Vl<&_ux2gkH zuU(uGJcBK3|KiGu;*Z4HoPu0xc8Yi?cJfbqs(#EM-Had_YYQ>vv@`|fAuXQX=H^t< z6&XO}fU#W#{3|u}m8|T;`(DUQOiXqdQQtsLQ7gOWf1Ht&bzcLzX#aqnl^Y9mauy)LLCbvkZq1Q2_Y) zH9%D#wVFZVMPug;F7-F*y$0t28tB&cfB*Jl-}VUF+K!08+k80PoY419OGfr( zL_k_u8O+ZG1_lPYW@i4N_W-yGg8P2uIui^zEm>yuvH*OSFw&?>Yhs7S!vCqj#$%ZT*I{uU)AUgB$N zs<5W%o^ipoVeWSQ*QGOZDij1N)-YMcLnjWqa|6Zc{^%>Q&jf55Gj>P)n)B$wR&7?L zS7#Co*2`bC7+L!j0|;1SzVF)roSbKd4*WZ{Tuj55HLjJNt+8*>1K#-X{jN62I>wGo zF<66I8F5)zyRw!TPG@FJ{!0QNU-h66S5)YmcpnBSh?%&pcdf+{DjiJ8*Hsy=yAIaY zYtMg6F+PUsT+G0Ll14rOV4xUqeX5$j-6wqlkOBx}G&Be+D=PuWhD^>NSQ_w(K*sS?@4rD|mRL7hS;-6W17LwfkPHkA3~_lAeO(}tg~&uTEp|M-i1qvFpj$ya z^^<8i&?)n-$i&TS)de`_puLxc8_h-Tqu%|n) zyEjlP_!T_&xoaz}NH2};$Ei3W;@HI5~&^Ng?$sVtabUrvWnX?q6~`VBPOQ-vGbg&nF!}*MeBh+GF_(m$Qfi_{^~F z1f#br?YC=BTuGc3S>3%kY3R6ES^u>q--af7zmN?F7Z;3qcl28WclMnB_kKr(KWKl1 z&*{?z`YH$YB}vA|MW6Td9}Fxxiu)61aGHuV6s|lX&!Qdjmj@m47~@;^ZNq z@Im+r!5l;N;>Bao(13Kp+R6&iY!MR^11k=4&c=?8`!G8iM4G%0tLh$Kuf?1h3pQtq z#(Xq42dCMuw9?2we`J!}!fur%DP?B_9!$1|>|b(ggzPZN8(+fV(% zp0jhU9A<{W3*wNJKKSfc<-A4NaL<_3!jCf-?pQN@u)NAdahyRFI0GcGyCkLF$Yuoq zXvMrF4$R)7sK-G6Oz5*pii&ywsJ^$W&#?P+Jvc>wWxI;P2NMc18bxgE#T70-!%7c7 zKRW+yt%jNtfv>SusFjsY>$YG6$HC$VfN!%yTGL15ouoARW|ztTRp5r9VK{Vow5Ymm zKb}qZ7_Mw=_yb-GI-F^M1bPa* zv+L{Y`NhS`d`ekaS+tCdP2l-3Ha4D`p58k+Fbk_LOV?uR0cG_3!eC{FyA1UkK4T(c zV%QK+T_+rNrj}f=6YdU!vLfZl;#*HdMUJ(K4|SFLK})PmJa=T^Q?5dg|CfFoM<(xk z^evKLQTl@th86(Fg*-uA&&iMqBm=6d_#kYsyrRM`#@elE_h0qpzzsIm-0b_Oa7&<5 z5}zb17LYzNBD?3Kg-2kT{OOZ~#Q}kIBP-c?t7vBAWBOF&{^kc*97KjCcNF8feEG_X zay2iWY>ejK(rvCwoS()N+%CS#sc-TN<8g7a@@MCDY^|DB{qq6Y@!^M3QavuL%ku+y z2+Q58Qyba6=6jl3kvQ`SA^VDCtcrzwF}?m7I+cr)t>jMDtJxwO^rq@#<#|8mvOP}O9Q!KIw9!wAK~EvapfhQ3Ii`NK=lF32$FpoUfvkHjggRq1UUr-EU*isKYbDK z;|G>qPZVe#=;`Tq_x4P+iN00!kJvXGLVf#48Fy5^@Qy`4 zW9u^;d;!Ef@Fy`8J{ZUde&vtTwHNd3WR5UkUl+&T7>68h6-R$B#_RJ`^J;&W>-l&5 zluo7Z?+xyBmkUP>232t%k%O&(RyRuSzK2X?tLDbY{!Y3on|X^&63?@plD^3vLR@{^ z$f=S5raDUtyWI2!bcA<4Sn!$!AlykjBSc*LnSqT>Vf)Ya%J{*S*3sb1L8Ip;9UR`= zRl3H;vnJZ#2-%GfmW)YlSvgZ>E4DZ@42ZEuCLjIKT8$XInYW#JcD5O&s_L5VJKS zq`iQ+z`($O)~s)AtjX&^_k5Qyk1^~Nl$yuSxDgoHxtGq1tF|6uw<7BWaT3?l_h7D{ zD8}yp!@2rFxDn|d$89gANs_oY1$4~->CR$j{C7uI)P;$_8y85i+Oo5C$YD(>#DkvnRWvOR?(4IVQ zIK78U$YYA0FeAwAptP0a1rj8LR4p!U(;hz=3RZ*PI^;Ao7v55R%&>;fqom|yerFYG zd~~p}fv>&1w{>W6Q2+9DFM!mIN~Q#e6_A)CL}RaCQvk3D!DEQ$5%R3bLy{C|L5}hY zuqs$M(5be7N`1V-md5S+j0UPBMy+xzRG;G=OaMf+DnI#w`~bnG78W)v)8lsypBcd& zTToO4LIubudUFdgkF2Goba3(1<&~^m$$w{&8x*MRj+dWY3!18;P;TgWpSHu~~OcU?Y!?SQ24-!$CpEe`hT>W*38o7D{YT5q(m zYfS3a=BwlSG~cmnj9_+I{iVkXRo*QcZUyZAvm?|LqD zJX)Ib@p75Lb@Ch^`ZB~dIOX^tw?asfg%@DokYpbpnnrg~-=KAMG+aNi)%CS!$i*dg zaG4=0Q;6V-iq!-hO9FTwDyrrvEoKjxOu`B(KT2|bnRxj$K0bTU65Y9jL1A!;CLTZ( z=%$M$Cnw5VlLnYOXsZwcbXLU>t@0mY7IJbvTZ2k(c<^zVe1XnFMy?SCt!WmE+K8D{ z4<8o7+5>V*@xaQ$er0WKIce$p_{>^l0s`>>J^@*Z=+dbXAsgaQ$^wE7)*wKv6Xix% z@$m2{bui@FKq3mv-S8P4y%KJAgElPCp($i2gH`p`?J)FmFZySHGMS`@=Sp$z0hJ_3 z>axqcx3}WB5Lg0h{R3Rec8=XumUUk0Z^B~M*ELH+`${0Up>wD1x?!j8s^hF&9f`zo z^B%yHgi`{%bPFyI^bO6s-!Q1{wM&p%wT4!yTTO1=7NFvENFZ$3lcF;ZV#w+YLA`l^ zvnc_`hE`}+uStK`$Y~@ zlv47Ok~$0Eq#&T@@gNxA%0r_QIm}Z29SS-Hq#V&ldNdDZJ@!=CeKPKW{L<{`f}$ z#)XluKC$TbA@!z)X*CuFFfLb=}L4lJZ_JjK9A|Hw86JvE8TsVhL8 z2&od%%=9jG8IzW$Cca@RAFv50mBI_FtDbpzq@|_yi%UzTyy>Z_US(x0iLQH0)M;s( zGZpb|yU&5`uULft(^9{I@N`_VpJ~ zr>^w2;t*nskBtw;`3C`EdEsaS{WoHT=-J#sQD}d`d+XbFA)o@MC%C~%Z{C59QaSJD z6*)EpQP8A6yWGD}1&JW)=QL#GQF$$`KfFJo?PhxX_=;3y3KwLimG5NN6T>4TOX*Ww zN^GI6xfLxV{&z_hnTv}HuvmqRrl#f>mIN3XwrN>e@-G~naGyQP2fb8c;of9kMqajl zdnnbE^G;2ipi5f#2%Vbx)%u19J&lBTgs{k(>hX-l#q%S*g4a%x2O4^FvN|}p!=9*G+(woIB71ay;!fN`)mciMvd$(G`;6-o{1ceR$Vimphh`m61gzLdn!lC|17noc3gW zgU9-k0J_vYAc}9n``T5$hl{ZPyh(S^rdu;w*x8!oc3$QHEAty4y*m#d7`4CaEVo@N zyw(2IjeU2hL&Y;upb^S59M@w;IQJhXs#9lMW^eLm?cUuqh8{OYork$Ni#W~~_<$1o z{_K|Xt!q5i;#u#DcO=WX#EeB|I@A<=d|`t$^7)pQwBR}5t!bHT{fQ{`^p}ai zUG{mSy99b{IJm!3$o+!8QyP3;v4#G|7yKc}U-;X4dMcL%!SZF9quB``gUxxH|9Y%c zzi-Fl0a~#Y>?f%0kYFc5l%wTf8t7-?u>szye`I8Phwk_ZFxkITQx&0R%FShlqTpv^ zWK4Tc5B15uOJOr-iZV>1;OHX~x3IA2H!1mB3%JYuchldpwa1C?ATXMw-m%jyH3F$r zP!sHLmCf!Sjp{gz9artt8aLwxL*3c*;O2xaSZL4kPhQ8h>&`wZ61Vjx?Zxrd`_Z7f zv&9t5Q~0m1zyJL}cxC{p5H=SkCP+rCZBK+nMN{%-_39K<-*)uIx>9~Rk%Rg1sTj$- zM^8I$V+u5Y{agL>1@UeE&R7qCiR%lgK3*JPLe`D2h6x??H3R^g3(K4L9bC0oezs}W z=dW4knVH&UM#5)FV`Jm~ijZ%Hn+&3U_9jk&0zg+63mzX>STj3j9qNU?zb%|YIqT`eKd(2#whkV!^g=tuz={-5dI^g3W;8k!7rLpdGr|5F_&$%Fk)7h$lR zD(c)RamoqkgZh)`BJm^k7ur8udIq zSWk?M{{pTa&^;jmP()+U)V9$v{j87m`qno@-3GXy1`JmZ7CI()`-b|N8V6tXowsk) z)LJigEOY^$2d?>Dg7y&+QljhSGZw+R@9CtNdoWk;-W#3@rfMR2%zk) zYCH!28bE(@>&ra>2&Tjw#bP@LzY9#03tek(;3Rf+p~Fdp+qS85GF@Uvc5b9)peZS^ z^ADHf>9>o|#*MLJ&D4kE1W^9H1lr8T(Kd(`^dO+^pD6B!jSev<)#vNk)rSMG`S+S| zq3=P@vismb%gns}{P#UF3JMQU`XhmS1dL!WUmY0V(bdyqOWL+b4!7q+Lnv}IJ#^g0 zJpti_ZVLMSB8Z)MVP1QEZZ@M{7PR??QTxl9TlN0L1W6!dg?4}1(14-ouU-Ds)@n12 zH6{2zV?HK=;h*6@OQ!c;uyeJ71rs6&(J4{D;RA{yN)(jtx}&^H4IT2o!g_uBdtU7l&03zo#AiuR~xAYA0?SwPmf4KylYZgns;99X~5CbnWe*a+|8+i_>1i- zOv5)6PP`Kwbl74s*{28w1=OHOwX=r|ueaZ}%ubf=b*t$pyj5zLxh>%|Y&Y~X8N=TG z80xo}(*x`9NBCvDYD!a=Hzie1Wgs)@4LiGdFiGo{!&Lhw&q3eXd{s(uu~_^YqyKqw ze!(l!cnp<-UlS6f$!=Hd+{qoZ~xqHvkM(s&A0Jp*1d54gdIT1UO$xY z)_@G~Rmcbb43kH-)^|~8fW};HLo4Cdx3CD3@mkeCQ`n zlZkc@dvjq{1;_&=3cwh`zYsd2rZy_*!ZMwlk>Lx%n z5u?G?4_S}EdXvES;_efyJMxD|#BcJ}T;s`XGU(TqF!{yCqTeuTmZAf+dgNFj{Vg{Q zB~V&ns-di?$@BA!+lhIp`E-LbscQp#^JC|&J2C|9?j7InZ);TsKwCVrv2biRKLN0EDK9!KQVGRa2iF&Oo(+by!a9waCyo9i<|<%c{TcAd@>_~qK<$6w61)m z_JWmT^Sny$cP(uR_5I&y_%Af4)PPij!85kDg9cKR3-CVJxhzII{dkW&&Qc_dx zQuk-q28o1R<3R2RdR_$djE4s*QyED~G|*f_bWyd=-KP=KuONU2_zlw)83^ElNFyYK zu3J_X+pjtNaYSgS%`IqHY7+#Z7d$ubxk2;?UP@Ly#p3_f`-i|f1%jm-y11dy(IV4f zdZbeG$rj^8mzIBxKDWxv#s#Wtx4T_oE{DbYZxvpzeDDH5unAJGB+v|;IlTOK?$9q3 zG(0*A|70%!8s0Jq#i(6Rt)DKDK6vnYb91Yp$l=4aO9UCkb8cFC#>ETEx_{9sy|xeu z=Xzt#j*3b0aabI7orbF*n7KG^$(D^BxI>+IMhb%f2jr&M;&wePMExaKZvgGd;OZ8QVR?WT>rubVYPzMLvXP8U^6*aELZQg?kxp%ER;!7)_ETjtPfVQ|K#?Y1D>5}4SR z;(FJD7)2!N+p>?y%Oq@q04?GH12}FaC3fjs07XP|nmy*>;rVj5^mB8%>L)~dLGZO# zN(u!Oyp)ub2xtn3On4Zll| z3mH|a$+1q`k&5r2tBbvn?VxMr%vDIoT~wrRaB$(O?j{Uh$0@a}Dys!%*Wtc-Q+@6@ zTU$_nyM0;qX=VoPO2L`@Zds}&oBgIbNOp%ar<*n4% zcOJz60TM+|Q$kv)V*A%!T~)@LaJo07dfg{N*aC$IC6%L7J1^svG7(HFkvZ;e?Kc5#vBoNI$EEm*=B%r#2+fnNM`)2^lbR`JHN`+CsH#ZN2 zRuH&Ytt$IK5W?b;lFHlIun`gxf>hMA^C!!~`ucZ3s&AuWP_nV%0G|}FV|{36ZM`R( zVuXaaqv_~w)kD4<5WeBklD=vxrfhv&^%eLjM#7wm48H7KWWPD@q4A%>e78W^g%$-s zyd+3nJV9;FZq#M4{D%idG{wAQMI|8O{9RT>N0#&#GDsZHqgOJr{^&OLZk+A4lJb=x zu5esfl>T3@0RKLiao*WG)^sy!+2mn#UFNyGyeYF8a|z7qkgnA^AdclSr`&FEMC$75 z);Miis6IYVB;>O|Hd+=?JDYQr=z-n8%+LSR;pY5B1XpI4!Ta|wg>|2U|KU-)At>A6 z?ZNgFlcaPq(CH)>V)=Qn(qpq*FQ|9CIp3YS(>K;9DR<1Ncf4&hJ2S1UqGF#d{~+OQ zSJ;C@2rgUA?a8dDh}M_Dv|X*w)8clE+!)=kaM}hvluK<_hH&q}CA3tPB zBB7SP_l?d~49Lh|)426bO`QfC@VVxfms_&)YC94HoX1MdpMt-afPestn7A7*XEaRA z)~+rYiteGdHZ-s_gALwShMIzg#s|I@kT!#^a^p$os8e3YtA<_;apb4KtO3t@$ zCt?{8-LSZrA+wjNWI|&NB9r+2eH$dmA_2~|_}4z??cqD$e0)}Jrh;$o!d+=l*r2`D zxV1`Xoz|!;?F-z{=iO)yN49L$oQ9E}Acq-89}!3Fo6A?Nl za#&6_7;?eX^EHciunPv|ZpY?TYFU~Z_29ySa8ri+?^$0~U!#8ahho(@`{9?##wmaQ z?_)(~s2~@ojmR_ zbGoG#Gh$sc(+F&GFkNmx5ipOjCeOdHgaSrHh$TECObLQ?m4QJefZ3@8I3r*on_AyN z6xeMA73HYs?{RjnXNAx(?om;4pl234TvGE6;8v`AE729L@HfZ{eaU;_v?=-S9kEGf zyNvS(6qxT@UQu;$N>OC-O6mm{*Bb=|VMyBR72_@3W=IE}aC0?xxu&q$k4zT3zj=7FY0y z-&pw*MuwjwTjZ~;YXqE+fvh!}DanpOB)%ZErd=<8QqodPX8zoSE^Ox;~rB*P! zHP>Hci&TK{gJXWSpKba1)3(<4MVr#?vBvUyxVNI%j-J6!;j*GO3eG|={FU|H#rY)P za);!zipseFEw?9pZ^$0*_b@P$6U%yC1j@)OK&e(d>lyWem70Qr_$&B_bG2%JTL{7H zRb(X8MPW<2gR9pScqq0Q0I&xr%VZMR0=r{h*uQ1@iD$F8`*KUX;gt@?tMYM}(5Mw@dw|)Je@;>p743%=)eT!3tE*;`9w9FqO?J4s~4_^d-GK+!zhEUT6vV@dHs%NXf`7LWB?Ey~1Nq zo!i;z1=TqsGHAZZuZ(lgQr<*~J_133udin*M$j`c$x@^uhAF4w%unP3!%9MuP{VTg z_N~T|Bh#-|3Iv^YO>kLk&2C|_9c6E2gO9c9AIEJU4lW#O`GkfB8j^*AR+7eQ(TSjn z3LZ$Rsy?|!_4GnH=t!KI8y31kL}CVBjg3w0FE+g5udu?_(1Cg8vcV(dTS0TELroG?}qg=I3|5GcuwIw-7B0L&~q}xWd@WcR*Ay zG2y*Z!JC+vKqM4wY_#?zH)c4Y!CE2sam#nlQy!l#RwH;RP@i(chZ)Uqe_RO%+ zX_=p`tgPzUF6y$LNcFiTShawXbt>ShOU};D&OL;Fp&4u+l91j73Wh}>)tZ`{t=EU> zU?LYnWDFwJx-CJ=fS9$Yfjd7!Lq!Zz>76*Zxd}jT94=ixW`x4nKbWFJN?ZQk#3WUY zZ#(05_g6E2#heLri91rtYL0o~s<%5$Oz>p3zf~85;?+BHti6p z^j66|K3?D-c8I5!1Qr_)I?O~?xg)FD6p)1|5pi)|?W<}+E?4AEHCL&jAIWu-9E}M9O(kUxy7Ry3-hD^V0l&3sI(%+EC%U^| zT5QRyk^l3%>wkJt7`#34=pA!d2$tJ7fBXeRjLNfTK?9+&v6s@6IGbCHj(7(DUkgC| zye!|KZ;qB)Hd_4VR#tc_grwsLanRKEY+=e%C3X@WqX9tu(BU zrNhfPOqmjqjobYB3kGbl~t~d#LO&rzCt$p@i7KB4u3IcOK$u{$Z4cSlMLlS+>d-Kxdd*xS6)VMRj0fTpp2*=YC5d_ zod*5OeYzc&I2P5M)h*_!NT@NUzZ*ayIy&_MWpjIb#ymNNB`G`GKRes3Y+__|^bLHg z;4nwL%OGI$5;5e>lQThvTZopCR`~Vn2f!lnJNMhBT{(s&{-pWM`O?@rt)xVSA_gI@ z1nj;HhSFSK-OQweeGn>JbjbOSi+iVjG1x+a4RNAZATAn2>(5iARZwPt7zow$7t^QX zLtW?qBt3k&{8Hle>ud=c2LL0Wo;LkC-xUv@T!tIefXi1TW4ravLO3?}x2zZRMS%@Di9K%SKJ$XU3nFKd3HTbkue{vO__C5&+pX zk*cZ=LnpDx%Je+W)Q_Rsggoc%3_V}r-hyi%yP9dQ$wIqMYQ(X}+vZ3`v@Edal(e)E ziDwWGQTLQp0-}||+L0ojL!?Kt^{kw%Y-(B>%2&`J!Q3Hl!u-RU zWjBOAN5MyivjHDiTtZ^S)!`zyTtyl;gWP!H$_V1*fq+R?xp&W+{?==VKf%Z9D~hlE zcAWGBQf>a)qWq8PaeysA{Y)^(^ORdIk+*$sL4s3B7|GpTbX7=~tWhGs05tA3LvOy# zEN(f>=#QiB*j}D0LXk>|ethw~Cgi@pabDI`@%q6Mm%09X6E9G@teIrSqqtV$+=EJs zV`%hXp_0>6LJVizjSMjOCo6B%6<`LD1ma7KCR~G8TuIg5b{12>#YIH4@gCIL9Q^Km zeY<@0Do(mL(AjR!>xmFm;z<2Wo`Kf`ydPF@^FsArZkBQaKF@Viv++_xb{H@9rR*3L zd==0i4-F5)Tpmwf({Frfc^C6&{N-Ae;Tdv8oZ-@ZDlC=QFjEhF9*`MebaQb?H8Fx@V%Q>#6P$06&T4;( zz+bg?J#~G^PCr6pV0&`;sRjqCh9Zqp1B zTc!r&TPC2{ZoB2_BQd{0Dr{v%TWW7V&HHoR^e(HjJvMGp>|wDo)LwW?Wh}RuIm1JL z{+yJGqYLdU$S)Rq{n{T0Nze}sCGZa4zq?VZ(>VN_0iBdJ)OvwBAC4(Rw0u5mUhyU2 z`QG4;{Ke(U*LSnmS23l^4&y(mj1(wv;AuC#Vb|ARu!z1D8xsSyZU+L(rKO!aKiU9O zO1|xi+(?e54@lFXVg;wxV4jW;{4byMbYsl8{+y6@1Fpch_TJuf=uP0C13V|F3Ps@G zw)_|b_;Lzh7(A(>*dh;syH*zsoou}Uf;AzE#}x)$X&m1?5w(!(Ve%q;s;TMy(7$D> z!9A~5{a!``aox2Io{n3^_mk@#((1jD0q2P_I2x3dq0Y1mX<5P$-@=siqyO2{gM`63Ms6o}}a$-FvBo-_L8 z<>k$>%Da}9q%S_sh#NWaf(+_+8YO^aEx^ISZr4*k^cCbWV?;PBLl}OtWX_sTHh77xQpH5GMqf`7gJ<`IT#S$9Bkb2=vwc(il1WsX40iciO@ zwg<0WST}Dty`i5c|Jg|!+G#mH13d)ihO6G{?rN1_+Shsy8A}zXVyKbl7ZC+i61_EX zkpow6%`Oget_AoplvJG#a7KrR?=w?rQ&I>7R#wJJv?HNE;rD#sD1r5e$Q@GNpeU?^3$;1V0?OIDIrF{G+%*<2cps#!ODJ?r?> zkhD7Q`f}gD_r0EJ$0kqklwx8}g5T0s*$mn7VJ6?iwmqFXF``Ad#kC*gX^57>A1y( zYeebfgy=^8&oLYp_TU&}I(>Q-kRH<9O}v0{{Z4^>7~{sh)7NRizN-gQtjuBnJCABuv7d z0k#T$WQC`xmVa3bJ$DhJWI6ppIqywdZ{nKn<`^mIPRC9zseRE{?MG2r@nv5zHSaS-p=e;)endeR?YL9n~?D`W_bC2#v_fdf8R$-&D2o;hFz;~-vl zzY$Z&3Q7RD-5}4r0U*#+rFQT&Aoy8ANI8@jIC=#0U=W&V1A{vm?&MI%K#d(g({4!< z^NBHKnwiAzw}1^o$>{6rTk0Y*5YcIh4GDMUqYyWzZw4Ad@A^K+=Tu@n0R3F%p%W4$ zhcrBT^0=qrmA@sAdQm}1bIV91v?9p6=|XkGhE?G0C~}#6j0Blth$WwXa>ru2aILgK zM!^cLVC6qgPP%-;++zCz(bP@0)0Laxxx&@S!a<_J4DJI0womHmSB#EJoYx0Cm^`00 zA9=ZTtgIXf!7lJ0t2D%Yt?d-iuirXdT8E5W$K}*$n??+Ym<<%CH zI@1C{6Yvxw8jrW8r?*@*H8fc5FDVgXS;$)f{AtyWy*WLfEHNr-x@mJ<)>WGs&f2=^ ztFqFgy(0=hOyMO0ri+k+`@TLdZWcYm*@n(F;uEB_1gMnt_SCjODKR!azOcRh7xMj} zyP4}$NyH^}xCLqw;HG6D?}$WO`!e5x$(A(MCqXP2UM3X28DyGk|0s<|?#9f`BjFmmod?`UND3RyH6OGsV6rbQ}~9 zJoF$P%~@&%q3(xs8Ir^sN?dAL)jZAp{p>hC+)j$3G+V)cY|#3%-?V#uDOtBolO^fJ zeUPB{?^m-(W!Tqx0Wj<&z&&Y4*E6J3C#R=}tS^rKQc=aLv=pPeTefUE9V|&ON{Ro) zjubQumFC}LKP|CA31hw3cgui{(5525`~2L(oX`I94tV6fpx%j#i|6c!gEDOZG-M#e z;da|*gzZ2D(PJtMf`~F8tvgD}Mk(|ylD&=fGw@)OLdhAPiD|uB@2c%`)eBPHy{Y+h z1eHR|#Pm{A!e>QWy#aoMU3M^XO{Z-y%i6)bjFsev|IiC@Y3ag=shVla+)%OQRNky6;H<>ToI=6D(4 zLY{J2h*5{JTF&qT5`wVH45rB#B|)AqeZu{~TQ zM8P8J{PV`o<*?XgbG$NfPWDdh#i=_;l%n~Fnv|kqAS_z?>S$x#z*l_lN*IAsk+;UN zWkq!81992X-;YaUL<3GPG<3`XXP@h|{)sy;)ghKDoV4{k+4IQ@j*J0U0F;OBHIsIA zs;a5s;Edg5(g|_d?w`u)>N?tOOEK71-mjE$?68RzqIjdOPOKRuq`5x>l+fcW%;1n|?9`WrtGKA6zaA-;Ry5fGn1$e3L$yW^vg zLhY;@Z=ciCQ(b-Y&Z;9~ahZ3*@SMT>RqgQ(*_9kavI8LH7ZGAqwNrO}1fIYayS^6( zKx?6AqWpJwHqJnMr&8<60ezAN!+EM7KYjWN`9h%nhcSVMkufYr%T=7z!j=Z8Q^*<$ ztFEqgg_8q9PaPmwiXvJEaa;8l)24y9>=UFg@v7==oJwqlQU$kB*Na%0!BxgU0USYSFa+v6k1- zv!fMC8r>l}iIeZ>k<@I4lg?O|RS&%FjCA>e*hUHr_9h1~IKI8mD2siZTUV8<_g!73 z=yYra%215@{+>mBGgfjt+vw+NgJa()+3SZEo*O?BF@|0Z#E9yjt=uPM4FSdulEetP zbSOk0kn39CFdKFzbh&wHe*&+^E&PY`0QDl~4d2U`2rD<}4=E`VKkx5Ld$=uE;-4;- z_Ux?JY;!#L{6$t?v+KdeaLLU`ETe~%WjbtJ^5oyUL*hzrir89eUtrz&UG28J=$oZ- zK1{4xU`4(Fj$$?SXxiwCq%UB8qNL?M{Kj(zVHlgiWA8eXG^w6xiZDhxR0&K5LJMe% zNXzf4YBsxJl4X8=a=>_^Bn)BVZAW*49>~)DV;0;}BySwJW_xJXID<^>nkRJ-4 z2j3rEX!V#zKf-5oJ6AYb>6&ny;?l`XG)nTA$m@fkV;EY=u_}dYL3_Y*@xd zN(MW?L3DbmeY4mR{oHw>E2HLmS=+Uw!^5|Z`5zl6%UmVCwr;agGAy;0yqWM03(x%V z{=8qJzHK#|LM!#ItLl-Veu*IHJalia32aLWpT@LVno?usY{2y717T@z8lJ+YR6KDl z4?3><1l)ly;=LOB+Jb=L;Xk(~w5q9$+6@$gDW4lKSA-A2eEc7|)US@u(s<0ZxczL<1_rEg^&eL*>j5PQaSgB=;Q$&Dj-yfu^kgx+bUr^eB zcmo2-KtS^jF3O#{3r0A<5ZR3%KD@TGV*|kepgIfSAr24kAr&1#T;fnmg|Iq7R40h~ z^uY58#`+WmdPH(6u#HpG+tkf8yx)=TAfup|=2?X&z?DkHt@8M3nnI3T{rBy;e(4v=OFQwp-H7uK&G+5Gok?9W(1+$L{n2(bCtnF|Ch*z7mi z9NEH~H~I3VHS`EIHa-MxIy@YMzM(#KNDv!E;NVO!i4IDNm(|Ws$Hqo(5inbS`E=8M zrTaI%4e`kW1kN)-ZCn;Ct(||K(1`lLxXf#@uhsb?pDXsH>2|-oe4N0E4&Xi?dI|%; zvRAWI?6^HD0%jQ*fddlGWf5>y?j6reFZi8Yi-33lLB4FP^dwF3sb0^>fHooFlPuIL zpdyYqzULUwWdMFK7LJSj_Kw5shcKguYfvvhsHBk4vC;Ozft4CdhT4zWV0f->rt0^1 zWcU}(@U_=VG-Y;E&Yaa@;vvJI_G0QoI;5>1X zc!e9>?Cg4kFwP{l>uYm+g*lkjgKNDOsx{5Q*o6n~MFi9fQJWCP_sF6j2lS#~P6v`O3s?h)^@99LfEhu2iS6d* z1~ZswIN38s>7_Joc=BM|gL?G^u;YO|dUI9xR0Q8{MkBhfKT$Y==p_yz| zos9XDL45o!0U}GY93O(ZP=|+ya~xm0su3MoTpPheHIz;9U=CGh)~DS5D|q42`Lq|Ha9D24*(<#KR*Bw%yvVZV>p7QJ(glfk+3j5 z(HblE$Q9v(UkoIyyBsiiH3QK3s@m~3ed(+W|8>kb+VAI}_7Rg5@59E1xdCw+={LyB z96*Q8{?+%L(bAnKpess+ILdJT%YaYZcMyelk&$*Wt;SxmW?V8_u!+_j?*}v790~}9 zlQdJ38a|bm`+BCkbPoi5rv@8X)bEnUm-yX$r}0=3EZvbQE+~(_bm;%n_a_h!g zt|`C3f7i&!C{Lp$kif_Clk*)Wrv*Is(%v=w!yc+>9$$=cdlzwLQp@#2!Qm8-iR zC7mCNaD=wXYn9VmNp3pmgV3v1Ko%zme})J{8g|k zC7?Aj4DR<}GJ>8uDN~7in3zYVeG>vt0xPDki5FUA6s$^(MzDqpu0J&fDEzfjKA8%G zB>)FdB)E@HQIT=UaDvK1yEGHS5h*Y&)b~FV`ND)m>~)PEltfloe})eNg1y~C-Px3e zlUKU3DONTdS45wxJXUTUkv z)zgy>o>II$5?gi#~SvE8%YdbLW)aFlt5WmD-X2>cm7JoASn|289ia{ldG* z+o<>tBe|_NU(#h)zPwtzZ+#C)$s_TQbb6!=4@YiVS~L(q3;r->L;2MJ_ax{_0ADmV zH&^f~fCzkG6rs34V#1R*^A3Q(cfOsJkA2&K(gnlmY%8t zen!R)KCpK`Uiqw!XzLO1zWg4wn41vvD!s&xseJ-?V0yWj zXAkMRVm4vh2BN8niP%d-RArcSQXD?WzIr&4%cub~d#9NvKj%_<8w zI9|zI4sB9JLmQg@-g{_gcE5A$rx{8RUf@K_ZKIy1oSxS9@$a#IqJw0wDp^b*K+O6n~_gP-#wD5ii7RDt&q=FQ>J)~=6nNOw?K7+jGXp8f#z z7%qt$fvm5b930S3`bN;5#ES9iIba-!dsf#R;z0z})zz^LuT#n}&OLnYh)N$i;v-+D zfI=`xM)$@4YXRhBRgr$)##}GdUIAw}lp9Sc#+m=GtppL?A|kRsZdPb>wr>E%Oi~cS z4C#De{9|=LMHDwwLJk-#F)ITy0>YxA0dM?Ja6o;hqCx;8=IEq9bD=R?5d_Hesc3<> zR#rCR+z#aT@Kl;cq`k_>PU9XR;}{qX6fPcor?@G% z@Fz^Ut)t@)@4VtJvtlz5UqP5N!9P+v)y&@vBMMlOzN9=30G1KTA)5yV9)ddx5&un3 zp9-m27W~w>L13NBOiA&E`f7M`;fMih_!FQni?)@#Bfs+ULI58P#Wsl$18qO$H4+js ziogAOPx!|0*SNSJ#hsIrm!8@v9Kg{0yqN|ml$Z7~6PQ6Wf;P(rk~#Nqqhl z?B$dD1bBFOmuE7C_LYo)OM7)BSJ#t*U3;o7@Tw7dxK+%7Z6(JfuS8 zB-^!TJW1aNvH#GStJ%*g2z}=kIgQI&cd-m{-gB&&HuU`!~TiLnUvT?V6`ETLj zKQ6wkztK7Kx@r7t^lf+eqN5iml;XQY>aRubvvcf@cQECgI8bn6pdDp%RBPsass9JJ29e)9$i&~i8ttq)ga z%W1lx9J8pn_y^oope-)YsQe3|fsn=C00GuWcTf-wwGjLQFw^S#^f=r4zX(e6iC>ri z)cE@O5rW1Src+Rk=5~1_LGT4{5ESiktQ(UV2PcTjq;0#B-kOHKqV+?}o*YNn%)-#8 zRf5dOc+O8C7j5>m4TFT&@!R~qi20N+&dB0Z(}ITKvgj|p%=QlUs&GS|o}n_kpQ3fX zu)Ml`B?_r7Byo9Qm&F6;S1eeNT@!tL-o*S3jETY5()zxH3_(@dIXUydb}A?3U}%_V+=w@fGgnkJPd5v2N(m$Yhbg#+8OE5F+JBi zDIi6@8(q6#2o_QbMjy0KYE1M4`*cGw9jbi%4mfXJ~WXmX{fJH ztQRU-ub=8nU(ZsCgvw{+vX}o^xw(o0rtDUpdOc3Dij=e^S(r4|>ZHD5c0obd{5&qn z=GI`wi^K#Hx~R5)ZC!dt4>lmE)d-lXywe?;&R8DxH1>TzG40O@NY*ws1~7{1>!;hL z2BTGCZg?#gyU6I8oBIM62`Vr^&x)3-tyC(0xeXaYULRsuH|+8x0JT;~y2uos6dZ6o zkgsV~w@38!hYmu~eOT#ybh0M0NlHS%?~c3;rAx=xPkQ+j2H6i?T?Z;pCq!BAp-nOY z0|Abj5fvqnz#CcCXI9gBuEOrsDmtclR!53bL%H3pwx6wi%d&PKZ8yw1RB9tlg zT;151xw=~)fM)WJ>q#IRy;?N3avoK#gix+rkb>yP`n$ggPqNw1XE+QpGDx^_JA&kG z*n{$mYbI=#cUlI$2`4SZ&N{aU!mG95>Ol^VHs0i_ta)gr7F{;AUoI zz_#h9KtJ@4sa76FYL34zK^lhOQ=n89miUOTU;l!b1@Uu(+2>LFy`djpwt%ljK-{+w zXth9rI)=CE1CeeRABmEm)3@`*QFh02puQI-&A-|+nm+4@2i-iP9q7VKTSUy5!0V>o zDUQbs3+C~4d?~;WL7(^9RKMvQGv39Z4f2ia9s{uhSaG(bAs;Uy=SUjV3F@3Te=lk9 z5HG;mnhDp|NwDO!;ney~YOayEogPP(D;_(CLhpNJDcfca-?stQr%-g%EpoDJIz`NX zlegl3pGjF1n5bKd*^AE#Ygzz6?-zUAhijH?Sf+2wT58wJ#X7flhT&}7tx-~FP`Z~@ zzByIwKe$M>-1EJuUf|}_kG?c!PELa|a;gGPq=6=pR}-23s#wBu^ihy4`+&;@|vuR6TyGZq6em^G%Tu z_UbFh{Q9Xx3kI1@+giEobhvQg@^xTGq=#KyoERv!izsQ6xjDDN63Tkd)j2@|Rk;=AlLa{T80&Suj2 zAF`YsNuzQ-Mgs~QTn_zJa=CP{i7fs5;ipmQj*g0o3R~G|mBVwW$?~qo}+BNky?dk{C&=;6G8R1otM5thR>pKj- zYvDo#0&-X?Mhh?YdLqZ6?iAQdl>Tix@z7r8cGR)_2Rky#te#>s|IjU0;tLf7TM*p{W7O`^QPToXDJiI4zvzUB ziRU$Y%l*ErWJSP0i^?j>BLuXg99w1X3n6q}16v%!(@3T5};++lO3BA~2n&~nQP zMCvb(4%vuACZ`@tdY;d@Ayjekk~g2@IyEev2{&9*F5py$&Z zsACpfwH%&wX$G7P;dvUp=?a)?qMIr&!%X|Isx0U-;Beh_f(;+U8`jp=~bgtt7u zu#g7a7ho-R+*WuTVD0E=IQiQKSVTlaN>)}@)tA>!AgnplloaKlX+s(03)neVd&@B0cg(U*4=Fmn5_BS1R&nCxVmW{&-#dyB9eDabe%kaOjb;%D2vj2k)syrx+uX zzSw1!w_viilav2C_Ui)sY@g^pg9nQfq0k#?T!UsFZnsZ3xEz?Inq9jV*~NG3bkdA5 z$-)@8{5k3qL@08oa_R-rT0^G(=&Ot*ByK2{fwKVN zs)eNy2oi{(0|J*Awu6MkL@0L`QC7y!R>-+#S^XsE3Cj&k#&FCbAX;d=qZ_Q#yB7^| z@7Liot9-)UQBGkAYwag&<`7gYO|9{GFNTwR3T{^#^Duf);(qCo;N=?hL^kX-d z!#$VvC8clQ#O!x!zp(7|@la{MyRC40c4DU{tJuQsIeVF)LzlznV0{H8g(nfKy3`!6 zB^ffyGvYpNaI8uyvWY&->i*E$ATLFnk2}eKK1=F;d1vTiV`V|cw%-8JHd|UGq&!0) zZ)S0Ci8YUb0YV3;nd)zO1o3ln4p-DDQBzYJn{8l&CUXzJ+o_}G6xIP!6&`NhV&lEi z1YVmOc@sn;f4hXFRdx8845NPEyb*eMU`?9d^Joe9Evg<&ap`MUw}5~F3Tn!lbRiPr z^fa;uXf|$MJ|Hr(r-%9QDOBfy;yq9GlQBX0apuqL_TH_hwP2juq8dztpGk^2!UwZW0 zcLP=(^6gJ1@y@SDey&u0k7^p83ZSFSd1Jcd*HjjlaLC=sK(dP-)-pV{^6R1(*KA=H z&)ZM^*5}U@^Ce#cYpoygVW7j61xFA6`v~@}Xe+4p4B8a%1|$uEN2korNI8e5=eR4t zrhSB&2ib9;i-i=XpFe-j?i+NOQUF>BWa7_vesH%yugoyEDO7)fEN3VX1roHBMY|wL z(t*%)wAgBkcD()k=nibZ!>?& zVkjN|F?fbO3fHT@n~~D=SO-%lleG93e}p{eLvps{feCV*g}|$tqS<4`WLICu9lZB( z$&SzgKv1j_e|xMJhZT~b+lODo-$HB-JumBprs|4?AJfTa|IGX?CLJp1qmt)e>qn`U zPcJWJM=T1lKtJiD`}zkz4tC;t2O{~oY%%TZw+YP9uw7LcqX+!LU(Re1`Mk&q|3L#O z&?YS9zq0a#L{wdPU;zMZ%yGjNaI4(A9UUJh;T@3Kqkpt(42`rIoWXUZ zhR|-UcF7QoCoo}QH$x1M3N_u@J=6!AM%IJa;NgI>PDrVE1cd~!7zBn_|H%s=Z|ME= zr6UG+tkw(_P$#aVB&ZK~40KoXk)f8y+TFTq+aV907EqcS0`9flQ3psIL`!gKXil+H z_klJBG=z4ivq%m^o_sJBi9o4EbaaM9a85xcL?Q$1jA)yOCwmXhwT=!9aMvQvHAu^a z`2eI*h*E-*lJ#F71{jCSpmzflv+L}c0D*wJ#|0esusb&l43tJ{Q@s`z_7{VZDO}yyHbY4M-y}ZPsG1+E#$7y`q=7iuH8whPe{{>(vj}4(KMlmXh`w| zq^UoVUBG|BQO75*t;a?j(q--)5rt>?g|1#g(**~Q`cqSLA`RpAOMtoVlW?Cpnf)GP zWQ9#2^844kV=ERGj%O4l0tE$@2n=jxLsGs`2p(S$;Xw6=yoQDp7`8x~0|=@aT3&N= zGr|%|d@&(eu0XGd!2wJr=(hTLmud9O%^{^5lZAz4{TPlK0!J3NjTLflNTTJ0fCSr8Kd<{er3c*6I1VL#6vo9YLl{;=iIGE7?LeZ#%wB zw%H$v1nSdO8t%KXOgtrwvGujQpIH2426`@zQ$31@9%OI4rZUGmx1 zzHCS9-)Uu+`8ddHmXf`KQYGGa=sgr!=2TErlGR|yLS)uu7qf&(GioSD0hjCRpU4&{ zBzB0&Qel&t`rCVXnOcg$0;YmXlQp-+73c|2~O35?2L6+1LGm5rXOBL&v(+b{M;h&hRBN9B9=i>b#os984&%|-3<1+e6@a8-cpASEr$uQHAYZe#>_3-XFzRujHZal>0x zB_xcwG}~~sIbH4t!&ULk2m$y_2sjMQlj-c}cP|zZl&t-kM4lAp5OvDUb6C`xo>5Ol zdZ43CN>){Ae~Mw3H1_cPRSNGc(J@Gl3Cnu%l`r5&p8Gii*~{w{QGm7mkuxdQqWF`v^qI z@2FJQH39QjSd7AZAZzFih2=X39I-tR_T%?~~XHYzIS zI;st4DhbWC?`a>GZGV->3pM&07xa#`VC6#ZyGeh#VB*(}6SGLY9T%hS#ZI^F6PNAQ zmA8cmHxGe{@~z+@Uk~N%y-Qy~`|$;tgtHgc3iZ)^jpQ=3HhNs)aRtbKKb#zqu`G^C z8VDAz(rTwHJgS)J`W$U`HWxEgR<-y~(G@uxBiDt7@QgC{<%QCtoJRa_q{&}V>0C}< zN`E}wa(*HF@k;tLr&X%)0rft{Jwm(vQRDAjR{r=mJBo}|r*hZVO=(m8y5n1po|m3B z6&{N8kHy8sKMFoY!6fP&G%>=qVugj^b7g~+qVO|e;rOv%4w8jzP10GBK%{{ZJaq$< zs;;$Ul^W8_1R*&a*eoBW;(xQa9=5r2-4JKWyu#$JieO`^-z90Ds1T0f8^HX8MLca$ z4=7w(f3mOVRCDC!CQ04pJX=A{Aw_rnGS7H(smf6UEsFH1(V(88wphC9JrRLF-;%GJ z#!9<&hsHTXhs-OvNV)?f5~hos2E<|KQ_IgxYxI$@nPt0iyGNMpeu#8yM8oOMUN)h# z$J6gbrY03TDfx}!D%fAz^`Vjz$BcQttYY@$Hw#skXb0;(U+>lxN~&)U?W=c(m7WYV z;S%SrFg>^o^`Geu^)&2|{M={iU|fz8O5jZ!mziq`$0@KBJP=`PjsD!)5%d7<6q#uo+*gWT{P%z0L z)kXgxGc>`gL6||k>SGW8Szz@}ZE{4Kw60{IVV)9(m)l{GWgVNxq0LYBF->H@H`|p5 zJvHa;9jHSs@-jE^6WhNJm{0P;`NLjH$CQdLt^*F07P0u6-Lz%Re%_wfhMNRZmMQ56 zfwxB(FaSlb&Ul2Bo}P{C2Jwk5E*JpUyB+ih)jqXie zuig18UwyPBBd|PISyojQXR2pm?>!VtLKl?XiiiXTlmWqxl*U$WvPRgM;DBda>05-I znpS%!cSz8{K)BHI*!Rh%ViN(cIX60bP_1S4@j3CC3BmOCTbHH z?VZ<}SE};k`R(v-rJbM!U9Pq6q-EBL;x3U1e(YIUXqRNt?balh+u;iiO_rf#w7?x} zwB(uP96;3&ANx-8Gk2;@cqO^1H zo49mfEoIEGdBKq~Iuo1(+kEZ8jJ~8s3>VTZtChy%9$l!FaHWoyI(1KUZ06F)~w<}i?4J|ThmaCwxFpiFY!oW zxf>4qBD0e_KjJk9-Z_Ujd-z7WY z11gpf5xuf}Ok&R2BiA%KRcx06Q*-ks%L+=g+i`KKtonD-%r&MNx**B(0_sCGc`0U@|m5Ie@kODo8)hu25%F*Fdp7)Q+ zc!A5>|# z`nJhuvAC?4t?oz4ylkH#cSH70n0&c;%&DfXmO63A=T?`d)QjAcpDKgm5~lPfCTn2v z@ojh_o%PU7{rPci6giAi2D@K=Oyz9a8?@xHfss4U@^;tvp8zHUO+r&WSI&k48;HK40+OVxu`L&4OvV;4OZ_S$9*u>%) zKosOR zv$;L|x|^p{h2m(aI2dorP#)@JM-G3ZZo;L5&>=J=@;8N%q#0dJO+-O5VnSJ8arUc# z;-zL`@!2nt!($3bM+@U|+0?1J=Rv|iNEkQiv2*7>F~4sp@i1jfN1Xk*{wGZGzKvIm zoJu`SL0NnIl09}?M_eL}%M)tqE-U$5r-zZ@v78<#S&5u+ADe`TIt{g4mpFcz)9Lp4 z?m!Rd;ze`tspIqrQ5V94`nXmLr%9JdjOqHjBv`0?9o3@U z=2KPCh+<`+e}yGgoR0i_wte40bW>J>?LCBc8a5WdNI0#gJK-M(u~UO(#ezNWp7Tq% zr9d|b%+B&kGUemjOSU{NE-pZG_1AlOK^$y*kxpYO8E0Z0$3^wDTPC}KzP?a6WJ0Y9r zr-G>0t_HaO!hH0*g0_fziDBDiP$`Rgr~dqX^W#);l1~{0kFqt|ym92kx~407N{FDZ_EC{-1g7Kh(R>U-MM+eYLbo8i>) zq2gId00IqNJ5lS(^y-(|+|)WDzL0i%XUG=nP|10}PHiqQ_w`LnmzX#yHlps-qvlHo zlxG<6tny>se}f$e-}!k6^wGKVlS3dOh`Un<)_P6LSM7P_QY_OuQ2pM+ZJo2jZv@8I}3!6(W*KU>QJu^JnJ-vG&^7*s#xQW(^>6 zeIOjJ8JKf~ftflo2;LPCgTO~Lu*PgJPU*y(2>-N5%sXm%h0&8UcX*xf;F}8%2dZQq zlK=%IBt>d3{_L5dT&n+IvRy`diu*=DkBVchRSn1I&c6&x~JU z`4~dtY%r)#P;w-OpD5=LGTYv3iwhvjv9jWn*H-zwtigc+!1^ z+tS})MkI;{RnNb@Flhd4kf-u1O7Xce$u18R&7Pze7yHDoX!MNAx3H|I_l5A9*oVhM zx}DMfpSNBMZLQ>YX9ITd<<;ceh5EU-s}?x5T+W&;H^9EsoDrivW-*o2$3|Xvv+dbT zm^IJ_FXw2D2_;ztv0q1QPS zB`$lI_X%#Oh&*IQuI@Z@8||t&8LqE{8L@Kfn*i%tSzBv*lO;?p2Fe=EaPhSuz7Ut- zE)M11#Z_z<+|l+vb2v^qil7{gOJ_H zUiv)YcSB{W+ciHta5}DBVKLtQ^4599izkgI)_Y4;Ro!#{w3nOu)1P{p z`}bnw?h?lf4f43+8w*j0DZG_t_~%93vmfAZp;RezG}ImBp;)q^vhTn=}pz)LLzBbpPt0YjC*vSa7~JMJ~hMf6`W_q zv(;9rb>?&n(xl`Z5wDWy*5-HmIEGAQ*oiQK^ZhV>NcdXFShLuij(E6GZ{gFCxk~-E zx6y1>iFJcJ9%C%IW_M?2>WnuMAj)a1K- zPPVd|e7WL!eR3TCYPf!P-^*?4ruoJ#nv}0y6=pCkk0pbaFg^}?{jIk6!uocLipxFa z6Y<<32xAOy?8C|b^fY>7HyE{7u0CXZ%j)4nf!NLluFZ=4_q}gvXDJA*x6juE(as`r zrB>%rdi&(s^6U!qr$_8u4(CwMM%a38*00I1sy=IRX}EEiaXyk&wwgZD+MGIM6v=u^ zAFXR?{AbB_!J0cFw~SUVy|Fv`Z(A>-9p z_dffOQcCZ7Ad4f@*b5L2uj&@5ALw4+#?75GAebD38JGs4mVNMoc zFO795B5tGYkoWcnMEusz$S@OZmWzqdz>AjLGtx!zIz#RV+kF4v0P&2&eFG|ZXiT1Z zx64HoDiz1-Pbcq~RWNSO34uqzpNA7+xYcUGD+0SYz+((}7$616)2RFk!X%M!MX0CG zkkepP4&VF+OdDWuT7@wjW)vBJ7v|@|LJ7YWid)yOy+LuazCpQEaY12(6exKip_X)rs0jo$qabyO(Zz_g+3qav|B=>nWd;xAAO3@$x~^Y!PgX2|~SE zf2+#PRDOTpfBub$Z(I2Let-Y!&Ompp&7W3)IAJjzd~uYXQCS(UQmWI)n}^p?xGn?I z6vS|N8|LWG-w6axdnwId(9g%aXhVE{N3vCIoIl30-OAL71KapzdDOQ@2ZIm8_s)!x z4@ZxuQppMVb@iD#)s;SW1?9LbCr5>kKX6 zPDFBI$B$ccz0;`o6KUDS8C2Hiu2IRCwPgfcI-BC=C`CjlGbBD&*iG{o?e}}lJfSPj z`hs&GrCPY=ry~7Vxq)KNSR6?M``@)MkDA`qoGj*8^$FGUbrk1QHxI1+^W)8emAQ8C25~Q%c@DoeN z{X56Jl=1A=;^JfLl{?`@4hJH2+Pjzn9`%8Imep|(_SM(rXD9<%1mbjb|C)7fBMDgK z=Y#Ng!Ts|3CUtB2Xf`cf-*9fvxp(V3I-e|062$bp`BR*GPZQRZp&>;$hGjJs+aQXR zkeT`G_X$z(vz?t~pn( z*%nltKahRk&3}H%v1pKayvxX!0Gr4m5zme5vWw;QfQ9JhOOH#}l781@wAF>)w(c&2 z#h;OA0fM9EoTfRssT84NR3g}aWoIg1!4dK8u{(pu*GKNmoJD?M97r+Twn$cPjgPaVijQJQp(Dr+S?^yH7_1B2TpCy zvHFCb76wHCq|lLX|DLksw45Y(r9ASJuzD&iqZlVpA#{-Vetlf0&q72ReYd?Qt(Vn& zNY4tiRXCj9MSs)y)6z?d;x&^1i+@~dSA6QTfLCM>a+M0^;)Od*PRzulwq)`~-<*BR zpvqikbM0>?z&+mLv!zA8!~f_W2U$?UhbP{xOf<765AWT@+HfIB!rpN7R@3@7%7*fg z5<>c`%5fqL$K)X9*;?Z>JD=0`tv?^wZTnYQF2>wunwndkf(wv-78VAhaUj;6DYfBz zRlkWX-jrj;-@Egc9fdW=)H9tI^i?&x)n^Qsmi!1H;(vV}O5vswZjF6?4H!KFjln$v z#2!D_+v}4(bn2fO_0-Q&;CXT-KbY~t_Z}3Y-0?Ux;gU(<((0}i~v^w#t&BcX$MB$WHBGFo$JW#}r z$Vi0~q0(4#=qj6*kL2hi;u28oNT0`C-TpJHLwU=2Wx!?9zUx`%#r(s%WP$LVm7ayK z&kGHXg=1{i)2BOOiPON*I4;)b~S%lg+~4C>F!$T3SXwc3%04&_Rq@)JG&)PXgw0h!<65ncSf}PxQc3EIbMAZZx zqweAx@$#e)47Tgh&x^+L4#}Cnz)+63n^-+Bg@}kc8P3jVL=xG*H#JSmlV7arX*c~$ z7k%M-wOv2iy`Ld@x;wxW)_!(ADp0G~x4EzjNs8@{m9@GE2aG5_Hqu5(@QzQYR_YRx zd+w4sl$Rq+5Z{URQ0%Iw;6>3XR&l+G-%NzDE3W0Yp&5z1Ck#>4up4mz^7Z zYwtwMn0&FPujCn8m-ZIW|DgvoB427nt;aU<6K@;`s48y@GX@#W7TLwVbRo)BV%)(K zXR{yOB_qRc_5Fmx2J0)*6Q-TnSCYrVYHGZI&n4JxyS#3iWuSwy@eFoId1qHc{NDbo zSqp``&HkuA!bZO@LP`AjmtA+>S|8IL@1>4!CGKN#Nia=({Td0fOa=gBU?7Z)j~BJ{ z=2-nQlVPg*JQ8MR9%{`ckkdA2aompY=xhSrV6GU^wIZ1Mf_lrH!UtotI3;q z#m2={ub!NIeNqZ}t&c;Mf<^M*qz$Dih|u2~Q@fkjrDL9d`x~AQuVk#LUF@&0sV(vJ zH-|x#y)gyvT#11E^t^V5oe8;`BD1v4$T$H?N=U{Ko%?j}q@hwSQSK^+a%AXAz zm=Dq5@F&3{3B$VWGo`z4BA;nD@-|$y*XkDLk;89IMh(W3h&rm)gawyFC;?O{b$y&B zP1GeEqak8$&QJmEvcY&SWGuILi6>W*n;pvj&*H$4HCiu_y*y9W{Hymhy?6FHEpRP_lYEb3VLe6Dny!A{C6s+@omR$rD0uvLHyh4d3# zoIAVi9ZYgszxWJ5E*@v0{>!>u94a-!tWTeFI&4iuz%x!%&gkRP(dmA57M`wuNV9nG zzRrNoWXzA}YEu1uPPo!(Em~-|n3?=5LE4W44=J7qCA44h_Y_z+Qc`|9d#l5#cuJe| zg_+iio-35JXI)WJ6~@*2%R@?|BM3Rg-@7Cu>?g#B|lcX((Bzx0)XZ~;VMMB|q2oIQ_; zStvm-QHY4HJ4TqihOpLb;l(*DZ(>v) z_=u+dm7-DBaHE`IIz=(lyYpbmj*qGC9EWgA$czZCb&b)c;8wXa5$iaCJIFf z68d|*HG$|11w(h)uV3?y)q7{|I0I8HB9KLb7*PLXyrxV(|Cc%G10h-1Xz)t}SOoDJ zCM1x6w4a42)VO?Hlg!fw+KM3Wqd`$wvl(Ql0L?V~j}Qjl7#dc>Ti*hdX;?~_tw0ny z>GQ8N2VQwy(Z#c;AV|z#Ud4~(jyRnnx{dJ%<$2i!@*peD+xa(kf!79Go}{-^^r`WzksN7d6%7Viy)ti?m6yXAA?2=w*al#n&3mr`S8&3yGXaS??SyI-jReodag@EFB`?98x zzvtvgZ2#WEyS_f9OyKpr4G*@#X<)?S*50|PnJM^~GJjR^@?P{t4`fL#h1E}XJrH2X zG>;MJeXOk6m}^y2J91sd&NVQ%3fDV$qJ1Wo{w^HBS&+uloupaWa{D$2BXAs+iON0+ zvR5rU=eo+XGop-cJB1wX(W(qu*7u{7ucUH^Y#M}Pn9WboIIY4Kg_C(rSXVUNdGNLO z0<N8DnPJM8xZRt}o%N*4KUCPIZdRg5}2N z^MR_wV56nH=B&RS>0f7?(Q(Gehw|}W)1ioUXY1N@hBIUN^Gae7jknp?%&e|J9hf7PA7n3-^XnPll1 zjGzf7hF|2p&xO1nDvlSSop}rp#0ycB5P2S*-Xt`?Fi-H(nVC`~B#>+aU`bQc&mt3m zkidHe=5+JXA|FJ#l*s@!BBgILVtVt)b*#n(kRPkC0(sg;2#|4PLpFB^{>YB{vq~l z$n*<$#zCgF@cX9eQF=kKvPSN-m})H1@jOWK6{(TvbGb@iaigh^8aA6`1h{gx#(8v^ z`PoT%#c5xjmzSw`WEYN#xv5jOe3Y8UWqtp%Ow@f>TVo^Zw~~ZTgH!1M) zHjW+|_hqj;mDo1#r%`k-J|;;r)i5ppzQ$(6;<3yC0Urji34?1fC8xx92cJoIjY$B= z?4P*^iY#^5c-7d7rXCSmD_CM@%kA)2sGIj<^6j={*6V}mn`y(nzjynNV9InqGN3x~ z6m>a6su+Pxqa=^(jGsO2M z#dv_xShs?!k%bRm#Jxfd)RSExg8eLE?~r5XxpKJWYdBZJU-z%C1V( zx2DV767PI8CBx%!_@rIp*TMKrZQzry)+5^FZznSDr_Zc3uAJcPUf>`@qm)$dj%b=J z?js>up{G>zgbiOl8wfBiXQMjCa|m2tZv524R59m#qcwtAq2th?g|Di;de z;3-C<%gzRTNDo#z>`;-$)Vnhg(TVSL<@#-|i2jeJtBi`WYuAE`fPjP`-QC^Y-Hn8F zhxCvl-7Vdn(hV;q-QC?K-Eg++tZyy-<2Zk2=GptcuYA0-VQO64VEAp%m~@4ma{OVJ zWv*|-WM&ZkaoPLU3lI?*PyE2ny#pBNqE#d7l@M^qH#dg@HHbQ`K8%yPz+hq4?`WZ) zA6TsS87EmLnf9;E*|0xLzX#IPl|__yKY*A56vklErLT;S{|5pSK{=4&QoRjOa~d7w z69$d#x&n2ET1d-SZvA8Dv48kaPYgKN@$H3NIlJKDfjPnuxdPkg&Haa-ybM!s zXai@VauVV+r{2>r(W!oPni*xZ&$D#@0wu#wAX_?ZWLfw-^^X;LWD!V9O zOuIIaZ6$CbZ^%9Izhq}+8ZZhnuD=x$MDA)#cOgZk3JH-SP1>Yf$rCGQAyn%fAJ>!? znNeqDIxniL+P{JWfBLrvNyum8XYQG3;=^(I{lF;%Qp3Ow%0;}l_{AfXrBtKBU{tOF z_x!TniHZyas5s9r%E`+Uad8DW6h`i?xUP1Y)`&N}|0#r>8d*lQ>b|Gn5B^Gu^~&?V z{PhCYin%%C<F7GG?3^?kcDt~O|3AJAaU$!GX`Mpm4zQ)Jl`BUK?c@{>h|4%S)=qN@#?5rC5j6iY%Y=keWV$DRWaz+-fz?j6 z4$g;PTsm=U#gC0sxwklB7e_Ccm^awH{*`I8a+t9E+8-B=??KI8N|r)Qh8hA30}Tt? zL%CDSlU~dDT(pfE8^P3id(m;XztWK7<#z6)uQ+Z;_(L!n$pZ%ziSfFO(W#ze0 zPnVlM8Jh%AyuNcs8-qji}L6rX$M^pLo7L0W3nywvDXu*3gmz72<0hG24sUZF! z1Kizwv%2>y4l6Sn$BvH~TjBgj5#SJ`Z@T&pz(2UVXF$nwb1wo25R8~EIE7A=2NX4? zBZvFVp!gGr3cCIR(320sYV;>uh&W+=f1eN+37m@{v_ypd7fFKjggGk^9s#f;nahzJ zY@lF}o1CAQ1W96`{dK}eSH|5H6#)hg=I6>R0Jy8{H@a+(tl4q!qds)3MTt`P9XNe8 z8&vt97N9z}mG)uraoG1$`dU7bJteNv<4xXzeop9(v_MvR$|h;Q_r zS?3n7N^3?FCX_}Gpqm?QGUjiiX2wT|LhcgE@Jz_!X?27l-{GCv*!o1%l&IrZ5^p(% zzBlf-Ccl-CeYa10;z|pY7-2{d04nFrZJr;m{8r1Iu)ij#*h*X2b3D9*^H}+0Fqt9mx0BmKHJ-4{}S-U@!wA5wEz2A`~m>KAV2U=eJpeP^M%T6nRevT z$>x|(Yap2b-R{8`z239ixaiMOnu-2(*%{4?mdeUgS{mAYh`%z&{OoqC-Mh8v`K{om zOfyDmlg*giACkePpJJ^ps!WBQ4Ew83CP*VIzc@tBO5@_WL0?qtSDN3;SDz)mygV~Q z8*8AuR@Bhx{n?-=W93LnM#WR<>%;p>4HUerOJzO1sX*^aX^6n7ZS9}#0*3N;LV`Ie zTUQ_8T6ANM+9mu~K%r_BC>Sd4So!oH`meA3hu5i0e|qswWt@h&R?W7-vJDoGVg6U) zRj)m|)8<=m5X^+dY0en%{NNfEiOcMSi6KK`VIfhW{0&Ge@mpUrz)#&ajm;68{`K7Y zz{_w_r^JZ@tP9DTM zi_}t#TmtzWuihsxzk$9e;DNs!X?35d2jT1ghAb|wWFVshHOSoQNO1$A($eriu?HgH zb7m~17SUnXFYiG~6Eso~$-|g6yNaIPs$6XqfdN}3Ag+K|Ia?7n#wn^l*^i%Py}R>_ z`MWq-Skjv_iyvEm30ie4WDy3i&G%934sIWFDrXcKv5h*VC=&*4f6743FCq|SyLQ6< zmj``7B#QxoR6U@C2)g)_6XFb;Zl{Psdo$qKu!qAvjwRnd^16L>VdW-K);beUOZWHl z=3ca(PaSbv#=G;v*Djm6YqPCw)>NKk4&flnQSCkbZhlfT3fm&WJo{WdUbidyhp zQ@~rMo@Dce2C!sFIyM1STX9)Q=c#?Rq6O@omug~JLHl#;o^>Pn-jKZp`fxVrzK z29`pF&YjR@(LFFqEAT(tfq`2+6>;MYF**2dqz0%cjW!$iL#;ILFAZ&9x9ULNBIE7U zr-epa#8=M^HE>d#!-bF*6igUY6oPKj;c!{K*Y%J5ZjWqwceim#N0wSoE4&y!9G?J# z1I8XOuE1_6_EImexyFDyPApMu=f9yl=#uOYT=&q${)Lno4CEkRly1?A%5=>Jr6NCF-Y^0*9T z+D(2{K*&0~arL5pB0N}Rvq8Oly=?bme+S@g^+gbph@L4s<7OJoo@;@DAYb z1UaRjKYwO4A14e%!1B{B|6{=T1|`O9GEa&#eYD5`IDgR4ExE-~N6$4i022o?QFi=3 z(*H*g8qC7unt!yn_a$rUCWIwuaN;_R3nqqzh=|zx__sv3PamnD5R_p|FrSfxXLf%U z2PT5DzCOSY$ocq4N}w?sgdM_sMcHcEjI;Q0Tg)*pT+Va!G zTrFnOf*$-5s9@OcVN9aV-C78!7l|twXkcXd%58GopxY{c$^3`oKdEm2fk^J71vfH5 zj(JT@36hvBJ6)osG5ib^)*BvB=0mmS%TJ%&*dtq8bskK{Cy;To3zI^p=C*Po*#m7z zBsyZ-W%|^yJ0F$ToflPnQY#`$1VF@>rD7kOB4V{+0^Lts(KUWof?gmI9d4@|d}v zC1n4^r`60A;pB6}0(oL3}kTmFLA<+X-{YFhH^NvpZ`lt0Pm^lx>V5Cp}D zz_v#|JSptq6*1zrPG3MpsR(yfT1tFD`&n5WlF)JyA4Mvmk_OO~ubwYW6F>fI`}C9$ zMBtA526Qv268A382d}MD(A(a!Ap~_#&&w{GCiNNmZ`q8=(5_aq3O0b ztIFoI*z}pcW}FTjdHlMw{_DQim#Ez7xV29JFf(B6KUAZ!u(H}J(6RleG@gJZizqPb z{J}S5|IyEP#xOfK7cX-xsBbG945jDwHvgy!t*W?`Lrbts0@ZC!u?!IcC;^eq56xfz z=oNebC~kxW5d;(h0-2zu669z^OXq{yF`(QAdp8h5kWtTarptr$UJqDyn4eHUmhtA! z)7x5(eRvlFmh&d}d#@OlpdUu4Ts3pZF(m()rV8FyNR}gI{&!nvpejhXtn%aUN9Z5F zgU>0V3;}8YI6*L8N0vZnp%8Ua-*-X3^Q}{dD#lc^Y7} zEpV(ha@W(R^Zu&D2F&KZjC#M)lQ_{2u-^9f4|ZdIQD|ZL@8*PTT2({Is6I!rFD8}? zBbm~-??g0P)fH!b=vMM5B!msQlp{JlUCvz#E@D>MP?l>O2{Wub+wX!-W`KYf|0h*> zs^HdTGv!)!ygg^|*X*7nm)~B`#4zD$(!$cKdhfBFzhcnch(mY2kz-$~^fnMst!VK^ zvgEmc+nhzE+P2bbHyr^J4kpl*DOpW}q(LP+ zb~JF!N{8~gCE;Mhz5Cg}t^0up8h+*!ws$xUy8YP%(e?EJ!vDDcmKM?UwCzMZ7z)QP{hieCJ)sx^J zggP!