From e002d734fc80c553359d99a09c8cf85cd34ac0e5 Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 25 Aug 2023 15:24:39 -0700
Subject: [PATCH 01/14] Add NeuVector Monitor chart version 2.6.2

---
 .../generated-changes/patch/Chart.yaml.patch                | 6 +++---
 .../generated-changes/patch/values.yaml.patch               | 2 +-
 packages/neuvector-monitor/package.yaml                     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/packages/neuvector-monitor/generated-changes/patch/Chart.yaml.patch b/packages/neuvector-monitor/generated-changes/patch/Chart.yaml.patch
index f343e0b11b..1069a89dd4 100644
--- a/packages/neuvector-monitor/generated-changes/patch/Chart.yaml.patch
+++ b/packages/neuvector-monitor/generated-changes/patch/Chart.yaml.patch
@@ -12,9 +12,9 @@
 +  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
 +  catalog.cattle.io/release-name: neuvector-monitor
 +  catalog.cattle.io/type: cluster-tool
-+  catalog.cattle.io/upstream-version: 2.6.0
++  catalog.cattle.io/upstream-version: 2.6.2
  apiVersion: v1
- appVersion: 5.2.0
+ appVersion: 5.2.1
 -description: Helm chart for NeuVector monitor services
 +description: Helm feature chart for NeuVector monitor services
  home: https://neuvector.com
@@ -28,4 +28,4 @@
 +name: neuvector-monitor
 +sources:
 +- https://github.com/neuvector/neuvector
- version: 2.6.0
+ version: 2.6.2
diff --git a/packages/neuvector-monitor/generated-changes/patch/values.yaml.patch b/packages/neuvector-monitor/generated-changes/patch/values.yaml.patch
index a37ff8af36..8b867eeea3 100644
--- a/packages/neuvector-monitor/generated-changes/patch/values.yaml.patch
+++ b/packages/neuvector-monitor/generated-changes/patch/values.yaml.patch
@@ -18,7 +18,7 @@
 -    repository: neuvector/prometheus-exporter
 -    tag: latest
 +    repository: rancher/mirrored-neuvector-prometheus-exporter
-+    tag: 5.2.0
++    tag: 5.2.1
    # changes this to a readonly user !
    CTRL_USERNAME: admin
    CTRL_PASSWORD: admin
diff --git a/packages/neuvector-monitor/package.yaml b/packages/neuvector-monitor/package.yaml
index 9f51ae0175..5a69c422be 100644
--- a/packages/neuvector-monitor/package.yaml
+++ b/packages/neuvector-monitor/package.yaml
@@ -1,2 +1,2 @@
-url: https://neuvector.github.io/neuvector-helm/monitor-2.6.0.tgz
-version: 102.0.3
+url: https://neuvector.github.io/neuvector-helm/monitor-2.6.2.tgz
+version: 102.0.4

From 16afa41a5abd72e35d8896646eeed229844d3135 Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 25 Aug 2023 15:24:47 -0700
Subject: [PATCH 02/14] make chart

---
 .../neuvector-monitor-102.0.4+up2.6.2.tgz     |  Bin 0 -> 7805 bytes
 .../102.0.4+up2.6.2/Chart.yaml                |   26 +
 .../102.0.4+up2.6.2/README.md                 |   22 +
 .../102.0.4+up2.6.2/app-readme.md             |    5 +
 .../dashboards/nv_dashboard.json              | 1828 +++++++++++++++++
 .../102.0.4+up2.6.2/questions.yaml            |   27 +
 .../102.0.4+up2.6.2/templates/_helpers.tpl    |   40 +
 .../102.0.4+up2.6.2/templates/dashboard.yaml  |   15 +
 .../templates/exporter-deployment.yaml        |   56 +
 .../templates/exporter-service.yaml           |   28 +
 .../templates/exporter-servicemonitor.yaml    |   39 +
 .../102.0.4+up2.6.2/templates/secret.yaml     |   15 +
 .../102.0.4+up2.6.2/values.yaml               |   51 +
 index.yaml                                    |   30 +
 14 files changed, 2182 insertions(+)
 create mode 100644 assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/README.md
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml
 create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml

diff --git a/assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz b/assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..cdad5831189a8458b1660480915e9d10bc0c6489
GIT binary patch
literal 7805
zcmV-@9)jT?iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDFbKADoXny8jfsgL}nta!iC0UXaO?%&SY`4w3Sv<CzzT7tB
zK;)5xh9p=3l&!}8-@n1aoz!B-Ys49kC1N``I6DrY0HP^4g0hBB10pEf+M8e|nltQs
zPrlOAYPDMZZdd(pwOYmh?S8xUq}}cAbUK}0tJitbYIplP?I)=9wE&p+L|kC@q;>7F
zij#XF4-Nt<upl(x0}CMs3+&Nx)4@V`&?I!r0Vc?ZfIC182hIdoWi^-Z(8IGvfPEOC
zw-CKoRE6GXs;X@BIT}J^3XBsP4AA%g`mx<?KX0}gE%XCwH#_R%_mwT>C_Kat43K`=
zNa>i*xB$Ph8RY}yksvy+EDeGAL^KvuVsuJe;EnN=4Nx*_)1m&>v|ZW6pe;93)M@UR
znRc3UCd$AA%)y|w#H^KV#4MC}@ggpOH3X$zWwj{ef&unZxH`>#vt!|qypP{Z+ZGPP
z<ZG|lX|^pFxWh;&)T>{>^U(;fh!`M8iVifQEJFYWQpABxi38l4P&t)}5FsCIZRId%
z5l8kJm*FWEnDI_?OvEG_MjV(!0|9|h=#IA9FSh$Tot@tQ;Xig-t^c0>*tI^x?2Iy(
z53B~_;6#jwndM^=2uuQC>OJ_Fcmu?vFr-ZU-#iEiX<QG%A%cquFtF;d&uPRQP<_TQ
zYfu$@N&WPbmEgMF>NH!;?mweYWBso9zbyZ!*o%OFO$D$({&#lzI|cdQYj=BV`F|VF
z2HJ-ajy!?%x-0HYIl|gNClkUE;RvG-yKi1MMwIzj2yoGecpxk6gX3WaXo?xZLk~C-
z6b%7|m~(Iu2?RxA0!V-#dRPE&TGrU3L+lxiBRr6w5YnRC0CWUn!UdZRkZoHQOTM|(
z`3$T{s71japzpu8q=*!Uj7*6KV;G<j_BdD;oJ;lwCi~t%uSWX)CW_yqGvawDph5ym
z0xq!UfomZIft-drK!QbJAw+yUHV`rhDVJ<AOVr_(PZ*;N+>8zi8TCO-AmWX9G}T<-
zaV$k8OwI%cV~H<`VnGo`46sWBZ-%6>L;qzVw0Cm!`t;Z1gQK^*Zw>|syFLlx*N3~u
z$G^Qh+K*pb2;q<%Po1o=;!~#~#U`Vk2dsfZGHAED-ECQ$PaQq4;*=56T4YaakynT6
zoky|z5_>ps<ST`H`8sPupf8u|ot&N#`OP5++?2|m1t6E7&@KFT#GoPjYYa_?4H5`o
z0rm#SmQdK&?We(`VE|%)Y#fH%e6!`W#|)2ffcG(<3@K)A0SB6X<g1LGVcTc}9cgu(
zzTZS-guoBQOd|*n!P7{P*wt_w6R38O4bx1qo@A8cT)SqmXWb@)^tlbI7H0z;I}C@C
z>IJYV_L`DCBqwkXo2skBgo2T41O(5wkuo9T;Ob%Gw~AZ!7;iu@;v9hjeUAnsGS*Zc
zhTcqm;MfnPxWFUHjjDSRj5pCRk}Nr*Ob#{%E`e{FP8o~_RmwKQaWn*mr6#L-H}vRm
zOWFfl`_zei2sCcCa7dcIyTLTHj)GPV>1Ss_f-xVU-#;2)mYAEFM?AT^nguJspUD5R
z{!hg8*69Si5EyTY@LHz8BK^PJ>lO6>PG@I(t^aT1`SNA!f6$cp1IhYIrAxv8qc73o
zOkjZiXY2CPlC`XZ^AHEFk`7Y-Av#i@mC@g{OudE_7bE~=r$&UVZKFn7uEa@G2O8eW
zuA1+)(J5=bn*w9R1#}^mQQ)Bdw)#l?<7hM@=g4lPok8HL&l<u#23P>X$rz)^^JeI;
z2z$zfmF%ftZ(6^B?p@Uvatt{S$*&HMI3P}aK>tp3jh^v{fah`~jUA8pL>fWLwjmrn
z9nKUs_TL`Mx+EAQ9)k0%X}uaDmQfo>>S9a+ZoDP+jtFgx3_*!hgr&J9fj7|3L9VQo
zM=%*B_>2n^oW^x(D=dX{kEcC-rzSA?art%4z?tAe_tG@_RX0vx&AnY2z>twZjF9~g
z-uMT%3%%)aSE01J&p8UrEUjc2<Mqj9Rm*E=Mb}b-dF~RcdUoxEviR1Yjl+&Eq`m54
z2ax?w8`-D!syvlKqfPTuv&g5hIbKP1+PIHH4V6ZH#bmbZD|L`tYkU5B-L<g2htE9y
z@5c7=HG=^Q^nYuo+bQb*Uca-}|F`iJSU2`on?)C?X&e`Hd0C7QekOrCK-vg?gG0*)
zfn6-{Ac>^~(}wA<k<gTt^RB*pSptNlKDtP?O;()i!b|Do7=K9_zow(pWb6U5+jdcE
z)sJi3vrFwf$!3Cnz`nP9(+d=kz=c4dZbl?sURnvBrYUsIKe@#0g(Z>l6Y+pIe+Gf<
zqypb6RhN=I9s%Wtn7{t>_&=Uj!-deJGwEhrNfIpJ|LxvRVgIMo?)TUB|E)ZAOc1ks
zqrmSt4Ea{V^!o{6RB`>ha9AUx6(V2>W>&_KsvQ$*g{jnxnbla{<=*286JSK(aiN9@
zq{vFrikBlxONuy{4^Uf$c04tphRMgmnY_*bi6owu!$3TXK^$#Juvm=Vm{$m;ov9ru
zEG7fArQ;O5t`e0<v!A#6&+VEjI=oW|zDaz8^O;Bf76*rc#ykleFLD7rRn{B&u6bf6
z(R_(H9AYs+wyCcKhW!jR(FNiY-0Ags<j2U*uk1=_)6c@?jaN^L?F^x-nC@ZZdB+M&
zo`O^?Nr7t^!p<nGx^6P^w_@;oz&ah;1Ppf_hem;TtM{QWCr)K~wyZE7iajf}<5h%z
zdHf=^+9L#iC9ubqKeFRb&D;i>ox+f|j~i3)^Tj%}j_eFdlL0O-w=%DF)2#}K2UW&{
z>bNQJ7+qf4Ie3iAunHJoWzg*EEQBN{-fDd>Ddy_oNcSqx<>f+n7lE5l`XTj*GaH~?
z?+nj)rUnGlLFQ{pZ)&e%_wd!}@xjsiS9=G!N=R=!Rhxi%HzN;7+V8>tKYVv|a&UAi
z|5bNdka!BnpBVLvfNEiN1fxNrpQV*qLw8}CGmvJ5DBx;otL*lkrR=|W1Llfu;G+DW
z?oPL8|Fyf_wf%P+kI_sxaO-WratWV0wH9Jx92z5PRm*T`t5AY|M#Q8VyzKs%s$Mds
zq>MFwT-HHLJ5OZbUD}^$DXS<kQ}woOl`NG=k)`SU>egM>%y0Fgrx^>N+@t+EQ`>%K
zkXG0%u7jyCQW^WQu0ehSX+u^@bt@~L^VYAxYz*SCST$r+P=|U0bh39?GUAssJ@26m
zzs|FY{5LgLRs)On|GKS0{IApLt>ypiJaztmK6jy3*c*}{!MN#A29(E%kU13)CxPC9
zCdg0Yu_%QlS8e&gWp%^auw|@mzCsuzyU54o?$k=hy*1_$0R(PHNl;W3dCjmS;*uPf
zG%Aqfw^Zt}Ma@etm5$ojaoEOQ4Zc!RO4@NbUnTKqRv>`#04Xi>=S*u!_*oU??3ysM
z6`*}&TKwwIJpG@E;9YBsh5LW)?c)AlyWL;w|J!(0jsIs<y9#$)A?%+<O74I3U%ON9
zLi|?*$!1+4CAUf;<f@<xH0*aFaL@(%E26>-Ur6Dt?Ix~L+0AtYS(*Qj4tDq795j9R
ztI^n^_|Hyp|F7NcY_IqKZ{^v@9Mw^0c~l0GWvR~<=Xt*88Jj;j)YG)AjSZ6m5HV#>
zTh_@0(1>~-J(E?1lqbj|TyUNI6jzq7L(H%b0vM083R9>w5GM1Guw>`ooKvx^!?-cJ
zK>O+0B=t>Ky+CiN0B$wn2VI~>qvBiq$@&xr*+0p~DJ=1>3QD#IF3_jyjgU|1!umu(
z{zvZ)-sF=2FVLrec&bW%Gf39n<vj8sIXR^fKsdrGiku!*Fp1L|oAL3hO~h%uE(q(L
zB90uDmzHLpCDn6zhfVZvfKVqiD)b`E5m#Aka@ays=^%YlY3y<y)~BNGkW+azQYQ*F
z4FK7+^5hsswwF(}dl<5}q=_m_F_|2+s?a!9y$U?8=uY6V>`mD|BHt`0&SleIIWRT6
zpva?Ri5nV|wK-|gM90y13|z>fI1f)&i3wPp+0X|)lCvL;^zg?8`lM=9KoV;N3CSVm
zoSrdvE+pB$Bo|nTvM9@c9EJ@EiVt5)2Q0Gx`rUr<{MUASeg5}Wo{fzSbQA@R6XGlG
z6yPY~`5O@v8VR&VeaTdWgJq?1&;^f7rL@M#p?>Ir0K}r8A!IM{u}j3M7pcxvY$lbR
zA)^j(zBM8qm@{80Hfx4f8MBcW0K-G#sg4{R1X77O)E|-nT-~Fja>XxF#Gu!B1`O?F
z#u*U?XV~+a@x%~^fD=KcfTS&_d&x{8ZJNwM+L$BC{N~Ck5glrI@8i#ac*Fo59UPya
z-NRRjcpe#*qS;hR*o<H%JU%Scyg?te%>VP!%&s=ZT>fu&I=x=O|Le56?e+Q3TY0`%
z2-%q^s69Ymlxt*5Q_UWr-{as(5|Xip5%I*Uz#gFXX8Klgls*uh^kGV*6J-x_H8!*5
z5piX)NuEr1>n}6CYgVxJ0maPw32`gl5{CwR)T2!H%f>_ew6%#k?e-?>^m?19{VW53
ztxiu2kiDA;4*xgW^?(VUt*3XDijz|ZK_n_#t=yzk^l~?t+2*KUu2A5y#PshUH>>ev
zc&-{1wbisw`_VGhZE%SwV9g#8?qKf&V0J7p6K`lBCiVa+*yRd@lM_lkLBiyvM}p5O
zu(lNZZ|PZfT6Ty7@OVNjF@EYuVm?9CkVAq2d(4P?NO``?iCTh8FA~D-%=hznLgu?%
zm{zH8HT3rL<U0-XT%lf?O9&*8Ke%LyxR`nH;~%zwbJ4&a83zLg0s-s~`(J+q2+6<y
z`aRX2uj!b6d|J5WV1-K#p8YUns^j?o@3~WeY1cG_py5)7=RK3O{Z`z8v}ZXw_OSC=
zdVoOyUfNB3frW&PH@U2&V8hIrkSXx3z1DXBr~d!j|IhQiioSm);+JTcc2{*p!m~eu
zKY|~&Tr&MvmK1!dxZCzI`|Q%QpiB&*7mZ0^!c(&9i)OpoOZu<{5sCrq6#a*cx{)K$
zYem>;O+%D&74<k~l%>fz^*$=dIa64gggRHIz2|(-##P`&q2n0Y_9d6Cl%PvY81M=8
zT%JvRx-7`2FeJg4XGFYyz7#T`DtRE&jc_FI*+JxaIk9dkFyN6_l$t5(B(mk|Z0*{m
z^2@@T%VPHl=6MJX!Ct<LZ1aMkP4QEULp)UGD-`Bra{*x)X=Su!R>>ZEQL!IYLHXGB
z07={x=bHQev341wKxrR4paE2?3u?~YX&Jt}G~HexOt+U4rk!5$J+DbLw(<Es7WhzY
z+~u`so$U1}dt=r}<1Yh;QebhZLP@6Z&xi{$n#IL95;R*(8HpvRES^wC{+9kgma1(A
zZsfqbN{+A{>^Wu9uzkRRT}zAlOsO0(Zxre9mYuyQpt!PzdA=0i<z~3L#8hTZejd4L
z)*5<?L?N0h4pE7=;atV|S;@XrWuaoNV0y|U-^Xlr3c-jn2UvbcTVGhB#3J$GlmjDB
zsG=fjN}-p=iMMjg3lx|9gr!!=8^e;=VGM!$Q!@CMFB-9zm-%iOj9w{>WCUQ${2$9|
z?7&PC9qIE3XpcsLC~Gk;@VB7FTyThwmF>B`R&Q~$$EV)-gfelv`mMj5etZ6{t2YmG
z@s^6Wl0nv5&eXU$E$2+Z9mex|#ENe3{Q;7^GsGNFalYTMnkz<`)@p98=B}gWUM%Ux
zwN}(~YelzKbk|aJA$1?MC$~?yBbgdpbV%Jt?8k-J10kT{c$jnI)DwskaY6lZNBErZ
zJrz&~_dmdB)s{+JEh|<OLse8#De5IMFolO6cEC5`{eo;!m4=w@dSo1!I;}#n%kbH;
znCUh4NKjHeBjS1QLhKMRt7txE*p>3DM);{Z6XL>8tO8RBu~uV95=XMRQ(ZnKf0tww
zDl2U@u~%|MLh2==R=&in2(5hk8*$Y(Q@c>6684YD-*T$GqKbB~2m6EzMuw3YqBPx@
z*v-&$VdfKhmS`wDfGLz<<slBFeCIVJ#szjhlVDs0%9zn8)a+kEtDjxXxj?2yO-w|k
zf#S~SXjE@1)d&0U)`%K2fM8WCs#tyA01VuD-9K+#(?kn_IS>f-^{X0c{eq#^?i4Jw
z+>3eJm)&`$TBS9XNR4VcC{Hrxs{dF*sXT#Pg)l2Zhg3+Ro~s}^@pU|8a^r9jk*Tc8
zL6z(YMxG#rex>z1kcx^sWgYw=Z6=q9RG~TY|H?L%kI$b5)6+E3=+p_LXJ|M>Pt8(3
z`{OF1gs)~!87NBj6b{Da+>R?m64DH-y~AJ8uN;q|V%wMaVCMO-&8_w3Z?XBet?}B|
zRCss4v%FoS=Q=BfByKArp_6~sF^PwuUzdwXVAm&HPUh5wfE4)czQiT27mZN!Lc8%q
zD-xp~K`27nKqQE0#2ZKM2k&Qg<0`UUr~DG}?UC_BG^n<A%5q%MfeYsqlDtAsAY^wI
zjyMC)qi6HS>MS+Z_QJ91v|nbZ?Q7_MEvKzHm2cIeiKo=6obb0{?<_D!9%QatF&Ci5
zBDt>y$vV~Tk=P+g5<ue8KI$!!jOT9B-5#e|vQ7bbAi8bs%U?IWphk1HU)-GP9AfA5
zn9(S3*AD$cMVd3HzX46^67J9-07rm(@GT^e?`I~A$}?U<tvb|;{9w*n$GTuIVhjRN
zL8FSPOz9k;AC&^H&2I3>IH;5|8lwDeTUAEFh<E~+Iq6xoZA}8HS4B<fnc1A*ZnbKG
zf8ZO)E2>E@7zxHpC`zjiW^GPEnPg&xXAfs@v0o1OWb~Qs(eeCbfsoM<m>?x!$^d0X
z)`Zy9%RbN8XqC*3B}|#z7+K<-Gm>82Mtbt{N<%6NnKMeI-8v%Y;O;FSi;GEGwY!3)
zTMNEHRV7hmQFSndK%f&T0k69{8M!fM#N7UT)huiI=>}Lroz=fNp13+jzWO@9CnmG1
zdadtl1zuw=5SKFe29`ky;CWbav49ie!!Cct>9rYPp$P1>u9z-#1Bf3n>faRkFH4li
z${0h3v?TiO4ljb<HCFb43leB%T@5u>@omOLrAcO_{i5{`d$BA2yx@wzD7fOqZS{U>
zOdZ6Y>xx&p+apRvX%)?tEr)n)a8u<S)p@eob!KJ%m`8rSU(6@z#Uz!+o2>8)U>C~n
zp-LWmIh$|Qsl>AKG*F&a>ZIhn<zD1qbB9sSD~w$~pEwmR9}_9w*ptqt1dqDYWR8!A
zJ%V{+kK`9mSz;Bj4RsMur`y{^y{`UiHD5d{It9Ac_Rc11cV29wZcA2sUQ@5v+C=T0
z&L)z*wwf<?p4C%_)E%ii{o%uh4~;i(8vFa`mtO{cAww|}ZSCZ}auR&5ywb;bNGIAg
z&Aaj;76O=BR{f*+g?vc{9N07kuG~Av0TEgnlz1rTfz@0oWIUQ`Z>RRqQT2*T{adl%
zbvspa2x8-)^|IS)-5v$h#n3YgR2j5b2E{?-4-4*lg5nypr6Npof8uD%XP%bHH4|v_
z==c<*jJTgswd$19@{CrDvK`0w2WofiH63RnYzzlnPT$U@ou1<Hn8Daw!&a`H+|O1+
z8G32;W!We6C#_g>bI9oK%Z2Q&yYqn+JmIVKLfIGxQhL>Ol&4ZSS3fWLGS;Rg+fYfM
zDmARE4*fF_b>+&8=5?jStu0Z+=+ut;Cmq%mCD)wSRS0SAu;!}By5i(cy6RGz%yh1K
ztkPB%qPvvTV!w|gMcsMJ(5_wsJ=jkD0=0Y9%hQ>+Hrq7|Q-;u^<MOGa^g6))++}=T
zvxYC`EMU8gz-0N_Wh5EDCV%cDEmIiUp1Z6JWDn`OURK(o^I2D&YI-?al5-PtzC=Us
zYlCohPVSZ6Go-Dn^K!85V}(;D{k&vbF7A18s4Pp8OMtj=WQDfjZ1K373U77DyO?G|
z%r`lzRrl?-^wa{mx`;n3c?LbrYzaTh`<B%L89nv!`LlVkx@y#vt(o{}j0%Wa=pm=r
zJm5pf9*jyotPdft4<WA)A)^PH#&zvO$itZce%Hs3YvRZ4xmnQb<Hrvwnd(N4AN$}_
zHp`zt{x;4Zzfm)P^hc1dZEW3zad8E`wPIRrrs)mrgKFD<WA`q1LVqFS$=zn~RBPTV
zB<?Jyk#BAtU*6?9z5$oyH(D!TcyPH`^-F3M-!5S=WrLne{n|vk?rOc&?`tvZsDEp@
zKmf%vkr|OyV`$xgMYUN1C})r6g=9$JBvxSr?tKRRe7msZD<@`QK}$Sjv(T7!Jo01H
zPW^1wY3^scq%zP(o{53i8+oOSyRWqO*O_biEs;lG6E3`GnAYO@A>#Vwau&1~aRChN
zy+0`3lepUU==}Z6{4$vwq=MkOy=ZdLM#$`X&NU5Ij5@Cx4GszD-&wX$g^!}LME2r*
zk92T*h*>G1rGCQdH3Vak|M@2M9;&L}m;<D8t6I4iKbt6MuHY-iPuiUl924TY5FBeC
zusC}iUCG?TTUO>ao{r0&Pjb|zTp}H<13y$z;EG>XGlA|xiI2}Ky7Ea-@z$i|6?za<
zD49~MU8#OAv*r;Lx9-);vtnqs%908q&r_k-B&?l1=~``QVGo!%iNlk1$#UjSKwQop
zS*X-i@L3XCl*={K@5?m6AaH>x55pdLG$ROg;NV>@`j-}l*nuiWQ?caIC|p1og8P~T
z<q6#<D`e^5Q~c8~59Q{&<pNCANofl3BN&&qQ!9Q%rs_Vt3iH<H6D%F;%ADD}>enoM
z8ZR^nTrwqYlpg86EGZOq5;q0l9G{Z{7beH-@|lM<!lmqPq+`zT`Mj*w@4lO0KKVDy
zl>Q$6362;%@Av9RBzqTVex>R7CFbQs&<wx}jfiSk`gO4AEY7P#Q6jHdc^%@TiaF_A
zX$Cx)Q03j8++6NpX8s`FquNx<eP3u~-)1<~{NlQM8Ygh&>OR&}XR)VsY<{8oZRu#u
z6^>cORKDWm>S<&1W|#iqN76IAKWC82AnXFsU~1I~h&s4Tvn8&DLkmQPekv}bTW;XG
z{ej%D<%{-EMLZc5$g;ZDU7VS|YtFfmy^A|IQhr<8C2MxA8+hR+5V|qGy)!1dMayI1
z0qE`W0q9lbnYNPWu@94reDhqolx?$wLAuHwVeuE~yM>@&@l0;JTk2fjb={vA+4>d^
z<*t5Y_8vv57N$|Hwx3p%5VybCbM2d`Yl0pRY)P^kZx3`)mfL}QpP4lQE+=fn=z1$I
z^W5@Q++#SH@u06x^GOh&D(HQKm#0;#^IMG3-PFY|3$Gz6UJzF~_&qR<uNQz@b(nh;
z$2@|Na;f2GTd#aPh5<Uk<@Ktk>~(~3!6*w^q<qTgLEImB<>u=cPTjz_A9B5GzJAcT
z+mDa4*Q{AL@EwL%uPK+8FiNizr|T8sbUVw&>9)V2I9&+^4=5s+5AP6ZBi2RRq?hqP
z(y8xNgl!>;v(d8$gyiKSW=Ak4T(B8Z{s%{e2--SqmU-?^*leA?zI^)n^Aa43)7Q6q
zseW9iucLMPdR($jU$4@g#q{-ua&y9M<*(P=r?5_8&!>&Q=(g&pMBgNnU*;Q1UVqVT
z-_zuE%QTgQD``@K)b44t*xZ?bk5du2y`x{p*K4_$ebzMv&g}8nLb12VUeu(IR-0A5
z)U`;)R8qGP>JZCWqZgmCwgols>|C>uIG;0)qtU*3i5Ji4G-mBA<=DN98QN}Tzhq0c
zb0z7?Z@cGbTlm=)*%A|F{us|j%B56W{l2ibc80V1na}M`=1ZrW{gMV8?HxA@m$@b&
zkN>}^QWW;DCwpcgV?py4qW7R=p?YtmdoVqf7T%Cz=C)cbP1W`^p%5iY>@$GR#{%oK
z-?nvWJ-Lrh0MS&<u;J5y2+Fqpih!%dY0j|keT^|%tyZhw?W+H+R;&2Gz1`n_((ZP5
zI-O3h)$2TIwR`>k&J)!78iOx-A}%m{(z^Co#mPO8Ct2-*wP7d#Icj%5(id)WtAVDN
z5$Q7xkV$f3P36uvS+dP$A!HH&)U|eosJ2o=s1Y}{RaNdVqGUkYCsKW)T%S_G4v^k%
zwGdLbTMy7d+(P-*=n#vEg^;@Y&fK@8a&?UBZO@y5z~da~CFnFz0*}#%vZQq_Xpjf(
zM0H;e*+zOT7IKtz90-EF{1Q~dzjt!<`t;Z1gQK^*Zw_*Ez^-&=iWA9PL-i{MCSB;-
zSyb1}PQ#S$r7+i^S%G=Ddwl%cyQBTpz&ym9pHb#617@b~A~5fo<<`&oSwHLNUOfLB
P00960d+%x`0P+9;eGheZ

literal 0
HcmV?d00001

diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml
new file mode 100644
index 0000000000..387f47755f
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml
@@ -0,0 +1,26 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: NeuVector Monitor
+  catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.28.0-0'
+  catalog.cattle.io/namespace: cattle-neuvector-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permit-os: linux
+  catalog.cattle.io/provides-gvr: neuvector.com/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: neuvector-monitor
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/upstream-version: 2.6.2
+apiVersion: v1
+appVersion: 5.2.1
+description: Helm feature chart for NeuVector monitor services
+home: https://neuvector.com
+icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+keywords:
+- security
+maintainers:
+- email: support@neuvector.com
+  name: becitsthere
+name: neuvector-monitor
+sources:
+- https://github.com/neuvector/neuvector
+version: 102.0.4+up2.6.2
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/README.md b/charts/neuvector-monitor/102.0.4+up2.6.2/README.md
new file mode 100644
index 0000000000..5d3c4503e2
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/README.md
@@ -0,0 +1,22 @@
+# NeuVector Helm Chart
+
+Helm chart for NeuVector's monitoring services.
+
+## Configuration
+
+The following table lists the configurable parameters of the NeuVector chart and their default values.
+
+Parameter | Description | Default | Notes
+--------- | ----------- | ------- | -----
+`registry` | NeuVector container registry | `registry.neuvector.com` |
+`oem` | OEM release name | `nil` |
+`leastPrivilege` | Assume monitor chart is always installed after the core chart, so service accounts created by the core chart will be used. Keep this value as same as in the core chart. | `false` |
+
+`exporter.enabled` | If true, create Prometheus exporter | `false` |
+`exporter.image.repository` | exporter image name | `neuvector/prometheus-exporter` |
+`exporter.image.tag` | exporter image tag | `latest` |
+`exporter.CTRL_USERNAME` | Username to login to the controller. Suggest to replace the default admin user to a read-only user | `admin` |
+`exporter.CTRL_PASSWORD` | Passowrd to login to the controller. | `admin` |
+
+---
+
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md b/charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md
new file mode 100644
index 0000000000..e0faed5b50
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md
@@ -0,0 +1,5 @@
+### Run-Time Protection Without Compromise
+
+NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform.
+
+Helm chart for NeuVector's monitoring services. Please make sure REST API service for controller in core chart is enabled.
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json b/charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json
new file mode 100644
index 0000000000..ad7ce631be
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json
@@ -0,0 +1,1828 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "datasource",
+          "uid": "grafana"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "datasource": {
+        "type": "datasource",
+        "uid": "grafana"
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 3,
+        "x": 0,
+        "y": 0
+      },
+      "id": 38,
+      "options": {
+        "content": "<div style=\"text-align:center\">\n  \n  ![NeuVector Logo](https://avatars.githubusercontent.com/u/19367275?s=200&v=4)<br>\n  <br>\n  [Documentation](https://open-docs.neuvector.com)<br>\n  </br>\n  [Users Slack Channel](https://rancher-users.slack.com/archives/C036F6JDZ8C)<br>\n  </br>\n  [GitHub](https://github.com/neuvector)\n\n</div>",
+        "mode": "markdown"
+      },
+      "pluginVersion": "9.1.5",
+      "title": "NeuVector Product Links",
+      "type": "text"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 3,
+        "y": 0
+      },
+      "id": 25,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "mean"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto"
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_enforcers",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Enforcer Replica Count",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 3,
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 0
+      },
+      "id": 8,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto"
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_cvedbVersion",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "CVE Database Version",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 0,
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 0
+      },
+      "id": 20,
+      "links": [],
+      "maxDataPoints": 1000,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto"
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_pods",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Discovered Pod Count",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "percentunit"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 0
+      },
+      "id": 34,
+      "links": [],
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "editorMode": "code",
+          "exemplar": true,
+          "expr": "max(nv_controller_cpu) by (display)\n",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Controller CPU Usage",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 1
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 3,
+        "y": 3
+      },
+      "id": 32,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "center",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto"
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "nv_admission_denied",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "refId": "A"
+        }
+      ],
+      "title": "Denied Admissions",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "continuous-RdYlGr"
+          },
+          "mappings": [
+            {
+              "options": {
+                "1": {
+                  "color": "light-orange",
+                  "index": 1
+                },
+                "2": {
+                  "color": "yellow",
+                  "index": 2
+                },
+                "3": {
+                  "color": "green",
+                  "index": 3
+                }
+              },
+              "type": "value"
+            },
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "index": 0,
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "red",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 3
+      },
+      "id": 2,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "mean"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto"
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_controllers",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Controller Replicas",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 0,
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 1
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 3
+      },
+      "id": 19,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "background",
+        "graphMode": "none",
+        "justifyMode": "center",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "value"
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_disconnectedEnforcers",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Disconnected Enforcers",
+      "type": "stat"
+    },
+    {
+      "columns": [
+        {
+          "text": "Current",
+          "value": "current"
+        }
+      ],
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "center",
+            "displayMode": "auto",
+            "filterable": false,
+            "inspect": false,
+            "width": 300
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "string"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "log"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 101
+              },
+              {
+                "id": "custom.displayMode",
+                "value": "color-text"
+              },
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "light-orange",
+                  "mode": "fixed"
+                }
+              },
+              {
+                "id": "displayName",
+                "value": "Event Type"
+              },
+              {
+                "id": "custom.filterable",
+                "value": true
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "name"
+            },
+            "properties": [
+              {
+                "id": "custom.filterable",
+                "value": true
+              },
+              {
+                "id": "displayName",
+                "value": "Violation Type"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Last seen"
+            },
+            "properties": [
+              {
+                "id": "unit",
+                "value": "dateTimeAsIso"
+              },
+              {
+                "id": "custom.width",
+                "value": 200
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "fromname"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Source Pod"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "toname"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Destination Pod"
+              }
+            ]
+          }
+        ]
+      },
+      "fontSize": "90%",
+      "gridPos": {
+        "h": 8,
+        "w": 9,
+        "x": 3,
+        "y": 6
+      },
+      "id": 29,
+      "links": [],
+      "options": {
+        "footer": {
+          "enablePagination": true,
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "showHeader": true,
+        "sortBy": [
+          {
+            "desc": true,
+            "displayName": "Last seen"
+          }
+        ]
+      },
+      "pluginVersion": "9.1.5",
+      "scroll": true,
+      "showHeader": true,
+      "sort": {
+        "col": 1,
+        "desc": true
+      },
+      "styles": [
+        {
+          "alias": "Event",
+          "colors": [
+            "rgba(245, 54, 54, 0.9)",
+            "rgba(237, 129, 40, 0.89)",
+            "rgba(50, 172, 45, 0.97)"
+          ],
+          "dateFormat": "YYYY-MM-DD HH:mm",
+          "decimals": 2,
+          "link": false,
+          "mappingType": 1,
+          "pattern": "Metric",
+          "preserveFormat": false,
+          "sanitize": true,
+          "thresholds": [],
+          "type": "string",
+          "unit": "short"
+        },
+        {
+          "alias": "Time",
+          "colorMode": "value",
+          "colors": [
+            "#E0B400",
+            "rgba(237, 129, 40, 0.89)",
+            "rgba(50, 172, 45, 0.97)"
+          ],
+          "decimals": 0,
+          "pattern": "Current",
+          "thresholds": [],
+          "type": "number",
+          "unit": "dateTimeAsIso"
+        }
+      ],
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "nv_log_events",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Security Event Log",
+      "transform": "timeseries_aggregations",
+      "transformations": [
+        {
+          "id": "labelsToFields",
+          "options": {}
+        },
+        {
+          "id": "merge",
+          "options": {}
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true,
+              "endpoint": true,
+              "fromns": true,
+              "id": true,
+              "instance": true,
+              "job": true,
+              "namespace": true,
+              "pod": true,
+              "service": true,
+              "target": true,
+              "tons": true
+            },
+            "indexByName": {
+              "Time": 0,
+              "Value": 14,
+              "endpoint": 1,
+              "fromname": 7,
+              "fromns": 15,
+              "id": 2,
+              "instance": 3,
+              "job": 4,
+              "log": 5,
+              "name": 6,
+              "namespace": 8,
+              "pod": 9,
+              "service": 10,
+              "target": 11,
+              "toname": 12,
+              "tons": 13
+            },
+            "renameByName": {}
+          }
+        },
+        {
+          "id": "groupBy",
+          "options": {
+            "fields": {
+              "Value": {
+                "aggregations": [
+                  "max"
+                ],
+                "operation": "aggregate"
+              },
+              "fromname": {
+                "aggregations": [],
+                "operation": "groupby"
+              },
+              "log": {
+                "aggregations": [],
+                "operation": "groupby"
+              },
+              "name": {
+                "aggregations": [],
+                "operation": "groupby"
+              },
+              "toname": {
+                "aggregations": [],
+                "operation": "groupby"
+              }
+            }
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {},
+            "indexByName": {},
+            "renameByName": {
+              "Value (lastNotNull)": "Last seen",
+              "Value (max)": "Last seen"
+            }
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "left",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "bytes"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 6
+      },
+      "id": 12,
+      "links": [],
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "editorMode": "code",
+          "exemplar": true,
+          "expr": "max(nv_controller_memory) by (display)",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Controller Memory Usage",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            }
+          },
+          "mappings": [],
+          "unit": "none"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #A"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "High"
+              },
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "red",
+                  "mode": "fixed"
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #B"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Medium"
+              },
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "light-orange",
+                  "mode": "fixed"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 3,
+        "x": 0,
+        "y": 10
+      },
+      "id": 24,
+      "links": [],
+      "options": {
+        "displayLabels": [
+          "value"
+        ],
+        "legend": {
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true,
+          "values": []
+        },
+        "pieType": "pie",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "tooltip": {
+          "mode": "none",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "expr": "sum(nv_container_vulnerabilityHigh) by (service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "expr": "sum(nv_container_vulnerabilityMedium) by (service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "B"
+        }
+      ],
+      "title": "Cluster CVE Count",
+      "transformations": [
+        {
+          "id": "merge",
+          "options": {
+            "reducers": []
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {}
+          }
+        }
+      ],
+      "type": "piechart"
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fill": 0,
+      "fillGradient": 0,
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 12
+      },
+      "hiddenSeries": false,
+      "id": 10,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "hideEmpty": true,
+        "hideZero": true,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "options": {
+        "alertThreshold": true
+      },
+      "percentage": false,
+      "pluginVersion": "9.1.5",
+      "pointradius": 2,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "max(nv_enforcer_cpu) by (display)\n",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "refId": "A"
+        }
+      ],
+      "thresholds": [],
+      "timeRegions": [],
+      "title": "Enforcer CPU Usage",
+      "tooltip": {
+        "shared": true,
+        "sort": 2,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "mode": "time",
+        "show": true,
+        "values": []
+      },
+      "yaxes": [
+        {
+          "$$hashKey": "object:865",
+          "format": "percentunit",
+          "logBase": 1,
+          "show": true
+        },
+        {
+          "$$hashKey": "object:866",
+          "format": "short",
+          "logBase": 1,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false
+      }
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "center",
+            "displayMode": "auto",
+            "inspect": false,
+            "width": 101
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          }
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "exported_service"
+            },
+            "properties": [
+              {
+                "id": "custom.filterable",
+                "value": true
+              },
+              {
+                "id": "displayName",
+                "value": "Cluster Service Name"
+              },
+              {
+                "id": "custom.inspect",
+                "value": true
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #A"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "High"
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "red",
+                      "value": 1
+                    }
+                  ]
+                }
+              },
+              {
+                "id": "custom.displayMode",
+                "value": "color-text"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #B"
+            },
+            "properties": [
+              {
+                "id": "custom.displayMode",
+                "value": "color-text"
+              },
+              {
+                "id": "displayName",
+                "value": "Medium"
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "light-orange",
+                      "value": 1
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "exported_service"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 300
+              },
+              {
+                "id": "custom.align",
+                "value": "right"
+              },
+              {
+                "id": "displayName",
+                "value": "Cluster Service Name"
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 4,
+        "x": 3,
+        "y": 14
+      },
+      "id": 36,
+      "links": [],
+      "options": {
+        "footer": {
+          "enablePagination": true,
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "showHeader": true,
+        "sortBy": []
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "editorMode": "code",
+          "expr": "sum(nv_container_vulnerabilityHigh) by (exported_service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "editorMode": "code",
+          "expr": "sum(nv_container_vulnerabilityMedium) by (exported_service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "refId": "B"
+        }
+      ],
+      "title": "Vulnerabilities by Service",
+      "transformations": [
+        {
+          "id": "merge",
+          "options": {
+            "reducers": []
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {}
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "center",
+            "displayMode": "auto",
+            "filterable": false,
+            "inspect": false,
+            "minWidth": 50
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          }
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "name"
+            },
+            "properties": [
+              {
+                "id": "unit",
+                "value": "string"
+              },
+              {
+                "id": "custom.align",
+                "value": "right"
+              },
+              {
+                "id": "custom.inspect",
+                "value": true
+              },
+              {
+                "id": "custom.filterable",
+                "value": true
+              },
+              {
+                "id": "displayName",
+                "value": "Repository/Image: Tag"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #A"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "High"
+              },
+              {
+                "id": "unit",
+                "value": "none"
+              },
+              {
+                "id": "custom.displayMode",
+                "value": "color-text"
+              },
+              {
+                "id": "color"
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "red",
+                      "value": 1
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #B"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Medium"
+              },
+              {
+                "id": "unit",
+                "value": "none"
+              },
+              {
+                "id": "custom.displayMode",
+                "value": "color-text"
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "light-orange",
+                      "value": 1
+                    }
+                  ]
+                }
+              },
+              {
+                "id": "color"
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 5,
+        "x": 7,
+        "y": 14
+      },
+      "id": 33,
+      "links": [],
+      "options": {
+        "footer": {
+          "enablePagination": true,
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "showHeader": true
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "expr": "sum(nv_image_vulnerabilityHigh) by (name)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "expr": "sum(nv_image_vulnerabilityMedium) by (name)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "B"
+        }
+      ],
+      "title": "Registry Images Vulnerabilities",
+      "transformations": [
+        {
+          "id": "merge",
+          "options": {
+            "reducers": []
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {}
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": {
+        "type": "prometheus",
+        "uid": "prometheus"
+      },
+      "fill": 0,
+      "fillGradient": 0,
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 18
+      },
+      "hiddenSeries": false,
+      "id": 35,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "hideEmpty": true,
+        "hideZero": true,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "options": {
+        "alertThreshold": true
+      },
+      "percentage": false,
+      "pluginVersion": "9.1.5",
+      "pointradius": 2,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "prometheus"
+          },
+          "exemplar": true,
+          "expr": "max(nv_enforcer_memory) by (display)",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "refId": "A"
+        }
+      ],
+      "thresholds": [],
+      "timeRegions": [],
+      "title": "Enforcer Memory Usage",
+      "tooltip": {
+        "shared": true,
+        "sort": 2,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "mode": "time",
+        "show": true,
+        "values": []
+      },
+      "yaxes": [
+        {
+          "$$hashKey": "object:940",
+          "format": "bytes",
+          "logBase": 1,
+          "show": true
+        },
+        {
+          "$$hashKey": "object:941",
+          "format": "short",
+          "logBase": 1,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false
+      }
+    }
+  ],
+  "refresh": "15s",
+  "schemaVersion": 37,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-5m",
+    "to": "now"
+  },
+  "timepicker": {
+    "hidden": false,
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "15s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h"
+    ],
+    "time_options": [
+      "5m",
+      "15m",
+      "1h",
+      "6h",
+      "12h",
+      "24h",
+      "2d",
+      "7d",
+      "30d"
+    ]
+  },
+  "timezone": "UTC",
+  "title": "NeuVector",
+  "uid": "nv_dashboard0001",
+  "version": 2,
+  "weekStart": ""
+}
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml
new file mode 100644
index 0000000000..b8d51b3791
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml
@@ -0,0 +1,27 @@
+questions:
+#monitor configurations
+- variable: exporter.image.repository
+  default: "neuvector/prometheus-exporter"
+  description: exporter image repository
+  type: string
+  label: Exporter Image Path
+  group: "Container Images"
+- variable: exporter.image.tag
+  default: ""
+  description: image tag for exporter
+  type: string
+  label: exporter Image Tag
+  group: "Container Images"
+#controller crendential configuration
+- variable: exporter.CTRL_USERNAME
+  default: "admin"
+  description: Controller Username
+  type: string
+  label: Controller Username
+  group: "Controller Crendential"
+- variable: exporter.CTRL_PASSWORD
+  default: "admin"
+  description: Controller Password
+  type: string
+  label: Controller Password
+  group: "Controller Crendential"
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl
new file mode 100644
index 0000000000..5d21a18241
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl
@@ -0,0 +1,40 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml
new file mode 100644
index 0000000000..72c5d9f709
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.exporter.grafanaDashboard.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nv-grafana-dashboard
+  namespace: {{ .Values.exporter.grafanaDashboard.namespace | default .Release.Namespace }}
+  labels:
+    grafana_dashboard: "1"
+{{- if .Values.exporter.grafanaDashboard.labels }}
+    {{- toYaml .Values.exporter.grafanaDashboard.labels | nindent 4}}
+{{- end }}
+data:
+  nv_dashboard.json: |
+{{ .Files.Get "dashboards/nv_dashboard.json" | indent 4 }}
+{{- end }}
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml
new file mode 100644
index 0000000000..5353c05a6a
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml
@@ -0,0 +1,56 @@
+{{- if .Values.exporter.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: neuvector-prometheus-exporter-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neuvector-prometheus-exporter-pod
+  template:
+    metadata:
+      annotations:
+        prometheus.io/path: /metrics
+        prometheus.io/port: "8068"
+        prometheus.io/scrape: "true"
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      labels:
+        app: neuvector-prometheus-exporter-pod
+        release: {{ .Release.Name }}
+    spec:
+    {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+    {{- end }}
+    {{- if .Values.leastPrivilege }}
+      serviceAccountName: basic
+      serviceAccount: basic
+    {{- end }}
+      containers:
+        - name: neuvector-prometheus-exporter-pod
+          {{ if eq .Values.registry "registry.neuvector.com" }}
+          {{ if .Values.oem }}
+          image: "{{ .Values.registry }}/{{ .Values.oem }}/prometheus-exporter:{{ .Values.exporter.image.tag }}"
+          {{- else }}
+          image: "{{ .Values.registry }}/prometheus-exporter:{{ .Values.exporter.image.tag }}"
+          {{- end }}
+          {{- else }}
+          image: {{ template "system_default_registry" . }}{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
+          {{- end }}
+          imagePullPolicy: Always
+          env:
+            - name: CTRL_API_SERVICE
+              value: {{ .Values.exporter.apiSvc }}
+            - name: EXPORTER_PORT
+              value: "8068"
+          envFrom:
+            - secretRef:
+                name: neuvector-prometheus-exporter-pod-secret
+      restartPolicy: Always
+{{- end }}
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml
new file mode 100644
index 0000000000..b304562709
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml
@@ -0,0 +1,28 @@
+{{- if and .Values.exporter.enabled  .Values.exporter.svc.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-prometheus-exporter
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.exporter.svc.annotations }}
+  annotations:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    app: neuvector-prometheus-exporter
+spec:
+  type: {{ .Values.exporter.svc.type }}
+  {{- if and .Values.exporter.svc.loadBalancerIP (eq .Values.exporter.svc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.exporter.svc.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: 8068
+      name: metrics
+      targetPort: 8068
+      protocol: TCP
+  selector:
+    app: neuvector-prometheus-exporter-pod
+{{- end }}
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml
new file mode 100644
index 0000000000..25ca23d121
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.exporter.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: neuvector-prometheus-exporter
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.exporter.serviceMonitor.annotations }}
+  annotations:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.exporter.serviceMonitor.labels }}
+    {{- toYaml .Values.exporter.serviceMonitor.labels | nindent 4}}
+{{- end }}
+spec:
+  selector:
+    matchLabels:
+      app: neuvector-prometheus-exporter
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  endpoints:
+    - port: metrics
+      {{- if .Values.exporter.serviceMonitor.interval }}
+      interval: {{ .Values.exporter.serviceMonitor.interval }}
+      {{- end }}
+      path: "/metrics"
+      {{- if .Values.exporter.serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+        {{- toYaml .Values.exporter.serviceMonitor.metricRelabelings | nindent 6 }}
+      {{- end }}
+      {{- if .Values.exporter.serviceMonitor.relabelings }}
+      relabelings:
+        {{- toYaml .Values.exporter.serviceMonitor.relabelings | nindent 6 }}
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml
new file mode 100644
index 0000000000..9a04ac476d
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.exporter.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-prometheus-exporter-pod-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+  CTRL_USERNAME: {{ .Values.exporter.CTRL_USERNAME | b64enc | quote }}
+  CTRL_PASSWORD: {{ .Values.exporter.CTRL_PASSWORD | b64enc | quote }}
+{{- end }}
diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml
new file mode 100644
index 0000000000..9885e33669
--- /dev/null
+++ b/charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml
@@ -0,0 +1,51 @@
+# Default values for neuvector.
+# This is a YAML-formatted file.
+# Declare variables to be passed into the templates.
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+registry: docker.io
+oem: ''
+leastPrivilege: false
+
+exporter:
+  # If false, exporter will not be installed
+  enabled: true
+  image:
+    repository: rancher/mirrored-neuvector-prometheus-exporter
+    tag: 5.2.1
+  # changes this to a readonly user !
+  CTRL_USERNAME: admin
+  CTRL_PASSWORD: admin
+
+  apiSvc: neuvector-svc-controller-api:10443
+
+  svc:
+    enabled: true
+    type: ClusterIP
+    loadBalancerIP: ''
+    annotations: {}
+      # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+      # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
+
+  grafanaDashboard:
+    enabled: false
+    namespace: "" # Release namespace, if empty
+    labels: {}
+
+  serviceMonitor:
+    enabled: false
+    # labels for the ServiceMonitor.
+    labels: {}
+    # annotations for the ServiceMonitor.
+    annotations: {}
+    # Scrape interval. If not set, the Prometheus default scrape interval is used.
+    interval: ""
+    # MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+    # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+    metricRelabelings: []
+    # RelabelConfigs to apply to samples before scraping
+    # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+    relabelings: []
diff --git a/index.yaml b/index.yaml
index dc944c1026..ca826b21a0 100755
--- a/index.yaml
+++ b/index.yaml
@@ -4416,6 +4416,36 @@ entries:
     - assets/neuvector-crd/neuvector-crd-100.0.0+up2.2.0.tgz
     version: 100.0.0+up2.2.0
   neuvector-monitor:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: NeuVector Monitor
+      catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.28.0-0'
+      catalog.cattle.io/namespace: cattle-neuvector-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permit-os: linux
+      catalog.cattle.io/provides-gvr: neuvector.com/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: neuvector-monitor
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/upstream-version: 2.6.2
+    apiVersion: v1
+    appVersion: 5.2.1
+    created: "2023-08-25T15:24:42.821007802-07:00"
+    description: Helm feature chart for NeuVector monitor services
+    digest: 556987f92462d53a1c1a8906d6d13e6d3fef501c7a2d59b31fa7ae13eca57d9c
+    home: https://neuvector.com
+    icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+    keywords:
+    - security
+    maintainers:
+    - email: support@neuvector.com
+      name: becitsthere
+    name: neuvector-monitor
+    sources:
+    - https://github.com/neuvector/neuvector
+    urls:
+    - assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz
+    version: 102.0.4+up2.6.2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: NeuVector Monitor

From 5f0c17e6e00e3a4f10bde33b654fe3a0ae096eb8 Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 25 Aug 2023 15:24:50 -0700
Subject: [PATCH 03/14] Update release.yaml

---
 release.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/release.yaml b/release.yaml
index 7fdb0d0a8e..bf435cf94b 100644
--- a/release.yaml
+++ b/release.yaml
@@ -4,3 +4,5 @@ fleet-agent:
 - 102.1.1+up0.7.1
 fleet-crd:
 - 102.1.1+up0.7.1
+neuvector-monitor:
+- 102.0.4+up2.6.2
\ No newline at end of file

From 6dac1eef848ad293c74cd8b7d5926904547663f5 Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 25 Aug 2023 13:02:36 -0700
Subject: [PATCH 04/14] Add NeuVector chart version 2.6.2

---
 .../generated-changes/patch/Chart.yaml.patch  |  6 +--
 .../generated-changes/patch/README.md.patch   | 52 +++++++++++--------
 .../controller-deployment.yaml.patch          |  6 ++-
 .../generated-changes/patch/values.yaml.patch |  8 +--
 packages/neuvector/package.yaml               |  4 +-
 .../templates/crd-template/Chart.yaml         |  4 +-
 6 files changed, 47 insertions(+), 33 deletions(-)

diff --git a/packages/neuvector/generated-changes/patch/Chart.yaml.patch b/packages/neuvector/generated-changes/patch/Chart.yaml.patch
index e143272aa4..59481f8ea0 100644
--- a/packages/neuvector/generated-changes/patch/Chart.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/Chart.yaml.patch
@@ -13,9 +13,9 @@
 +  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
 +  catalog.cattle.io/release-name: neuvector
 +  catalog.cattle.io/type: cluster-tool
-+  catalog.cattle.io/upstream-version: 2.6.0
++  catalog.cattle.io/upstream-version: 2.6.2
  apiVersion: v1
- appVersion: 5.2.0
+ appVersion: 5.2.1
 -description: Helm chart for NeuVector's core services
 +description: Helm feature chart for NeuVector's core services
  home: https://neuvector.com
@@ -29,4 +29,4 @@
 +name: neuvector
 +sources:
 +- https://github.com/neuvector/neuvector
- version: 2.6.0
+ version: 2.6.2
diff --git a/packages/neuvector/generated-changes/patch/README.md.patch b/packages/neuvector/generated-changes/patch/README.md.patch
index def16ee18c..1fa5b82551 100644
--- a/packages/neuvector/generated-changes/patch/README.md.patch
+++ b/packages/neuvector/generated-changes/patch/README.md.patch
@@ -1,29 +1,39 @@
 --- charts-original/README.md
 +++ charts/README.md
-@@ -31,7 +31,7 @@
+@@ -2,9 +2,6 @@
+ 
+ Helm chart for NeuVector container security's core services.
+ 
+-## CRD
+-Because the CRD (Custom Resource Definition) policies can be deployed before NeuVector's core product, a new 'crd' helm chart is created. The crd template in the 'core' chart is kept for the backward compatibility. Please set `crdwebhook.enabled` to false, if you use the new 'crd' chart.
+-
+ ## Choosing container runtime
+ The NeuVector platform supports docker, cri-o and containerd as the container runtime. For a k3s/rke2, or bottlerocket cluster, they have their own runtime socket path. You should enable their runtime options, `k3s.enabled` and `bottlerocket.enabled`, respectively.
+ 
+@@ -31,7 +28,7 @@
  `controller.schedulerName` | kubernetes scheduler name | `nil` |
  `controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
  `controller.tolerations` | List of node taints to tolerate | `nil` |
 -`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
  `controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
  `controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
-@@ -74,7 +74,7 @@
+@@ -74,7 +71,7 @@
  `controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
  `controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
  `controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
-@@ -90,14 +90,14 @@
+@@ -90,14 +87,14 @@
  `controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
  `controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
  `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
@@ -31,69 +41,69 @@
  `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
  `controller.configmap.data` | NeuVector configuration in YAML format | `{}`
  `controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
-@@ -111,7 +111,7 @@
+@@ -111,7 +108,7 @@
  `enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
  `enforcer.env` | User-defined environment variables for enforcers. | `[]` |
  `enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
 -`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.enabled` | If true, create manager | `true` |
  `manager.image.repository` | manager image repository | `neuvector/manager` |
  `manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
-@@ -128,7 +128,7 @@
+@@ -128,7 +125,7 @@
  `        CUSTOM_PAGE_FOOTER_COLOR`        | use color name (yellow) or value (#ffff00) | 
  `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
  `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 -`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
  `manager.route.host` | Set OpenShift route host for management console service | `nil` |
  `manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
-@@ -143,10 +143,10 @@
+@@ -143,10 +140,10 @@
  `manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
 -`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
  `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 -`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.affinity` | manager affinity rules  | `{}` |
  `manager.tolerations` | List of node taints to tolerate | `nil` |
  `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -161,7 +161,7 @@
+@@ -161,7 +158,7 @@
  `cve.adapter.env` | User-defined environment variables for adapter. | `[]` |
  `cve.adapter.svc.type` | set registry adapter service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
  `cve.adapter.svc.loadBalancerIP` | if registry adapter service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 -`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `cve.adapter.harbor.protocol` | Harbor registry request protocol [http|https] | `https` |
  `cve.adapter.harbor.secretName` | Harbor registry adapter's basic authentication secret | |
  `cve.adapter.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
-@@ -178,10 +178,10 @@
+@@ -178,10 +175,10 @@
  `cve.adapter.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `cve.adapter.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `cve.adapter.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
 -`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `cve.adapter.ingress.tls` | If true, TLS is enabled for registry adapter ingress service |`false` | If set, the tls-host used is the one set with `cve.adapter.ingress.host`.
  `cve.adapter.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 -`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `cve.adapter.affinity` | registry adapter affinity rules  | `{}` |
  `cve.adapter.tolerations` | List of node taints to tolerate | `nil` |
  `cve.adapter.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -209,7 +209,7 @@
+@@ -209,7 +206,7 @@
  `cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
  `cve.scanner.replicas` | external scanner replicas | `3` |
  `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
 -`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
-+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml) |
++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml) |
  `cve.scanner.affinity` | scanner affinity rules  | `{}` |
  `cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
  `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
diff --git a/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch b/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
index 5cdfb4fa52..dca352ef41 100644
--- a/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
@@ -21,13 +21,17 @@
            securityContext:
              privileged: true
            resources:
-@@ -125,10 +113,6 @@
+@@ -125,14 +113,6 @@
              - name: CTRL_PERSIST_CONFIG
                value: "1"
            {{- end }}
 -          {{- if .Values.awsbilling.enabled }}
 -            - name: CSP_ENV
 -              value: "aws"
+-          {{- end }}
+-          {{- if .Values.awsbilling.enabled }}
+-            - name: NO_DEFAULT_ADMIN
+-              value: "1"
 -          {{- end }}
            {{- with .Values.controller.env }}
  {{- toYaml . | nindent 12 }}
diff --git a/packages/neuvector/generated-changes/patch/values.yaml.patch b/packages/neuvector/generated-changes/patch/values.yaml.patch
index d7902aa0a1..96a1979ffa 100644
--- a/packages/neuvector/generated-changes/patch/values.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/values.yaml.patch
@@ -13,7 +13,7 @@
  openshift: false
  
  registry: docker.io
--tag: 5.2.0
+-tag: 5.2.1
  oem:
 -imagePullSecrets:
 -psp: false
@@ -29,7 +29,7 @@
    image:
 -    repository: neuvector/controller
 +    repository: rancher/mirrored-neuvector-controller
-+    tag: 5.2.0
++    tag: 5.2.1
      hash:
    replicas: 3
    disruptionbudget: 0
@@ -48,7 +48,7 @@
    image:
 -    repository: neuvector/enforcer
 +    repository: rancher/mirrored-neuvector-enforcer
-+    tag: 5.2.0
++    tag: 5.2.1
      hash:
    updateStrategy:
      type: RollingUpdate
@@ -58,7 +58,7 @@
    image:
 -    repository: neuvector/manager
 +    repository: rancher/mirrored-neuvector-manager
-+    tag: 5.2.0
++    tag: 5.2.1
      hash:
    priorityClassName:
    env:
diff --git a/packages/neuvector/package.yaml b/packages/neuvector/package.yaml
index 685ba39e09..1102f4f352 100644
--- a/packages/neuvector/package.yaml
+++ b/packages/neuvector/package.yaml
@@ -1,5 +1,5 @@
-url: https://neuvector.github.io/neuvector-helm/core-2.6.0.tgz
-version: 102.0.3
+url: https://neuvector.github.io/neuvector-helm/core-2.6.2.tgz
+version: 102.0.4
 additionalCharts:
 - workingDir: charts-crd
   crdOptions:
diff --git a/packages/neuvector/templates/crd-template/Chart.yaml b/packages/neuvector/templates/crd-template/Chart.yaml
index 90bc60acef..e1390446ae 100644
--- a/packages/neuvector/templates/crd-template/Chart.yaml
+++ b/packages/neuvector/templates/crd-template/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/hidden: true
 apiVersion: v1
-appVersion: 5.2.0
+appVersion: 5.2.1
 description: Helm chart for NeuVector's CRD services
 home: https://neuvector.com
 icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
@@ -12,5 +12,5 @@ maintainers:
 - email: support@neuvector.com
   name: becitsthere
 name: neuvector-crd
-version: 2.6.0
+version: 2.6.2
 type: application

From 73f140b46596d3a4fdc5e2ded8282730524508de Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 25 Aug 2023 13:02:41 -0700
Subject: [PATCH 05/14] make chart

---
 .../neuvector-crd-102.0.4+up2.6.2.tgz         | Bin 0 -> 3189 bytes
 .../neuvector/neuvector-102.0.4+up2.6.2.tgz   | Bin 0 -> 20408 bytes
 .../neuvector-crd/102.0.4+up2.6.2/Chart.yaml  |  16 +
 .../neuvector-crd/102.0.4+up2.6.2/README.md   |  14 +
 .../102.0.4+up2.6.2/templates/_helpers.tpl    |  32 +
 .../102.0.4+up2.6.2/templates/crd.yaml        | 845 ++++++++++++++++++
 .../neuvector-crd/102.0.4+up2.6.2/values.yaml |   9 +
 charts/neuvector/102.0.4+up2.6.2/.helmignore  |  21 +
 charts/neuvector/102.0.4+up2.6.2/Chart.yaml   |  27 +
 charts/neuvector/102.0.4+up2.6.2/README.md    | 246 +++++
 .../neuvector/102.0.4+up2.6.2/app-readme.md   |  35 +
 .../102.0.4+up2.6.2/crds/_helpers.tpl         |  32 +
 .../neuvector/102.0.4+up2.6.2/questions.yaml  | 336 +++++++
 .../102.0.4+up2.6.2/templates/NOTES.txt       |  20 +
 .../102.0.4+up2.6.2/templates/_helpers.tpl    |  40 +
 .../templates/admission-webhook-service.yaml  |  18 +
 .../templates/cert-manager-secret.yaml        |  33 +
 .../templates/clusterrole.yaml                | 121 +++
 .../templates/clusterrolebinding-least.yaml   | 150 ++++
 .../templates/clusterrolebinding.yaml         | 147 +++
 .../templates/controller-deployment.yaml      | 240 +++++
 .../templates/controller-ingress.yaml         | 219 +++++
 .../templates/controller-route.yaml           |  98 ++
 .../templates/controller-service.yaml         |  97 ++
 .../templates/crd-role-least.yaml             | 295 ++++++
 .../102.0.4+up2.6.2/templates/crd-role.yaml   | 295 ++++++
 .../templates/enforcer-daemonset.yaml         | 144 +++
 .../templates/init-configmap.yaml             |  13 +
 .../templates/init-secret.yaml                |  15 +
 .../templates/manager-deployment.yaml         | 100 +++
 .../templates/manager-ingress.yaml            |  71 ++
 .../templates/manager-route.yaml              |  33 +
 .../templates/manager-service.yaml            |  26 +
 .../102.0.4+up2.6.2/templates/psp.yaml        |  86 ++
 .../102.0.4+up2.6.2/templates/pvc.yaml        |  27 +
 .../templates/registry-adapter-ingress.yaml   | 109 +++
 .../templates/registry-adapter.yaml           | 174 ++++
 .../102.0.4+up2.6.2/templates/role-least.yaml |  29 +
 .../templates/rolebinding-least.yaml          |  62 ++
 .../templates/rolebinding.yaml                |  56 ++
 .../templates/scanner-deployment.yaml         | 102 +++
 .../templates/serviceaccount-least.yaml       |  47 +
 .../templates/serviceaccount.yaml             |  13 +
 .../templates/updater-cronjob.yaml            |  75 ++
 .../templates/validate-psp-install.yaml       |   7 +
 charts/neuvector/102.0.4+up2.6.2/values.yaml  | 501 +++++++++++
 index.yaml                                    |  51 ++
 47 files changed, 5127 insertions(+)
 create mode 100644 assets/neuvector-crd/neuvector-crd-102.0.4+up2.6.2.tgz
 create mode 100644 assets/neuvector/neuvector-102.0.4+up2.6.2.tgz
 create mode 100644 charts/neuvector-crd/102.0.4+up2.6.2/Chart.yaml
 create mode 100644 charts/neuvector-crd/102.0.4+up2.6.2/README.md
 create mode 100644 charts/neuvector-crd/102.0.4+up2.6.2/templates/_helpers.tpl
 create mode 100644 charts/neuvector-crd/102.0.4+up2.6.2/templates/crd.yaml
 create mode 100644 charts/neuvector-crd/102.0.4+up2.6.2/values.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/.helmignore
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/Chart.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/README.md
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/app-readme.md
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/crds/_helpers.tpl
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/questions.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/NOTES.txt
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/_helpers.tpl
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/admission-webhook-service.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/cert-manager-secret.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/clusterrole.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding-least.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/controller-deployment.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/controller-ingress.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/controller-route.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/controller-service.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/crd-role-least.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/crd-role.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/enforcer-daemonset.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/init-configmap.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/init-secret.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/manager-deployment.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/manager-ingress.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/manager-route.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/manager-service.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/psp.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/pvc.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter-ingress.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/role-least.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/rolebinding-least.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/rolebinding.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/scanner-deployment.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount-least.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/updater-cronjob.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/templates/validate-psp-install.yaml
 create mode 100644 charts/neuvector/102.0.4+up2.6.2/values.yaml

diff --git a/assets/neuvector-crd/neuvector-crd-102.0.4+up2.6.2.tgz b/assets/neuvector-crd/neuvector-crd-102.0.4+up2.6.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..37928ef749bbd925ed3200417642763a5d1181c1
GIT binary patch
literal 3189
zcmV-*42ts~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PJ1eciT3y&olpuxytQL(uTCYV&CfA+}*6*-OXv6<|IAo*(V1g
zM-tW`!2+NhZ=C;q4*=@ZBuL3}+)XeqmWbg17<|lcfRQJ|Vve!mB8)|HbUGtKMOP$c
z4-QD(Znt|p9Gbt~Zg=}{_vE<upf?<z^!wf6U~uxF+Z&u54<11Gkd3ILLMkF2bZ=eP
zcIW;>h-4X8L{Xl}Q2-DVMHrt(F;R+PMEOySLeUAuWCVg_@eD;J+l(d&W+Uh*QDCQ%
zB_k=yoWwW+`!HNhK6xb-rj@S=WJn~2`t=cP%-4YA^c@OGc{YN1FCclo{Q4~FN4+3H
z84H>#^XTu$Qi$~whY1((3X69})FTO}Z_YrXn9~?#Fyp$WnNqnN9UU!ejAEV!G}e+9
zWn@ki5wagmshSnzLZXOyrZ7{Q`KUPReLpxp>7P9NlYHLqcK>Jod>EvJW{S`Zg&YMT
zU`i+(fh_Wz3-#yC+5l{?#~4#3)eHp&ReDfYIgWtjIis-|%wWFIL$BM9y3z2vBJW4X
zQ9sxk|IPJ3C#*nu=nbH0{r8Vgw$}f!-|zeN|2gO(oZ*BNOo1JHvocnbFn9>R&Zq<`
zfxtgr{QOfm;UXnUVFDA%P&1ri%!ojk6G6$Cp#;TYjF1y4F#(z>4r+#=FwGfJD5D_Y
zIc9Q3Cu#%}!XySkERstc&p5x(`;eW`r>u|)#mm<L0A^ZtG6KE9Y|mm(`_kt6Uk=gH
z`3zZ(LPjdT^;XcZ{`=j*U~By!51w`X`u`mC@#E3AFsJDVBr3C{_0oHuYPG~O9Kp9o
zpFRbeEBN6<PO`)-Wo?6iPt0dyP@|ya3n9S?%@8`PO+<5dAY7H3{U)+t^OY7Ay|ac#
zbN(_%A!vedt(STh!|}j;r0LsYGNB)!6Rw0|mYC1Bg{K0ELLkdJCIw?x@Owd+fiT)a
znzl#5Z)l|(ex>Ws{gB$yl0qU#o+A8Mj8SB$P}&|(D6&L?-s~7nson(5-bN)n9$y)4
zoV|Lhd1*EUnPdDU3SLg2gfLc!1_*>^vP2^08C7se8PmIFq4!Lpw_Dx#vb7H7YOYNM
z)5%hwi^8Q&7d*8Lt(4B>O45Iu4ve0+AJ?^ZE_Gq0L~pF3?90oxZam$&fw`cWnn33p
z8Ga)>TheU3yUet@&l@vvZD{q9DZ!W?Rx`ZiT(Mk?jFCBq*zk2~JG8EE`?&<ca18=;
zMq-4{cOB@QcXsOOeQ!;kJ_FU+|5zjka|7J=|9J3hxb6Qx8=gG#_WyIxmcdw|@Tdgb
ztBsz=L%q-I4Q;``gz@lLVme20%F|q%$Ikyh??t_S*zLe$S&XF;(1WlC(J9Hvm@=v;
z%1GPSa<7X1MpgOo$&>Xu2aY;3u1vF@R964}ZEL5K>Tc~V_|vD26AO}4{Gc$?-(+<0
zzcQlyXx>|yuy*`oRHV1uxj%ghE@+mF;Ixp6r*Ba5Ld1BctqL_q11Tz!5Jg7I<ArQ4
zF)jpESE69rTyGsh7!zgAhrk-G5q$i(^yex}RivAtxl80@_%|(Y$uL7f6`5{vytPL$
znn|N5UGr4%B40cASUVpnTV}icYW}wD%bS9sDPUBpA1exfqEZ=#oE3tw8+tHhl4jF_
z5wTqw0LYkYFZI>pTq~)YHUD?ZNdqunJLOs%>1BaYL0Aswyk}dEV!m{k%>%`SQMGw;
zS2Nty6wfdvc31%Pihc3=<-5V#jmH4F;5iB{arF#fG2$z#=F@~zf%3*v0ID#pc<d5o
ziNxltu(AvQvm&i43xP1kFKbH^%&uw*?P-Tpf@ag|R;^C<YTE7Sa?3gvEJO%W-B2^T
z_U%H>g{o~{^V@=Qz4F`wXr^##4ybREL}vDlItfh^LsQJt6f;%N&`Qk!v7ibCB`!e?
z!`ZgUmM*YXb2~QO63-7R&Kx}+P@=%!3o0;iiww0|8aQ~~z+js0<gu;h<9}kT8YfQu
z;)8|-2yGR_1)b82u=4{*Yf`keNX|7|s~DH;u-vCBi)yM2ms>zZp|dUZLo=bQLWTPq
zpS*Tm-Tm%9#u=H@`VG=;`%<1!#l?9%BiXcW#6uV}9$%c3I7TV=wFMK(6xKGg@pYj=
zoTT#xQ#R(DA*q^S?uofjV`ZUj`r+mu%{=~DkjFnB|J0GkKNaNhkH<f)+EPC>x#00v
zVSlvb^CC}(+8Z|9)_xE*+w<i;XVUHF#Ca}wH9U4tfiaQDXjY@B`U$YSSgt9RGm0#!
zDI60?<C?O6q2OU6=%iY*Q}+%PDk7#>VM^WF$vLC(Rmzh+^m9gK%;z=mAcUVSg0Crk
zEx4-Nz(aU-^kR4AG+~lv^WKO@T5RFXSfmk&w8bGUP)KVN-;6+7i)w{FT1sn!JeqJv
z1L|nT9IX&XGv09HgBA*Di8NYxtS+TGFoshR^->*3!67kW6;sl^G$blTvuVw;ajv^I
zYtD@&paD-nBc^~RTmfwt&V55s2MT~T3(CEiq#~-Q87DVta#VatCVslzBtPBmV!BoL
zHY`D0&?sZ$;oALe7=~Y4q(N+By1%4=gECCr8Fx^@QxSepr5wYu9)(cBv<gNj>+z8Y
zJ`&+>PD1=iyg!NGtI3x9NqhzQlX!m;->NM>5&?W9!nyz-iBLfv|9Jf4@y}l3JpS?c
zXD8Wz6#U~O5w?Z+NCY2=uwCdQ5qu;9_(+5W`ACEvCHY8%o8+&Cx9ID-8upP0HRPw8
zk3{%GM<OIF|B|8*&RFh@K-em;h(6d>h$&u=JlJCJQ3v-Pbs#a5RbGqRN;tihhAp>#
z$8Pfd^_03JgLjbQxSS}3qW)OFv8C<XYsvhp*bmM_Y)ehn+ENIGU@f?2NRk@gdy{d@
z6ZfgCWy?u?fvy8pOFNuGw>l(mtCVtB581vphwg2gCvb`%TJSykFT?rhkp1|gPy55g
z`f_p|>`vg8Fm$o`+yxMI`PY?=+8KRXGvv|d4(O94DV18To~44bFA0jiSoH1G_RWb)
zUCb3A)v31|h}FgI;p@G_*O+G$I^7w*GK!fx-|z0B{4f7CrF96Z!35g>mAH?i53pZ1
zQs*5>?zkgycEx2XY$q!UbPp;XuMN{K$7wZw!WVXr+i+pj{C>k_QG=t>&Pi!<t6D?D
zCcxZMjO*rkCqc3ppSKD9Y31<k;_|i8sihrYd^?9^N0BXkgPo+d^A8%Z@`|a!NoeOL
zv~~g71qQ(ql${$ibcoq%*bX76#hC6Q>HI(qYn~Pj6T&$ankGSu;cpuFgi4#7#QDA}
zAcr=*>x!q;2GaqCnrvLBQ(NQ$8BH+bu3~}0rRl3E+$&JXd#Y|v^^#1!B<J)uGI9E&
zTjdol=(a*`c%54e-qE~wN7LVvG&HJJ)5?ncJ;^4czbC07e@{|P{+`6&lQ?C#(C1dp
zQwwWKL{x>}RykJZaTtpvEEBve(2>o^x(&e0V{4}W2=H$0H*2B!GJ@f7Q0mLZKD{<i
z2i?_k?Vj+Mvl0Ay`nr5(m9nV@t8Lwan^|ylnQiT6h&ajfjU=r0dV!$`bDpdZ*?lMY
zX`s#gPj7yBarW~MQJNgIj)we?z2ok1JOA^b=kvdQ7J9f!gKYC7n+$S6P?sxtk+Kg3
zEL@ze^vThU#LADYy9o<_6IKrA6NpK!3Ssl)C1obrwIA6oYq38#p(p`~U{^phlS413
zx%rXKQ~fO~ljkKX=9pwKMo2Jc{L18OoT8ecfJ>@oHVfafL+iioje_7WWhzL`q`Ofo
zbBq%%aHHF?evk{E6tQ}0Gek<viO?J7Y^7Q%AvPHUlL-FGg{f*x;)_cn677BDL{Z~R
zU4cL%dG-_*iP`kK8CM`M<#Ur}*S!5m*ZinV$_XzgaK#I-y`T~v#Ud#SpF(bvQc6_t
z{$}2<_n^4V&08rtfZ*XnI5qcog|IoNgI{L|6V4dFq}dddmSbFNxlpua){nI=QdB79
zB9G|W6f?RhbB$85%q&@Erw)SGi<jXV&Q=+|%{R+>4X?ODsSTzjxP~yS__p{IykF)O
zdk@!IadvohM`#AW<e0tHg-?yXj4~BB4l-QBd!wiKa2>qgG96l0ED|W68B?QQSY|fX
bFWvVZ;K`Gxuao{A00960Q04|_0E7Sl*&Zk1