~rY|P}kS8K&R(ZJ#e(Se{7-!Ey`o*d_bH(n*XRqsrLkv0f1%VVG3RFYakq+|n zTV>z#EaxhpS@R^t@RdWEJvVM&^T#$&gWy=!^0&oMKW;;}ZRvrt75vO20JXE~cG3aP zhpp2`e1kkEXzLP&++v3nO+htqI@r7VnuCL(A zzP2!>JWL#}&@a{=& zi>k4xvhg-rLhf2jY`rq$=GXfOQf>U2NwJPaw2PwNK&2(KrS!!N5V`l=*BpPhx1z-7 zxbTqL?;lD@3=y7ySV@!yOD==krsIYBLs;FHpa-Lb*;=#hVWBXVs+KbXf#;UR-W$)&ZfY+h@OC$$i(7)(8!QFs*F}GJ;5Q>e?%u<8NY5rHp=cd=t zp%&f@&~U!}NqvSEc>@?!p&+PD7DRm_BAO06JApA-UI~oKI_-%j!NeiXug!BmI;$w#les4aCR-)f!U+j`s zVS~Dd_5b4SB+T&DYtcpoLr@&KZ(`|5F@zBC)!XhhzAJPfI2*b+=`8ajVD}P7f8f!) z==8C#U(7i=v9XcGNzr9lN2r1g8{qfh znB%Rew5E(PrO7wun(x20vCYeteN~Bt^CNO?_e>X4j+lBV(3}<&F^&31v4kO}^hkxN z5vdI|`FWuaDVD0(Z>6+Elq@2^zR#Ufg8Vp4+J_Syrtsg{C9wu2n8FpCy-0paWQc3U z;a5@pWGm&T_~a52*|rtT5ZtkLw7(4Ww60;>0WCossCd>?+?0dVRMEvY_%4zI*TU9Q>o<>+7~- z_wC}!(v$kM1V?*7`Z!p0x~^RmF1>h4J|9ZYS$#6#l%_JcUBi=V37I*%-wvz1X{wZ^ zCS&1CfA|A~D^FnoieAuL_)7eKy!i&@)SN+_wzju1=F@~z**8*1;PqcUU25a=pHjEy zpOPVt4c((3?Akg(&-E9+0{eC3KMKhM!Et>o-wmLU{}eLjOdeJxSyiQ2Y5v`?@;qPY z^A{m%f8BLdf2j`Es$no0mnsA=j6p@u*&#D{x56fX-P#n@NNt+q5iUUZt`&b1EmpB~ z`tDgTev?p`GMtqjeWC(arC3(}t1^sDy(Afhh#@uV!Ks#lha*Y0pf90vm*0QGT4qY~ zl>#RDWUUWtzZ57P3eK`CqWHa+p00m*+&`+k^3JYsZZthBaGW?k^4$u!#X~M0MMzPV zfCpVmiwYDa6t=fV;#9T-Qe=37{CN4J4FQ+mz{Cwaqyzo)>G{ARXJKOliQV)5bN)!q<_wk=(d1k#E*4V!*#*(Z&;DRdqS2r&ET}*lz$eQTBSztP zJz#f&N15f5Hu3oB(b4GQfrF%j*Q@_ZfMsMF&B%&cK2fKvqR~U#9~q$87WsQ_!N?d@_XvY*hn`%84_A`e6b@Y-}3d57;7Qw~4P+rbcW)d=WCy_Fep zF}xO!Mctg&(v$TNL7`W}rHe2L?j?4jh6{Lx?;jo%BF2~+pYIQp(KX2& zoT>8f{-#ZrFrR8QafpTt=e=DGwp51+)&g-yMAVS@grWArb}rwq*`4u=QFrm4%AVch zSSshui&}NIBw7R9;!)|MxlKR@Yg0t3Cycj)IirmFFnuCCh@FDBAjVBC)e*IcQ&+w3fpiZ;FYf1gze|!0USswJ%=wY}pnLlz$VBRv% zce^@PDe(I4KLvqdlk1WMy5U`<_>t7q)ZvB2Z1ml>*QeBKn2p2LM|?to4ui_2cfvwl z*?GSd)tsG`vnD9sr)bg!68l;-WbA2@`d3!KSeep~b-eK7M+IrEDeUbv)wn(VXu)DM zhqddtLB*LP8$naR2KmiT&YPtiH z@rl*@(U~3?SPA^R1yt5Nep(Q;A_{)nvu%C3|De&XZJN=##F(Z zqG&ql8hbkAU4geMlKz4+OH0*3>H=H+jG9*XX|zz(U$GT3eq?FNY;b{Q%QN z@D~j!00gl$9v&^Ud*SFbSet_2s50FeY%@7TKf=5o5~*15G8IFI_*eQb1W&hKy!Z@9 zv*qtWx7jbJqs-idTl-9j+EUJ``G&QO1Qy-0fs|iz_P7-VM@rVn2f4v1KO)cDIng8_bdh zU_A=ef3#&N7PT78Z7=wo>b0gI=nO&Ah2TZdN|i1B4#*8e%5z=wK3;DAAz2hz(c6?~ zvOU%2@#%ZbKiE&bQnP0g9S5$r4i*~?ssT+ZRH@yWN?n2|F`SqC7GJ!1#^2EhJzMdO z(C5^I=|DfI2RtwM`w&lF=lpleGx6461^e|CXt8^&M+#m;zSLN3%_Y%UaeiNC;;g=y z|80tu&(omTWWprPn7LSj+I)pAO870u+6c?`SC}TP-|2w z676#;O9lwuL`#4mi~D5F)xp#+@ZouO+t>uqh%{jTHj>w*pX0h{Bj)SdyU5LVDr>t7~_5Zv^(~gzi=@t zn{*ohs--3X0jpmA73#m+sSZBUO;F40USsa)yFnsRcfK#uN5dcoMc8e-2mD?q+97ji?o*#lcly>t7{e+`^n9KWv2ODj!U6cyA>Hjogn4sHlv!*d zy3`B_r1iTE5-g^h&!#>s5oaA~DGzN&D?YI79^~hm;h;+=)2A&imK!vkID1s9qubWTPNzqgMNbsO9_ID(-1q2@?0d!C37c*MF}XtDbGw zH|ydBUiUUU5!hWy%#3H(}tki?2_vdm0`|`o$>UTEBm@@RgrA()dG3hzlK~v zyjYg}K>^i7AAS(66lJKNborlyvTq}YYGpbtfe}Y@|DKyCD1lH~w5Yxi;9&kKlruqD zCr|M&I0K;L0ODBLxa;=ByZzP8r@8LaUM_{4rNcdc1??!EVA{^~X6P54$;l#H@#Cz# zL~P<5-dLm>!YD=(FPVEzp~gp8;mazSP+>}X1MA+k;))Q*dSaP)y7UM+3c}C^4v#cS zK?R&V4yh=7<}1pV$BDwP-#6Up;?Gi=A??Zh=~MCoA9Y2zIw*acL*D-=BYn0n5gA}D zXp1S3i_EUutLiwO*OC{H60+95{SqNRb*>MZ>n7 zH(FNlR2P>Q8?PL$^^Y)+w=@!Tmb~Kpo+Blu8 z26ak&5{X4sjkn3oF=i=}vtCpeI_cWEYo#ZZ5?3-F#^6bZAd!`3@f6gCvn$XZFNnpL z|B5k&YZ$r?^6F%RXN}@}LSFMsw`NMVzee|byw+HDxNSq=J2WSB-zhC=4lT?`j$d>+ znx(T|t&JJM;b3+>wZ<5J1VMt6o0vXL_v#>F|GQ-0^XA7m_l$yT6NF%y!&|d zLK2LK??d_(paSsLHR9^&cuK+T^dO{MT+7sqAc^y>{fRS&{n7{r^xvH?Q;p{ZI!KFd zSG_)bYsW2rtl1q8b~Ny(`EUQU>ibCDd#v33()k-CtU5Ox9k&7*l%&PaZLN;2t!2eU zJjq6C!HdwAGciHeN=71%f&D|y6j>er-$|LEoqV^sg&y2=5=Oy)qy~82miUk z10sKl@0biFCSiAs6fF@7qC~KSpMN(BZaO5cXf1@WH|8B1HQ|UM88-a5&tD}3TnMdJ zlY8rE~rjeV_!4N^cxcY1rof9 zd;$>;Ih2#&lnVq!2*CL!o!Kt&ee?H*&pu|Iw#~;MKx#LUFQf5KsWM#+>aN&rmjAo4 z(V=3XBU`^E8eqPr{{l=aMj+t@2!4#}P8U?J?Ki<4_@saXEyL`#^}835r&ao6SOU=2 z=T!)Dh)o}2F`Duk$@3@M;8Rxn!UrU7EUhDm6sn6x%o>`rOu2I1ut${6)?Hv>v78#~ zxo_E2v|UtBqieniR!v)D@hnY@$TXBKd4%>pcOkMWHQmovWT75{ zbZv4i`*`6|(KIM;>Vn^!?g6rH1E+S#$OEEjbbHVooFHgi0W1Af$5Pr54D51zrTo<` zbp0^8RC{4D){1qf*{AG7$4U~&<++*u-#=EBe+Ok$=BwS&^u3uP7&?-~&-lH#9+xkb zcRMqE*wM8Ti;F94Z@6qC}~dy6{ifM+^3nJ6XnLmHolJCUQ3!hIuRBfF_}i zG$ENJQ_+?zzv6M(!^c59#7u)RwzbHju$_zbQL$8wvvg3hMl*z7Vi@~>T7X<)3^b-< zBR3=XPuI$pvSP|} ztRVk7%xPsgUv0vIUl|mWE1s)NR++Jcha}JQENeQJ)>)E3gUNhV)J?xqRJS&_!e{d) zZ4?`W?(2X5T&KHoI0w`DAMf7>oUjeQ6-V|L2q1EAd2wbh**VEh8G|`(+G-r#=1h8)>Df=nm zMVH1)=rMgzDqB}u@kmEvc#BI*%T4~=uI1l+3GIexFdKUK_$P~#Vhuk39)u(F)>g$l z`8cXgQJq7ADwzRW$aC|WH>ay3&WkN<$GC+UG7Ui!H5wW6p(STS@_?~0Wr5C8woojt zEr(~pMmIJoKtqyH4522a`au~w&E?AVE69+J-6~L<%>LkRs_}2@lq5$_5{nu8o0&RW zXa_t?6(sDR5#h)3S9lO+iHPPTy|)tI#t!^flLDp77YZ4mC0r^5gOR(FF}y_AP$D|MD=XNp_P!Usb`*#od7Ov&fg+|UT*)BpI94Sh;xtTDZ&u4vhn z{*&pUUfLxamC**ekdWULX1It`x7!1XgO`VjN)*ibDIP%18XaC31N;KX4!MD6N=ZNR z<_3SnnpWA5=@Uq5Z-i;gXxR^n0Nc-hd+YhkLxT8xIM2(jVUZ6$A6Qe-8+ zPtG%dQP=My0}P0dDa`I?#=`PB)jWxe3k4Hk*3bHdwg^vG7lF$C^>M->=4x8B5b^mY zFCLLV{D7qsOLnsZXHh$#1{!SD_a?_*8XD;PCJWp}y}jvwA-r#Jy@sot4i>LJ;m@pE zqzO0$v&c!RjZ${_?1Xc`=Ap20-d`xb=Id^hP< zAKND@79)Ky1_PU7usOkhlEn9n6!wyiGCEoJtwo`jub>ab9bhyM{L$GI@vIL%{Tme6 z!xHP}UF$?tHPo1`c5i!jjO%2*8n5TACF@-+dfGI4dQ6Jo1+T&6F{fWf|9cMh^=9OUg>61XB*~p2ghm3$=z3Un`4yEP=-Pr zmI=Pvxt+%KS(NZ~h!nP#p1YpP##am z<=DPuOe*{Af+GlKMOh210n6l-P21Z*z7|X$$$~%bZow>X`tV(O1x9pwhMNQ~hw}!~ z9CjBtnRPha>1k;<^O%g9?q`?WH}W--nI0visncXLE||^Iy-tN1Rt1?CUqbo_zD@t$ zS_}_q-H#o*+t|CO5-I>@`n2zd2gTPMD~v=YqE9owGA|oGyh6sew5#1vzN9&lyRLW- z@h5XDKz6CTU(SQx@~`?I*%^0T56l*z5B)m7uT}VDF2K-nCmd#znR$Wg^?<+d2O}uZ zb=8~2`Ei##L`6FyadVScRLQ{1f(rDt43Gkh)+oIuyhp#iI!09oK@a#*dL@)&SIoVM|g& zWrKnfn_j>50JWhX{~Q~}i-z;2hS-lsO&I^l;y^}x7#OR+Jjwwl6vg|T#T4q(MpNDd z6EeW6PqMbeM}LDVd>~kSb*{7^4%F z?{QE|_%@9bO{9k9HZwB^JpiAr#nR4m$8q*)*FIC#d0glN-ct-~Jzs;^RAK@W624UI ze7z0LS^FjXKkI2MelSKD+l=LMuzaCRC^kPsopYUJtpC^%S&Ssecasw9C5WSh5dO2W zB`1h|`-TDv39MQE?%L-#yx2GDZ{KIKy^9ChkX5ZD@4+X=Ro;b_XFXfY%ug^<3;=Z_p0T?bZtz3n`3wX z(-QCJ_@SQgM5xQM0eRvl@bUOtSv;6rFt*p%Njz)7B-ep~0g&*I60?9*4#h;cNDM(s^uZK*iX-aNh)?IqQ zI?xr;&AHL@t$2SIKmDVM05Js;L1*}az{}~D8}PrnTMTy0H-7UfJ-UYQ`MmZ`Eqhu` z&J7&NsoMvL5Va!O$VIT0TPO1#XaRc@(oXWPY71!m#zcIPvI0)~aywxi-BWZ_#Vos^r@q>1H zWTy86RPIFZ(vIOt%1oJNdw6dcMy#z|;U0>FeHUCeCa>}SH@gZed6}*Hr85w9Vh`G? zd_q4`fDc!c*kL}Z&TA=UaROPh5W0N+i4)W?4QH_ZOlk?8A>i%2_>__7c|dzuUn#EA zlA&S86NejT*+K5(AZ2jt_{c`)eAV{Xo7saPs)!{U_5CsAhi6co+P4C#4bFJCZx(Ws zA7NtQ*KAx@M^0QVeVY2}6$`I@-dQXkmbqyoUUMYHALuZ->mTfgLvj z_Tic4;Z0UvP9SUP&xb{3>ks3Tsv328O8*?B*%SN0Flqa2%+yMGPJ0;a6}m#4X|l^G zVlg?J^0;iqu;K{>b~D<-?U2vK?gLTkBtT*LQ@pg>oHfo=O5JXIm*SCvq$)A9x6CO< zC5kyG#!~C=B|?GMU+&b|^1Q5~k7oLAhylGT^R?g5;o&WXy3Up*d5?t>Z;zX*IcV#x zRV@*hh7NVuCi&7Bv0dHOjk#~==${4e!D^1lav^GaKXgs?ZMRSV%lE|tvjTj_E2h4S zk=q)TE(G7Ty|;vz2nEs%3j8~@>QN43=?(eBCASHg-bq6Pxe|=$A$>aNrnt$;yysDc z?(23@_03+O7Nh`&Tv6BA!0@ZQt!>Rst_%ZjrVsD=JipE3(U<_!%knPqu*#V1=3pRo z*jk)j`wOau7oTA2iAoNkVss{J5}IWF{xMv~SP-eyeuQ|M$r7Uu3oJyJbEqB_ks>0J zfzJaM-*vJuUnfe>^X6G0X>u}HEcecfe|Q$5%MVHl#-(;Rpm7b5NQ zNT-@)MM}|#DJfnI88xkPpwt7VyVErsmn4Tq{quiIJ@;L1<81|B*x4)S=WxLucx8y( zUkL(vcX1N<9)7K@o*;)?tJWNfp^Y(F=1*o{a$)37RS>~uZ52h;w-xSxo!7wp_0Nsx zb`UTCoUj?1ynkwoGwsK88(6O6qHgwaoHz{_F){hSf8LVky8iuz2OA7!!5)%he7NQf z6CsEwf5!O(|HDAM8v86cMcx}IsQaFP*Ms1w@HsC3j88txR)a=%Z&WvlYmeesoh3K) zUF3jNDE6c9S9MC6jJL!CzuWb`DV4)ib-wmwVc72rmZD0@EV=e_lXo^liV#R?w16D* zmhT4P83xhj`W&SHm;r}Ie|0z^DM?k-u>Y!yGM%d2L{XLo3~s_wl4*jhmGqp*+?8?N z$cwUeBJV(aevh}tD3~F5uhsSuO=}^JlY$(l!h+&9gW1(NX)`n!)o!b}hiPh(h{WL} zQ$n@{C~9RXeDVb`w;v06{_97JGI?mwe>;HoR9QH--MFP- zUhkC)XV3ZBvZ%yYKAopQdj}0EsA;ca=~jvoM8WXh^oyjqT$t}ZKgg6uHQhAhBt2ew z0^xI|+w!UD5#;tDwYkmkp4qnTAg~R;h7RBJPN|}0gQ55lEz`}j5*m2oTgL{B#MyP& z-3N!3UG_4j@Q~17z0L##nfV{XS;lOynK})k3{zI;)$NcMqFT$J%wYxy=};>6OHO%jm7@`^5ggcV&2l^gxNNU6+*ud$A&qyk7}0z zD-q$iUH`;a$jL}CQ>9Kz=TE`>SmqetmU$50<-(4*oli_RQzE1l~_rz}P%Ao*P*JTGcVb#Yg$iJToAtnP1(n z>z+7WkpO8yB!M>~p(0>5xlJ{!-x@wd-w_LdoIfDSN0QV<*WP7jj^J-^D^e`0-aPj* z!$qx*P8??=Pv=4P9_LydL;g z!hyXr@JqbVFo^MY{}I5x$ODz3Trb zzBfwX)xWSlesi@O`8}4}^2j2a432g(ZXR3D0XMTFz@`gEceAEE{f8b+ zH%8*~M3z>zA!#KJRFfg9*J;zCWhPHsD#wsYz56*pP2;GIjc-@|UEGc_Z}GRw7s`JQ ziht2ZJZBAF7u+7Z2pJE3Yg(=5-%5`Zuvrq9&KgtW{)EfXS%q8MZtojK?zCR^UG{86 zz4^OxW!HFJfa7+aFt@~ensGN5R=MudbO&xr-#kH<=hVuk#4%>D{7igBbtk%YQkl)~<%ZDO{Oo$0@6iE@> zhgLL$jSAthBtw9rD7rR~!dDR#s+>akc+Ygm>UL-~aexR^PNY)A_+i4dS`J3z!ESHy zOLCR0T|R{7*q_&N04Ly`<>BL-)`ww|a6T*E`(9n;Ef!2UOhod-R(i#Q{_1_9nDOLt zbHvA_>bzOhkihXHr@JR_=9+3u_epc_B$iYKftTPQg6GHflRd_~gSw)kLj7b1@N@1TqbaINO7q1xr*xf8$b zUwDnRb^-tPZC^>Ea1>>Xd+#dZCt1fV{;IUd7K&Cn`}xgY2gs^&%xUj* z+47cdEAyqKdx|Ql#LO7ckRHZUX@k!pljRuHC00~xO>knrep*v@eMtnRhbAL~Vr6$W z_)s0cz{UhJgb0Ix)9SP3!cZWYezkKi!ffRe7~S(^ZuyN(_wuQ2v9(&BzFZ93MxN#7 z8ZTj+dOgB{y==7ouQslhJFWf&3!EH1AZ33Wj+mx(vPR;$lLJCAau^qy|C5UZk_840 z_d-MpUxWTJqK-OIXwL8NUXMwBa`$tWPY;(0vW*Y$^7t&V$!lk+--@zBI92RnH!lI| zj7Q($#yiHx7gI$Nl<%K>$_Kd^JhF4x)!MT^2-tJH@7;p>2gvDr@#K!c9{8?hHhZ1A zf61dZyMpjVUk%(JE@9Etr#=iw@Uol_U=022B>co@PhghmAPvyGTYNtEgBgxH$iuK{ z7lNRdm!ktY4NvML0VF9zLExA6%~`|h{9a<-tlRC+DECK!vqIDo!0C3jxvt22yTIfI z;z^vHrXMKBFUclxUDvW`wmPY`z_GlU;!jO!UP-}Bk|YI?8{tS=;7WVx8uy5GL1R(0 z0i&pv7FTuc5l7F_b=K@bbRMV00i8$fS;tYLD$nwMoWkDlCB1b$KRuaIL-z)9mHFq~ zrtB^z6ey+ir?oxO?b~(NITal(VbXO#q<~uxR1qW%TY&XP*m;K()q!2@p2{`gH@2!d zD$x}T$u8?hKSKL%-A_u(`5xVu5to&HXJUyaq*Bu2yrIyLIJk6q30iD%C}X9FxxKZ* z5LaFdAqq(_Fp<$AHVlD1lngCJnjF~4+%#u)Clth$A~_WNL_*?Y*?kh#)8n^$ zd0b)lG2-ETYCLbYx@q(t8Wo6IIDSP14(HZZA9Elp*|!}pSvmV?$Ty0dO@^R+O#VqOa9 zaJ?P4`T64IQEyITZoFYfvp;E~aiyXAZg!Tckr+8H;4OaP*a^9A!%(y7WscSro+EDC zG2MGioam1|sER25%4_X-M$=M8Njx4HJ3A&Li63+N?MgX_uvzwfj0vnEfLS_l^)75k zQ2oZpV?UEH_1uqkYo$|Jn&R7lq@+qjW@v1(Yd9`0sQmYyL^9{c=t`7?l5y*GfZO0N zv{DcsR!)QqKk544#1(-PEluKRVSy8l`vQ_bHo@tGbS(x8*S&5uD%>VN$Rdej&&e59yz8xuLA|J|&j98U=@4 z9dX2qb&Td@HR6cphD_R&QYs&e^FT;GKD>qC(bZeCa=%S&s7n`grgXon>bL}#imx&H zNcCFc-=)Dir^9LYsHNoa7To>I%Uglu(ip(6F&-orDu)Qk#r-^O-Qz!PJ<_9ZyYn;k zX8bqHC@uh{H0Bu$c#{i}^MC34*7G7ORsH(a57a%{Mt9WY{KXo^~bk>5fe z6lD~Z_K2_}zA>isGaUO5qy^?s22-$xCF2AKIkcr{5Npvo0n^H1a@c4PrY*uLy~ zi%0up^Zrd7xxzP~IQo!4KQHw77c?%PI(X@=zIX_^{C(W8H~tPl>x)VsehH8%==E?V zH=@?@aN!6xG^a#b?S8-e%SO|#>oiW!ch3)>)(=7y7+r5@`CqN63o{)scwDT_&T|65 z2?Mz~7URVIb863Mu$~oVk;TosWoR+F`^r5seV$8dGp zy}?QpOdhicmL;i=asAc9fR4(Yu{>BT=NVOGhAJs#OMY|hp{TtJ1U|?}kSdeY$ARYf zU?tspEU8emh<5{{XW|XE=~Qd2zG-Qm^<`A~j%R2S$z`y9!K>zEBkI0|5I&+YqkVgleX0_0ZBz5O9;v&+fs zu1f*=x$pacM}4k1Nz%K$8imWTy$ty}f`tNFw*sS*=npDgmgndcW25 z*#3ARV6cwgr#vUUBTJ&8%K{ZPlTrc;+5hp_KQKZj(BTWzI~i8wU&p8l(?{Ep|32Pt z=Nii-e&Fbq2+woPYzI~u6&;PCknTWG_0xl{adLmScqRr^uOJ}p!+J?+h0td)z-LiX z4oj3PgLa7!LRiq*RNwTeTwKIK31tTz9R%00s~St2vs!*`<4-o2-Y$KtbX`t*Xlr_I z4;sh0n%4MbI5en`awa`+CZiP_Ey||ufpM7hDLpBx3x@)`oOsq)g(s)0L%XE<9K?H1$FD=ddcX+1#cf{A|lHL>`3}t$5j@fOW375nA z^G9!~jK8g1_fjuRJ2r+Bl#pDwbV7rf0Z}8=8C!ur2yptOk@5uHy1McZ7rmNVazgZ) za+V~?8WUw*T`@*vLH)Aa#-iZR3wU{4eoz$Ju?N1>f80vY9iFX^_t{w=Kwn<}S-RX! zH{+hJJ3FBMt_(LJ>@NXcU#9@c#olck({~(0uI-eYleho(QqxX759h1j$K;3epr?x= zg>A6yvSK$qk9uH2rYBl~u>lC6$iMm+9r|r2F>Mu9l;lW^>4EUS%e!13BOsodpR`d` zQ&ZMd9nR_$X$1Q{=kEO0%etAn+k~dOM`Hs=T_$I)@(HSm_ugRgLo@fE4A$0}R=3=V z{%H$+CbxciqZQ|hm4M{>iK2JS+MQ+Un!1@+0T$A<7(dOC6*a+QJjnh8bL`_dq>;(<{Mu<5k%}||gcAT^9D3WTptlgzsN(mQ(GHbRJqvfX^Ca|$ zQD3T&`mrVV!&2A}ZKRt_vKH*2%~xID6mrGMetYd9IqiCen|d6IiYgW}Y1K^ZkNCIt zx>>O+?cEaFto9dN(_k`gyKy@o1gP8PsW>3C-N0^EVV0;rFt^-t$7b$%is%V387Xu` zbFKLVuI&+ZWPQw;70jOt&T|_$VD%mDTE!e5*vseOp*-Zn=y2qVr5;XE>&R9r9bh0e zV(s{!7U0lt!n~l>nj$}yc-x5!US;t`Vq>8uw1|GGXAm&~;nd?Vors4KSiYY2ItV7( z%oND^&pEB;$_my{R+3rWrBi3n<-{VN%hT@vkEXMV%BpR*Fd(2Hozk7s-QCi>bV)Zz zcSuNgcXzjRNOyO4cjsPwWB&)9cpwg4Yd!aK&uh+kms5nmCp1 zD`g>jIX~#OD-n4_0EPMP@LM}MYP`HlBF8icWWGbsz8}NQG&mA&zUf0=zX}Qnt!eP0g{qWZ8cAoCo zEVVHKj_to~_=Pn!uJ!R{l+r0YMwxvJ_#Tgsbu*`-bZucTFFfWJ7C`@`C|Srrh)`ip zPMgjok}@&Sy9zu^sBnKIL~_5~aLte_F-v;x)~u_w>0^O4guz*NoZCoxrz}xx%^D@0 zJocb4g_QkdDMW_*BM-v}XvX}|kP74|WfaJvKPS|S9RdgHlMkFl*oTfidJKa^y47x| zXD-3OyF^I${E`UTR00SEloy?(ft^|{CW@nSR!B2r>Zrsd(!6X^6pBd#eTJN}C>E4x zdNc}5nK61u4$^$Gf<^bt%-rU{KzBlVGOo8W)*+w*w$HDO!GfqAOKQZ*Cy~R&g2i$V z93+1muM`(DyYJltUoK$14&iox8b~(k5wx~>m%X^Z&G7&C$`1ZJ2JIH-{gLxc{5<<*ORWCo^$`cxAWpW zbpQcx06B$lmzcJqW!<(-XWepbT~b2Lh$WM!P6GrQ0)alinzTRQ;tyX9MrnL*1ZTpU z=Tl5_e8BQ9F?RTtZ3`BUAtm5Br$OJ{rO|xS3>^b>b7~U}!Y>dtQ+!r3n34SKyNnZP zeqEizm2HCqv106+I(RGBE+XJl4iJyz2kFt$-Vnb%m`A7se(BHO1!o~D$S<^-V&orV z6ejHNo@;Vu6Oxu{LD*7WH_lW~IZpIXazGC-<50Hl7~;F$kr~G0hkMOS+7n0ryeq>> zbANLIGO^dbTyO_7E6+L}&_FZcK6~ZhM~W6vtwT^2&1%$KH7llNhD&};xPfD{)cH-- z@zu9vw;xo>oIQFZZqZ>+$Juos()^RPcaEho7IdpGN;Two2X4INj zH#(W`CPMB-X=XcJfdu(LoYsd>U0()7{`htaaXBBRn3p!6j;z)(vtOc+3>ozG?f$#MPe%Q`;6Bez+x|5SN$Qpq|*38 z?3fPX(gn2=fA?z#u2K@3jrQcg`hL-<#}1bgC{-aEK=I1NjMtDMB-a<|BmE=rwMjeD z@aAxzX@7Yf+~uf?+tqzZn#CNM5n1GzQXr_WxcuYfmsa7nRqu>R79UUwEp0{v1dy?x zqzA>q2}UQJE$#Hc9aWJbWPY3IJ2#F3ncd^A>aX$B!JeY~HP1lz^Y`UU*)%gZ-x&qY zX~EAO1gbi2$Ry$!aZjTq4$X|mJ;F?ZHm6&MncnT&MVym67Q}ewy+x>zMtMSE zrhCREruLM6dVcs%A_bo@mEWjWkYc;S@8mgONM$^nG1pN95y72lmlNLOGzt`p2L{br zKpm{GBZH**tI_d$21rl`DMowY9qU~Ux`oxQlhXQ|+OmB$G=**f;T=lHdVnCDT_jC| z(U(wvuJ7B}9wIRyKC$0zDoeplftV^9C|lTP*nsjy^kQcI#E~Dm7G6n=F<~Slsf-h( z99Lz$OYE_hHy<_qy|$RAFHJY$y0?&^%H<8W!21&4am-NJzh8U&imXGw)+Aba!Y|#Z ze&!iv2koAu(cT*}zFG9EAPLtGK3}#^>IzYLkRimev8oclUfg^z9A#Zx^^iO--y}!T zVxcDYmE?Nwg{4xRdm1oLc48HV?E=a*n|oSyJZv2AH((itCo4x+r6cXp;Zy9<$osxN_~WMQhE%Gtas4gS zNc&?M_A1Zk1{J8YPrd3&u_bX__pM(QhdsUcS!F5Q(j)M=fBb5>_flp<`l6_`O-j$6 zC_(A7XeuIa7IQfXZyzmBIWTT-0-iN{$Z1pbM?KG?Cj*! z&A!n>P;~3V&~cKCv31ffR(36SbpBTc_Fb9nvf^w2&IedFF<@lAUvuQX_IgYfA)d6o z%t6QAhYNJqoF*V1dqFnOVC78*91|V0j;~Bm(%9KV^%4Swf2-;p$!H9ST=$Mm zUiTcFicdY9^(Jk5g3}-L%`+wYfdXte&C_l{vkwazdj@=9!2v`t0J$Z4Q+`q$4Eqj0+}Iq)sMFR|)=t)w6Lma4)w<5l-T)P7_HUdf7dQMF z611UW#Lsn=z-H#xqA2FCX?RqPaBl)OeNvmYYy1wn7us2Jhas~V*xd>_cj1N3-+%+O$u1s;LMd7?$6OmC_+#XZQgw@zVl}^6D6)E%bHW%h5^vY zn9YHlf)a@EF%iN0HA8dahh##agV)~cgHs!xqxN+IhgveG> zpusAfI-rD$Ns?|Y;33@D5@_gu3!qdlK@xX3?h!?`mgMaaKX1(_IWiv_{s9ybxvW|P z02p{?B!G0Ku_}W=Dhle#;mbILX;BJ>FiK*^wHSq_EJE7lsG@%a2q#XMU8a%@L$!eD zbHFoBQeQvH8;#%$%wxd2=C3Mf0pID{DC3(+hEX&VMvTXn<*GJnRlm)5 z_`D@|=;}{5q$^8Ye(Ur~24~mV!+=DNl?!uKcEhWQAeJ{E<3m>Ph2fkjxtc1 ztQF|d`%+`w%X8yKLLHw%@);j^*9vkB;Vm$vdrikWf7T$!q7{rM4PWhkkIK)x(37q8 zk@`0lW9I?$^-&v|;?+pe%B5v(xS&z#zW$JOLf?63>)tg;tQ$DWd9tIT5Tt|Z7HTeB z%@O~yiG}U-s;-+>zW^lSX3q7v9$?qATnlCVNs0FHoo9CIf$_L>{ZYL+Gd;Eu zYo>ekT1KD|4&qaLk?BdE`r{%57VCOWi(A?HhLNakiw=+q@qzeWCs}<8n#--`efsrh zv%K#o_G85xz0e{ZfBri9 zI9jM~U%F{{wjrvfgfIs_&sGAf4_zW|5?WSgOwnjA8&i7Cm-pSSXG9v?OMyk+Xj|uI z=krNflEaPr&a{NSkNw{VQsBA%`b`GtprZW!^S^$ap-}pd&8FQ>^y^<>s-~o;-+psH zGk4Of@gw!dur2W9HCZaQ+iOX-S6YLYp`xYLJLn`)uQnD2R>&!AkCjFXj?4besFEV! zfaz3F?)rPQID!2M-+3)nx$?2V57aFHS4GT}d#>v}#*X~MdH9f><~}6(l7ac{$52U7 ze=bK2_vyS7bSyfc2Ds3K$x3G_oTBgn9jrnA-rWiN0v4v~R|YdMJIk|%nyCIBtYym$ z(E#cpsDKH}?MTA>JrZx3O}@<*gZFcKcc0OEbo6xmN%tCZAI~-q93NUlY??6)5V^ARjngdFV?_x@5mnktWEDAzk zlwt5MX)%(oxDxEiy$RuUMx4iuT$~Ngli(+t8{YuW#tc{b$Fg`d!Tb6)kw&AAkj%2a zuTY8K_$tptz1~hV)DeK%`@G1I@F;r}Jcd^2Z! zZ++qq-_Y5Kp~V=mSW;A2BQKvQ)2DYVTWz({KsDJLNf``PB4;+48=0vA|Mc1R!*&JG zl;2!-kc)T!!`^$TBw!)F?u~!isGA;N*)~uzla7y%i%(F9%8ZmM7fOg>To&{DJu+gr zs~{*ygpR&jG;0nF;y^XE;SR=T1(nHj!>GU&>%mGfa|jr+B%rt`s%!WHr$W9;bhc_X zkx(1`Z{g^{aR#CoX}&4bdXXIDn*#E6e%PQlb3@MGs#Ao+KWC07D8U^>E}OQ4a-i#F zL+1}61x2jJNttCbEq}zY7WoQF1Foq)+#R(qu^l0$`Y!Or$$tP`haB-a3-R z=ob)rr++I>aP?G5f4yx#*1PMpZP#R4W8@T*wu0(sP?cUDn`G9M{F{`3gEk67v7_C%`7v3fP{aulS5(Z_7Y@5rneY-r_K0M zQMa`&?w*H9_64&w=P{2byp0H`bTi2+c|96vgKRx6-#057qqj8=tUP0@Ojz-bbq$77 zFfW?sP%bOTl7oOGxx>rmAn|`_S5Qoxzgt@^bQxpo(Hc)K9Z-MBN=M$ydAYqs)fIpX zbL#36{O(loj+K7jzncs!<=9>>wC!t@!yy{+IQ(0Au|Xnt(IJk%z71&8B^~*qNRUU+ z`I1;+?nR9@a8G}f$1F?p%{U_YZ*fh$-f6%ZEY0@2f6&oZPM7*4$1}C@@(Sb6&sc_^ zto_yF-A{Y{6!Ct=Xr$MtqYdDtYyUnW^7rvNzZTMr(5U?lddBzg?^t&kMu>FO1V)xx zw5Q(I%?!TW>?kxAHWorjlyq%vAR)844PQi|=g=Xcv3Bv4BfTE@E#TOJMvLhoiR96! zfacmdppW-*zj6)JU{yLgPGUDfU^W@cS+f?*2Sp**<=MHS8GrUAB+h$5yT*z$XFcqh zvu`5wiMml5AsY+!pmMh;CfL>;|D=KC%9Nq4TJ$9IuM!8PO2{dD|Dhl#mW3{-Q|d9lMu(YJpMstT z*53-vzoztbe;-Un(%CaVpS2`@K6|JC&gVjqSo*cidcT#39}|>Q7f1}N-xO{n*T^b( zNW3xU{T^sP_9jTR=7w}USFvfK%l9V`-}4Gpy9~ZEXu$YK`zNVedEHR$@P+STmu!-+ z*OQvoPZX-!jBd~WCi`)@3!Hn;fLaw~nK-&Jt5+&v?vORp-k%Md*VaV%p;6LgReEF? z@Y4WtFfVb_JO?fche2V-CrP&?NLiCC#N|_8lHyYt2x1!Kd#2AaS~?+$y%h~b+-ZMr z@f*uPW5!JM>WsMrJGIayIXUmPw8?I7cJNgyjR(FnpZsJ4N^8^Qvl2b{#?u}{CG(lo ztk`m@r=YyaQw!Uym;-#%Us$KfVTrp1R-Y)h#E?;WLC+6mc{@flvoWJAm4GnwAS{(0PvDviVQJ=Rzvw1&m z!wU~lqQgS1^B-Hv@*El>a9S?@jd0)Ku2d{mYcY0oZJJ~l+Zw5A(J&4*D!hB|muZX{ z-ZeG1rcg z^0-XBHYJ%>b2$v~v-WE_-m-FAxwX>jxSXkHkwU{)=r3X9P|5>#C>vb@ymW0KQ!gbI z8#(YcWsU=P=c_9hR|A9NoEFk7&)dN3?(I6~HjT9LSL0IjbXi?zp(D_o~X>h_!{@rTAd6kHMlm1ec_Bmgnnz$1%^ozVSN(p2FS`1)+A|+nb*B>^W1m|mJl6^$>TE-Dl}8G zWWmP%P>tNa$@9%Rmq9*(L1&=LCf;niV0vXHX!(=~Khj`z@V#(*a6?jAG_6=(@5Od$ z^yYy?V9@Y=vp-`CAlyz!* zKH4N!)*7G~XA3$uv(sP%vB!?j)m*)@OHiO5z=`p_Y{+yI@hcUKI&bx0`OM<5DH+W~4H|Ns?w~$i%6V~#q;cLJ>yq#e5dO_KqTbhbVWh}#V7fax z3jW5_IOK9sys1xXfbyKlhuxl!$PuX!CA4)X7Hg!iYala1F8@sZ=U&Sr8O zPeW*R`_^tmAu!RPGkZqmrgUAaAEQ4=zkJ6!2;_gcNM{G( zKM;-X+L5A2N*6?D>S}BA28;Mc%#F^-rH7ZUyDV8&Gvqhn$Ckr}TU&5zav_r;!|0cl z2o7Pu^m9`Vi2^8m;WVl=mW1*4K^#mO_HSwG-#Jl&KoVju`Pnr|2rP{_Z)NsIX;}miyh4~cOay<$aCCT?HFbb20#1}z(4LKK zV^i!_YAruI>BI4<%6u2LKqfVUGK7Wg%->`IQla?cCD0ER%^k5cGn~f2lyAm*D(rYO z7~wqJN6%bu6z@&GyKAtjcwd5{IIT8NP4eKduo#}5J9KE)PvVCK4jetWyELrGp=9u} zmJ5Ag&C$_v#=blC1di{0f;{#-82NCzZnLl55o1`vA{!2Q>z3SB8eo+IF>e~kcXpeo zD0UJ)eW><|VOPzvxxU!4D^JZ7Vk}OF38nUSRh#ze$1J{Tv-SeTbMr9$z(l>$1;~qV zrf3ZP&`+zlg>6l%@B)sfGmP5>{W)p_xl;%7#g3%DZ#5iBMwNoODmAvZpD9^y(L#`q zPM|U9QzTXUjpxd=!k1^q>agsS8|D>{jtV~>RMYow&Z^vZDH>_FqlCktMe~VL(V&V? zKi^oG?WzaXejsL-c#)T9@R;ZOD8%dEUa=RIJKD_vs>{o)31ia87vIhhXC2yn{=>ux z4kIpiT27?e*$7J51NgnGL@hduU@;;8e?$;n97VViEtF#dRMms4O%Vbdg5-tbp2!If8O;XB?DqXm9nOd87Z_~bJCh<8Q zMGX$j6i+i~(uj2HeXx@Aa%(ABtc%5Ytja|UK)ApvuI<6^)|V%{EKvC4*z&OJM!P$O zi(zaauXeHfT=M$r-czbgi)SQ$NB55Cw62V%9%W_%<>|P??g&^1P~QRkgRyIQuLe2Z zueu{HLG{~BB+BJ_|01oaqWW5{my8iBP+J^#kcZ8N2>S6;9=69me}4P=kqRxlqynnE zONa^E5P0I3WlXTbwUCLEqlZz!>DM_9zmq`HNfsBF^=X}X?9uYUT8Jk>_lIr-{|nPT zuA-HV-uoX5fE`PVr`el)sz8GwMfQ5g(IlNBO)klWoUKMfND?JW79A>z1{?h7ej3=# z5gS{CxAsGQYwWo1f#}?#XTC!Nb#qcXg+R3b!79=Smc)vI-;r$^;=5 zpHl1P1_c)E5;w2w6=F!-SJvdNKuJA-ZUdy`pBn!)urG+7` zqb=&{%P=LDY&veIw6YIZ)kf6@3?Jw~$Me5Til2tL%zw)V*9k@~7iH^iG6;D`mdy#1 z4`S`s{UR^&>G20GD&w{`D%wp~lce)O{ zpvs9eV}R(~wV&Pcyc4COIy^ijNgYklv=k#rmfku&%&(}xC|3!^h{}Uru|{0fiqI%D z7`T(lM=7k0z|`?*Z?)Xq@|3r@RZEBWe_q+K!(uAtpiT$(s|T$XMUeumLaNDs&*4lN1p_xlzH@t6}a$@TAit5ie){N*v!04*aCn3n%XNNNU}5DCWjPr_y?l(4Jvk zAe$*kj6#|kq@+CW&+!MQV*a#SzaHhlb`nUk&Rcl8#t#>(R)K$g=l6VqQ}MXq!#gGE z7>`Yn(o_n7jr9fU-BQmpFY(@9Gh4v_ZdbgM;39lXy3!W|Xf~Na@ro>EOY@uGjick(F@GE_2$JdxHo6Tc9}Lv z3VvrBEC@FE59g1hYD293_m{*QOA`X23>r@D*r@}4KaA4w1dLA!=E=W0N0;EgADl(_m}d89ZU8ZJ zqWP0i!~4IuQj5%iYz8X8svJ;J8g4xg4SNU%3`}&9f;J4cC#rJa`Bf-8&5;f*mwm>k zWoeSTwOTNbQp5_D963rw>V}8|gd#vpvXloVKaQc7*vj)8ykI}$+OZ^1KO;e@*f5~L zLLD9-cljc;*)n5j;+daD} zdl!tzG~BKI1mUl!m=JF7Jo|hY%dq0&;oP9i`?~TY?XBGAV&nac!0{Dp{TUon%K@fT z)w{>G-{UtR)5OicemwrIU+ImP>Q+(Xc`-h&dz7z8bc-gs01>H_lJd*3<+MNNGO8E^o!liw1B#QD>lCP^oezSJW^M37Lj;OosS^(y! zi-B#qX^<*#EU%AcWLnLb-{QA{Ns~5M^>}PaQk(^72*~>~z8~hr&m8OhQE@tZdnEc!x9n27>E*8k?Dn`g@S_pD7kAuJw!Y-0{+31nM zZ=}D~KjRAjo$syr*HJZXaGRgS%;lgCL_A-L6ZHKo-5y}3H#seh%$mYZYP$KVhI^al zFf~XyWAK&P7i@3UQuFGv557mywd@XhX346>cfST}MRP7n3bNQH!>?)RH=$HdwbRt|MSKOkC#2mipbhK!OD@+5`RHo;v{D5#}sShFd z07he!oPUwUf|D;OUWa_D1*UvWjAlnvOlWH9i_vV)%SIKoSy@6+F?tdg9^j<0;PXht zm&3H4$8d1_WIj4~&x;?4j1V}uclFSA3i;eDRZJ6uk}nl1mHY2!jb6j7Uj1w~Yf``E zXXZN!wg3-0-|Fhz(*9Veub8$Qf}eqan#jaNnbm)o4=vprz?4Ze$OY4r+yx`m;>Z1d z&UXVXyy$1_Q$mfiul)MA#qGvRuyqbO~zw(#)e-rJTV&9pxMJeX9{ z=z5VZF|_aPucePryHDwIc-POY67!w?d{FVnjIir8y||lGosEx`Y~A=dUADjP7C1}E ze%#Z)m&;RDa~%agxP5VHshXQ1xohkJ5)D>$WLQv$kR!L892M6Wq=}|N3BMdz%H+i` zf*AQ#ngE(wFfJ~y)^!FOuLdkeDu7fH=?q$sw6Ge;m-5vRmuAZT{%2xHjvtF~Di}=)(4s*)x<G5JwGylTve-p{k=< z@t(2j?@sicyO=QA{1sG~;ofSC{uvVJKh}L4x-@lcj+UE?1Or)QTeBCI z@ZJodQYvGo7@xF_p4u(4=yjwzFolUxWswS!uL$yB^qilPCd%j)*BDf0get0EK@RTL z(0HF>HEXO6*r6-!;rmW*i4;#|Phtxq1!|@3K$~HP=)=~^lF~0TvIxb?e)Y}Bp=}W&ED{Unefz6IMdPAbji`Fp)FKLkuQO26>9zbC zuLD;~@fv|*CZs4QM497LM}v%Q*7~I;V68giQT@pyl&{XH1OE_TBiVJm;VE71DD$Sw ztewA-aCcuc6!0qSd2G|Z>-T;>M`YxS=*z*iT@VD~gtI`m4x40&c2CLc>!k3k90rzhW3&cP#gs*&FQX+8Bq6w`A_2PE<{&A`Ll)eTWy2Od2sFJ?Zgi2u!N=4=Z zrIY&AY6^KTK?1~|n5Zn3Rl>+ob$Jg#XKmNIU@JF?I1m5$-vbD#i|p7?E?u9Y3b@du z(7SvxJ@`U(P)se&`?fC?m5uPGgc@&ozr*Om-`lLgoi|6F)9KZQl-JBAw}Ab$=| zx5Zf%Q5}QJnl$};y!OoLu(-Kvl&lsMiT^-?L-6|DhUb;AoS<^uOqn(j5UBhWp^|;! z+?3GMu|Az54`2*QZjnR*_g-3LHTE)W3heN!73T3UJLg(Zg!c_*B;IVl5R%lXsuL}Z zZMW94#CV#Vl)c}lT9wW-%f&q>qRh~W(eDahMA3Rl*X9}zmmbIk@7?0`v14_D1#<;R z<*L`~I5WpL%PevV3R0H(u)fjOe;YxlgZ}O-gk77ajbs=?#m=RSA3&-=xg%K^3-qw! zw7#!Vzq}CwMR)R54&wcJss^>+22D_tEFBG}7=b-$%?dp!aTJh0^9f3&-bj5unk<1? z5y?SBA8W4s4XLBUPyieD;mhM{Qk^Jvx)_|IuU6hCPE?^>1qCH`bPE}hn7r;qmegh{ z`@y^|L&ZzRb?(^w4!45J)Y()D@#n4!P}ZixEvjVX{BS;|wom^ye)X8TCif7&dxC@U z!95!*rMZW*-4S~`=Z-C3;&-_d>#+}q|EI1;eghlFs=k^9t5jF^Es0^FmBpA zQ^jxlsEnz!GaTksSfC;_CeLU%e1PVROcf#iLn&!`5>7dTy;Fo4EB0F|8+gX$3xtCL zSh_&bY8(Q5>Ew8kD2SgWdvbQJMHQ)Wf~af2G4&Zk)rWH9A+LhauFXcoP+1Wuj6>t6 zW!In7d0p05g+=)69cj(eGXx?-rI~=L2(etB<|QuQE+n8G>zPvFApgD$A21cDssgn` zhwp(>*q); z6W+A7H-97_kLtKOP%a9PNvsO@LRD4NRRmEE35yKds|d7XX)?XzoiWBrk-NSvnn;j} z>9l@VrjFpaqC9bW4svuOn>p$%`7UaDPL*&{OFw9sf~eyi<@$^pzR32}YeS4doH?#< z&w+fcu+@tjLzxXKX4EX1FatpX1FhMzMEs~=d>eGR%6ObvEexcv$4bNRiiTO1u?0l; zQ#i=p19~Ym!?+NL;0@>kAoJ-+d3B*QT|x@oS8@E0Ou3;w)=UT~c`l5&)u(9_+7F-X z3Uc4iVquFa6qvsgSeB;n!pqcluE`nlzXc)#`E;X?N~mY-B0Sm!3WourWBAgkkz`mj zL=;PqQkizpuKL{uOFaQO1j$HS!77Hv&I+&cSzc(967>yT1vgaJJ@2mk!6I+7uA#?&TGFw0=w4L|1-jB2KK&^MX zzx#$zX$2+F4DWZM*F612@kF(NDNwLA<&?4QJyOP;T0VF_}KYDe0uwoXpWw` zuAv?k;c-}K(>EZrO0C>q7#t3oSz~(Qyk=5gT#*vy&dH#GbK;w{gcO-^dV~m{42=?L zhBQ$DGvSxK7+a8xIS}Y*Zh_a7M6gBV5CefUK?TZ#qMaS1wgi$TzDU3Z8&U(R6p)e@ z9ri$F>ZmrWag`n8k~H?UXPfZ``jax7J7=5OW&3mOuXD08oq9mF98Rrl>*)%_h4vA% z=`k%A15v^}^Bjjc^B?@QDhcW!XkNBq`%)IM| zQH=YcFxB1JA(+`eTuE>8?s=56_OZi8 z^JB&w1j!XZgdxN=S|~byLg|-*hw=JmS`H=H-_-Nnh%`QBFW@tANd7+0)j)1v8D!D4 zaC-HPn=@K+c|7lO2qM8q>*Lp=ii+&p$alltR7CrSOMWaz?$Wm3K#c-ThCnH+enqKx zDSI}vT9rn5Q7>GwWdi;<23Mmcklv83Xu*Iz3S5MZ{YtirF78Tw7Ih%5u&_Qi5X9r(I~Qa! z9C+hYnOk9G13JoX`)OA#LA*ziIvN%9lswB6TSCo^!)DbrJ1ePxVVc(9pVEA|V{gWE zNZKSFqeUlN9d-VWNSQU8T0P5>&8pVm8Z(h4!1JpO+Az#B+Ih|sInd6Sx;*Ed0e{W1fW8L7beJN*e+N$~S_@-{c>^`=#>O@m% zQp9mxk1DtIe&+tGk@vlV>1Q|Y>K_ikc5!j*j#}5yXi%?FT#Qe}h1f^%1u3#0Xj>L3 zokR-lb=k=-N1gIapv!M^g*^m?03S%eRGGtYBcx-&LL!B-$%pvpfe^1DOpM+0v$!v3 zR!`PgvOqB}1_s#Ty{+NHk)yh`A>>a+5KC0gaM@k5b0dXM?Lv?3^4T$Er zLb(Nm385hc5L4GR z2u1G|^x>sA6oI6gxwyfS*loJLDD4f7Y|OJSo_i@5UAO`{E-)fWyBzCh8DQn*sgFn1 z;?s-XYmYS5hMAtOXZiDD{8>{b~6edw3(B^ljsqkwB|>h4sj`L{4Wr>#u(8 z4*l2V^NGJV-;VA$p&^muyQG=uv(}+fqx$h(zj;@t-rDd8K9|f>VZb`rJovn}-wC(7 zZBYRoWsyxb7LY>8ip_D3+zR)}9>paTQGY<-EW|9|vZY!Kwq(QqbzS!3b*&<{2DuMw z9BJ-FF7)YF{?jLT<(0-Hj8%<7rV-IM$z}b z96>d<5JrrLcPed`A;yyve;KpaoQ>IY4g#o}5lz5zgkW`I zPS;_7+H0%gEJV3$3W8o;urPrjQz(!hhzWWMf^wg*h(BpuUmHnh4wshgS)L9gq)y_p z=f^If6Ck4cu_on*GBkvV?(0MN#Q+-|anDcnO?+T|^k&iBc51Sg0+a-PaCjM^#)bsL zGr4jT*ORI3Ni;g4c>2L*8ybR_&eBnd62XF2+2R(&i34-@R|1SH z7piR$!biDSXqKQH4*@#ZUzikC!GW4g!w;sd_fK<4hUJ7`nhcSt%+57u%_2>JR)RG7 z5At;4SV@u)2#iqlc*-oAf?!g6U@2P?j$J2)=k_Y$?Soaj7x#X4cqWp|p2Ms@H2lJA z?XQoKJ|@MK+?_Q~LhW?&^6TC6o%Y>xqbu-af-g1zXhqKM-sv}C6meL zcbnQMeNn{s+Iq24yR7AXTUm)$7!7=&4-J08axCs6paN3|{-4fC+_DqYAVWgUD40T{ zxd$VigBaIAWevov`D543S@vIZb2(GVY7SSub-0gsH}%t$7@@5X-S$1(2JXHRu%=9c zjl-funfcqN6sDec>jRH8V@qy1oXH2WS}j90Be{`0{*{HPjReifbBH>$&s7iFsgFa6 z9j!8Y1vj{4T}I&qY>EyrGf)yztiFT^ zC243VIYL52RKwn(Ir@SA$>^255(DS@9Yz$kYlt1P;jUXh9y~ogNfKnB$CH5-9zd)x zCjnRJG?NTBJFPzZ!(PmbH}`V{^}9g+_j=2Ozk07+)_>ocSDjinGef62-`==#8Qram zxhU}?rzaU5^fROiFWuaKahVSl3jtwqR5CKafuuz@A4FYl$Q006n0R!Q&A1Fk;8|A! zG|t*5vw4#D3IUchVFLry&7VG6b`HNK;?Q*ms?%YCVP2zM zt8eM?FA8AVb|gv&l4gdW-qua7PRd3ui&CPI#!3n(d9ePCnV){W7 zPZmW@h#Bht%tNx|X)>~=p&l<~!m!+^;$<`?3H)($)Hs8N#nj(3BqnBAuXu6BhT^|B z-OcA0o%QvRC(vm(kDgNCQ*XP#Nimr?hf-mEp}YN=VCV#k7A?jT(tVi< ztpOGy22$2O`qw!*uq1ioqi-;$5Q`1)&?#U~0x+AOHLUs#tb~*-fTH#H)wRR|`{LF$ zs)r|Zk4?BW9JC{w@-Q5m9jt05m zhSx^LwefFG?OJB0_dxDYyLYcpTM#y+^;XbnM-+ zdU^-hxN3*`j;q3I4{THIPi%EJ_Y-v)4QV3z?*^^k?V2mHQb0RAIiU{qUbMt$ocHUsEHIB#yZOB^7s;m)Kp13sctDyu ztYB2DSG#=K%q1TzEN3a&BvCZ)C#0yTz3!_O2Xpf`$X~dwzJBu9F;+Hz!o2WE6j4asxSx25Fd=tUoGt(=UQ-A>UjOk zw!Os2YxOsFjfE~SU&1VqtVfOsFi@xe$0(-Gkp|~`FLx)#JZ2&4I1k@QB77Y95>o@R zl~&5o2fZ;h(bA-UXyl;U(*D{o_e&$Ifk?8DjC`?@d%i*cQ-L3;fG}D6ca%s#inp9n zNE;9FXoK)0 z7Mo8PT{w~5qgzPCHYskVOdPK^+iq5bvvOo!bnxv{e?|=_J3Kk+Nt8FJSE)6c)&S~3 zlX%-AJbtm-Es1Lnuc3u-x;4+q15NKKf7I2=$uZ8`z67p@&94r++jK|~qV-O4ptjlW zKy6n{v~Ox_of1s4c-o9{>@uX7_t9T^xrbq_b4x$}Zic)p^IJ*>@f>jI*#_F|;5s$}7G zPmXY@5bpL#B{K%J-|yEuek7k`uj}uCnk<+t-?@4!#xGWa6gTD?4i9hYsKM2u)w5;W z+`@anqG4_>7D+OGLt%h^Bl*1Y<}o z-N=k{e^ZyDy90&m2o%_oH0Abedeun^)FP1CJG2-PBJ!FR$YjAj^U7S_cac^L7-);U0C9PysYYM@OUv9lf=-Stanu)#0wXA1d@j7+LByaZ?sI(Uk%21 z&waJue^CT=#g+u8{N%me*E9Xd>BbXRAL+Yk+t z+cH$nz8ED9t~IrA^;55lcNCOx&X9^@~=YjJ6t~T*bVan zFh~QcVJ~FJX&l|))m#HX>|oC&MH=8)qOQb*`t7+VQ@BPLcI5qY>Pye|B{HTOc`a7C zSh$LBlgfisXr~@L#AKN?2T9`d8YK9gQ)iC(ucPezV&vnjmhK!%yRKgT?U+nm=&+1- zQdoHtuu?ZmL8$@|axJX_wAAHtJ@mw>FMbuklYww*>MC8$3h$LmSQc=V7?e2&_L*+n zS{^R`Aug_9Wl?|#qmips=NY}nXmFLeLLSkOJHCPiQbks}!+W;jW1O@RFdNegl+xaE z_Qzs*@X|T_p>{|xhYauq(R7ZqMHo*vqyKd`5Sf;$bNd9Yi+GJmXZ*HuNb0^uwr~mE zBpsq(9aQN~vbi=&qh1qdri8OF)e!Bx<`R8&W_^?3W`0y~DqlMFjwr42KNjHbz`pV7 zGO+Szso7T9bVpy^(jdu5=fT#92o3~d<)6oC-S;lwh7a4BpZE&lemfER2oRh5_*miq ziZbQ~8?gfRZ~Yz=lqi zIj*>CDUd&zHCM!l4F}Ss1+L!$fI=7Upnvdq<|_krUxXaTCBht|~t2WV;I?WlEF%3dQ11BEqr zch32@C-Zj4qxoWIknKxi@jS zv1z~LLgaq{o7b^t^?sX%*San(bpenam#g4@v3lYnhDWT%@B9Hmj1}?Bu;3Uf!nw$7 z0g%o5+-%{@siPjRaW)rArS!3qWRF`spVxWZ_}W=qP)Ra#r9M@*Jzaevz$-N}L=Py| zy_Q55&;~2dF>Efy&U*y%IoK@EHc|^S{MYxl0XBPgN2y&wrxGt;UjZ#k<10C{e=XT~ z(u}MQ{ddS;*qz1SMQzWe*fV;~jV9OJujj7rVQxlx_beBSUuBdLuy;iP;Js?yZ+u#e zFEM+3F>LxUugk1gXTF<9K_=&?-e?Ld@;Bs1h*UPms6?`( zLK@Q8AS8HK)3j;=w^~2-9})R22DFDMZY7RXGe>|r6CxUV|4-+1!|#5L9QQ=9m|?>* zW%z{iT8(2_Hmfo8Ztga(R(-~eTRDP?l62NdXZ0>Pz_ZNlSOH{?XX1IDI%4*;Gv3s4 zh=Yd3-zlOp28;#>$R>0hSBW0S+=Yn*^Z;jWQPGw`@P6^UYgF0(g7U#+uD{$lJ0Gig zx$f?g(2aT7_R=ppA9@KVu(Gn+e@HNwQ2bC*v&`ano^YRWT_))88Y`W5OqkTEO~5{o z-#HyGs1Ga-7=h^?1|vBRHiVn55<9k{{v}vBze{t4lKvk}Ul~G8ay1To1hu?p_pIo{)dc5zMJy-2LbkYTrZ^hbKi>%J? zAnL!yjoxPc83={sbsZdKlj0UuEL42`I=OKLp+y84k>U|JEXZDN%Am{3zD0hvI}l3;L$Dvwg1 z4ewnL#ioPXc>`gEG@1-88L_^YNbC-z=m|FAa_=qqWGcKLN?wI3|!=QVsM?o76e|E1lf+h9cX-kr4E zl!4&U-W6t*0vX@*p+Ct99jbx=%T1?fK9}Z}@&uwIvVz zXQkrzIkY^{@bXVu`qo(Id(*2R5)3m>;;JY4+;lWX@z1_BjnL`ivU4ZY_=i-x4(Nvm z9Xo|IV;r$~lPRpJ21a76gwtFQ--v2>L$x9cvt*%y@6d05_M7Z2PK46#DHUG5Z7wn6 z=&585uQDgQ`xa=Hn`oPv>A0vEQAJ$T5{Pd~G|b4TMmQNfAsSJYpdKL`XON;}!wub* zDS$sENu&Bui<08v@5t8U!TgeFKsM?!a?A8EgeMqn@ypJ|B}$DedVL7w9F(6QFNouN^badvom~dVPjLle~M>7O$8Re5PG-ls9!|X1Muk`+(44YK?(^ zUHbX7ppDJ+xcT$V!Nr|Sek=z!XY}Z{tw+mdC9j24VI$tD5L0b(Uj=05c)P9cvWQIo%6=-atWDZAqx^Qio6bMbK=NOT7k6ZJU7g*DpbNB;an)I8)o43tQ)#nl z3IILG@l7YqexP-{Obf4$UEu6C=lj7_S=7SgZmjKCd(i3QV43123;p+zd1b);`&cA4^xCOKQGXvh0^>{oEUykDrI#RxfW1~;WbWf4D$ z(8S;01+jbHhm#qap$-!lo8h$b{B%c{Dzq%klhCnT&)l!( zV>A_%WB&Y;_W0gh?zFlji)KR3<13V(8;Y{&P^VsX`KVV=%rKJUm9HpF!IzI^+&*Qa zavaegRq>MMSv>l*FSUV}e*XO7CR&DuXM2}|cl#$1wxS@i5ARM!-DEGSREHQbH!539x;$ayp{i_!vtA=2a66xRamkvGkMFbepBOvWs8kcbkYB$jK}%V% zY7t}R2PX?gxKD4Ajl$(Qd^C!rO2$vdEQgIJ#NT-Sp3>-OA)ey%M*RKmXhKglAZ^!|a9vKL0EFV6fcf*TLt?p@zREB$VRm~P6IcjS^+Q##tsrhWa=4mT<;tgx3a0{#fHi4lMZaPP7mse?}>Edc>MS`%8jc z88fke!xy~=f9w-@LPu~f@plpG>J(``Vv~i^J6&Xz365d4p@c^d$_;(K`56ja4Yfui zGC9=h*aJnX&-6j6h(_$@^P0lc%1Xb+lXs6aK2c*ASX&4pcCR+gkzY3^Z?ee<5V1Bk zKBzUh!y?_xMGAu2v(oBkU=UiA>B_-($?)&%!`sLx)3XSZ=?oav#=)w-BpVl5$ z1kN#qS2A*2vwg1)W)cGMXqP^miqQkC9sYpb(Z5Wvb9a{ z0{!=-tSy0=(20ZHba=UNL#iY5y`70q81s{N+UZs7-5#&$#r`0b_aEF$?@|VP#pH<& z9S`Pw<9X!wJi8))tiG6W=2^u1{yws<3yLgd!pGnLOc(D8_r>v3Iu~S7g)W|l=snmB zpJ}lWWU)iU2^CF0I4PSd6B@N~WqHt|DIrQ2RG?XuWPE25`(4&#M9dI*l%&&V`tGWM zRqfmE@R!X>yp9&@AA(D2miuVp=rxj`BL2XsqbUW$0N7YQ>er+9(X`TjaOJtr^JWqH zuh#=fA6-FOC~YX{fO~PsRO0xIp42Yl?Di)RoHmvrPK{U;TKjf>GfFX#>}0`CW)dq z{>s!!8{cyzbUh_&z8{bi=g;U=xmwcZ8vG(HdpJU8#7-wbWQi^Ts}mK3z4^~(&*0C| zHTnZqm;~Rvuq2a7GQW$>d~GrLTwQ>ASd^FzK3zV-FBrdWUx?w~jj+i{0wY-l-~QiH zXd-kWv{cevIj+ru;>r?f!;Dj$qyM%g<|E7Pra#=e*REC*)L%B+e3}dBjVyN_-e*N& z_V&DrPjjEI8{2cvdOX0KSeWdj!cEuZT6>-VLgG&`)P-a43T;Veb-dr~WIh-|aTV+K zT5+%R!Q#GrOYF5j;{196BsNs_T0q>jp2Lcq&0dh08{&X;9y2oX9%u}Y$91#TRWN28 z#Gbe9WKpU4@_@w9{3ui|IGd_sJ|FW#wH=IjSp{+hZP~%@90aHN~TLazblTNwK zn%1+L0Im<;6+WBE5D!R-1|VWTkHVXf9>9MI2??Raitg&}v443MJYHt5z{pIm190rFZ8A8OTo8>^SBSXzK}dwLv!PR5~~b(zjo2=pY~fH zjP`2qSkFsX`#tDe++U<|Z%$m#9@Q0GXf)}*G$J?M5Ooa9^A$81P!c3@b%$AgWr|Ho zlGgF?kPLr}@A;Ivwz?WDLMlRuu~$5$t$mR_Zg#sh%j&p4A3>*+@ooM$ktQ`IC5y=v zg0uC?A4Xp9QStSDPJ{y=L2e38XW*Z&IW;uC*a3T!?Dz+{vpD(Mwom7{_tR6Q%D9;X zvmqg$(MS&c0vxs!t>wr$+uQSK&FN%lJ9Nl7D@Zv6LQ{o=riwokIUspzO6IXe^qneA z6`pkk-WrfsQVMHK$N@~f|u0h|RhZ!d&&7ZES|A)_{#L`9~5f(3+rwZmh zzKaT8@4p~rumbJFB`_F!I}#NznGffO&s4=j;^F@-qFj7UsBeh=xvB?;dK&_M@muH= z6}!7i)PHRK9^ZbX8&i=ZweGP~Ykg-Z>wAAq@Hc&-POZhBH)}X!Z@kC_PO1QPZS%~q zvGNc1S&9G((jaOTqLb5bud5>S{ms!EGfu}8E=z^kV?m+a+f*TL9*^znWj-;O_6BU1 zsF8XPM`~KypMDQFcK1^<3Yh|>iOH~NSXk0ZN~`cS>SbPHEygvn5#A!C2wQ(!FUnAf=*48u~MFZmx+mVL)0=Zey%;_*Sc}r!xqZ z$6@^n*{pxU7*ANA+#uwwB|)l`Z)Jhzrqb&8J0y4&H>;rG)bH2kn9i^Z@4p%cQH zHG~GrY;am#qCZW~ALz{r$;j`nSPim$9&tp9pS@tRg9nc8?OEjm&plhGlYbV!