literal 0
HcmV?d00001

diff --git a/assets/neuvector/neuvector-102.0.4+up2.6.2.tgz b/assets/neuvector/neuvector-102.0.4+up2.6.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e21d734fd793189c1c328a4edb7481cb4e82acf1
GIT binary patch
literal 20408
zcmXV1Q<Nr6l>FMZZQHhO+qN~$Y1^8%rfpl(w(Xv_jc@1Q-Fmo>bxvm0&5XDaK@<ax
z4*2f@(g5g8q*a;Cq!l>jeRw!b*)*BW)i`W))p$6SG&MODwCrt79L;^yRh$H*E$kft
zmpy)7o7|1u-oTaee%kFEDLte<zve}+K*vAZSA0>$W_)LSRx`QSq$DtA(R+Xbe1+t%
zOTSxE5!8~32n#+GD@9$(V9`QlYINA2mB=G%M=qj#<z~`8evniHfi-Vuo?Y9;p<r*j
zj%_)>o9p?3{lF_ieEgd$52WXpgzu`ZuD&+EN27u+M{#|nDee;BvO!0U|7qSB*ifSL
z7z>O}9Y_!q5BylgmB<X((r5{onW8SYIX<Ka68YuAeFbn5+|}u_`j}+m4w<YEiW<I$
zrD(=f&{73pRfDXkjHF-i8VY_*?}vw^Y!^*EM1C233jCUM^m{q=Y+Hs1gy^~wczft*
zDhrw+{aZ+=%%o?-wHE8b?xIOn4F!rnnxAV#CQg;vc7k4H9vv{OTTIgux%xa-!nW<9
zIe#?qh<@3U;Gy)gfk9A8Eu2WAFjK-~r6U*vE)bIGBCeO4*snt$k6jL}sOtZ`A$8RQ
z8G8%$VA;7Dq>}pSv$kV*!|6ZFA5F$+^c5TegH1YS79B(dj)0Atjri&Y$uEjx9I4n4
zp=~BFjx?GpRlRy<4!zo+2e9cKpgBrx?0JTMaN&={DI$d7f$b=9-CF;e{GPwtx!VU$
z{#d{81m2u6LB;8@cabew^+>`oAB~_t=$L`JjFBLsq}|Me9~3}o<4c6y15+eG01^iv
z_smxQvDCIlQ8Uu=0^}w*`WVrub?Vn;9H^)_o-Z5Q&jU&>C6NIM4?-hmu%XxuAKHM*
zW8nAB&cF}DZzB9_hhrdRp4A=)?jZM`a9m$*22B%JUhoBrC4dbuu&cDwYl8suOL!&;
zDV$rlsNe1gB9WB&C;E^`5cVE8JaQzl*%%b}5%?_&D851wz;$>dZj_oB4Erxe1eEkA
zs4$FK+#Ch2$>>=%RJOt!hiMWmBmh=I><1FONk6hT<hxeDmurY9;#%f#Fp~c^hobs`
zWT-f`xf%bFz(Y9Y^y_e!M01=>Xn{<f2-MsKh@u%teo^3`%xFb4TTOO=nV=-epFDjb
zJYDZ!-h@$NjxnGlX+HS}G>CK1S!Emu=OR!{vB+;1rL?zqU&lGX>+Y!}<}#7G`F;{9
zcJ+P?o&Ig?pThK$H8Ak|&?+otz6PrdF(RxS!G;3@EXG9$;vKbXU~vc76?bBU68u!q
zdXVPDB;afmB0&|x&p6yfl@ol#U!d2{$U%wD1EMfL5UK=N$Pobc(-8jO8-O4eSRUMI
zbc!WVFPRWPMDa@!Qio{rh7-J)!d`h*W^}{4!frRxKKg+$`zF{nB)}U~suNZM#UvAL
zfZKPN7fqg~aI9@9rr8LViktPK_|*-5T|20l8nzxv2kDXvaLZEMpwA7}AS9~aGTqH`
ze+Za|6WM_Tpp1yq>z9L=)BDJLaybWqiX}(BQbF(*I&XjhU&{;jog>AjI7ZA(;+0sL
zB*d&EsU^NIG7p^HOOXfm|N5gRA3d#89gVoQtS;;BA@0v-#vE5y?f&Lu|FjdQ>Nx@f
z1Pgz{LL|FBL$P3Q;pGQJQ=3jzRGuw@wpp)$F-No3fe@n<DFeVxO|DatJ$tq`F`W?%
z=tz4t5>q0<&DlS4tea_;RB=g3R+!IXVNyPs$T6vctqoBOlljO6WqB(`Mdd^F*f+0e
zVm%kN{N9)I{xxFLZ>zhOPmNrVqVq23pIV~B!E&f><Yg<!38p`z7~QfJxoY;9Z~r`b
z0AUlEGp_)WfO{!X^F<iMGytlaDwbq#o{S4`DE<Lp?a9woV9!kUU|u^AbBXoI$2e}3
zP44}%KjTpVz;O5J`~2|+!7b3$EeO2&d^~!W?`1&e>+&{G84E4PvmTL(wL{I#vo8|i
z!J06BVVV`n)z1&^`}Ng>-&&lA=@OfieWBqQHAl+F%71B$`3M6i8m9;rN%ai%*C(=}
zZCI(?4o;u+FHnX>%E^RV%?^nQJw7otyfPPx?5_<EBoIyQ5f5>08Cz97I!w1emKh=_
zYT-mFhpJ}b{DmPK=2l?f&y`+@bMzc}0M58WSr4mQjn0UC3af$txH)P>cB;c%#wM?d
zV(q*ZmD6nhSyVM>sBrJY7&$2kEDsoy>UaxSCe)DfXOLiQJ9gO|6g58TImx@~Jk4%h
ziB+wHK8CX=*Q!Z^>(@r;c@5Nv+%3GkDdnnHFi$9&`O9eYk|Tgwyce?&wh0EkYgrt9
zV^F#N)=9?YRx=&^bYHp}rxRQ=u+(*wrny-k6|mde*NN%PI_w1?#08knxi6Q*f2Y=t
zN;;&u2m5b<O)IJa(y}oz`3wt-5s|Gujl**IjFH`#QRFD0QSL=jiueW&7!c2(@5(4{
z(E52E;(P{C5QSPeWUnq!If8Z=V81lQVW<dUd<$qK0v9WR@a-3tEa$<Bs#1|R_!ti<
z<2}a9dW|b>*2n2Js)U(M?iN^eTlX5hLCfh+9Hjxvte!{?%Q{onh3i|%ntm!dUDYsA
zq|fX>1d>Q&94#g^%k2LvspF}!!p_WtMIi<1&|5J8XZddp%5T#YL9YF#lwYJ~DoQV%
zAbG~MC;^n{)700&p^je3-B|@u&GVN8K#LoOmAa8{hz8LS1FMmq{I13#RAMyjwD@Wy
z9(gT9mcAS4Co<W8rz-dG7G8WwfPh7}6`*<Z>Ig~J78Bkddzn_c{w58hd6I=2#x^ad
zfp^3-+}eZ3@8J<%zq?EDLMDb4Oc3_~`OP?%8q|ziA_{``5t&%6gg%YDdE!9%Cgc$t
z=61xv+OgvD*tDrQ4HHbT%r%1JVw~b)`XZ(Gsl}DL#`QFIB(kjB)KfrNV9w&$70f`j
znt86n6`^T$O3#1#W8-;eB(AOuhC*+vY*jluxXxBPe$~XOMIof|H>U6q$-Os{KC*+h
z#2IE66+<|~fECZ%Z_Yuw;5p3@P4s?b0noS3mRNdI92BJ?{IR35be_GAzN}Kcifrwf
zGg8YC-3^^Yb|xb_v^TcphIBzgp@2Y-uj{Kn-{Ut{L_lsnp8(IdyT|PuuZ*%>&ches
zhjpiW8%>edtL?4}Tx7sl_Qn9jol5@L{QPOOtPNOh5GJ<<A^NGTEfn~B-yk47&s)Q>
z3=53XA^CT=MtQ^)$N@8#n#DjmU>nzZt;W5T9Req(YS5;^8yR-gagf^dz0R_DM)4fS
z8_o&Em_-8SqR^RkRC~(AL!8c=yD!Do{8_=LHn+(@woP`0lcr4q^vsk!@Il$^P<aij
zrYAUhdTwJ=m5-QfE%|CTw`Mk*{wQZhXnS^)N^eK_?&u9Xb4nN0SGBXUri<l-x<9sU
z33j`P89(aBW$Q68yQLs?U8mBHMz&S{I4BktH6m<4e)?w4$z?&bkSSbk0%nf&QR^$M
zoCn29coB&i9bOMUAq<si&1yzaxtS}g#k*hk{EAFjKUwTi93r<4wf4?Fb95iZZ#L{X
z{};Ned~*{tw%9qDjCqS82f*4}jYpy7Ta9<0{;8lf#JJm57q`8Z!Q-c+Uz-CyXl$!;
z5mP%Pmr!>t$V~jwel5=a0d|)pkDgy!msdg6sbnYj3PrJl6NtW<5$pTRotJYzEWdK;
zA!ETD?Knet3Zm+6oI2-(gAHV-$7nWN4^xR#2S+XIFS<I98l{^~r0J?WjLoaCq`%5~
zM6phzP{qzGNBkDrpSiyeQfaD4)9?{$Jeiv_i<%iVY;-JaEIiJBpi}<QS;sFuQ`ykV
ztx`eAkvk*Ru=UazxG$m)U#f^qN4h}IN+>PE%7{$oLRS7cn)VP{TN7quZoe(}ZuAgx
zZ;>nKSFjFYa4Y*+r&F4~tm#iE+c3YSX{kHry9Ijnv8{EW_{4vqpnt8Tf1q-CPvhx_
zQRmR@k#86KB0#&j^1~L#fp1+SAZO!Q^DiTrJD#ntY*S-y(Jz`30^A6K0IN`xo7VZU
zrn>1)pH`1X`*eec>T~18(JR3V4*YEFII(ytX&CgVvn#<ADaQNoET^xfF(l|ykfI`?
zZc6E8AI?!U1Tu*8u*6~m3{Jw45={8$s86ZY&~I=#tS>%xY&2IoW9osd>rGt3r<z%x
zeSPZhIjxf3GpZh7hW_mNe@8->?SqoPg2Pk?u%|7sJEsfi<=pMp-UDolI(;}zU&D{K
zDEt!H1}s}~I|#7A-AvE?@dv)Q+~HB637gK;*O_-1K6oAxjdK{?e%~YXSFd8b5kB$$
zn$4FBj&Z0CqQ4ab5d)PeRLZ#@mk?C>>orV(fM6+V8P1I#l_1ZUjE4PQy*k&kVww<K
z*1*F72i@>{6_Zq^8LWS#Yt@SA<A$*=@NNI++M5qQfNWT#Dovjisz@v2oYM1y)aT=g
z&Kl*GNm7(VG|=XUV-vKG!<p-A!nM$5;pm<nTL*+gP0zc=1tNm!=K`_o&TJt`P<?6Q
z0KNh_VXPQo6X#<93!-%IVxYf6bb1mOWmNt+5^ll{5{w0_Sh^}V%HIcR|M!!x<)?Lv
z1~<9IH8zFS5{K3Z8o{1?B*bUA&X-YEu^FqPizY(uQ)5u8pdmeQV(cP5<^hwbCk*|8
z8BTfUoz+#_lx;CSm8$QsEj&5`+4#Ka_gM$j#@|{gv0fJ7zB|?cXAjS}{m-R=pcXvp
zU_)%7k+{~R)kx@pOm5dZ^XOk3riJ;DXm1aN5I1B#`WL`IEU={FIyq8yFc8dMUqVxV
z0(tm1t{hi^3jFy(UWUOmd5=rq7*Nt<zm0}_;eE}P!0LEiH{1<5W&|Zf6_8CO<(-AY
zZGUIDgyMGU%XOKDSmKHc8%9FZJa%=b?rMTWgsDp(l~TVsMpI+>4r4WtK?^uHGX)-u
zYw+VAC>5;B21j+!|Dc0cq6yKLR$ClpMhwAu^@0b(iG}Q^PHu0*3nYawNIxw?m`8$y
z91Arqo*n}a?xScmSUx0?44ws)NMF$>A(`8QP4&kN$g3Vcjigc2k=JSa8Mfk`iWM9-
zQWKA77akOhd1cbY>;q`*0OqDLk)gt7dLsHNv~tG$@_%gvDcLzJWZ{-bJGH;2h=j%v
zAAkH7s>RHMVL(rvQcXI@_UU2{K^Y+-3OPxrej>9wDfsP)wcp&hi-Xu4t|^a0uqFXt
zg>N`bSDD)VY{)a*sNd8q#@Vy%L=X+-pX907aKIU88*=jJq{xkSMDpj!YX#I>F^ej1
zhayBPvq)I3hyebtGxiM7M4SuDCvSn~`hc(myDz0!ZU%=k7T%5If#8#B;C6BG)_Y%D
zS6g7c0g&tN=)imXVD2WEj$<nh=3q|Wc3jHCM6FK47~Mb-N{>$M8;^G-qNAM2Je}S_
zdyeFDqmq!>&IYBEhFKEbje8<(&H(l2aA&pu3ysp&?Ff+ou_xTgV^}=$&19S3_G5r=
zVnBeczB0Ov{;+bZ{Nz+pTY_$vXnK@CXmN!WZmfCS;Y~KsGnF{Nv|ClX-sg@8>G}S-
z@9^;O>*{lNI7P2Bg$;{tC&l4!)5y<hN(Xt~s8{8TB>aV;Z0MQrg;y0@*`*{3OHMX)
z__`9kF#a!_7Tu@BmaSmU*oM08c3<O{SLZrD$k~3vOcLp=zl!{?Soh6Vn1y862S9TI
zC*3UXtju3|<WkgxS@P1}Noi{i7oRgo$G_{smR+&NL)v;|FiT~o_Qu$c4^d8-0q_Z;
zI0%h}LtG%}zTCKEydoqSUnu<UQQ?(cWU>bp%+dF1;isxD-Pq~7H3nlez_cFq9UMI=
z?lGQw;NB}U5%BJ>vy&Iyf7^Z}L?Fzxy@7Tke0g~_RQR}c3?Y_6Q&et_DiSTM26?n?
z=aI7q5d#&gRu8A!RS*D6#@!Ecg5B`EdjPV)+VRDA@_ss*;hFP+;Se4s*KEj}1Dvd^
zIV=<<Zd(}0On_Mi<(81DBYO@Gf~(5U7@>{$iJjw#nYNj)Ll~t`@gS4c_mo_I@<IVq
zsqqPd7=RzIOIyDqR(Z*es7`Kxy}vu6T9AQuMv~SUP_Z2Q%4%9VcNXwO2194h2szQB
z{mCQYUT_gtVq^{np81=|i?`E5&hLq%M77~KMO6?5K?qTDT&88p#3eYY<i)_UIa;1#
zvO;?8X>F9$vT$GlgtnD##aO{Gy<54jT7y?@(ANlQnL%$BCD3yAo7=mqUlHcV2DRR_
ziW;^tkt=?DGYqL)sd&R2`AHhZxr~C+#-IZTtrvh=7*WT!e$JVRE0NHrgscLZUkd!p
z$H8<%GcNR@f79VBuNa88Fb=&k=?Ho97x?F6JGA@D>&5v3*pl>TA4u^6I7zVodw=6@
zcN@SM-&ffIRBweQ7hcdW`6Jsj)C+11?g&weJDO_FM28tr$yayfq1tJMsN&8WRN_lX
z>QCTi68~aaCfZ+hL~(E3T>iqPY(+>7w%oMQ%KJ=k5g1edYPPn`kDoBP<COKOXLT>t
zwCW>llb2{bdA-ZqrNq+tVaRRp{DfzEhQR<CQ$Ie0hX|iSKZ}yq(<RiJ2{sEmuahxu
zi_6)nR8yY!Wz}M~=kuH&`c<6!Rld2s5y<(Fx*lk_mT}c6S&*SeH>de)LpNBn5maYK
zX1zJ-X?tv?!db(#X<NgdLE^=VW<xQ|$(z)^MrKkwrB&?!FAr5OX0dJhS+8mdOuKYt
zn0L3>V%!EO!<6$z4LfEZGN|Dgq_G+J?AaC3<?}IX;$;V1A4_>iRfrJmc(QmKty?Zh
z)<P<Z)TkNwizZbl|GkrSjffl(&++ClSd#|YoVfmVx2uC;&@<$JiAzmK-DEg;MLi8F
zaqq<qBaG({!u_Z+HXx!nlSOA^qpdDiqN|W~Q~3)9kqPC|N^6X)aMpLPVzd6ROjiL*
zB+Hbi<o?Cj;snTrd3>rL=MZEr&JKt{8AdZVo{lKX>mZ}fs}zwn%{Zac4n?yS{mf-b
z`KxgPK?o}POI@SQ<Dqb~8dWB`yHa$$z0ziL=5_a&lsqDCna(M;TMtu-mwUL|!Zhy3
zH@x#-h=zoII2>%y&$-@};`MI~R-8{%_A6Oe9oyd2M>Df_FYn<48H%q;WJc6-^iy_%
zBU9^gg=&n4MwCg`^)25R=EA4Ju>@Ou1!1F@eEG;-Tb(3zdGnFk(h7AF;}KBB7%SI%
zjUp2*BNQ|~P#0Z6w2XG#4EP|7B$oL;8_fa>!;Bhe3Xjtk#+${*L*n-2rZwF7&kXgM
zW_&I`xdHmQFHz>pW>pqNPZ%6p<EbI?Q<GoGLQN?h)P#Lla6GVU=juFLJb2VvavYWD
zzIkCdp0Vd!6l-BJv$O`KE>U6k$AokqyL55C^ER)sWL>!%Eea9Wm>_e)@B<oAJ?+v}
z$g-vfL4~hHBYY;_SZQigTVPER)8)wrt_?A*a*(3y&q2p(C5xoy{*ahfD~$szV1flp
z?LvIq!B;-*e0m^U|7;@WixbRG&_AeDLt;bLsQ}cj9+>$MBTWzZgeY~W7d_our3ua-
z0(X8H`SbgHy|YFn&0u69gqX#NjhqyAH>9i*%`n!@*3B4ZaK7PDq>xUVvv-n<h8*U=
zV$_OROAaf!Qg)!cJ$;%sQLESYMi<UvyU>_&-e*u@l?Ub;{OIoVJteFzOM4j6xT`i&
zokfLN_cmui=wGdy_Hip#RZ1u`O#5bdkoXD*bLR+0pDrFadpgcZ_-dN0dZ@ZcD8FI+
z!3XR?WRPuO+#D)!wtbF^H;`ipW}y(_7jYWl9k_RMCf#{ne7zrMpY)Kd!&<~d8y*ip
zZ#*!-o@yL-4$9edANx?fKViv6;}BZ)3dlCW?cTP+vmIBYs4t|nfDIbSp0Gr84yuC~
zRRpj^yr}NX|3=sC(AD`KXV~!p9}T-x6puQ!7xA}Nkf}#?SCZ^;8Pv+xv;lFcD}FAz
zhCC`y&#v>>tXR`7S4nTyDDd@$@ceC~yJSf)8j}8+Cc{xgh>4^w(MD+1R-2NZ+7O<m
zYDbftPU@ga&iJ!gv7!;Nq-v$IQ>7o1EI4>Y$MKeRYzcpayzQVff^9S7=bxqZ44%-g
z;NJdLuxC~SmA8PEjTF#6-8cHc@;R}u>Y~0~jt&bNQ+(AODv)PO0cX^$fh-x(%A;&M
zylgEx+DpiE#EdhSFzTV$;>5tj>0C(U(^M;^?n-uQ=)HXALvH->_dPjO6CME@>$k)q
z%K_C4qg*UC`V>~3R5{W9G%zK)BOFmxZxrb=e?sM~*3%V|;UZcc-Y%8u1#W_cMvWTr
zc3d6pr&xV7B`uU)+2>~tj7Cy-m3G1{ScX=BW@<~L<}{R{lnX<1@^ALO4xhbdQ5{hP
zE;{b!9$CZ5intouv|3d7oQ9di<K^KMd<4d#BcriHYO9|vnPuqg5T^{W`Z=H7SBMeq
z)}tUn;-dOP{SAu0U-dl)&pZZ<H1QldT4=G7A1q8Y)ZF5ZIF{>Ia-TeSrhdWsOJK3z
zlOY=JC3X?NXU=QKFA+aWMfQOks5C6wYVcrRUe%5d5hq6rrzMD}77h0mD1ENV5dBCC
zsJOD;L&Ahd;v3kP$);Wsko1YJJqG{s^Z5DBn9uWVL`kqIumju_*b?Gq+yZWHZ@vdQ
z9Aw=9HKuNobjV>l0CeJS*PXc|qQf`PJtO-Sd-8s@%$2E=u2$G4L)&oek?C2Z2m~v8
zF;CdZWK%@WU%OjAUf&KKjw+zXaIaqS?L4JZwwM^s?RQlN!SNAP=%?fzVjQTRmE-4@
z(R>@cwy9OMesK`OQqb%InNUjwj1lP%;u2VR;B?B}ZhTo_X}h<PeRUS^(Sj0UpEPgG
z|7KbfdHc3dLDk`Bve>3I^vr|n0tkga352ngAS0jq9l27xU3#tlYNFdKquW#MZcrJ$
z;dg19Yo77a#>8<%!3Hpue<QzboYn{g$C6Ey?NDlc`4c8!XnmI;+2!7*k-wjm3R~Q0
zEuvzA^%R^d!}!xAX~MYl=2lhr#@^}y_M%Z6G-tJtQ_^m^YTDtG>PDmkzAU)v`i@36
zWO=7FD;(4-9DWWhVj#-VY0l{6FV}f$t<;Hfi+-zV)yq>|%VA?gJ_g7Xi@vN@m`z9Y
zL?>$m^>z|71nDa$W1iR1%bp7Bm(w#`eRhV~6b47Aw2<S{twpa?+c_L>S{`p|%JRF=
zG!)IG<$uHBw6tdJp7OiR1kyykO~?qJ4hIUH6J8%b2od2EIL!uf-T5<4rmj||CNK}0
zPS8D9w8`nLuGiT%vH#GHn={A&6@B`hNL?6rmLSAE*8Rl6rv3Z1PFFNngVhd&s<J7o
zUp@|3_E(W@<=}eOGu%jf;qT)o130Uy?vaeJ5Ujtua2k%PVWJ5$q&xl{-WEp*$`8l<
zUrc&JV@9tGs~3W&ph;%}I!{|3xbnSMS-A~6{9iBzEFn*2UI>7TtV^81uG3FtTdx@T
zN7zfOU(XyO%P628BFktn8guDr$dls{;$1*O@UV4Te=}54u5h`?NL1*HRFv@N7gBQ9
z*E(_vT4M%!%1UDf5~};XbTo7xl7?;3z{%O%uRhM!ExYfG(9lE2AHYEW?!IlH(|`Z;
zHZ5b54vJArr=`Rfnyzl}cw4~EO)wlPX%9Pv=c)8MQJ~@to>Z#yK~e!!_G)<mnvH}?
z$?w9JcB~fjQcIATYgT7Zy8$0yC%odNo^vBs#K|sdB|F!x&Jq6)o!~&s`mv=o$3U`E
zT7a_;xRwn%OX$9(sf~EukbhQ^cCJ}EhvF6#9fLipws+gJ!L8P@x6W4j?MCfB2Zx|o
zKx@kV_LB{82Zv52^(LVSb6t+Hb}ulnTLYUF%gy8FS4VHlcA^@v{6|bOpvByJK|=|6
zvIFGjo%#dZ72p-z*#T~iJ#?^QU%h1gz03Ml1P%`afkpjYAj;qdDotL33R<2~*Ej1g
z_0+gH9GemaLw`YrGw^{@0;<NyUPEpcXDDnOrq)-_Zl*wK?gW?W5zPU}B;}nOIT(w;
zAJ6wn^fS}QAboHRYgfd7oJ#t%nsliumGCWzeR1abD@${K)HE=gv?OcC&UnRoiE1h@
zPj)Q(5};V7+eDq4O??`znxJN@=a4L;qL0N#vSYKT^_@b|2R7CIxnB%$X-=%(x!<Y;
z{Y+}u85+OhC+S6Vxq_O15j3!!K@*B3Tvpf7l;wMG$Yf_cE+zk}%|g?gsT|RP*=Aqw
zh2hLu{rzMM&|A@yf%3L*ydqf+0%hoBP%!38x%QwGu+{laT&&Dy-d(|``=#&Y{Mw^b
zp8fC_5s_$lNk<dG_0g;+dp5lkGj%Q@u8B~U8q4}F_4xKwib$yI{4?+=CGcsA2Pkw+
zcr*({N<eIT3FNxhR`b6AtA7Gndk5GD00?RRIQ*+CP<w73gEt6t`e|$SU*N4jK=p)z
z%g5aQRfTsL{}0lD3%U9yinVuC`v92MUhrMa3x@z0&KtSgX=}L6_0}gY@4;`#-6{Sp
zLSm-?)K)>51odbk&KciqK^P@<O`#usKd+kd{u~2?2T2MEix`NCU|?``Ss;h;feG7(
zLqnpUZC}MTz(16E`kzp2k6C}6@^6F|=weAVTbg-XThY@ySCjSXkn8mKQBUH>C`Ef_
z4AxE<6DU>VU8&m-&|TTHqZ(_-CzO6XHd+i|A#aET-Gew&Ci)$6X=1^#xVVb55v(pV
z*v3$e31>se3AkZ^-}%o($jH9qp&0GwGdcbgVI_a%F``rfoV2<mCv=i`SxFgIZo1YQ
zu#KLFauD5t$14jVhR|gZkJ@qqDN4PnD*RG|#|u>`;kjYli7DYgE-WYy)HRODv6p8l
zuq!f$zaCZv`fXxq8=|QxMJXmN1i@JM)UMUSaUV$37b#AOGn%uPf2%i@F<2#SS?Rr|
ziRBincIsy7l`_Nr(~O5niV%CV+0r=dPRL6Z)P>%yp$~%sORU3i%GoGr49v)an`xq<
zhjQn16a%Nz4xP=F?6MMN&M(TzkN&DL>S>#g&a|yfL6h29*~-CSK~eq`;hb{y=`aVq
zytcS&`O^#in-Sm#JrX)-(|T$Nue96U*D2Wb`6_fX!z7s3{UacY2BKfRS&#6r)}TQ%
zoy+t7eQ5po>1}!aVu3QS*nD9!0AL)cvNySH^d0lPk}+P19l>uYs+|8q_y71awT|{*
z>r7{ujZ|=qsi6*|J!(#!($*@JH9JY&%_iHB236#_mnC{y<9januFP_h?bO5s)Id7D
ztcUC3BF}({M|s7(hG#!gQ^Ijdup|LfL;j&ctez4@Y@bnp46!(F1iq3oofe#QFw~cq
z2{WDaAU~+7NxGx#4CZjeN-8*=$ctp^a1vVYd$TMY2%$UW@M>$dDct)eslriOOClNW
zV8Ip1MA~-J$|1^dk76ep*0RnY;grBur+NAaj2Ngd|M*^ajb@bru}hJ7@Yr2v<vlhr
zfLb}lIlbKRn?Tf@`Ej1O^?koUumjZP2;ad#%S$maY;`qipW5F-!J^F9|08O~UQAKO
ziYSMP_ku9>To=J9dx$er<|<XOVg&R_45|rO!`c=Su9SsK8uvDoSQ(2Fe~X+2+A(7E
zK&q*$elOKQbkF!|T2rXm{BV2dKl3OH!(A^e)98h6U+Zs9H&D>kNbdcA#HN*?S*l+L
zuB}g-p88nBgQim&Fnyq$EZeFZUm>gbA=<*QYXKY~IT2kaI+zESd?5g~{fC<-HUqmN
zBJ@6PC<!B^SM<75LFh+4N2P_*D0T-c7H(<V&t=E~Dg@MygTI<lel9A!?R>(#jO8u7
z)sau=)&gd8fKnfCpM6pvf1ozs`l8DHzwID1x!%$w-Zrz}7=%r@MfW293B4df@+JV^
zKJ__iSdjIx)7eJU*Y_5v-XQgGX>6nZy}y8;hTr^U&!z!L33lIhKg*7bsfn9lU~is2
z+x(jQ`i!`N0&And-LaG$ppU^b4FQmHOP3}V-p%Rc)hi%Ml{y;qQl!De=m5aAd672b
z)Ksw4v~^cw((1?G(~`Z`zwcm@Z=D?>=CkW-$x*%Ajy^3~bI@QTvrC}B<mP!%*#(P8
zayOrLvesPx)e0LUe`PV(ek%6(?ymhl+zA=v!%gpMEf56nH*>S@gydyxkblCCsI=x6
zUa_q^zV58LBI6HLLNPmSK<eIN<`#OGtM*{uFj(mG=5qHRfzq<d_($A?PG&S$-8DZu
zup_9KCCVH|LmC&4+o-Up`ttvmnjK13%Y+YE7P9=Y(K$OOVHVy`WpGyQ+R&-7X`dLj
zs$jmE3SqJEto8{zvh|%AnD125L5;m2!02Gka}#b}@PVy3qf8!)vt>#$Z9w3SqIW)M
zLXT<P0ypZvHYooUu_Y{YS8fYT7($VVt+5BoZ36BJ@iJZlUl2Ptzkrm40##Q4KOa0{
z5uZ7Gl|{+=E=ICo#I(?%Bo8dvtFKuM*)%*LAA4lO{+R_@(}~S(+>r@G(p6c;dtZlv
z)OU@VeMZPD=r;kHV>+vxuh!l`TvQO$yX9VHJ$sIa#6yvO9OMEA_4<}po$Ph=^%FE8
zKwyE`5N6((UMlHfj6NOZ=+Ioj5o7l1!TBEQ_29-X%e_r$9yw4}5Wc`GMzk+Or;H-s
zeDzH9*-S%vy6)13w~+sa31>7Vc+Kd`-?_dovcrjQmWz3|?ZNKpO+zq_(N+=vtCvYl
zxBP*8b9ZI6&Q1qd^(Z83+8a+i=l0mQUEC8Y`hB{6_0<>0-vN^YspV<DsN`9h%v2q^
zkC2P}n^UgtaJ3yKkcL>j7QZphoL4ZdxNt&5wp9PO@D%3Mn3|&cA6Bg`Jde~M_p{T)
zcx0_Xd9Ex*W}MR{*vo2F%sv!Y!-BxoiiHyBpM<|8y5AZdG5&*@7NxEQb`U;8ioX#7
z!s|q>`nwhTMY7))B0V=>!0VlP7ZYG#TVEP5$J;g+n9=@4ZK6z}^dM?Np^&T4<0JtG
z6*P&EDYg}57@d%w>Xv0G-Vh`V)WYtc6MO8wLAQfxKEbQ1Pqqb^gQOOv*ik7dlANUw
zh^C%bKU=b-eW(tVg`p*Y3pfXCFuk&>d*j(VbX^4M-wT=AIls5&bv*AD`+p{c9u{xc
z{2MbLBC{3;!5hy#6Q6?E!dWs`i5Lz5FC6`DoYUy(o)=KZ*(!1e%9)sG#}|D)BsJ)K
zHHM2m4+<O*2(!c;+`f0iMcBiyHob$aBe|0~EwI6l5Z?m+6T@j2P`$s;-^ijs5868&
z6&aae_WSk$X9dc}&|s9klY|s`L{?Lw!7FVXfNcxEwN#Yj^BXN9CBr^}zQjO-Tm!wp
zD5tNB$&^L5w^JYB<6(|hd0@)xC*LUgTOCbQG_%r9w~hG>re1cZDU@rW{3nd%eR{l(
zv958*5aD0jj5Z|!XLs-Rz>1h(FG@|z)!3-NjUq_h@e2sOf6(mYg*BbJBKU?5y{f&v
za7Tl(i;zT!;I7T+xR0q*v%b7&R%r;$<*c`_z(ZB6ecwqn)5M@wkOzHc=?2BjgOVNO
z;LzLc`M39Hl2oN5rl-S*Ws<BXi#1Af_fWC1Qcmocl01<|Xub%>Wpb@DIc(c}pY%70
z)-P=rV5clvh5)y#tU}d*IlehdKu@I3w=dwp-8Uz2SCTMd_t$YJ6*ox0VC<o@JFYN)
z!}MV5jP>$(7sAoNbQAsK2;Qj5n2<DuNUI)=#mEPhc|8Qcm(cW*;Vx<Mi&u)J%6+Cb
z=^gF80!nq8iOI|jfb*X<g+E5i_>${qQ#(&f6P2@0A9o=v=}F={PbOh(LB?IeYK=OH
zsg|oZDITD!?+}%xvxTbtxbKeDQG`g+-$SbY-vIxXyAQa#x&6QF`)GW2lE(HzWmfup
z@Uvy&_-i09oKG7kg~_hmQ{@P+L2DKJgMxq9Hu(1;#R;hTZpw&8*Kp2=Msusw<mbes
zcZ<47Uxif++{$S8pZmpzR<d=Y>**wWI+7I{l2*3+AC^biU(?^J2Ttkc&Mx-fs^uhD
z2fM9piDHfdX#v(F`q>x!>W1DDP^3@-+r8rPA#T5-qqSFE=__kB&-K~Mb$^B?6<Y>S
z6*sP5>|Cv^18Z#It9O7`gzj*seSe^!HXnB5_&HtzcQxS?Lo8ncAi!wOzGYQJWQ{AW
zI&O(MnRd(~6ZP4UP$-8bO&XL*X0j)T$Lc{C&{#{Vzbo76v3N_+2UFmQlK1B<#3Gl#
z8xhD<3o+{OWz7+rDTbodCw5At(k*Rip|>@@Y^_+?IYmfpg94<$6&iOv_L9q%=SzOp
z8S$;yX|xm=KTkY&Yi1@}A{Lq=AM#jNm(Kg+LvvATXu`q-z^{Aj;9?e94EB8HPZV|T
zZw%|xVo&44Um*8lZWCFxrU)rA1_pT96dgY@?HcsCacPN$vy_05nm6Ak&v2;?=yh7o
z12jVp>Zr6%%ZZeBjDUA{U(4&qBjcNFSY_8?)Rk#{g*q~-se|ur$Ytjp5>15v%#5Jg
z(|M0dwYA^=UT^Ox&*UMo+bHK)qfLtRMVB+xtTt1@aBB-TX4RfV#P}*Y4+(taDmW_%
zB=jnhP`?osju<=l@il!Mx;>NASRwoBj_7pkzR+g-Slif?s39h|dhJQ!ChwD4&*k=(
ziyf97?5^{C9$;8c;$0<(mgZL`un02v;Vbno`mX#E-tsiJ0;aHP+JS$=I{y-k@my)_
zgf3+z-Cr74|D~un;Q*dwK1AZE2mc$lb@Hzf1zvxbZc@w7{=C-by@Jtm8h5&P$pa<<
zT1pC?1XckjZ$P5!o0G%7%PYr+K>H&XXkFeQ!>pdwT!?SsZm_wJ(qV+*vzLyx2?>?$
zlOGZ}B>Si}85aVj&5A-4pl@oEQ#}=`2`R}<i}|a^H>w^M4lHdM*<J`)P(!y-?Omzc
zTwy9l?S`3_0^<gB_#})#Kd25aN9zcNFFA^>zz{q0tWU1P?syC1oiAX|q3CDE&_6N+
zl+3I7teb!LY6Z}{HoeKzfSq_Yd7RC|pP^#qvE@|zJj&b%IlcNe>1JWFNNC3rvWY)^
zy<yI|P&7Ayor^uQDhpJRStt&xM$-?Ddw8oCXH5+gK6D%6avs{aoSWMF;10)<Wp~62
zCEz2CW=?K(?e1*qzpzOGH^skazqYprzk$YqIY2KmrL6Cl!FcFI4NxP;mi`*die~)3
zO3ts%noDUOLVige6+zMDEn3SQBau2OGn!G;nlT@c&F$sLDb^qM*Dhy)zO$XbKWG1J
z|GQa$hlj-upQmyBh(>4vpS!nTOhbD)9nUSjd-<_yWAhb{l!-VzYPHCWv^`wuZtlz+
z3LqN(^D!1Wowe@y^l-EuYc#Lp*i$!e;hD=*V%x}U)bu~Zs+HZ=^>iTT8o7q`pR`6S
z-tbHnp_QJ)wFe8Uwvekp%>BfwbDu9dNHjql#_>!UZ93lxh(fL6_ypIBe)0*zobqj(
z4S?-l{l<3A_il@Pc4N`8|EyJ1Vr2Y>+IoL@y|*<@CfqQ|HL7PIS62tCYP~I_+0B$D
z@z%bkmy5TE*PLAd&9~msp1&}+-s$)rhX2)%`#Hxixd!iR#{Lb1BRZN^h3c;!0mToc
zQQhuNxHW#@?%}p0<F}pHjWr(7k8D=|xaV9omW2_^fkDzI@Kf^rO)GH1ucKaWc=75y
zWCvHNtvKdQPQYGhwVrY|16b7+G?fJ09{LLT=iAo&b~<^}p8_iDgUOSqThiOu`iZ!m
zL6{+&CMQ@j3Q}mSa{ybQ?R`?ifTW=xGeF<&Kz(lDCg0WxaA)kW-r;P&&hNXet*Z>I
zALMAqJLOunOyq)j-sQSN?rPjTIG*i~n(QEuBy<8yimf<LH&^B)E{REP?YJ5`TuL5<
zPgw}?@4XjO`}qNlX#$ww@x>y0+=SpGWP|i74u=YH)+q&3`nJ9&{7T@*e|&vDPDm+r
zs}xT6Nu7z98H3`$u>9mPx#vOC%5{zBQy8dhF+|4$HlS?tUU>>rGb^x$st)?$mw0`u
zAgl!yEy|q=j;83huiND?<k}BM7<>p%ZR<5#cnd@98+m6IgqP3oEBFg@z?P$OFG>)(
zl`ba0H_xd&A#ZT0JpX-dG(P2vrP^>W6_83PO0-M`>w>W*oW1&?(Vs62b;O=G0~$1&
zwh-kq>8`oF&B9cc>Yjr!HUM3<xp$*Ep$@?>u;y>TG}<Or^9x-Fy2|Yk9Fpr?mgq*I
z%bLow&&qfi{mk_$U+z}Xt%VwBnm@sP`qVlo+1VD^o>y}W^0O|QxKss29V_sWNpg_V
z`fcy+v`m{QyJuEm$mXC;=l6({od{|mY$`wDQ6tU8A<9wyt!3TYr(`1Z=i}k7o{*xh
z(EF;;_x#75!_A*6BB0wt_nQX)?0_52Q^{%r-|wt0FtRD$4VCJY3YBWLGD(l>$t{9Y
zmshtx{g|aWZl8{AV6WOxa|B8*e6=rpwGv3vAJ_*AX}ia@#`)8R1vbx&=VCWKL_>#-
zKzWlO2%%<D%ogV{Zuk&Ce&7Wm;SJ^tuygYx5YMNXl<i<oB1rU>l=z4<UbyKTR0)l}
zhL2WZ4jmZyhU)I1mZTCV34+sK@W07`c<m!;2n<w2LvxLWl<yABKJ5>rF<~`|2qkd2
z{8ueqFRceYg;KUKZou>f%feeoP<bMRpon}cN4OgJD|Rp_y7PjN(pK(90n-S^EejfT
z=(k2b2tKIbsQkKlKL7zng1Bf{OnN8Nfl}QY7RPGwZI`gvI7Eu1(0bZo>KCx<?NjIj
zs_P%gmCUm$K;n^NHxEK92q)T#Q-OwLK?D~Ih4yW84%6<sgV%?fv2r0VCIID>6afsw
zYh{2rb8mp4LnI#3B%fVYzc4@I%?d|K(gK%bq$v}{ds!pCjF>j}{s~+F7z>49)JS9q
z5JZ)(`5ysKchP9kxU>B<|NIlsg1LquL~1M63CuTRff(;`&wE16WIzt4(c<{mKcC}e
zCR7mYL3zkNV)(=>-piI=Du)_=04Kb<4S!S)!>_<Nt39xi%whQ4K0&iMPx0}-#6Nfr
zmt<=y$JB4DW?73d{AZti{CqxN&(#8Vt2>fUpF+Hs*H@?i`g?z$^Lz2%viCqoh*C)&
zk<jJ)e`~McBE0D_xQL0?h(_ViHT)8=>PJ%*yYbZSn)iN&&y9yM5%n*@u*P@g7eQ!X
zF9-Zw;30QUj>b5C=mz7D))O~;R5E@Auy(j&6|@dGg@HmlzUV~k6!j1YQ)43+dMJZ1
zsepNkf9Vu~8N-elSQh}wCScc>Ap@ycjLlG?1eIlDYK>u2q^}!2`=_sdBm>_iP5sTd
ze)*#=sMzm@`NLagE0g0Ns8rVuv6H)mlS7aFA|}kJfy}%s*{rPhCJ=$8iX@u=;7rV}
zFpn3aWm2a;Nh<i{#E_ilOzgpV$7M=2T*iLNVSIryLQ7T8vm(8M>N5N>I?+0$?8x^A
z>kWD+j4!3)4H3I#6x~mIZ3n|Xkc~PJ_gxEN+OvcP3wP|#7>#2wfhA@fl|wD|2jPm=
z+Q=Ns#*Y`Lu*n3+k0-w=Gt`a3LYup80}a`FaMt-%5LNMgeObdJp4_UVLOUExpDZ*k
zofC6FJQv^Q2~j9*#pn8VF;3$RC&n*ss!bvx?9@1HN}X<~1IlL1e$2EdsVo!JAr6dZ
zk?6f#r}!@?vqyenhVJShY8_)qhH0U9g+_#JfMso=#fjMfO?}L}YR*fn!`2;SHv`*Z
zBbG$NL`{hTGg509pJGZ2!{{eT(%)kRJ=R9tv*>svvmgmsdf7@^7Caa|X=D7Cv|b#&
zyYJsVER}A@HMo9iWW2t9-%kg6nHR6LB$+qL31StK9btsvuYaZ^>X*6hd@>ejx1bB@
ztoRHl{_gWvokQ@1Utfb!KKV}S!s1a!8~eFt{Ga^4^znGMSl;?qRvbl)1S%7ZRpK$;
zG(PoG#wrb+)InrX{^R7{y7uWv@eIqkDgVzpKJjECMv<wlzN})tjR~eMVCvVXe(|`5
z6wW7F5L3Z6CU#RK>0dpHQuzBj=g5k`p3?rqt_s?17!q_&%qgj862Zta`r|AbmGHAi
zvatY{gO4){T;cgXGYVKyB5>~z4B;xS-%;|yz)y{SV`z{^7)8=~A^ea)>v_S@l)Zc=
zc&r3wqCcUnQj{xcF-sGa&;A68DChrDLmPes9rpF{+OvF^-5FW6YvtvjDQqpAu$LnT
z;So(!Ce?zIO3btU_y1)xd?5d2Gx)h;0}lEWWj|@<nnkn_vbIv%1}N^w%tJ(p-cA_*
zr5nz29D8d9=WS~n246V6@z@aOsH(})3X3d6*zCkN_7G4z!L!Bv(+8%ep`*-#Q?;`V
zO@BxXua?+$*`#?OIcv1Z_faq_b1#EtwED9Tlc07^qpP9HK4*(YLp;;Bxyw2OU#)_x
z(qheHxhaZPvcm|efo!lKFl+~_sOK%KoH^ubb(R0ZFX1>+g%S6a!t`m2-w|q9ur?C4
zOh;o&5PSEtz-<-(85oQO=NB*ieyIOwV+}I7Ywe`afH*8>aM;q}k?MZTGloS@2K0L%
ztjPyvc#~!DTw`$vk_$I40&(8oYuhC+060l!%2&sb2mn$BPqk94pF7PL8w`a)?UKys
z5ga?Slah$8M;=xmjM@@Z*79xIq->moD*i}Lf$&Xq3I>6q4(6!en>i#e{TMRLhpO`W
zJ09);D8wT1Z#ZBOM<SuoO*}@(29gZVCP0PG%wofj4bCP(5FV9@O$ExGm@!8Fs)~D5
zFI{H@BOWHnboM*Vy@t#-K-2cktYi~6x;4{&vR+$q1hv~M#?r#h1QFrR2?z7%GdGHu
zIwa2^Wl}i6Gkd0ZvZ>0>hJ)igJC{05*;q3&YGiK4IoaSH_V$;lf|%y`0-ZZs=Cx=L
zJ-x12KItHOsJchB`|VY04f;)MQ11^n3#-x$SK@>yZ>{+sc#kk<+76%ChyR69yrGB#
z!-jiRsS2^Ib$98K2+&63cJw7&Rcd7+CXtDauk_ffz*+;JSE!3Z$|;yu><2oV+l}Qk
zr$=<d%41r5e3NbLK&?b!Rhvd(dd*Dz64tT%<yD;E8%$9GP|Kf>Tjm~<kZl_$&c<!A
z-Ap&M+`xYR5O>a`D8#Ed_@&y?E(!9Ohz5mMrkmZ8IV|=d=Spm;`)AmeBWtm}H>XGX
zf|IUnN`E7ym$^q84kg=MH?m}%WN{Gr&3AG>Pk0oirSxW#d#~L>v4u36Dsd+HpUi+b
z*&<Y!(d@tO2jdrvHB?hg8suE)ZR0(a%x5bF_&>+cf7X5FUa-q0S=YFQ)6ml|R))3p
zfj2lYkJXDBjF~bmL!NU4*>zmi;1q_E2kJ;CRb};Nt&CSYojzL?69GCM4XQ@FM7v))
zzro}ZmwPOandzz(kb+C?e(62vJ_EM1+ZY*}o*k<3xbannwbQ&8B+Nf(;0ug1IlcPH
zE%Ez<P;5fD(n_$C1_hdM6gd?$qb$}^TM=UDISf{BAhlW(O5jA>waZSoBzxBILZwB=
z(JdObNNO>83G34@v-EfBSxu9X$7?5R935gy;T>0R3X|3s{8RBgwar_{vN$@KCQ#q|
za8g!0I(IRPLkpZZ1Ip5=UXIT;Dn)}r-QcuMY3BU)nfA)o^`ToX8DERq!CEgtO{eO1
z^;??%&Qf;^6SPq8C|uzN6+)|ysW5{v?GS(K&#A2JphU~ldp<B-nBj>Cat`*x$2}Uq
zx-K^Gz_~FG6gLc$ixd9SDIIGm(ZSJWVmjFQ!0;{UU7wP&>Y#DZk7rGg<<M3Ear@|#
zbPQbk&=L8lK{}_iAdikJf7=$S6Q_l0>prxmBU<RJq)FLT`t&cBAvEWG5h8;d^UIKR
zrckznHgeouRC>5}-zXk;O0GEQdMyrB<?g0QG~^yMTB;8RC7=V5c%5KCu0>9#UrY^T
zokoxuW!E}%Z<29uvQ_-qX>WW#o}77ac;6eM7pimvwQJhuk}#GGm-9bX{ouG~)%>?H
zt|cBA*q<WRcR?K!^j;VWJ_;tBKyq%>J`9w1RLISB!?>un(^JeKXFrk*F<j3L$rlb2
z1rjtT_*41cdMP4YVe|UO82Fke>#qo^yQv`3co3!J^V>zPVm>h?e@{`{j7Q*Oe!8g%
zS&9Vp<#z{|J^HthO#6Pz<msVU1l+WO8*Gas=sV5J&tr)rFY>R9I<(7jQq_*M&RVI?
zAKzsyRXo42kLUy9>Z}l#zPx=Y9jc_Ew0Os*O$%fam3LF@DK;n{Ahz_AiTn5e_I&1D
zB`k6=1$!st`OrYdydAGUr9VtGwcDcP^Q*<JGy1?(j|6Dw0T3d_4h5V=YMcLDO&dWy
z_BlDuS5w)wQo|@KV$v3uT8j~2+3gX+|74EnP4EXqm_C$GIW3$`in_Z5u7%+d26Ndn
z`nSmuYiq%y`WRPs3<uK~F(A0pK(Uj-H9B8Qp=YN5YFZ(7PDtUj32fl8)6jFAC>s)V
zV8i@tl0i4CxZq@Cgjn)IO-zD}3#u$w*lI|P0Y&8oy+@rZ+r2a1af}Y>kk~_;DhnfB
zx=I|~{=B&)IyfxB{r{;QuA3i1eaOJxu5rm><j2?BuEsxwb7Z|s)&l_6BO(H74gq2^
zQg;oaCh8zIawbcW`rWG#rM*+e$lHHMc96hX6C7+@eovs=eFN}%`t5Aj={^qV^7V{>
ze15(TG(1J&=5-Fa$p8HDe3#IavieUsQQ9@o&o|KD#dbz}{f*%H(s{3l{>WWqFEzwE
zXV>rlaD7iH!D0#RO-}r7I~aq5I&_OlU2GKFA7eGN@4R-^OaJq8v&(DsVw5wu1GP0A
z<!TYDFcA-O*4r16LfvQo#p!H0j%jZcKV|Dv$dm;ohn^9el7o;E3kdCD-%p<NbG(OR
zs$api(-irD+z&i7LYLtY6!l|tUI#gGWJlY%;?Z{-gbMAI2=zK>7X}A{dh@V9q#}Dz
z%xjfplD)6kYnlG8+%#Ps#dts%D`2MIXP08`{1@bLgU??L=VLZ<2<Zu~gs@ofv1>gM
zQAU6Me^-&xcS|l*8dt|4i8A8Q@vLt;>Dc>>OS<DX$gFkxh|gkg`^7-thSzFj-b+>2
zWhbut>qUCA_DR`A$ocI&L$K~ic231cOI-7dea19db7vYG(jAC=t`9n=u_SmoODXjc
z>%BCyTqyFEyJIwTfYkGd|Eit#SIV!`4f-!dMklN!Km71pa|rFVW)td{NP4{I9@|jE
zJ5`S#X5F6}Hee>llOyBQnQPr|UjlJr4H$_gezQhah`wbN2m#o4wv&pefub4Hh7WDV
z?Nj_eCzhWH)w)Y#GMWp)j8Xxo&LvD2ShToRDl*f4(KyD1`|Knb^&PWS>zu4`JJU0o
z2KTO>;b)i);5oX_%l2^EKRyhJ&)eD(X1#VhGV02PaJim*>`&~FN-G4km!PWP%%q{j
z<+V$5q3ypD>r|Vc?jhxIZjplLv7%OlB&d$+Kwa36E@|^3YT$&dXglzOvibowN5Akd
z71k-E9ct$VRlvWo9ncZ!Z#EV89bJoCqfyZbdwK@rUKSg5)&eS8_0Y*LCa~h=vOTq#
zX*U^r9Q8qWO(rYCjC|MEG$Dv$G=_dI;eNK^D-#U{PX>>M>T&B!2S{lmYQ5NL^G0`-
zKJjp+D+IUVZT>NNAET#)%MpS-@(1@s?viR{C<(IbP#K175QXP~n>bHey>!u?5l)sv
z`m0OdO~Yza49n}vsSy9W#?wtVBT=@uC)_068dY%2fWpn3L$)|#BNCf0hEPyZRqv+@
zV>4(>deDrxy*t1Q&&B;WYS^}jToZY7NGc`>ISNq<FJAp_>IvOs%1NFA*H8a|Ck3wS
zW<R)W$NMZ~i~k8159sjsRpQhP8LUi+H(k&Luf+cfP}VZR3)#sQo8Y+&UD*jfML>UN
z$wgW<YMD5-SxD}QslP5aG4r7F6EhFoJu!8u5`^`{EP_+^)cmB(R<<W)w)XwaNrOS@
zoHU5s^PEiZSbR=eRhOTWDF-iNPBpc1=2Y|Aj&6%SaYREHBm{NDxV5UPAk}@X>&qF4
zCWIp$>D&Yz$3t*>-Z^~@aLCa}JEw>8ZnFnNHSWx09FalHAw?jH*;pA56yP*AwrfZh
zSI$fqA6zHPcg5Dq43gE#n5ns%GG?HxMOG){vbe0)q0h}0QuC79J%XDgHJL6Zcr3X`
zq+;pY68=i<6qJ<5LwAgQp@><b`0btkt5+9<qgStbG7SIizTzT!i;_5ED(brxC_f4Q
zt~c8m)J(6=hjxqEV+G7WKs*@OC9L@U+3;pINz(GxPm4knljUe56BcCkQvu8Fj4V>t
z5BafP7bqt3pA_v(4uTBUQoM;V5nI<=w3kIu)YF~lr-+K;E0SB_dArZ%k=vOmA=iQA
zMCjztt87+>Ojk0XihasdTtny7)M8^iNqYnR31$qF@D2^egxn@aaLEUtza)`T?ej3f
zF}|s45km_Xk6Ll@LqFMYQD5cVLAF58sADNqgOI3HjS9SD11zuXIF&(dxKm@I$^nl>
z_OZA_KA4k0L61<-lWIS5B@|>%g0$gujFc0zzJDfz#Om`K0Y~0YQNYqThUtATONYty
zO2^i{h$jOjc|})Dwqf<wvXJ~HeeGo#77x;t8G;Tp_GJDJ8@j;BXkVhzrNA-Clwdlz
zJp2XHGUSHEQ`sRFZ7^>blz*C&2)l_DI^{~R(YI1-<eO63@QUr_HxLE*WgCc8i}6@w
z`DiSOhS_lx+Sfad-FCO#T^@WcVY9m_na4yY1o;AP&W9I-_tj>kZp#g$z#!<2(=;_&
zgp1|#rqz<#0Gj<GRlI-fBtQRo10Ws6QqklD+{jIc7Bx32%a2w$cN&eGn;U&R)c66|
zCBbCYGC5pYtt1U;nq?cb^C~D%IOXp6{6dC9(M+Rp5=f<A<?h)5P+xGx@_+;K<d{h9
z(sa-$6Yw1l$TX9&M_-gP!Pvpw7zarr7(*th3g2&^hrrUYWk(-6CDr!X;FF3n7)33L
zpg%$D&H*<k|Kri#@m@av<I&#nHviiuo@dXVfy+2-U5hPDpAwFw2nT;+J|-~-r(_aQ
zGQkWr8n!+a;Hi*eP^NhbkUV<~TPlT`$uh-A5KCb4WGme<$z-XFbyV_!8RKXoJ%)7C
zLa&|1L5QeI2Rl={dzDLWGLTjrov8w;BTczQcmrpMf@7<lA*SdK20`0&3@{WjEPdR3
z$f1H_b-^p-wo9Db+IIJieMX3SJR0+0ra+mTC87tG6P@%Y;z;FUlX*3H3x{bNLj-wD
zjZ<Hm3!JHSMf-;c#TkW6p6~i7;^TIj&ntnTV-)rpji11;F%EnXjm2_MLQjeH|Df;|
zhYUnPJZfP@|HO=BiZ*@%C&>mzpWlm)MHEe?DNQ#JAhF4eLz6lf`C6^8vV3bjz@iW=
zfYuum*7!-XV2;Bw_=kw!5qi60_)2AHv6*W^LZQ3K7#E>$@mk|2d5IQ>ek^+XoGE?^
zN?A$yrpQ=liH{o}i;W2Ik<Gv`=47G|P)DNIP`7vDPhsdG-=J-JY{pI?`T9*i1-FxI
z_$EjijuYFU43rV-Mh5}$Zj&BDmGKZpk}VoP$vG}*SHcN0dgb{Q7@*J_PawTzjmC-Z
zV*wimDidI@@e}A%G?kf9?eQE^GBM1b`e@3xB&MJbDVGNZDk-6*OKauGgh<Y%qLjsV
z(i3UT2f<95Pp9fqFrmKM^y#P*+723`yL6iRW`Y=n>Ixy?uukf1M#+CMV=-c#{o{j!
z<F@2P6PLszlnQ}TGy}=mqkl`wK^zJM3kBO|OHWMJTl1mulT`T9+=(OvV@Q1@1mES~
z&i0gi*=Lq%O*`83ulmaVh`8Qa`+68uNdHXO6B)KoDZ4x1${0{XAH3H`R@M-=l>rj_
zNq~oN212z#*6|<4Fa+JX$fsF2EtDmS>9V0iyr}e;@1qfga#nC+i;U@Rd++e4M&pV@
z%5{dx{O29;k7C+Gj96-#&U&W!#FN%44@I1H3__iV_$~8COXnefsS=0|5DF7+l-&@_
zXW?<uKW{f0Crmo&usGm5;MFT_!jG%E_UaXQL8u@f1VgH3zS8oAh%QpX5cZ|Clu#7~
z0DX#($CaryLR5NbL$OzDDbF#5f%X_la+)hgl+wiQH^yh%Sa+09_!u%pj!27$V3rh=
zW~g>UTY-A7UNyjZCXKq@w(Lm0G6293qrg{-;2mTDGDbWs=d)V5!<l5C)Z$ef6C8pe
zoC-q9Bv>jDnLbsN;Cod)Z8x$w55bJY3DssoxS0@_F77mEH4+(_Wb3NWz!XCO^}bev
zx&bf5GAbx38ZeGEzzYxzK^&!Bd@1+`>mbGfGKuV^yfk}1$shwtZc!*RTOmm<ed3se
z<P=g`l6DwVIfEq(5}A_`)kH`*kjvByjc{nT;ybx6>;S~Q_RIFGR}Dicoracy5#oUH
z*t<=#=S#eHK%_7h``I|iChruJQA!VTC#`*k6cTQxzd8t1yU}<bNl$PoKPowx6BD%~
z*=DQ$D!y^BR&vNqLV!7w-fqD#o%5QmZIvQjyLK5{r$I?s0}R)vf<ewkY4H#x1efGR
zSE78aBD)ebtMk(2HBQpI_2-O)RD6h3Lpj7jW@wUSF&*<v0$pi_kb1CWr9^p`8S9+A
zR60}?1+#2{D-J^+QlGWAW{R~uR$f`^v(Cpc3L->Vn@7Rg+L*Kd-|Oz@^S>V)?jLRU
z|C@L|f9|{jQ#|R(wOVYN_$)%d2%Q^xW7Gq$I$yswM5)Hvr%2}$&m<DmqD+@-0p(}`
znh9sMMd>DJrQfAYY|BjZZRxSv{-A7-qU5_Nq7?fGd=dNl&;v*N@+Y2L#ls=~1e&cB
znAlW{-wMN1bEC(!F^t73`tKM9%6}h5k;J{-_!BAUvOE`Uh<*sM?!j2BDP)q-<J3ut
zP#BbECH*6e+XZIeh0Y@I`r=BImG=oE<h^V+&WG7#;(8}wG#_=zAeW0v#!?c<Yiuis
zD@tVvjE4z5&BuhMrc7ypT0{?63h4*gf!;6m$JN3!p@o9dzEp%#l@nYuZx==|qB!J3
z(EO3Leq_xYv>(FSFg2%@{myWpHMG*2g{WH8^esZoE2@-q3#lApS*}^yA)DUn_XpkH
z7o%E$=1)z~{McNmrw=Wfw$BEhbp4mkU(%ay1}E!V{O7L!d&hf+yZQBhZ@0T$|2Od@
zquy&gQ-<1%k%%=~iI-&0P6wVpHg5p40Q4-;)k$kKWr^gxxR<#EmOEo_0O^p@(@Cov
zKncm7ogVjG*6Bk&ZU8W%B#wHZd74<+<Y(5bMxVn`2JZrnIiLKbetiV5WfS%AD~k?V
zLR($DfOJ_P(Nd(f5pWrj=5St+pr&?B%od?#Y2@V+Vw&;=j7y_5mm+;;YAiv|9NG)g
z)6}ku+9Cw4a=I^}sV-hXy39Af6m4UiUS`g_y!scRsjgfTw?!#hcE6~EqPlodmR4Lv
zDwkCs&Jt7ql9Vl6WLku>x^gLgS={DP_F4MsQXjumtYq3LTH6C{tT~NQ9&hkk`Bu+6
zx=Fe+AS6IAO#7k%Tqfn%nB0A2@xZLVAMr40yVyxxPY~3q!+H$>9KDLvFxo@m@&<3}
zGFC^MSv(~}sA9PxN;+njEG)KJH}ec{Nb75XK~7WW+vRC(0l8;-=ls=kGzT^O&0S+q
z#DAr6u$<ZJjKJl2>)k5Em-X+P?#8LUjLWm$@lGP!c&<WU%j>=dd2jbKHz?+w1%uNu
zQGsYM10+h$ZLMSAD;1bKISeiz8`1dYCP(gCL1A*tza8KjH+LTv9l&Rd6Iy?>6HPtW
z7|S8fk8t80ug|w5M45~Q@1cBZB;^Lv|8UwC|CkdQ9iIVQBIy4~F-LD<ID2vV=l{Me
zA6ZfTibEbVYsAFMQ@ekqyCKm(O%Zt`uzD50(zH|IF4FJ<<tkF9!Ude5YAl~waYD*Q
zrz9Y2{oz?Ou1PuZlTC`QQy2*IA=l07c~>>HTwyVD^UE=J77L(KIhpcZ{=*<Jx64)C
za7lDWKk~6s7Q!?UMJr)yU4+OX{Q0W`<3%H=B&V^ljzRYP%*Px+CSA^-C*Dl@NZ*{(
zzCRb>pzj+$2ji<21qcK<L`-@?B#10TxRYF$=g_ar?y{cgx?l#pYF*LTYc@80OOn)W
zbOt**zT6}($^N$PdF;S<xv5;8HSSxT%?|RdXF^w|v44cK{I@i%?puj(a%b*A=6@ym
zc#z{qL%cHbEs#-|Iigls9F&r9IU)*75<)INLo3PikTP>V1y+`(m3_Zw5j($oD+}Ms
z?&YKN%^&9bh~2k7YMs0Kb1#%j!@<p`*`mSX)<=)4ESC2|iSKJwpHK69Sntbn^*`DL
zU**w%JS%>IfcLrNtIn@w&3DuBJ{J7~g&xhS@20_emwjiV{!Oj>?hdYZ;V*RX39tNa
zdfngBU!dKiTl-7I?L9311zLQ^tG}D-3oif9%%#&BHh7b0By((F(uNd|4;IQKnym3C
zj3-5#yXob%YTk6pye{yPIzp4{vtX<Ymhwds04aH6X9HQx3{s#;ffjG&O=5E;OYh2)
z8(J1|WJt&)4*ib4T$BXl%Q%mx0g&{qPkk_GWp>cPN%U=TV5qQ@O~WGZ1RHvk48(89
z&nujdYAh1Lu=rr8d9=c47!casI~iUU%Zp<7HX2z0@X*5nBfOY^IIT!Ap`p0??y9zN
z8azvHs_9$I8M2h#NUY&H(EKfcBb5i=gjvu*)3mZ9uVt!5fDA#O_y!kq?O8Ema_3gB
zO&rn@;_3ax^I_(mC}x1hDn@{H9Y$Vn-BFiSg{o~X-;Y(O?ieLEEZfa=h??5X!GT-T
zO@aK*BptyVncbeWNmR`_C)%a)HWL(Z$cw8_0$!D@iJUX+=Xwz|PKnDSScoCLUIdMA
hUws50+EIS{Y@hA3eZH~h{|^8F|Nr#)CO-hQ0sz*lx4!@Y

literal 0
HcmV?d00001

diff --git a/charts/neuvector-crd/102.0.4+up2.6.2/Chart.yaml b/charts/neuvector-crd/102.0.4+up2.6.2/Chart.yaml
new file mode 100644
index 0000000000..b1e659bf9a
--- /dev/null
+++ b/charts/neuvector-crd/102.0.4+up2.6.2/Chart.yaml
@@ -0,0 +1,16 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-neuvector-system
+  catalog.cattle.io/release-name: neuvector-crd
+apiVersion: v1
+appVersion: 5.2.1
+description: Helm chart for NeuVector's CRD services
+home: https://neuvector.com
+icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+maintainers:
+- email: support@neuvector.com
+  name: becitsthere
+name: neuvector-crd
+type: application
+version: 102.0.4+up2.6.2
diff --git a/charts/neuvector-crd/102.0.4+up2.6.2/README.md b/charts/neuvector-crd/102.0.4+up2.6.2/README.md
new file mode 100644
index 0000000000..a5379e6ba6
--- /dev/null
+++ b/charts/neuvector-crd/102.0.4+up2.6.2/README.md
@@ -0,0 +1,14 @@
+# NeuVector Helm Chart
+
+Helm chart for NeuVector container security's CRD services. NeuVector's CRD (Custom Resource Definition) capture and declare application security policies early in the pipeline, then defined policies can be deployed together with the container applications.
+
+Because the CRD policies can be deployed before NeuVector's core product, this separate helm chart is created. For the backward compatibility reason, crd.yaml is not removed in the 'core' chart. If you use this 'crd' chart, please set `crdwebhook.enabled` to false in the 'core' chart.
+ 
+## Configuration
+
+The following table lists the configurable parameters of the NeuVector chart and their default values.
+
+Parameter | Description | Default | Notes
+--------- | ----------- | ------- | -----
+`openshift` | If deploying in OpenShift, set this to true | `false` |
+`crdwebhook.type` | crd webhook type | `ClusterIP` |
diff --git a/charts/neuvector-crd/102.0.4+up2.6.2/templates/_helpers.tpl b/charts/neuvector-crd/102.0.4+up2.6.2/templates/_helpers.tpl
new file mode 100644
index 0000000000..c0cc49294e
--- /dev/null
+++ b/charts/neuvector-crd/102.0.4+up2.6.2/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/neuvector-crd/102.0.4+up2.6.2/templates/crd.yaml b/charts/neuvector-crd/102.0.4+up2.6.2/templates/crd.yaml
new file mode 100644
index 0000000000..60640ce8d9
--- /dev/null
+++ b/charts/neuvector-crd/102.0.4+up2.6.2/templates/crd.yaml
@@ -0,0 +1,845 @@
+{{- if .Values.crdwebhook.enabled -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvSecurityRule
+    listKind: NvSecurityRuleList
+    plural: nvsecurityrules
+    singular: nvsecurityrule
+  scope: Namespaced
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              egress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              file:
+                items:
+                  properties:
+                    app:
+                      items:
+                        type: string
+                      type: array
+                    behavior:
+                      enum:
+                      - monitor_change
+                      - block_access
+                      type: string
+                    filter:
+                      type: string
+                    recursive:
+                      type: boolean
+                  required:
+                  - behavior
+                  - filter
+                  type: object
+                type: array
+              ingress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              process:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    allow_update:
+                      type: boolean
+                    name:
+                      type: string
+                    path:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+              process_profile:
+                properties:
+                  baseline:
+                    enum:
+                    - default
+                    - shield
+                    - basic
+                    - zero-drift
+                    type: string
+                type: object
+              target:
+                properties:
+                  policymode:
+                    enum:
+                    - Discover
+                    - Monitor
+                    - Protect
+                    - N/A
+                    type: string
+                  selector:
+                    properties:
+                      comment:
+                        type: string
+                      criteria:
+                        items:
+                          properties:
+                            key:
+                              type: string
+                            op:
+                              type: string
+                            value:
+                              type: string
+                          required:
+                          - key
+                          - op
+                          - value
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      original_name:
+                        type: string
+                    required:
+                    - name
+                    type: object
+                required:
+                - selector
+                type: object
+              dlp:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+              waf:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+            required:
+            - target
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvclustersecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvClusterSecurityRule
+    listKind: NvClusterSecurityRuleList
+    plural: nvclustersecurityrules
+    singular: nvclustersecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              egress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              file:
+                items:
+                  properties:
+                    app:
+                      items:
+                        type: string
+                      type: array
+                    behavior:
+                      enum:
+                      - monitor_change
+                      - block_access
+                      type: string
+                    filter:
+                      type: string
+                    recursive:
+                      type: boolean
+                  required:
+                  - behavior
+                  - filter
+                  type: object
+                type: array
+              ingress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              process:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    allow_update:
+                      type: boolean
+                    name:
+                      type: string
+                    path:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+              process_profile:
+                properties:
+                  baseline:
+                    enum:
+                    - default
+                    - shield
+                    - basic
+                    - zero-drift
+                    type: string
+                type: object
+              target:
+                properties:
+                  policymode:
+                    enum:
+                    - Discover
+                    - Monitor
+                    - Protect
+                    - N/A
+                    type: string
+                  selector:
+                    properties:
+                      comment:
+                        type: string
+                      criteria:
+                        items:
+                          properties:
+                            key:
+                              type: string
+                            op:
+                              type: string
+                            value:
+                              type: string
+                          required:
+                          - key
+                          - op
+                          - value
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      original_name:
+                        type: string
+                    required:
+                    - name
+                    type: object
+                required:
+                - selector
+                type: object
+              dlp:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+              waf:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+            required:
+            - target
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvdlpsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvDlpSecurityRule
+    listKind: NvDlpSecurityRuleList
+    plural: nvdlpsecurityrules
+    singular: nvdlpsecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              sensor:
+                properties:
+                  comment:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        patterns:
+                          items:
+                            properties:
+                              context:
+                                enum:
+                                - url
+                                - header
+                                - body
+                                - packet
+                                type: string
+                              key:
+                                enum:
+                                - pattern
+                                type: string
+                              op:
+                                enum:
+                                - regex
+                                - '!regex'
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            - context
+                            type: object
+                          type: array
+                      required:
+                      - name
+                      - patterns
+                      type: object
+                    type: array
+                required:
+                - name
+                type: object
+            required:
+            - sensor
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvadmissioncontrolsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvAdmissionControlSecurityRule
+    listKind: NvAdmissionControlSecurityRuleList
+    plural: nvadmissioncontrolsecurityrules
+    singular: nvadmissioncontrolsecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              config:
+                properties:
+                  client_mode:
+                    enum:
+                    - service
+                    - url
+                    type: string
+                  enable:
+                    type: boolean
+                  mode:
+                    enum:
+                    - monitor
+                    - protect
+                    type: string
+                required:
+                - enable
+                - mode
+                - client_mode
+                type: object
+              rules:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    comment:
+                      type: string
+                    criteria:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          sub_criteria:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                op:
+                                  type: string
+                                value:
+                                  type: string
+                              required:
+                              - name
+                              - op
+                              - value
+                              type: object
+                            type: array
+                          template_kind:
+                            type: string
+                          type:
+                            type: string
+                          value:
+                            type: string
+                          value_type:
+                            type: string
+                        required:
+                        - name
+                        - op
+                        - value
+                        type: object
+                      type: array
+                    disabled:
+                      type: boolean
+                    id:
+                      type: integer
+                    rule_mode:
+                      enum:
+                      - ""
+                      - monitor
+                      - protect
+                      type: string
+                  required:
+                  - action
+                  - criteria
+                  type: object
+                type: array
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvwafsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvWafSecurityRule
+    listKind: NvWafSecurityRuleList
+    plural: nvwafsecurityrules
+    singular: nvwafsecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              sensor:
+                properties:
+                  comment:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        patterns:
+                          items:
+                            properties:
+                              context:
+                                enum:
+                                - url
+                                - header
+                                - body
+                                - packet
+                                type: string
+                              key:
+                                enum:
+                                - pattern
+                                type: string
+                              op:
+                                enum:
+                                - regex
+                                - '!regex'
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            - context
+                            type: object
+                          type: array
+                      required:
+                      - name
+                      - patterns
+                      type: object
+                    type: array
+                required:
+                - name
+                type: object
+            required:
+            - sensor
+            type: object
+        type: object
+{{- end }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-crd-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+    - port: 443
+      targetPort: 30443
+      protocol: TCP
+      name: crd-webhook
+  type: {{ .Values.crdwebhook.type }}
+  selector:
+    app: neuvector-controller-pod
+{{- end }}
diff --git a/charts/neuvector-crd/102.0.4+up2.6.2/values.yaml b/charts/neuvector-crd/102.0.4+up2.6.2/values.yaml
new file mode 100644
index 0000000000..e899decf01
--- /dev/null
+++ b/charts/neuvector-crd/102.0.4+up2.6.2/values.yaml
@@ -0,0 +1,9 @@
+# Default values for neuvector.
+# This is a YAML-formatted file.
+# Declare variables to be passed into the templates.
+
+openshift: false
+
+crdwebhook:
+  type: ClusterIP
+  enabled: true
diff --git a/charts/neuvector/102.0.4+up2.6.2/.helmignore b/charts/neuvector/102.0.4+up2.6.2/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/neuvector/102.0.4+up2.6.2/Chart.yaml b/charts/neuvector/102.0.4+up2.6.2/Chart.yaml
new file mode 100644
index 0000000000..aa0a98079a
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/Chart.yaml
@@ -0,0 +1,27 @@
+annotations:
+  catalog.cattle.io/auto-install: neuvector-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: NeuVector
+  catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.28.0-0'
+  catalog.cattle.io/namespace: cattle-neuvector-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permit-os: linux
+  catalog.cattle.io/provides-gvr: neuvector.com/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: neuvector
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/upstream-version: 2.6.2
+apiVersion: v1
+appVersion: 5.2.1
+description: Helm feature chart for NeuVector's core services
+home: https://neuvector.com
+icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+keywords:
+- security
+maintainers:
+- email: support@neuvector.com
+  name: becitsthere
+name: neuvector
+sources:
+- https://github.com/neuvector/neuvector
+version: 102.0.4+up2.6.2
diff --git a/charts/neuvector/102.0.4+up2.6.2/README.md b/charts/neuvector/102.0.4+up2.6.2/README.md
new file mode 100644
index 0000000000..495c359f16
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/README.md
@@ -0,0 +1,246 @@
+# NeuVector Helm Chart
+
+Helm chart for NeuVector container security's core services.
+
+## Choosing container runtime
+The NeuVector platform supports docker, cri-o and containerd as the container runtime. For a k3s/rke2, or bottlerocket cluster, they have their own runtime socket path. You should enable their runtime options, `k3s.enabled` and `bottlerocket.enabled`, respectively.
+
+## Configuration
+
+The following table lists the configurable parameters of the NeuVector chart and their default values.
+
+Parameter | Description | Default | Notes
+--------- | ----------- | ------- | -----
+`openshift` | If deploying in OpenShift, set this to true | `false` |
+`registry` | NeuVector container registry | `docker.io` |
+`tag` | image tag for controller enforcer manager | `latest` |
+`oem` | OEM release name | `nil` |
+`imagePullSecrets` | image pull secret | `nil` |
+`rbac` | NeuVector RBAC Manifests are installed when RBAC is enabled | `true` | Required for Rancher Authentication. |
+`psp` | NeuVector Pod Security Policy when psp policy is enabled | `false` |
+`serviceAccount` | Service account name for NeuVector components | `default` |
+`leastPrivilege` | Use least privileged service account | `false` |
+`global.cattle.url` | Set the Rancher Server URL | | Required for Rancher Authentication. `https://<Rancher_URL>/` |
+`controller.enabled` | If true, create controller | `true` |
+`controller.image.repository` | controller image repository | `neuvector/controller` |
+`controller.image.hash` | controller image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`controller.replicas` | controller replicas | `3` |
+`controller.schedulerName` | kubernetes scheduler name | `nil` |
+`controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
+`controller.tolerations` | List of node taints to tolerate | `nil` |
+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
+`controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`controller.podLabels` | Specify the pod labels. | `{}` |
+`controller.podAnnotations` | Specify the pod annotations. | `{}` |
+`controller.env` | User-defined environment variables for controller. | `[]` |
+`controller.ranchersso.enabled` | If true, enable single sign on for Rancher | `false` | Required for Rancher Authentication. |
+`controller.pvc.enabled` | If true, enable persistence for controller using PVC | `false` | Require persistent volume type RWX, and storage 1Gi
+`controller.pvc.accessModes` | Access modes for the created PVC. | `["ReadWriteMany"]` |
+`controller.pvc.existingClaim` | If `false`, a new PVC will be created. If a string is provided, an existing PVC with this name will be used. | `false` |
+`controller.pvc.storageClass` | Storage Class to be used | `default` |
+`controller.pvc.capacity` | Storage capacity | `1Gi` |
+`controller.azureFileShare.enabled` | If true, enable the usage of an existing or statically provisioned Azure File Share | `false` |
+`controller.azureFileShare.secretName` | The name of the secret containing the Azure file share storage account name and key | `nil` |
+`controller.azureFileShare.shareName` | The name of the Azure file share to use | `nil` |
+`controller.apisvc.type` | Controller REST API service type | `nil` |
+`controller.apisvc.annotations` | Add annotations to controller REST API service | `{}` |
+`controller.apisvc.route.enabled` | If true, create a OpenShift route to expose the Controller REST API service | `false` |
+`controller.apisvc.route.termination` | Specify TLS termination for OpenShift route for Controller REST API service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.apisvc.route.host` | Set controller REST API service hostname | `nil` |
+`controller.apisvc.route.tls.key` | Set controller REST API service PEM format key file | `nil` |
+`controller.apisvc.route.tls.certificate` | Set controller REST API service PEM format certificate file | `nil` |
+`controller.apisvc.route.tls.caCertificate` | Set controller REST API service CA certificate may be required to establish a certificate chain for validation | `nil` |
+`controller.apisvc.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate | `nil` |
+`controller.certificate.secret` | Replace controller REST API certificate using secret if secret name is specified | `nil` |
+`controller.certificate.keyFile` | Replace controller REST API certificate key file | `tls.key` |
+`controller.certificate.pemFile` | Replace controller REST API certificate pem file | `tls.pem` |
+`controller.federation.mastersvc.type` | Multi-cluster primary cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
+`controller.federation.mastersvc.annotations` | Add annotations to Multi-cluster primary cluster REST API service | `{}` |
+`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster primary cluster service | `false` |
+`controller.federation.mastersvc.route.host` | Set OpenShift route host for primary cluster service | `nil` |
+`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster primary cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.federation.mastersvc.route.tls.key` | Set PEM format key file for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.route.tls.certificate` | Set PEM format key certificate file for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.route.tls.destinationCACertificate` | Set CA certificate to validate the endpoint certificate for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.ingress.enabled` | If true, create ingress for federation master service, must also set ingress host value | `false` | enable this if ingress controller is installed
+`controller.federation.mastersvc.ingress.tls` | If true, TLS is enabled for controller federation master ingress service |`false` | If set, the tls-host used is the one set with `controller.federation.mastersvc.ingress.host`.
+`controller.federation.mastersvc.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
+`controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
+`controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
+`controller.federation.managedsvc.route.host` | Set OpenShift route host for manageed service | `nil` |
+`controller.federation.managedsvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster managed cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.federation.managedsvc.route.tls.key` | Set PEM format key file for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.route.tls.certificate` | Set PEM format certificate file for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.route.tls.destinationCACertificate` | Set CA certificate to validate the endpoint certificate for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.ingress.enabled` | If true, create ingress for federation managed service, must also set ingress host value | `false` | enable this if ingress controller is installed
+`controller.federation.managedsvc.ingress.tls` | If true, TLS is enabled for controller federation managed ingress service |`false` | If set, the tls-host used is the one set with `controller.federation.managedsvc.ingress.host`.
+`controller.federation.managedsvc.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
+`controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
+`controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`controller.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
+`controller.configmap.data` | NeuVector configuration in YAML format | `{}`
+`controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
+`controller.secret.data` | NeuVector configuration in key/value pair format | `{}`
+`enforcer.enabled` | If true, create enforcer | `true` |
+`enforcer.image.repository` | enforcer image repository | `neuvector/enforcer` |
+`enforcer.image.hash` | enforcer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`enforcer.updateStrategy.type` | enforcer update strategy type. | `RollingUpdate` |
+`enforcer.priorityClassName` | enforcer priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`enforcer.podLabels` | Specify the pod labels. | `{}` |
+`enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
+`enforcer.env` | User-defined environment variables for enforcers. | `[]` |
+`enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`manager.enabled` | If true, create manager | `true` |
+`manager.image.repository` | manager image repository | `neuvector/manager` |
+`manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`manager.priorityClassName` | manager priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`manager.podLabels` | Specify the pod labels. | `{}` |
+`manager.podAnnotations` | Specify the pod annotations. | `{}` |
+`manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` |
+`manager.env.envs` | Other environment variables. The following variables are accepted. | `[]` |
+`        CUSTOM_LOGIN_LOGO`               | SVG file encoded in based64, the logo is displayed as a 300 x 80 pixels icon. | 
+`        CUSTOM_EULA_POLICY`              | HTML or TEXT encoded in base64. | 
+`        CUSTOM_PAGE_HEADER_CONTENT`      | max. 120 characters, base64 encoded. | 
+`        CUSTOM_PAGE_HEADER_COLOR`        | use color name (yellow) or value (#ffff00) | 
+`        CUSTOM_PAGE_FOOTER_CONTENT`      | max. 120 characters, base64 encoded. | 
+`        CUSTOM_PAGE_FOOTER_COLOR`        | use color name (yellow) or value (#ffff00) | 
+`manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
+`manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
+`manager.route.host` | Set OpenShift route host for management console service | `nil` |
+`manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
+`manager.route.tls.key` | Set PEM format key file for OpenShift route for management console service | `nil` |
+`manager.route.tls.certificate` | Set PEM format certificate file for OpenShift route for management console service | `nil` |
+`manager.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for management console service | `nil` |
+`manager.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate for OpenShift route for management console service | `nil` |
+`manager.certificate.secret` | Replace manager UI certificate using secret if secret name is specified | `nil` |
+`manager.certificate.keyFile` | Replace manager UI certificate key file | `tls.key` |
+`manager.certificate.pemFile` | Replace manager UI certificate pem file | `tls.pem` |
+`manager.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed
+`manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
+`manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`manager.affinity` | manager affinity rules  | `{}` |
+`manager.tolerations` | List of node taints to tolerate | `nil` |
+`manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`manager.runAsUser` | Specify the run as User ID | `nil` |
+`cve.adapter.enabled` | If true, create registry adapter | `true` |
+`cve.adapter.image.repository` | registry adapter image repository | `neuvector/registry-adapter` |
+`cve.adapter.image.tag` | registry adapter image tag | |
+`cve.adapter.image.hash` | registry adapter image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`cve.adapter.priorityClassName` | registry adapter priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`cve.adapter.podLabels` | Specify the pod labels. | `{}` |
+`cve.adapter.podAnnotations` | Specify the pod annotations. | `{}` |
+`cve.adapter.env` | User-defined environment variables for adapter. | `[]` |
+`cve.adapter.svc.type` | set registry adapter service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
+`cve.adapter.svc.loadBalancerIP` | if registry adapter service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
+`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`cve.adapter.harbor.protocol` | Harbor registry request protocol [http|https] | `https` |
+`cve.adapter.harbor.secretName` | Harbor registry adapter's basic authentication secret | |
+`cve.adapter.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
+`cve.adapter.route.host` | Set OpenShift route host for management console service | `nil` |
+`cve.adapter.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
+`cve.adapter.route.tls.key` | Set PEM format key file for OpenShift route for management console service | `nil` |
+`cve.adapter.route.tls.certificate` | Set PEM format certificate file for OpenShift route for management console service | `nil` |
+`cve.adapter.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for management console service | `nil` |
+`cve.adapter.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate for OpenShift route for management console service | `nil` |
+`cve.adapter.certificate.secret` | Replace registry adapter certificate using secret if secret name is specified | `nil` |
+`cve.adapter.certificate.keyFile` | Replace registry adapter certificate key file | `tls.key` |
+`cve.adapter.certificate.pemFile` | Replace registry adapter certificate pem file | `tls.pem` |
+`cve.adapter.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed
+`cve.adapter.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`cve.adapter.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`cve.adapter.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
+`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`cve.adapter.ingress.tls` | If true, TLS is enabled for registry adapter ingress service |`false` | If set, the tls-host used is the one set with `cve.adapter.ingress.host`.
+`cve.adapter.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`cve.adapter.affinity` | registry adapter affinity rules  | `{}` |
+`cve.adapter.tolerations` | List of node taints to tolerate | `nil` |
+`cve.adapter.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`cve.adapter.runAsUser` | Specify the run as User ID | `nil` |
+`cve.updater.enabled` | If true, create cve updater | `true` |
+`cve.updater.secure` | If ture, API server's certificate is validated  | `false` |
+`cve.updater.image.registry` | cve updater image registry to overwrite global registry | |
+`cve.updater.image.repository` | cve updater image repository | `neuvector/updater` |
+`cve.updater.image.tag` | image tag for cve updater | `latest` |
+`cve.updater.image.hash` | cve updateer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`cve.updater.priorityClassName` | cve updater priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`cve.updater.podLabels` | Specify the pod labels. | `{}` |
+`cve.updater.podAnnotations` | Specify the pod annotations. | `{}` |
+`cve.updater.schedule` | cronjob cve updater schedule | `0 0 * * *` |
+`cve.updater.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`cve.updater.runAsUser` | Specify the run as User ID | `nil` |
+`cve.scanner.enabled` | If true, cve scanners will be deployed | `true` |
+`cve.scanner.image.registry` | cve scanner image registry to overwrite global registry | |
+`cve.scanner.image.repository` | cve scanner image repository | `neuvector/scanner` |
+`cve.scanner.image.tag` | cve scanner image tag | `latest` |
+`cve.scanner.image.hash` | cve scanner image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`cve.scanner.priorityClassName` | cve scanner priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`cve.scanner.podLabels` | Specify the pod labels. | `{}` |
+`cve.scanner.podAnnotations` | Specify the pod annotations. | `{}` |
+`cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
+`cve.scanner.replicas` | external scanner replicas | `3` |
+`cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml) |
+`cve.scanner.affinity` | scanner affinity rules  | `{}` |
+`cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
+`cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`cve.scanner.runAsUser` | Specify the run as User ID | `nil` |
+`docker.path` | docker path | `/var/run/docker.sock` |
+`containerd.enabled` | Set to true, if the container runtime is containerd | `false` | **Note**: For k3s and rke clusters, set k3s.enabled to true instead
+`containerd.path` | If containerd is enabled, this local containerd socket path will be used | `/var/run/containerd/containerd.sock` |
+`crio.enabled` | Set to true, if the container runtime is cri-o | `false` |
+`crio.path` | If cri-o is enabled, this local cri-o socket path will be used | `/var/run/crio/crio.sock` |
+`k3s.enabled` | Set to true for k3s or rke2 | `false` |
+`k3s.runtimePath` | If k3s is enabled, this local containerd socket path will be used | `/run/k3s/containerd/containerd.sock` |
+`bottlerocket.enabled` | Set to true if using AWS bottlerocket | `false` |
+`bottlerocket.runtimePath` | If bottlerocket is enabled, this local containerd socket path will be used | `/run/dockershim.sock` |
+`admissionwebhook.type` | admission webhook type | `ClusterIP` |
+`crdwebhook.enabled` | Enable crd service and create crd related resources | `true` |
+`crdwebhook.type` | crd webhook type | `ClusterIP` |
+`awsbilling.enabled` | If true, install AWS billing csp adapter | `false` | **Note**: default admin user is disabled when awsbilling enabled, use configmap to create admin-role user to manage NeuVector deployment.
+`awsbilling.accountNumber` | AWS Account Number | `nil` | Follow AWS subscription instruction
+`awsbilling.roleName` | AWS Role name for billing | `nil` | Follow AWS subscription instruction
+`awsbilling.serviceAccount` | Service account name for csp adapter | `csp` | Follow AWS subscription instruction
+`awsbilling.annotations` | Annotaion for csp adapter  | `nil` | Follow AWS subscription instruction
+`awsbilling.imagePullSecrets` | Pull secret for csp adapter image | `nil` | Follow AWS subscription instruction
+`awsbilling.image.repository` | csp adapter image repository | `neuvector/neuvector-csp-adapter` | Follow AWS subscription instruction
+`awsbilling.image.tag` | csp adapter image tag | `1.0.0` | Follow AWS subscription instruction
+`awsbilling.image.imagePullPolicy` | csp adapter image pull policy | `IfNotPresent` | Follow AWS subscription instruction
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install my-release --namespace neuvector ./neuvector-helm/ --set manager.env.ssl=off
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install my-release --namespace neuvector ./neuvector-helm/ -f values.yaml
+```
diff --git a/charts/neuvector/102.0.4+up2.6.2/app-readme.md b/charts/neuvector/102.0.4+up2.6.2/app-readme.md
new file mode 100644
index 0000000000..a3e31c5e11
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/app-readme.md
@@ -0,0 +1,35 @@
+### Run-Time Protection Without Compromise
+
+NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform.
+
+NeuVector integrates tightly with Rancher and Kubernetes to extend the built-in security features for applications that require defense in depth. Security features include:
+
++ Build phase vulnerability scanning with Jenkins plug-in and registry scanning
++ Admission control to prevent vulnerable or unauthorized image deployments using Kubernetes admission control webhooks
++ Complete run-time scanning with network, process, and file system monitoring and protection
++ The industry's only layer 7 container firewall for multi-protocol threat detection and automated segmentation
++ Advanced network controls including DLP detection, service mesh integration, connection blocking and packet captures
++ Run-time vulnerability scanning and CIS benchmarks
+
+Additional Notes:
++ Previous deployments from Rancher, such as from our Partners chart repository or the primary NeuVector Helm chart, must be completely removed in order to update to the new integrated feature chart. See https://github.com/rancher/rancher/issues/37447.
++ Configure correct container runtime and runtime path under container runtime. Enable only one runtime.
++ For deploying on hardened RKE2 and K3s clusters, enable PSP and set user id from other configuration for Manager, Scanner and Updater deployments. User id can be any number other than 0.
++ For deploying on hardened RKE cluster, enable PSP from security settings.
+
+## Upgrading to Kubernetes v1.25+
+
+Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API.
+
+As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`.
+ **Note:**
+ In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`.
+
+ **Note:**
+ If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).**
+
+ If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets.
+
+Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart.
+
+As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.
diff --git a/charts/neuvector/102.0.4+up2.6.2/crds/_helpers.tpl b/charts/neuvector/102.0.4+up2.6.2/crds/_helpers.tpl
new file mode 100644
index 0000000000..c0cc49294e
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/crds/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/neuvector/102.0.4+up2.6.2/questions.yaml b/charts/neuvector/102.0.4+up2.6.2/questions.yaml
new file mode 100644
index 0000000000..ab478103ff
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/questions.yaml
@@ -0,0 +1,336 @@
+questions:
+#image configurations
+- variable: controller.image.repository
+  default: "neuvector/controller"
+  description: controller image repository
+  type: string
+  label: Controller Image Path
+  group: "Container Images"
+- variable: controller.image.tag
+  default: ""
+  description: image tag for controller
+  type: string
+  label: Controller Image Tag
+  group: "Container Images"
+- variable: manager.image.repository
+  default: "neuvector/manager"
+  description: manager image repository
+  type: string
+  label: Manager Image Path
+  group: "Container Images"
+- variable:  manager.image.tag
+  default: ""
+  description: image tag for  manager
+  type: string
+  label: Manager Image Tag
+  group: "Container Images"
+- variable: enforcer.image.repository
+  default: "neuvector/enforcer"
+  description: enforcer image repository
+  type: string
+  label: Enforcer Image Path
+  group: "Container Images"
+- variable: enforcer.image.tag
+  default: ""
+  description: image tag for enforcer
+  type: string
+  label: Enforcer Image Tag
+  group: "Container Images"
+- variable: cve.scanner.image.repository
+  default: "neuvector/scanner"
+  description: scanner image repository
+  type: string
+  label: Scanner Image Path
+  group: "Container Images"
+- variable: cve.scanner.image.tag
+  default: ""
+  description: image tag for scanner
+  type: string
+  label: Scanner Image Tag
+  group: "Container Images"
+- variable: cve.updater.image.repository
+  default: "neuvector/updater"
+  description: cve updater image repository
+  type: string
+  label: CVE Updater Image Path
+  group: "Container Images"
+- variable: cve.updater.image.tag
+  default: ""
+  description: image tag for updater
+  type: string
+  label: Updater Image Tag
+  group: "Container Images"
+#Container Runtime configurations
+- variable: docker.enabled
+  default: true
+  description:  Docker runtime. Enable only one runtime
+  type: boolean
+  label: Docker Runtime
+  show_subquestion_if: true
+  group: "Container Runtime"
+  subquestions:
+  - variable: docker.path
+    default: "/var/run/docker.sock"
+    description: "Docker Runtime Path"
+    type: string
+    label: Runtime Path
+- variable: containerd.enabled
+  default: "false"
+  description: Containerd runtime. Enable only one runtime
+  type: boolean
+  label: Containerd Runtime
+  show_subquestion_if: true
+  group: "Container Runtime"
+  subquestions:
+  - variable: containerd.path
+    default: " /var/run/containerd/containerd.sock"
+    description: "Containerd Runtime Path"
+    type: string
+    label: Runtime Path
+- variable: crio.enabled
+  default: "false"
+  description: CRI-O runtime. Enable only one runtime
+  type: boolean
+  label: CRI-O Runtime
+  show_subquestion_if: true
+  group: "Container Runtime"
+  subquestions:
+  - variable: crio.path
+    default: "/var/run/crio/crio.sock"
+    description: "CRI-O Runtime Path"
+    type: string
+    label: Runtime Path
+- variable: k3s.enabled
+  default: "false"
+  description: k3s containerd runtime. Enable only one runtime. Choose this option for RKE2 and K3S based clusters
+  type: boolean
+  label: k3s Containerd Runtime
+  show_subquestion_if: true
+  group: "Container Runtime"
+  subquestions:
+  - variable: k3s.runtimePath
+    default: " /run/k3s/containerd/containerd.sock"
+    description: "k3s Containerd Runtime Path"
+    type: string
+    label: Runtime Path
+#storage configurations
+- variable: controller.pvc.enabled
+  default: false
+  description: If true, enable persistence for controller using PVC. PVC should support ReadWriteMany(RWX)
+  type: boolean
+  label: PVC Status
+  group: "PVC Configuration"
+- variable: controller.pvc.storageClass
+  default: ""
+  description: Storage Class to be used
+  type: string
+  label: Storage Class Name
+  group: "PVC Configuration"
+#ingress configurations
+- variable: manager.ingress.enabled
+  default: false
+  description: If true, create ingress, must also set ingress host value
+  type: boolean
+  label: Manager Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: manager.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Manager Ingress Host
+    group: "Ingress Configuration"
+  - variable: manager.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Manager Ingress Path
+    group: "Ingress Configuration"
+  - variable: manager.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Manager Ingress Annotations
+    group: "Ingress Configuration"
+- variable: controller.ingress.enabled
+  default: false
+  description: If true, create ingress for rest api, must also set ingress host value
+  type: boolean
+  label: Controller Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: controller.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Controller Ingress Host
+    group: "Ingress Configuration"
+  - variable: controller.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Controller Ingress Path
+    group: "Ingress Configuration"
+  - variable: controller.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Controller Ingress Annotations
+    group: "Ingress Configuration"
+- variable: controller.federation.mastersvc.ingress.enabled
+  default: false
+  description: If true, create ingress for rest api, must also set ingress host value
+  type: boolean
+  label: Controller Federation Master Service Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: controller.federation.mastersvc.ingress.tls
+    default: false
+    description: If true, TLS is enabled for controller federation master ingress service
+    type: boolean
+    label: Controller Federation Master Service Ingress TLS Status
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Controller Federation Master Service Ingress Host
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Controller Federation Master Service Ingress Path
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.ingressClassName
+    default: ""
+    description: To be used instead of the ingress.class annotation if an IngressClass is provisioned
+    type: string
+    label: Controller Federation Master Service Ingress IngressClassName
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.secretName
+    default: ""
+    description: Name of the secret to be used for TLS-encryption
+    type: string
+    label: Controller Federation Master Service Ingress SecretName
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Controller Federation Master Service Ingress Annotations
+    group: "Ingress Configuration"
+- variable: controller.federation.managedsvc.ingress.enabled
+  default: false
+  description: If true, create ingress for rest api, must also set ingress host value
+  type: boolean
+  label: Controller Federation Managed Service Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: controller.federation.managedsvc.ingress.tls
+    default: false
+    description: If true, TLS is enabled for controller federation managed ingress service
+    type: boolean
+    label: Controller Federation Managed Service Ingress TLS Status
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Controller Federation Managed Service Ingress Host
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Controller Federation Managed Service Ingress Path
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.ingressClassName
+    default: ""
+    description: To be used instead of the ingress.class annotation if an IngressClass is provisioned
+    type: string
+    label: Controller Federation Managed Service Ingress IngressClassName
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.secretName
+    default: ""
+    description: Name of the secret to be used for TLS-encryption
+    type: string
+    label: Controller Federation Managed Service Ingress SecretName
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Controller Federation Managed Service Ingress Annotations
+    group: "Ingress Configuration"
+#service configurations
+- variable: manager.svc.type
+  default: "NodePort"
+  description: Set manager service type for native Kubernetes
+  type: enum
+  label: Manager Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+- variable: controller.federation.mastersvc.type
+  default: ""
+  description: Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP
+  type: enum
+  label: Fed Master Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+- variable: controller.federation.managedsvc.type
+  default: ""
+  description: Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and ClusterIP
+  type: enum
+  label: Fed Managed Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+- variable: controller.apisvc.type
+  default: "NodePort"
+  description: Controller REST API service type
+  type: enum
+  label: Controller REST API Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+#Security Settings
+- variable: global.cattle.psp.enabled
+  default: "false"
+  description: "Flag to enable or disable the installation of PodSecurityPolicies by this chart in the target cluster. If the cluster is running Kubernetes 1.25+, you must update this value to false."
+  label: "Enable PodSecurityPolicies"
+  default: "false"
+  type: boolean
+  group: "Security Settings"
+- variable: manager.runAsUser
+  default: ""
+  description: Specify the run as User ID
+  type: int
+  label: Manager runAsUser ID
+  group: "Security Settings"
+- variable: cve.scanner.runAsUser
+  default: ""
+  description: Specify the run as User ID
+  type: int
+  label: Scanner runAsUser ID
+  group: "Security Settings"
+- variable: cve.updater.runAsUser
+  default: ""
+  description: Specify the run as User ID
+  type: int
+  label: Updater runAsUser ID
+  group: "Security Settings"
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/NOTES.txt b/charts/neuvector/102.0.4+up2.6.2/templates/NOTES.txt
new file mode 100644
index 0000000000..e79b2cc216
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/NOTES.txt
@@ -0,0 +1,20 @@
+{{- if and .Values.manager.enabled .Values.manager.ingress.enabled }}
+From outside the cluster, the NeuVector URL is:
+http://{{ .Values.manager.ingress.host }}
+{{- else if not .Values.openshift }}
+Get the NeuVector URL by running these commands:
+{{- if contains "NodePort" .Values.manager.svc.type }}
+  NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services neuvector-service-webui)
+  NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo https://$NODE_IP:$NODE_PORT
+{{- else if contains "ClusterIP" .Values.manager.svc.type }}
+  CLUSTER_IP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.clusterIP}" services neuvector-service-webui)
+  echo https://$CLUSTER_IP:8443
+{{- else if contains "LoadBalancer" .Values.manager.svc.type }}
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w neuvector-service-webui'
+
+  SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} neuvector-service-webui -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
+  echo https://$SERVICE_IP:8443
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/_helpers.tpl b/charts/neuvector/102.0.4+up2.6.2/templates/_helpers.tpl
new file mode 100644
index 0000000000..5d21a18241
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/_helpers.tpl
@@ -0,0 +1,40 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/admission-webhook-service.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/admission-webhook-service.yaml
new file mode 100644
index 0000000000..8a0a76aaac
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/admission-webhook-service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-admission-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ports:
+    - port: 443
+      targetPort: 20443
+      protocol: TCP
+      name: admission-webhook
+  type: {{ .Values.admissionwebhook.type }}
+  selector:
+    app: neuvector-controller-pod
\ No newline at end of file
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/cert-manager-secret.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/cert-manager-secret.yaml
new file mode 100644
index 0000000000..3692886b4c
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/cert-manager-secret.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.internal.certmanager.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ .Values.internal.certmanager.secretname }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.internal.certmanager.secretname }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  duration: 17520h # 2 years
+  subject:
+    organizations:
+      - NeuVector
+  isCA: true
+  commonName: neuvector.internal
+  dnsNames:
+  - neuvector.internal
+  - NeuVector
+  secretName: {{ .Values.internal.certmanager.secretname }}
+  usages:
+  - digital signature
+  - key encipherment
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: {{ .Values.internal.certmanager.secretname }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/clusterrole.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/clusterrole.yaml
new file mode 100644
index 0000000000..cce7a8254b
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/clusterrole.yaml
@@ -0,0 +1,121 @@
+{{- if .Values.rbac -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-app
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - pods
+  - services
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-rbac
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+{{- if .Values.openshift }}
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  verbs:
+  - get
+  - list
+  - watch
+{{- end }}
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  - clusterrolebindings
+  - clusterroles
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-admission
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-co
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusteroperators
+  verbs:
+  - get
+  - list
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding-least.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding-least.yaml
new file mode 100644
index 0000000000..915c99b971
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding-least.yaml
@@ -0,0 +1,150 @@
+{{- if and .Values.rbac .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-app
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-app
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-rbac
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-rbac
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-admission
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-admission
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-view
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: view
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-co
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: neuvector-binding-co
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..598151b0a1
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/clusterrolebinding.yaml
@@ -0,0 +1,147 @@
+{{- if and .Values.rbac (not .Values.leastPrivilege) -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-app
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-app
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-rbac
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-rbac
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-admission
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-admission
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-view
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: view
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-co
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: neuvector-binding-co
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/controller-deployment.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/controller-deployment.yaml
new file mode 100644
index 0000000000..16ed53fc8a
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/controller-deployment.yaml
@@ -0,0 +1,240 @@
+{{- if .Values.controller.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-controller-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.controller.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  minReadySeconds: 60
+  strategy:
+{{ toYaml .Values.controller.strategy | indent 4 }}
+  selector:
+    matchLabels:
+      app: neuvector-controller-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-controller-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.controller.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- if or .Values.controller.secret.enabled .Values.controller.configmap.enabled .Values.controller.podAnnotations }}
+      annotations:
+        {{- if .Values.controller.secret.enabled }}
+        checksum/init-secret: {{ include (print $.Template.BasePath "/init-secret.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.controller.configmap.enabled }}
+        checksum/init-configmap: {{ include (print $.Template.BasePath "/init-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.controller.podAnnotations }}
+        {{- toYaml .Values.controller.podAnnotations | nindent 8 }}
+        {{- end }}
+      {{- end }}
+    spec:
+      {{- if .Values.controller.affinity }}
+      affinity:
+{{ toYaml .Values.controller.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml .Values.controller.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.controller.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.schedulerName }}
+      schedulerName: {{ .Values.controller.schedulerName }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: controller
+      serviceAccount: controller
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      containers:
+        - name: neuvector-controller-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+          securityContext:
+            privileged: true
+          resources:
+          {{- if .Values.controller.resources }}
+{{ toYaml .Values.controller.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+          readinessProbe:
+            exec:
+              command:
+                - cat
+                - /tmp/ready
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            - name: CLUSTER_ADVERTISED_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: CLUSTER_BIND_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          {{- if .Values.controller.ranchersso.enabled }}
+            - name: RANCHER_SSO
+              value: "1"
+            - name: RANCHER_EP
+              value: "{{ .Values.global.cattle.url }}"
+          {{- end }}
+          {{- if or .Values.controller.pvc.enabled .Values.controller.azureFileShare.enabled }}
+            - name: CTRL_PERSIST_CONFIG
+              value: "1"
+          {{- end }}
+          {{- with .Values.controller.env }}
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /var/neuvector
+              name: nv-share
+              readOnly: false
+          {{- if .Values.containerd.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.k3s.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.bottlerocket.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.crio.enabled }}
+            - mountPath: /var/run/crio/crio.sock
+          {{- else }}
+            - mountPath: /var/run/docker.sock
+          {{- end }}
+              name: runtime-sock
+              readOnly: true
+            - mountPath: /host/proc
+              name: proc-vol
+              readOnly: true
+            - mountPath: /host/cgroup
+              name: cgroup-vol
+              readOnly: true
+            - mountPath: /etc/config
+              name: config-volume
+              readOnly: true
+          {{- if .Values.controller.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: {{ .Values.controller.certificate.keyFile }}