&19j~ zdshl4+hk>gM*H0gnhC>4n;JjfAX>pi4K*98*ck1p#}f@oA@l26wp48X@LYxGhcn-u zXf<3h>-#;YeS2l3G{iVcM$Y8hB!n&uI_3=F_JNK#(e4ihCKf=q6k+(0+w~R#i7D@o z1%vne3;W{!miKmv-&0`8q04P1Y0l>$xXH>JK~;p3$}@heu%q=~=^V^e z*8KE`lSP}Q`RVF!OMzTg3#RJ2+aoFMGs7>t37XXwpE`R;3M@H1XSBYbEN)M9Bi-J$ z=yjj3pdh|$3-kAXoA2sjq9(jNd5{A;>wdXE+-5pj4xCdcaD}PD2KDgrLEtYH`eYVs z$3Wb^MIj131XEL7ur5T(mW45}u|K)0A)pd3(yVUDJwEBKznoLGw|^AyxSq;N_u!+Z zrp9wrh4J(ITr`c2TWekg8^Z+o`r z6Al9G+#Ek<5dsB0CDaFgsZEpl(VC=SG!6^S83m@?{9H65A_>R1A4$8k->#wj8Q5 zRrGbVBE=kHWGH8;`@7ij0}h2?ZBKAoFEC4m-gr9mfKI29vNw{Dnu|KH{+0)0eM3fG zo|29HM_(|4Br?&^+2oGB6U%ZixML!GlbG7$)6~;qv+;-L8)fe<16ED$m(GE$L4?zr z0?(jGaBVBoWQF12jFs8HMid9rVZG400;bOf!+)^9t<(m{EGy%&m`T@aDJoE~BygJd z7Y-$#J70$QwEI>+nRqd2-ym$ z(P1EO#_`DJxgaX1Jct+*f4diLS$37_K38HfF_pfBgZqi&Naz;*K65&wumPnsU~v8A zlB*(AL^`7TW`t4HkYlsPrDJC1y)wHpxfnSD0`kXTe7O&DKm16tRgm6A$%`_gQN*Oc zh*Cl@F$_A#%{a_BxNe0T!(%N!4lx|jX>y>3uztLK5bWmkCX0zxMnFR9W%Z^z=fS$& zWMlN%>{2Vu_!p>EoNbc#gTw0j>{tK4{@`ps_PFEfmr@G+h`<&P=e?3lK|`=*xQAoT z^Pe8BR|U;~EH_%O+&u0&FVAG&Ib6{*bBe8 zTwh@?IJ@v@&j~_JVz=aTz-92-Vcn37nli6#?ho0JDuiSsgM3+@ct0d_Dl-k_1lCve zqWt^>jRz9g>lH;s!AMC#D%or(QebkQI9c-A??TDQ$Rx?IC%~norW#t91UCFDI@#Wq z&V@jfAxeK#f+Y+f%E~_nK2?v>)F4KyT#vjs)IdUHlLOVrB}zVHmIPA@k@=bh{OIcP zk7~U}j4y(;ic-xx+ZKFFW)lw#F!PgzMf8e?t}7-lk`*4!;LSrC;;>r&0sSUO?_|{{ zAde~mCqYe3qxHsNcxVW@tbg)9L1!4dii)nDZVX%kIV1763$@nUnPAZ3fk#kNtIKbl z9FqjCAan{{iqQ-~<3VA9knnKVmk~*!6b+~SiSZU?1((h~n$y`#OCGyJC)JYKP4nPx zgI`#P-#t%k_ts%K@KI0~2$16E4zm`$zoDm*$(fpPdUJ8*WMboo34r-|)I79SS z`GZA{ZBD!X9pThFMBX|yzU0l!Ol|!avk0}^kJRy`KUXAkWV=U%pd;W!Db}Oa>MhDv z2JlcwF)e9T{t_F@!lby8WC)g%b8)>-RuhxXA}Q?ePfAVJGvCltvRoGfwM|Q~1~!{I z`4{Za?sAD-DNepdrP)Wgu-%wES$5NQatut2dgrT9oreC1gV`iO2mIKAk=tKSuGfcj z8(!0Od8H~1h{WlQ-yt5H7BdFhX?KqTzlA}q4JYPJBWk+w9;@(vxuR)f)cIXE(lLQi z)}P5FtCl75vE@A9ST1p_@l%t$rSEL9MtfzR9I~~?-VXd<0D)Q?SBHZ1OiU8UY^yG& zp(xnbH#S0|qG-a?nC}L3vq(W10DC-3ydPt#Y~|-UHobx210Ml1FK=>RIT|4$QG`2; zP4t({#0pl{#>`X>D}_nWjOz;JaO^PVos z(c|c~;l?8Q2jdu}x@F@Vyib@oEvF?Ja9%Mn#DKicW+@jSZMB6tqoh?jt+@y%0GoY*zqA0iuHWczggg*-FkZ=)kLnpfkMqlPS7#b>fyDk%ya7<^tXH*MCsAu$yr zv{4eB-l-u(WhBj9HcWAYcYiqWM8(a-@h2eb6&1CVpRlD;rrsBdgcquW5o?4?kmA)CmJ#=?!%D7iNx)5~;dl2HiGEzj{EAtn-5OQocl zt8?MrkUW4F2Uk)!Y%_LEbCN*C77VWzaBIavZ4YP2Z1j98oE6c1*l(0UL{_Sv@@f&VbTOc?p?7?6*?u+B`%u{UD z+lc?%Vvp08B7E^EB-!-;)DTl7QV~)#a;yRLR1Na@RPxwVQZyO# zFseRrdMtfe1B{JwTl&y=Lm3VjR%)CI%AQ`dGK9Y)GtnHzq;_kH4Q@gS%_G)xyf|H5 zhn*69nYS4<Fbu)@Q0wsT$A)1-71Z|a|RIyIAZ2nGYE#ceZ|IY%L zuk*CvIr{((&FXl|oVkSSGrmD>d$_AFDkjPUMjn3*JHK-<*;9A9A>m1a4NF{C{j086 zes|fAsnz5jK>vlk6~W6gj#gdvrt-H69oQqhwY6MuON+>7yK8SaV9>c{W+3S6oeBUO zVAGx#;0Xbb`#6BWfaU<$F9&!b6R@Tn_z~@G0cROHu8zkYSj>vfE%s0m;lX;ltI&sY zt=IsJv=&0N3~j;5Z=+_uui~Uk{)1Z$cD43fqhA|iB53i`s zUD3xU{yz==Ft%K?`~3ouKa#i)XqonRadps8!h*LXPQ%6fo3e1b3FiCJjLwKt;&qIzOgNEQwN!6ui zVBssxAYoz<7*a@ukxWNk@wP(khZ3b^&ga;)|D;^U*gHBYD#{uC<2}*QWYM4?$#f{9=P7wA&Tk52w^U z`tv6XE;e|EZAY+cD5L(z(Uqk(7iZ4iVE2@g0XO(>vLK1ugF2@t{Gqt@aH&deCzxY- zQtrm##n-Q*w&Je1_M>G8zv;H4w(L&Vnc;8M7P!2@xZ(1X%fjWyhXi(vzq=KfY{d^M zi;JPB2T5n)_}NZb8qIpdNAoVEqeY~hzE2+NZPq2$FPT9RdNYf#P(zya{>0i>lL@Fq zi!Yf7Bh4Xdls)as#FhuBsA-M$+Z+ETP1V%ZV`!onYq@HH{|4p>(#Ip_$rfs=7O8-q zb|8)Yspb&ToK4p${eXptj_|gT*>6yk45&w7Sdd!o6H~M_T8Qq;w=Nd-yO^`K%=_55 zxUTwf3Q(i<`g}5fN>hHHZ71@fi6R-lcwhp9t6nRhrjQVy@BWF$^WQ1Fs;hZ^S3MF> zcV`+QA>wSMzRg1R|Jc6yx5s4F9<^=&l}5nTR=BrU`UEgNR-;|pjlm26X3-n&*t>)E zml;gyHA@BFot?dXdy9!lGz=aAuhah9CwOF&-QegxBQ_}c;UQX;dX{+luWO|zL}}Vu zj+k()VVG)6_y~n*gTApffNGzp zyAB;Z)U97-wOlib_x}oc4a=Ef%wlx^)+nJ=(CN{mD=jPNI^GzfBV;vVE+S(7EQVpP z2$a2^&l>L4V;WE3Z3*|Q$6|>W^}6`VUY|M7ot4Yj96XKqqA`$_wN-#+>&cfVo7le7 z;{=W!h1C{6wS?V|>p}M(Zw9Kd$i<$5-(OIam2f8DP*c*!me-6H5Ktn%g#jXiExl5V zUfV;Lc)%}JI#8?`5=g1Sfrt)MJo&0fTq>XXHZZWfl?`j z#Aj1TwjPW{84TTqTpo|3`0W0sH5pCnx%aL$nq$@;-1=lPl=9FWFbVhmIXOq_z1`(0 z8L_ZeSDN}{vY-taE^}IeL+`ADTH7OEVBw_cUIM@4W!C76*Tf_O-}h6f3?1cGvzJyl zA!?R48bkyiEahTiW6CRQN2a#|Uz{rKm8h@~@7(4P0B=`r77PiC$g?@g=rgw0sJ4gz ze5$tA4FMHtW6XCJ|H~8ndz0s1E0-`h+@-pPN-wQly}cATVR-D;L#f) zsNPoJ>zrd=rGfwMfU|7@YpRew#mKB#flp&q6u9V){zZA=SF}@S*lePEQmah$n>{_2yo#!P=gSH~gZ_M$bhJ8EbJY$mh zohbq1_W?}A#YaZdb}4w133R0Fa_qRepkFg5IP}j-lw|`&0}GZ5&uMz21rv>*fL_D8 zwx*v%wQ|3@0SY{qa`y?bee!>}xTXNBMfa7I4{Q|Il_}A7O!WA|NPJjJD&uiWUn;L~ z_-JhrqDDSxJR+UTCO=$U;Xv=NS(viP41rd5@Lc=gE8+vHZ35RdWf#4)f(#i7=39&p z>*TsW6HfJ4nx-T?IF{#EIt(tB$D0i>`RLl!AuD%?}Y=d&xVRqk< z``iMDlFVk6zuef>C2lf$>lnRAg|u@4PGTs0Zu5arziOwlPA|MG2|vwrK9@X$yn)6o z@K7tQkM@xtB7h2TTA|#y1ylpD+HzWf8fG-LJBueJm&jl+kHwtA@jFM8+xbU$|QiR@(eek^nQj}DZX7w^$+xC(O)#n5b}(f)V`yv(~ z%FU(R9!{1qFdzpjo{-l|V|2dRBT5HMs%H^v+a5|&a8>)ypd!f)DUrqbhiU#RbPWHG z)!=P)tiR1ZVr2TN48YmtbuND=EfE)7j&eTc^Z-;0G^w)|hg5Vicy`ynii=GLVR`Y` z0JTdMFfIKCd=Xd-xXc+O}5=i?QD8 z$Ra_@+xe#^P2XgH?dnjf>U;xT3)6={H(vDHTP6ES%NZ`Nsge~ap9djRI-?u?QY?!v z_;%xKU6KK$v7w&}r)Ui@Sn8a`sksNs+rVO&>VWJ0-rc{WngP>IuUzi>1reuAw3Qs& zmPrLJQPj9!H;u*GpT3V8ijZFQcl%!BhY}#?=n#`rwYg= z!t@O-2j42%FzGfTm|cY}3-u=Ijs47aAFMK!pUiX2R|YR~Btx)7Geh8LkPp%#bHwL_ zCwT1CFg0XeR;3GsqiAz3`R7O2)61C^=iM>i;yoiAG-8~dj3xemjmDS-3WNn=4=z9` z+jOjJrHdpK>H~Z!`S5OQ;H;Gs=-p3n$iK`laG-$mg@IXpz3X;#^smy8`DOqxLNo=#?ySGI$Bv}&j9odYdtGoN` zwvfaeAM+d0N_tHUz@DP?>>o`GBIT{~A7TbRq01Sa2&hsf=%x4K^?s+SK4zkOr?zF+ zULr3hU!uK|jPJ5D@o}gd@v!9Ya{EW_vC)Y7If5CRWG=&6ovBAp`3xcDlQ)E`b=^q9 zd!0=-ZP0K1#n}Kt`U;uKv%HD2-Vxhf&cU7jGdsrE_IN2hGhR?$mLnU+c&wjYY(L#Ix zmD`)F;f)1P08Yr-n02q7)5E`W_1u(}`8m8~Ota4= zaZnjvH^@_W&i4dn2w$%47FL08L}K5N1~4~xZ#YAlVh7t1yyf1^{rwsh<7~!*`aQL_>c2DZD$a&0buTF{2qaT%_Wl2dn_KZ=sTq;sq8`DpbIvB$%G{31vwb9$u7wJGo#NVn?Ev^h1`QJxQb z@$ZeX4`xfYx-WLz4+5heulz;??Iw)0YbSxU%VWQ*r|NhX_A@4?!^KLI&Fip?l7`06 z!s5>)E{x;VwB+*WktR1Dt0PNn3pLyC%(ax$%hjQUQbWm0Am)z00~dP@hZU;#Fbumy zGj$OWVM}OzKd$Qq_j}Onju&yifqzMxTw*bx{K~QwVW0n=NN{&|nQqc^vR8IlIlszn zf$8<=R%4(h6Uxx!_WX~noTM`lc@r@1xw-iXAV_)bK2ccB*Y*w#h2PfmBs{hHSF}BM z0Dk+g$rKm(ZkuE6PYk-XaXNyHmEi7z_auBinJY*@&QZ=E-t34cs5YC{m__w|NqoHA zK&|(l4P2Q&k)*K4xps4|C52>-}+mgva<+Hnyu<%b>)kE{P1)8SZ^7( z9VkNB^s4LNVOwhnC>$jOoT2nRl1MN_N6+@7ILPs1tYdZcivR4*CMCDK=1D;aARj6@ zWZ|rnB*h}bYJEt=!X_5!>)ek2>t;K*#BD6P$ns*cBsSX@jA@0(H znHD_CJ_Rq$=AWP>EjXkmCwrcf&a{uCE1uBt-Q=h9*N!(E7cno7j!NW=pDJhS5DL2k z0yh-??_yWjmIa)H;Eb$t-?Gy*R)Ar_^Ki)V4n483`|m*^dYxwRz;mSklaxS4u|X?C zpPES6KDDB&fS{=;+a;Fy_`pEdE=zEb- zlJ?AliHuv14YQ-mH^wr4*Guyq6ETff1WI`poLtswqu@*l2}Yoi&DH|~5h3sQpV^&W z*(*LDfxeIpDdcg#WB~_}>Fmf+;|uQxOUrM?RtTu5Vx(9YfbD=a)Zlmq1C(Q>CTqcg z1V$-Pnf_IH2otkdh0zH>CM@DMO_Nux@@gIJpj!DkQ{u=08V4FDN5umTFJ=U7F)4+eP3B542}a);vKN;D z-BYS&GCK#}FA&-I-vre+wYK-bh3Bx0Zem#E20@s}BTZ;4cYwEAoECtB)Ky!O8WIv| za+0A9Bw%=;MfUtd`pQ%8T{g0}cC&)x0I+t3Ft~s+Y=^RWLIK)p={6OJ%B$<^;3oQ! zD|R{ch?De%#>~O^S(kE;+f^Ys9LB$ZmrYDe{8p;K@O(hY(zwEJgpvZX(@)tv@S4sZ z@2YP0BZzn%f1WhCZ%RLTfe6QY5`Kx0n7qoTMal5oSR%Ya;3G$b%0H z-MS{r2ddEL0V?y$_<-xRT1R-lNLX0V(?v%QB@6m3H90FaDQJ^ZQ1H5Mq5;yHo1brB zZ1u?xF5kewY z%YFxzjUvDh1qXx8|JeUkI3dO6%jY;SmEfbbn8pYe^b38|%a-1mxzwe#oG@FJ;YhpO zN%u|WzEPBalWB_(Ni%7mYy*pliMh{dhF}KY9!c%XyO=X7RVcsJUvq>tXewzYjZkAb zo2RnJ#=FGmr`71{`_9mNxLhbIohU5v*|(}{&@|ISNKK`cc!CBCM+x$hAUo#Jof833j~)JEa_@{&AjX@RW8@RAcc*$rp3 zM$+2kH}Z!aJ>8xk@qm<4P$UHp7Q+)8_a0KrLN5<*4DUq=yeZ_1E#2E6m?BTnvnju( z;G7H~H8ZonY%$kyv|#ye2p&drs+1S6(DQS zk{pXcC3m*^EO^>mxquE;{mTz&MoKMnAzl**W-6EKjLtu zDJYTo$;(hJinUt91p#J%Zi=jL+@@HYHa%>5_L?-GZe;X8C8lEH z;<99-#RT*L&;^Gh@gLEOuPcIg2^NsT?@$Gb8G1+i@r_%kbf)gOdwB{#yw8>#)+pAk zO9(*P#>i6w`GwE)@d!Ztk^hv;YRN<;o4`ifvU)t8Y%y(F?y#V$kj4`TDi|QF<={*# z)oS$z#lT{^Q0`yl)^7+H6@p5*Rwg{l^3Reyn~V(VaG@#H)5C@Rm6 z!;&UV-2wL$_OT5ZS#zY2ufOqNz0kCr#WGIuNsyjO%k#g7D{bC4bdr$6 z2o1a`6qnUwYOAL^^n7>?1Accbu$e&)0IJN;zyu6}j_~$us zp3*9>J_ESTVT5B<7o5HcWg2q*kUVy)7l2_Nfy$lU=$xbXv4mgMQ3dNrgS!_1r=n-A zD0OOsa$tdiEC+0%%Adr$Dz7Dte8n@9=k=A##gPfQ8KB47K0F)xSxHKYm#;^y;Bgqy z0zM7IBjxI!A4*H_>h~Ss!DNA`()76&OL(XRRaLF4hMcOY@2LQ_OUujWg8c_XA&}0> zR;`guN=d;WPS-n4a-0EsB8dyv=8R6KA1VJhzx1@Gm?-;%o<_ zL`btNuJDUj>Z#;L><;o#KM~9f|FojS2%%MNeoNs^B(_t!gdQUP`lbOW5b!+b5mS!= z(pRrSMjo(K)h87HCrF%MP5jnje5KPOJ4{Qr7bo7WY6~EU0aTYCKVZ~(Y~F+1ix|iy z0g1RlOJR%t3m&UI2MRu?B&dP-)%CW|g#2|jTj0FEU2Z6G@U;N3vg33mXSKqJ3O<@_y(@ZKaOcbLH@qLD~}Jfz5754mIq`d=aT! zlY>9^7HmWk-kLxGjk3^z30m!DCxwA`bao_k+It@cyUu0>=I?MxpDC;f)O_tpmWQ39 ztn37)#fXgc{UTJBm!IUxVwq^SEbv+YN{M4uP7|Ijo`5x36y$R_KZFH`d-vSCjJd7h z!J4A4W)tP58GQ~d8q-PqmT*vKc6J;#S|lejn71pa^FI23wS&d9b6-<*_^(A7R{(CV z%7X@bFoBX*S~HN>WklYKcq;SR^TGD~mKDnR+seQyv@kl_>L_^emje>lhs*Co3=9nN zXCHbiSCWLLQya<##sE2ZHRUUFUtKI1_AC@MM)lkIFARW%0!+y6km8*1$1%B5r9@Sm zd$+QpX8MYZz3Ip?L(l_J1bCEiuvDnTa|I9oS{xExYOiWOw~9(UtJUCGrp~fc1|T(6 zY?q+`9V-QBW>ZU(|I^`J~N}4Sy&8A?Nx6BVyAJ9X23=vlbI%WToiiV*on?`JB5wZ{gR->Z{BR7+QOOsYcBKi{&v4 z94e8*psE$EhDy_BUm^E+{txKADId&WQ zK*xae4M*g_yL|q4bntE@m)ifAtNnk;;ywWlu)ygOrT1*JwYAQ28&s`tz|PL`puu5& z5`bQH(YMxb2lj;H;2u7_BwI|zN49Ub(tx%ar)ZzCf^Rt4Dkimb{_N=ix+2C+>r!L8 zx_Z#?(6co&fF5-9@-5pvBIQ+NQ!Jxf^teo8T56>M0*_Ej>#U#)u~2;(W=95(SNL%Q z7GbVaKc2uUO{s3vA4`u5VFE|t2SM+VSFY=Ii7=WeY`8^$rw{nYtJwtY`LH{JjgRpQ za~sx*i0iKl(Gq)0t%K<(RA5PI;#2K^%%f*e$PdO?z$Svyds!B2^n}F3Htae0wY}U= z>OD}O&+ZML*`3t7dR=e6gW6*2zn`m8CZPPIR>*eLc3@_kS%wDy_w8cqXyEX|T+0dC zto2f!@=hrjq=u7_0Q{YFxmj!b-CddI`Fgw+c*VQI7m*E9;L?BP`B6TPm>U(p z$oyz@bO2#nm2u@uR53|#r9d(Oyj%aEfW1#Jd5L_S=JRP*{5NcX*%w=V18N3H0RF2! zv(ex(@B4%8{WC4?+o=|SN+a5htX4CG?pM#zff1=cXO}aAPi<8n&-j79|F6~!Gm%M$ zREQ}OpVQLrwC^2wd15EY4VF93^l^0AsUidK>^;<#uiwFhiSvCpvQc;FX~&Z9x^IWY zWL0s&QtG8L9Q#P?gW;CtNX+74`DjAlUw^Dg31BSthcAHR6MMkJTR%2MbY;o;3%5zn zRfYKrHp$P09r)iZQ7*nPtwE!{Lv;@&pNiTI7BR>Xl?e_b=VgtYildzRb11_N$?rmU zccEdcz;|GG0Ex_qh6cCVvK^F#^eq z%3IQ89(lMq>Ngraq-gOsTcLSm z09*nC^N8}k95M;HD!tS8541SwIXd4SEPGABaBH)NwKtAm=s=PU7 z#tAE&%_0Ltc6D_(2}O|Oe_&ddK)G4K$+*gRFn(vYVuStAVeOGO;iV#uZaD+^)0Ca; znjm2U>I(R7NqlY?VnN78Lw)E&>4MyY8sYyx3*c8(plJ89tljdoWzP$aq2u-cU_>@<$jOVyg&}yL>%qQ(*IwBH1Q+PzRjbwWBp>o7h>KJ$$ISeLjq`(z zOb`MfQx-~pIDe~TO_&9HRTHqvB&8&sdybNn569A&+88kH)ER%c6dw&YB5~TE$s;3*)ti8{5)~GR0-Q&uG$QZ;pU(-@js@3V_ zLH7Lr08tj4Zc%M7a_N5m4&9LUfP~|$nomhdiH1Q~ydzKxSP`(D!Nn5n4i4lL>@LGItQ=^lX$HV6*HPgyf6?0z+KCJZ{9>mcAjR!?@_a+>3Tl5B$K_J$3Fo! zAv9q0vLMy)nuA>ZsTZoDMv4 zpdlC`96$_DW-mhvdFEH0k2HZv*}@%T5at-588dD}fGSk-IHI$#V)@80Rtj&mr`#`~ z^zS3V?}~fAKZdOcCMG6;iY9={I^LdxX+FRKHva0)&5yr-p*lK5Khu(jgoRPjsTalS z(I*<}n*>J0!#dZh@@&?$PxnVYmcGYgTJXxB!`Kf7x)w7D(Uy%gSP@a zAumf5w=06dZ70w$$A?s>Bi1k{hh3wl?9X+zXto}h%%!Dkdks|0_2o&@E1YI9wT8qV z2&w)#xl{pf<`c!l*ayL({PWM+_EJ!zJu<~Vsl?JHXj^;x*CYV%BEc@V9-7m^v{a$W z`gk@Y($4TWEcJ4b8iORm%m`yHJQ^}9pa31BVio1pQ&nznkHTa9awwEdN8qYQsp4h3 z$JW|dK>UCbJ2(F0*ezf?#kqE^aw*8hZ8UU^K zGMkBKl1m*)(wP^A3t&Sm-d-s@)W`@^v0904X&lq>W4?BtpC6au#>!VJh|PJvvPzt2 zcAeGGZ}g!wE(z|9_>3oq+g0c#Auz!#^Zs&TI^4Uos%v%tAc6n5-6<&o-_LyT`#db0s#Rgk2#iFF!w~P2?kpCA*$)vI00Twuhddmj`l0-Q8h3>J8uVc1AKj zlAE|?0r1bsYtv~2X? zmhPnh(Df<1dSjE~q`zwszI*qMlA00?lRymorUFEzyL)0%5@b`@B6fFaf92$`RXc#3 zb7&&%oy5a6V=NP;38ly0ofwHW-DhhN2Ary$zvy23lVQM8W&_1Pfl*uZCZpxGX9mPh zfCjUJKp`C3jqc=iTIT_mU%vsz=g*Xc0nnMi<9Ys;JQ@K>PVQIE zFCO<>G!P`}UU|tozBOkzJ$UOmSqP-eS3_kY;DT=nSBi!P$VF77e}y|a!^Fu62?^gJ zB5v+Y(ty4;=rOqHrgcHmla2S5c|FaMD zZeL;XergER7lYep3kB73u>M`_e?sT8TEe^kw@`UsW2Ybzg`b6DZN$}129AF9A}*%` z?$yIRWspG{N#hHNkH_|fh6Xfp7$i>LAtQ^>$3sfL!@lAr&FEjZi}fSVElmyI_sC~U zb=Ky_DK-an|7KnO&|(5agKc+5zuICl0rq0M+;sLm;2j9a$e<;IM(RC@(cEeDRIxUE zhp*tp-xq9CniEn&A@oYCJbvezCa z;MX$c=#;2#Z1HBiu7`e)KkYu#i5+S)abCY()NFguV6rM(dH@2_RY60-dS#$ZPtt*o4*t9i_zRm8QT36`QXqxNED1>Co|J z)$`!GsHpRWcIdg_`8z`saFiZ``ch(YjGoW!k2 zad)ewoz?!E?^8jKwb)d#z+d3Jb_crCOa3`9B`5$hJa(s^K+@)c)NZfUuz3Ie3-zL~ z6B{%$IB9(dyYwNT-eXX^ocCVJ%{z4Yl;&hb+VD@h&#Nahn~C4SMyzhL0jE8%W%x@v zN_DF8%GImeOHuDaXx>Gg9H5!N;T9AeyfRkhAybL2xU~Vzh2c9ut3tK+vC3RI=W&3{ zbeQ0P$8A!=7TDW8i7NQ(k*wM@MXQ4-#eZC!Bi#S-6+s`i4qV!R*PhIWriF5>*pfTg zZXt9^aZn$aflhiaFz|)i%lLoe#kYxxT@`4ck)zk)zA!wVIB0l`_sI9n^ZDVdXygXN zEwJ2O4oRm^fxfqii5PIE=6`BKBd17sXUQC$%>dPQ46l>-+Mn$HEC)RIGiGe=ippzU zvOtH6g&Gcx7HK~`IoPO!^MhR7?AUSSa02-;kZfSl9zy4l6pUX(_u(5banMUN-@YJ; zF;Q)WA8^YU`VrZKDP>tX^7hN-_w!SXaJp{@lZE8`P^sC=rzD@g5AS`$bx^}rGiiUt zs5SptDE!eH$gEnC7k!nyzQdHIJF zBTl4Svm@NO+^WiDy<<`OVY*yKah=0dx`mR-ba|VXHl**3qArVS$0Hy=vrUwr-^)k$ zGKt)}h=ga(llnecmK$J9mpMEzy7(ZRrO2`xuE|A}1#nQV(AMmDcU=b97!b$Sg1@tX z$@R3#`Eg?6(=vNsAj?2d5YNWhB?hb~W}?5H?3JASsc4GkU3UFuV9jc=!AoMOji8Ue zb>3WuIkH=-rLWHm>dx7@S=-a)ryvq~3H>6BD6{>`11)o@dR=1(K67=$mMi?kL36Pa2-zG(@xu zk?NZ(QB0)ria{hghl4wg|GI@Bj}B(4$fZ6EW>9yw-`{BH)vQ_e!mSqnpJsti<=>a# zKuDvM-VPdDe!)1G#QnbRmx@_x-}fGt=#1N;C-+ch-?mC0;j&rI;n?3<3tB=*rYZ({(j0oUfpM{#y*3#BkBiCX2X%w63rB5&d z2~@)}J%T=_zQObl0Z^uyL7z6;`5B?;t;d6pl>p7SO-$q#<_bN(ha5fO&&*-YwzAM^6_N(9dRG|%v#Xd5<6TY`{3rOcdbK{rec`T43gg~VwVsoS@ zw%dN-xB;IXVhAOT_W1q%jZwEAzqKE3?)ipIq$BUgdovCKK$gW&Y4FyiRUF8-dYED_ zI}2GK$o;#LIFexG1$MiUu+6^h-`JPYR8I1{YZFoD8Br|%E7!zKkgiYvjaa_bh>(zb zh;bYYn7~>o4;DKG1J!hwGZiz;+QRX!Ul)CmmAMItY1-us zke>i$uw0_nGkB&>7_@n?dH3-uQOHv}_rzQLou~mM@Ztp>6FUnPjl^pRO$G)Az@UuT zSYBwbcb14VSQ#Fuib5}XUH|m`t?^%1lToNdPv8H98Lr%TO>&WbU@@*q#&&jf9VPZ$ zAo7ldo{T;mVrZ8&J3W*mW;b>ZEh?g)VYr8FFi}dqsJGY|$LR+fWA?Y6^L+G>9c1;U zwzi|->^W&)*V-Ig77LLq=sWp;HE)g=a8OV)2#;G&uLymwVFjlWy=rCcTuXrM%7N=l z!V{?bpg+P(#vu(@fbvYD-dnqhndiZZUBq{Q;X9z;xCaj`!Ky$%8TFflC!o(J$;8^1 z6AAoJbNIKjKKhn-%}5rVPIUPucsYIv`}9G61KW1#mko8WbO@s4|AL!ij<*WARw*ed z_ASDqqIuwyflf;%7WPzwfyJ8-PFbL@bAIfd@u=C5;gFf7WxK-7LqRaAyrvA^>PTaP zvUUGrJ=V(h-k))I^rWAI=R=B8{0Y_Xg5Tsv{(#+HEf-@7}mOzgCvx<1-q`!m_lkr@zFrQ{B^1Z)d>)_Vue*uOd`zPW7R} zc9Oy9Z>zF&8C+tv*)?=E6)$=0T(u|`7B(3L#evI~mKN(yESfhbSHHMy@QAs-vXwgaLt0W>y53*#)_xkDmi zt$1HF;8A@K`X>CAJtw4&zHk($IDv+XQ)7kGh~=y=6C4@&?P8SWCJ|R4|N=fWiT8RRODQtz{h1f)P0nbW{6J?vL zUr$dRA&`3p1O(H6MZWNbUl6u@@zC$S9{t*ajc$CZXPlAW&g|E)Sddps*=@=#*SeuN zdB1g_!e%_Fyz!PD6B840kVN4|NAl@5om^FxiXiup;uT4;f|Tz8?q ze_G%}7tJn_lX}5eFky{ax}}u!G35zAX|HfbC6B$YS~BHV2^1MQ%Xj{ZLtK=+mtPiL zlDdaLTF)IvJv&#t+(?Vq*{lk@{qu7ky zVM>Xx#4{@YBY9h!_?Fi~-4m$YhfgVUT}2ln(05EGaKG*B{yuthVpyaC%&xH5m)j6` z?#(a3Daf<=k`QTQv7#kML`IJOvd}LK_-40%_xHPkBw2ORHlDXnZr?cP&o$YbhS+rt zkH|eRun$?>B}A8RX}QFO7m3Gr9wOpL98TS&Mgl_&=aVUX{rrfSEla1~*1{f{{J2tJ z(lwp=zW4|D4M1*uE+L15EUJa`;l{LOO5Pk*f0k$uvvIwNyS##e(CgQi_HW&q@b-Md zP4)1rn$xkCzP@^M!!s80?lE+j zG&DhBRfa>qtfGrU*>F$w4`iy3W?6oZj+(U|B&)R+MMg$;uOGDQu9To=uy~H}kyE?V zu^!2i%;^(a#5(PCp&iKvcPD~%&cW3+dv1PS2<#HrZmxxc3R2S2)b#YtrzANMm6bf% zYGs}3v|)(~G-l@3i<9YSO=E5HGrh=&h?#|V!G=TYtsNamo6aE#r*B>!6MR`0hWt5OGh+9e2@~+ zyEZzitdpEd9^97pwuGd;zMi@7b%IY^V8?uEnFF}?MAV!~6vG1kOb7At_weAGi6paP zk%S!{a&*V>?TMWjz9a_4R9rr&8?$z}nAmD{un8Efm~|ug8ov2r;>&)wc_5Lfrka$s zh>OeUO~*~nFD^iLM`}1BSS{)X25_7&ww0%od9<5g_dJ zh#Ow(1?H#Ra-}&pTx8X*0(f$4Y#f*f51$V|9W_TxOiUKsCMG3j`$;op-gZG#N9RXi z;GHCqfV$L+SNG{+TJrfXe#*z5AO0h}wLaeQ*|f50Z|x8G5K1c?G)zp?H2L9k()IL3 z&CTyZ&o_ ztT$yeTKEmrJd>%LbV@O8ZQXik{)*O)o+K4k?&JNn9HlG@a^Bb3Aj{8 zvl*tGj>{NxQ}(eFF^^#C!Bab{vW;^m0msDr;yk$L+6(dcW+x5Mk}dFnyV3g+_k&a!5tKYI$W5IWXPqNk_#M0lxqr!_ z&4mVBk_#p-YH(D2o%dLuc0%BL%?aJ9p>VA=&EI|O1sAEavr|k) zf{dCvu!sN5bGPtiP|#g*37LABvH&h$2}5kj^FzO1zsQU--p%c?Pp3rM>@XW}L0Xyc zz7bxjdVF+K18zPzy@R5HT+7^qBUfdgg+yFkT3XQ5GwJSY@F)c$=xN<+A(1J~nS`eR zpw6AnMgT626@TtgcgfKnAMSb)#Sa6W9$;f*CqKc3RHZS)Ss7hY+csL(X*N5n1tS}R zGbzT3(63Bny0sm;71(r-l((eF^lt~UTqwga07Duj1AoA2B@cL6-e`{h_+e{pJS_qf zj*|OPaA^1nIkYu2YSa3(TU*6iy1T0<*u1c?2sTJz(vE}#b3z4UNOgkSmFs4!jb?*Q zhV#s2_a@1IH6S^e%KE(ELfIyqArpSlxEEMNcyv^zuXbU+W^IR_W*59wG1@oBElSPID;@s zK2b44Tv}YSqZ!xMRzZKhBS*u?D3dTfDkh}yyvhON(?}W<;FJKm&e|O`=gwdR~KRs@_3sVcI zX=t?mt-hOIT+{;cw~oAJWh9*i2D8H)4!*Nl+7zcvxkxHAAXKiP+qio#?K!gf59FMVfGdKlC`-x<o26ASh#p{62gtP>oqrr1oN4=#lN&PF}{;SOiHP!&V)KaTHlzqjt+8&??|1Xki7FdU9IZc1_{Za zY41gOnU2+hOanu) zo&ZX7vHmx+94IIidCUhjAlZM)-hIrOjg7j^a1p-ZXB8|qMGeZWJ{0nHLA#P?ysDxiaMF|10udi1|?_bYK7JAp&{wJ$`aZpCf#4_1UI=Y zqC)0%VzK|NOR=CAfv^&l4+xcb))b|MVPs6gzy9ALC3qWpw-jWOMd{dDEg-3s762*hP%Ze2Y(B3L|tqT<_3Q>rD`TbShcfPX7il*=CwD%8J7DMNoH zjtXFdDt9roSpYVAudKpk*ZvZwAE;#AhfonHFD{^Ud2RT#tGFu~(0xQ?Bt&!>H4}Oy zbbL2JYoTXqYhMetJ0)mnX$b&Mp-f3h8!Gqx%05jZ${&9|GN#xtQ7@3w>!p~1%FX>b z%A)@TdJl|@jG@#{e-lH^%crfat>&_0Og)rNK_-^2kgsw6$a-VMJw2UzR9P8v%Isw2 zRnuzTjlij%{s#{pBp?BwOu_(1BG=|iE#QWb5FL<4zF1iej61XJUV|_9;5o1YsOTxS zp~=?B7A#5HJJ*X;=u%~4UnwUGx%_1RM@9t4F))6zwIN=UMK3Zf&eGpi$dsK33H>Oro3k%AnG(~~ ze3~ytL{sDqc^PWuH#DL4c&r;ufPTrzm8#>JaN^G~l}k0~A>#fFkCqhs@-u{HVPj*f zRp3t*G;0P9D-g?NiN7J1m1TfoeqR2*gZTQ}JKKn8iUH@JX6~BWwyx8AmQ+Z}2x<9I z>LyLm?@nuIzqz-4opi@pjlIl{%S@!%=MEbctOo=0JL>K$*Hyze-Vw7Ie%$CXu(f?) z80rnjKD-Rec&Ho~Ba(;+R)KHR5thSfx;zpnnp9%d7f6+pLjuzZ>^G$E{#WTGm6k>j zp(ONWfob`-@pe5qA4b1{&+rDB>Gb06N-)$$Ns1X*JTCq~kCq5#fqD`A0g#gc z3xL*m^YQ*&Z8eAQ{;^yv8oe5zr>19k&MOp?$zwqs3v;X9R=HC_?T3JY#=*h~J6TK1 zd)&n)fB(4cP(xVm?foepoZ6dah7X_5K{x}}SZ3ft>YJL11YS3S)kBh&mdoa!NCwze zN~~FT7CR|fg_Tf$hK6wCFJZ3qXPs!*#ACQ$bC-Rw^NYsLaMt(R?2*#%E3yHradB6! z#gXrd+{hX)2EYeHF-L1m@!Z-4Dk}~9J1guW&m_q7b?`JZAKW2nPQ*Ovli$KMRaB&W z$e!6WG~^dobqvDhPOmnN{A#B+-~_j=Bq+}mm|*>(f8m{qiDLT!7^-dqQY}#<75vg` z^@?gLQ>7pdu&(%J(JYlB1X;jk+}zAHcj=KRa9Y!&^mkbE3P@rG+qHS?0R`QMB4^4a zLSW?yLy4wcI%2s?z(iubSV5}Cm!}PlZteswIl6U~@uP*#kD5@lWsg90nBe7kz^>U(UgL5=My9_3gwG8LsOWu*ig1;cBM)OarF|5$wzwUl z8XK>?=%iboDzGU#A(-}yv3syZUOSCPr=rvPX&{>ym-uC458BsKj#e5difH!iR9Svf zo+?AW!3c@dFG3Q*$XfHlT8B&+VZQt{a^q`(zD$AT7WxraY5at|K_&zaOQZ21J}0LL zMgwME`@Lo`jKHml<*?XU#OzsGd4~^~EWN&Yps}q@Iaw7!F@okWPHgdv=Yu`(nMdS% zo+np};R*n&44gKt)h$3T)#v*T?zp6Nfr8iD+Ph}~69M1UBnr9c1OXM^h91iRpm^exR}?!>G-$bA894`z=~efgogy-%M$je{nQt)A}3 z5LYmJf&FQgbrikp3BJ?P$9G;sgsFS|M_gLcDS-o%OK=v#69k?c%l(m4BkebXpZ zt39te+$9xzYii2O!i+()pfms@(`JKNb}KvL?kf%t%bvv`ROzpshFzC|NKp9RQV)zx z-=}+(u7I4^C_8pgGV|YQbtGvfHNP|(jDQjwfJ&*w$$fy3_wL`HU7welIkI?kz$*bf zB0zLbh@!wkHZ(RS_s>Dq0BP*ko9AM(vgB-BP~Un*MiQ+U7+g6#$ped@z_<^F`^r2Sr*#S$9~AN?v5fmE3$CL0UI4D|G2{ZSIMwLnBZ9xr~A_TtLS z_JYsu${Kl5#@~ge*zuCqt`1$Gf%=^(n<;l!Ckertiu4D)tGLC))Cc`9KY*w>?T&GN zZq~eQ@;t#a1}I?H->Ed{XKExnG&Se>UpswoB51h87^cMlNuU5#*jJ!amU^z{njgs* zn@&o>d4k>0grfOtH+w?7?1e-uuwpk7g7m!%gRFv$N6~*V99Ue<4ebKS<&)R3X+o> z4rjV$WIVj;cJ&?sfu@$0t4h}5NL~`WbRD#uCI$!O)8b?dJO&#A32N;z#9I3tXUt}O z_Z5>6M00w@HR?KO-U?!TYd+DxyF*mlRJ-%Ted-B2)phvaK>=DB%ep?azP>wVkCaep zeNdS1C6ZSH-cM8Px}}}uJ=q3X@YSYHT6-%Iq~~Iz>8=oQn9V8ypZ^A8qu$xeaGBVO zBK?UU;*RHS9uwsRujSsu2UzO>0*hFq#;}CS$Eo0AmyyPk*yXt@Z%+ zC9?Gqtt2f(D4384ujSn)eCVM5S_sVVF6@TaYP-5(f%yqPigmjCf3W20t2ZRqu3g(D zWlWPdCcwU`T5<4%jm@1HCG-eZFp6!Dl4qTgt+?27xi`Jj*?6odRk~t7lq(>zjFX{e zdsWcK6FS@y8`SO^I3VkIuU8?F1G8Kqsi8&Y&clb_p;T65{XF?cHUa3zN87w@|32KA zUs?ii{#cYMmF6FkO>e}}U*AVRBPah3@CsyB+lvO-4O;uJCjK+?^PS5~IY=ACk;Nqd zJWI=e1(A7yO3jt-Fq{PXKg-Z&8=`O(kM>W9gr=(fqCG^3B<}!|0uTePU=-`;r@?Kz z-MShYuW)47e8UBEnAhPakeHx)a?AG-YZQ|1Rb*1WCI;T2Qz?d_ z3@EUN0b&DnsW+J@E7j}o z?tT;&&Ha`u!)IQhDwrh7%B=X#EXdj@z!{6Y3wuK%p~1w)Mt{IAfdp3uzN4cfxHos~ z{=9UC3#}{U@BQZaz1_VP=sdyYEOj9TM#cQx5u;69+-M@#ACleX_HVCm-(I7B(@y#T zc1HqFSdL=40wRT}j+bac%dQ8=eZxsqK%dw{X=<{gT&WL&fc5a3(V#X=p@?m3YT8R|R#m=- z?Y0?1?FT^+$Q1Zq$+pC^zQ{gadG^WM2k8%og683e50Kgb$5f;Fpm>C0VrF&q+ABZe zIH@QeHz*4^LB%YoZ^$bsX_>0K1kGwNa?|d}?l}$)smgkI$HIa)7u1Uo4zH+BlLNi@ z1+un)fa}U|)^#|ewY9acWRoG<17idHI-rreU|atMVasx@?`{4MsGlHL1Vu!=f+Ru6 zaOJM!8CN)iY6uOU$W)o2f&zuVjEwG;%pl7YNc^B;^!=9p&|JCSEa-Qjd3z{oBXRdS zAe;XQqCB^HR@HtbBzzs9lFcqmyt{)C*S>yk(<22>7}&#s*n?T8t(~n%^=fEs zZMi;ys=thhEYEWQT7l8Q-=Ukgw)Zw(z$*M=ith;w=8lU%?u6G=K@7O151d|*Z9ljH zfQWlS#&Z)&BUnH9K#kG$IRd)n{ zr;QaGsJiYK{c_0XauB4#(eb$fmnUEYZyakDF^vJG0NkLyIE3B!mj8&`+Qb1NP&ah| z&;_pGO_jYLbG?*=IdipWfY{>E#ss*Da|;VBJiNJhRc?5Y4DNOp z#5&(-MlZ1ZVshb6HA_cH{K;L9F>=jT1yC7);ldBvo)}PQ%OiO#S!0D&Iq1=|+}zv* z)rwoNXRCiqYqzwkg?@OLeYxN>xpLiNF8kF$lD;XViM{=z{9^jI(lns)S)4m}9vR$+ zTmw`n)QEXmint)&epH=Y9!h0+%w-K!t-R^-&Z;BfIj+mp@zpAQ&2D_CKh-)G9Vs+qygBBOH84Tap8M zQ=uCZE=*YM}FcoUPvINZy<1ps*-(&;`zvt(lo5+1w0H`}2o-4HJ zY}*M_1~Zv$-xKjCR$W-~zJaIRylYx&xg}5*Uj$qRoEemMOSkQCrk97P6`)RtA}}95 zS9jnVm*wimg)_(ZzsS%ST!A8`jx? zzJFF60UlBW%JmQQx3+gu@Y4A~?Acr#pR;wCxRPEKTg40YHYUW_O2gsVk6-!09>ED? z8Nm0|43-M&p|;7%xoRi67cb^#-Cq4lA~OK47)WytE>5|c*MckR4Pd%5n+S*92ik8S zL6aPS`1i81BPZH7L=PS?!dL)EQ*d=^Cnqrh72UgbEh5w#yVB+YgiYWJwVU#vVU$iv z>)We@;t~kNP?Kujcmd}e=r1$dvDr>|a{+7f05icXIOQe@7g8}^yG2|d*7Xnu(6AF; z?iu)P745;d5B9bZkWhj*%tL=hM|XGzGAJDh9Y!rEQgP-oPI5+V5(?7e_|y!(Hkh7&Hae-xVkUy62Zd3_Rse#VyhLC{3z7GO6Nt)ix( zA$IMWX>}Lu5DXM>Je<1cAG__a?0q}7+!7TP`xxq{cYS+Q5=-=|@e)5=MfZq4*&P>*^(U(hqE+S9Z18rO44W~ zT>Lr9IAs@NdT?MH!0J^12^B*slEc4i+y-VEywg3)kO0lJ$nZ}h*cD)F10y18Ps{k> z$I%?MPWZq)tA-@5q2Hr_*JqKoi1%fV)R5T0Sbd`(<}>0})k%_zFlqMdASz6P^*=5t zCp0Ehl}k{V#_Sx-0c@sMyD^C3+9MTHk3WZz7ygh)!Z`KK0r-u2VyiYoH-m4=9ZQsz$|*0CTfErn;J0x1Bi=cQ?}(So2~BPD z`>9d&=lTJ92wz_-DG8+uG_;Tq2b^G@&}x{yZ*Wv1jKcv4v`;ROf(ph1Wk5uP2C;&f z@M-9w*nhh+FfgmxG6iKcM9bEWu7&Q{@k;i+$BJ2_n>R%_ZNbCR2bBxrAcYKNW|n6( zR!X9ck59~Q;#%YEThqQd1Q^^3v$T9P~rl)=;U+^hXQpl-d856 zR9O{mF;mNj_++6P0HHz$9XDD2JPHy%RNtx<*5TPb0Qrw`iJ5gqzHD#rl-_wH1%82+ zfD?rBfteiba4o)AShUpj$uUHUL*7bO$k&~_24x2)u#RGHZr1^ygzgKr-+LHx$AAO| zu#oZb`4dQ9T(P9AZEz1r0QXD4_8p$PG*7z~I(HoBp8hZB9i{wkBtprz!3cZ~t8I>N zV0MID3G(XhSmoB@xP2fKEPRus(#&KU34nbm;tRHfif^W4ozcU_WBuupO5j0onNIb^ zcKhX<+U!EKBbq6(%@g?Zb^suOL@IhU zAe%v7w)!WtMRDIM>)7%~`@Bu+wBdO!J^aW}>X`L)LNAQyDHIeWiQ=i=>w+;Wo4dPY&p3&oh=g7x<;ch& zLS&p|5?T*tNTxJ5O5|H#gDQ?q5$Eb5NFlnUBnAT=v0){Y6%CG#R zpDZ89`hW+rA}w7n5`n>*K}J>&l50zbVpb|KD<+rRmT+kbwiz@xK-#Lq5q{^%0{TKz zDrvQ>l$2%JxU`g11kWC?d)3SQPBtYa_UhAPZWs(sA38!$LxWI)Am=Rg@H;njPsNcs zpOPY~iJNSf-5BVmcqY3sVBPBUOvEIO_^k(}CrpAwQZOK#AStenoxnqeJ7CLlR*OSM zj9vjsV4zg|EyN{?XPnBW4)25)Wo=Ka;3v3fQ~;R>fGTh|2Lc1EZ$=OwFJ0W=NXF>s zR-3;1HvFroYm;#gDqaBr9?(vqAI)-oB+@H5HP>oK1hLMx&9!hq!xlcJG$NY(U0qd7 z?92K{p9*D!LWZ7b*H{q|w=gMLuK!{|-PP3x1PL|<@fGUz)# zX_=CGHVODYf;RzsXy@zy1<*>E+idQQ_I@Jk+W6y&nv>lXpn+N!%#pVt7+*HFwtCv{ zts*9Fk(zBoH_8IIf3kcRLE$1*ol!LxWB_QR6WO0Xf1dC@OC(((C@iWSwCEPFbO`>RZKz$E6@ z+$HTDb4!16-*ClACDuviMZ2A2uD z<7sWq`p7*#O(au)R?K=)kY!ok6%1~1-ZwFb#g^1@H+`N!ehAM0cE@Si$I>rx5F4R3 zOj9nn@8ooiQEPCSO3(iIMKcMQ)!vUtW8+|dv9$c97|Rv(`d`D(*id1Jfg2=4@goOo zwbi^Yluxw_qd`pw2e}nYIgo0~4;YNb_ijEQ z!TS2kP`d(cgkj=7rE!q`_!06lhYcPwrWA?>qMfma{mw{b4r1;tQa(@Fi*Jbcu~Jx4 zoPzrK^Cz5~SU46qa3#$w&Hp!d^s~jp!SiUgY$}j%mLQ2TAI7p{qlm zHMBoV0#Z!}Umi3WCA>}&fkL>W3Fq74N$f(i-))nr($`SRV_v&ejb0)JY2I5`5`(Sqp- zFAXPtOgSAR{0gA$NH#k%jJ;L%v_cNE!`@5qO3f#rRgpg!VN^=; z�h!$n!=YYr^6e>3esY?A4l``5`FkcdtjwL<9M(@wU9y*myiUpG{aVmn ze0qB4(s|`cw=Iwn>8h#p(Zw5%>o3K#6n%mVZ~)xoI!_t`3kdx!z&;?)WAuTH5yo(a z58&U^$L}c_Sqx(C0|?9PJj?ykr2n3hQVDhr(=#yY-RxZ(Oh+1u;BmF5babJd1^Q;E z5eyJq!>UbT*aJc%g75=y9;Ka3K~-Qka82gX0Sd}Qgr$XauVrH5UslHX{Td$1sYS+U zsucP~V>E6J86-#PZYuQvgPmJQyqj=10Wz z@8*Ij?&bA}E0=Vd+yerC=`>yJ*^ArmwFj@k81WxtW2+EnS(MPvZq!~cu*&}F{mR5{ z&4o%`hz%t?@AT@EP{=&3_NPyt1wJ^p{QYBi%pUoPe3zo6Jy?WkD2T%>U+hTdnu0JG zIWx12b8Xw5886ny>e7Q-@`|!VkfUH3=0MHccL_|n+V$f(7DxR}%*LQMfkmttT8m6m zdY%_RPs`SjKB?qvZ552d*>30@)s-Iti?;IaNj&g(RmSioGG9@F&n(FCWVov{?&!N^ zbpZd_uli!zaJo9M^TRtcK|jJkc}S6odxF^MV<0U8sR;bGAk^1jUbX;g-C4C#fk9v$ zkiO&bUx$U1JK)h_T!`ITKh)=k%t*@`*8WC8p>dQY6=Tw7XD6rn86{;Dq#6sT&26TM z7>Za~SwkHYN$#Z=0yTWU^DKSh#>0yO{r4qipUZ*|^YAIR7Du-1U6kxXJr~QvTe(Y) zG*)#WQFK*C7Z{9ZV~@w}9B5C)j5;25Ax6e$SuQrS9K4#%O-%$)M)vp1Lk|Nvye_9C za!dQzSGiJwhU>3#K$T9-U51dm5Dg;P_1R#eRo3PS(jA2up@+L3MpkSpK^tST@mnfc zU>EUWGyuTZQYTv1HvE<#mp?Ag;S)y-^cXGnV?mZOiu|Nwg~p<1 z*KqUlikiT2wS_;G=yc+5G*$Qw@*@~nlYRVguz$ggfRG{9g1AEf&>?0aK2xw^d`@k(W{@PG{+ptFL!7)n>VK4Er3R0(S&GF{HU}qn za7aWec*lWWZ0@``JAHNM6BO)@Cq*W|GGU4x0l`Y-`ELc9#nYEQZaa%ei2gTbwM(h; zEQZ%2%1e8if|h&D%YRKA%;1|V{6805vYdY}(SgzqPFm0*tM-s_6rZO90jMB@1;9k6 zx`<^02QZkbk`9Xnc-Ms_S-w<2YB8J^-gf+F0f;lwWV(Gx-6?}`KQ27HWv~q&)KZ*R z&_}Thb~*ZN6EM0K7&b8%8;>@EIC$tVnZjKE!A|WaD#@r{{w>6>4a^o7C?^a?+w-;X z-+^0vmf!gqKSO}=2R5da$#e{eA!<=?Y*vP2%XVA>JNa>NaJG2uBh(jrkn_#1?iAVa znjNU}N4(~qJ$&}@Kx={#Fp|R#o59a9()HAF`1Fhr#CIxoDvvXV^T6&s3J#0oR&|-OgLXyaL!FTKh9E=G?!@lHR)={UvRoX(FYLNWYR$%?9mewlV!F~ ze4?xam&g-n z{&?$x3AheYoQl;dj}`t*KhXVc_#1XWU;ant-%xu#zfDEk4finjbI&Drpeq1)_$>CI z#L{(|Gvg`pP-$tNz;fe1#P9MTb!o1{Jh63I)pllS7`Cv}$OBAGnIXx$}g#~u}7Xh^u=g+{4 zq_sbBwVx0EgKYC7Ml@R{IrusOleSF*3TE2qQYr)B3;-T-iNFMwHN>?7^5r5RIfMX*L_~5hT5yF%Zp-XKr1IvYm-E%em_1i9jtSBvrcA$r zRw*MZ21y+n3Ef%O*e$jMo`9T^u3FJ;!Lkpk6&U|Pm!#n1y9Me5xXE^Z5P^5){&{%> zut#ER6Yc>T%bRx)r%Vt3`PYbuPl$&~RU9l%YfimhN?y zqQ!P26A&ee>D5z`Qc^El{7E!>_$x;8=STsGvRs5uN1k_upOzi6Po2zYSM4@J(eJpw z@W&FJp3!)31`Pw&ZbHl8W}62ZQMbV%iZqFTF*D0z9BS@s6aT$B*rSg@B}>xMkwFP9 zNg-okQVWUjvgafV{sqkE6jL4pj8f=O*S?`j>eC%MpYT zxe%uf(s&EcOC8<#zv@3po}m8K|D+Rq=*OZ232#C2LI{95@LaG1;Jnu#4ww#(4Q+xO z02WmY%lgjkcb|7DKY&De%6Rth{>45HO(-@vInIwA9`oAo(H~5F_qf#pleZgx{Gj5? zrjkCn^*Fwq5pkS|_>l;{MK9Xg4Q1{+gEkt(s0j!xxPS%hJju>y*FbXy3&#trOCVF* zHz&EA7K?cg9?tLNwBKNXBLrfKcn;ykIgX%v)ov|~Br1MFao?GPlUjT=DLUH0?H}?# z(}kb%h8+fe?XE1Mn4M8W99%;u>I})#F3O(r>5>H*Z&T@^fv~x^^#&w#&{dC&|2n4s z3zmB8>03!2`ha1p1p}V6S!@X4*BNB%nK+$%_ z@TPW7qv5To_9vYY5o1i) zv0GVUNvJ>jP;4j-Wm0@bUUZ1}b6+2?x~{IrzU@FUmT!heOe=~%80 zMmk*&*lutA3-eP899QB8)Bd(yCw1`#Eeq-WfFdqgJOP+H9Ot8|PU)q;g4Yj0n*(*Q z9@sk=q>R!>duRLw+cEE^_^}I-61$B%Prct+4$dNUBEXx2&}*ic^-)c8+_d`QkEsZB z2m--`aqZ@#&JWrx;RZFaDx%k7< z_;iEbz0dZ61OP6tSzgP32Daty(mh2XjtU!->z2Q|Al?5b$r(RnHL36YOHN}o(Vm+< zc*147{H2O1!0sO|h$)TLycH`GMGt|+xSF8XrGj`4KYn~+XJ;1?P80rNo73KIXnx5K zr^6F@R)var+kaOjV~E*hL-w@Dp7#LS8zpukw;f+V;QN#PvAIH6lKNe?<*|pG-BG-* zni>gz&#|1n>e|NAjSJ_nP}UizxMmYTFyJKv{uXGfr^1?{yKMs*l+f;6iMEpzbp$&o z0R-YU(e!y!J(%9(czmSvRp#fvi89*jcZf&2?5RECh)pTrKlBpw1DhJ`XeFJ07FCvAcQ`6Ls39W;4+Mw`3o(V!2V32 z!@8Y^)6{SGL{hofyv6##LH<7uJTSe!78eNNkwW8Cg$?_YVmg3T+L{J!<+vY`AF4xY z8a5jFXhPEgq#*Qmg6~6rvN`LfbK@8LZ~mfQgW_VI`e0YXsAM&{yvAU$B0P#f|TBcr42UoJ_66>L^ z;PpCDR-No>H~lV>&Ai+W;t21zm8nn9fE?@Dxu0*fL~{OdKYZ7wFI!Ob75i%jFM8@k zisLr@nFQupMJ=t%{Ei2#2|jP0GhI61cen$}`(}jOHOSKCjQW<;} z3p6K*FQ1<6E-n|X4eAcBb5UCp@lO<-JP&<{y4U{9-d1 ztwUNPVk5$msfIF@VLX9~lCt^*ZHUbE^cTRZ1aGj52H5$5?`X8tii-PuvH(UH@LaR4Mq__2Cw;JqSN`=6oV^op(-8yGdNcD z?-tZ2s0D`%oQ1{t+m9?C_hJb>D@2cA^-4QdAHt;6whsWL(NeY_WIN%VazK`tKh-yL zsKl&gn$BpXy{5&XA0Jk2``jb`%d91a%L~;yeRan!SM`gT5cMZD^lCI-5do5Lqy{Ku zLnviqE35}H#NN7sQw=0_```x9HN~bI@LQZZ)-lU>WBaLb;YGOlqHs~@_C|(!jiX(3 z5Kv8VlF`FY%`W}><+J#Oi#(fQO}R|tN7Yz&C@5|U$luPb$g8OMkT*9nc|6)8^Fm== zX8r!U$<^fK*Tf%ZPP8Y@l;p1p_e}h;$}Z@Xsbr}xU_qmu;->LQNWxaRBfSbQ2y32v zC1!o}qX(YAddFDm@8hF=9uo=bj*=$7v-X zcE(^V`DaDC>&Z?@5=E<5+EL$VsHyY5tZXZgX>Hwob}8M(+mYy~P)tH%_Iqk-VgAsp zTj{#xV&`^<|h`x}_+6iJD;Oi$Q;;U08pu4$PpA?Hadc)ZA8p zL0DAD)Fk}YKeA)T^58(K@wkMwpYqTl!=f|Gc9e5JQ4bHZH8wVGF7DAn2W~q&2>-s? zk}007IxJjCNl6s!?2b`U@9)z|tn}+*lsfNW?<{rc0p?hrtnw*Q?`JJ4EX>U0H|7Y5yW-+%yim9epVpoyu|dq!Pi%A)@FJ^i0uch|quk%wInu zh@TNd!5z} zSKDH(`-HcC`SA8FOM7TeZNv40(P}FehB$sfNy+F`SyCL`N}T&NKL&;$kBp6Kt5;sB zuIBq#VIEmgGKu=0*)@K}1>0`hzz};Oe&H&?Pm!swFIBVUQ8e}2)n|`JYi!sx6B9pH zIeHb-Ma%!TB>F{04&(EFzmX_c-U$;Z>;-l20k?C|%tK5a71xiY*70QWs_e#(AFmF{ zj(udV)73ieB^fG;(e6O$}~qD;>6(+iq?_fl}89E?LUCaxwCk z+=>-!lLvs`9>|Ac;oMmo$i~?xWeu;e%ll$(ZVqcqaq@V0FnqUPsi>LlJ=kvaOoT1z zLQO}M@X#p+#)F3>3Q9HHF$K!BoSZk4^efCNo=^!SyE|`{7@Vo1QKm4|DHrN?uk?ER zQI??O*NrdoeXQV>f%BlUib~m!#Z>?QzS_NgeiW#FEh>5m0k2siv?syxHiK(p3=n05Y#%rnf>GViYG990s*!3K6 zJ|^5VAC;Ui1c?OPzWmDS%|th<|2Ei=7g z+a;{H6q8{^MLLOPYZ7-UXsD>J3k&P+=I6~VEOdje+h@*j^19Q$ul=K(1+{ByU@j8R zUpa+!=ME)|pW;|j7j`bm@B=>Ay6&;tb~wN=uVc6~?iQ$0ZcIGi-w+NzvYC0m`Hw_T zS0j(!ak1|jSnHh3E}>*~y#LHH0+XFX_j5Mma6X6O-}bF>A$r#EiA`(R^?;7gf-(ak zlTez>NtX9tLckk`JvQhc@h zgtjIn6L&1AzTxBF2O_uac^VT%T&@@j}+PIv|SA~}j z6^T5FeWr_Ia)gl!J!XCUq59xqxI72NM1u=mOKWRiorw*4KM%9rM3uX%+w7(jPCW3D2{8dslRAJCv0;B}pUFj2t+vnoxet?|Z#0<~MW!*g7@O#jCJAWgp6n{r-V z{g%f$_VeePBbM)_%F^=l@@&s4NH4wWSCQ*VnK>f)j*AM4iWzQqFe7OsC#!AAq@|hi zRSQCMVu}33#i7sGyPVPjHV4Y0OF>1YWpwmQ^kTHkm0-P?mR8cZOG=(* zKlXs{0vvJsvNQOwI7{>3A&^10Dq~uE{3)BoOFLaj4VI`VOQq^g@3676FE2=VAO8H8 zWjAb2;? zBz1%R2Qxg|dY)>PhX0L!K*Su6*iP}>!4Ez*vCOyX>Sq4yzD-{c%d&L*om$lER8+x& z6rASd!OX*VKl}&ja}MWa2Y4QD6co~3u*|Mx<>ZJkj1&6dI4yUleiWtB8!BnEoTz#d zLuuv&!%2h0N>g8mdB)urGtM?MKg~cWK3p|?9P-P3I{6z}RKMpI5E|w0$ekyrZsFjx z40RL~&kqzi=Zf{1&MH)#gKpEL%@1Z#NMl#KqNh_jFhq0Kh7c*@pht008<|oF-#- zOAJaCkBsEf=D+>8<7{2C2Xg#HI`zLnTF!K&mUeoY!nE%zUbUMWQs@c9mzCpwYE(#8 zQ5k+~aQ$g-n*ObC1X0K9(UBk)ibqHi0Jk7axAsEi3nAWrUnkNfmE00)@?j8-bn4H- zsoUO<|4j83zm5KGbo$1t*Df+Lx4+!oGzl6MC!cIUd53~9U#5+>1PDpcN3(hEoRj>p zP^RSOCPEbUe0n13_Rn_g&xd-F;wU9kQ`7gG13#2+q&0j59ana*F8UXIE+m3Z*9F~< zWS8y}KzIWnkH>!Z=GIJIw!@g+Q=N+WFJYtv1pb=jKO8R90q-##E~lKH);%kZh+u=R zJVR~fk|Z|w0uPt$Z(FOQg?hEVV{9-lEk0IZ(sQB#T~yr!YVZRxCN6uYga|qEmE{8q zhzMnRd))v21({f!l}R1-Y`DI^B8M~bQ>Qln&BF@`|G;1xK03bUi(m?lK=`QG-WKL& z{rQesej&#a$Aaz8pcwd_wPOHOab3o;#ed7rDQ5`(TM!r|+kTGgYVWjC)EYAP@}YCe)+vzS_Ki+N8apsArop6qxgA!2ZM`%=N;cps=an zv0CiPi#k3%y@fFg`l-Kd`|jnBI{bpzGN?QjMscxou+!)|L6k0)5*Ua*!rg+}o$~R+ zm8boAdUiJFc1oc3Onb4SCTZ4v2}+Eh*z+Xg@dqzFJOt#^1ad6eoIK7~!+d>dMf}1H zkK4Vy4($w?4lGnavF0J7ke^-mse>S1TzK zQ7rGGt{xh|0Yl4oD7LVG$7!T~h0|oMZOW!LU)K5&Dx8j3zs~>_`Qu|3r3TeI=NA|8 zJVp;WjJsv+Nl8$KE2;+_4MwWPZ|0hQ&Ui*Ic(E^b3Fsx;a(n4yuwS?pBlmxdyftwh(R5mQ`6B_%oazJU=iKFY%Pp_puFOBj4o<+z98Y*S;P_&Zv~;`!{G0;j~boo$z17)scVAyNM$ z7n%8Y`=iT8VHIaO=4!>kM*SI!ig*SyD6w{cSpTD~g;IO0m|K9V6hMVpd z_WO5kXVsJP()4`OsY;ey$gbK2y-HdJhJb=N7OeSz`j6M@PWMHmm4Z@wCXTloal(6K zREv=x^z=l4v?>G6)D|N)88+T+GGQb{52f0lXY1KNq@|?|4wkhG(KC>ZteQi$|CjP7z2Y(VHiZ zj@}leqL)IjCeoht9NcUFfTIhW#VG+K29wr*uAlDBEiDB!6tln^>WszTLzOYGcYW^R z>5FX%)h`e3!&hgxDWD>NC*U#w1Nlc#DO$g6XkC!FOTuQ($=za!g@wC(&a1Y&_(x>D zVuSEE5R_=1CG$(a_$4tkG&FFK56c59(2brR0JCz8n5A*@1jlT=wnaY8-AO4^$~91P zqNLeqX3JX2?_AL~M=pf%CI-gWZ{NE1o~Jgfl~7T63qWl)3w$iaACm)X&d(*FAzZA~ zv#|<&`SChfsV&Cy+&@9yr`;%2Qo-tgzY-SM0Wj-s3bKSai*xlnE@XY=-d^|Y%+OG< zeO$4gv2iN(2EiXbz<5C4;O^+4VrF+=-#vIFZNIZ_fuwkrn=EF&a^9iVAiW(E+%7}J z9=A@N$4l_BOS^xcjg!5#YciQpC10T~=SGX=hF1+eHPvo`e`uh7|0h>a_k{k7C@06* zBk=rp`i--`!9j%V#G!JYDuDf1EG+UU0T13$4pdND`pyIby&pdMBE6^ zgOxNXtZqrhI2PX&Pg{lL2!vPR8sy9LtgPQbl{)|TEbq64EFbqbM?X`F_52cgvAO(T zB;xk+<+-8g{RKR$Y!_O&cFh(u#R^71zyAv;+-I@hl9QC28ykEAE?GgDUvTls@#H|s z6S$E0T;_cKKB{mXA{uV%>Qcl$jSnj=Wgjip71NccSfCQi)vkGFRev0fj)C#c+*l57 zw>MwpGKhLx+K#tFR@go`pk!mi`v8MMj`!QJzS0f*et!n)A$IJo^yq`l9l)6xg_$A| zR5>W(gVzlVeG8K`q!5I_zx75O@J&?msRF1!2at?6T_c-_9u5S(ZbxWjcBlV*ut3QA zFn(9BPVE7{uBxbLX**;b9;d~7;^M7ut2Ym8lBl5o-JO7ZjR3;}u$o-T=LPWYoA$(nN zi?!{e2x@U3UMey%q7&d5Dth{GATZ6B+t!7%tNiV|2SvX4IfozUPUdLj-OEzoK?QQ@ zwu+mW=z3;mE!zs2Bmxe{@+rDNPZ7*ik&cGKp={qt zRyu=F`Gh!JcGG_g|G$sl5Cz7%N>%1uK-@B&st`Qdnr>`sO9H#c{vYo0*RKoN9rt~- zWb;r{Rc(c&Si!TEp%iCLz@mVka(;q^ecSMIQX}{gcYIk90wSfnhlfY?nSz2sV|#mi zs^@8`#n!b(B|2!BfD&&DQk2kL4^B3Dfb9xHK(pbpa2b#_}i1_lN#8DeP6 z;L9tTN=#<##|qjwA78E8$#rjUVX5e+Vo>MjDQ7d*Pfw5WB|vs+{v;-yr&TGWmCU_+ zKBfc!!TTD=`;}VHk<(?*Lw)?-{2tlzW8?ilB{{$)#`oyU zU6dfcG;#03+)gU@1|L8Jsa9>4Ls`JxdHxP{p0>t6!g&I>1r(qMcjopZf#_IJDK#`q zw$6|8^TXigZlQno=EFnWAKRDP9~HBu5LMPvQrMT5Uce!`h6elQDDm;;R@u^xWV`DL z!o6v~Y(kRpPR?G-$SnHAJ%P>-ZVnN%)yB+J*3*U3L6Q%5DPYAvs8eM=_@9KBh=>S* z@nt56M3-1^FhZ+~dX(8xaVJx<_;@E)w<0*aU&oiCB1rp8h~;ki+Y@ZC^LW28PI$OA z)&0@aot6F#T0zE0LZ~-*BEX8G2vr35i_Xb(8s1p^6ZNH0*ftI~}3Z8g4zy_9fJq^Ma%# zx`>E~51eTn4Mm$a)*)0_0a$3cD^!j2PufE+s47e5XK4R9Ok@1o$^3#cPy!8_955e* zzU92T@IKzjk9HkWC}-^Uc>ocCNMS#5L9{hfPs{l<8u~^+RomLVTbHX%eE)k$#cdZ5 ztO0IJPsdBt)P$5k_PjFb0SRell&~-mBgN$9g+(SlL*)iIPJ*BTW4`O|J0q27XoK=} z2Ct!Uas9YG@y^1ecixDJ2c*E0QnUd2Fy$EuF>$-4 zj%?1Bgid0Xd-t{@HnfsK)&$SzI=Yuw6bB8X6l2fo8ghwGm?j}F&bYq8{az~RnV2;t zJ?op}WH9~G7#&P@6bylq8qy=ZZaNh#DP@BXW`fW!G0{s0Lzb{HtL?b(@L!pjM^&B^ zAuu%C-QS^xDn+sI2<~ndD4|SMdRLGO3#vZT4Rq6S#8{e_dVsn}S7KDcp7VbeBrL~j z@#5+*Azc7>Rt?%WQ7|kpo6aCyCW=iMcc*7yusxpj0)u7-xR8K(K`q?nyJrH+1z2=q zf$yx8o(>)YBJqh&H^cOB!?qDHm9M{EpiCZ@f{5Qg;`|Kq{UE-1u6_UZ)^xqzLNymC zphxPe#ew1MC7uEYS{iKzPt;-K@Ad>?&{!mZ3KV$H?y%CUpHFO{qM`yO&+QW4-c3!- zkOZw0&m=F|ClaEge?!v{mzKs!muTVv(qsl`^W2(4T&88Ok8 zM`*&2{oP62>v}TJ3*9`l=UJ*7)tu(z!N6fMrXPY>_^G}9H3+~bM#&Q6{b4KRuv_-F zH~9|H>y>piv?VY&&Vk1c7^)tG35ZUcQ#C$-V_5P#8BhLnih(W2KIdOA6g*Ik>mM;w zGYfF4=o=hvp4uQYQ-gEW;Zh1h66Hs(d2czf|VZ3Zs}H=98RSp=W{{QLkwL`3=PLMV;rWU{Lz7-&lj@?K}>$Gn;*n z2iPejEMbekeEAWqrV_w?THi|PwulJz?K>giuW6!-)dQgXF7w{9hEG?*V4RfB5-fmn z!Wj!3PUi87Mm0@)YlNsl2DDJnh4kC}dU3i>`l9ibFF~p^JT#goPe7tp4$Sp%mb>Ss z>-ax#dgeooI%Lte-S%w6=EZ*UpX>UIU1^QboW1Q$ZaU~)b&p~ra zTuVYiJyl~h_5AT$A?*d|Hon__2T(R6BjZzQ5jljnvG;T&dkj>sj^9GaeIu7S&p2xs<3ov8^jQ z<#vbQ(z>sN?Z%heQOg9nbxk4bYFN0~`1N7u`vIV(S7H-}1K~54X(9^6MwfYqQ1RtVrdu@}aeP+)v|Aq+FI=;&xLA)4J=>0KNhHkzCF z_GJWGJA5?|85tP?zM)hoE{mE@bc`qFbZdHy3K`2Ly_#PUEz+%f6~j2(*WcgR{(4RA z#sC%{jx-aHZshb|H8~Sw0`2^c<2u*7f= z9w=pow4FKsteKjJ>i{Oe4+2C#!SP0IS(~KQ&p4jXgsk#Lp^Mtm9qnyykXAb*Uo0Zz z^Xi#kTm%zOgjfN$Fo8ZZ$4~TQXCzf98Sm$~I1@0wHZ?7=>&AFwK6rl4OC)NBC|*Q&IBztv*}fgIHhwGK&6 z+BzFFMtb`aD2-jE33~1p$cu?CBHFQfNyen#Ti+V2cbR(xvy`UZHcaR&DQV8SkWo#1 zP@Tg_CW!D{)Qbs{>IxtQLxrQLCLt($L+mmtH!qLPe4hu7f8Tiz)g9Qlr-kAg^rh0F zZ>$%51|~_jERytL0Q912mk?EZKc1yVO&FgZ8!QkoGc${ak~1Cmqd-0QtwJ8#sBL8s z8N(wb4uaGP7|E+K%Q5?ruC8Q&mix-ZI)$y1DFZn)UU1&*xc~|@-|*L;U;}^q5&Lb3 zdm7^s0ErW`BvZrW3_3}H>AHofiRXYnVy~mDu@`qTIVBj5mW2Ma~+&0a+`1R&IM29E)x0|IO7(cuY9psMVURInGAqunM46S2V=TUK|cEgGSGkMN(dqLSzI^dJakLac&z6^azp zv=8N;DS~+BorT8a)?;{$&5rIUN|jIHBrvA*X%|GcfdVbWR$>gx+rQ!LMxChfC+x0# z|54Uk8ZpxQn1VNow7JGu`&zrI@Cdg%qO+DTb`4=O6-e6$`0`zXpL=k z?#{<>^>t4ak53Pn=Ip_NghN|bRyL%uS^Q0nwIIg+hNQYFJtUqij}|HD#4&%c%*%lL zIiMB|G``ysuBVG^u+BZ(U7%L$e&+Y}>kIJZ0LfpwP>GR%Me(fr0%O{RSicr7_~8n} z!qEIl8A8B)Hy%dGpuZxkY)AtGN5lDOWYa11a7NSrNIuz+{DKN8fx}xbU%6>DmmXCN z`CuM_@O101uV{c`Wx{30UWawTFbg#nr9wAZ7~=k(_uZ>n*c6A^$Dk($A}g!J>_W5L z(E&7d)DqVL&A>{1iz=Y{J_rFcf;BT!ZJVO?yl4=*P&)Y}Nx(AT=NpggGk_4kg!&c) zK$u;962uIJI+x|q8Q?xJ>%?A%c#YRZ-0Z24e6s!qsw@A=-JKodskN97oON}Ec>@3r z_+x}TG%!=ycji(Or5V+Sb=R-y%?z4Dnv@TXe&@2G&PKa@8Y?&3OE|b*7npWems83L z`@&L56&rcF4U{H5$xRcTK@g5$IQ|8uWiaG2wJfFS^ikWhq>V?4+GgM#XT zHbUHzaP@d>gO?hL9Fw>v?1sYi~k)XzenKQczMd=sEX=9kl2m z;vP1~0hbCZTg7`O0JA*ktHA`g*VNohAHCWReW;=5}#7vjkpFpmgjL%Ur#?E8yH=D6c%I_G`%Knjly^BN@6i8O=CDJON zDwY1qcW2+Fw}@R>fdp(u@TvY1lo`R&(!c2+K6N$Ds0yj4 zI@P$PK^hHtvn^bYI&ba`j=g=*+XyF9t3I175m?fnh;Cy?&RAltz&l;sfo0mu9`4SubF;C4V*8w}fE zDr{Kr0tG`MdbCdn@EX5THs88+{2K6Z{P_hoR{9U{x5Cs6fv8AN587UJmFW143d{pAB@y9hipy{i}YdT?*D-R1cQd){qJ%?~TV{rj z>Q?PH0+-TEC>bh4Lm&jhRR?ZAF&xUMjSUQ!v(t4?di$L?!7L?3MR-{LabHl!$i=O8 z1qQI-5iPnZ{FrR$kc{;n+ClAF)9&o-tYy;J`PkV`(@B}-+e*4ls_7$`__RRA;e`qW z>RAZc1{M|)Nls*@!#UbH#>-SyH)v^*AB3NPG%4_RlmL(g!-ow0CC0qpp`Z-8+>E+;J_hG zxHNjCTwvC)*6Tpg)LB#KJ;!5Cku7CGgH^Yzte0@P}d*Jm~ z6fwm4=ovuqfB)6OsRZQ|#hc#bV+X}=((z&92}MC9OzENYcB^*FVBMntI=;@&soF+} zyw{K)O2PaL6{vuIgxYR_m#)#6l*L1sS zRMh>=or6C1MJA|e^VWxtP#l2@w+vM3Wk2qea%zkn)6^YJ3CHx}Lq<~)wO#K01$9kx zn>?z60Kp8FE*)tad=O#jfUY`E1@Y_#=G{!dIIt(yNFS7d!)oXwz83+J*=$s_8m7P)6pd!44^g zQcf>^zR(}{2ee)s>kQO%e2Lrs?`32H4Nt%Jgr4m{Nf%7c#yRYn34s9Y7g4|lotRAj z$cVVKR?>C!(#ubFCj;mZ>9S_o&q%trsuOggL>{g3HcPGGomLTbJ-46=2(>{6B&pI0gB|E?3&dc zhMFBjE)@XGiI(Myy*cgFwlQ+Y8cr*eYQXq0gn7r?dWVlo1tVB_i!hynyR{AYjrnli z8ENk;Q5xraFqtXVZP34(o`OO2byypnuJvk(ktSx){f-aDv>j~MmTd5iXL|#aPpp(4 zGWh%b^2Uaa4YcWkU{=Fn)2Kg}&a^Nd16yPRA9beqc2?(Z_-;Yp2pT|-pc+)&MvF)z z3$QPZ@-Xfu;55ert|d{xLHYt7qe>EK3WJp-@*BcXOr_S%A;13;5V5Gwi%S5 zu)4ZtBoIXcj*ml<3s|>~<2U)nY^Ut=bzv}$!1s!ZiW)=Kh7g6UBk+xtm6c1%%N4gt zP$f%=fi9i=g96rVcbMNmM+h$(<>mCk{5qf8P>Hhe=^#R`%gN*zB6j09S#gM75otnm z>+4ZPteJUvlGz<94}@*8pY-ZvL9N>4e6lE2*7k%xM;c;dnQ5Z{V=VK_Wj`keC*FctF?}0uL27N*uCjb&Nyj!;=Sr>7B()feE=Iy zw0pEGl+^r}-;hdK*_DpFP?AS(+Ag}DEpq|eNFh&3@cF>r|8oIUU{>M}*lDp&{V%|j zv;_r;n6-;o8KR!s=wRF->$!7u_U&!W$I>OH63?Lfch-j%)8<47ej7zJ1kJ*#Bn)jB zYpL@K3Kn3N55$^DM^(4OVNr z!}uKfNbH@RokzS5XcSv_y;D9!M){{gPZ*qhvIiw8EUEXvBHYKlmA7NS*@byC&df}m zeG<7gAFIcrDaKvWh`D-)@`juP5B{JOLg3)_2Iob=4}B#miS=dN5nL*;ApJi`hzEdQ zCI&kjh5K1)a?brl+UJSVx;8a8eeU&ibNEx@tvNxE326h{3ynQh*u4YRxP7C^fI0~a za757eK1hNeVF}|2KYKV?7>8TkfETleC`M2?AP9M3MNtGu0Rcf_3%?Wg2%cHedmwDy z{VIvLqW_kboGkPDHEXd>?YqryNPy(C#u0&b<2R=N)o;%1a$M*`tN=2UgmBx-;4~gF z^?Cqau9EnfhEGxBvGL$BfDmsC5I1dTJ-0tyw1r2=<97TQ>|CE}e}4#7yNqo2XRFMN zOcXkB{H~2t>^m?s;ZkO6>?}&aJ9qRe154vrf*%!)Lz9niaHN51RZ>#g)YnHpWwo2{ zEo&hazE=uNU*r8;J?!iAz}SiBGZV1j=E(+n$YBt40A(Iy`o8|(oo%MyUu~vP9LDn6 z{=20_7kYnl9SUtW>v;kIW?#R1hjw=O6V<9fetr)_0l+!Wzvnn#k<`~l(Jg)8xlcrt zh~yIzng)~;HL^h&sTS2?!uzM=q`9fZ@9w+Gq@lZebU@3<9tlhoz`MI^L4rvCqLdIt z_Jg?@iLetv!Kjs#k?FIVuqAKeVu;Zb-J~wAF7J$upLJ!RDAs^(D1m!6jL%4TE$F`dL3WzzuwEtT;ccV6V*TC+igeN;gNGfk+{ zn*fbcFJ1NSN<0%DY7hupyp!z>`MhosK=o8X&!(E^Hn;BH&4h36R4eY>9%H21Ed$JT zXLCvmu(3fX_@ZNCAm2cfmXVR)vC^A%0@kjO3LqW@Z9Prcej?W6pIt6iPYR4y)Sm+2 zE2`cHOCppz<99YT8d_SE?i;8MC2(?GkeCj$aCmHAJnw>_gnGA+Q(`pEx1>P5Kchqr zy!BXrO22;n4tj{EZ+C5C57QFf9|I(|+?CvV=4_L|Z68{4eo<4ozc#JGQ?xLfe$HX+ zk^h>IC9F8&MuFP7^x!fx$GJib1t(&O_dYSP#G5yd(TICevfX>9Nh)+TG)S14Q9k35 zQm9z?uIGwKq2x`v^2E}<BNe+nG)4GPdVRN39x4*HKTT%CF=CE-z4!(mZe;%*hI+Yj9KiBktn>GaNaC_`=!@Hn^0e+%^Uq`Gl{gFIsR`O0|lze=9xq=#3uDi#0KokLp#lYM==kYu?vx;H{AdKK@ za_@`z0HXyK78a1K%gm?5VS@VFM_l$67FO%V@||jD>)wp)PC`XAqhTa81z7;cqM(U8 z;QpMKP5S^#i|~hWU*DXidQBpvX$5!?07*il1pp;wgPa$t6$PP&o3=x}y=sj$QsiT$ za6JYKC0HPVvdc&dxGxh#wT7j?Y;FyHBuE6e02;$3DBlNiZIz(PYx_r{#Ou8zo-?Yp z*bDO<2^XR9G2-6$+AuJNA;LV26`R<{%4E4U9=oTVXrmJE{3;&Q0!+1P?R!vHSnD*1 z153HATo_6uh)O`(^2@8@jbT!|$YXD(x*`L(Lo{!|Nd1RCNk>Nq99%poZvgJ%0o67* zNQ@nfF!aU-od!m=Lf{r8Ti~@oFBr(-jTx&dmLOn7r(Jzy_&fY#(}x})oxu=0##*`E zq$+9A{j{kq?6NCHnm-!OIxsAJi2IL*CBat8D;t<=Fuw&5{`lw@@ zGEHMK_+0vj?n4FE8M}=RBV*aLj5il_y7eCWt5b18o|s<|#cAeAx{g!c<+{H{*TLDZ z=nc_$SJNxKI;tTM$fAeZ8Hb1v?Yqg(f3T5w!csavitB}d(GKO(V1c`dK!XeG(&%uD?d-i! z3Vy0b-e2}qUnc*_^HKogak`yKu-NP%E> z>w2)Eb4Fn&cT-b;KY7j6LqM+{E~j0sr>B=NR{@^H24S5&%AK&E!^*)S0iDb_-wFCm zMKEf;qPcn)xTksH%gMmNXIr2%=8K@Cx<23>-4}ij;1O0fhF9-jv%2msHvanc0d@)A z0f8J)V5KruD?lC1M$@C>H={AethmCX{LN&k#y(|d6Q12AGXOAfvc?_r11#fZG4-@F z#gq7E!xAq}dJ&q$T`~glO#mCE?XTc9{F|xK($j!*4Wv)~;p&itRB5<@f6H5Vhr7hV zgL|yrf(5FLHo!U2fL0-Pkccbb@m@FgsZzC!hH+PF+;aWV#&nGNSYk}4*+_;;HC@&Y zfN7d^Ri*gO_yIR5Y_^nVI&T4uuCaD3na}mDdQL{hD~JL>Z%?C$MlJBK~{#Hy68PdoC>8AU-^<03O1%_l*FMGZpZ zar;tTRCf&Wbp7=rPk>z117kmU=ahhyb0FmB-IfUeme&XE4rDB$u=8Q?tClAaw;(oR zc+}Y#GWfIqW-s!_VBb)UjP{%lPDtR5E2=Rv(}t-QooqtShk8Mc8gq1DE3v=py9W&w zXr(RyM*Nm%r6a^b4OJ!dJUde_anbNQ10J9LS&tx)?XvP!GYb%H!0cDAcDaVutyP}k zUMv*Nq)R#M1$b48adr(5Y3Bcx${)M8rCyL+_JE-!+q>C&C>#LzxwpxL0#RHSC^%uX zxH)ONQoByFIaMbDhFqZG_NYxhZJ{ggKF~LaZCF@7`S|n=4P?NK1NfP2@3%{C7k_L| z`{F_PQo~Ty7?3`NN^4K?urz-d+H7;#El)&FJ|&4}RkH9#GcYCnoJo))@T$ouM_if5AT_DEsPHEgAHh*Y3L^m2>Ql%=Tn*fYE=1m+@&tR+!B>3tmzP#+<+n(7F}|^VXEQ4* zGwi?m3lkK$yaX~bHZ!sHJS#Aigd)Stx^mE!v^Pyq_QyF?W}A~v2)mg4y!t44!F(N# z3wu>a53q9fP2N7D(sCSHj~GB9&%0%%o<`R=V_)Kn<1R?o2g?$<$fLls5E zSMs`PvtPe*O5c3~HCUU`6BwisX52u7Rfb-0UuH13idwc^`jfYQ$t*n1@}ghn7&w4t zeluE{nnp-;CMY0a8|cQsdXhY~ZlZo?@YtTBc7s$*!8UBGeEM|V*Wt@Q*r|DOoUC2e z``uPoslLMIWQ|s-;;k!~I#Xr|0vq&WRTVlERUo+53t$q^@+Vo4#K6Nw1=HX(&KRX9 zq2HlM2Z?GJTjLq84z72?+AgusU2^VEz(%-bb>ift3UI!T=V>;QmNxP%e5#dKp^%|K zxlqUFAgO|VIc*M9zrsW?4`DX=jrAl8`pcX*k$A`$yiMWvtkAYdXh}TL${)*)`EcC z%KNKnZPc2ISQG}&*7TDstPbiRswiTo(?ffivQrIlfC~o@CTcI^!5fb22F9J2x-%bu zHdzVvwEUm!yFq}kKLc2#@3eD3le5g>aH z6kZ718(IO1kxe=5S#lH7_2YT0%fm%xGE_)+*VnLz=?%+Ghy6gA2{Eoi)DjUM9=_Rt40}A&7FlNY z;$fP&?-RfeVvBVUvl2Jn6wi%bp2C3AEXhlu0Szhb1uF&b>s(?^aN_9yt#o7uf#+i) zOh&Lefdz+73GjU?B>L|_|4=QS5xw(86E?X3S^k`tM}k_JfnZ5;Y8bG{owaqp;mo%) z-HGg(c3sPHfD($_bJ!yN29RptV(A^6%Kn^jPcGWNq=vN2s`WWxOK-abFS+WyZ#}H; z!mcLjn=5s00DSPVtW#)mQ%G?;9sk5;M|_zi>N!idR)z6yc>=W8i3^Bc+pQg(&}5$G zK(2MvN{H3C<5!1-(!9@vA3Poon1ptj$WukIdhNdku8G=Q)y4iFgXBtU)xS>gT0gN4 z!ZO@5ZF__1Pc1Ol4hH%YP81Ei4vp^)wuvjCe4R5Zfzem&>MvSM-uI z{5znMje_ia9qu1#JtyIHxTo|ag!pp)--oQ_{lgN^93JW=C*we%~E4_1o)uXnf;kLu*Nn$kA%D4Oh zq!{%IyF2h;GDQCxkxsCUGLi6jCrJlbppS>e7!GVaD@ehzBW<-fzXeQ`U{qha2SO*p+6dNM%V{qw(fycj5_Lm%W-NdEH!ctzQInRI{<-Fc1aH(IQtKwpqV0!Ca2z}b;r#rgSx zu;>Y-6R59d7Z#YiKDUWV;0)`cp)U-+6!~HgfHe&B0IW`KlBv24|@JRqy7ehD|s(*K@+eX_Q$s~Rv|L8t>K4i-k*d~upOo&ipX2DCNa(Ta1 z)bzC;;NX4xM>k)92L!m~F+&sU;^x*@VKm6uTLaDhQ}tSzpTrP%QJY-=dJ!?A$tLlB zfwloF!dTPpq#r4!-yYW+TNmxIe?-i<-44XG{k0Lve^a_t{O2Yn0G`o zNFdpbU<#fw>l39kdZFc2u8T&%4F~!KBlgk83jHnX32vMD`Kq$$XIi*S1sNdVJHN0I z0_%Xjt9JovORm_ww>!90V0?#kC+rn=tN=89;9CRtw~SVn?isi0%Pg1uY?;m8`3qUv zK-gV=1N;@vQD(Jzs6`2>c z_qGid_JJF1IB?ANNDvvQnOf{Q+j?Lj6Q6vV{CgnE`x(RQ8OqBn;%Bh$a0iNQy;&1# z;*aOl?bz3Ux3#cAXa%<1^{*yd^)iWkH{ex4lLSfnIrO9emcxvv1xV3oX5+hnlPG0B z)2*@7Xe?uF!*2Ss?*o&~juazjrMv}{#LzS42P z)#%;AO;d%Y&!)bDJI&4Ai z$zmCzv=d4lTFmtx(`Q1#`c1P&;XyF?Sr2APV*<68(Grx)t$h>7<-?9pstbUfSHUXx z%lJI4;%iK!miG=3>FJH-8ukMzFJY#WleX}fh(#-%_3=|^PbQo;@TdrZ6H%5UpKdZ5 z+Qf&dJiNaE2`$Sk)CUMazn5+Jud{a$znv{OhZk;<*7<9+v5wjn+18yEm}hYAh|yrNoR z7X|@&n5sy^mI9qv{ow`BC=pUV_fN_qy0^~ddP!jGfUohRZl}(b(fS z#>|mPqpg+ia4&DCQZmY0mDMVjF*+m#VmAQRUZxQ6n`)u~nf^H?(~wmIR0i3kAHT+o zC`@{Eb7a90C^r|xQo{Bsm^r^`MTy}oGx#@~04a24=I#gB%2zLUaLvD^8!mVLZ`zr@ zdrMTb9#dOeFp#ip31)1-n^J@h7b;-=zHmL6R6d_)Q*PT(X|;xs|4CHoOb{}nf<5%X zV416lh^Yearq4YrgeHra#QK^_o8sEqDI{epwi{O)Q_da)j+bpaN4L+YKfbw%Pk1Z* zCQp_+!za$2YX~Yk|3`MbFT$yEzh1wNNlq^oh%Qe+pn!*t7ekT3Su>z;Z)cN06e-pA z`CgZCnY%Yljivmn4#Pj|CocbdrV_S1R+3WmOqTboNE=3eODYY2AM6ecE6!$ADae0Y zWydb7lw;OmT$U#_oNqoeM<*y?SFY;4>nk4oFba`tnO1Y=K7Cd09+&EE9jp3OcNux9 z1ghn-u2dy9+tdcFNbrASU|XRSVq}!ML&`Ps%l*sRAPe`ggTn5}W-G4ST+2x+PDZz} zl6LV|@tAy-AMg7o)}Ft6^UH6VllzY|?QS)$TR@sNboUDb!_ zp*gaY(9Pfvf7SHoP;!2q07=JTuHTkMCxm2Vh3j^jF@G(&9qTs^U;U}P`tXubttk0+ zbKjyFhdtSOP4Co&BQkqz;d)h#E8(zf|3)akU|YL&<@&*>jzaII_V9kbpZUOJ$&j@t zxspCKjvMDD%sYwb%-ql92$`UBlnbfv1ynn1&<%3NL`0;c7uSAsKc#bL?3y%~8qQTvvYMF5 zEt;yf*f7y`ZRJSfyO1n=dzKgL{j(LpB=A1Hw6t^xTzpe_qw+&YN1153#8e7Ylt!(m zh8Yq3&JI;}c810sthZBSr3Zg`d6v5__+6LRpfHdGC zX_VTNlbt8u;7&lH%k*yI;_Qfli&jic$I-E`mJC;-@7lYmWI06WqZ8Q%a-nY^PRYQ` zEKA6wdV5u9v8RB(-Z}5xikPZuEO(JEBBwjCz(Ypn@9s}6o!1flbxW)L)QN14rEZ5( zs-2{o#G3V(xc}m)IR+62Dm=P2QyJOPL>7NVsIT`7HVLuRPgjeD$v-GgJNle@(yjI5 zueu<=dr=~n4JE_bmF#Gb_u>~r5L-bZrZTIc$vCV_<&FkWd>OrF9c>AhuNIV^TvD!Y=XE?x3IMGVaW1&?~B zNY{8A@j`3xz*WOhXx2aMfb34yo1StH*v`EQbq>;>)%>&b{H_;dEGVe7w_N|2f&Z&g zv5x1)*j|*^iECKazxA{ICuuufkGX9&aS{(4oY3Wc0|^iQ+1n3QTk*?ZvedI`A>`8r zz;j(725*RE645ND(kMQx22TqO)#TCiZ^lw2om^8^J6P#&z?-UFSr-hyZvI&c&b; z`L(9`w$RMY1ec627cNi#>i30%IR4Gsx$oasy>F~z3kJ4uKwK@lMq`^v?v~wCF4h?WJ`0JZoetiJ<1l+EYk!}02Pq3 zjs_ou)z#HWjynHfkL_z@!nSXr9qvz*Zz!+k(bM35%sQ3$*hu(XK*%U@xa9>_v+K3z zgPg;t0aimu{mo<(?DI^R};5|OV#BNN~lYWp~k74G4tZ^g@PoU^FnLWLLW@rT-A+nDOuTJ@5_t2X)lWix1$Y2 zaiw*CE%Ayeuz3SRg379Yw)8+!_~9EgjBMprC8kwtd6>LIj`(=(<2AGsqX**kN%P~D z+*88ml&IU=8CO^E!$K8#+@Hzk^e^}JpmNAVE$S1$TvC_jZsIZH9GiT{G z+E--|o2rd;Kf1#|K}02XD0s7s>)J?lT{uR4T=dEuZoXP^I@^^?`LDAA^}I-vSc%Hr zrA~|08_mO&GlH7u%db3lP7vdD?r}ZY2qs28%@`&XRagdhIN%!1m*~|o|C{^WWa9h6 zWuC6L;5U#rN47`IILypmtA-iYFg!t(JWUmZT<%DOd4|t#`&o-ckFCsq? zlM*BJ?uPVbVTG-wRL&^wt!tUDk942TeYwh4-Qdf%jz_DRDk?*oQ0rIZ=nJwN)ymz} z>_J2O@X7zPCM#ORlbl!RAdR1fai@w!ccPZl`(tYSd3@|M4Zwb%dN%Cw!#_1&k(rs9 zj?yd79@@>6G%<3|+9I>#kSD~tBMrua**29ngFi;ORmMt@K@|Yd5Tc5Y`3PA7ntXjU8}YdI z(wWHb{;9CJcn75@W0;k7TnOLIg${b|GJQImS@-?47g3YD>XEErYG{`$*AM`7 zyv=z_=XSMR104eZNYnMGxlwb#Ff$(o0JAR0!$<(=OFd^4R}oY>1lkOR5?8gRitcp_ z2n-h%nEr*#?rLyo@uq`^!opdW<7|wvhnEM-t8KjpX#k2=`b-sf*(DISle}}Pc z-GeNr4Ma)?(*;+QgH<29<({0^=-M$Pm|*9mTdAU=!<5 z8m>{^MpB_QhV#9{&dZ-NW;;!4O%Zma2t)6(KZ<6U5o3nprjh~}zHp=MLn*dCS-D-G z6nf* z_7Mkzvq~Rn^*ux*5=jjFdg#{`!t$+38x7Zry-(;V?=M)m@e12V;Q_pm)>|OYEz)^o z*kZ-uv_ub9^B*LShk4Pw&(yr~o(ye|yo9@SSE5ve!Q^ILY?Yu!+BV@t2HKtV5YJV& zsiO(DbbaT*|JC+yAYXJBg--s#8DZ zZLyvd$C&FU1@dD|)M9B_sVHIalpHR?+b5Ms8aqZ$H}LD!TUhl<$0_BPam*TD30w_i zvWHAg9M~9&N2%OaU+px4mzC)(_TUgRNrZ`MYVT&;9Ruxxl;2ng*=RoH`VU{W_DX$( z;r<7#nXn`$wFY)XGb=M`y7`=_$incq=D>=``J&OU6MUpbsbj~lb&k=z&L&DM%NG95 zi77Q>Co98l*1t!I<$`DVyuK@KhXtApF`DxZZ0bIb!-6N+vXGR`pq&boydd*K)NX zE3IU^7uxzz&UyTCv{M&3P+{V`O3mi*JPd&qkz_;?WIb6`mP1bX3G!l+z2SxvXx>`t zP7Y_tiwO*{-dJEP<7bjuZz3n{^m5?6GO1R^KwCAdR}0;mw)%KIs9#ezVd}Up`wa zqeoX~MN5^$Zpez%39B4_mYuCJj{4Goy$UrGV(1gpXgU{1=PnRFkMctU=wb3B2yFm3 z;|Cj^)c|%SiQ1hD2k!^PQ;Q6OW=HgQ5e6y|rvIz0b(5^wAZpY3+n08t;NkA=R_hW$ F{tsqk^Sb~5 literal 0 HcmV?d00001 From 640aa24f015436d373850e11d77205f5161002bc Mon Sep 17 00:00:00 2001 From: kujiraitakahiro Date: Sat, 13 Jan 2024 02:11:24 +0900 Subject: [PATCH 203/279] [ja] Translate reference/glossary/app-container.md & application-architect.md & application-developer.md & applications.md & approver.md into Japanese (#43657) * translate some files into japanese. app-container.md application-architect.md application-developer.md applications.md approver.md Update app-container.md Update app-container.md * Update content/ja/docs/reference/glossary/app-container.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/application-architect.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/application-architect.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/application-developer.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/application-developer.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/approver.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/approver.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> --------- Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> --- .../ja/docs/reference/glossary/app-container.md | 16 ++++++++++++++++ .../reference/glossary/application-architect.md | 17 +++++++++++++++++ .../reference/glossary/application-developer.md | 17 +++++++++++++++++ .../ja/docs/reference/glossary/applications.md | 12 ++++++++++++ content/ja/docs/reference/glossary/approver.md | 17 +++++++++++++++++ 5 files changed, 79 insertions(+) create mode 100644 content/ja/docs/reference/glossary/app-container.md create mode 100644 content/ja/docs/reference/glossary/application-architect.md create mode 100644 content/ja/docs/reference/glossary/application-developer.md create mode 100644 content/ja/docs/reference/glossary/applications.md create mode 100644 content/ja/docs/reference/glossary/approver.md diff --git a/content/ja/docs/reference/glossary/app-container.md b/content/ja/docs/reference/glossary/app-container.md new file mode 100644 index 0000000000000..33ad391b4f5b4 --- /dev/null +++ b/content/ja/docs/reference/glossary/app-container.md @@ -0,0 +1,16 @@ +--- +title: Appコンテナ +id: app-container +date: 2019-02-12 +full_link: +short_description: > + ワークロードの一部を実行するために使用されるコンテナ。Initコンテナと比較してください。 +aka: +tags: +- workload +--- + アプリケーションコンテナ(またはAppコンテナ)は、{{< glossary_tooltip text="Initコンテナ" term_id="init-container" >}}が完了したあとに開始される{{< glossary_tooltip text="Pod" term_id="pod" >}}内の{{< glossary_tooltip text="コンテナ" term_id="container" >}}です。 + + +Initコンテナを使用すると、{{< glossary_tooltip text="ワークロード" term_id="workload" >}}全体にとって重要であり、アプリケーションコンテナの開始後に実行し続ける必要のない初期化の詳細を分離できます。 +PodにInitコンテナが構成されていない場合、そのPod内のすべてのコンテナはAppコンテナになります。 diff --git a/content/ja/docs/reference/glossary/application-architect.md b/content/ja/docs/reference/glossary/application-architect.md new file mode 100644 index 0000000000000..a844829bd2879 --- /dev/null +++ b/content/ja/docs/reference/glossary/application-architect.md @@ -0,0 +1,17 @@ +--- +title: アプリケーションアーキテクト +id: application-architect +date: 2018-04-12 +full_link: +short_description: > + アプリケーションの高レベルの設計を担当する人。 + +aka: +tags: +- user-type +--- + アプリケーションの高レベルの設計を担当する人。 + + +アーキテクトは、アプリの実装によりスケーラブルで保守可能な方法で周囲のコンポーネントと対話できるようにします。 +周囲のコンポーネントには、データベース、ロギングインフラストラクチャ、その他のマイクロサービスが含まれます。 diff --git a/content/ja/docs/reference/glossary/application-developer.md b/content/ja/docs/reference/glossary/application-developer.md new file mode 100644 index 0000000000000..eb915a7aed9ef --- /dev/null +++ b/content/ja/docs/reference/glossary/application-developer.md @@ -0,0 +1,17 @@ +--- +title: アプリケーション開発者 +id: application-developer +date: 2018-04-12 +full_link: +short_description: > + Kubernetesクラスターで実行されるアプリケーションを作成する人。 + +aka: +tags: +- user-type +--- + Kubernetesクラスターで実行されるアプリケーションを作成する人。 + + + +アプリケーション開発者は、アプリケーションの一部分に焦点を当てます。それらの焦点の規模は大きく異なる場合があります。 diff --git a/content/ja/docs/reference/glossary/applications.md b/content/ja/docs/reference/glossary/applications.md new file mode 100644 index 0000000000000..ee521c08468d1 --- /dev/null +++ b/content/ja/docs/reference/glossary/applications.md @@ -0,0 +1,12 @@ +--- +title: アプリケーション +id: applications +date: 2019-05-12 +full_link: +short_description: > + 様々なコンテナ化されたアプリケーションが実行される層。 +aka: +tags: +- fundamental +--- + 様々なコンテナ化されたアプリケーションが実行される層。 diff --git a/content/ja/docs/reference/glossary/approver.md b/content/ja/docs/reference/glossary/approver.md new file mode 100644 index 0000000000000..8631551a860d9 --- /dev/null +++ b/content/ja/docs/reference/glossary/approver.md @@ -0,0 +1,17 @@ +--- +title: 承認者 +id: approver +date: 2018-04-12 +full_link: +short_description: > + Kubernetesコードの貢献をレビュー、および承認できる人。 + +aka: +tags: +- community +--- + Kubernetesコードの貢献をレビュー、および承認できる人。 + + + +コードレビューはコードの品質と正確性に焦点を当てていますが、承認はコントリビューションの全体的な受け入れに焦点を当てています。全体的な受け入れには、後方互換性/前方互換性、APIとフラグの規約への準拠、微妙なパフォーマンスと正確性の問題、システムの他の部分との相互作用などが含まれます。承認者のステータスは、コードベースの一部にスコープされます。承認者は以前はメンテナーと呼ばれていました。 From cd0505c7800cd5eed0bfbe2a23701d81bd55030e Mon Sep 17 00:00:00 2001 From: kujiraitakahiro Date: Sat, 13 Jan 2024 02:28:07 +0900 Subject: [PATCH 204/279] [ja] Translate reference/glossary/admission-controller.md & affinity.md & aggregation-layer.md & annotation.md & api-group.md into Japanese (#43641) * translate some files admission-controller.md affinity.md aggregation-layer.md annotation.md api-group.md * translate cadvisor.md(glossary) * Revert "translate cadvisor.md(glossary)" This reverts commit aeed4bc65a19be4c7697ecaf3f4628ab41ef035f. * Update content/ja/docs/reference/glossary/admission-controller.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/affinity.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/affinity.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/affinity.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/affinity.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/aggregation-layer.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/annotation.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> * Update content/ja/docs/reference/glossary/api-group.md Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> --------- Co-authored-by: inukai <82919057+t-inu@users.noreply.github.com> --- .../glossary/admission-controller.md | 20 +++++++++++++++++++ .../ja/docs/reference/glossary/affinity.md | 19 ++++++++++++++++++ .../reference/glossary/aggregation-layer.md | 19 ++++++++++++++++++ .../ja/docs/reference/glossary/annotation.md | 15 ++++++++++++++ .../ja/docs/reference/glossary/api-group.md | 17 ++++++++++++++++ 5 files changed, 90 insertions(+) create mode 100644 content/ja/docs/reference/glossary/admission-controller.md create mode 100644 content/ja/docs/reference/glossary/affinity.md create mode 100644 content/ja/docs/reference/glossary/aggregation-layer.md create mode 100644 content/ja/docs/reference/glossary/annotation.md create mode 100644 content/ja/docs/reference/glossary/api-group.md diff --git a/content/ja/docs/reference/glossary/admission-controller.md b/content/ja/docs/reference/glossary/admission-controller.md new file mode 100644 index 0000000000000..7f249242b8953 --- /dev/null +++ b/content/ja/docs/reference/glossary/admission-controller.md @@ -0,0 +1,20 @@ +--- +title: アドミッションコントローラー +id: admission-controller +date: 2019-06-28 +full_link: /docs/reference/access-authn-authz/admission-controllers/ +short_description: > + オブジェクトを永続化する前に、Kubernetes APIサーバーへのリクエストをインターセプトするコード。 + +aka: +tags: +- extension +- security +--- + オブジェクトを永続化する前に、Kubernetes APIサーバーへのリクエストをインターセプトするコード。 + + + +アドミッションコントローラーはKubernetes APIサーバー用に構成可能で、「検証(validating)」、「変更(mutating)」、またはその両方を行うことができます。どのアドミッションコントローラーも、リクエストを拒否することができます。変更コントローラーは、自身が許可するオブジェクトを変更できますが、検証コントローラーは変更できません。 + +* [Admission controllers in the Kubernetes documentation](/docs/reference/access-authn-authz/admission-controllers/) \ No newline at end of file diff --git a/content/ja/docs/reference/glossary/affinity.md b/content/ja/docs/reference/glossary/affinity.md new file mode 100644 index 0000000000000..ea8f099877894 --- /dev/null +++ b/content/ja/docs/reference/glossary/affinity.md @@ -0,0 +1,19 @@ +--- +title: アフィニティ +id: affinity +date: 2019-01-11 +full_link: /ja/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity +short_description: > + Podを配置する場所を決定するためにスケジューラーによって使用されるルール +aka: +tags: +- fundamental +--- + +Kubernetesでは、_アフィニティ(affinity)_ はPodを配置する場所に関するヒントをスケジューラーに与える一連のルールです。 + +アフィニティには次の2種類があります: +* [Nodeアフィニティ](/ja/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) +* [Pod間のアフィニティとアンチアフィニティ](/ja/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity) + +ルールは、Kubernetes{{< glossary_tooltip term_id="label" text="ラベル">}}と{{< glossary_tooltip term_id="pod" text="Pod" >}}で指定された{{< glossary_tooltip term_id="selector" text="セレクター">}}を使用して定義され、スケジューラーにどれだけ厳密にルールを適用するかに応じて、必須または優先のいずれかにすることができます。 diff --git a/content/ja/docs/reference/glossary/aggregation-layer.md b/content/ja/docs/reference/glossary/aggregation-layer.md new file mode 100644 index 0000000000000..3992c8d55dc13 --- /dev/null +++ b/content/ja/docs/reference/glossary/aggregation-layer.md @@ -0,0 +1,19 @@ +--- +title: アグリゲーションレイヤー +id: aggregation-layer +date: 2018-10-08 +full_link: /docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/ +short_description: > + アグリゲーションレイヤーを使用すると、追加のKubernetesスタイルのAPIをクラスターにインストールできます。 + +aka: +tags: +- architecture +- extension +- operation +--- + アグリゲーションレイヤーを使用すると、追加のKubernetesスタイルのAPIをクラスターにインストールできます。 + + + +{{< glossary_tooltip text="Kubernetes APIサーバー" term_id="kube-apiserver" >}}を[support additional APIs](/docs/tasks/extend-kubernetes/configure-aggregation-layer/)に設定すると、`APIService`オブジェクトを追加して、Kubernetes APIのURLパスを「要求」することができます。 diff --git a/content/ja/docs/reference/glossary/annotation.md b/content/ja/docs/reference/glossary/annotation.md new file mode 100644 index 0000000000000..ca1416484fc94 --- /dev/null +++ b/content/ja/docs/reference/glossary/annotation.md @@ -0,0 +1,15 @@ +--- +title: アノテーション +id: annotation +date: 2018-04-12 +full_link: /ja/docs/concepts/overview/working-with-objects/annotations +short_description: > + 任意の非識別メタデータをオブジェクトにアタッチするために使用されるキーと値のペア。 +aka: +tags: +- fundamental +--- + 任意の非識別メタデータをオブジェクトにアタッチするために使用されるキーと値のペア。 + + +アノテーション内のメタデータは大小さまざまで、構造化されていてもいなくてもよく、{{< glossary_tooltip text="ラベル" term_id="label" >}}では許可されていない文字も含めることができます。ツールやライブラリなどのクライアントは、このメタデータを取得できます。 \ No newline at end of file diff --git a/content/ja/docs/reference/glossary/api-group.md b/content/ja/docs/reference/glossary/api-group.md new file mode 100644 index 0000000000000..4c658b71bbf60 --- /dev/null +++ b/content/ja/docs/reference/glossary/api-group.md @@ -0,0 +1,17 @@ +--- +title: APIグループ +id: api-group +date: 2019-09-02 +full_link: /ja/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning +short_description: > + Kubernetes APIの関連するパスのセット。 +aka: +tags: +- fundamental +- architecture +--- +Kubernetes APIの関連するパスのセット。 + +APIサーバーの構成を変更することで、各APIグループを有効または無効にできます。特定のリソースへのパスを無効または有効にすることもできます。APIグループを使用すると、Kubernetes APIを簡単に拡張できます。APIグループは、RESTパスとシリアル化されたオブジェクトの`apiVersion`フィールドで指定されます。 + +* 詳しくは[APIグループ](/ja/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning)をご覧ください。 \ No newline at end of file From 18bdd9eb9879dec5a76e07d285dc50538770ae49 Mon Sep 17 00:00:00 2001 From: hschneid66 Date: Fri, 12 Jan 2024 19:15:15 +0100 Subject: [PATCH 205/279] [de] German localisation of controller.md and the glossary entry for controller --- .../docs/concepts/architecture/controller.md | 103 ++++++++++++++++++ .../de/docs/reference/glossary/controller.md | 21 ++++ 2 files changed, 124 insertions(+) create mode 100644 content/de/docs/concepts/architecture/controller.md create mode 100644 content/de/docs/reference/glossary/controller.md diff --git a/content/de/docs/concepts/architecture/controller.md b/content/de/docs/concepts/architecture/controller.md new file mode 100644 index 0000000000000..cffe00e229237 --- /dev/null +++ b/content/de/docs/concepts/architecture/controller.md @@ -0,0 +1,103 @@ +--- +title: Controller +content_type: concept +weight: 30 +--- + + + +In der Robotik und der Automatisierung ist eine _Kontrollschleife_ eine endlose Schleife, die den Zustand eines Systems regelt. + +Hier ist ein Beispiel einer Kontrollschleife: ein Thermostat in einem Zimmer. + +Wenn Sie die Temperatur einstellen, sagen Sie dem Thermostaten was der *Wunschzustand* ist. Die tatsächliche Raumtemperatur ist der *Istzustand*. Der Thermostat agiert um den Istzustand dem Wunschzustand anzunähern, indem er Geräte an oder ausschaltet. + +{{< glossary_definition text="Controller" term_id="controller" length="short">}} + + + + + + +## Controller Muster + +Ein Controller überwacht mindestens einen Kubernetes Ressourcentyp. +Diese {{< glossary_tooltip text="Objekte" term_id="object" >}} +haben ein Spezifikationsfeld, das den Wunschzustand darstellt. Der oder die Controller für diese Ressource sind dafür verantwortlich, dass sich der Istzustand dem Wunschzustand annähert. + +Der Controller könnte die Aktionen selbst ausführen; meistens jedoch sendet der Controller Nachrichten an den {{< glossary_tooltip text="API Server" term_id="kube-apiserver" >}}, die nützliche Effekte haben. Unten sehen Sie Beispiele dafür. + +{{< comment >}} +Manche eingebaute Controller, zum Beispiel der Namespace Controller, agieren auf Objekte die keine Spezifikation haben. Zur Vereinfachung lässt diese Seite die Erklärung zu diesem Detail aus. +{{< /comment >}} + +### Kontrolle via API Server + +Der {{< glossary_tooltip text="Job" term_id="job" >}} Controller ist ein Beispiel eines eingebauten Kubernetes Controllers. Eingebaute Controller verwalten den Zustand durch Interaktion mit dem Cluster API Server. + +Ein Job ist eine Kubernetes Ressource, die einen {{< glossary_tooltip text="Pod" term_id="pod" >}}, oder vielleicht mehrere Pods, erstellt, um eine Tätigkeit auszuführen und dann zu beenden. + +(Sobald [geplant](/docs/concepts/scheduling-eviction/), werden Pod Objekte Teil des Wunschzustands eines Kubelets). + +Wenn der Job Controller eine neue Tätigkeit erkennt, versichert er, dass irgendwo in Ihrem Cluster, die Kubelets auf einem Satz Knoten, die korrekte Anzahl Pods laufen lässt, um die Tätigkeit auszuführen. Der Job Controller selbst lässt keine Pods oder Container laufen. Stattdessen sagt der Job Controller dem API Server, dass er Pods erstellen oder entfernen soll. +Andere Komponenten in der {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} reagieren auf die neue Information (neue Pods müssen geplant werden und müssen laufen), und irgendwann ist die Arbeit beendet. + +Nachdem Sie einen neuen Job erstellen, ist der Wunschzustand, dass dieser Job beendet ist. Der Job Controller sorgt dafür, dass der Istzustand sich dem Wunschzustand annähert: Pods, die die Arbeit ausführen, werden erstellt, sodass der Job näher an seine Vollendung kommt. + +Controller aktualisieren auch die Objekte die sie konfigurieren. Zum Beispiel: sobald die Arbeit eines Jobs beendet ist, aktualisiert der Job Controller das Job Objekt und markiert es als `beendet`. + +(Das ist ungefähr wie ein Thermostat, der ein Licht ausschaltet, um anzuzeigen dass der Raum nun die Wunschtemperatur hat). + +### Direkte Kontrolle + +Im Gegensatz zum Job Controller, müssen manche Controller auch Sachen außerhalb Ihres Clusters ändern. + +Zum Beispiel, wenn Sie eine Kontrollschleife verwenden, um sicherzustellen dass es genug {{< glossary_tooltip text="Knoten" term_id="node" >}} in ihrem Cluster gibt, dann benötigt dieser Controller etwas außerhalb des jetztigen Clusters, um neue Knoten bei Bedarf zu erstellen. + +Controller die mit dem externen Status interagieren, erhalten den Wunschzustand vom API Server, und kommunizieren dann direkt mit einem externen System, um den Istzustand näher an den Wunschzustand zu bringen. + +(Es gibt tatsächlich einen [Controller](https://github.com/kubernetes/autoscaler/), der die Knoten in Ihrem Cluster horizontal skaliert.) + +Wichtig ist hier, dass der Controller Veränderungen vornimmt, um den Wunschzustand zu erreichen, und dann den Istzustand an den API Server Ihres Clusters meldet. Andere Kontrollschleifen können diese Daten beobachten und eigene Aktionen unternehmen. + +Im Beispiel des Thermostaten, wenn der Raum sehr kalt ist, könnte ein anderer Controller eine Frostschutzheizung einschalten. Bei Kubernetes Cluster arbeitet die Contol Plane indirekt mit IP Adressen Verwaltungstools, Speicherdienste, Cloud Provider APIs, und andere Dienste, um [Kubernetes zu erweitern](/docs/concepts/extend-kubernetes/) und das zu implementieren. + +## Wunschzustand gegen Istzustand {#desired-vs-current} + +Kubernetes hat eine Cloud-Native Sicht auf Systeme, und kann ständige Veränderungen verarbeiten. + +Ihr Cluster kann sich jederzeit verändern, während Arbeit erledigt wird und Kontrollschleifen automatisch Fehler reparieren. Das bedeutet, dass Ihr Cluster eventuell nie einen stabilen Zustand erreicht. + +Solange die Controller Ihres Clusters laufen, und sinnvolle Veränderungen vornehmen können, ist es egal ob der Gesamtzustand stabil ist oder nicht. + +## Design + +Als Grundlage seines Designs verwendet Kubernetes viele Controller, die alle einen bestimmten Aspekt des Clusterzustands verwalten. Meistens verwendet eine bestimmte Kontrollschleife (Controller) eine Sorte Ressourcen als seinen Wunschzustand, und hat eine andere Art Ressource, dass sie verwaltet um den Wunschzustand zu erreichen. Zum Beispiel, ein Controller für Jobs überwacht Job Objekte (um neue Arbeit zu finden), und Pod Objekte (um die Arbeit auszuführen, und um zu erkennen wann die Arbeit beendet ist). In diesem Fall erstellt etwas anderes die Jobs, während der Job Controller Pods erstellt. + +Es ist sinnvoll einfache Controller zu haben, statt eines monolithischen Satzes Kontrollschleifen, die miteinander verbunden sind. Controller können scheitern, also ist Kubernetes entworfen um das zu erlauben. + +{{< note >}} +Es kann mehrere Controller geben, die die gleiche Art Objekte erstellen oder aktualisieren können. Im Hintergrund sorgen Kubernetes Controller dafür, dass sie nur auf die Ressourcen achten, die mit den kontrollierenden Ressourcen verbunden sind. + +Man kann zum Beispiel Deployments und Jobs haben; beide erstellen Pods. +Der Job Controller löscht nicht die Pods die Ihr Deployment erstellt hat, weil es Informationen ({{< glossary_tooltip term_id="Label" text="Bezeichnungen" >}}) gibt, die der Controller verwenden kann, um die Pods voneinander zu unterscheiden. +{{< /note >}} + +## Wege um Controller auszuführen {#running-controllers} + +Kubernetes enthält eingebaute Controller, die innerhalb des {{< glossary_tooltip text="Kube Controller Manager" term_id="kube-controller-manager" >}} laufen. Diese eingebaute Controller liefern wichtige grundsätzliche Verhalten. + +Der Deployment Controller und Job Controller sind Beispiele für Controller die Teil von Kubernetes selbst sind ("eingebaute" Controller). +Kubernetes erlaubt die Verwendung von resilienten Control Planes, sodass bei Versagen eines eingebauten Controllers ein anderer Teil des Control Planes die Arbeit übernimmt. + +Sie finden auch Controller, die außerhalb des Control Planes laufen, um Kubernetes zu erweitern. Oder, wenn Sie möchten, können Sie auch selbst einen neuen Controller entwickeln. +Sie können Ihren Controller als einen Satz Pods oder außerhalb von Kubernetes laufen lassen. Was am besten passt, hängt davon ab was der jeweilige Controller tut. + +## {{% heading "whatsnext" %}} + +* Lesen Sie über den [Kubernetes Control Plane](/docs/concepts/overview/components/#control-plane-components) +* Entdecke einige der grundlegenden [Kubernetes Objekte](/docs/concepts/overview/working-with-objects/) +* Lerne mehr über die [Kubernetes API](/docs/concepts/overview/kubernetes-api/) +* Wenn Sie ihren eigenen Controller entwickeln wollen, siehe [Kubernetes extension patterns](/docs/concepts/extend-kubernetes/#extension-patterns) + und das [sample-controller](https://github.com/kubernetes/sample-controller) Repository. + diff --git a/content/de/docs/reference/glossary/controller.md b/content/de/docs/reference/glossary/controller.md new file mode 100644 index 0000000000000..0af7692f23994 --- /dev/null +++ b/content/de/docs/reference/glossary/controller.md @@ -0,0 +1,21 @@ +--- +title: Controller +id: controller +date: 2018-04-12 +full_link: /docs/concepts/architecture/controller/ +short_description: > + Eine Kontrollschleife, die den geteilten Zustand des Clusters über den Apiserver beobachtet, und Änderungen ausführt, um den aktuellen Zustand in Richtung des Wunschzustands zu bewegen. + +aka: +tags: +- architecture +- fundamental +--- +In Kubernetes sind Controller Kontrollschleifen, die den Zustand des {{< glossary_tooltip term_id="cluster" text="Clusters">}} beobachten, und dann Änderungen ausführen oder anfragen, wenn benötigt. +Jeder Controller versucht den aktuellen Clusterzustand in Richtung des Wunschzustands zu bewegen. + + + +Controller beobachten den geteilten Zustand des Clusters durch den {{< glossary_tooltip text="API Server" term_id="kube-apiserver" >}} (Teil der {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}}). + +Mache Controller, laufen auch im Control Plane, und stellen Kontrollschleifen zur Verfügung, die essentiell für die grundlegende Kubernetes Funktionalität sind. Zum Beispiel: der Deployment Controller, der Daemonset Controller, der Namespace Controller und der Persistent Volume Controller (unter anderem) laufen alle innerhalb des {{< glossary_tooltip text="Kube Controller Managers" term_id="kube-controller-manager" >}}. From 44e52c14c13d8cfafde4bd179249bf9a74d9120f Mon Sep 17 00:00:00 2001 From: hschneid66 Date: Fri, 12 Jan 2024 19:27:55 +0100 Subject: [PATCH 206/279] [de] modified files to remove master/slave terminology --- content/de/docs/reference/glossary/kube-apiserver.md | 6 +++--- .../de/docs/reference/glossary/kube-controller-manager.md | 6 +++--- content/de/docs/reference/glossary/kube-scheduler.md | 4 ++-- content/de/docs/reference/glossary/kubelet.md | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/content/de/docs/reference/glossary/kube-apiserver.md b/content/de/docs/reference/glossary/kube-apiserver.md index de7e324e3c2f5..17c4c26ef8d53 100644 --- a/content/de/docs/reference/glossary/kube-apiserver.md +++ b/content/de/docs/reference/glossary/kube-apiserver.md @@ -4,16 +4,16 @@ id: kube-apiserver date: 2018-04-12 full_link: /docs/reference/generated/kube-apiserver/ short_description: > - Komponente auf dem Master, der die Kubernetes-API verfügbar macht. Es ist das Frontend für die Kubernetes-Steuerebene. + Komponente auf der Control Plane, die die Kubernetes-API verfügbar macht. Es ist das Frontend für die Kubernetes-Steuerebene. aka: tags: - architecture - fundamental --- - Komponente auf dem Master, der die Kubernetes-API verfügbar macht. Es ist das Frontend für die Kubernetes-Steuerebene. + Komponente auf der Control Plane, die die Kubernetes-API verfügbar macht. Es ist das Frontend für die Kubernetes-Steuerebene. -Es ist für die horizontale Skalierung konzipiert, d. H. Es skaliert durch die Bereitstellung von mehr Instanzen. Mehr informationen finden Sie unter [Cluster mit hoher Verfügbarkeit erstellen](/docs/admin/high-availability/). +Es ist für die horizontale Skalierung konzipiert, d.h. es skaliert durch die Bereitstellung von mehr Instanzen. Mehr informationen finden Sie unter [Cluster mit hoher Verfügbarkeit erstellen](/docs/admin/high-availability/). diff --git a/content/de/docs/reference/glossary/kube-controller-manager.md b/content/de/docs/reference/glossary/kube-controller-manager.md index 358393e0ffc06..d5add43161901 100644 --- a/content/de/docs/reference/glossary/kube-controller-manager.md +++ b/content/de/docs/reference/glossary/kube-controller-manager.md @@ -4,16 +4,16 @@ id: kube-controller-manager date: 2018-04-12 full_link: /docs/reference/generated/kube-controller-manager/ short_description: > - Komponente auf dem Master, auf dem Controller ausgeführt werden. + Komponente auf der Control Plane, auf der Controller ausgeführt werden. aka: tags: - architecture - fundamental --- - Komponente auf dem Master, auf dem {{< glossary_tooltip text="controllers" term_id="controller" >}} ausgeführt werden. + Komponente auf der Control Plane, auf der {{< glossary_tooltip text="Controller" term_id="controller" >}} ausgeführt werden. -Logisch gesehen ist jeder {{< glossary_tooltip text="controller" term_id="controller" >}} ein separater Prozess, aber zur Vereinfachung der Komplexität werden sie alle zu einer einzigen Binärdatei zusammengefasst und in einem einzigen Prozess ausgeführt. +Logisch gesehen ist jeder {{< glossary_tooltip text="Controller" term_id="controller" >}} ein separater Prozess, aber zur Vereinfachung der Komplexität werden sie alle zu einer einzigen Binärdatei zusammengefasst und in einem einzigen Prozess ausgeführt. diff --git a/content/de/docs/reference/glossary/kube-scheduler.md b/content/de/docs/reference/glossary/kube-scheduler.md index b6111692d4d77..5f8a875e813c3 100644 --- a/content/de/docs/reference/glossary/kube-scheduler.md +++ b/content/de/docs/reference/glossary/kube-scheduler.md @@ -4,13 +4,13 @@ id: kube-scheduler date: 2018-04-12 full_link: /docs/reference/generated/kube-scheduler/ short_description: > - Komponente auf dem Master, die neu erstellte Pods überwacht, denen kein Node zugewiesen ist. Sie wählt den Node aus, auf dem sie ausgeführt werden sollen. + Komponente auf der Control Plane, die neu erstellte Pods überwacht, denen kein Knoten zugewiesen ist. Sie wählt den Knoten aus, auf dem sie ausgeführt werden sollen. aka: tags: - architecture --- - Komponente auf dem Master, die neu erstellte Pods überwacht, denen kein Node zugewiesen ist. Sie wählt den Node aus, auf dem sie ausgeführt werden sollen. + Komponente auf der Control Plane, die neu erstellte Pods überwacht, denen kein Knoten zugewiesen ist. Sie wählt den Knoten aus, auf dem sie ausgeführt werden sollen. diff --git a/content/de/docs/reference/glossary/kubelet.md b/content/de/docs/reference/glossary/kubelet.md index 83d5c926513ae..84f209b852499 100644 --- a/content/de/docs/reference/glossary/kubelet.md +++ b/content/de/docs/reference/glossary/kubelet.md @@ -4,14 +4,14 @@ id: kubelet date: 2018-04-12 full_link: /docs/reference/generated/kubelet short_description: > - Ein Agent, der auf jedem Node im Cluster ausgeführt wird. Er stellt sicher, dass Container in einem Pod ausgeführt werden. + Ein Agent, der auf jedem Knoten im Cluster ausgeführt wird. Er stellt sicher, dass Container in einem Pod ausgeführt werden. aka: tags: - fundamental - core-object --- - Ein Agent, der auf jedem Node im Cluster ausgeführt wird. Er stellt sicher, dass Container in einem Pod ausgeführt werden. + Ein Agent, der auf jedem Knoten im Cluster ausgeführt wird. Er stellt sicher, dass Container in einem Pod ausgeführt werden. From bde244a8b6fa87c3745079ef89f46f931b7a70b8 Mon Sep 17 00:00:00 2001 From: hschneid66 Date: Fri, 12 Jan 2024 19:38:13 +0100 Subject: [PATCH 207/279] [de] German localization of more glossary entries --- .../glossary/cloud-controller-manager.md | 19 ++++++++++++++ content/de/docs/reference/glossary/cluster.md | 17 +++++++++++++ .../de/docs/reference/glossary/container.md | 19 ++++++++++++++ .../docs/reference/glossary/control-plane.md | 25 +++++++++++++++++++ .../de/docs/reference/glossary/deployment.md | 19 ++++++++++++++ content/de/docs/reference/glossary/docker.md | 17 +++++++++++++ 6 files changed, 116 insertions(+) create mode 100644 content/de/docs/reference/glossary/cloud-controller-manager.md create mode 100644 content/de/docs/reference/glossary/cluster.md create mode 100644 content/de/docs/reference/glossary/container.md create mode 100644 content/de/docs/reference/glossary/control-plane.md create mode 100644 content/de/docs/reference/glossary/deployment.md create mode 100644 content/de/docs/reference/glossary/docker.md diff --git a/content/de/docs/reference/glossary/cloud-controller-manager.md b/content/de/docs/reference/glossary/cloud-controller-manager.md new file mode 100644 index 0000000000000..e2937bc573999 --- /dev/null +++ b/content/de/docs/reference/glossary/cloud-controller-manager.md @@ -0,0 +1,19 @@ +--- +title: Cloud Controller Manager +id: cloud-controller-manager +date: 2018-04-12 +full_link: /docs/concepts/architecture/cloud-controller/ +short_description: > + Control Plane Komponente, die Kubernetes mit Drittanbieter Cloud Provider integriert. +aka: +tags: +- core-object +- architecture +- operation +--- + Eine Kubernetes {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} Komponente, die Cloud spezifische Kontrolllogik einbettet. Der [Cloud Controller Manager](/docs/concepts/architecture/cloud-controller/) lässt Sie Ihr Cluster in die Cloud Provider API einbinden, und trennt die Komponenten die mit der Cloud Platform interagieren von Komponenten, die nur mit Ihrem Cluster interagieren. + + + +Durch Entkopplung der Interoperabilitätslogik zwischen Kubernetes und der darunterliegenden Cloud Infrastruktur, ermöglicht der Cloud Controller Manager den Cloud Providern das Freigeben neuer Features in einem anderen Tempo als das Kubernetes Projekt. + diff --git a/content/de/docs/reference/glossary/cluster.md b/content/de/docs/reference/glossary/cluster.md new file mode 100644 index 0000000000000..1a28dc9df36ad --- /dev/null +++ b/content/de/docs/reference/glossary/cluster.md @@ -0,0 +1,17 @@ +--- +title: Cluster +id: cluster +date: 2019-06-15 +full_link: +short_description: > + Ein Satz Arbeitermaschinen, genannt Knoten, die containerisierte Anwendungen ausführen. Jedes Cluster hat mindestens einen Arbeiterknoten. + +aka: +tags: +- fundamental +- operation +--- +Ein Satz Arbeitermaschinen, gennant {{< glossary_tooltip text="Knoten" term_id="node" >}}, die containerisierte Anwendungen ausführen. Jedes Cluster hat mindestens einen Arbeiterknoten. + + +Die Arbeiterknoten bringen die {{< glossary_tooltip text="Pods" term_id="pod" >}} unter, die die Komponenten der Applikationslast sind. Die {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} verwaltet die Arbeiterknoten und Pods im Cluster. In Produktionsumgebungen läuft die Control Plane meistens über mehrere Computer, und ein Cluster hat meistens mehrere Knoten, um Fehlertoleranz und Hochverfügbarkeit zu ermöglichen. diff --git a/content/de/docs/reference/glossary/container.md b/content/de/docs/reference/glossary/container.md new file mode 100644 index 0000000000000..bc1e7278c5a0d --- /dev/null +++ b/content/de/docs/reference/glossary/container.md @@ -0,0 +1,19 @@ +--- +title: Container +id: container +date: 2018-04-12 +full_link: /docs/concepts/containers/ +short_description: > + Ein kleines und portierbares ausführbares Image, dass eine Software und all seine Abhängigkeiten enthält. + +aka: +tags: +- fundamental +- workload +--- + Ein kleines und portierbares ausführbares Image, dass eine Software und all seine Abhängigkeiten enthält. + + + +Container entkuppeln Anwendungen von der darunterliegenden Rechner Infrastruktur, um den Einsatz in verschiedenen Cloud- oder Betriebssystemumgebungen zu vereinfachen. +Die Anwendungen in Container nennt man Containerisierte Anwendungen. Der Prozess des Bündelns dieser Anwendungen und ihrer Abhängigkeiten in einem Container Image nennt man Containerisierung. diff --git a/content/de/docs/reference/glossary/control-plane.md b/content/de/docs/reference/glossary/control-plane.md new file mode 100644 index 0000000000000..fe1815f8b4bc3 --- /dev/null +++ b/content/de/docs/reference/glossary/control-plane.md @@ -0,0 +1,25 @@ +--- +title: Control Plane +id: control-plane +date: 2019-05-12 +full_link: +short_description: > + Die Container Orchestrierungsschicht, die die API und Schnittstellen exponiert, um den Lebenszyklus von Container zu definieren, bereitzustellen, und zu verwalten. + +aka: +tags: +- fundamental +--- + Die Container Orchestrierungsschicht, die die API und Schnittstellen exponiert, um den Lebenszyklus von Container zu definieren, bereitzustellen, und zu verwalten. + + + + Diese Schicht besteht aus vielen verschiedenen Komponenten, zum Beispiel (aber nicht begranzt auf): + + * {{< glossary_tooltip text="etcd" term_id="etcd" >}} + * {{< glossary_tooltip text="API Server" term_id="kube-apiserver" >}} + * {{< glossary_tooltip text="Scheduler" term_id="kube-scheduler" >}} + * {{< glossary_tooltip text="Controller Manager" term_id="kube-controller-manager" >}} + * {{< glossary_tooltip text="Cloud Controller Manager" term_id="cloud-controller-manager" >}} + + Diese Komponenten können als traditionelle Betriebssystemdienste (daemons) oder als Container laufen. Die Hosts auf denen diese Komponenten laufen, hießen früher {{< glossary_tooltip text="Master" term_id="master" >}}. \ No newline at end of file diff --git a/content/de/docs/reference/glossary/deployment.md b/content/de/docs/reference/glossary/deployment.md new file mode 100644 index 0000000000000..b078033531dca --- /dev/null +++ b/content/de/docs/reference/glossary/deployment.md @@ -0,0 +1,19 @@ +--- +title: Deployment +id: deployment +date: 2018-04-12 +full_link: /docs/concepts/workloads/controllers/deployment/ +short_description: > + Verwaltet eine replizierte Anwendung in Ihrem Cluster. + +aka: +tags: +- fundamental +- core-object +- workload +--- + Ein API Object, das eine replizierte Anwendung verwaltet, typischerweise durch laufende Pods ohne lokalem Zustand. + + + +Jedes Replikat wird durch ein {{< glossary_tooltip text="Pod" term_id="pod" >}} repräsentiert, und die Pods werden auf den {{< glossary_tooltip text="Knoten" term_id="node" >}} eines Clusters verteilt. Für Arbeitslasten, die einen lokalen Zustand benötigen, sollten Sie einen {{< glossary_tooltip term_id="StatefulSet" >}} verwenden. diff --git a/content/de/docs/reference/glossary/docker.md b/content/de/docs/reference/glossary/docker.md new file mode 100644 index 0000000000000..02ef93721f208 --- /dev/null +++ b/content/de/docs/reference/glossary/docker.md @@ -0,0 +1,17 @@ +--- +title: Docker +id: docker +date: 2018-04-12 +full_link: https://docs.docker.com/engine/ +short_description: > + Docker ist eine Software Technologie, die Virtualisierung auf Betriebssystemebene (auch bekannt als Container) bereitstellt. + +aka: +tags: +- fundamental +--- +Docker (genauer gesagt, Docker Engine) ist eine Software Technologie, die Virtualisierung auf Betriebssystemebene (auch bekannt als {{< glossary_tooltip text="Container" term_id="container" >}}) bereitstellt. + + + +Docker verwendet die Ressourcenisolierungsfunktionen des Linux Kernels, wie cgroups und Kernel Namespaces, und ein Unionsfähiges Dateisystem wie OverlayFS (unter anderem), um unabhängige Container auf einer einzigen Linux Instanz auszuführen. Dies vermeidet den Mehraufwand des Starten und Verwalten virtueller Maschinen (VMs). \ No newline at end of file From 34b8145c881b1198401aec4a40de59b2478a1f0e Mon Sep 17 00:00:00 2001 From: hschneid66 Date: Fri, 12 Jan 2024 19:50:16 +0100 Subject: [PATCH 208/279] [de] German localization of further glossary files --- content/de/docs/reference/glossary/kubeadm.md | 19 ++++++++++++++++ content/de/docs/reference/glossary/label.md | 18 +++++++++++++++ content/de/docs/reference/glossary/master.md | 15 +++++++++++++ content/de/docs/reference/glossary/node.md | 19 ++++++++++++++++ content/de/docs/reference/glossary/object.md | 15 +++++++++++++ content/de/docs/reference/glossary/pod.md | 18 +++++++++++++++ .../de/docs/reference/glossary/selector.md | 18 +++++++++++++++ content/de/docs/reference/glossary/service.md | 20 +++++++++++++++++ .../de/docs/reference/glossary/statefulset.md | 22 +++++++++++++++++++ 9 files changed, 164 insertions(+) create mode 100644 content/de/docs/reference/glossary/kubeadm.md create mode 100644 content/de/docs/reference/glossary/label.md create mode 100644 content/de/docs/reference/glossary/master.md create mode 100644 content/de/docs/reference/glossary/node.md create mode 100644 content/de/docs/reference/glossary/object.md create mode 100644 content/de/docs/reference/glossary/pod.md create mode 100644 content/de/docs/reference/glossary/selector.md create mode 100644 content/de/docs/reference/glossary/service.md create mode 100644 content/de/docs/reference/glossary/statefulset.md diff --git a/content/de/docs/reference/glossary/kubeadm.md b/content/de/docs/reference/glossary/kubeadm.md new file mode 100644 index 0000000000000..0647d935e7bac --- /dev/null +++ b/content/de/docs/reference/glossary/kubeadm.md @@ -0,0 +1,19 @@ +--- +title: Kubeadm +id: kubeadm +date: 2018-04-12 +full_link: /docs/reference/setup-tools/kubeadm/ +short_description: > + Ein Werkzeug um schnell Kubernetes zu installieren und ein sicheres Cluster zu erstellen. + +aka: +tags: +- tool +- operation +--- + Ein Werkzeug um schnell Kubernetes zu installieren und ein sicheres Cluster zu erstellen. + + + +Man kann kubeadm verwenden, um sowohl die Control Plane, als auch die {{< glossary_tooltip text="Worker Node" term_id="node" >}} Komponenten zu installieren. + diff --git a/content/de/docs/reference/glossary/label.md b/content/de/docs/reference/glossary/label.md new file mode 100644 index 0000000000000..cea9611a85f87 --- /dev/null +++ b/content/de/docs/reference/glossary/label.md @@ -0,0 +1,18 @@ +--- +title: Label +id: label +date: 2018-04-12 +full_link: /docs/concepts/overview/working-with-objects/labels +short_description: > + Kennzeichnet Objekte mit identifizierenden Attributen, die sinnvoll und relevant für die Nutzer sind. + +aka: +tags: +- fundamental +--- + Kennzeichnet Objekte mit identifizierenden Attributen, die sinnvoll und relevant für die Nutzer sind. + + + +Labels sind Key-Value Paare, die an Objekte gebunden sind, zum Beispiel {{< glossary_tooltip text="Pods" term_id="pod" >}}. Sie werden verwendet, um eine Untermenge Objekte zu organisieren und auszuwählen. + diff --git a/content/de/docs/reference/glossary/master.md b/content/de/docs/reference/glossary/master.md new file mode 100644 index 0000000000000..89285183af157 --- /dev/null +++ b/content/de/docs/reference/glossary/master.md @@ -0,0 +1,15 @@ +--- +title: Master +id: master +date: 2020-04-16 +short_description: > + Veralteter Begriff, verwendet als Synonym für die Knoten auf denen die Control Plane läuft. + +aka: +tags: +- fundamental +--- + Veralteter Begriff, verwendet als Synonym für die {{< glossary_tooltip text="Knoten" term_id="node" >}} auf denen die {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} läuft. + + +Dieser Begriff wird noch durch einige Provisionierungswerkzeuge verwendet, wie zum Beispiel {{< glossary_tooltip text="kubeadm" term_id="kubeadm" >}}, und gemanagte Dienste, um {{< glossary_tooltip text="Knoten" term_id="node" >}} mit dem `kubernetes.io/role` {{< glossary_tooltip text="Label" term_id="label" >}} zu kennzeichnen, und {{< glossary_tooltip text="Pods" term_id="pod" >}} auf der {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} zu platzieren. \ No newline at end of file diff --git a/content/de/docs/reference/glossary/node.md b/content/de/docs/reference/glossary/node.md new file mode 100644 index 0000000000000..357e2d7ea9d5d --- /dev/null +++ b/content/de/docs/reference/glossary/node.md @@ -0,0 +1,19 @@ +--- +title: Knoten +id: node +date: 2018-04-12 +full_link: /docs/concepts/architecture/nodes/ +short_description: > + Ein Knoten ist eine Arbietermaschine in Kubernetes. + +aka: +tags: +- fundamental +--- + Ein Knoten ist eine Arbietermaschine in Kubernetes. + + + +Ein Arbeiterknoten kann eine virtuelle Maschine oder physische Maschine sein, abhängig vom Cluster. Es hat lokale Daemons und Dienste, die nötig sind um {{< glossary_tooltip text="Pods" term_id="pod" >}} auszuführen, und wird von der Control Plane administriert. Die Daemonen auf einem Knoten beinhalten auch das {{< glossary_tooltip text="kubelet" term_id="kubelet" >}}, {{< glossary_tooltip text="kube-proxy" term_id="kube-proxy" >}}, und eine Container Runtime, die ein {{< glossary_tooltip text="CRI" term_id="cri" >}}, wie zum Beispiel {{< glossary_tooltip term_id="docker" >}}. implementieren. + +In älteren Kubernetes Versionen wurden Knoten "Minions" genannt. diff --git a/content/de/docs/reference/glossary/object.md b/content/de/docs/reference/glossary/object.md new file mode 100644 index 0000000000000..d33ec827af33f --- /dev/null +++ b/content/de/docs/reference/glossary/object.md @@ -0,0 +1,15 @@ +--- +title: Objekt +id: object +date: 2020-10-12 +full_link: /docs/concepts/overview/working-with-objects/#kubernetes-objects +short_description: > + Eine Einheit im Kubernetessystem, die ein Teil des Zustands Ihres Clusters darstellt. +aka: +tags: +- fundamental +--- +Eine Einheit im Kubernetessystem. Die Kubernetes API verwendet diese Einheiten um den Zustand Ihres Clusters darzustellen. + +Ein Kubernetes Objekt ist typischerweise ein "Datenstatz der Absicht"—sobald Sie das Objekt erstellen, arbeitet die Kubernetes {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} ständig, um zu versichern, dass das Element, welches es darstellt, auch existiert. +Durch erstellen eines Objekts, erzählen Sie grundsätzlich dem Kubernetessystem wie dieser Teil der Arbeitslast Ihres Clusters aussehen soll; das ist der Wunschzustand Ihres Clusters. diff --git a/content/de/docs/reference/glossary/pod.md b/content/de/docs/reference/glossary/pod.md new file mode 100644 index 0000000000000..e5f2018f509b2 --- /dev/null +++ b/content/de/docs/reference/glossary/pod.md @@ -0,0 +1,18 @@ +--- +title: Pod +id: pod +date: 2018-04-12 +full_link: /docs/concepts/workloads/pods/ +short_description: > + Ein Pod stellt ein Satz laufender Container in Ihrem Cluster dar. + +aka: +tags: +- core-object +- fundamental +--- + Das kleinste und einfachste Kubernetesobjekt. Ein Pod stellt ein Satz laufender {{< glossary_tooltip text="Container" term_id="container" >}} in Ihrem Cluster dar. + + + +Ein Pod wird typischerweise verwendet, um einen einzelnen primären Container laufen zu lassen. Es kann optional auch "sidecar" Container laufen lassen, die zusätzliche Features, wie logging, hinzufügen. Pods werden normalerweise durch ein {{< glossary_tooltip text="Deployment" term_id="deployment" >}} verwaltet. diff --git a/content/de/docs/reference/glossary/selector.md b/content/de/docs/reference/glossary/selector.md new file mode 100644 index 0000000000000..061c27112a4df --- /dev/null +++ b/content/de/docs/reference/glossary/selector.md @@ -0,0 +1,18 @@ +--- +title: Selector +id: selector +date: 2018-04-12 +full_link: /docs/concepts/overview/working-with-objects/labels/ +short_description: > + Eralubt Benutzer das Filtern einer Liste Ressourcen basierend auf Label. + +aka: +tags: +- fundamental +--- + Erlaubt Benutzer das Filtern einer Liste Ressourcen basierend auf {{< glossary_tooltip text="Label" term_id="label" >}}. + + + +Selektoren werden verwendet beim Abfragen einer Liste Ressourcen, um Sie nach Label zu filtern. + diff --git a/content/de/docs/reference/glossary/service.md b/content/de/docs/reference/glossary/service.md new file mode 100644 index 0000000000000..6dfb0b90a7448 --- /dev/null +++ b/content/de/docs/reference/glossary/service.md @@ -0,0 +1,20 @@ +--- +title: Service +id: service +date: 2018-04-12 +full_link: /docs/concepts/services-networking/service/ +short_description: > + Eine Methode um Anwendungen, die auf einem Satz Pods laufen, als Netzwerkdienst freizugeben. +tags: +- fundamental +- core-object +--- +Eine Methode um Netwzwerkanwendungen freizugeben, die als einen oder mehrere {{< glossary_tooltip text="Pods" term_id="pod" >}} in Ihrem Cluster laufen. + + + +Der Satz Pods, der von einem Servie anvisiert ist, wird durch einen {{< glossary_tooltip text="Selector" term_id="selector" >}} bestimmt. Wenn mehrere Pods hinzugefügt oder entfernt werden, ändert sich der Satz Pods die zum Selector passen. Der Service versichert, dass Netzwerkverkehr an den aktuellen Satz Pods für die Arbeitslast gelenkt werden kann. + +Kubernetes Services verwenden entweder IP Netzwerke (IPv4, IPv6, oder beide), oder referenzieren einen externen Namen im Domain Name System (DNS). + +Die Service Abstraktion ermöglicht andere Mechanismen, wie Ingress und Gateway. diff --git a/content/de/docs/reference/glossary/statefulset.md b/content/de/docs/reference/glossary/statefulset.md new file mode 100644 index 0000000000000..d10575b715ee2 --- /dev/null +++ b/content/de/docs/reference/glossary/statefulset.md @@ -0,0 +1,22 @@ +--- +title: StatefulSet +id: statefulset +date: 2018-04-12 +full_link: /docs/concepts/workloads/controllers/statefulset/ +short_description: > + Ein StatefulSet verwaltet die Bereitstellung und die Skalierung eines Satzes Pods, mit langlebigem Speicher und persistenter Identifzierung für jeden Pod. + +aka: +tags: +- fundamental +- core-object +- workload +- storage +--- + Verwaltet die Bereitstellung und Skalierung eines Satzes {{< glossary_tooltip text="Pods" term_id="pod" >}}, *und stellt Garantieen zur Reihenfolge und Einzigartigkeit bereit* für diese Pods. + + + +Wie ein {{< glossary_tooltip text="Deployment" term_id="deployment" >}}, verwaltet ein StatefulSet Pods basierend auf eine identische Container Spezifikation. Anders als ein Deployment, verwaltet ein StatefulSet eine persistente Identität für jeden seiner Pods. Diese Pods werden anhand der gleichen Spezifikation erstellt, sind aber nicht austauschbar: Jeder hat eine persistente Identifizierung, die über jede Verschiebung erhalten bleibt. + +Wenn Sie Speichervolumen verwenden wollen, um Persistenz der Arbeitslast zu ermöglichen, können Sie einen StatefulSet as Teil der Lösung verwenden. Obwohl einzelne Pods in einem StatefulSet anfälling für Fehler sind, machen die persistente Podidentifizierungen es einfacher, existierende Volumen mit neuen Pods, die die fehlerhaften ersetzen, zu verbinden. From 0c48fca40a7cfa5e99d8e9045e8876c5a319d2d3 Mon Sep 17 00:00:00 2001 From: hschneid66 Date: Fri, 12 Jan 2024 23:08:21 +0100 Subject: [PATCH 209/279] [de] German localization of further glossary items --- content/de/docs/reference/glossary/addons.md | 16 +++++++++++++ .../glossary/admission-controller.md | 20 ++++++++++++++++ .../de/docs/reference/glossary/affinity.md | 20 ++++++++++++++++ .../reference/glossary/aggregation-layer.md | 19 +++++++++++++++ .../de/docs/reference/glossary/annotation.md | 18 ++++++++++++++ .../docs/reference/glossary/api-eviction.md | 24 +++++++++++++++++++ .../de/docs/reference/glossary/api-group.md | 19 +++++++++++++++ .../docs/reference/glossary/app-container.md | 17 +++++++++++++ .../glossary/application-architect.md | 18 ++++++++++++++ .../glossary/application-developer.md | 18 ++++++++++++++ .../docs/reference/glossary/applications.md | 12 ++++++++++ .../de/docs/reference/glossary/approver.md | 18 ++++++++++++++ 12 files changed, 219 insertions(+) create mode 100644 content/de/docs/reference/glossary/addons.md create mode 100644 content/de/docs/reference/glossary/admission-controller.md create mode 100644 content/de/docs/reference/glossary/affinity.md create mode 100644 content/de/docs/reference/glossary/aggregation-layer.md create mode 100644 content/de/docs/reference/glossary/annotation.md create mode 100644 content/de/docs/reference/glossary/api-eviction.md create mode 100644 content/de/docs/reference/glossary/api-group.md create mode 100644 content/de/docs/reference/glossary/app-container.md create mode 100644 content/de/docs/reference/glossary/application-architect.md create mode 100644 content/de/docs/reference/glossary/application-developer.md create mode 100644 content/de/docs/reference/glossary/applications.md create mode 100644 content/de/docs/reference/glossary/approver.md diff --git a/content/de/docs/reference/glossary/addons.md b/content/de/docs/reference/glossary/addons.md new file mode 100644 index 0000000000000..722940c844429 --- /dev/null +++ b/content/de/docs/reference/glossary/addons.md @@ -0,0 +1,16 @@ +--- +title: Add-ons +id: addons +date: 2019-12-15 +full_link: /docs/concepts/cluster-administration/addons/ +short_description: > + Ressourcen, die die Funktionalität von Kubernetes erweitern. + +aka: +tags: +- tool +--- + Ressourcen, die die Funktionalität von Kubernetes erweitern. + + +[Add-Ons installieren](/docs/concepts/cluster-administration/addons/) erklärt mehr über die Verwendung von Add-Ons in Ihrem Cluster, und listet einige populäre Add-Ons auf. diff --git a/content/de/docs/reference/glossary/admission-controller.md b/content/de/docs/reference/glossary/admission-controller.md new file mode 100644 index 0000000000000..1663f5fd6f085 --- /dev/null +++ b/content/de/docs/reference/glossary/admission-controller.md @@ -0,0 +1,20 @@ +--- +title: Zugangscontroller +id: admission-controller +date: 2019-06-28 +full_link: /docs/reference/access-authn-authz/admission-controllers/ +short_description: > + Ein Teil Code, das Anfragen an den Kubernetes API Server abfängt, vor der Persistenz eines Objekts. + +aka: +tags: +- extension +- security +--- +Ein Teil Code, das Anfragen an den Kubernetes API Server abfängt, vor der Persistenz eines Objekts. + + + +Zugangscontroller für den Kubernetes API Server sind konfigurierbar, und können "validierend", "verändernd", oder beides sein. Jeder Zugangscontroller kann die Anfrage ablehnen. Verändernde Controller können die Objekte ändern, die sie zulassen; validierende Controller dürfen das nicht. + +* [Zugangscontroller in der Kubernetes Dokumentation](/docs/reference/access-authn-authz/admission-controllers/) diff --git a/content/de/docs/reference/glossary/affinity.md b/content/de/docs/reference/glossary/affinity.md new file mode 100644 index 0000000000000..3a241997b08ea --- /dev/null +++ b/content/de/docs/reference/glossary/affinity.md @@ -0,0 +1,20 @@ +--- +title: Affinität +id: affinity +date: 2019-01-11 +full_link: /docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity +short_description: > + Regeln, die vom Scheduler verwendet werden, um festzulegen wo Pods platziert werden. +aka: +tags: +- fundamental +--- + +In Kubernetes, ist _Affinität_ ein Satz Regeln, die dem Scheduler Hinweise geben, wo er Pods platzieren soll. + + +Es gibt zwei Arten Affinität: +* [Knoten Affinität](/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) +* [Pod-zo-Pod Affinität](/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity) + +Die Regeln werden mithilfe der in {{< glossary_tooltip term_id="pod" text="Pods" >}} angegebenen {{< glossary_tooltip term_id="label" text="Label">}} und {{< glossary_tooltip term_id="selector" text="Selektoren">}} definiert, und sie können entweder erforderlich oder bevorzugt sein, je nachdem wie streng sie möchten, dass der Scheduler sie durchsetzen soll. diff --git a/content/de/docs/reference/glossary/aggregation-layer.md b/content/de/docs/reference/glossary/aggregation-layer.md new file mode 100644 index 0000000000000..410fdbe8f6b86 --- /dev/null +++ b/content/de/docs/reference/glossary/aggregation-layer.md @@ -0,0 +1,19 @@ +--- +title: Aggregationsschicht +id: aggregation-layer +date: 2018-10-08 +full_link: /docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/ +short_description: > + Die Aggregationsschicht erlaubt Ihnen die Installation zusätzlicher Kubernetes-artiger APIs in Ihrem Cluster. + +aka: +tags: +- architecture +- extension +- operation +--- + Die Aggregationsschicht erlaubt Ihnen die Installation zusätzlicher Kubernetes-artiger APIs in Ihrem Cluster. + + + +Wenn Sie den {{< glossary_tooltip text="Kubernetes API Server" term_id="kube-apiserver" >}} konfiguriert haben um [zusätzliche APIs zu unterstützen](/docs/tasks/extend-kubernetes/configure-aggregation-layer/), können Sie `APIService` Objekte hinzufügen, um einen URL Pfad in der Kubernetes API zu "belegen". diff --git a/content/de/docs/reference/glossary/annotation.md b/content/de/docs/reference/glossary/annotation.md new file mode 100644 index 0000000000000..d788aee1c7f01 --- /dev/null +++ b/content/de/docs/reference/glossary/annotation.md @@ -0,0 +1,18 @@ +--- +title: Annotation +id: annotation +date: 2018-04-12 +full_link: /docs/concepts/overview/working-with-objects/annotations +short_description: > + Ein Key-Value Paar, dass verwendet wird um willkürliche, nicht-identifizierende Metadaten an Objekte zu binden. + +aka: +tags: +- fundamental +--- + Ein Key-Value Paar, dass verwendet wird um willkürliche, nicht-identifizierende Metadaten an Objekte zu binden. + + + +Die Metadaten in einer Annotation können klein oder groß sein, strukturiert oder unstrukturiert, und können Zeichen enthalten, die nicht in {{< glossary_tooltip text="Label" term_id="label" >}} erlaubt sind. Clients wie Tools oder Libraries können diese Metadaten abfragen. + diff --git a/content/de/docs/reference/glossary/api-eviction.md b/content/de/docs/reference/glossary/api-eviction.md new file mode 100644 index 0000000000000..a29c8b66327f8 --- /dev/null +++ b/content/de/docs/reference/glossary/api-eviction.md @@ -0,0 +1,24 @@ +--- +title: API-initiierte Räumung +id: api-eviction +date: 2021-04-27 +full_link: /docs/concepts/scheduling-eviction/api-eviction/ +short_description: > + API-initiierte Räumung ist der Prozess, durch den Sie die Räumungs API verwenden, um ein Räumungsobjekt zu erstellen, dass eine geordnete Beendung des Pods auslöst. +aka: +tags: +- operation +--- +API-initiierte Räumung ist der Prozess, durch den Sie die [Räumungs API](/docs/reference/generated/kubernetes-api/{{}}/#create-eviction-pod-v1-core) verwenden, um ein Räumungsobjekt zu erstellen, dass eine geordnete Beendung des Pods auslöst. + + + + +Sie können Räumung anfragen, indem Sie direkt die Räumungs API verwenden, mithilfe eines Clients des kube-api-servers, wie der `kubectl drain` Befehl. Wenn ein `Räumungs` Objekt erstellt wird, beendet der API Server den Pod. + +API-initiierte Räumungen respektieren Ihre konfigurierte [`PodDisruptionBudgets`](/docs/tasks/run-application/configure-pdb/) +und [`terminationGracePeriodSeconds`](/docs/concepts/workloads/pods/pod-lifecycle#pod-termination). + +API-initiierte Räumung ist nicht das gleiche wie [Knotendruck Räumung](/docs/concepts/scheduling-eviction/node-pressure-eviction/). + +* Siehe [API-initiierte Räumung](/docs/concepts/scheduling-eviction/api-eviction/) für mehr Informationen. diff --git a/content/de/docs/reference/glossary/api-group.md b/content/de/docs/reference/glossary/api-group.md new file mode 100644 index 0000000000000..450196fe95e42 --- /dev/null +++ b/content/de/docs/reference/glossary/api-group.md @@ -0,0 +1,19 @@ +--- +title: API Gruppe +id: api-group +date: 2019-09-02 +full_link: /docs/concepts/overview/kubernetes-api/#api-groups-and-versioning +short_description: > + Ein Satz zugehöriger Pfade in der Kubernetes API. + +aka: +tags: +- fundamental +- architecture +--- +Ein Satz zugehöriger Pfade in der Kubernetes API. + + +Sie können jedeAPI Gruppe ein- oder ausschalten durch Änderung der Konfiguration Ihres API Servers. Sie können auch Pfade zu spezifischen Ressourcen ein- oder ausschalten. API Gruppe vereinfacht die Erweiterung der Kubernetes API. Die API Gruppe ist festgelegt durch einen REST Pfad und durch das `apiVersion` Feld eines serialisierten Objekts. + +* Siehe [API Gruppe](/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning) für mehr Informationen. diff --git a/content/de/docs/reference/glossary/app-container.md b/content/de/docs/reference/glossary/app-container.md new file mode 100644 index 0000000000000..e30e6696dc23c --- /dev/null +++ b/content/de/docs/reference/glossary/app-container.md @@ -0,0 +1,17 @@ +--- +title: App Container +id: app-container +date: 2019-02-12 +full_link: +short_description: > + Ein Container, der verwendet wird um einen Teil einer Arbeitslast auszuführen. Vergleiche mit init Container. + +aka: +tags: +- workload +--- + Anwendungscontainer (oder App Container) sind die {{< glossary_tooltip text="Container" term_id="container" >}} in einem {{< glossary_tooltip text="Pod" term_id="pod" >}}, die gestartet werden, nachdem jegliche {{< glossary_tooltip text="Init Container" term_id="init-container" >}} abgeschlossen haben. + + + +Ein Init Container erlaubt es Ihnen Initialisierungsdetails, die wichtig sind für die gesamte {{< glossary_tooltip text="Arbeitslast" term_id="workload" >}}, und die nicht mehr weiter laufen müssen, sobald der Anwendungscontainer startet, sauber abzutrennen. Wenn ein Pod keine Init Container konfiguriert hat, sind alle Container in diesem Pod App Container. diff --git a/content/de/docs/reference/glossary/application-architect.md b/content/de/docs/reference/glossary/application-architect.md new file mode 100644 index 0000000000000..16f100877845f --- /dev/null +++ b/content/de/docs/reference/glossary/application-architect.md @@ -0,0 +1,18 @@ +--- +title: Anwendungsarchitekt +id: application-architect +date: 2018-04-12 +full_link: +short_description: > + Eine Person, die verantwortlich ist für das Highlevel-Design einer Anwendung. + +aka: +tags: +- user-type +--- + Eine Person, die verantwortlich ist für das Highlevel-Design einer Anwendung. + + + +Ein Architekt sorgt dafür, dass die Implementierung einer Anwendung eine skalierbare und verwaltbare Interaktion mit den umgebenden Komponenten ermöglicht. Umgebende Komponenten können Datenbanken, Logging-Infrastruktur und andere Microservices sein. + diff --git a/content/de/docs/reference/glossary/application-developer.md b/content/de/docs/reference/glossary/application-developer.md new file mode 100644 index 0000000000000..19fcb5928b179 --- /dev/null +++ b/content/de/docs/reference/glossary/application-developer.md @@ -0,0 +1,18 @@ +--- +title: Anwendungsentwickler +id: application-developer +date: 2018-04-12 +full_link: +short_description: > + Eine Person, die eine Anwendung entwickelt, die in einem Kubernetes Cluster läuft. + +aka: +tags: +- user-type +--- + Eine Person, die eine Anwendung entwickelt, die in einem Kubernetes Cluster läuft. + + + +Ein Anwendungsentwickler fokussiert auf einen Teil der Anwendung. Die Größe des Fokus kann significant variieren. + diff --git a/content/de/docs/reference/glossary/applications.md b/content/de/docs/reference/glossary/applications.md new file mode 100644 index 0000000000000..f5ec506769fa4 --- /dev/null +++ b/content/de/docs/reference/glossary/applications.md @@ -0,0 +1,12 @@ +--- +title: Anwendungen +id: applications +date: 2019-05-12 +full_link: +short_description: > + Die Schicht, in der verschiedene containerisierte Anwendungen laufen. +aka: +tags: +- fundamental +--- + Die Schicht, in der verschiedene containerisierte Anwendungen laufen. diff --git a/content/de/docs/reference/glossary/approver.md b/content/de/docs/reference/glossary/approver.md new file mode 100644 index 0000000000000..4c0696a960f0f --- /dev/null +++ b/content/de/docs/reference/glossary/approver.md @@ -0,0 +1,18 @@ +--- +title: Approver +id: approver +date: 2018-04-12 +full_link: +short_description: > + Eine Person, die Kubernetes Code Beiträge überprüfen und zulassen kann. + +aka: +tags: +- community +--- + Eine Person, die Kubernetes Code Beiträge überprüfen und zulassen kann. + + + +Während Code Review sich auf Qualität und Korrektheit des Codes konzentriert, ist das Genehmigen auf die holistische Akzeptanz eines Beitrags fokussiert. Holistische Akzeptanz achtet unter anderem auf Rückwärts- und Vorwärtskompatibilität, beachten der API und Flag Konventionen, subtile Performance- und Korrektheitsprobleme, und Interaktionen mit anderen Teilendes Systems. Approver Status ist begrenzt auf einen Teil des gesamten Codes (Codebase). Approver wurden früher Maintainer genannt. + From 803bb6b16b6d678fd5b3ecef1debde6e81865081 Mon Sep 17 00:00:00 2001 From: chansuke Date: Fri, 13 Oct 2023 22:17:09 +0900 Subject: [PATCH 210/279] Update the icon and name of Twitter to X(Twitter) --- hugo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hugo.toml b/hugo.toml index 7da8be9cc7152..2f8b89a1b1394 100644 --- a/hugo.toml +++ b/hugo.toml @@ -249,10 +249,10 @@ no = 'Sorry to hear that. Please Date: Tue, 24 Oct 2023 00:52:29 +0900 Subject: [PATCH 211/279] Update the twitter icon for background image --- static/images/twitter_icon.png | Bin 5241 -> 2387 bytes 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 static/images/twitter_icon.png diff --git a/static/images/twitter_icon.png b/static/images/twitter_icon.png old mode 100755 new mode 100644 index f0af122a809e96ecb1e461b3e35f674517a9ab45..3401ceaf63d2bb62a9c7505785b094f9847ab7d5 GIT binary patch literal 2387 zcmV-Z39R;sP)004R>004l5008;`004mK004C`008P>0026e000+ooVrmw00002 zVoOIv0RM-N%)bBt010qNS#tmY79{`x79{~mQY7#I000McNliru=L#1OGA4A&V5|TD z2u4XnK~#9!#hiJN6h#)sf89MNGXerL$|;9}FnH`LyP^n&5({Fe3jrEHh^!$fIGz}b zEE|LfL4+Y5gEuQ`s3;?=fv)H(sDKx;gp7zBf+3d(4u>!>%nUQ#`$q>-?{!yCR(4hQ z%fF`QRpysjS?{awWoAJoF{`qfv&o!Y!cNipac(0V|5q97tvV3p8S*m(zbmUm+f6({ z(W!rrq{gZX#~70l`0aR0wY-Saoep`-vz$ho=oL8pBAzBHTK$C1+Nm>ZEW7ZU^Hv66 zxlE^Cw78!0k~t3Jpqk-k9jId>p}^pWxP>F4y`5a4UE-F*Lp5^KH|J7TIC^@78(sVgc~#woCA10zem{Otq4ORhsV*4AK8O1j z`ndS@7NDoR{mk-GfRP$aZmc4HNu&Im}@;O;)_T zoj(}1QAU-xvVj?Cvx&n>`P7n^-!W1N9a*l(@HvY8gAXu}y;i(@g8Q4D2(5Wdh0Z0E z_zNGxOci5m&da}WS<0FVctqW`FX`?#{P;M%XUWUUQ>cUp_i-;0BQA0Jz%N-*c; zCT6;*gb<@Sr0&MbPj8#)PX9av9{1 zmtCo66)~R&)WSkc5-$d+c=>&$5{6_OeB6q8!;+U*(=prNE8t%Om^m+h8%z?#yLDH|L33VyA$#vb(uNC_V9v|6jLSCkxaIPg0A|k1 zKe$e~3|j}jvgGAO=_Pahk`y)UWT<0V!A|p zHwa#?r#y(&n-Djv0|~phGUXK!9u)U0H7`4B-bp|IJ1~@AL?ee7-RwBEW0@r{FZFv7 zd$jxr~Gm5|E}B~q$96HSPT>dn=imnR8N_q%0iVJ4`I z=5_{J)KjE3_?h$an#7ZPUhGlfa0*<{Jf^Xyf^pT%K_7`5D)Mra!&RD!u) zu3?m2gXgF-mW|9w>j-W>&x!iXdHFk=)5~Y5Ei*A*rezxN0lM;yB`?3^RVAFJPI1Ke zfc9y^2e?kD1XEr<&fmN=lgBJ|mTRp~XNPlnL~x2ZFK;v7q7Y`Xdfa~W@vvcgKDXrM z#inO!MyR*=>NHO$Y15kmO?lbUl8!gBFs>#&XkvT@u%i0@2%p*31$Y6 zY--C##=I;U{QcA_p#vWZ_bBrNQm6gZ7C=*8ZsZ^C^Pv^5sL=UtU`g*V_o_H&s+WJ& z=ju;dJ`bzys;dM2dPhs%PT=L_7Ewv$m8VYHM;uO*nJ#AgR&HfOfE}o3GeaCRI>PyE zBbU;IQbIMCIXt`2#7eyedZYRv9~mJ5!`W}`anzr)BQZlmC|~#(XtCqot*HU)h^H|PY3+L5ox0nR+!DoQEmVz zQQO91{M*+r6f|%737>y4E#J`>Drg|;C{>)3QTPBo*eEcVm&*SGH6a5}HH-V)0000b zbVXQnWMOn=I%9HWVRU5xGB7eTEio`HGBZ>$H99moIy5vZFfckWFcF^g1poj5C3Hnt zbYx+4WjbwdWNBu305UK#Gc7SNEiyAyF*Q0gIXW~nD=;uRFfd@lOt}C6002ovPDHLk FV1oYgS_uFE literal 5241 zcmV-<6o%`GP)`Qvva z&H8=s_ujp~d*8cPg2&?#61ee53_^m41QJ9fh)5toM1qI}5=113NFYH(f`|kXL?nnv zU{Z-_P&)#`>>LuDL&Jh&a6DW?Bf_Pge&LL)SE!WRh0@Mm;k3*y6kN3lCp&tD{5Gp_ zrmI)Ty=-NFAE&=h&~xc67U4*fNyxcu5i%~B1?fezaQM7Ys8#g|gTo^ez9$^|>Dr8r zA>mY~_d2Q-eL`^uT|;{>eXmW(XffZnv(_+YO{r$v8^@L93$x{&&!@`_5~$kA`%5Jr?@51l6?^1eS2HoejYQ3<%M*rtYM7_!(oTl$R+-Q1cZK>w)%bB7nDOKiq zHbv%{M?dFFWuE8KLIF@%NHk#idP^y7y9=P2a-j)u|&VqTmYsY`5W_ z9!hC8KT}5I0W!IWsHZ`{9*y+n_5pW5A_m+eLaYAfBBG8yqqyBR{r!`gjQKR^b5pu} z13wm`53+!m=X>8PnR3mJ8vRQ8%sc9c++alDKJ(gaLYa)Mf^V-c({5UjCbQ>Uw$AJ@ zx`fL#S-FVlq&JO)XdV!16nziUApdfB#B<$h7#1x3ZZ>%3qWy*wfmK^U*Rij`u$at^ z2?HsS%7PB|1Y!cbb{;)8_gI%_)Hz3q$faw~YW4n}PpjZyqv?qc&UEkm zO_tp7t0SGB_lni^a`V9LGLuUHxQOU5^pAtmG9YX@+p{+*rOS0*(|4$Y-mGUVo;`{-2nr`o1ASWgXxn;wlZkA6OA&mhK~l&9jfvg=ERQuNYj@ z2ZuermEd3l4;vUSB4AdAIEiq%+3RoHR^5|4>u9)D5RMG-x}VqZEDiEYnPMNAopt2& z55AVG=%B|(@HqU7|9fYC-s#zTw&!zL3`|;W?;sNnTtrmK`$hqWx4*&g>KtO1%?kQL z`tmMP6aRqcs+C@c7%w95H$D%8Yje3HLN5V+>a#}UhX0}gkVHA-BQ;;}H5mA3eKTKj z-Sb!pujeY{8r$H#5Hjrs7jx9OPc9g>%2U`uHR)-kD?-N(d^Xa0sMdy49tF%_>b?g`um@_US z;PnAG-_lOoG}71I%-%}Je<8^`B@OOlSUK?`;@Aa~kVZdYQ!&%6{h`rEgwf2qhpwd? z*Tg%!L;ub9UZ$|JdAvO{sc|Q26fH+v1r)(uF@x3;Z z@=#L;&KbW$LEOAmMd~bieIJRMSzJUMY&0?)Id2j^uIicLRUd&bmf1+DY-m@V{;e9N zH{gkth*bJn(rIJ1wTmQQXAp=Mmq4cResZ3@!LKn=hb%@b<3r%-j027U&Kg_-|* zx_kZdLRHy|8DcL2$X_1r^w53%4g!RWh(buSE8Ylkcb#EgQfla>>~~%tobEnE1O9cG zv{+3OUW<4DK~Re>Fc2is&99g<#(xF(1F^1<;2@viUX(4@kaTrHIWYz0i(h_C;^C9C zJ%`}5Awal@IC0g=P(noPsW(XQ;o)vT;tP6S&r`Hgr1=x9jKcQli6E^mWRa7rQ~FXY zq|oZepurdIuQ;Kq<@XKYgE(H&aR1kv@7YH?JtTAr$(P+Z;EsZb&(0Ybpy@YP>V7?b z*@t#;mPZkMC4qyGGH)Bn?DtZ?NGqLKtU|cQ?!t;nOQ`GSxIJw zmx$D6Gb01IIU8TPCguaZ*f8Bvyb_ z(g0oK>KZbg7bwuJCzEP$3<)mxFw0s4TtrY*$bhIC%4A=IVa@Cb%7hPoWkm{O;JspX z7R4w3K`Y|R80@^Z&_o;}5=b4f=dcoh(_J=!X5Q|gD?&O|#CV>J7plt8{EtkaqtxDK*yF%Xu@j25$yO==IOy_901 z3b9u>ON98rMT8s?tq%%9H$|^BU`5wfMI0dY`VT~;FObTj0H}Clg?1SY^ur{7Z!czB zn-*Fn7U6J{i77Z>e}jQV{a6+B`gL=|O4mqpNwP32D>xVt1RCha)z$&F@6c)NXTUZ> z`xtN$L6U0}Jp_1u3a)-i@x(~@q#Cd4@NQFj10k7bL7HrM>2YQA+EPvOrb^xG6vsT4 ze9rg{BH>GL-0&4Cv`TV_jO{i0*?bYT7(m939dI$K6o`LJj<;DJKTq*Z9r@N^;35L~ z8$d_Ukd1@qN0yT!#Dg;_Na3G-VuYy#FDc%Y;*C!6IH|UtC3%V_S~dCapVa*6Lo#QZ zE3_|es?aT`)inH^bn2XPuoXeE)5z+R>W6=SN+ZxD3JNYF41I0}lf%uNHT(oTK9O?| z*>%~RV_k8!%fa6x@i}^sla%V)+)wSgZu9@f5HMDVz`T-4eGn!SCqIILiwGkT0Kg>4 zOam?&(XpvQyZp08;{$M%$n}s`eqvF!TppRT6eHH-@lY}GB{KZ$ zy;5A!oOQ`^8x$RqmBGM81T;GUm9oA}y97SLw+Uojc3fG$wzT`By>*6P?WpNlh{FVt zr9Z?lgDb`)g(oks6#lwkrdOO$l^|n)_$L&&h`=5+0N;S5o!=jfQ#7eeY7W6kO@;#u zskWq%Z1RXfvaUSxHnQuSL*wyLx%N{eHj$qTg{X+YK6G}g^&g*47Y8K)QU;PqRwI)` zY_z^4^nrohb^2Gym$DpMC~y%`>r41yAAo+|@!Nc53(kWEHv!@#6A|LGrQz~RBA=h) z{C?jA9nQF9`4LtG_FY1OiwNu$`+*JoU3G?yvyXP&;Mpvj{N!B}z5=Eir(DR4Ps7CZ zXRd=GrlcR4sYmCh%7!H&ovJvwrbIeflR)HHK@;DDTo*7fvH(hsmugk2@KKRs`B zRYa3U7Gq9#gx-S=Gw9MtR)WZ#V}f+gYqLJtNJPLig##B6CdbeO;2`a;TK!HO51Bgu z5Xol080TvVC1J%0{^9jJg}g!S_zFx@Q+If95fSKoDULQ897EG6aA^+exTRBNmc*Mt z9Ei*;eO#s6jyYgqZBdw} zNWnz}20IuAhDU^UUtwOos_*U(%e1?Qh+$T%7Q<4H?ob!63X6|&WBU&oVqdkQ?}0XU zHrE+3xQI|u+zrm@D52@u+88c&8uj(Md7F z>~Clv1F^EXQg;AlZLKu8Jm4ZC+=sR4okBC&#T4HuJbyWDa)a@Q8_IR-$z)a2jIm3k zu?$Q!X$LWm`x#=W*kSlgSMQ@Tvuj+vVI<%p0-87!T6&y9wZeYS#tQAy^<~-_ht3pb8` zqnbsLcTq5-^d2O*cJ|Z1xgU08Um9&*h|i3~$M1|gdOujNc06Kox&^I$kQ;n;)@1v_ zK}E{x*ag#D{!&_rl;`HfDLNh*-=K5W=bfHy)jfNRtY&&JD)6N^i0yE|c}|UO@b0B~ zN+k}4#pgJDw8V%}kj`iNup^0DbDD(T!RZzpqKF1uM1-s4^aJIqr@MOR%^6o#dm~O` z$LmN}K(79GiKdz+ z-yN8MmKeZA1iH|muZ1%L6@c0>vvX+Lsv=c=_!3+3CL84NrV=sH^Xa04)Z!y{ns_+< z7z;Q{w=5K}IY)ajg(CztVoK}4x0e^Hnr6pDh8V-11Fs(lpZtTloprR+lX=PVHtrD? zAXab@ap0T*=7tr9;54|u=}4enO@ROLi#q4uyj!F`Ip%_+~ncmD-UL~dT*Msipg149hIzJIRYxRr>lvR~>*x1QGB>OPvAjH?2XOsvO zVxU~*gWLr_TsGFZbZmzM~f4n(m!x(}chZg;KWXKP9{2VcpOYsN<2thZ6jCppBp z?}PY`{|}y3*nfe&mw1v8HzIb|>4l?BCSh;AQP@*wV7>&|SC}MJPvR$51c*R?BKR18 zy*9n?8(XS$Ge`!mTX{l#fP6^?W?j^Y!AVe7{yGf0-dE5v&lzVD;!ec=1|zHTOeP}G zR1mAgU)NSbugmojf$S_RQbhS~i?<0OT1%h_2_(M=IP~4{c;c?5L$cQxyz6R>#5f-mYZWzo5_h7g`Z@d`%Cd-EWR;Wz1s- zszvwua_wSN^+1%|vP7i%+Q4CjWcpfff(XpN;PX1X3KSfSAiI(na#T;>g_o88xj#Yt=6An?-|#A z%M*dF0jz`A6#1?t$=4(ooy15$ z{3{5k^>xs{C5S+J0=@wkp3!3dJ~_30WOn)kcbvbus)$%$51)CY72L3|-tZhsrs{kI zRMVi}Qbd3RTrdjo;44TeP2W(V-Nw$mrpO}q13{~C#JJ{-{O#+|r~B;!xI^LCJeO224f-I3`+?;$m{?6(EVa&(gM_r;JzwRaHBX>oBvGp>25 ztc$&3-RbV_u85@7FtBk>N5 zL>fWnQyO`!;BSuNm!J535e+^Gi6dL8dgiCKnD55F5kPbdNewcxzQ{zN9|sb8xM)0v zz>fX9fhN=UHdW{rttwJO%C^3cE;=OAu^nZ`J9^0&l_eSTm_Gx0ts9Lm7equa%#tff z%^hD;qFGH6`e*dLU&COhTrdmSmo2OtCI<4)j)J=~M}Fz$Oi{!?S9&2s)DvM0FK5a%^tg;nOe+yt`&NOn z;N2qi&JWAFm(%yp*k0W;oj#K_XW3uxjp(yl&1}yDt+UyGHTj|ukwD`A&?SgSAVEX| z2_h0iB# Date: Tue, 24 Oct 2023 00:54:59 +0900 Subject: [PATCH 212/279] Update the description of Twitter --- hugo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hugo.toml b/hugo.toml index 2f8b89a1b1394..5616d557fa17d 100644 --- a/hugo.toml +++ b/hugo.toml @@ -252,7 +252,7 @@ no = 'Sorry to hear that. Please Date: Sun, 14 Jan 2024 19:41:35 +0530 Subject: [PATCH 213/279] fixed installation guide in using CoreDNS for Service Discovery page --- content/en/docs/tasks/administer-cluster/coredns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/coredns.md b/content/en/docs/tasks/administer-cluster/coredns.md index 6da1414d138e1..89d71ee3aec33 100644 --- a/content/en/docs/tasks/administer-cluster/coredns.md +++ b/content/en/docs/tasks/administer-cluster/coredns.md @@ -32,7 +32,7 @@ that will deploy and upgrade the cluster for you. ## Installing CoreDNS For manual deployment or replacement of kube-dns, see the documentation at the -[CoreDNS GitHub project.](https://github.com/coredns/deployment/tree/master/kubernetes) +[CoreDNS GitHub project.](https://github.com/coredns/coredns.io/blob/master/content/manual/installation.md) ## Migrating to CoreDNS From 6160a5e137853e40e4d631116c0a7986d69bae2c Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sun, 14 Jan 2024 14:20:41 +0000 Subject: [PATCH 214/279] Rename concept section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The term “resource“ is much used and often misleads readers; change it for something else. This section is really about the concepts in Kubernetes that let you manage your applications / workloads. --- content/en/docs/concepts/workloads/controllers/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/concepts/workloads/controllers/_index.md b/content/en/docs/concepts/workloads/controllers/_index.md index 44dc76d0cd1f9..6b8d2ca7b664a 100644 --- a/content/en/docs/concepts/workloads/controllers/_index.md +++ b/content/en/docs/concepts/workloads/controllers/_index.md @@ -1,5 +1,5 @@ --- -title: "Workload Resources" +title: "Workload Management" weight: 20 simple_list: true --- From 0f9ab60a3cd3b6d901f159baa69241181fdd82e4 Mon Sep 17 00:00:00 2001 From: PrashantDesale2004 <127671266+PrashantDesale2004@users.noreply.github.com> Date: Sun, 14 Jan 2024 20:29:41 +0530 Subject: [PATCH 215/279] Update CoreDNS installation docs Co-authored-by: Tim Bannister --- content/en/docs/tasks/administer-cluster/coredns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/coredns.md b/content/en/docs/tasks/administer-cluster/coredns.md index 89d71ee3aec33..42317746f3d42 100644 --- a/content/en/docs/tasks/administer-cluster/coredns.md +++ b/content/en/docs/tasks/administer-cluster/coredns.md @@ -32,7 +32,7 @@ that will deploy and upgrade the cluster for you. ## Installing CoreDNS For manual deployment or replacement of kube-dns, see the documentation at the -[CoreDNS GitHub project.](https://github.com/coredns/coredns.io/blob/master/content/manual/installation.md) +[CoreDNS website](https://coredns.io/manual/installation/). ## Migrating to CoreDNS From 94723202ac1dc823390f20c61ea6dfe983a1822d Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 15 Jan 2024 00:40:34 +0200 Subject: [PATCH 216/279] [id] Fix voyager link --- .../id/docs/concepts/services-networking/ingress-controllers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/id/docs/concepts/services-networking/ingress-controllers.md b/content/id/docs/concepts/services-networking/ingress-controllers.md index 645f2dbf8dcbd..f912e65277a7f 100644 --- a/content/id/docs/concepts/services-networking/ingress-controllers.md +++ b/content/id/docs/concepts/services-networking/ingress-controllers.md @@ -27,7 +27,7 @@ Kubernetes sebagai sebuah proyek, saat ini, mendukung dan memaintain kontroler-k * [Ambassador](https://www.getambassador.io/) *API Gateway* merupakan ingress berbasis [Envoy](https://www.envoyproxy.io) kontroler dengan dukungan [komunitas](https://www.getambassador.io/docs) atau [komersial](https://www.getambassador.io/pro/) dari [Datawire](https://www.datawire.io/). -* [AppsCode Inc.](https://appscode.com) menawarkan dukungan dan pemeliharaan untuk ingress berbasis [HAProxy](http://www.haproxy.org/), [Voyager](https://appscode.com/products/voyager). +* [AppsCode Inc.](https://appscode.com) menawarkan dukungan dan pemeliharaan untuk ingress berbasis [HAProxy](http://www.haproxy.org/), [Voyager](https://voyagermesh.com). * [Contour](https://projectcontour.io/) merupakan ingress berbasis [Envoy](https://www.envoyproxy.io/) yang disediakan dan didukung oleh VMware. * Citrix menyediakan sebuah [kontroler Ingress](https://github.com/citrix/citrix-k8s-ingress-controller) untuk perangkat keras (MPX), virtualisasi (VPX) dan [kontainerisasi cuma-cuma (CPX) ADC](https://www.citrix.com/products/citrix-adc/cpx-express.html) untuk mesin [*baremetal*](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/deployment/baremetal) dan penyedia layanan [*cloud*](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/deployment) deployments. From a56ad74026173f32fb74f278fba3b4801f6e853f Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 15 Jan 2024 09:46:47 +0800 Subject: [PATCH 217/279] [zh] Sync 2023-08-15-pkgs-k8s-io-introduction.md --- .../2023-08-15-pkgs-k8s-io-introduction.md | 206 ++++++++++++++---- 1 file changed, 161 insertions(+), 45 deletions(-) diff --git a/content/zh-cn/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md b/content/zh-cn/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md index 2dd837d0cf8d7..4fc1677737b43 100644 --- a/content/zh-cn/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md +++ b/content/zh-cn/blog/_posts/2023-08-15-pkgs-k8s-io-introduction.md @@ -19,7 +19,12 @@ slug: pkgs-k8s-io-introduction **译者**:Wilson Wu (DaoCloud) 我很高兴代表 Kubernetes SIG Release 介绍 Kubernetes 社区自有的 Debian 和 RPM 软件仓库:`pkgs.k8s.io`! @@ -27,14 +32,19 @@ On behalf of Kubernetes SIG Release, I am very excited to introduce the Kubernet Google 的仓库(`apt.kubernetes.io` 和 `yum.kubernetes.io`)。 