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: {{ .Values.controller.certificate.pemFile }}
+              name: cert
+              readOnly: true
+          {{- end }}
+          {{- if .Values.internal.certmanager.enabled }}
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.controller.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.controller.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.controller.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- end }}
+      terminationGracePeriodSeconds: 300
+      restartPolicy: Always
+      volumes:
+        - name: nv-share
+        {{- if .Values.controller.pvc.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.controller.pvc.existingClaim | default "neuvector-data" }}
+        {{- else if .Values.controller.azureFileShare.enabled }}
+          azureFile:
+            secretName: {{ .Values.controller.azureFileShare.secretName }}
+            shareName: {{ .Values.controller.azureFileShare.shareName }}
+            readOnly: false
+        {{- else }}
+          hostPath:
+            path: /var/neuvector
+        {{- end }}
+        - name: runtime-sock
+          hostPath:
+          {{- if .Values.containerd.enabled }}
+            path: {{ .Values.containerd.path }}
+          {{- else if .Values.crio.enabled }}
+            path: {{ .Values.crio.path }}
+          {{- else if .Values.k3s.enabled }}
+            path: {{ .Values.k3s.runtimePath }}
+          {{- else if .Values.bottlerocket.enabled }}
+            path: {{ .Values.bottlerocket.runtimePath }}
+          {{- else }}
+            path: {{ .Values.docker.path }}
+          {{- end }}
+        - name: proc-vol
+          hostPath:
+            path: /proc
+        - name: cgroup-vol
+          hostPath:
+            path: /sys/fs/cgroup
+        - name: config-volume
+          projected:
+            sources:
+              - configMap:
+                  name: neuvector-init
+                  optional: true
+              - secret:
+                  name: neuvector-init
+                  optional: true
+      {{- if .Values.controller.certificate.secret }}
+        - name: cert
+          secret:
+            secretName: {{ .Values.controller.certificate.secret }}
+      {{- end }}
+      {{- if .Values.internal.certmanager.enabled }}
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.controller.internal.certificate.secret }}
+      {{- end }}
+{{- if gt (int .Values.controller.disruptionbudget) 0 }}
+---
+{{- if (semverCompare ">=1.21-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: policy/v1
+{{- else }}
+apiVersion: policy/v1beta1
+{{- end }}
+kind: PodDisruptionBudget
+metadata:
+  name: neuvector-controller-pdb
+  namespace: {{ .Release.Namespace }}
+spec:
+  minAvailable: {{ .Values.controller.disruptionbudget }}
+  selector:
+    matchLabels:
+      app: neuvector-controller-pod
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/controller-ingress.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/controller-ingress.yaml
new file mode 100644
index 0000000000..b36fbbdc09
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/controller-ingress.yaml
@@ -0,0 +1,219 @@
+{{- if .Values.controller.enabled }}
+{{- if .Values.controller.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-restapi-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.controller.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.controller.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.ingress.host }}
+{{- if .Values.controller.ingress.secretName }}
+    secretName: {{ .Values.controller.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-svc-controller-api
+            port:
+              number: 10443
+{{- else }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-restapi-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.ingress.host }}
+{{- if .Values.controller.ingress.secretName }}
+    secretName: {{ .Values.controller.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.ingress.path }}
+        backend:
+          serviceName: neuvector-svc-controller-api
+          servicePort: 10443
+{{- end }}
+{{- end }}
+{{- if .Values.controller.federation.mastersvc.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-mastersvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.mastersvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.federation.mastersvc.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.controller.federation.mastersvc.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.controller.federation.mastersvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.mastersvc.ingress.host }}
+{{- if .Values.controller.federation.mastersvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.mastersvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.mastersvc.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-svc-controller-fed-master
+            port:
+              number: 11443
+{{- else }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-mastersvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.mastersvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.federation.mastersvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.mastersvc.ingress.host }}
+{{- if .Values.controller.federation.mastersvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.mastersvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.mastersvc.ingress.path }}
+        backend:
+          serviceName: neuvector-svc-controller-fed-master
+          servicePort: 11443
+{{- end }}
+{{- end }}
+{{- if .Values.controller.federation.managedsvc.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-managedsvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.managedsvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.federation.managedsvc.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.controller.federation.managedsvc.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.controller.federation.managedsvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.managedsvc.ingress.host }}
+{{- if .Values.controller.federation.managedsvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.managedsvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.managedsvc.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-svc-controller-fed-managed
+            port:
+              number: 10443
+{{- else }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-managedsvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.managedsvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.federation.managedsvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.managedsvc.ingress.host }}
+{{- if .Values.controller.federation.managedsvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.managedsvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.managedsvc.ingress.path }}
+        backend:
+          serviceName: neuvector-svc-controller-fed-managed
+          servicePort: 10443
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/controller-route.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/controller-route.yaml
new file mode 100644
index 0000000000..686a77ec48
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/controller-route.yaml
@@ -0,0 +1,98 @@
+{{- if .Values.openshift -}}
+{{- if .Values.controller.apisvc.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.apisvc.route.host }}
+  host: {{ .Values.controller.apisvc.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-svc-controller-api
+  port:
+    targetPort: controller-api
+  tls:
+    termination: {{ .Values.controller.apisvc.route.termination }}
+{{- if or (eq .Values.controller.apisvc.route.termination "reencrypt") (eq .Values.controller.apisvc.route.termination "edge") }}
+{{- with .Values.controller.apisvc.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+
+---
+{{ end -}}
+{{- if .Values.controller.federation.mastersvc.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-fed-master
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.federation.mastersvc.route.host }}
+  host: {{ .Values.controller.federation.mastersvc.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-svc-controller-fed-master
+  port:
+    targetPort: fed
+  tls:
+    termination: {{ .Values.controller.federation.mastersvc.route.termination }}
+{{- if or (eq .Values.controller.federation.mastersvc.route.termination "reencrypt") (eq .Values.controller.federation.mastersvc.route.termination "edge") }}
+{{- with .Values.controller.federation.mastersvc.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+---
+{{ end -}}
+{{- if .Values.controller.federation.managedsvc.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-fed-managed
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.controller.federation.managedsvc.route.host }}
+  host: {{ .Values.controller.federation.managedsvc.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-svc-controller-fed-managed
+  port:
+    targetPort: fed
+  tls:
+    termination: {{ .Values.controller.federation.managedsvc.route.termination }}
+{{- if or (eq .Values.controller.federation.managedsvc.route.termination "reencrypt") (eq .Values.controller.federation.managedsvc.route.termination "edge") }}
+{{- with .Values.controller.federation.managedsvc.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+{{ end -}}
+{{- end -}}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/controller-service.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/controller-service.yaml
new file mode 100644
index 0000000000..d4040a78af
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/controller-service.yaml
@@ -0,0 +1,97 @@
+{{- if .Values.controller.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  clusterIP: None
+  ports:
+    - port: 18300
+      protocol: "TCP"
+      name: "cluster-tcp-18300"
+    - port: 18301
+      protocol: "TCP"
+      name: "cluster-tcp-18301"
+    - port: 18301
+      protocol: "UDP"
+      name: "cluster-udp-18301"
+  selector:
+    app: neuvector-controller-pod
+{{- if .Values.controller.apisvc.type }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller-api
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.apisvc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.controller.apisvc.type }}
+  ports:
+    - port: 10443
+      protocol: "TCP"
+      name: "controller-api"
+  selector:
+    app: neuvector-controller-pod
+{{ end -}}
+{{- if .Values.controller.federation.mastersvc.type }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller-fed-master
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.mastersvc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.controller.federation.mastersvc.type }}
+  ports:
+  - port: 11443
+    name: fed
+    protocol: TCP
+  selector:
+    app: neuvector-controller-pod
+{{ end -}}
+{{- if .Values.controller.federation.managedsvc.type }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller-fed-managed
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.managedsvc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.controller.federation.managedsvc.type }}
+  ports:
+  - port: 10443
+    name: fed
+    protocol: TCP
+  selector:
+    app: neuvector-controller-pod
+{{ end -}}
+{{- end -}}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/crd-role-least.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/crd-role-least.yaml
new file mode 100644
index 0000000000..01e44acf4e
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/crd-role-least.yaml
@@ -0,0 +1,295 @@
+{{- if .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+# ClusterRole for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - update
+  - watch
+  - create
+  - get
+
+---
+
+# ClusterRoleBinding for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-customresourcedefinition
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvsecurityrules
+  - nvclustersecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage dlp CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvdlpsecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRole for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvadmissioncontrolsecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvdlpsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvwafsecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvwafsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/crd-role.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/crd-role.yaml
new file mode 100644
index 0000000000..76e8e3e14d
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/crd-role.yaml
@@ -0,0 +1,295 @@
+{{- if not .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+# ClusterRole for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - update
+  - watch
+  - create
+  - get
+
+---
+
+# ClusterRoleBinding for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-customresourcedefinition
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvsecurityrules
+  - nvclustersecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage dlp CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvdlpsecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRole for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvadmissioncontrolsecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvdlpsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvwafsecurityrules
+  verbs:
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvwafsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/enforcer-daemonset.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/enforcer-daemonset.yaml
new file mode 100644
index 0000000000..b5fb22ab7e
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/enforcer-daemonset.yaml
@@ -0,0 +1,144 @@
+{{- if .Values.enforcer.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: DaemonSet
+metadata:
+  name: neuvector-enforcer-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  updateStrategy: {{- toYaml .Values.enforcer.updateStrategy | nindent 4 }}
+  selector:
+    matchLabels:
+      app: neuvector-enforcer-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-enforcer-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.enforcer.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.enforcer.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+    {{- end }}
+    {{- if .Values.enforcer.tolerations }}
+      tolerations:
+{{ toYaml .Values.enforcer.tolerations | indent 8 }}
+    {{- end }}
+      hostPID: true
+    {{- if .Values.enforcer.priorityClassName }}
+      priorityClassName: {{ .Values.enforcer.priorityClassName }}
+    {{- end }}
+    {{- if .Values.leastPrivilege }}
+      serviceAccountName: enforcer
+      serviceAccount: enforcer
+    {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+    {{- end }}
+      containers:
+        - name: neuvector-enforcer-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.enforcer.image.repository }}:{{ .Values.enforcer.image.tag }}
+          securityContext:
+            privileged: true
+          resources:
+          {{- if .Values.enforcer.resources }}
+{{ toYaml .Values.enforcer.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            - name: CLUSTER_ADVERTISED_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: CLUSTER_BIND_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          {{- with .Values.enforcer.env }}
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+          {{- if .Values.containerd.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.k3s.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.bottlerocket.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.crio.enabled }}
+            - mountPath: /var/run/crio/crio.sock
+          {{- else }}
+            - mountPath: /var/run/docker.sock
+          {{- end }}
+              name: runtime-sock
+              readOnly: true
+            - mountPath: /host/proc
+              name: proc-vol
+              readOnly: true
+            - mountPath: /host/cgroup
+              name: cgroup-vol
+              readOnly: true
+            - mountPath: /lib/modules
+              name: modules-vol
+              readOnly: true
+          {{- if .Values.internal.certmanager.enabled }}
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.enforcer.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.enforcer.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.enforcer.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- end }}
+      terminationGracePeriodSeconds: 1200
+      restartPolicy: Always
+      volumes:
+        - name: runtime-sock
+          hostPath:
+          {{- if .Values.containerd.enabled }}
+            path: {{ .Values.containerd.path }}
+          {{- else if .Values.crio.enabled }}
+            path: {{ .Values.crio.path }}
+          {{- else if .Values.k3s.enabled }}
+            path: {{ .Values.k3s.runtimePath }}
+          {{- else if .Values.bottlerocket.enabled }}
+            path: {{ .Values.bottlerocket.runtimePath }}
+          {{- else }}
+            path: {{ .Values.docker.path }}
+          {{- end }}
+        - name: proc-vol
+          hostPath:
+            path: /proc
+        - name: cgroup-vol
+          hostPath:
+            path: /sys/fs/cgroup
+        - name: modules-vol
+          hostPath:
+            path: /lib/modules
+      {{- if .Values.internal.certmanager.enabled }}
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.enforcer.internal.certificate.secret }}
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/init-configmap.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/init-configmap.yaml
new file mode 100644
index 0000000000..5cc1bb5c34
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/init-configmap.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.controller.configmap.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: neuvector-init
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ toYaml .Values.controller.configmap.data | indent 2 }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/init-secret.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/init-secret.yaml
new file mode 100644
index 0000000000..8a50814081
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/init-secret.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.controller.secret.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-init
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{- range $key, $val := .Values.controller.secret.data }}
+  {{ $key }}: | {{ toYaml $val | b64enc | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/manager-deployment.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/manager-deployment.yaml
new file mode 100644
index 0000000000..4e4bd5219b
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/manager-deployment.yaml
@@ -0,0 +1,100 @@
+{{- if .Values.manager.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-manager-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neuvector-manager-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-manager-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.manager.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.manager.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- if .Values.manager.affinity }}
+      affinity:
+{{ toYaml .Values.manager.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.manager.tolerations }}
+      tolerations:
+{{ toYaml .Values.manager.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.manager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.manager.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.manager.priorityClassName }}
+      priorityClassName: {{ .Values.manager.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: basic
+      serviceAccount: basic
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      {{- if .Values.manager.runAsUser }}
+      securityContext:
+        runAsUser: {{ .Values.manager.runAsUser }}
+      {{- end }}
+      containers:
+        - name: neuvector-manager-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
+          env:
+            - name: CTRL_SERVER_IP
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            {{- if not .Values.manager.env.ssl }}
+            - name: MANAGER_SSL
+              value: "off"
+            {{- end }}
+            {{- with .Values.manager.env.envs }}
+{{- toYaml . | nindent 12 }}
+            {{- end }}
+          volumeMounts:
+          {{- if .Values.manager.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: {{ .Values.manager.certificate.keyFile }}
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: {{ .Values.manager.certificate.pemFile }}
+              name: cert
+              readOnly: true
+          {{- end }}
+          resources:
+          {{- if .Values.manager.resources }}
+{{ toYaml .Values.manager.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+      restartPolicy: Always
+      volumes:
+      {{- if .Values.manager.certificate.secret }}
+        - name: cert
+          secret:
+            secretName: {{ .Values.manager.certificate.secret }}
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/manager-ingress.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/manager-ingress.yaml
new file mode 100644
index 0000000000..d6e2e33504
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/manager-ingress.yaml
@@ -0,0 +1,71 @@
+{{- if and .Values.manager.enabled .Values.manager.ingress.enabled -}}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-webui-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.manager.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.manager.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.manager.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.manager.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.manager.ingress.host }}
+{{- if .Values.manager.ingress.secretName }}
+    secretName: {{ .Values.manager.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.manager.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.manager.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-service-webui
+            port:
+              number: 8443
+{{- else }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-webui-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.manager.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.manager.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.manager.ingress.host }}
+{{- if .Values.manager.ingress.secretName }}
+    secretName: {{ .Values.manager.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.manager.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.manager.ingress.path }}
+        backend:
+          serviceName: neuvector-service-webui
+          servicePort: 8443
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/manager-route.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/manager-route.yaml
new file mode 100644
index 0000000000..784a4ae235
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/manager-route.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.openshift -}}
+{{- if .Values.manager.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-webui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.manager.route.host }}
+  host: {{ .Values.manager.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-service-webui
+  port:
+    targetPort: manager
+  tls:
+    termination: {{ .Values.manager.route.termination }}
+{{- if or (eq .Values.manager.route.termination "reencrypt") (eq .Values.manager.route.termination "edge") }}
+{{- with .Values.manager.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}  
+{{- end }}  
+{{- end }}
+{{- end -}}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/manager-service.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/manager-service.yaml
new file mode 100644
index 0000000000..e18e55c357
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/manager-service.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.manager.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-service-webui
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.manager.svc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.manager.svc.type }}
+{{- if and .Values.manager.svc.loadBalancerIP (eq .Values.manager.svc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.manager.svc.loadBalancerIP }}
+{{- end }}
+  ports:
+    - port: 8443
+      name: manager
+      protocol: TCP
+  selector:
+    app: neuvector-manager-pod
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/psp.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/psp.yaml
new file mode 100644
index 0000000000..782b62926d
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/psp.yaml
@@ -0,0 +1,86 @@
+{{- if and .Values.global.cattle.psp.enabled (semverCompare "<1.25-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: neuvector-binding-psp
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  privileged: true
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - SYS_ADMIN
+  - NET_ADMIN
+  - SYS_PTRACE
+  - IPC_LOCK
+  requiredDropCapabilities:
+  - ALL
+  volumes:
+  - '*'
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: neuvector-binding-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - policy
+  - extensions
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - neuvector-binding-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: neuvector-binding-psp
+subjects:
+{{- if .Values.leastPrivilege }}
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+{{- else }}
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/pvc.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/pvc.yaml
new file mode 100644
index 0000000000..3821d04853
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/pvc.yaml
@@ -0,0 +1,27 @@
+{{- if not .Values.controller.pvc.existingClaim -}}
+{{- if and .Values.controller.enabled .Values.controller.pvc.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: neuvector-data
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  accessModes:
+{{ toYaml .Values.controller.pvc.accessModes | indent 4 }}
+  volumeMode: Filesystem
+{{- if .Values.controller.pvc.storageClass }}
+  storageClassName: {{ .Values.controller.pvc.storageClass }}
+{{- end }}
+  resources:
+    requests:
+{{- if .Values.controller.pvc.capacity }}
+      storage: {{ .Values.controller.pvc.capacity }}
+{{- else }}
+      storage: 1Gi
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter-ingress.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter-ingress.yaml
new file mode 100644
index 0000000000..22c7244af8
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter-ingress.yaml
@@ -0,0 +1,109 @@
+{{- if .Values.cve.adapter.enabled -}}
+
+{{- if .Values.cve.adapter.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-registry-adapter-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.cve.adapter.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.cve.adapter.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.cve.adapter.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.cve.adapter.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.cve.adapter.ingress.host }}
+{{- if .Values.cve.adapter.ingress.secretName }}
+    secretName: {{ .Values.cve.adapter.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.cve.adapter.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.cve.adapter.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-service-registry-adapter
+            port:
+              number: 9443
+{{- else }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-registry-adapter-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.cve.adapter.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.cve.adapter.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.cve.adapter.ingress.host }}
+{{- if .Values.cve.adapter.ingress.secretName }}
+    secretName: {{ .Values.cve.adapter.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.cve.adapter.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.cve.adapter.ingress.path }}
+        backend:
+          serviceName: neuvector-service-webui
+          servicePort: 9443
+{{- end }}
+{{- end }}
+
+---
+
+{{- if and .Values.openshift .Values.cve.adapter.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-registry-adapter
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.cve.adapter.route.host }}
+  host: {{ .Values.cve.adapter.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-service-registry-adapter
+  port:
+    targetPort: registry-adapter
+  tls:
+    termination: {{ .Values.cve.adapter.route.termination }}
+{{- if or (eq .Values.cve.adapter.route.termination "reencrypt") (eq .Values.cve.adapter.route.termination "edge") }}
+{{- with .Values.cve.adapter.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter.yaml
new file mode 100644
index 0000000000..6fc87e9891
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/registry-adapter.yaml
@@ -0,0 +1,174 @@
+{{- if .Values.cve.adapter.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-registry-adapter-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neuvector-registry-adapter-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-registry-adapter-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.cve.adapter.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.cve.adapter.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- if .Values.cve.adapter.affinity }}
+      affinity:
+{{ toYaml .Values.cve.adapter.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.adapter.tolerations }}
+      tolerations:
+{{ toYaml .Values.cve.adapter.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.adapter.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.cve.adapter.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.cve.adapter.priorityClassName }}
+      priorityClassName: {{ .Values.cve.adapter.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: basic
+      serviceAccount: basic
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      {{- if .Values.cve.adapter.runAsUser }}
+      securityContext:
+        runAsUser: {{ .Values.cve.adapter.runAsUser }}
+      {{- end }}
+      containers:
+        - name: neuvector-registry-adapter-pod
+          {{- if eq .Values.registry "registry.neuvector.com" }}
+          {{- if .Values.oem }}
+          image: "{{ .Values.registry }}/{{ .Values.oem }}/registry-adapter:{{ .Values.cve.adapter.image.tag }}"
+          {{- else }}
+          image: "{{ .Values.registry }}/registry-adapter:{{ .Values.cve.adapter.image.tag }}"
+          {{- end }}
+          {{- else }}
+          {{- if .Values.cve.adapter.image.hash }}
+          image: "{{ .Values.registry }}/{{ .Values.cve.adapter.image.repository }}@{{ .Values.cve.adapter.image.hash }}"
+          {{- else }}
+          image: {{ template "system_default_registry" . }}{{ .Values.cve.adapter.image.repository }}:{{ .Values.cve.adapter.image.tag }}
+          {{- end }}
+          {{- end }}
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            - name: HARBOR_SERVER_PROTO
+              value: {{ .Values.cve.adapter.harbor.protocol }}
+            {{- if .Values.cve.adapter.harbor.secretName }}
+            - name: HARBOR_BASIC_AUTH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.cve.adapter.harbor.secretName }}
+                  key: username
+            - name: HARBOR_BASIC_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.cve.adapter.harbor.secretName }}
+                  key: password
+            {{- end }}
+            {{- with .Values.cve.adapter.env }}
+{{- toYaml . | nindent 14 }}
+            {{- end }}
+          volumeMounts:
+          {{- if .Values.cve.adapter.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: {{ .Values.cve.adapter.certificate.keyFile }}
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: {{ .Values.cve.adapter.certificate.pemFile }}
+              name: cert
+              readOnly: true
+          {{- end }}
+          resources:
+          {{- if .Values.cve.adapter.resources }}
+{{ toYaml .Values.cve.adapter.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+          {{- if .Values.internal.certmanager.enabled }}
+          volumeMounts:
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.cve.adapter.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.cve.adapter.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.cve.adapter.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- end }}
+      restartPolicy: Always
+      volumes:
+      {{- if .Values.cve.adapter.certificate.secret }}
+        - name: cert
+          secret:
+            secretName: {{ .Values.cve.adapter.certificate.secret }}
+      {{- end }}
+      {{- if .Values.internal.certmanager.enabled }}
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.cve.adapter.internal.certificate.secret }}
+      {{- end }}
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-service-registry-adapter
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.cve.adapter.svc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.cve.adapter.svc.type }}
+{{- if and .Values.cve.adapter.svc.loadBalancerIP (eq .Values.cve.adapter.svc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.cve.adapter.svc.loadBalancerIP }}
+{{- end }}
+  ports:
+    - name: registry-adapter
+{{- if (eq .Values.cve.adapter.harbor.protocol "https") }}
+      port: 9443
+{{- else }}
+      port: 8090
+{{- end }}
+      protocol: TCP
+  selector:
+    app: neuvector-registry-adapter-pod
+
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/role-least.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/role-least.yaml
new file mode 100644
index 0000000000..b6324d739f
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/role-least.yaml
@@ -0,0 +1,29 @@
+{{- if and .Values.rbac .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Role
+metadata:
+  name: neuvector-binding-scanner
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - watch
+  - patch
+  - update
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/rolebinding-least.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/rolebinding-least.yaml
new file mode 100644
index 0000000000..163a05306e
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/rolebinding-least.yaml
@@ -0,0 +1,62 @@
+{{- if and .Values.rbac .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-scanner
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-scanner
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: updater
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:privileged
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/rolebinding.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/rolebinding.yaml
new file mode 100644
index 0000000000..257c35c91d
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/rolebinding.yaml
@@ -0,0 +1,56 @@
+{{- if and .Values.rbac (not .Values.leastPrivilege) -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-admin
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: admin
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:privileged
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/scanner-deployment.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/scanner-deployment.yaml
new file mode 100644
index 0000000000..ba4474f07f
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/scanner-deployment.yaml
@@ -0,0 +1,102 @@
+{{- if .Values.cve.scanner.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-scanner-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  strategy:
+{{ toYaml .Values.cve.scanner.strategy | indent 4 }}
+  replicas: {{ .Values.cve.scanner.replicas }}
+  selector:
+    matchLabels:
+      app: neuvector-scanner-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-scanner-pod
+        {{- with .Values.cve.scanner.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.cve.scanner.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- if .Values.cve.scanner.affinity }}
+      affinity:
+{{ toYaml .Values.cve.scanner.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.scanner.tolerations }}
+      tolerations:
+{{ toYaml .Values.cve.scanner.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.scanner.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.cve.scanner.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.cve.scanner.priorityClassName }}
+      priorityClassName: {{ .Values.cve.scanner.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: basic
+      serviceAccount: basic
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      {{- if .Values.cve.scanner.runAsUser }}
+      securityContext:
+        runAsUser: {{ .Values.cve.scanner.runAsUser }}
+      {{- end }}
+      containers:
+        - name: neuvector-scanner-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}
+          imagePullPolicy: Always
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+          {{- if .Values.cve.scanner.dockerPath }}
+            - name: SCANNER_DOCKER_URL
+              value: {{ .Values.cve.scanner.dockerPath }}
+          {{- end }}
+          {{- with .Values.cve.scanner.env }}
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+          resources:
+{{ toYaml .Values.cve.scanner.resources | indent 12 }}
+          {{- if .Values.internal.certmanager.enabled }}
+          volumeMounts:
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.cve.scanner.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.cve.scanner.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.cve.scanner.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- end }}
+      restartPolicy: Always
+      {{- if .Values.internal.certmanager.enabled }}
+      volumes:
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.cve.scanner.internal.certificate.secret }}
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount-least.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount-least.yaml
new file mode 100644
index 0000000000..9d728abecb
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount-least.yaml
@@ -0,0 +1,47 @@
+{{- if .Values.leastPrivilege }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: basic
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: updater
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..595914ca54
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if not .Values.leastPrivilege }}
+{{- if ne .Values.serviceAccount "default"}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/updater-cronjob.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/updater-cronjob.yaml
new file mode 100644
index 0000000000..e0f920cb0b
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/updater-cronjob.yaml
@@ -0,0 +1,75 @@
+{{- if .Values.cve.updater.enabled -}}
+{{- if (semverCompare ">=1.21-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: batch/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: batch/v1beta1
+{{- else }}
+apiVersion: batch/v2alpha1
+{{- end }}
+kind: CronJob
+metadata:
+  name: neuvector-updater-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  schedule: {{ .Values.cve.updater.schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app: neuvector-updater-pod
+            release: {{ .Release.Name }}
+            {{- with .Values.cve.updater.podLabels }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.cve.updater.podAnnotations }}
+          annotations:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+        spec:
+        {{- if .Values.imagePullSecrets }}
+          imagePullSecrets:
+            - name: {{ .Values.imagePullSecrets }}
+        {{- end }}
+        {{- if .Values.cve.updater.nodeSelector }}
+          nodeSelector:
+{{ toYaml .Values.cve.updater.nodeSelector | indent 12 }}
+        {{- end }}
+        {{- if .Values.cve.updater.priorityClassName }}
+          priorityClassName: {{ .Values.cve.updater.priorityClassName }}
+        {{- end }}
+        {{- if .Values.leastPrivilege }}
+          serviceAccountName: updater
+          serviceAccount: updater
+        {{- else }}
+          serviceAccountName: {{ .Values.serviceAccount }}
+          serviceAccount: {{ .Values.serviceAccount }}
+        {{- end }}
+          {{- if .Values.cve.updater.runAsUser }}
+          securityContext:
+            runAsUser: {{ .Values.cve.updater.runAsUser }}
+          {{- end }}
+          containers:
+            - name: neuvector-updater-pod
+              image: {{ template "system_default_registry" . }}{{ .Values.cve.updater.image.repository }}:{{ .Values.cve.updater.image.tag }}
+              imagePullPolicy: Always
+          {{- if .Values.cve.scanner.enabled }}
+              command:
+              - /bin/sh
+              - -c
+            {{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+              {{- if .Values.cve.updater.secure }}
+              - /usr/bin/curl -v -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod'
+              {{- else }}
+              - /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod'
+              {{- end }}
+            {{- else }}
+              - /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/extensions/v1beta1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod'
+            {{- end }}
+          {{- end }}
+          restartPolicy: Never
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/templates/validate-psp-install.yaml b/charts/neuvector/102.0.4+up2.6.2/templates/validate-psp-install.yaml
new file mode 100644
index 0000000000..da62c4d183
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/templates/validate-psp-install.yaml
@@ -0,0 +1,7 @@
+{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+{{- if .Values.global.cattle.psp.enabled }}
+{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/102.0.4+up2.6.2/values.yaml b/charts/neuvector/102.0.4+up2.6.2/values.yaml
new file mode 100644
index 0000000000..f5eaed4704
--- /dev/null
+++ b/charts/neuvector/102.0.4+up2.6.2/values.yaml
@@ -0,0 +1,501 @@
+# Default values for neuvector.
+# This is a YAML-formatted file.
+# Declare variables to be passed into the templates.
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    psp:
+      enabled: false # PSP enablement should default to false
+
+openshift: false
+
+registry: docker.io
+oem:
+rbac: true # required for rancher authentication
+serviceAccount: neuvector
+leastPrivilege: false
+global: # required for rancher authentication (https://<Rancher_URL>/)
+  cattle:
+    url:
+
+internal: # enable when cert-manager is installed for the internal certificates
+  certmanager: 
+    enabled: false
+    secretname: neuvector-internal
+
+controller:
+  # If false, controller will not be installed
+  enabled: true
+  annotations: {}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  image:
+    repository: rancher/mirrored-neuvector-controller
+    tag: 5.2.1
+    hash:
+  replicas: 3
+  disruptionbudget: 0
+  schedulerName:
+  priorityClassName:
+  podLabels: {}
+  podAnnotations: {}
+  env: []
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: app
+              operator: In
+              values:
+              - neuvector-controller-pod
+          topologyKey: "kubernetes.io/hostname"
+  tolerations: []
+  nodeSelector: {}
+    # key1: value1
+    # key2: value2
+  apisvc:
+    type:
+    annotations: {}
+    # OpenShift Route configuration
+    # Controller supports HTTPS only, so edge termination not supported
+    route:
+      enabled: false
+      termination: passthrough
+      host:
+      tls:
+        #certificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #caCertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #destinationCACertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #key: |
+        #  -----BEGIN PRIVATE KEY-----
+        #  -----END PRIVATE KEY-----
+  ranchersso: # required for rancher authentication
+    enabled: true
+  pvc:
+    enabled: false
+    existingClaim: false
+    accessModes:
+      - ReadWriteMany
+    storageClass:
+    capacity:
+  azureFileShare:
+    enabled: false
+    secretName:
+    shareName:
+  certificate:
+    secret:
+    keyFile: tls.key
+    pemFile: tls.pem
+  internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+    certificate:
+      secret: neuvector-internal
+      keyFile: tls.key
+      pemFile: tls.crt
+      caFile: ca.crt # must be the same CA for all internal.
+  federation:
+    mastersvc:
+      type:
+      # Federation Master Ingress
+      ingress:
+        enabled: false
+        host:  # MUST be set, if ingress is enabled
+        ingressClassName: ""
+        path: "/"  # or this could be "/api", but might need "rewrite-target" annotation
+        annotations:
+          nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+          # ingress.kubernetes.io/rewrite-target: /
+        tls: false
+        secretName:
+      annotations: {}
+      # OpenShift Route configuration
+      # Controller supports HTTPS only, so edge termination not supported
+      route:
+        enabled: false
+        termination: passthrough
+        host:
+        tls:
+          #certificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #caCertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #destinationCACertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #key: |
+          #  -----BEGIN PRIVATE KEY-----
+          #  -----END PRIVATE KEY-----
+    managedsvc:
+      type:
+      # Federation Managed Ingress
+      ingress:
+        enabled: false
+        host:  # MUST be set, if ingress is enabled
+        ingressClassName: ""
+        path: "/"  # or this could be "/api", but might need "rewrite-target" annotation
+        annotations:
+          nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+          # ingress.kubernetes.io/rewrite-target: /
+        tls: false
+        secretName:
+      annotations: {}
+      # OpenShift Route configuration
+      # Controller supports HTTPS only, so edge termination not supported
+      route:
+        enabled: false
+        termination: passthrough
+        host:
+        tls:
+          #certificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #caCertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #destinationCACertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #key: |
+          #  -----BEGIN PRIVATE KEY-----
+          #  -----END PRIVATE KEY-----
+  ingress:
+    enabled: false
+    host:  # MUST be set, if ingress is enabled
+    ingressClassName: ""
+    path: "/"  # or this could be "/api", but might need "rewrite-target" annotation
+    annotations:
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      # ingress.kubernetes.io/rewrite-target: /
+    tls: false
+    secretName:
+  resources: {}
+    # limits:
+    #   cpu: 400m
+    #   memory: 2792Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 2280Mi
+  configmap:
+    enabled: false
+    data:
+      # passwordprofileinitcfg.yaml: |
+      #  ...
+      # roleinitcfg.yaml: |
+      #  ...
+      # ldapinitcfg.yaml: |
+      #  ...
+      # oidcinitcfg.yaml: |
+      # ...
+      # samlinitcfg.yaml: |
+      # ...
+      # sysinitcfg.yaml: |
+      # ...
+      # userinitcfg.yaml: |
+      # ...
+  secret:
+    # NOTE: files defined here have preferrence over the ones defined in the configmap section
+    enabled: false
+    data: {}
+      # passwordprofileinitcfg.yaml: |
+      #  ...
+      # roleinitcfg.yaml: |
+      #  ...
+      # ldapinitcfg.yaml:
+      #   directory: OpenLDAP
+      #   ...
+      # oidcinitcfg.yaml:
+      #   Issuer: https://...
+      #   ...
+      # samlinitcfg.yaml:
+      #   ...
+      # sysinitcfg.yaml:
+      #   ...
+      # userinitcfg.yaml:
+      #   ...
+
+enforcer:
+  # If false, enforcer will not be installed
+  enabled: true
+  image:
+    repository: rancher/mirrored-neuvector-enforcer
+    tag: 5.2.1
+    hash:
+  updateStrategy:
+    type: RollingUpdate
+  priorityClassName:
+  podLabels: {}
+  podAnnotations: {}
+  env: []
+  tolerations:
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/master
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/control-plane
+  resources: {}
+    # limits:
+    #   cpu: 400m
+    #   memory: 2792Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 2280Mi
+  internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+    certificate:
+      secret: neuvector-internal
+      keyFile: tls.key
+      pemFile: tls.crt
+      caFile: ca.crt # must be the same CA for all internal.
+      
+manager:
+  # If false, manager will not be installed
+  enabled: true
+  image:
+    repository: rancher/mirrored-neuvector-manager
+    tag: 5.2.1
+    hash:
+  priorityClassName:
+  env:
+    ssl: true
+    envs: []
+#      - name: CUSTOM_PAGE_HEADER_COLOR
+#        value: "#FFFFFF"
+#      - name: CUSTOM_PAGE_FOOTER_COLOR
+#        value: "#FFFFFF"
+  svc:
+    type: NodePort # should be set to - ClusterIP
+    loadBalancerIP:
+    annotations: {}
+      # azure
+      # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+      # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
+  # OpenShift Route configuration
+  # Make sure manager env ssl is false for edge termination
+  route:
+    enabled: true
+    termination: passthrough
+    host:
+    tls:
+      #certificate: | 
+      #  -----BEGIN CERTIFICATE-----
+      #  -----END CERTIFICATE-----
+      #caCertificate: | 
+      #  -----BEGIN CERTIFICATE-----
+      #  -----END CERTIFICATE-----
+      #destinationCACertificate: | 
+      #  -----BEGIN CERTIFICATE-----
+      #  -----END CERTIFICATE-----
+      #key: | 
+      #  -----BEGIN PRIVATE KEY-----
+      #  -----END PRIVATE KEY-----
+  certificate:
+    secret:
+    keyFile: tls.key
+    pemFile: tls.pem
+  ingress:
+    enabled: false
+    host:  # MUST be set, if ingress is enabled
+    ingressClassName: ""
+    path: "/"
+    annotations:
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      # kubernetes.io/ingress.class: my-nginx
+      # nginx.ingress.kubernetes.io/whitelist-source-range: "1.1.1.1"
+      # nginx.ingress.kubernetes.io/rewrite-target: /
+      # nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
+      # only for end-to-end tls conf - ingress-nginx accepts backend self-signed cert
+    tls: false
+    secretName:  # my-tls-secret
+  resources: {}
+    # limits:
+    #   cpu: 400m
+    #   memory: 2792Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 2280Mi
+  affinity: {}
+  podLabels: {}
+  podAnnotations: {}
+  tolerations: []
+  nodeSelector: {}
+    # key1: value1
+    # key2: value2
+  runAsUser:  # MUST be set for Rancher hardened cluster
+  
+cve:
+  adapter:
+    enabled: false
+    image:
+      repository: rancher/mirrored-neuvector-registry-adapter
+      tag: 0.1.0
+      hash:
+    priorityClassName:
+    resources: {}
+      # limits:
+      #   cpu: 400m
+      #   memory: 512Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 1024Mi
+    affinity: {}
+    podLabels: {}
+    podAnnotations: {}
+    env: []
+    tolerations: []
+    nodeSelector: {}
+      # key1: value1
+      # key2: value2
+    runAsUser:  # MUST be set for Rancher hardened cluster
+    certificate:
+      secret:
+      keyFile: tls.key
+      pemFile: tls.pem
+    harbor:
+      protocol: https
+      secretName:
+    svc:
+      type: NodePort # should be set to - ClusterIP
+      loadBalancerIP:
+      annotations: {}
+        # azure
+        # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+        # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
+    # OpenShift Route configuration
+    route:
+      enabled: true
+      termination: passthrough
+      host:
+      tls:
+        #certificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #caCertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #destinationCACertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #key: |
+        #  -----BEGIN PRIVATE KEY-----
+        #  -----END PRIVATE KEY-----
+    ingress:
+      enabled: false
+      host:  # MUST be set, if ingress is enabled
+      ingressClassName: ""
+      path: "/"
+      annotations:
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+        # kubernetes.io/ingress.class: my-nginx
+        # nginx.ingress.kubernetes.io/whitelist-source-range: "1.1.1.1"
+        # nginx.ingress.kubernetes.io/rewrite-target: /
+        # nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
+        # only for end-to-end tls conf - ingress-nginx accepts backend self-signed cert
+      tls: false
+      secretName:  # my-tls-secret
+    internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+      certificate:
+        secret: neuvector-internal
+        keyFile: tls.key
+        pemFile: tls.crt
+        caFile: ca.crt # must be the same CA for all internal.
+  updater:
+    # If false, cve updater will not be installed
+    enabled: true
+    secure: false
+    image:
+      registry: ""
+      repository: rancher/mirrored-neuvector-updater
+      tag: latest
+      hash:
+    schedule: "0 0 * * *"
+    priorityClassName:
+    podLabels: {}
+    podAnnotations: {}
+    nodeSelector: {}
+      # key1: value1
+      # key2: value2
+    runAsUser:  # MUST be set for Rancher hardened cluster
+  scanner:
+    enabled: true
+    replicas: 3
+    dockerPath: ""
+    strategy:
+      type: RollingUpdate
+      rollingUpdate:
+        maxSurge: 1
+        maxUnavailable: 0
+    image:
+      registry: ""
+      repository: rancher/mirrored-neuvector-scanner
+      tag: latest
+      hash:
+    priorityClassName:
+    resources: {}
+      # limits:
+      #   cpu: 400m
+      #   memory: 2792Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 2280Mi
+    affinity: {}
+    podLabels: {}
+    podAnnotations: {}
+    env: []
+    tolerations: []
+    nodeSelector: {}
+      # key1: value1
+      # key2: value2
+    runAsUser:  # MUST be set for Rancher hardened cluster
+    internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+      certificate:
+        secret: neuvector-internal
+        keyFile: tls.key
+        pemFile: tls.crt
+        caFile: ca.crt # must be the same CA for all internal.
+
+docker:
+  path: /var/run/docker.sock
+
+resources: {}
+  # limits:
+  #   cpu: 400m
+  #   memory: 2792Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 2280Mi
+
+k3s:
+  enabled: false
+  runtimePath: /run/k3s/containerd/containerd.sock
+
+bottlerocket:
+  enabled: false
+  runtimePath: /run/dockershim.sock
+
+containerd:
+  enabled: false
+  path: /var/run/containerd/containerd.sock
+
+crio:
+  enabled: false
+  path: /var/run/crio/crio.sock
+
+admissionwebhook:
+  type: ClusterIP
+
+crdwebhook:
+  enabled: true
+  type: ClusterIP
+
diff --git a/index.yaml b/index.yaml
index ca826b21a0..d7e1d1ddc5 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3847,6 +3847,37 @@ entries:
     - assets/longhorn-crd/longhorn-crd-1.0.200.tgz
     version: 1.0.200
   neuvector:
+  - annotations:
+      catalog.cattle.io/auto-install: neuvector-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: NeuVector
+      catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.28.0-0'
+      catalog.cattle.io/namespace: cattle-neuvector-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permit-os: linux
+      catalog.cattle.io/provides-gvr: neuvector.com/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: neuvector
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/upstream-version: 2.6.2
+    apiVersion: v1
+    appVersion: 5.2.1
+    created: "2023-08-25T13:02:38.902196082-07:00"
+    description: Helm feature chart for NeuVector's core services
+    digest: fcfb5680ae539cd2a02f6fc37b19cca58b85ca8562547768638c2a665564f5b0
+    home: https://neuvector.com
+    icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+    keywords:
+    - security
+    maintainers:
+    - email: support@neuvector.com
+      name: becitsthere
+    name: neuvector
+    sources:
+    - https://github.com/neuvector/neuvector
+    urls:
+    - assets/neuvector/neuvector-102.0.4+up2.6.2.tgz
+    version: 102.0.4+up2.6.2
   - annotations:
       catalog.cattle.io/auto-install: neuvector-crd=match
       catalog.cattle.io/certified: rancher
@@ -4195,6 +4226,26 @@ entries:
     - assets/neuvector/neuvector-100.0.0+up2.2.0.tgz
     version: 100.0.0+up2.2.0
   neuvector-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-neuvector-system
+      catalog.cattle.io/release-name: neuvector-crd
+    apiVersion: v1
+    appVersion: 5.2.1
+    created: "2023-08-25T13:02:38.910080043-07:00"
+    description: Helm chart for NeuVector's CRD services
+    digest: 3699d00e458d9a980f7103cc3d7cade2ee84867b20a479295d6598270c1614af
+    home: https://neuvector.com
+    icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+    maintainers:
+    - email: support@neuvector.com
+      name: becitsthere
+    name: neuvector-crd
+    type: application
+    urls:
+    - assets/neuvector-crd/neuvector-crd-102.0.4+up2.6.2.tgz
+    version: 102.0.4+up2.6.2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From 8d7c661bb5f2c9585332feb577c81ef8f8092703 Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 25 Aug 2023 13:02:43 -0700
Subject: [PATCH 06/14] Update release.yaml

---
 release.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/release.yaml b/release.yaml
index bf435cf94b..0d8f1ea34b 100644
--- a/release.yaml
+++ b/release.yaml
@@ -5,4 +5,8 @@ fleet-agent:
 fleet-crd:
 - 102.1.1+up0.7.1
 neuvector-monitor:
-- 102.0.4+up2.6.2
\ No newline at end of file
+- 102.0.4+up2.6.2
+neuvector:
+- 102.0.4+up2.6.2
+neuvector-crd:
+- 102.0.4+up2.6.2

From 3182a2260d6a9912fa4b6ee72b7a1ae58c638e23 Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 1 Sep 2023 15:22:06 -0700
Subject: [PATCH 07/14] Add NeuVector chart version 2.6.2

---
 .../generated-changes/patch/values.yaml.patch | 35 +++++++++----------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/packages/neuvector/generated-changes/patch/values.yaml.patch b/packages/neuvector/generated-changes/patch/values.yaml.patch
index 96a1979ffa..5c094689f5 100644
--- a/packages/neuvector/generated-changes/patch/values.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/values.yaml.patch
@@ -1,15 +1,6 @@
 --- charts-original/values.yaml
 +++ charts/values.yaml
-@@ -2,15 +2,18 @@
- # This is a YAML-formatted file.
- # Declare variables to be passed into the templates.
- 
-+global:
-+  cattle:
-+    systemDefaultRegistry: ""
-+    psp:
-+      enabled: false # PSP enablement should default to false
-+
+@@ -5,16 +5,17 @@
  openshift: false
  
  registry: docker.io
@@ -21,9 +12,17 @@
 -serviceAccount: default
 +serviceAccount: neuvector
  leastPrivilege: false
++
  global: # required for rancher authentication (https://<Rancher_URL>/)
    cattle:
-@@ -31,7 +34,8 @@
+     url:
++    systemDefaultRegistry: ""
++    psp:
++      enabled: false # PSP enablement should default to false
+ 
+ internal: # enable when cert-manager is installed for the internal certificates
+   certmanager: 
+@@ -31,7 +32,8 @@
        maxSurge: 1
        maxUnavailable: 0
    image:
@@ -33,7 +32,7 @@
      hash:
    replicas: 3
    disruptionbudget: 0
-@@ -79,7 +83,7 @@
+@@ -79,7 +81,7 @@
          #  -----BEGIN PRIVATE KEY-----
          #  -----END PRIVATE KEY-----
    ranchersso: # required for rancher authentication
@@ -42,7 +41,7 @@
    pvc:
      enabled: false
      existingClaim: false
-@@ -227,7 +231,8 @@
+@@ -227,7 +229,8 @@
    # If false, enforcer will not be installed
    enabled: true
    image:
@@ -52,7 +51,7 @@
      hash:
    updateStrategy:
      type: RollingUpdate
-@@ -258,7 +263,8 @@
+@@ -258,7 +261,8 @@
    # If false, manager will not be installed
    enabled: true
    image:
@@ -62,7 +61,7 @@
      hash:
    priorityClassName:
    env:
-@@ -332,7 +338,7 @@
+@@ -332,7 +336,7 @@
    adapter:
      enabled: false
      image:
@@ -71,7 +70,7 @@
        tag: 0.1.0
        hash:
      priorityClassName:
-@@ -410,7 +416,7 @@
+@@ -410,7 +414,7 @@
      secure: false
      image:
        registry: ""
@@ -80,7 +79,7 @@
        tag: latest
        hash:
      schedule: "0 0 * * *"
-@@ -432,7 +438,7 @@
+@@ -432,7 +436,7 @@
          maxUnavailable: 0
      image:
        registry: ""
@@ -89,7 +88,7 @@
        tag: latest
        hash:
      priorityClassName:
-@@ -493,14 +499,3 @@
+@@ -493,14 +497,3 @@
    enabled: true
    type: ClusterIP
  

From 7452b622e22fc0d078e6e42142dcf4407ae81238 Mon Sep 17 00:00:00 2001
From: selvamt94 <sthangaraj@neuvector.com>
Date: Fri, 1 Sep 2023 15:22:18 -0700
Subject: [PATCH 08/14] make chart