这篇博文包含关于这些新的包仓库的信息、它对最终用户意味着什么以及如何迁移到新仓库。 -**ℹ️ 更新(2023 年 8 月 31 日):旧版托管在 Google 的仓库已被弃用,并将于 2023 年 9 月 13 日开始被冻结。** +**ℹ️ 更新(2024 年 1 月 12 日):旧版托管在 Google 的仓库已被弃用,并将于 2024 年 1 月开始被冻结。** 查看[弃用公告](/zh-cn/blog/2023/08/31/legacy-package-repository-deprecation/)了解有关此更改的更多详细信息。 -**(更新于 2023 年 8 月 31 日)** +**(更新于 2024 年 1 月 12 日)** - 这是一个**明确同意的更改**;你需要手动从托管在 Google 的仓库迁移到 Kubernetes 社区自有的仓库。请参阅本公告后面的[如何迁移](#how-to-migrate), 了解迁移信息和说明。 + -- 旧版托管在 Google 的仓库**自 2023 年 8 月 31 日起被弃用**, - 并将**于 2023 年 9 月 13 日左右被冻结**。 - 冻结将在计划于 2023 年 9 月发布补丁之后立即发生。 - 冻结旧仓库意味着我们在 2023 年 9 月 13 日这个时间点之后仅将 Kubernetes - 项目的包发布到社区自有的仓库。有关此更改的更多详细信息, - 请查看[弃用公告](/zh-cn/blog/2023/08/31/legacy-package-repository-deprecation/)。 +- **旧版托管在 Google 的包仓库于 2024 年 1 月停用。** + 这些仓库**自 2023 年 8 月 31 日起被弃用** ,并**自 2023 年 9 月 13 日被冻结** 。 + 有关此变更的更多细节请查阅[弃用公告](/zh-cn/blog/2023/08/31/legacy-package-repository-deprecation/)。 + -- 旧仓库中的现有包将在可预见的未来一段时间内可用。 +- ~~旧仓库中的现有包将在可预见的未来一段时间内可用。 然而,Kubernetes 项目无法保证这会持续多久。 - 已弃用的旧仓库及其内容可能会在未来随时被删除,恕不另行通知。 + 已弃用的旧仓库及其内容可能会在未来随时被删除,恕不另行通知。~~ + **旧版包仓库于 2024 年 1 月停用。** - 鉴于在 2023 年 9 月 13 日这个截止时间点之后不会向旧仓库发布任何新版本, 如果你不在该截止时间点迁移至新的 Kubernetes 仓库, 你将无法升级到该日期之后发布的任何补丁或次要版本。 也就是说,我们建议**尽快**迁移到新的 Kubernetes 仓库。 + - 新的 Kubernetes 仓库中包含社区开始接管包构建以来仍在支持的 Kubernetes 版本的包。 这意味着 v1.24.0 之前的任何内容都只存在于托管在 Google 的仓库中。 + 这意味着新的包仓库将为从 v1.24.0 开始的所有 Kubernetes 版本提供 Linux 包。 + +- Kubernetes 没有为早期版本提供官方的 Linux 包;然而,你的 Linux 发行版可能会提供自己的包。 + + - 每个 Kubernetes 次要版本都有一个专用的仓库。 当升级到不同的次要版本时,你必须记住,仓库详细信息也会发生变化。 @@ -93,7 +130,12 @@ _(updated on August 31, 2023)_ ## 为什么我们要引入新的包仓库? {#why-are-we-introducing-new-package-repositories} 随着 Kubernetes 项目的不断发展,我们希望确保最终用户获得最佳体验。 托管在 Google 的仓库多年来一直为我们提供良好的服务, @@ -101,7 +143,14 @@ As the Kubernetes project is growing, we want to ensure the best possible experi 我们的另一个目标是对所有关键组件使用社区拥有的基础设施,其中包括仓库。 将包发布到托管在 Google 的仓库是一个手动过程, 只能由名为 [Google 构建管理员](/zh-cn/releases/release-managers/#build-admins)的 Google 员工团队来完成。 @@ -110,7 +159,14 @@ Publishing packages to the Google-hosted repository is a manual process that can 确保我们有发布经理和 Google 构建管理员来执行发布。 另一个问题是由于我们只有一个包仓库。因此,我们无法发布预发行版本 (Alpha、Beta 和 RC)的包。这使得任何有兴趣测试的人都更难测试 Kubernetes 预发布版本。 @@ -119,7 +175,8 @@ Another problem is that we only have a single package repository. Because of thi `cri-tools` 和 `kubernetes-cni` 等依赖进行发布, 尽管存在这些问题,我们仍非常感谢 Google 和 Google 构建管理员这些年来的参与、支持和帮助! @@ -129,14 +186,26 @@ Regardless of all these issues, we're very thankful to Google and Google Build A ## 新的包仓库如何工作? {#how-the-new-package-repositories-work} 新的 Debian 和 RPM 仓库托管在 `pkgs.k8s.io`。 目前,该域指向一个 CloudFront CDN,其后是包含仓库和包的 S3 存储桶。 然而,我们计划在未来添加更多的镜像站点,让其他公司有可能帮助我们提供软件包服务。 包通过 [OpenBuildService(OBS)平台](http://openbuildservice.org)构建和发布。 经过长时间评估不同的解决方案后,我们决定使用 OpenBuildService 作为管理仓库和包的平台。 @@ -146,14 +215,21 @@ Packages are built and published via the [OpenBuildService (OBS) platform](http: 它还允许我们以与托管在 Google 的仓库类似的方式构建包,从而使迁移过程尽可能无缝。 SUSE 赞助 Kubernetes 项目并且支持访问其引入的 OpenBuildService 环境 ([`build.opensuse.org`](http://build.opensuse.org)), 还提供将 OBS 与我们的发布流程集成的技术支持。 我们使用 SUSE 的 OBS 实例来构建和发布包。构建新版本后, 我们的工具会自动将所需的制品和包设置推送到 `build.opensuse.org`。 @@ -161,7 +237,9 @@ We use SUSE's OBS instance for building and publishing packages. Upon building a 最后,生成的包将自动推送到我们社区拥有的 S3 存储桶,以便所有用户都可以使用它们。 我们想借此机会感谢 SUSE 允许我们使用 `build.opensuse.org` 以及他们的慷慨支持,使这种集成成为可能! @@ -177,19 +255,30 @@ There are three significant differences that you should be aware of: 你应该注意三个显著差异: - 每个 Kubernetes 次要版本都有一个专用的仓库。例如, 名为 `core:/stable:/v1.28` 的仓库仅托管稳定 Kubernetes v1.28 版本的包。 这意味着你可以从此仓库安装 v1.28.0,但无法安装 v1.27.0 或 v1.28 之外的任何其他次要版本。 升级到另一个次要版本后,你必须添加新的仓库并可以选择删除旧的仓库 + - 每个 Kubernetes 仓库中可用的 `cri-tools` 和 `kubernetes-cni` 包版本有所不同 - 这两个包是 `kubelet` 和 `kubeadm` 的依赖项 @@ -197,8 +286,11 @@ There are three significant differences that you should be aware of: - v1.28 及更高版本的 Kubernetes 仓库将仅发布该 Kubernetes 次要版本 - 就 v1.28 而言,Kubernetes v1.28 的仓库中仅提供 kubernetes-cni 1.2.0 和 cri-tools v1.28 - 与 v1.29 类似,我们只计划发布 cri-tools v1.29 以及 Kubernetes v1.29 将使用的 kubernetes-cni 版本 + - 包版本的修订部分(`1.28.0-00` 中的 `-00` 部分)现在由 OpenBuildService 平台自动生成,并具有不同的格式。修订版本现在采用 `-x.y` 格式,例如 `1.28.0-1.1` @@ -209,14 +301,18 @@ There are three significant differences that you should be aware of: ## 这是否会影响现有的托管在 Google 的仓库? {#does-this-in-any-way-affect-existing-google-hosted-repositories} 托管在 Google 的仓库以及发布到其中的所有包仍然可用,与之前一样。 我们构建包并将其发布到托管在 Google 仓库的方式没有变化, 所有新引入的更改仅影响发布到社区自有仓库的包。 然而,正如本文开头提到的,我们计划将来停止将包发布到托管在 Google 的仓库。 @@ -231,7 +327,10 @@ However, as mentioned at the beginning of this blog post, we plan to stop publis ### 使用 `apt`/`apt-get` 的 Debian、Ubuntu 一起其他操作系统 {#how-to-migrate-deb} 1. 替换 `apt` 仓库定义,以便 `apt` 指向新仓库而不是托管在 Google 的仓库。 确保将以下命令中的 Kubernetes 次要版本替换为你当前使用的次要版本: @@ -241,7 +340,9 @@ However, as mentioned at the beginning of this blog post, we plan to stop publis ``` 2. 下载 Kubernetes 仓库的公共签名密钥。所有仓库都使用相同的签名密钥, 因此你可以忽略 URL 中的版本: @@ -265,7 +366,10 @@ However, as mentioned at the beginning of this blog post, we plan to stop publis ### 使用 `rpm`/`dnf` 的 CentOS、Fedora、RHEL 以及其他操作系统 {#how-to-migrate-rpm} 1. 替换 `yum` 仓库定义,使 `yum` 指向新仓库而不是托管在 Google 的仓库。 确保将以下命令中的 Kubernetes 次要版本替换为你当前使用的次要版本: @@ -288,7 +392,9 @@ However, as mentioned at the beginning of this blog post, we plan to stop publis ## 迁移到 Kubernetes 仓库后是否可以回滚到托管在 Google 的仓库? {#can-i-rollback-to-the-google-hosted-repository-after-migrating-to-the-kubernetes-repositories} 一般来说,可以。只需执行与迁移时相同的步骤,但使用托管在 Google 的仓库参数。 你可以在[“安装 kubeadm”](/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm)等文档中找到这些参数。 @@ -299,7 +405,12 @@ In general, yes. Just do the same steps as when migrating, but use parameters fo ## 为什么没有固定的域名/IP 列表?为什么我无法限制包下载? {#why-isn-t-there-a-stable-list-of-domains-ips-why-can-t-i-restrict-package-downloads} 我们对 `pkgs.k8s.io` 的计划是使其根据用户位置充当一组后端(包镜像)的重定向器。 此更改的本质意味着下载包的用户可以随时重定向到任何镜像。 @@ -307,7 +418,10 @@ Our plan for `pkgs.k8s.io` is to make it work as a redirector to a set of backen IP 地址或域名列表。 限制性控制机制(例如限制访问特定 IP/域名列表的中间人代理或网络策略)将随着此更改而中断。 对于这些场景,我们鼓励你将包的发布版本与你可以严格控制的本地仓库建立镜像。 @@ -318,7 +432,9 @@ Restrictive control mechanisms like man-in-the-middle proxies or network policie ## 如果我发现新的仓库有异常怎么办? {#what-should-i-do-if-i-detect-some-abnormality-with-the-new-repositories} 如果你在新的 Kubernetes 仓库中遇到任何问题, 请在 [`kubernetes/release` 仓库](https://github.com/kubernetes/release/issues/new/choose)中提交问题。 From 5799e6e4c6140972916e6d48de3cf18ac1c983ae Mon Sep 17 00:00:00 2001 From: Aditya Samant Date: Mon, 15 Jan 2024 14:17:34 +0530 Subject: [PATCH 218/279] Fix the links in the ConfigMap documentation related to projection of keys and file permissions. --- .../configure-pod-container/configure-pod-configmap.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md index b7d942b30e589..1eb409389fed9 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/content/en/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -728,10 +728,8 @@ kubectl delete pod dapi-test-pod --now ### Project keys to specific paths and file permissions -You can project keys to specific paths and specific permissions on a per-file -basis. The -[Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) -guide explains the syntax. +You can project keys to specific paths. Refer to the corresponding section in the [Secrets](/docs/tasks/inject-data-application/distribute-credentials-secure/#project-secret-keys-to-specific-file-paths) guide for the syntax. +You can set POSIX permissions for keys. Refer to the corresponding section in the [Secrets](/docs/tasks/inject-data-application/distribute-credentials-secure/#set-posix-permissions-for-secret-keys) guide for the syntax. ### Optional references From 2ecd7eb0aa403ff0eeca8998a23ff938a323daab Mon Sep 17 00:00:00 2001 From: Kevin Hannon Date: Wed, 15 Nov 2023 16:31:05 -0500 Subject: [PATCH 219/279] add a blog post on the separate image filesystem MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Krzysztof Wilczyński Co-authored-by: Tim Bannister --- .../_posts/2024-01-23-image-filesystem.md | 213 ++++++++++++++++++ 1 file changed, 213 insertions(+) create mode 100644 content/en/blog/_posts/2024-01-23-image-filesystem.md diff --git a/content/en/blog/_posts/2024-01-23-image-filesystem.md b/content/en/blog/_posts/2024-01-23-image-filesystem.md new file mode 100644 index 0000000000000..19c80f00cbb18 --- /dev/null +++ b/content/en/blog/_posts/2024-01-23-image-filesystem.md @@ -0,0 +1,213 @@ +--- +layout: blog +title: 'Image Filesystem: Configuring Kubernetes to store containers on a separate filesystem' +date: 2024-01-23 +slug: kubernetes-separate-image-filesystem +--- + +**Author:** Kevin Hannon (Red Hat) + +A common issue in running/operating Kubernetes clusters is running out of disk space. +When the node is provisioned, you should aim to have a good amount of storage space for your container images and running containers. +The [container runtime](/docs/setup/production-environment/container-runtimes/) usually writes to `/var`. +This can be located as a separate partition or on the root filesystem. +CRI-O, by default, writes its containers and images to `/var/lib/containers`, while containerd writes its containers and images to `/var/lib/containerd`. + +In this blog post, we want to bring attention to ways that you can configure your container runtime to store its content separately from the default partition. +This allows for more flexibility in configuring Kubernetes and provides support for adding a larger disk for the container storage while keeping the default filesystem untouched. + +One area that needs more explaining is where/what Kubernetes is writing to disk. + +## Understanding Kubernetes disk usage + +Kubernetes has persistent data and ephemeral data. The base path for the kubelet and local +Kubernetes-specific storage is configurable, but it is usually assumed to be `/var/lib/kubelet`. +In the Kubernetes docs, this is sometimes referred to as the root or node filesystem. The bulk of this data can be categorized into: + +- ephemeral storage +- logs +- and container runtime + +This is different from most POSIX systems as the root/node filesystem is not `/` but the disk that `/var/lib/kubelet` is on. + +### Ephemeral storage + +Pods and containers can require temporary or transient local storage for their operation. +The lifetime of the ephemeral storage does not extend beyond the life of the individual pod, and the ephemeral storage cannot be shared across pods. + +### Logs + +By default, Kubernetes stores the logs of each running container, as files within `/var/log`. +These logs are ephemeral and are monitored by the kubelet to make sure that they do not grow too large while the pods are running. + +You can customize the [log rotation](/docs/concepts/cluster-administration/logging/#log-rotation) settings +for each node to manage the size of these logs, and configure log shipping (using a 3rd party solution) +to avoid relying on the node-local storage. + +### Container runtime + +The container runtime has two different areas of storage for containers and images. +- read-only layer: Images are usually denoted as the read-only layer, as they are not modified when containers are running. +The read-only layer can consist of multiple layers that are combined into a single read-only layer. +There is a thin layer on top of containers that provides ephemeral storage for containers if the container is writing to the filesystem. + +- writeable layer: Depending on your container runtime, local writes might be +implemented as a layered write mechanism (for example, `overlayfs` on Linux or CimFS on Windows). +This is referred to as the writable layer. +Local writes could also use a writeable filesystem that is initialized with a full clone of the container +image; this is used for some runtimes based on hypervisor virtualisation. + +The container runtime filesystem contains both the read-only layer and the writeable layer. +This is considered the `imagefs` in Kubernetes documentation. + +## Container runtime configurations + +### CRI-O + +CRI-O uses a storage configuration file in TOML format that lets you control how the container runtime stores persistent and temporary data. +CRI-O utilizes the [storage library](https://github.com/containers/storage). +Some Linux distributions have a manual entry for storage (`man 5 containers-storage.conf`). +The main configuration for storage is located in `/etc/containers/storage.conf` and one can control the location for temporary data and the root directory. +The root directory is where CRI-O stores the persistent data. + +```toml +[storage] +# Default storage driver +driver = "overlay" +# Temporary storage location +runroot = "/var/run/containers/storage" +# Primary read/write location of container storage +graphroot = "/var/lib/containers/storage" +``` + +- `graphroot` + - Persistent data stored from the container runtime + - If SELinux is enabled, this must match the `/var/lib/containers/storage` +- `runroot` + - Temporary read/write access for container + - Recommended to have this on a temporary filesystem + +Here is a quick way to relabel your graphroot directory to match `/var/lib/containers/storage`: + +```bash +semanage fcontext -a -e /var/lib/containers/storage +restorecon -R -v +``` + +### containerd + +The containerd runtime uses a TOML configuration file to control where persistent and ephemeral data is stored. +The default path for the config file is located at `/etc/containerd/config.toml`. + +The relevant fields for containerd storage are `root` and `state`. + +- `root` + - The root directory for containerd metadata + - Default is `/var/lib/containerd` + - Root also requires SELinux labels if your OS requires it +- `state` + - Temporary data for containerd + - Default is `/run/containerd` + +## Kubernetes node pressure eviction + +Kubernetes will automatically detect if the container filesystem is split from the node filesystem. +When one separates the filesystem, Kubernetes is responsible for monitoring both the node filesystem and the container runtime filesystem. +Kubernetes documentation refers to the node filesystem and the container runtime filesystem as nodefs and imagefs. +If either nodefs or the imagefs are running out of disk space, then the overall node is considered to have disk pressure. +Kubernetes will first reclaim space by deleting unusued containers and images, and then it will resort to evicting pods. +On a node that has a nodefs and an imagefs, the kubelet will +[garbage collect](/docs/concepts/architecture/garbage-collection/#containers-images) unused container images +on imagefs and will remove dead pods and their containers from the nodefs. +If there is only a nodefs, then Kubernetes garbage collection includes dead containers, dead pods and unused images. + +Kubernetes allows more configurations for determining if your disk is full. +The eviction manager within the kubelet has some configuration settings that let you control +the relevant thresholds. +For filesystems, the relevant measurements are `nodefs.available`, `nodefs.inodesfree`, `imagefs.available`, and `imagefs.inodesfree`. +If there is not a dedicated disk for the container runtime then imagefs is ignored. + +Users can use the existing defaults: + +- `memory.available` < 100MiB +- `nodefs.available` < 10% +- `imagefs.available` < 15% +- `nodefs.inodesFree` < 5% (Linux nodes) + +Kubernetes allows you to set user defined values in `EvictionHard` and `EvictionSoft` in the kubelet configuration file. + +`EvictionHard` +: defines limits; once these limits are exceeded, pods will be evicted without any grace period. + +`EvictionSoft` +: defines limits; once these limits are exceeded, pods will be evicted with a grace period that can be set per signal. + +If you specify a value for `EvictionHard`, it will replace the defaults. +This means it is important to set all signals in your configuration. + +For example, the following kubelet configuration could be used to configure [eviction signals](/docs/concepts/scheduling-eviction/node-pressure-eviction/#eviction-signals-and-thresholds) and grace period options. + +```yaml +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +address: "192.168.0.8" +port: 20250 +serializeImagePulls: false +evictionHard: + memory.available: "100Mi" + nodefs.available: "10%" + nodefs.inodesFree: "5%" + imagefs.available: "15%" + imagefs.inodesFree: "5%" +evictionSoft: + memory.available: "100Mi" + nodefs.available: "10%" + nodefs.inodesFree: "5%" + imagefs.available: "15%" + imagefs.inodesFree: "5%" +evictionSoftGracePeriod: + memory.available: "1m30s" + nodefs.available: "2m" + nodefs.inodesFree: "2m" + imagefs.available: "2m" + imagefs.inodesFree: "2m" +evictionMaxPodGracePeriod: 60s +``` + +### Problems + +The Kubernetes project recommends that you either use the default settings for eviction or you set all the fields for eviction. +You can use the default settings or specify your own `evictionHard` settings. If you miss a signal, then Kubernetes will not monitor that resource. +One common misconfiguration administrators or users can hit is mounting a new filesystem to `/var/lib/containers/storage` or `/var/lib/containerd`. +Kubernetes will detect a separate filesystem, so you want to make sure to check that `imagefs.inodesfree` and `imagefs.available` match your needs if you've done this. + +Another area of confusion is that ephemeral storage reporting does not change if you define an image +filesystem for your node. The image filesystem (`imagefs`) is used to store container image layers; if a +container writes to its own root filesystem, that local write doesn't count towards the size of the container image. The place where the container runtime stores those local modifications is runtime-defined, but is often +the image filesystem. +If a container in a pod is writing to a filesystem-backed `emptyDir` volume, then this uses space from the +`nodefs` filesystem. +The kubelet always reports ephemeral storage capacity and allocations based on the filesystem represented +by `nodefs`; this can be confusing when ephemeral writes are actually going to the image filesystem. + +### Future work + +To fix the ephemeral storage reporting limitations and provide more configuration options to the container runtime, SIG Node are working on [KEP-4191](http://kep.k8s.io/4191). +In KEP-4191, Kubernetes will detect if the writeable layer is separated from the read-only layer (images). +This would allow us to have all ephemeral storage, including the writeable layer, on the same disk as well as allowing for a separate disk for images. + +### Getting involved + +If you would like to get involved, you can +join [Kubernetes Node Special-Interest-Group](https://github.com/kubernetes/community/tree/master/sig-node) (SIG). + +If you would like to share feedback, you can do so on our +[#sig-node](https://kubernetes.slack.com/archives/C0BP8PW9G) Slack channel. +If you're not already part of that Slack workspace, you can visit https://slack.k8s.io/ for an invitation. + +Special thanks to all the contributors who provided great reviews, shared valuable insights or suggested the topic idea. + +- Peter Hunt +- Mrunal Patel +- Ryan Phillips +- Gaurav Singh From 29ff08aca7f17db3f0214cd50d7fe4d5c031b3f2 Mon Sep 17 00:00:00 2001 From: Arhell Date: Tue, 16 Jan 2024 00:12:28 +0200 Subject: [PATCH 220/279] [zh] Update feature state for TopologyManager --- content/zh-cn/docs/concepts/architecture/nodes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/zh-cn/docs/concepts/architecture/nodes.md b/content/zh-cn/docs/concepts/architecture/nodes.md index 92e6e9a7a2d95..628351fa25d5c 100644 --- a/content/zh-cn/docs/concepts/architecture/nodes.md +++ b/content/zh-cn/docs/concepts/architecture/nodes.md @@ -534,7 +534,7 @@ If you want to explicitly reserve resources for non-Pod processes, see --> ## 节点拓扑 {#node-topology} -{{< feature-state state="beta" for_k8s_version="v1.18" >}} +{{< feature-state state="stable" for_k8s_version="v1.27" >}} at typo --- content/en/docs/tasks/administer-cluster/encrypt-data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md index 7c89b2fc82824..6eb994078e616 100644 --- a/content/en/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/en/docs/tasks/administer-cluster/encrypt-data.md @@ -573,7 +573,7 @@ as plaintext. {{< warning >}} Making this change prevents the API server from retrieving resources that are marked -as encrypted as rest, but are actually stored in the clear. +as encrypted at rest, but are actually stored in the clear. When you have configured encryption at rest for an API (for example: the API kind `Secret`, representing `secrets` resources in the core API group), you **must** ensure From 09e79db50630c859a8eafcf02f16e5cb3f477430 Mon Sep 17 00:00:00 2001 From: Christine K <125943705+karistom@users.noreply.github.com> Date: Thu, 18 Jan 2024 03:01:14 +1100 Subject: [PATCH 233/279] Add example command to create /etc/apt/keyrings directory (#43626) * create folder for key The following command will fail without the folder created manually beforhand. ``` curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg ``` * updated instruction updated according to the comment in the PR * updated mkdir part * Updated mkdir --- .../tools/kubeadm/install-kubeadm.md | 6 ++++++ content/en/docs/tasks/tools/install-kubectl-linux.md | 10 ++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md index 11f0d1095124a..8690c951014b4 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md @@ -182,8 +182,14 @@ These instructions are for Kubernetes {{< skew currentVersion >}}. The same signing key is used for all repositories so you can disregard the version in the URL: ```shell + # If the folder `/etc/apt/keyrings` does not exist, it should be created before the curl command, read the note below. + # sudo mkdir -p -m 755 /etc/apt/keyrings curl -fsSL https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg ``` + +{{< note >}} +In releases older than Debian 12 and Ubuntu 22.04, folder `/etc/apt/keyrings` does not exist by default, and it should be created before the curl command. +{{< /note >}} {{< note >}} In releases older than Debian 12 and Ubuntu 22.04, `/etc/apt/keyrings` does not exist by default; diff --git a/content/en/docs/tasks/tools/install-kubectl-linux.md b/content/en/docs/tasks/tools/install-kubectl-linux.md index ef7a87889a935..1e91727a4a5e6 100644 --- a/content/en/docs/tasks/tools/install-kubectl-linux.md +++ b/content/en/docs/tasks/tools/install-kubectl-linux.md @@ -136,8 +136,14 @@ The following methods exist for installing kubectl on Linux: 2. Download the public signing key for the Kubernetes package repositories. The same signing key is used for all repositories so you can disregard the version in the URL: ```shell + # If the folder `/etc/apt/keyrings` does not exist, it should be created before the curl command, read the note below. + # sudo mkdir -p -m 755 /etc/apt/keyrings curl -fsSL https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg ``` + +{{< note >}} +In releases older than Debian 12 and Ubuntu 22.04, folder `/etc/apt/keyrings` does not exist by default, and it should be created before the curl command. +{{< /note >}} 3. Add the appropriate Kubernetes `apt` repository. If you want to use Kubernetes version different than {{< param "version" >}}, replace {{< param "version" >}} with the desired minor version in the command below: @@ -158,10 +164,6 @@ To upgrade kubectl to another minor release, you'll need to bump the version in sudo apt-get install -y kubectl ``` -{{< note >}} -In releases older than Debian 12 and Ubuntu 22.04, `/etc/apt/keyrings` does not exist by default, and can be created using `sudo mkdir -m 755 /etc/apt/keyrings` -{{< /note >}} - {{% /tab %}} {{% tab name="Red Hat-based distributions" %}} From 4c12390b7480e0efd891385326d1b75a1fd12ab0 Mon Sep 17 00:00:00 2001 From: DeltaX Date: Thu, 18 Jan 2024 01:43:16 +0800 Subject: [PATCH 234/279] [zh] Sync network-plugins.md fix link anchor --- .../extend-kubernetes/compute-storage-net/network-plugins.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md b/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md index e15175be0b400..1b0a4b4563a9d 100644 --- a/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md +++ b/content/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md @@ -88,10 +88,10 @@ documentation for that Container Runtime, for example: 要了解如何安装和管理 CNI 插件的具体信息,可参阅对应的插件或 -[网络驱动(Networking Provider)](/zh-cn/docs/concepts/cluster-administration/networking/#how-to-implement-the-kubernetes-networking-model) +[网络驱动(Networking Provider)](/zh-cn/docs/concepts/cluster-administration/networking/#how-to-implement-the-kubernetes-network-model) 的文档。 -{{< cncf-landscape helpers=true category="certified-kubernetes-hosted" >}} +{{< cncf-landscape helpers=true category="platform--certified-kubernetes-hosted" >}} diff --git a/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md b/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md index 90054fafa4f38..eea8419e7f169 100644 --- a/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md +++ b/content/en/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md @@ -62,12 +62,12 @@ then exposes them to Kubernetes via an adapter by implementing either the Kubernetes is designed to work with [OpenMetrics](https://openmetrics.io/), which is one of the -[CNCF Observability and Analysis - Monitoring Projects](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars), +[CNCF Observability and Analysis - Monitoring Projects](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--monitoring), built upon and carefully extending [Prometheus exposition format](https://prometheus.io/docs/instrumenting/exposition_formats/) in almost 100% backwards-compatible ways. If you glance over at the -[CNCF Landscape](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars), +[CNCF Landscape](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--monitoring), you can see a number of monitoring projects that can work with Kubernetes by _scraping_ metric data and using that to help you observe your cluster. It is up to you to select the tool or tools that suit your needs. The CNCF landscape for observability and analytics includes a @@ -82,7 +82,7 @@ the scope of Kubernetes documentation because of the very wide scope of possible solutions. The choice of monitoring platform depends heavily on your needs, budget, and technical resources. -Kubernetes does not recommend any specific metrics pipeline; [many options](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars) are available. +Kubernetes does not recommend any specific metrics pipeline; [many options](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--monitoring) are available. Your monitoring system should be capable of handling the [OpenMetrics](https://openmetrics.io/) metrics transmission standard, and needs to chosen to best fit in to your overall design and deployment of your infrastructure platform. diff --git a/content/en/partners/_index.html b/content/en/partners/_index.html index 80078ae76bf73..7ce5cd0d14e2d 100644 --- a/content/en/partners/_index.html +++ b/content/en/partners/_index.html @@ -16,7 +16,7 @@