---
 .../neuvector/neuvector-102.0.4+up2.6.2.tgz   | Bin 20408 -> 20404 bytes
 charts/neuvector/102.0.4+up2.6.2/values.yaml  |  10 ++++------
 index.yaml                                    |   4 ++--
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/assets/neuvector/neuvector-102.0.4+up2.6.2.tgz b/assets/neuvector/neuvector-102.0.4+up2.6.2.tgz
index e21d734fd793189c1c328a4edb7481cb4e82acf1..0ca5fc57cccb7e7f9c71f61eb4089f37978e4cb9 100644
GIT binary patch
delta 19506
zcmV*CKyAOcp8>R=0gz08lI3TQcKYtm?YO&rCvkLaCw=G4nG-`KBw<Vu8~~J~NwS}P
z4_+ilf)w?zY$xK(Ny{WqC=?2XLZMI<qIiltPH5+J3@LBV;3W93H9xz%ySqmR2lBtW
zySw@Sc8?AY|Eqg&aC~rZw70vr|6jY^{k`t-e}Ua~BjS2u#v%QGuicf~%6IOGJTMFi
zha8iT^%?+pki&qC+8*RQKy6GqFy^F%L&jkc^gzNcEsy%YOd$8h&RQO#91k(_dw{~w
z8zbs0=3^EGaMlXp1oglLia$u;&a$`h0JWxwGEBlAc>dqNblcsZ+q<n@@K?}n@5!If
zoizn?7C{g7fO^?~O1r^kjH8LO8eu&U;4uE={2C!T!Mru65G7OWBi0&CsYSfDM<$(V
z*I7lAE7Mc3*FM%g-D_8Ll%fDZhBP^o=A32uEE4nxV#X0|aY6!Tu{dI!A~;F$*=rxQ
z_Zl$5AIzI+w*jLl`SY;7*X}la#5{^4E?@nDf(aNR$YY9=$N@Zm>HcN^=y>n=@c(7M
z?CtLU-_u_X8n<Y6N2t$wjTT_Yiz()_#suP!LmVP1-=hh{K@YGviU{TZCyN3Aio^rt
zVb1s%QPjv2ospP&NWwC>DikGNsoYI#BqZ+c?zMN@2S3G;BKAGb{}hiY3}VFYV*#j^
z|NDD;d)>VJKRDQb%Kwc#&%kRmgmJ)u8h<%2Q)X{G1J`5B0A>J!zn{E)(;5;wft({B
z3~_)&f!D|jAVpvbDTadpF~A8JAP_;ukPmRk3E*P{IGRKO<cPH!4HBV{jq#B8zz_xu
zH5wF+FynOA13vL?5p84AAZXHS&;j&%fYTU(XMm!A$C!$L#tAhm3xF{nqmW}yu44@?
zL{2=9#38q*q>zrhPw^B7XoQlcM*$hYpjQt(cwuJqUoTaGkMA$v{CDT25}!OkVjTq_
zrh)pQRv1m?%cPghru-VQNEHJBg@Ss%MhiRx{j0uyIYA)@Y)s<72fiLJP7MAy<cNl<
z2dX@{8>0|^h()+Hfgv0rDn?MR;<|fcNK8$j*K1D<kLU=ZTvzOYMiDvHG2~Iib7HS$
zKsFje3{w&Wh>9LQ1Ls3kc?YClz#R?(5E3pJCc&>^wI>F?0f4QifX`nW05DD=N28e{
zpIXi?Nf6+0^gi+-S4dL(jiK}ee!7aO;DB!W=6wi%rw|9C*&f(!0DvcOq^nRA5r#Pt
z1E<-dGr^P+ihN6%Nc*L5f+MpUia*DYjRiQ0q5yl4^}v1u03S0N%Vly9`y<3v+sqpy
zKMoMR5aewD5K&CTGIbh2#*&xBe**_7FeHhHe^Q_m3a35rkADgp4u?3zTvJRI=J+J@
zQZ$5rhKN$+zm6#mM^_3F9FERMAxU1JeL`L=*LGd41?~_Yjk#F7cJ({ehK7HQ=%kl?
z03Z;EU!g!!&i)_<gL~t%PZ33o8O1bxTHqGVdH_aI<~0B$LKF&M;5^KIQnIa=d)or8
zp=(9Nw+eC+k${Y5e-n*1g%V0bB!n0yoiSm5lK;h2<|Gi!E5b{1hr~xo2h~`JX>f~X
z-JZgzo4(r9ulB?^MVL)Ji?8Lc;tUW~-$f|A5`q+5l9(egwT5^UD@=5m({#FNb%udI
zuCM!7fP}$p2QUJVKN13(PH?ECoS2fjF!J?Giqje75C_1n-;>gxk12^qWBplB%hcz8
zfi)V>Ea}q&U()vgw8Zo4+3)8U;PmYB`uw-^)068n`L<B(?BaDrArGEzpcNl6u1Rou
zvWW)eTquLxzdZkNa(xE=cJ}vj*p5P4#4$!{E{fSDLW}Ik@UVkf&?hViH98F-p4cCt
z=OM=45<i`;EpUmT|0l&9y@laStv#H7P&h(T8me+0jG(9G82nF6(Qi0FS7S&~DH3V{
zGr|-ACQ6$>ZJxABtKYY1CcyUuAGdFj!YM+N^kpPBmG;WawH_5SP0DofC6h@UYErgA
zUvA<=Ik`q(oxD8*rzf%s3<CMiBa?`PDC7*hNF~<}U>*!Z@dNrW;$oOWAE0o5NT`SC
zOGT%AzmlH07I9U;+1*@+J<9cK5308w6feOuFo~I5-v#CjPLSOj(^9(uz!3RbgeuG?
zQ0z?;QD_T8!NR{K#lc%y5}b!4v1aHJSpAjC8K=<Fa!CMu`~K=$;K>l*0eENth(Xg;
zlRElSx*8jOPSOSPaSt>*O#xJYYFb$AZ-w$UK%m)y5pM2)LCnEKESVrg$Olb|?gWds
zIHV)Qo0hy!0OyP~<_SkQ{M6PcwX;jq0D8A5^ji@noOmSYfu<DwO{@Mh;I5m+s0TVp
z9U;DRRLoB%_kvY#$y(o{m0Pw-d0@`cm0i4Y%UAgVR$JEBl=fB2*gdp=RcA4~hh}q2
zTJ1$`?y@E%irCZm^+bv+x|JzgnX;8BTbWWOQ!)a<!3c{Af>I%HF9N_Z`B$0vi%t66
zgwIZPij4g{-RlN;g1JWYnNT#NxCah)cPGi437SY7&ED}}_TFOsTI^pCD^%<{EAIWg
zD=R7iGJ#R)$oi1Obmb6#^ZSlaKcZxa1B64&z2Qh&(^JNK20**rPX3^zX2HORQLTam
z`(9Z=yBvd)pjNpVt5Ymyh*p=gH&4&N#k=dXp0pn`;G-c9kq^d*A~1$ilvtob4*@bo
z%2G)}t1J%nE=Z4&0AJjO=7!2%E;c(_X))kqDtB13o?NotyguoFTVE@O(kge(Sd3_T
z24>d-)dO8tE;rC6#R>zRE7vf4&Ai3eysvHVUEKI;nozREZF-HR8ThJ(<#-+TR@)>f
zn`!|x93qeRzy;BURg`YAd(vXq5`31EpK2q#5(sT2Xhi`G(Ib$rTg%8ImJ#tZ%z;d9
zYMBF``<q$1g{p~v<(w{JCa9&I1xfSrwK9=EQypvR!}QblSJ&^}e(az8e)jQ?vy<0n
zmmg2xy?J+O%4sux4>X_sCZA>%gx}u1yRHENfUKz<To51ii5wk$;HH!|zzJx9Q{^vl
zuB3KAp#LijVCacg<z{*@VA3X;%3F0t*&ZMcb2C*IYzfeRt$~K!N@q(`kg>TcoED1*
zp<wJLj3TE0YBuWZq@IDd@D>3UQ<ShC3a4U>#T-^=mx71$JE=xy-<0RdIoqXlt7L7H
za$6*jE=Kb=4>dLpg?-W58>rX}t-UR^19F2c+5XJg`mD)9zUlqb{cL=)<qZ^1o=<?u
ztR<l*rK{S1x*KDT0?c?zt<WtB!;$Dmw=MtItOcda&Qe`VQL<$!2V_)`I3x^aYJP`)
zi<1@#eKDL;PJou7zv{0%&51Yzntp(xVAx`KB$Rl;K6CbgqP@wi#RJw-Zy$l;k{qHZ
zD&TyTaE)ifG!9SLdnUC1?4*!mqCHZ;7*ZceBCGX(ssTX5o62db^`FuSXQ>CZ6$InE
z)6&3oZK*5lw!3ZP5MZ>05`DonxcT9A4RCg(4!dTAi(~8><!tTl?%si}o*U`nSeJ~p
zy#;WMeaYxM$KSyLEAT*-j=O+Dt0cD=PC7_^H&WRsx1|~A)){Ng^uCb3<<_{$bgsPC
zwLZOn>pnEEdRA<=6Goy#ZGAAl86S+oS(EdWVexaOic_Ynid1qmwA#VYVv5qbRHbE=
zrIppC`%#!2XJvDgrblUSajr%+Y%ZmXRH@x%1<Q-F7*eAmT0X2(WImRfUR)wt-ZwxM
z8duIixV93ek+F3z>21vm%9n92?SbYl*afeD#Q&OAYFTZ?=b;oE&243-g{;Rd&>rS}
zCGJ$uv);tz{=_97#V(&>w^#An##{Hf#(3YOvTg0BmeID8UDda#ZEuC{GD5eZrl&M3
z%PHEKLfWBm*wHsb81Zf!jXe9>tea<BC(CBpHP5OJHf`MQvtGlYiP1RZc!HEbk(l0p
z?lXDhBJY#=)=!Q6fN&llD*D4~f>fPnV?5C?QlL%<IoefW<55g%!JwGPe{?<QPq1{+
zze9sDA-4jC5}fJ2t>IDM`kWWeh2jr=A?iDO())kO^{mdtyX&*7Hvh!e)W)3q-+TMV
z`TKtd$K9jt{l85-pFg+6c2O)8?GNgI2B<#OY3r$4cyIPX=KI&Ljo&Dl01|VCeI?!X
zD!3#6NUr&U_m^(~X1&Ik^QhP9eEwVtTx@IwWPu+F7!pVd4cnAYE)a@Bza#EwXfP8}
zG{oUZd}MOjoWRg$y@u|!7K98mjTNd{K!{Dfwh&UH9RM!gy*~Tce|LHP%MUMq#9q+j
z0T>|;TCL=gIS{?NR5!8P7s=bNUqOq2e=!mYq54bnbDKrTYfC4@f9(FV9cm1|Hj`V>
z)@rO@weHX$#xD&b=lvWS0tj0Q8O+f{;=wrNF>6EL7vq5BJN?Jkrf3;?W0H8D{GjpZ
z{g6;5Gh``+6A?d;#HVlGUtOPnT^2jHG>tvebWPf3dzj+W`}yEtzodI_EW_k{Cb~ZB
zfpZQfa0WQMMF4^!x&sp&##~>)73^%o1m}Hytv1<Dv=c?^PsqKo(yHX>*{uKECLx=8
zHOY8aMxf`71^`!Qmmkhg9Sm5zffDG2@l)Jrn|+Ol5R8c<7f+_xStAyI`iVG^KOb7~
zK9a|^{(l^!AVQS2d9;>L0CU&>!+iXg!=r9@yZ&$D`TV)_3QX~&r*^bBKtfLaB6e!f
z8>1e0)sfSt^Qv+7DH3Xe5Hn(e12R-gy^I^w(B)d%NfR{FAOiA=ENG?Q<^A=x3OFRB
zLLx6k$#+vksn8?7h&@7o=z*hs`4dmB;^7c~0?k$mOw48RTVZ%g5#&Oenl^@U5X`{8
zV;IO_Gyq1C#J%146DjDjJQr<<elRdV9u!+|MkWaSEwT2h9uF}Jd<GyzYOjfWAY&U~
z23`zik{Yisu0&ZOdBxiEvfVfz0v(q{0ZG;j6$eGW!(7=A2T0j}2OtwmLL3Ad+X~`}
zQdt7yVM0&yF`=m`Q(B-F(Z%X#{`f(5p!ZAtakcPFXrZ8FmWmYD%-e+#j3^HI5Hx>e
ztshx42TirR2&a|(&TybLv|`HWz%F7~<?w1=QKjTX_{t%c<(j1(vgxgU>rg!4i?n=-
z6}S0Q6Er_I7oAgoDK;vK#Ya8JAC1}4$#p88h6y6%jDO+iOsBaNfXrAotH<l1h3zAJ
zT<d>g)@f<OjnUDT3=TAB{og%0%B}x<-M#(8?fSooCl|--7KeThT&dx1Oc00WnoB;;
z3!8ea0;A}1I@ns7^54+WKg`X2A+uy@!-5Xs*H-m_Sxbw5&`p6cqL{-`u7vKAC?wWp
z<;_od;+QY~=mD`?Fy|?Bgm_=R-P=vyr$^h@r^YEok;X*~W!<#Q9C?eWwJT(qSST=x
zdZpn>);RvI`ESP!(r3skg$0`z|M8#@|Lgep_+UH#H}T|_?&K84iU4IB`fPDwvq>A1
zP9i?k^(2RX^spv^v!OJil$sKCWQm#03<bk0=_n!3gIcXtJ!CBhp$%i~Ysao0=pG;L
z?T*1Sum@%cQYN|+5B`Nb?W;xT2!{ASSy!A^CSE3Hrzgpwibp0B5?*8_cH279^Fw(K
zEMc|WMY7;+|B^*%5;Hh5P5F3)ISc^9qfkbJZ0LZ0P5^}-j>d>iP{?I}1P@)Jq3Z64
zk~k`iqWqNMxl|l4hUIr_7jnvfWiOSt$kq`Ka*q5zI6mCZ$^WCny}hmc-^7!X|8xMo
zbZbw%1F^HW4~Noomlq68rih-BNdzeZO&O4PueI9*FIYTaoPsWBbwT?SMsR=w%rRo^
zzr_Q8q-ApZcg*$AmoM!$_bb{A372TSbT<E&Ra?hHg+OklgE1cyss(V0j$TLX0|6IS
zKQD__4hu0h?JO#{KeId%xk~1fGJoqOPtEU35>%`B104D|9JN%ay@yoUX&k6Xx-i1O
zi={v>C(>ssbp%nX8S!NdOQF;I>PHe**jyEVlxwm0bBgFd*BePs$rcDOQ$Ox>bnBM(
z^J_?@V#_C`d?Fft9E_5aYMI000uxDpyv%47nM#&Xk+AErjYZ5tgQWvhY*(zon!GG|
zp?+Dbbf$#$z8<Puww@#Y%%1&m@OFWn68yALwwj}+Fu*?KI2>scMCOu-VxdXQD@)XW
zlbW8ih1&vD?f_7L9J2Iaq2XR`AU*O(M^F)XjtJ88+C;gn8VBcrx7+$XNB=jZlaaHR
z-3-jp|Bv@~5Ayck?%~$|Ya@@t|4Z%x%pcj1>EG$r;QL%0e^qn;scaEQfTX!dkCkSJ
zeFeY>+zLuHj48=pRxJ8dcV64;q;$`J9HQtn1WENwjQBd{!W{3#Oa+Bk$xGzXXix8N
zpw4(u2C8SZZFTHB*8dh^@yD>cc{m=Iz27qVx6b5`X0P*r(mWx-mfgQ~cAsK&_q}ks
z?CUqg(kogF7GaZzHyjuyS)L;*dv||qF$bO%w6iXg)ii8upIT2n`_F2}!1L^XKL`6q
zIs4D<?$-XZnWxPD^TNJtmo);t+**OQ>eSW>w2~Fb@=nU8tE}%vwnl}k5}WO=Vrwb7
zKTFYeB7DOWVQWoV#+tO965sHY*jk*vZMNT9r5?a4wI<g29xY2w`%ik=%tui`W)l>y
zas#Z|{<GKJJ?!S~KZm<p`_D#yo}8y_I`qk{FUvQ6ttOScdJsjdY7Iu8I0|Jt_|CLD
zKpZ;O<ktzeRtnHUuJ^}(XH|6d4)d{VpsX;>dI`7VHVYKV-{B+xZSV!)&_^K$2RS)s
zuB4@bQZ12cHD$i5b|yHyM9`mIA&-PU>w%-)h8;=OYPtx@6w4u%zXv;if!rIvu_!<1
zYHR}}BccIVj3AyM18Y7s^~@bX@l*{`63sMU!5W-U6XNH5nMAKLFYpi$>ZGc=t(y<s
zW|c^i=2aESMp{kVc18p*7a=)ptX_Fz<lVA((!n9-Efan8^JjoVFNl2vUdX@@;D`3L
z9?kZzkjZeEplMf<%Tn`yrKBGl!@a{J7EdbaSA}qqIHfqJ2_hFmJ8fdEn3s)MmdWPU
zTZ9R%7e;<m<7h(sTKr^!{#MJ1q+%i~elA6&3IQuRa9TW*rLPhVyZVZl*fELI@|j4*
z)wpB;tcZ+>2TrpBE%Ul;MJTB|uXTB!rXL5vm7K-aaOA(Fa;D{fxY=6@W`XV(!eghE
zijlKR$WQ@e9ws>t>y-SNoy<k?_`O)jQNUKG%Hhu0K)G6~QKiuHB=E3fROc?iCUAOI
z=_-v&B$O}rSgHG7X_WQccE3=P!;viubqIek*d*lWla<0-vy2+aY+e=sau+(xQ_h!3
zaiy$P2!pg_A_=;Gds&=qJ}APf3n051i5@{8hlsI0B?FWt1p1V&3FgreSo5#t^%lq-
zZ##Svbwn$(%tx^rU>Lkc0Zg^e!|XU9iiz+1nB=8Q+tK+Wb*Rt(d3S#C@#OXE%N#~J
zdt^2Ujx`Pyn}_noPF{aFySzTXI(uE(<ZqNriZqka=#mJ3365_nc(@Ls84*9pqU1*8
z*Yk_bqENy5DylwX#HEPY$X}jZoc?ik`SI%NoqMpFRu&jn#j}1%Jxe5H<B`QQ0AIg0
z=go~uJw2LwRr<HgAoUv#(A5}HG>-<S*OzZT_RlV_&abXNp1!;I?fmyTv?#^8Y!8FN
zso6I=b}hAk1jdvE@dUjU>jcZs!HIa=Pb1DJ(=68+y<SXPOb{pcQOJsSVKB?4#{q6`
z(?Re{$(zS$P8|JQ-}PyRY4CQRZKx$Xxxj{+lt}>=Ybu*dzyZD%7&|4z9NtTLM<-Wk
z<!WX5C%1U#5f~H3I}s(Gvjy>?H6_7H&^;OT#tC14eOjdj#J!H%i@F<-pIU0Z)@`F=
zW1U7>(pG`$;T71WrfE@|br=g;;#Vg5h<aE&P!-*JoZY%kV^YQ%R+6oyNLq@tNt(D6
z(mKV;I*_hftLjDpTZ{w-T4%Yz%OF#86q9U=>mJT*UltxyXJ6(F?gsh-+YZ>vbVX(S
zS!+*!3jAtixcr?$5B0N({{F7XHcJuXkn%nWus7?0li&`{Oj=SU*Ie7syjoFVH?VZL
zOphZ(8D<=X{DW-fG=Mm#JbU6*r9nXe|AZOG;Yij8Uy=yR=}AM&ha5Hwmb(1nyqIE{
zl*yu85(2Iqcv>OP5R$@+Kr-d?fXcKzw+<nH7FEg8*^OeA#_5ojt!gF0)yTrCXXKiA
zx{CN#vbV3PkQJee!u8-*Xt4#bqO6t2YCiBfiff^jOr`nF%>$<u$`We0S;3+0Rq|R!
zZERJkbd_M(jCF=AuO_zUXmAlF|3V%|IV+6AG^L;^IB#L(+T`bLcR0jFGY$YG65<+v
z299+~#pkk9P_GOAvf60NtyQ^@oG%lrnwo1Quc?N$=B%&FVeVYuE4rYOA93&khuj6x
z$Bf2uqz17+Li{Dz6%|{pR+WRnUUy9%29Z<*s(cKR5+(ixed51P`tYmlLv2R`f3RS9
z*a;3#($t~uG0IbPEhp&Tt1HxZ`ONVp|1#;=?(zO#_i+E<xN!fkyTA4S+Qc*8|Erka
zBeO^pasgI|@{@iUs{%lGlPel@f2Et(U-DvYB^_of)HW*Aw!-1*3Wuc?E9b1w>Q~*B
z^{Wt$kpI*bEYpem5=I3geP7b3(ET;)So2}8qGT1IuP#UnAQzORh59Rt(m4><DN9Q`
zzb;`~Xy9Q~Es4eowxTubT3h+HS^2h=5>H%8tf+J4r~g7mt!?J_InSK)e_u*szH$=K
zIq_eQb`SUR`JWGtcem%in|MB#Wy)(+%10PsG36C|)Z3-3>+DyxSsFjAM(D0f0ipU-
zNR-gV^v53@WZwFk8LU+NS1lpVDw(y26V=&FV5UY5rA|>bRpIPR`-NiM(A4t!u7$Hz
z-r`F_!3*^7g(^2GLZL@ze-UrKT)Z;!N2vL7p8l7uALK9mmg{w&bAib8o~(NAIt?b@
z_Ds%LZ=U{yt{B03)4K+M^-T5*;oWn7D7CvqCVB<-i%$ERpy~*Lx}fTbgeqvu35ez7
zL!#Y(4+6q$HNG(kksHG$L_`UMb;<}s`+E@*Is8|W5*4r(786ylf0mFFd2q`Kiky(x
zZlS;BXU_g#8(Z!*|I2~c?C19X$HxcT{r@JO`TpOn;xd~R@l~s9R@6VCr4^Wb+voir
zxF8|YOH*QZj+FiJ=k&gDL<uJz33{M;ecCsXRun~=8d{5cQA<{87T|Q3fzz!8=l$z4
zII(ZR$zB|qe@m#+f84-lk@NUv1^!vUB2#0#{f(Tf0KnxDT%}RO42GMDr4hXj^JPY2
zagJHmIB_4Ww6IBF;oaJI!C#f*WpP`=YhA-@YJ7(JY$xTr>(l<dGghJ~-ydf!vX@+3
z!T<hvt1x6P=Gwh?=K9ulLr(pl`YlQV)RLh|S3Uikd;jz3e=r~azk76iyuJUqk>_(|
zFxu}k(c?2aMF|)Z3NBFmL4{i81dvEbB?L|{Uw@zZj_PHni5Vvo6Ij+qGJ^LbNCl=`
zXj)0e8ohwP2&aBwX~vpN$lewx>lAAMFhz8ri^Y)-Ig&r`Aos?qE=A_$2yvY_=$Rw=
z&z9p>ON;bKe;M!La?q7h<jH4)pChT2)@WSXW!NRen3zV&mG1kTOtofFI5knu6{Q}h
z)VA6rlcKmTc0#<<rmy@bOMVBKarwhX0pe&OS-s`CRR#DXW4(uy+j&BKC*s-<qVIjW
z)SM@N5Iw4?vaFPL^kXq;T*^yH`du?8wwzUqvl6;#f3kfOY&Ne`>(v0ZthbU5@YrPA
zL#hD<T6|lYz;-6x>r8soviu>ZRW)J0tvOaYx$fZbd!J4<=g}P;KB}p+tQzF#$9grN
zElVvZp&uJ(J)}@B(Bdh};m?mges<OQ|LQ0I>X~!?f4qB;KmR{GI@;d<-N<82@vRTQ
z)(2qge*>`f0eGYwxAg&dSRa7T)d{~htZ-Fgv-K0$`U!0P1fC+#ZT$o`=_l~*i}bB8
z!Pb{x>r1fpCD{5Bd|Rxy^(EN6FTppXEo^7o*5BX>`x|^S^Kg5By!A=g`XoG3DgM|v
z>uLHVJW*Nw`27~P&w3u0{|5?(gnEd!e269_e`ILI7!Y&(Kf1?<hlTiW`^Q`Vk4-$e
z_z!02Gtu8Z-+!c67)7jVX>;UkDJ*rbCAVH7Ub(_0%pH+UgnFI3u+3c_O{5&<P;kX5
z<Y+V#Wm`#<pZw@$%YrW;w1WWU1K>;`_r`CmE*4_q<cMZEuB%(r7Eh3YG!K?~<|+u{
zfBBpbla%x~BEG^uU)&0VWJvIHzD%M3%x&W&A9YD~&yKuQx8+>BW{lMbYd+!$9HD+3
z1XnUajMZ%ZOG@unQTHeVlS89S7;qBkKui__*2_%9sjA9JFsh$RFi<gx`{%EFfYTUN
zVii$Lgi4mnd<JB|r`)FuHReO8rc2I2e=cb?t5d0FO<T?)xzD!nD~C8orF6A2w@P6Y
zJQ8w<Lqr{XHD@Yo*33yrrKx`O(GbP~|47jYGfrnpQo6=Q0%=ne5r#RTvz-2#E63r;
zp4KuUlhoHwNyyQsT(+>tjGb?>nGr<R&eWC?E)GlzgKU`P@^Z-p=<a3lwa2~)vy>ob
z0e_&omqak9h;c}Hp9I*O^}tDR2WMuos8z<H4wlFksmBXqtg<3GlThj^`81P@%jqI?
zQMex5ip8w}R+QCL>em8ZXFV&llBqPmxq0C9I#WW8>{8PzUj$riU|P$rCao$-UkQfI
zSZB!ct4FI+u2%vqE)`2k`qrF@tkS+_aepXDC0i{=R3)c<q1u-3vj5@`bD``H@n{00
z`;Py+yL-5Ql(+xx9v*G&zngd*B3W<oQU<UX+ZiMMRF-@Tqe{c8;HoE)07P}5xCwXC
zMifpr<$Lod+#`ER=f9FDYq<hEZ~h<c=kxy_?H?a*=l>?2^7*eBVBX|c7Ugei=6|;U
zh2aQ+A8yfX2mCOF0qFfwK_e*yWFwzH%Szzu*B<x+QW+v)d;x=_0~C7s^O)L;^*ubU
z`L7k4mXD%<%qA$j*Yn@qqy7E;!ujvPHva!cp4|M;>#|Sj_&4F!N?~M}do#zs>r0eE
zQ50YgiVgb`2e{c@uXKK!1*M+lj(=|rv)$wAt<}T^4sQ$lMAJMR%KO$ct6}}drDzsv
z6^~6z`tE3YnX_A0-BoZ1iI1){$EJntw^dkVYA=JvJs+air^C`G)-?dk!(ov_>j7lg
zbAHc$d$<GZ`ZT9;c*5Q@MD5l}&W4k+PU1TtEqQM45}~Udn;RVGoSJ8g6@L!R%a4n%
zFW-E;I=lREcKI=Pwz{UX;?Ko6M5!(^Z8H{>oi4vUxj6a#?DFH))f+crO)?xd3ynEW
z%Su-dfdLAqY=M*7)y`^7!&N3eLxp)~7K|ygW6dKZSJQJ2j@Et3l3-l#sK|x!oCBhj
z&Qm~5H<3hcRC|dOi*3+JWPgDZpQTu|<tF$7cJDgvJmd!Yi9c2Qe;ke|Vr*p_;GF&c
z{?Tz^|G#(8-R}Q4@#tA?2iVKo01C>3W{a9Og6_JE1Ugg>4oB8qD7E)LS146({O`~p
z#)hYtP0X67!8ekJwM4d?Uh4nmb{+Y*PO)7I;tTk9Ot@LfEa_c=2Y)vv0v_m_fn&nb
zY}OUci*hv@NY|ibb6>qGxhuNYBLMXENP~DKM1!#$Mb0C$SVoYKlQp?jJh#uo$sgd0
zzprJ|-9AM_{3-b`fZi<%{a$97mVA<3rwiGSRUtLMvZv{U^1Q!f7*7UbfA#ah!TuuV
zzU@5Uz&zj1uhr*Q`6x8Hs5x=;`@T$Roz9bNe_LO_u4VnN(*G!l`8t9?&(Z(7M|%f_
z{Lhn|C60f8ckk%9u>apX*vkJ+JT=b$OWb~xFsPEJd7-e9CeEhbx1xmuz~u(aA?`#k
z#YaoZxlA*nSU{lvD-2-hA$s0-inRn<^Nm$lNi_hn07}uxwUZ~Oko3t8Axd>td$X9z
zeW_tn!ih(M9=Ja37kn8iybZRt-Ss~%`5&=0IDLOx&s_WOQ9l01!ST`FR{n3|aR`}F
zKn5^qdyw-0wFNVn)gZ6n|FzrRJ6t8pioLW%@(e0x@afBoO7gT`ol(__UKOz@zc^@H
zgGVM&+noQmVGxaB`!*gR8X}IQO&JCOxkG-Rk|7R|inIitzk2>iqJTKAuA7s~OG5Z>
zI6!|oC=?jNfQj$2M~Uah8S`ME^=%D6ciA2`Wkk99`_;#j*Kf}+<X;zO*VbR+TmSm<
z<n&DbdEP($_~zZ|-y}Z&jxk04Yf7Rb%#$~78kw`jmZq-Qfm|pPe}b93rDGPD7MS3$
z2X?i~+ov8lIy~Gz)Wy#Gr`c*&42jgQLlJ*E4p0v~zZ7pz!r61V2ED;y{HgqV97O?|
zppe5L4Q%HuI%FyonfrUI)v6!p&1_t2h67Y=|M(-?ltl?t5<vb;Ex^TSff4b|43;%;
zK3rhTkX1_uOUr~I%#du!Az37x-jf*_6J>9)kb06st9zeD%$w_%w(c~4bKqGaSn7Xn
zP>jiGGr|Av)w98=|4qG3>VMsX-TeOl;P_yh|8FCY!|%>=-4mREK4HdjI64g=p4et#
zTW7TD<lP4H;O1Et`r-}aDC8fck|5iyl(ORe6EfHW06h;e_Llg_>3*G~m{mGw*GT;d
zebfV~?w6ObIe?543P(tu#VauOo5Fut+??9k6S%BjoKOW3b4dLhOb<rT%lOCZR;m!O
zD>*!o4S??NxI~O@?FnxAZ@i3K(1#IU-4Se#{69R-@BjC@-My{<*G8WFyqu!89`%f*
zF3ex6T;3n-X}E)xG5NA~Y8OSm5qouwv0uVNtQMF$UScjl^*vc!wM)ENTt$Ctd$i22
zyo^^%750mIwzyzz%zG?99cw$1{pH>q$+i+=of2X@BkyNMuG!!0FD3qFNd_0k<}Y;`
zav}b0dkZ<_)>GMsR?MZj&O_yeS9Bn9(9`Wp<S01Tsi=r`EytqjYNgIabE;K17&&Uz
zcQPuQz3$y^o&Ddc#=z?RU-y4tw{ZS@d~mQm|J}$_bN}~k#Q-U2cHdVpkdp4N6cwZd
zrh1kO4`TD;J%$L$HS-W*LTnTk3l-w5xlD`<8_+T#L(1x}ipz4LLrNh$$?zc=4qY~c
zNKGKyFd`LN@yek@=0ICAoJghYO?qT$rlx|>UDdC4CPQNr6ru*$cSL{CB>P<lE@@gF
zO<MT+wPU?jRSODcuWZk2g(+#~5Gn>So`c3(8qLRnaAQ(srI66akd2q6VG&v;+{^!|
zEUFu>P0Xc&(agcH4&iIj{c&bH`QzmB*LRmDT2BA+-Ss<nb0uULLpmTrMk_Drd@~ii
zrE3-qU?nL2dUADs`tg6{{q-Lo-(Q_wUYxu=b7AUEh@x8g8=93QMJcR*3t_6BTQuu|
zm?0{F)$B?C<m&3rcbBgpVNW8+*d3vMVLa=^BFgT}DwD<>xPUF4HpXiA0m2cLHUGFn
z5|v^77{U@|bdc)MMDC&+&S90;#%m{8DP!>aO1_e{)<5z5D|3H4^Mq2c%<ao2val>4
zX{){jUOn1Y-L~fLnKz#xW9}$d^g$hMt$fjO$-|(^wf@___n7Z##ofnz(Te+zPN<9C
zft=G`<vmE987a>W#)@8oYF_hijyaE*K@}KBh@#7b{qg7Bzw9;&({rIamri@a)?4zM
ze4OWhBtR``=v#l!HGp~k|A+hCeEgTa?l%9&MjnTtr32`d*?Y}d;19$*0KH#I+(4Xu
zpL?rZ6xD6+SF{-tF420q-cw5J^iv{`Kef!<iz@XvDLFg+d0qZ4Rae#)b9<?I*N}NI
z44;U*OWA!x7)6fjg=yB4+_l0H;_|<DkbC2XcG%LtRKkD#C%8tI$$vA>>sSWn-T&V^
zF2sL1JlgvIZ{*p^{~E1-XA8h0H=Cc-I$&-$TbCZqkS=lIIkU-{N1ycm^M<cCtCeXH
zQ-sCnF+)_}pKk#jS3(;*pgv?T1J$!SQszV~rN|<jT!%+Bn#oM;G0*FzVKbf<r!K~p
zr$Nj(qM3i|`18o|V2ruUz5DIG&2>L>^uJBy|J?6(3;X|r{cZl=jXY)g-wQh;KvoHS
zxzz%<TA<Q$pg+Ok(^^qi*8S{7)}aC_lGI*R*AydWO*&g8Hd`(38_?pOLQJCVv$@Bm
z|LHyJrt&`@?;hpj{~sS8ZR0<0<Z<|#=;8l{?|*+82H(uJuk{80WSl~dMx{4_%*dH?
zg>X^ny|J95gQ;l>sN#!WEX&e$rTb)AP^rUC!B56ue$O|=tY#kShL}NN@f%`=n#<nG
zGJux7A?B*TDlW_45OYF!vNyyM4qfGjSPdZC8)D_OU(XG(3TR8-5OYb>)$jNiJZs$X
z$rgVt-0?{`-{~F;9{6rg#en<7yG690i^*c+cXfJladCF}@%6jYznxuve1BPzrMiS*
zWet?N%9pNOb1se4amBYhC8{NAO<(^f<JO<B@3-LAU)h-_=GI@?mxp%iUy8+ZcLCP!
zB40_dZDQ^3?Qz<FGS=eNUBKq~{~mXDbMb#)clVCB@xM3n%vIj2F2xw*a?#del=sJP
zq@REFr@WU7yF@(Qt}f`U@pL=7n7`D+_Hzwu@_hNfx(mo0`M-O(U-19!Zsq@Gp3lYn
z55+aW6hdXjlBTv7G?!j5)^INQXy)QmQk7lvUyHz&M@jfEGPv*jugCkxh4a6?!)<^5
z?~ObT+m;^wy61m;-8CHm4j}i&n{<~l4O)kZj&ny{YELE$beuV!QWE|T8B`uPni=)f
z;!HAcjC`5GE@wqBJYovif%*aX7a3e<4*%?vt?aQNa2yQ+$MGO29ua1VY8!8AM4JR<
z=2Fu$=XoM1Ki13JHy1I{T5UQH7lD8KfN=qA9JttHvcQQJs65pIi=J#bQL7M2?$bU{
z^Tf{yrNl(N7+w_zW}w!|TP;BIaVk4~10`o>>2}9ms#wAuFK)^6I9G$Us?`Y<WRul#
zmIkU$=RoBN-5jV+<Xk6pz<F9%CfHU#u`_trII+tXEu7eaTBmk3yo(A@Ju-ipz-&ST
zMW)UGhaEO9yl;60v3n1$O4(K`I8CyY<J6%AIx(ZN6JAUM(3*nQ|APL>_30m=^#^F4
z*gm1XUlF8;f*)RZkb}+?(hiNoj<V0QPBvw6cE8@?<Q9c5n-Zwx>yWo(&K4L+=N<vS
zqg{ls*P0+YLM?ff`KNy|5;lK9%LmUtH^utU?0s$;P7}Y)N-cg{3zGO#pycr&mrYq8
zk0AeqH+#+JH-bdqryu{``f<|w(ZBxjkKT`Odp}<N_@A5S&9CBl4xY=XC%ul{NzL3H
z7-81Yj$)lejbfcLHL7D>=I%I;!=F0_wkX}4<9E9qz{fg(?s$sZalL=vaV>gi-p3G^
zuKX@{1^aCF0!_1bQ6GBm{TLpX{bvdTEcl@nv8aVZ#$gcL<N4q2;c>Tc{<pim|F@Ax
zD>5SvUIZuvF9Jet;|MgXF7Px#)4HS51Wob(moLGtZ7MRV(I_AT7_>ded4SpxiyWz-
zLc+m|tSWZWKiBFPYyW=%8EC5H@QGmQ6aPx<?rMIgsdR=A2cUU9Mmk>*@D#GZCy2?m
z#&C)NA0tqJ0#5qpiJMa!^rg50K4t=C(7)<4fJ4B?m?@hK7@#4c2t<^42+13>&4db1
zA>(X1|J!2}Oz<cq6s@_9x%0o9&;PT3(B0a9H}X6KeaJbYAp?J$05$yJZj3@Oh;bko
z8br{$g(Jk;jc4Fma6XG88SN0TF$w}8X1KZ>fWy%apeTSGPmxS#XT67^-*^T>G*bDm
zUPLm1B=VIx?EiY%2JgaP21qDt3Y0*EC<t(f+Ku+>tB+TlP}Fz^PRV3KLh#}A3iz0^
zMtg*LNB*nOZ?u00|DhfEuX!;Zb;LjBPc{uZDWC!LgvcA>0I|laHoJ=&ui686+j!OH
zlc@3P|7$!0A0WjfX5jqw8Edp7O8$jB-e_YV!Hz0N$-f@UoL=Nf=l|u|$?Lag?TNqk
zHmc|U(V>|0+4;YBc({%Kw2|i-xIpm-WeEKP1ru;8mbHIIL;hAv+>lVKP-4bPY-i6I
z@PyRRyB*eUG@d;Jr(;5x5Fcp;8iyQDP(v)uDL|og4hfy4Vnz8p?*NbD7LgbI6Bs^#
zOs?DosBQ2Yp#Xy0eb%A3Xm1A)3I;@I9aO+e)PNmPf0pO~m;!Pa8YqCNvO;#X!QV*?
z*qFqD50rn>qAQrfB$B(V9dL8IpX9&3kr?0DO(&m(bQIe+As>U8CKL&WcoeJaFbzqZ
zAqfI<Cy2*os{v*_>9#5?UPq9^3F3${K!)<OHB55o1SSe)y-`!%=3<EYrZV^fUL)pF
zEIT9rQboUj3&Ig=w9Es(fL6=#m-*GWN$w}#fG>aGe5hmTiH_h9yo*qHB|h!|hPYCq
zIFTN<;0w4J!hoS0@TGBMOqc?Qi}8}gC||&h;*~ZgvL=TkQArvm0f!^WyQ!B};>85C
z`>lW=_dHxyCukz7zdL(t4w0m7R+I{HAdBQrGScRvI0&@ktzAJV(%Ft&{(5o>-og+M
zkr;ngND<JREU_4hrB{}~3>Z!M3%C(f5@0UTzhg|1FMD<gLvM^IIEncfg<P8u+M?Nr
zMcG#S#0N&#1zOpajYTX1O1aK8nGQ(S3@_lCvqEj!P-Myrib+I5v8$Kkq?k&A%brmP
zaPJuc@-0a3v>SPnw2?t6yRC?6ps?a{8W?}N2rLl=?=RngFLh~mW2_v1)g?Z@zkKuG
z9oeXLZ6ulOlF!BH2ziAdM>fBu1DC0sH@^!gRxQO(mUUjRQ|d3D6m)|fLpF8-l(~Q8
z?nMsO1acuZ*ck2|9`!zb`t+$Sx)M>uP{;x1fJ_m+qnINld(v4Yg-Bb_G}FGhJeq%N
zJ-Ji*1>EfCaW)6YGGv9Qm>QRo(`Q<kg%$vFr!m)Pa@A1={{-L*XtxE%ETRbdR!J#?
zd^{W?D!LsKAF*5$)@?=6${Wli<wQ{+L=snWOqD9bGr1BYK%Dq~dYJ}L^zT@Sg3t#6
zo?r#g>P>1Q6VN|@6)+e=0DXd!Nc4XXhu|Mtw9nuq_~#45#Usqe@u2OIiFM^7wX%sl
zUx!nKI(zM-_FhLW8>}PN^Nt1YWu`0k>8ZfvOs$Oqd$G9T;Vg3)tIzTi%rmfj%xElE
zo<Z!75YG)`pZKqn62Hn4ZLq6`Ozz3s;1YRcGC`q_d~=s-PmJ`<ZoaL;(Q1<mHlly9
z`#Ub+13eEh_ErcIIoIW%U?K&JKtk$qa;fk|`--y7O9cHtg|K}K!&$RHXxUN0hd3Oa
z1`tnlcQxue0D=(R$^P8oAOM4;4Jp+jV4O-ljDd)fDfW>sdIAhgU6YTMUM2;u0TeR<
zCA0kIFw^9a6G!r;CXaj}=7ffl*93oZU_2N>Ps?%x!n_kzyT9Xt`2SB#(Qi0FS7S&~
z6)y;~$4r1E!%WW!1x!pD4+g<ZQHNn7CdP>X4&)^=3BHsDIV{raR{{~C(Mx)2C0*-?
zTA!6#{ut@DhN3Md+cGScQLzN?-J)69T9`va{9A@ap*>E-5S2lWut}sLfSrG)^XT&I
z>RMV&jk+c$N+lGS6=GsBv@@J!m%ajgr&!aFRkHL7-3+F?5FiVS*3hSjFvTEM9V;Dt
zyKO7QyDgxv-(1;Q>7^XVV<O&FwBH7O!WdQ?KgRf&l6W-U0mvUAv9Hug=mnbA_ex~P
zgmI%cSCL$lt5U%-1PECB7R`U^fbE~XHHxU<X~~N<Td*!IF4&S)bFmiT>0)i3o@CmZ
zz?qPO)U0uW@0i%$V>SjbQ`8$ntXM>!#HoFGEi`>3gqo~!da@eEoS632+(4lp5gcYo
z=tiq}r&KMjQ2;&U#KDHCmS!y`@zDH|9Eh3LF|k@r<}|MFW-rpZ&5D01GnclYFHA4e
zLWCxn79weO$h0s-zTR@QCy;SOZRz_q4mfU^Q>}>N38b^+l*^XGa_vv(B`sg}Ucz4B
z#c(UD2q0W2UK$>=<c``A033Qj>?3eNeAFkD?*Kcsl3b(o`QUlKObd2)aQ?zj-Sv8F
zg|q3ESB`pvQnrRv;ADRb={ySJn-mlk?bRjzTGp>xR9MeSR@I5@8su7MR_eeKWOc7u
zIm`-c(?ekCTIbfhmOVhX=B<m%tbH5n1`bCQF;*p>bP?Hp3Iiw@rp+BNi5UklU__eW
zO(iKtq;St{hLepGW?~sOrES9^OHJ4HyTO(1Bk6(=E|%#zw^4sD_QoKRP%=eXEO&^j
zg^mZTC3_~9H>`}9Bt)|7a;sY#V=05%^?PV!wlp6lhaDD~Epld!?u)X7{%^*lb)D|F
z#podDn@yjo<;i_{y0)qi;NaW>mRJh(Uib^RX*L%^ExQZ8DDHqQyMP$;>o->|E&4MG
zFHlD<ig#1H24H_Ef)sKT%)pB`h(8x}l(lz+A`^?<{LA{-Mv#w<Ffc<SJs7^+bZpMT
z98B<NEHMd@hZqx+o2v;00Y%bcF3rvWhZ&1pePre<LIy?oa~Q<Z#5F);IK}cx%S|}K
z;im*(*7<V)y;~Ietu!lS^N;K6{#El~?aCRF2u;*4*Lr_-fmO6#17e`;rzu1hb3`|w
z_9k6iRPW7qehIxdX?x9zZ`ruiQhakr)zW-bE$g^&5yIbt&Rar&d(e6Fy;zshTQP)-
z5_YcEyQIduW)vTd%DdivJ)F+Fj()77^s3e$R_iTvWCgWX_2>Te-U80^6km6Rd(nIg
zO+6yjw}5}!<JNr(=su|OTfpY~)P5I~cN7Vk7U9iFx8>xR!SjBkSB0Fq7m4&ZWY43O
zG7lwBzHiB)oPsAXa?1|wGHiPXEAL4`WsbuU(<g3F`y#)EQ7SV^TJj->1^?XCk694l
z?<a5H7(HKYNVA@QlIK=LS>L-YL030X1J_$LQ}llY5yUi)wQ(D+lFf;0vF-DjRCIZK
zCN--4JxwteK;!F~19d;1o=Mv((!rHZGLjf*5+v03BwLBL$$SAfmm~;qIC?L?XZz#y
z%}XHOqi0@<!D4=ScD?1i@+_`e#3#>GW423P0&8(!)fPa*A@X<+T#zg6aeMRE0sZfr
zTQq;`$(k)n0+f@5%4jLtP{+j@xCcWa%%SfiAHbp5{3-LBbo#OoUECiw;f6=x4Vw$!
z?Ggyq6@x?`m})L@V9HlZ16|4i&B%f*ocj?4re)`>H3;0}q)pmiY|dKMmYcHauut2J
z1$x-!%CnR7TiTZc={*Wa2!w_JluxLw7fOG{!O0u~I0~l{uXl28IfX$RWUmUPQUX%x
zHHadv{Wi6bFmVx1-(Ow7d;9UtyWh_*#J}%uvJo)^JwE)d>~Sdch%Yr-Fn|pCM+Ztx
z56FlJUDd}d3g8UMi&+rt@9u(6;OAWs;ZG=F0DIDB7Ze&ld;jL-WB=Wo^V7fI<Qsqg
z<NECzAk@{f|Gmy5aCG1V*FX9F?BgG2C$G;gKc2q3xIVkMzA@k?@KYOf_jcu-DCluS
z*^Y)~px1!;=H2B@iek(V@JK-P)r1!_B!=N7P)5HPffvt)!{Kmu_hl*M-`>5uUN^Q0
z%$2Y;jA);}2!-4*c*fInD51&=zkh#AuWoz+H|Ch+=Km3kiP&Uu!7!=uFuC|gsAB^r
z*(^-%tziaklG7D~5GUCq7(CQ!p%;+YH;&GNfGqaLf<vX(>kc@X!2ghN2mDURC_vdB
z2Np!t6dt;}j#;Mp9lfh&i9Z#yq>2Cw2D<2T2G08~fmZJ{D38rUuYxO|At`@AQoea4
zWF$a#-wG0P;p3q)$a(Uw<vggo$rTQPau_au*0U5r)_0Dxbn_2*Mzbu=oA$+B5B}A@
zyGHc9U)^Qb)u6*)x1_}~H(eK0hmURv)H2uHMAfcsq`hamY#yQ2t(<v?4`AZVqp$%p
zA~=mHMIo1wM}k=zgy5!gQ$&C0JF+k4yI#ZUpX@x>X6biwdAo?*<1mCLE5O304MVv{
zWZAIqRU7n*m#Xs{<K?eP8we|3E>1?l#OBTK?`a&0t$+;Md;U6e&@)AC=);ItTXvH8
z6S{2nn!g3ZW#%bVuD17>;w@dgqzxVTq69dHBYj!FP|;Y8N^0Iy%m9B24W|jIfX#hg
z&9;$Q@NRat>XMhUGfcOLCD_!muV!1o^4s?UQNO)?e7^h6y?iwt*0`z9V>4fSC`IkT
zqCQw%7(+TBV!|rrL}2rWe3hcDmp5R_fPV;#zDTtGDLNs46^NrDXIJq&Y+d*{Q_1B3
z%mfBVBk$y3Z^|}NY;%8&_K70!$7rK)V0qtm3U`wmwN;d$@aXLoZoHqC&BE?OwcVm1
zSy#SrT++0|f>GIa>2>20_zqh}CH&IM#<nW>SgaZ@q}JfS<$(GS4qOg29^As=Lh3uR
za=5x*!_raQEv?VFv1|&o-Pk@3(?@18S=jthAm<~ngV;T?Z6SXJT+59jHi#8s$XQTU
zkGy7&({cuqTzWv)V&P4ZNgGwrk+W%XOl`HB)4GII^6fPYvqY2dLGCJ<BdbvwJ=8|T
z*je=Oagy39jB}wCShNImCSs!lxZ8-MOO+t(4qBQep%tXG2q200nAF*T{iZZuS)Mfa
zY`Q7r>#J|Nai@RXThMfq&x9zuuM($b$Y5nkyx9f2;Fb7a0m@n?cp*F4ViP=<p({JV
zrwHipEV)RlMlBPkHVer;G4<EwCT1RVeq!c<yC<eDRf4ddm_=~Po|>PO*~<2$%+|iY
zIcYE`os$NUd!CaC9*fUOtLpM|GUeb!%&DeU&YWsq+tGh*(I<{*2!n*6ju^LARTZSV
zuXTMn1JQ(Vq$8c1pyPN5PR~21uK^A@8foYBP~L6!V5r8OnT#Vch&iMPL@^sH<ADO4
z#>RFH$>PeH>EeUyWcjYxTA4wzS{XAnS5w9el(op}WLy@P)jIUK*+ObwQoBcRlcXlo
z#RQKf_lSQ~EPY$TU#XpflJa=yj<GKkF)I|mz0-g7>Vk0e>QzsM;lJHiTtshC5=Tr$
zeYXPTC&AzKW;=tL>DBqrZZUhTfEfsg2Lro=6~8|l-pnRRTHg9;QHWx)9BpL6f~<Zj
zVA-9KMaudiKi2C4#YFy-qMgY>kilAtH!&t+>w15S_Od97db$(+6j4!pMRE%~Z}-_e
zayv66<T{X?2%Y?SmCfpq=}HDvu}_(bYv`PsT5OCbX>XuE!Hi)N-l4&mklW-4F8KiT
zmn2fEeI6z_#y3?hVrb#wQ7bNf=qDR4>Z`mv$QI}sbu5Ky5E7NDQGs`CfaR4Pr!uGw
zcWQr3R5{?W$UYW#$Om&0DCiLidQ$C2u7rZjNsu<2j*)U=*7wh3kXU_wBjCszDhgN{
z$1uI`W$7@PUg_An7x84EB(La-$u_LsS{9Puq_4d!!{R}jGDFaT#-7aIVM7-<8SP6{
zx)eAjnG#F~mxsSVT87-Pcq%)@q7CK^gYth*a}r@Uu|lU@2{!sxYK?qTN*i9Wz5E8E
z0KaSlk!mp>i!2|FCDAZDjzar-$I)%?ws)5YpG(;6Zc64c(FsAmfSdE-1>t?Q8L8WH
z!zeHadgC-rjTYfz`Mhbhq&9$NzepADA3Mp<f8GE{N3m2iIRQ6v6QV`Ujmq+)RnC8%
zM&st@MjsC~egJk!FqySX4wqIdNkf`u*#_;r3JMfXxjR0;kl|1?(`cLoQt4N@dv*ZS
z7hJJC;D9_iCQ`dJ9W=@We1`)v&1CG+7v)Sac5pYwL6Qi@kV&e-_uJ<ouykzM(T7e+
zwS6}Dq@oN)QHvtzPtdw^z|G13c(i|ayqC}ac(lK}&HuKE=h?Go;4%(d*J2CPr-UOZ
z!U3QQU-ZGBn2$-!!6}(UluR%~jfSmH1$Zi?7?f$A0wm8K!<I^+X0l8%62uaiJlRTj
zOfp$2V;z-zV8%F_NRJ`iw9sp(aS$S^(!tKu?q21Rn+&8CM`x-)>PS;=5#GQVqTtwn
zYG;Tkx`RQ`HXQ>Dg$zp{Hy?7Spjch-3c2kP=eD-pePf>yq8^XNJeVm^CTEH0f#pOe
z{fRhIx!7c0P2R#`+Qtw;9#iAgm*xUzYF*L(AwqFRA(Q93K8pCbo#yjOAm|u{y+-3F
z@N0|%A4FrZ9F)*gV*NiTyu~2{Q4o)RT3FFPF(a9xji10tvVqa(_o8DFMN?@?(+vbj
zY%=4}qz*>DRx7M5-&zl_C<F_j^~QuXev&Mh<FE|=A>wz0-tHK_QW;uo=9-XD=x#E`
zMd(|+*7!+YqQ#*fi{3tGil2f~R#LtxGS*q*<HpBgBLaM6Gcb%fndk%5k?1vl)a{-4
zQy6;4H)xw4o3Rr}zJAkB!R;g)z6p|s<HR;717(D|(Lq4G+oXq3WjutDWQ)d6a*j*d
zm2iTLUU_~61}OB#6G(4aqjBQ<SipvX$^_VJ`~><GO=Tujdpw7fObqj<KAQ3^i7Dtq
z%H@H9N=j(y(pot(A(C^cC}r_~o%BRn^Fc6^=F_RV6ileEHhntkgtmi*=q{b6zL_9K
zp}Il{IINR8n^E##%vg+AXaD%%;J7V0(ZnV32&F=x6wN?#_UPZzauA0C!9u~d+0qk}
z_11i7{3I2=G<PBi!5C5>3Bh;yx3fJZU-p@0TGNg;{j0vRKO(Mo*1jHp1{Kmj6ZS-g
z?NiF`4!AM~)X)d-^^uh|#BF7O#C{UsA)J9wZIE^RhcOJn?p);4ESwg~62)}c&>>z_
zdd&CHh(b9lII%^>wA<c0{Hf8n;*fHkVKV=D2mGU$_7EeMnx?a!DL(O}waP;gXB~r3
zCnA2!{L#{R$X}`iq636~!h{=THw5!pc%1al+l|HvlTJD;4)_ju^-7!Y<EpN`dIeq(
zD#!=HkgA!lw0t3=i<B^geJL#^R7C+mpCaUOWonHOm0sFV?A2Pzb4+2NJw}q8=E@PJ
zG;#Zl@!2-k9pw`~hD?zo(jp?5B?YA!s@>35px&!j4RD@Gqpr7qEjyC03;;01DDc%H
zcn2APj1dpZ`K(s%a3<L&wRjcB1czV<r-G0&36@GkrcV_m_+C{{+l?&FLog$8LbaI?
zZYIQ~i#yF(jYLK!*}Cd8FvSo+y|2}vZomt%j0#GM28?43@B#!w5JzbjUkd)gI*4(A
zOd@+JFU{UhGRS~`l3NtY%vMN}OP@F<AvuMVmZTlVRL)=tgGA<JL^Tl-4&*ZRLL(fS
zt@uu^3p)UDul=(9>Q%!~N~fV^V1zheJoavr?D-O}9S|vu#eOypvdKHeWR%i_+(~Pn
zA%%pS>8}m~)owK2N755q%8yD8=EOwpNVeIkzlv`htd$&pa+45X&ZM_nFihvXrfXZJ
zNY}1i#@1<2Qq};&^{HTxvr$?+L<zwqdC`?9U#rNjM9u2FG<l7a^ltq*BOw(ZBGph1
zagZ6BWLZqdJd;3InjxefELka0-etx*XD^iw6-B`;Ti}Yr(1+A#?X8(&EsvE~minyo
zag2fpQP$>vQLwf)=IsCXcK7r7-wzJ=kGK2(O+24JcV2-hp7i8eEjCSj7NK8+&JDdW
z>Va3CuU{LYRO9SZr1Obq5(#QirpvW}a<l-=gtOYBbQ84F?@}hVWv2PI^jK|wP&P<W
z^4%0sihTsWh<$zNfunu-6Hl(<;ShfU%~lFbY^ue7Z-wEhxzS_V7{+21{dWul<-ZT3
zNaEgZ{D~BFS)PkFL_dUB_h2m66f()^aq1*RC=5!olKv6K?E*9KLT3?peQ_nq%KHQn
z@?N$Z=fi9=alI2Tnvc3<kjup-V<`#bHMSMR6{WHS#>0f3=3_!rQ>L^)Eusf3h4h2$
zK<}4-`r~Thnb1N(X<sTrsmckinYRlg7*QPZA!z={T0gR84%!c4ZJ3(V%6?}!&>C84
z%|cWyYWfzT<`q>+x`k8@u`Jgt?T}4x_4|Wv?~73_K=Y?2Xnt%i)YFF+P1|P!PrCj~
z=P&6^H-nS)E&g-Y|GneA!)|{4-|Kd_>;EQyo@CT}jc3YGn=ulxMl11>?AhtS^T*~5
zU>1O$CAvCkjixM-oEP^pm%wso><u6tQhGXRbpt3N*|XE*p36FY$j1!;MwG-+4>V5`
zE1Uexn$_rYILhE%z%l2OpVY69;I(X`9)4xfK}%?>ix-eC3nW^Kv^D}RL(&}13lh|S
z)UJuyBD5@xyj(&|Q@((4X_V$tq|Z!^CFq$$dqH}d+I3M|grHSU_a!vd#S2K6`R13R
zZH&{)%z2kr{~|Qim22X*C`HTe7nM*{7ca`vimOQFvg*TGV(MR#vW1IGi%?cqF2yg4
z+dRrXOJ7~;<Clt+Oglwud!UUqr!mTZ;|*Rb-|BfsH%V6pgainNX<sye%cL9|le>>B
z9+>s_BOWGg7dxrz34&U6Sg!$qqgRm{Mtdk+-r!AL#_DJ@i>G7=RV+6|NyqGxg~c}O
zW}e{<X?-m)$Z6_)yF9HeAoon~oWFXG=AeeZxoZrH_^&h$mNR>u5x6{Wy<3HU__F?e
z)7?1LmvMR4JKjlT8_!kfYkA$*An)yd<_5*wvtV#KCMpmOW`IP=xvg~!e5C?&Cx^l1
zV<Q^h+~mkzD=18k`L_dH<L2(eq67GhaYE~FcA}~08e=)c`4LXM<MsJ=gea4-;60R2
zjilUQ`X5f);vaJ&qvJDxO9cIYKPl$uEevNbF8}=Bm*pcXs$X%)V`hz*czJ5~uXHyg
z`ll%(Zv<Aa;#Zn>D%?dHUZ7k>%2c?36I6}mGb>I=+31u6WUW6ui^er6Cw{U?(RB&~
zVLs%#Sv~Knrj{!#W^R5t=FVaPR4OM^zRQ0Y1m<?Rsv9ne?&wE8R?0$um?olVB}}c0
z5IKZDe|2EIXatqyG&a^T$ey41m;=b9%lY%fn@Jz(n{(Rt=K>t`edFg~eAS`=fdGey
zNiT>5k%b6%lI!vu`jy#T)-zof%z#&|D;j&v#-?vclDdt~U`NN7o5UsA-_|{k9r!Lc
zm8-MHeXFzCLB91&=*l#I_K$Fu|CXlJeJk-z?#w;N{I4V*4|4oyh*w6w1u_aVN7O2d
zgHjSMM?`^1LdfN3XeD_bQfAJlz{=9JvhVjSV&`{nW#L=dy?k`O`NMo4vHR9Xt#em@
z?uBw`IJo&VTQpeQ`si_$#qwS#@qMl8^J#t$>wQ_S{ztput33LDk7va%5b!>ieAW52
ztod#_-p8U}pwOdP_1!dB@3QYq)W4~9-`&CWF8qZKKH-($O|Sb~`U|vsbZdW!xV?wP
zzd(!cc=dNveZl4bnYnaY!v=2>jbx4uOxlp*@xelwM3Xfhh4G|lb2q)bR?VAEnb!qg
zQb%ZVeHM(B!BW0|NCF@wZ|rO!i<v<RG%3*Ht-MKWu4L(5d2&O`B906RnZ%*r(U*&o
zfP5L}@iYLEzV)dO2Cd8vIyi~GEe;G7cCu+$<egwckCK7-4f%P6^HGgOA{Z7Q3^k8d
z7!3nLyL%_Y%VK#^?A}HrD*zsPIADYq6A-5rDJC=&SKnQK)izFpXX#BfeTz9mmeL!E
zHCzXpzXfol^5B~=3p!|;R(9mIOtlD*A?Op|;9{;lD@IK2-0HQ7Lpnk{y}x)q%-j>j
z4A5A`2(Yfh$m^{;>awa(waw-Gu?p24qvVEVyO|DAQ@c4haBI3Lkl&f4BbXzz+mkkl
zsyXLGyENWDW`Y6^d2#hgz^jrqk#mOqTrYygDRFrO3o)eEi=grCtB>GAJIZgL?X!Kh
V&o}n`{{a91|NlB93bO#T0s#Dm6B7Uc