    • - {{< cncf-landscape helpers=false category="kubernetes-training-partner" >}} + {{< cncf-landscape helpers=false category="special--kubernetes-training-partner" >}}
    diff --git a/content/es/partners/_index.html b/content/es/partners/_index.html index afb2f6128f1de..f0a11d7dba791 100644 --- a/content/es/partners/_index.html +++ b/content/es/partners/_index.html @@ -16,8 +16,8 @@

    Proveedores de servicios con amplia experiencia ayudando a las empresas a adoptar Kubernetes con éxito.


    - -

    Conviértete en + +

    Conviértete en KCSP?
    @@ -27,8 +27,8 @@
    Certified Kubernetes Distributions, Hosted Platforms, and Installers
    La conformidad del software garantiza que la versión de Kubernetes de cada proveedor sea compatible con las API requeridas.


    - -

    Conviértete en + +

    Conviértete en Certified Kubernetes?
    @@ -39,8 +39,8 @@

    Partners de formación que ofrecen cursos de alta calidad y con una amplia experiencia en formación de tecnologías nativas de la nube.


    - -

    Conviértete en + +

    Conviértete en KTP? diff --git a/content/fr/partners/_index.html b/content/fr/partners/_index.html index 164c8f6fc4d8a..a848455d04a09 100644 --- a/content/fr/partners/_index.html +++ b/content/fr/partners/_index.html @@ -17,8 +17,8 @@

    Des fournisseurs de services aguerris ayant une expérience approfondie dans l'aide aux entreprises pour l'adoption de Kubernetes.


    - -

    Intéressé par devenir un + +

    Intéressé par devenir un KCSP ? @@ -28,8 +28,8 @@
    Distributions Kubernetes, plates-formes hébergées et installateurs certifiés
    La conformité logicielle garantit que chaque version de Kubernetes du fournisseur prend en charge les API requises.


    - -

    Intéressé par devenir + +

    Intéressé par devenir Agréé Kubernetes ? @@ -40,8 +40,8 @@

    Fournisseurs de formation sélectionnés ayant une expérience approfondie de la formation aux technologies cloud natives.


    - -

    Intéressé par devenir un + +

    Intéressé par devenir un KTP ? @@ -52,4 +52,3 @@
    - diff --git a/content/hi/docs/setup/production-environment/turnkey-solutions.md b/content/hi/docs/setup/production-environment/turnkey-solutions.md index 735a800c1b9cd..53da3fa0b39c9 100644 --- a/content/hi/docs/setup/production-environment/turnkey-solutions.md +++ b/content/hi/docs/setup/production-environment/turnkey-solutions.md @@ -9,4 +9,4 @@ weight: 30 -{{< cncf-landscape helpers=true category="certified-kubernetes-hosted" >}} \ No newline at end of file +{{< cncf-landscape helpers=true category="platform--certified-kubernetes-hosted" >}} diff --git a/content/it/partners/_index.html b/content/it/partners/_index.html index 0787dc644314f..806da127c6774 100644 --- a/content/it/partners/_index.html +++ b/content/it/partners/_index.html @@ -16,8 +16,8 @@

    Fornitori di servizi riconosciuti e con grande esperienza nell'aiutare le imprese ad adottare con successo Kubernetes.


    - -

    Interessato a diventare un partner + +

    Interessato a diventare un partner KCSP? @@ -27,8 +27,8 @@
    Distribuzioni di Kubernetes Certificate, Certified Hosted Platforms and Software di installazione Certificati
    La conformità del software assicura che le versioni di Kubernetes prodotte da ogni fornitore supportino coerentemente le API necessarie.


    - -

    Interessato a diventare un partner + +

    Interessato a diventare un partner certificato Kubernetes? @@ -39,8 +39,8 @@

    Professionisti riconosciuti e certificati, con solida esperienza nella formazione su tecnologie Cloud Native.


    - -

    Interessato a diventare un partner + +

    Interessato a diventare un partner KTP? diff --git a/content/it/training/_index.html b/content/it/training/_index.html index 051fc87557dbc..0a90e5c351744 100644 --- a/content/it/training/_index.html +++ b/content/it/training/_index.html @@ -112,6 +112,6 @@

    Partner per la formazione Kubernetes

    - {{< cncf-landscape helpers=false category="kubernetes-training-partner" >}} + {{< cncf-landscape helpers=false category="special--kubernetes-training-partner" >}}
    diff --git a/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md b/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md index 3558405bcd8ef..4d92d4ae0aa01 100644 --- a/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md +++ b/content/ja/blog/_posts/2022-02-17-updated-dockershim-faq.md @@ -87,7 +87,7 @@ Kubernetes v1.24以降を実行している場合は、[Docker Engineを引き しかし、他の選択のほうがあなたの環境により適合する場合もありますので、 [CNCF landscape]にあるすべての選択肢を検討されることをおすすめします。 -[CNCF landscape]: https://landscape.cncf.io/card-mode?category=container-runtime&grouping=category +[CNCF landscape]: https://landscape.cncf.io/?group=projects-and-products&view-mode=card#runtime--container-runtime #### Docker Engineを引き続きコンテナランタイムとして利用できますか? {#can-i-still-use-docker-engine-as-my-container-runtime} diff --git a/content/ja/docs/setup/production-environment/turnkey-solutions.md b/content/ja/docs/setup/production-environment/turnkey-solutions.md index 195cbdb380bfc..f78a2043dd338 100644 --- a/content/ja/docs/setup/production-environment/turnkey-solutions.md +++ b/content/ja/docs/setup/production-environment/turnkey-solutions.md @@ -10,4 +10,4 @@ weight: 40 -{{< cncf-landscape helpers=true category="certified-kubernetes-hosted" >}} +{{< cncf-landscape helpers=true category="platform--certified-kubernetes-hosted" >}} diff --git a/content/ja/partners/_index.html b/content/ja/partners/_index.html index 6184e464c7602..7e9ceb1bd3219 100644 --- a/content/ja/partners/_index.html +++ b/content/ja/partners/_index.html @@ -16,7 +16,7 @@

    企業のKubernetes導入を支援してきた豊富な経験を持つ、熟練のサービスプロバイダーです。


    - +

    KCSPに興味がありますか? @@ -26,7 +26,7 @@
    認定Kubernetesディストリビューション、マネージド環境、およびインストーラー
    ソフトウェアの適合性により、すべてのベンダーのバージョンのKubernetesが必要なAPIを確実にサポートします。


    - +

    Kubernetes Certifiedに興味がありますか? @@ -37,7 +37,7 @@

    クラウドネイティブな技術のトレーニングに長けた、熟練のトレーニングプロバイダーです。


    - +

    KTPに興味がありますか? diff --git a/content/ja/training/_index.html b/content/ja/training/_index.html index b3e7dc064871d..39f843b81c58c 100644 --- a/content/ja/training/_index.html +++ b/content/ja/training/_index.html @@ -112,6 +112,6 @@

    Kubernetesトレーニングパートナー

    - {{< cncf-landscape helpers=false category="kubernetes-training-partner" >}} + {{< cncf-landscape helpers=false category="special--kubernetes-training-partner" >}}
    diff --git a/content/ko/docs/setup/production-environment/turnkey-solutions.md b/content/ko/docs/setup/production-environment/turnkey-solutions.md index af45271507b79..19917e4b5f219 100644 --- a/content/ko/docs/setup/production-environment/turnkey-solutions.md +++ b/content/ko/docs/setup/production-environment/turnkey-solutions.md @@ -11,4 +11,4 @@ weight: 40 -{{< cncf-landscape helpers=true category="certified-kubernetes-hosted" >}} +{{< cncf-landscape helpers=true category="platform--certified-kubernetes-hosted" >}} diff --git a/content/ko/partners/_index.html b/content/ko/partners/_index.html index 429a7890717dc..9ed94d7a7f8fd 100644 --- a/content/ko/partners/_index.html +++ b/content/ko/partners/_index.html @@ -16,7 +16,7 @@

    기업들이 쿠버네티스를 성공적으로 채택하도록 도와주는 풍부한 경험을 가진 노련한 서비스 공급자입니다.


    - +

    KCSP에 관심이 있으신가요? @@ -39,7 +39,7 @@

    클라우드 네이티브 기술 교육 경험이 풍부하고 노련한 교육 공급자입니다.


    - +

    KTP에 관심이 있으신가요? diff --git a/content/ko/training/_index.html b/content/ko/training/_index.html index ac028b60055b8..8eb9f5d9e6cd5 100644 --- a/content/ko/training/_index.html +++ b/content/ko/training/_index.html @@ -132,6 +132,6 @@

    쿠버네티스 교육 파트너

    - {{< cncf-landscape helpers=false category="kubernetes-training-partner" >}} + {{< cncf-landscape helpers=false category="special--kubernetes-training-partner" >}}
    diff --git a/content/pl/training/_index.html b/content/pl/training/_index.html index e8baf9555e7a7..005595c349f48 100644 --- a/content/pl/training/_index.html +++ b/content/pl/training/_index.html @@ -132,6 +132,6 @@

    Partnerzy szkoleniowi Kubernetes

    - {{< cncf-landscape helpers=false category="kubernetes-training-partner" >}} + {{< cncf-landscape helpers=false category="special--kubernetes-training-partner" >}}
    diff --git a/content/pt-br/blog/_posts/2022-02-17-updated-dockershim-faq.md b/content/pt-br/blog/_posts/2022-02-17-updated-dockershim-faq.md index 77e1ce0e6f1b8..10bffea8aa386 100644 --- a/content/pt-br/blog/_posts/2022-02-17-updated-dockershim-faq.md +++ b/content/pt-br/blog/_posts/2022-02-17-updated-dockershim-faq.md @@ -143,7 +143,7 @@ terá um desempenho estritamente melhor e menos sobrecarga. No entanto, nós enc explorar todas as opções do [cenário CNCF], pois outro agente de execução de contêiner pode funcionar ainda melhor para o seu ambiente. -[cenário CNCF]: https://landscape.cncf.io/card-mode?category=container-runtime&grouping=category +[cenário CNCF]: https://landscape.cncf.io/?group=projects-and-products&view-mode=card#runtime--container-runtime ### O que devo ficar atento ao mudar a minha implementação de CRI utilizada? diff --git a/content/pt-br/partners/_index.html b/content/pt-br/partners/_index.html index 88383f3c51b6e..d656e1a06a700 100644 --- a/content/pt-br/partners/_index.html +++ b/content/pt-br/partners/_index.html @@ -14,10 +14,10 @@
    O Kubernetes trabalha com parceiros para criar uma base de código forte e v
    Provedores de serviços certificados em Kubernetes
    -
    Provedores de serviços certificados, com profunda experiência em ajudar empresas a adotar Kubernetes com sucesso. +
    Provedores de serviços certificados, com profunda experiência em ajudar empresas a adotar Kubernetes com sucesso.


    - -

    Interessado em se tornar um + +

    Interessado em se tornar um KCSP? @@ -27,8 +27,8 @@
    Distribuições certificadas do Kubernetes, plataformas hospedadas e instaladores
    A conformidade com o software garante que a versão de cada fornecedor do Kubernetes suporte as APIs necessárias.


    - -

    Interessado em se tornar + +

    Interessado em se tornar Kubernetes Certified? @@ -39,8 +39,8 @@

    Provedores de treinamento certificados que têm profunda experiência em treinamento em tecnologia nativa em nuvem.


    - -

    Interessado em se tornar um + +

    Interessado em se tornar um KTP? diff --git a/content/vi/partners/_index.html b/content/vi/partners/_index.html index 3ea37f2242a0d..382afa9485fab 100644 --- a/content/vi/partners/_index.html +++ b/content/vi/partners/_index.html @@ -16,8 +16,8 @@

    Các nhà cung cấp dịch vụ được chứng nhận với bề dày kinh nghiệm sẽ trợ giúp các tổ chức kinh doanh, các công ty ứng dụng Kubernetes nhanh chóng.


    - -

    Bạn muốn trở thành một + +

    Bạn muốn trở thành một KCSP? @@ -27,8 +27,8 @@
    Các nhà phân phối Kubernetes, dịch vụ hosting, dịch vụ cài đặt
    Tiêu chuẩn tương thích về phần mềm bảo đảm rằng các phiên bản Kubernetes từ các nhà cung cấp sẽ hỗ trợ các bộ API được yêu cầu bởi khách hàng.


    - -

    Bạn muốn trở thành một + +

    Bạn muốn trở thành một Kubernetes Certified? @@ -39,8 +39,8 @@

    Các đối tác đào tạo được chứng nhận đã và đang sở hữu bề dày kinh nghiệm trong lĩnh vực đám mây.


    - -

    Bạn muốn trở thành một + +

    Bạn muốn trở thành một KTP? diff --git a/content/zh-cn/blog/_posts/2020-12-02-dockershim-faq.md b/content/zh-cn/blog/_posts/2020-12-02-dockershim-faq.md index e36f426c9c08b..d1de1d3610a81 100644 --- a/content/zh-cn/blog/_posts/2020-12-02-dockershim-faq.md +++ b/content/zh-cn/blog/_posts/2020-12-02-dockershim-faq.md @@ -237,7 +237,7 @@ even better fit for your environment. --> 这是一个复杂的问题,依赖于许多因素。 在 Docker 工作良好的情况下,迁移到 containerd 是一个相对容易的转换,并将获得更好的性能和更少的开销。 -然而,我们建议你先探索 [CNCF 全景图](https://landscape.cncf.io/card-mode?category=container-runtime&grouping=category) +然而,我们建议你先探索 [CNCF 全景图](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#runtime--container-runtime) 提供的所有选项,以做出更适合你的环境的选择。 -

    基于使用内部平台的成果和学习,公司向外部客户推出了基于 Kubernetes 的云和微服务型 PaaS 产品,NetEase 轻舟微服务。“我们的想法是,我们可以找到我们的游戏和电子商务以及云音乐提供商遇到的问题,所以我们可以整合他们的体验,并提供一个平台,以满足所有用户的需求,”Zeng Yuxing 说。

    +

    基于使用内部平台的成果和学习,公司向外部客户推出了基于 Kubernetes 的云和微服务型 PaaS 产品,NetEase 轻舟微服务。“我们的想法是,我们可以找到我们的游戏和电子商务以及云音乐提供商遇到的问题,所以我们可以整合他们的体验,并提供一个平台,以满足所有用户的需求,”Zeng Yuxing 说。

    -

    作为最终用户和供应商,NetEase 已经更多地参与社区,向其他公司学习,分享他们所做的工作。该团队一直在为 Harbor 和 Envoy 项目做出贡献,在 NetEase 进行规模测试技术时提供反馈。“我们是一个团队,专注于应对微服务架构的挑战,”Feng Changjian 说。“通过与这个社区接触,我们可以从中获得一些经验,我们也可以从中获益。我们可以看到社区所关心的问题和挑战,以便我们参与其中。”

    +

    作为最终用户和供应商,NetEase 已经更多地参与社区,向其他公司学习,分享他们所做的工作。该团队一直在为 Harbor 和 Envoy 项目做出贡献,在 NetEase 进行规模测试技术时提供反馈。“我们是一个团队,专注于应对微服务架构的挑战,”Feng Changjian 说。“通过与这个社区接触,我们可以从中获得一些经验,我们也可以从中获益。我们可以看到社区所关心的问题和挑战,以便我们参与其中。”

    \ No newline at end of file diff --git a/content/zh-cn/docs/setup/production-environment/turnkey-solutions.md b/content/zh-cn/docs/setup/production-environment/turnkey-solutions.md index 42855f07783e7..f54a8b853b144 100644 --- a/content/zh-cn/docs/setup/production-environment/turnkey-solutions.md +++ b/content/zh-cn/docs/setup/production-environment/turnkey-solutions.md @@ -22,4 +22,4 @@ ready clusters. -{{< cncf-landscape helpers=true category="certified-kubernetes-hosted" >}} +{{< cncf-landscape helpers=true category="platform--certified-kubernetes-hosted" >}} diff --git a/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md b/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md index 15744bb9d6f78..100ac34637542 100644 --- a/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md +++ b/content/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring.md @@ -111,25 +111,25 @@ Kubernetes 还可以根据集群的当前状态,使用 Pod 水平自动扩缩 Kubernetes 在设计上保证能够与 [OpenMetrics](https://openmetrics.io/) 一同使用, -OpenMetrics 是 -[CNCF 可观测性和分析 - 监控项目](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars)之一, +OpenMetrics 是 +[CNCF 可观测性和分析 - 监控项目](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--monitoring)之一, 它构建于 [Prometheus 暴露格式](https://prometheus.io/docs/instrumenting/exposition_formats/)之上, 并对其进行了扩展,这些扩展几乎 100% 向后兼容。 -如果你浏览 [CNCF Landscape](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars), +如果你浏览 [CNCF Landscape](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--monitoring), 你可以看到许多监控项目,它们可以用在 Kubernetes 上,**抓取**指标数据并利用这些数据来观测你的集群, 选择哪种工具或哪些工具可以满足你的需求,这完全取决于你自己。 CNCF 的可观测性和分析景观包括了各种开源软件、付费的软件即服务(SaaS)以及其他混合商业产品。 @@ -148,7 +148,7 @@ the scope of Kubernetes documentation because of the very wide scope of possible solutions. The choice of monitoring platform depends heavily on your needs, budget, and technical resources. -Kubernetes does not recommend any specific metrics pipeline; [many options](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars) are available. +Kubernetes does not recommend any specific metrics pipeline; [many options](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--monitoring) are available. Your monitoring system should be capable of handling the [OpenMetrics](https://openmetrics.io/) metrics transmission standard, and needs to chosen to best fit in to your overall design and deployment of your infrastructure platform. @@ -158,7 +158,7 @@ your infrastructure platform. 监控平台的选择在很大程度上取决于你的需求、预算和技术资源。 Kubernetes 不推荐任何特定的指标管道; -可使用[许多选项](https://landscape.cncf.io/card-mode?category=monitoring&project=graduated,incubating,member,no&grouping=category&sort=stars)。 +可使用[许多选项](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--monitoring)。 你的监控系统应能够处理 [OpenMetrics](https://openmetrics.io/) 指标传输标准, 并且需要选择最适合基础设施平台的整体设计和部署。 diff --git a/content/zh-cn/partners/_index.html b/content/zh-cn/partners/_index.html index 5e87b88a5ca8a..5be8838317e57 100644 --- a/content/zh-cn/partners/_index.html +++ b/content/zh-cn/partners/_index.html @@ -27,8 +27,8 @@

    经过审核的服务提供商在帮助企业成功采用 Kubernetes 方面有深厚的经验。


    - - + +

    想要成为 @@ -43,8 +43,8 @@
    软件合规性确保各厂商的 Kubernetes 版本都支持必需的 API。


    - - + +

    想要成为 @@ -60,8 +60,8 @@

    经过审核的培训机构在云原生技术培训方面有深厚的经验。


    - - + +

    想要成为 diff --git a/content/zh-cn/training/_index.html b/content/zh-cn/training/_index.html index f63874c745aef..8e5cefa80e2ae 100644 --- a/content/zh-cn/training/_index.html +++ b/content/zh-cn/training/_index.html @@ -193,6 +193,6 @@

    Kubernetes 培训合作伙伴

    - {{< cncf-landscape helpers=false category="kubernetes-training-partner" >}} + {{< cncf-landscape helpers=false category="special--kubernetes-training-partner" >}}
    diff --git a/layouts/shortcodes/cncf-landscape.html b/layouts/shortcodes/cncf-landscape.html index 22b05d3ff0e38..81985300d31cb 100644 --- a/layouts/shortcodes/cncf-landscape.html +++ b/layouts/shortcodes/cncf-landscape.html @@ -10,12 +10,12 @@ console.log({button: button,shouldUpdateFragment: shouldUpdateFragment}); try { if(shouldUpdateFragment) { - window.location.hash = "#"+button.id; + window.location.hash = "#iframe-landscape-"+button.id; // hash change handler will call us again with shouldUpdateFragment set false } else { var landscapeElements = document.querySelectorAll("#landscape"); let categories=button.dataset.landscapeTypes; - let link = "https://landscape.cncf.io/card-mode?category="+encodeURIComponent(categories)+"&grouping=category&embed=yes"; + let link = `https://landscape.cncf.io/embed/embed.html?key=${encodeURIComponent(categories)}&headers=false&style=shadowed&size=md&bg-color=%23d95e00&fg-color=%23ffffff&iframe-resizer=true` landscapeElements[0].src = link; } } @@ -57,11 +57,27 @@ {{- end -}}
    + {{ if ( .Get "category" ) }} - + + {{ else }} - + + + + + {{ end }} -
    {{- end -}} From 602a2e0121d79e1937912809d7ce6ef4813154c7 Mon Sep 17 00:00:00 2001 From: xin gu <418294249@qq.com> Date: Wed, 17 Jan 2024 22:05:25 +0800 Subject: [PATCH 240/279] sync configure-service-account horizontal-pod-autoscale-walkthrough install-kubectl-macos Update install-kubectl-macos.md --- .../configure-pod-container/configure-service-account.md | 8 ++++---- .../horizontal-pod-autoscale-walkthrough.md | 9 +++++++++ content/zh-cn/docs/tasks/tools/install-kubectl-macos.md | 6 +++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md index 21f76bec46c69..475e027b9686f 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md @@ -303,7 +303,7 @@ token might be shorter, or could even be longer). 当启用了 `ServiceAccountTokenNodeBinding` 和 `ServiceAccountTokenNodeBindingValidation` @@ -315,7 +315,7 @@ KUBECTL_NODE_BOUND_TOKENS=true kubectl create token build-robot --bound-object-k ``` 此令牌将有效直至其过期或关联的 `Node` 或服务账户被删除。 @@ -476,7 +476,7 @@ Next, verify it has been created. For example: 所描述的,生成一个镜像拉取 Secret: ```shell - kubectl create secret docker-registry myregistrykey --docker-server=DUMMY_SERVER \ + kubectl create secret docker-registry myregistrykey --docker-server= \ --docker-username=DUMMY_USERNAME --docker-password=DUMMY_DOCKER_PASSWORD \ --docker-email=DUMMY_DOCKER_EMAIL ``` @@ -578,7 +578,7 @@ ServiceAccount, the new Pod has its `spec.imagePullSecrets` field set automatica 新 Pod 的 `spec.imagePullSecrets` 会被自动设置。 ```shell -kubectl run nginx --image=nginx --restart=Never +kubectl run nginx --image=/nginx --restart=Never kubectl get pod nginx -o=jsonpath='{.spec.imagePullSecrets[0].name}{"\n"}' ``` diff --git a/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md index ccfc0a7a44520..7cf807be88b78 100644 --- a/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md +++ b/content/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md @@ -89,6 +89,15 @@ Kubernetes Metrics Server 从集群中的 {{}}, run the following command to enable metrics-server: +--> +如果你正在运行 {{< glossary_tooltip term_id="minikube" >}},运行以下命令以启用 metrics-server: + +```shell +minikube addons enable metrics-server +``` + -1. 安装插件后,清理安装文件: +1. 安装并验证 kubectl 后,删除校验和文件: ```bash - rm kubectl kubectl.sha256 + rm kubectl.sha256 ``` Cosign 2.0 需要指定 `--certificate-identity` 和 `--certificate-oidc-issuer` 选项。 想要进一步了解无密钥签名,请参考 -[Keyless Signatures](https://github.com/sigstore/cosign/blob/main/KEYLESS.md#keyless-signatures)。 +[Keyless Signatures](https://docs.sigstore.dev/signing/overview/)。 Cosign 的早期版本还需要设置 `COSIGN_EXPERIMENTAL=1`。 From 12a058e0199dea00b8451954b75f3a9470984fda Mon Sep 17 00:00:00 2001 From: Maksym Vlasov Date: Fri, 19 Jan 2024 21:47:09 +0200 Subject: [PATCH 244/279] Add general contibution workflow to language-specific-localization-guide --- content/uk/docs/contribute/localization_uk.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/content/uk/docs/contribute/localization_uk.md b/content/uk/docs/contribute/localization_uk.md index a81dcddb0f1d4..f96dbeffc2a52 100644 --- a/content/uk/docs/contribute/localization_uk.md +++ b/content/uk/docs/contribute/localization_uk.md @@ -18,6 +18,27 @@ anchors: +## Загальний процес + +1. Виберіть одне з [найбільш витребуваних ішьюзів](https://github.com/kubernetes-i18n-ukrainian/website/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+no%3Aassignee+label%3A%22most+wanted%22) або [будь-яке ішью](https://github.com/kubernetes-i18n-ukrainian/website/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+no%3Aassignee) і залиште в ньому коментар на кшталт "Працюю над цим". Ми надішлемо вам запрошення до організації та закріпимо цей ішьюз за вами. +2. Зробіть форк [k/website](https://github.com/kubernetes/website). +3. Прочитайте цей документ. +4. Перекладіть +5. Створіть пул-реквест в [k/website](https://github.com/kubernetes/website). + +Якщо вам знадобиться допомога, зареєструйтеся в [Slack Kubernetes](https://slack.k8s.io/), приєднайтеся до каналу [`#kubernetes-docs-uk`](https://kubernetes.slack.com/archives/CSKCYN138) і спитайте там. + +### Отримання допомоги +Якщо ви виявили проблеми з перекладеним вмістом, [створіть проблему на k/website](https://github.com/kubernetes/website/issues/new/choose) за допомогою `/language uk`. + +[kubernetes-i18n-ukrainian/website](https://github.com/kubernetes-i18n-ukrainian/website) слід використовувати лише для спрощення процесу локалізації. + +### Існуючі проблеми/оновлення локалізації + +Якщо ви виявили проблеми з перекладеним вмістом і не можете негайно їх виправити, [створіть ішью у k/website](https://github.com/kubernetes/website/issues/new/choose) з описом що не так, на якій сторінці (посилання) і додайте в опис ішью з нового рядка `/language uk`. + +[kubernetes-i18n-ukrainian/website](https://github.com/kubernetes-i18n-ukrainian/website) слід використовувати лише для спрощення процесу локалізації. + ## Правила перекладу {#правила-перекладу} * Скопіюйте оригінал і додайте його перед перекладом у якості коментаря. Це потрібно для спрощення відслідковування змін і процесу ревью. Приклади: [для Markdown](https://github.com/kubernetes/website/blob/7774cc9f3582c5f94e40245cdd5855e3c206177e/content/uk/docs/tutorials/hello-minikube.md#L23-L35), [для YAML](https://github.com/kubernetes/website/blob/7774cc9f3582c5f94e40245cdd5855e3c206177e/content/uk/docs/tutorials/hello-minikube.md#L8-L14). From 5a244d33debff4bc106a4849c8babcb39d0bc766 Mon Sep 17 00:00:00 2001 From: aakashdeshamne <21512493.dypit@dypvp.edu.in> Date: Sat, 20 Jan 2024 13:22:43 +0530 Subject: [PATCH 245/279] change background color of cncf landscape --- layouts/shortcodes/cncf-landscape.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/layouts/shortcodes/cncf-landscape.html b/layouts/shortcodes/cncf-landscape.html index 81985300d31cb..5324ea1ee3f0c 100644 --- a/layouts/shortcodes/cncf-landscape.html +++ b/layouts/shortcodes/cncf-landscape.html @@ -59,7 +59,7 @@
    {{ if ( .Get "category" ) }} - + @@ -70,9 +70,9 @@ scroll-margin-top: 35px; } - - - + + +