delta 19509
zcmXV%V|X6@^Y*XUwynl#Y}>Y-#*LG1)Yw*IHMXtBYHX*m*(BG~`}h3c%)Z+_cK7(s
zoHOTVn(`pp@*olv0kmGfrr%zG)3417fyg2YffE6n=^T7Y3IvO&9Z){8Qqudm-!-Ke
zW^sAAl>ml~vOaB)c!4TCHsbdR^kIzyS8;(d3t1mOSh{|o`sKv4bF(M}>Sf!hH5+_&
zIoH1nT#ynIUtM^hJwC;MRCaduw))+h<aatr8mdh47K0Z7qxNe5<J?iG!3394b_Bgz
zh(I_#<k9jAv1zD<kzyzdWqn>tVpuUW>ht;Aa_|JSoAY_qA;tI&I#n+mJ#sgD;k3E1
zwHnB#8eLfx%`pEt1p1Q6j|ffGA&P#G`aI|u{6692_jK&px(EZnbY2L(+_g8B22NA{
zDIis4HLwGCR$^Q^UA3vI;2?=d@^Vb5B<V6*kFX0ZqXLHXix`?CmLErpKW}<y&mD~4
zW1lz2d#F6E;gFQjizZMgO&9ao=m|$d3k7GmN*d%O^yx9h;g`WHtNTB$$y{{9#$3bQ
zS$C`ls-?X7tZX@4ar+MmMp3btyaxp%;8TuTL<J^~LkIw??-L($H(NKm;E8XmXP)4z
z6IQrb1I|vW1)FYZB({TL>^nURNY_ycRE*TCIq1E7I9+0?&|7e_6a+|W58{^1#y^JM
z{vdK%R#AxBjKB~l3bR)8vXl!G^UCvSZS%2T#kDvhApTBd*a9&Gzy7Z-sNxX(v9;Cz
z&G>_i_!4kD1k>i)>~Ikd@a~Al_U5EBH1gyIov~YkK7;zVRknKUP!N8IPA8&;@roAq
zIUK+wP_li;9uy12-+@L(k07@gh2uSdzGjCcRw@L!4XwqF(33;q|G^1|lYN5}MX-pS
zr6DvMIjMrnQhMPsPy7T6LX?vDhK6j`hwcsgssjYPy9JA*u4D`aq4{reDQosihe*;}
zS_mEp-G$LkJr8wCHO0z><jd8H!OfmQC|f|}6#~C9qLi`hwK+i+!qODKat%d@^u2$0
zlSWE7MMF}g`sD2~pw7Z)mU5w-iovnQpue1ze7e4QKg<SSc1<R-m5SBQ^-;)hYWCsi
z^#Pms-$j`wsu7TP;nmnneT|lxqs2J5f{gox*i8#jB-?9Npknv%%Wot|r3C5V4PY&c
zD4;*nhy|95J`(VfRg4Reze8TSpa&+n^ot{WL#Y&Er$zyNnS$~ESOW#RBJvSVVbd%?
zddUTY!i$~~(b~n6)|`<gly=H0GotEOm4NLov|a2yQO<R!O<0gOq)Z2*6oy#_RzI)r
z5I>e8L&0e4LUfY}A{{TsS<$mQ@~UoN5j|oZoF3Xa59pe`sNRqlu3kjkuz9MB{dONT
zha|QI3&I$dWHKy+uw?R)d*g8lgp^2%c&3BlFK}6d0za4K@47@tOmYodn#HMb0IX6H
zwh{DFA7>eRE?-N~`*;8NV<#OvtkN9}yEQK_>hGZL&SgX&R#k5Q<mP;HkfiHAfC2@H
zz9GUSxjn+M<8Kh<1w_%CPnK7l{Dy3`U4mkZ;;4ln$0$?<K^>c2CMS7zZ>;0GpcpYy
z_Gl#}M?hP0{>`>+Vpvcoq@-A415RQPlHXXVap{6=jWLXq1gM4O`O8Pd6+;X-*Dn}i
zJb&x>y)NedJ6MfBZEl+1v~nN{Pdnki>xd5pDPX!&moA~ln}3gFanDlbsor6`{`KGi
zMoeJKxBy9mZe_$Re<Pr#f-p7I@uYil<y`qgi1$D%4}NY!I~MYLbGiU7u)y))V;Vd1
zS>g4*Fa2H!#C-GS`}p?-hF7SwOBj6dc7O1y*u#u1(CKZYHX2e!WIHSq<A9ly`=wBf
z4{zM`iFHOK$1pFb_s4rTaZ6DGu4_zU)|r-P<SeBChv2y>?mYsMc&sv11l=RtAD@W&
z)*+QL2P8wvKVUg_8D}$IK*Irz4m&O(C9EO`j_QvcA1oM4<DLk0b`f7)Gb&WSFNO^!
zFmnD#C7Z5#{`84C3*lO*|JQ{<u}jn}bpXMbV`(>sd$r!MVls!3|Cl9acvgzzZ2CIC
znsUvY4xRH%-$`T@WQb_b-6%CB1tK35tNK_oR0iCj>RX_2OdEbFFbhXdjCo4&sy@fC
zU0ZBZBV~x=;>ojY7Vq}H7IIn*H>_}ttY}WV>=ncpf@S$M(zM_NVw3E_EkJBU!0ud>
z#9kXvt-E%XbG_D1gFfDsts>}v)&@%4Mi`o!3^765J-r>c-W)?-AW}k*`Rv!l;<%5L
znh|No)UQGQ8&Fe#vIZzM3l~?wxS$9X-PY4IG+V$F-JK0XffgR)RxG(tpns1U^#uN=
zl;#SnkMAzlX8;3Lq?t?p;vADJaElr7U0V`?jugQ+pFs-vT>(aJJF{j#4N_K@iMS%h
zxl11FHeEDmSZcLBOsiHW&1n2;g;%?AtJM>@nD)R`60itxc%nHj>P=o2tZpP}`>ADj
zRv|=EK5~8&N~DZ-vKrSe{qkQ(8B2)~bzvJQ49?et--rgeD1K<sewZf<^XxVz|Dd!`
zQ+euu$Th9O2%yEDqQ49Zaq>#)%FK^!nmZ=}TU{|P)ee8a)Qb-r*$j8*bv6`Yl4Ieg
z##N#50g5`P?7dg;4^;C15-jh~22osbfRI&}4XA1T;s8zF9v9gkfAN!S-Bl`1(*!#&
zf_-XsJ^!$In5_q&-`zd3VOOW{nOrmnlrZ5Q`ip4{J){M%R3yx&dvtP*Vy0B;rtv-1
ztKfTlgzI5PTc`5#L-WR>R9q<GQnzrfvoV@8VCpQn=b_n+zS`|LW;mj>%-mB*RcO}g
z&<)B+y^3wN-3_I2dD6gt>hId))^KcXDFThbM(MI{R#2_IZrrk&bF)%#!%tk%L5f>%
zG(&VpU8xh?PCDi==6)N#m!I4Nj6t*7!P?k;=t7V$9nCRJ<^&ijgT$i;rD=RS?Y)^L
zfI)ed?(_+zb+G=LUIHhp2_x3a=f(OoVPla1z~lY$;@8L6l?@q~SHLI0^X2A#Gutb@
zG>3ctN%U^j`PNQb?D=A|^NbK3G@7;64|AiIH##?W93^iDl@o}|t3`@^EN>47{n|SK
z3d{A@aw^4xqIFFA*`-w$egUz^#-m{c^rwL~32j%ZzqW9~5M);l*wuTZBaS!?(3`*3
zS{F?#pAvW@Ib)czOCg*UxO^JXoiy{1Wc23kO}4juRPw3GX*7~=m0#j!XqAFIG3NyC
zR4w*ZSMaL4gQBKp*Vfeq$az+hE@pD7XR??MvbRJwXGZ7@wnT3ZUZ683^)Y<`^^S__
zPWB`EzL?ep#LYrB;>d63Er;N&=KPdZy$S~g`4+{)z!*f#@X&t6sjFFM*Lm>*)-a86
zgjtSzo%hr-J`5Yt-)L;u$Og#qp_r^IHq*kYO+1;+-hKL~7gVZ-NfP&xFgdlDH8)=}
zMs^YWW<nqHeqg&PHZ{WIOPo>xa+b};Tp(L-4L+sj4-NiZric8NVAC#peZsaHW{>Yq
zeyxtgkTET)g{*C`JR)5+5YurByEO#6d-$Ewd<K54onHBs$I>0VOEg7}&JczcCLFKR
zH(oA%h=Qsm`z-mhpT?NOl2O&SV>P+Q9qnK{JVvrUce55dw{z8S{9vpFJgQZ$I?$#n
zb8*%$LKFX}8j!^}kH8hVEFB11>AvOs+)H7oq)a77srF=R$|!7N(X!LCva|9y`G!sV
zOK+99<V0=FAg59dC0pTyQp?^;um84?DQuxUA`R^fJ2Sqd6fZp@jR#%z`$+0tNKJL9
zo#mHJg;$fi;9IL41;6}N0LJKA{;gK8ByCaKpH#knZbREzf7Eva^5XBN&Ytpv;F*%)
zrHbL6+W9SmryowOW0yysL(G%Vr}d?8_5_Xst6BlsYmeH0Sg5`d+55^jHslokU??Ub
z3?~V&3BkB(nHz1ao$Byu@o4yxW^`9|YWjQRLimh}I14{kB92ZL0l<ztxe!j4VYv;<
zbbenLMT0+vC@d7|qLp3r;U2+4p@KOLO(-(L;U*m}#zl^be3MxY`G8iydl%ru$8uvd
zrSH$YTqh)bsGjlJHKhNT)hX^dq3Z^x8_t~mml`_l?^OJi94Fhs-K{`Zb|=`&rOU6a
z8{8Use0Q9-LL3EH6}*dWf);If9fjDDuBN7c`Ga4ZZ-{8HM9rt`YAxH1?>rC4#<)zb
zKW<U_s+RHHNgw!s%;YHqMLSjnGF?kRNI=RJsAS)cNeQd{@fspQL9rIM4&x<`j8|ky
z!oq*8TAuA*GLH``t>@!Hg0KI%j7urk1l2d(xokuB_lgCm1zvW)ue|sOf~bbXDpL(P
z;0krpPiZ~>Qu_RTV6?@!W|bDF5C`nOIW@xjIG(sY$6t!97mVyUd~SzvtnPl*IzvS<
zf14+F+nOn$2&^kf=qFa9CXJCGZREZWU`Lhh`3?9xMx`b4&_?Esp%KP!p&?jtNTjLr
zV*I(2^?wD9-WMNMt?Jzsey@C1S}t~M31<-Q&O<|eROomb;gFcNDLiW=<vliqv<VzE
zfF{Q;6kzK&n|#1A?4RaVblF;7wol%a5Kyc92;CrJB$1EHoqC;d#BBJflN{q^1?{_K
z3v%)BeA#_l=nrfrq7O307a5LiNnDPA@6X_MyRihKesGx=<V9e;+!erFQTZ62fq$_h
zQcCJ&%Qzswuz9_UO#TA+1lKN{mcdGbc_LoMK@7R~3m-UevZFsuhI){FEf%0^`Q6sO
z8goqxONlF?n@cOYh=$q!Om__->@Za5v<$W;loU0NfT_Ok>`K|zh6oSUlszb+e{qVU
z$MFS*@an1Hg<P6gfxR&;LE=4?{8jm&$abc0jL0es!G^LLzem_mg9)C!kf8`-VEgEk
z+FFSKN*JTG<3f}<G+5Zt5c8s`QRtvvniiwQeG2KI8Bnq81ydrL<rk>QzUY2M_5Fw8
zRC-40T3tWm7NTQ`{QU-c^0BOfz5G$H3`QV&7sTKIvNV^A2obd~5HnQ!q+lwj_{UC|
zmXpg$9%+HHL-&1>Ok@=G{@YKH8r)n2X6%$n^~Aj_pH8-5jA070;G_7e2P%i7{GXn9
zyG;$-1gK46+KL1uD^kdn#Ku#M6)9bh#(YB!hK)@U+}(@LBvEkwiJr>!d)$D1@DcFq
zsL=h>u=Mw%=W@80B6fBDc4e3rHnGqgF(Kj~C!Fb!2?S@>58gsebpfIA4(}>4yv&ZJ
z?EGs<{Xs`n;LW0<jo04R&Q_q#2+VVHu;;zGH+vPt$h8rRus3UHKPKa0rctY9ifyC}
zXTYfOLBzil-d@IPna1R(J4^AlRsoQ*IoM%zFtABuyYr5x&KhBUAL^*`e_~MCxE>}G
zBKJf(x(|&*znW<E+q@6(O$Z3EH&n&8GaOQFQJk1eY>n6N6i<uvhb$`BA&jw%-M`8L
zd!~>Fn0Kk`*7@9!p*`L{_U`ZRzhAs<4<#FPB!9+Z+)8%*(>VNniq=t)KN5IWO;04A
zAIyTE4x4{gvzK2;q_O7yjE!7dY!E8=Zr7~;kkGsl#2r&#yV>Sz`t<BlD*!vwN18z)
zoB2ms@EPy6$p*K83V#o5N#d-Z>7AMJBbQo+o-|WY);lqE#qsQI8tw3BZRnyK-dJ#J
zw;XPX+~m$E=ixra5gQ0OUK}7mX($-vfx!0VC8XjPqey?p5d0b$R?$f%zgNx{b*m9}
ztnS){pSE3XG|B)@?bh5PFp%LL<+}y%JhPF3Z~nMAdolj^<qt$iL|Hf2u&zYU&o2fG
z?l%r$B$62l%PcX)qC_=d4>lb<vUgyj;bJuEkn}tA0}!cr`yh_+f%?boJ&1XZ_IH7!
z*W-zF&+NZAj$xq+O~(A$;E9Ur{Q`0F*7^R7c!WhrUMZPcs>h%}q{_VX;ZNb;@v}W~
zQ`htKNFxnt?&LCiACk(Bo@fv%wB8_41Bm1FKh<qXRGf37YEm2F?`{vP=ci+xP^5MQ
zlrP3SbC{RRo&-El0SJs=SYXGSb>H};zUH6B7MoZiL1+9V^WyLDQ1E-;Dps#QOjZ}h
zKoLQe9+PXHG;<A#EPgVwZi-T*nJAZCc~}{tv@YnMhxpXOxMZqioYtk<TcyRXG2m;0
zw#aNSg8^92eDHdA_9-KLTcbCaQq#aUC37Q=YeJxOFOjUD1*nfwX-?&oRMrL@AwGG5
z=tWWWeCuXiSa}jieTu2d;RR)&PkbEB*R*3p?)ugp-*bz=MDt_tOA}78M}NS-{%(eJ
zy?Z^moPnDYf9-;4o<K+OU;f-)eRa4FV2SIkXa{Syz*CFP8y5ePZyfA_G=+A8DIpw5
zv1Db$4X6;P1ui_)J8V$ZzVZha`_fYSlenA3J(-t^_f;Oy+}bvkJ@Kg8kkUgfHm<es
zKa!jQ(RI%jE1QDE@e^ClnQsO*w=#{(KB9KH38oX5+x(p>>>YoNd5s<)h|EuLm|>&q
z#s-N{k&~HbFjBiaMOreTW)SD}(#Pxxxm#4K%W~gsfM$ywpU1qA_oAHlvh~e1fcq|G
z6);{&zi5!oPd8wk)&8-jAEey?skbG!+LZXPIl5HtqGjH=sr7|f>dA&-O*z!roAOJw
z+=Om&i^d*NE~Y{B@7AeDgUSUc-IApt{_P^GF*~pvYxWC0;^>#)0WGIMt##nhvopNY
z=kJUe;N<{b9ZkMVQ3@Asf3SKPsa-5i(m^YX(5mkLgC$d-__39FiHaT`$MxbdP@M|d
zl(71Kv#p0?)II2bPDsy4-)KB=K|cj4b?e28AWGy9!F#VZ+ApR&oylltr>m(@tgn=L
zRq+D>l@;UOMrV|&V8(Z+e7$bJR9^{CEYqA1D879%wK@Xx;2s_u#ySRCN^*jtF@~@#
zO{c<3bK9xtb1TH;&C`z<bwjZ1#ouyRlmBQP!H`0V|IpNG^|&ioufmjz>Z%Z5ZL6?b
zpMKsxq@)gyU1W5Q=`z4o;pZLdvNDhT_JQp32c|y04~YOD@@=+fsc7{BhlAh^lk-9z
zaMQEzNx8SMX!G(O+LNPsuRv$PEW<wLBsnm*EmNw(xog0f;8@-8jb<x&7#NMWCsq<Q
ziOy4u*tXY8)Ks(_o+&BUq%a+ZRF1ZByVWW*(=oxo5`c8o7sg6&BTPpQ#7ShI>$TI)
zw=zzzhNtm3Zf3dqeZNoMmejaH826SAXihf~^Y|(BGtIt>vz<4ovnzWd5PUM79Hc%r
z`;jElnA}cJ+KY$8hq!X8$+y8rM6aX3Re|lB8%p3AbGkvZ5-K<I$*9CNGW7P4l+k0G
zG4^Nf`X!#c8*hVE0qP1XY<4JdKm(?yLz)^@=F|YB=%skL&-e=mLrqFEqFF*3ph(?+
zX^d-=jTTjR3OQOMT_`jAi^9B0WejA65F}jU5bX06dg;x<ryIuY*E(vRB+1-3)16us
zEIw?l8c5^fj!ghH!hBCagjSFKx98UuS(4K`VC#p8zo5_iD@S<ZG)^W;utluI@KHfm
zeeyEdG)wJF?X+<^_X`nCGUb#dz}Z199=xB8h*KkBD?Oy*M%#|@^6+NfNUvGf6IC#S
z@5*4#eVa~)R|e!5ee3G*JtnOxO}!h|x~VczpTR^}^|oY3>07Ry@^LRxSBWn*PW@oM
zlX?$>`pOlCJyq0y@^F|P|K2!Jc~^NBUv|avO#s}D$}C^cvObvaV*eNm#2G0t2eH$L
z35q!n^Y`DnyHIXD{(in4<DBr2uEqO}i#0SBfZecXgg@CZ<`S5_{&n=P`t1>W78aMt
zvR6Qs8DZC^4UzqrGEH3ptrcS6aMrjrs!L!k%!o3GJ^V?1Ywjnue!ITj#~AaL5A;ar
zjk09q@fR_FTP3+V%&#iaK)36FPM)?MgllclW8o$2L0MW>t;c%#if)-&T9a13uQ!b6
zPdohuYm$-RwC7Ygu0m2=G)<{iQk&MA<g}FfuvB#ihNLt~M|EnJ?@h|(4XDMHOBEez
zeYjLXK}&j0*Bqk@#KY9BdmZ7Q*VDiMT3Aiz3+W8%>1%;{<S<fu0RooRk|BHbUzmWh
zS&8?m!rpDJb}I&RV)ZRLh(~K77tD?ROgZt2gDeN4EFH#A=dfw0=_jtC^n)=)2|&VB
z4lMd{ij7KF1t&fHP9EDnFY(yxjsm6`pOBsHOTwUazk0e!4xR>6GKXG@f_PsllnUbk
zfw;OihHR-nscL2maJ)n@RQO4czf-Mho|k04L91G_jZjbbA;u6(MF(SB{_&9ur-AaT
zS{vyGB6AB!JEgfndkW52#+A7#=_hAzyU$LOxSlu)4<m0=x4iL0d2IEk)EZ3W?E2}1
z!^NQ`VicCb1C!BxdYkXA8Ku~qFvrX>hS_gj7pUQFwj&UMfTXzLU|+rR&u2r=ffJ8@
z6Kx{L_U2D`Nq1J}S{m-L2V9GFOF0i7e3L(r{H5?XZ>dm?cM>|uUo+-(;}*ytWg>c^
zjnwKF?X~#u&o64m2Fa76L{sC%)C-4t^HtuK<;cFJ29#ge?x5i!qY3oy%4N|n2ub@y
z)f_^<`+0nSWnjtU`!Jy;Sr^&@uM2I6@Um=x*EiQ+0mr?}E3nq&RiYj>VmpXY@+H}i
zpc1mrDVd(|D`3S_+j}s)CeJ^qUGAt^?)ZK1Hx8--qxQ63-eRq%&Qh&7ulR?CPMsp%
zr2;-q#C?EVk@(Ycxy4j?cT|#AU{41*bD*JW67Fd&ll-x$VHp$i#al<HT|rQ|S~E2v
z<4V+0m4oBqy7l3@w!EM#Lw(_NYTgGDL32yy_OYP*GypI}zKqL>9uEORr=*vMcOqoO
zB+fGc&y7FJM9OkSN<7<u`8eZad8>ln@@lPpBj-2W*jb}=Nb!fC3G@ZAC-EY@qg@YN
zpLKse*XoPsXmL1T&{Z^M_9?~^%Ks>|uNYX(d_)><EBJZ%V1#5-*)^OV8jSa68%fJa
zJybk?8lc?rZ}+x3h*!Nk6ntkj5E(UjW?nuMK88#@5z>3u@E}y|xya0^-x7RBFk%mW
zDD^@Con@XA40Im9soHx*E8ZiX<NbK#5?jQ8^blLbLeQE`!$O}J3zzH!lR}5C+WT8z
zQu2f;L_}c1pQT`gJw8!VyFJ%Z(|j^zW}>Yy1(+%5Zg<kKu=yzJH^qU8nVk1t?v@RQ
zkMxj`eW!0=z`v_^6YTuoAKd)J(x``F(%fM!^^T>lA2ik)uyqxLgh|=WN#l7eyGjNq
zUlGZqxa=k7!(}a(1z_1psTKb$Xl}!6wk)xRn7-t2@pS0-0e2uPpBuO|;DsM;V^#p1
zJlA>$g5UIl0NlFKg%u}&>i84L#Rpo)4x2q>*V^1pvUbovGf_9kB8^LV1CEjT3#P7j
z>!Z=N&Y`#7M%wjS%`O+0utY#h^6ln>9e9g?Q7z>vz7cm-fu&{#0J^mBIq=*)u70%l
zG;bzofXlu`CxMzRZRfRAz(-qPL4beq7kFEUUwCT^yfJ#$&VhgNl=<f-^G6{xG6D=9
z{YSnyvpb|LbulJnS$b{njK9o7!|$P(<VXajGb)1qzZk`k8Z4aE)E2SEqNbr5y>*-x
zO0<^FNGTpsT%Zg}{@LNZ(Qx9iJg)>l3$1j@JGam_W#aqE#5bD>*UAzpU!XYV$%XHa
zJj3llWB*Lzg1iGK%LT_drn#ab)uH@TfO4sRBYjR5{c)6fyoSAjW0IVjA)Wxmmfdfi
zk7Sx&sL8gs-6D`{Q$p3&?M4OUTVnmz;Mj#AMGuzi1>D?|u#x>VmPiEYqNbj<yufRH
z1}Dp53H5tTCYHf;#jqa2CcwGcgTS4={PV#cWUyo)2j~5z;eui@5R$ovS;<r&`O<?{
z$X@Rw;dezA+x8MM;}1hGm*;MkvaGv5sHkL%3wqipZub`5Su<%RxGA&ov5lna^mw*6
zDTmj`GGrp1r*FVRGVn0T2Nt;`J(vNb#iO=90X(<58vbWcbq^3Lz$@rW0Em>~m*c;<
z1h?bvF>r;#XqdY4<sG`^8>E3qP}!*azo_(z;QyC0;7p<JfoA0u^Gg6iOAqum?wMl%
z0{4}|^^`5r`fAGqkN3a_?DnMK1}V970A`CYLcC^_2=}yamN0^frnbnp-tQNUxxWs<
zK?4*8q=n36g$Muwfj&Fz5HUD@bAND9{H^u9s2co>HrMbC?(==-ALqO)k$J`#O6}$*
zKDQR^w2tK@gIe@j!(GgyxKUd1?rEcyBbInt^*A^Bwmob&&aB9WYU**7Z}$yW{dnkW
zVu801F0=`L`#josNbIg|lAlSI7n$v&=|)Af;1q=1aiD=4|LJf!`Bx$glifU4r|)7M
z)X#h-v}&NE7T2Ws4(d)D8RLp|w;H3*Bc~x;WH-=psv@YtjG5#k_S|5a60gc~zm%Y{
z0ySD>UWBjYv`7$VR<wJXT8Gs5i!(I%<rzcocgsS3b}^soqv&bHX(p_Mp*VIlE;Ygk
z?<h2X(;Nfj=}lRSKQ$XmnQam`Yz&@LC31??JM=RRO4txd5%`8E3Q>EqKBsay98nj~
zYl^(u!tVzH#kQdYWuIvnj4Y^vni!(s2Xkiil!2+#eHTj=hs*@I)3Y+_gFhN92D+9b
z)2%C$@RSZV_6i7iaJ1jWxF_9w+ASf^FRgBxfAuuRliNZ7re3U(rpg%m3Ae%sbv$Q5
z$vddila^|gF%l$9iOlNpctg5YQf{;b3tG2!w0P;irT!GU2({rv8$eXiSN>e6h3T61
z)wZS4u>0nI*LUJk8cMiYQmWMh-?q}%lxC!)ua(sEe|1zRUc1Dw7FyTvQ(DS>H6NB<
zNx;+|pqeD#q90c-ul!fMnR(j^JWO#UzDl+?2QB?X0&e}Un2oOko#EjIf3Ijs!)2EY
zx>6vRMm$GkMN(<D2g>KKKee68QG?V-=$!_BG+})It@N_>hVV3+JO5HkJ+5B^n#l&s
z{C#=rmHGP%ZvCY<vdsU(0XBo@B~|KWJ?jNv7B%A)-wFTc(?N(Rnt^<KHD_fJAy!9^
zXBse{Uz_220yV>A@lE=6{(!z4e+ZU7ng^i8JA62NFFh=xCvQYRyn1+R^=s<wHQ@yd
zt&D)TN0YO`K1PoWBw*SNeTEohcju#LuYgE(`Y6bAv3fI;JrK|OS?aWNWBx+p#tl$y
z*5W7F-JG@3x9ez@XPXr+;j`^)%~iGChCL--y;pB1w@sqN>h5_~(TRvkaWj{Cw9-`f
z-hvpdcwsf$b}VuK`c?OJr~@|8hnLCCRwxkJZ~AK08O_VoDDQ|9Rb|C5tb9{{Y}G}5
zNzNaxm}X|mi1KT*g?q?;j>g@W`T?N8=f(BrKY6QTlm1UviyTdBFMrj3YsU|#Uz93!
z90_jteb`EeN7tM8KjFMDT_qPbXkEbm%TDj)l!8rkH-*_ny>m^k+OBPU$flg_YBHGJ
z%CpKR^uXSCx__=iMGrIPj0C5hE!SPNY2F91{Dd}XG}fLq(YzjoKavS>*=xj(ZrOk~
z>AN&4`w_k&Dsoe14~`$ikcz4P0+rJU-WK6!IR`(XcC5dHX-S1DFF<}iM51CovtQJH
zOV@R>Pz9l;h72Zp;K^US&)~?X5`hIcBkFfgtgsr7?5<-E%$O4|O4DC^+l^#Csx`i(
z2R}o8kYG8baVYre?DPY%k%4fp);k$>oY@{ycZG(ru=8B>s~bAC@|RJU5AdJ>p?Pv+
zggH|tnZ&zMrZkL$eM==LoSBO|ms_~!y(@>zudOO`=zzR1a=urzcyGF1DNUZ`@`?DP
zg_i78?YSL)f#4M@!ANq@ipjgbOI>e7yR*Oy58F)Zox{V6mN0!Ri@h@Odk?FIe%T%M
z`u5Utt%Dx8@?J#VyeE!)*8RSBv#2{n{Np$|gC-6DUvAC0nt^*;dsD&L-u5}*^tN|;
zGgTUuJ8?4_r5vShXDKAOzzLKLiH%6(sQ9!L_e^Wa`an^z4u0RP#C_KlwgW=b5m9Ab
zl0C>0BBe0dflfu4;v|_wJms|N(V9K=ulitVC{{eQkW0WC>obR@H_;cz&NIO9R>a)F
z<rQejZGYS@@_&mD*)Q6x{x^)<N9QOCL^hp$BtM3*N3v$C6f^DzpE>zmxuh~NKF(u~
zeJ;=GFJoo>H1^xqLt2Z`S8J&7Z7<&ug)~#r(fwmPOpG(^V%<B?Hi9>a+X^500QDu{
zKMV2GJf`=@=?hgP<X&5clQIh{!fx*_2sp`CHHC+w?U^8@$tAOy3<+9l<pOP5`K_d2
z9G+h3kf|8=3iT!cMma_XK&12g*+la1&o9S5;QRe-uQDL{`AuL1`=yp4GKx)QtIN)E
z8rLAJ!yL}7K=BR1`Zg_2&s5(uc#!mueR`{kkjq!^HlRHE$CFCqVii8-Pm^#;;45)H
zsrNUAt=!PYV>cAvkiln-mnYsRNKP?|a52J_X}zzbn)Dn`Pui7QBD2}6ZA-{-<traI
zGEEH8nB~-gZ<+dm(Q}Ygd)Wj`4m<vBeHj#$X{c#w2of0-t4R_Kvb^1NpE+p9x6COX
zsKd3Ngkv*!mRTJ)?LLnB8pZ1tfX#gT<lol8;LS>#5Djp)Z}tM%6RqRr9o&EO!42M)
zCJo>Iao9n}3lT67v+weiP*kvfYM^D>c5$o|<)DA6k?DSzXhdyPM3zRZ#el(T_%EGh
z9Sq2q)cl<JCh_+>zYKfj*Xf$XSFG1^IQ30dRtt9!!GFHKV6=|uInQ^Xv5l{}k<LZ0
zm$v|s@+jezFM~8DKm8_txmuILT*u9uk_gn<yN}7<(M;EN*n7j_Bt|Cf?;%t7Z_s(o
z+Y8=a-~3-waxgYC!C-%;HY0mF@YXzj_}-rzCZJ1@%<53)sdhkAud|H*mqu{NKIrE@
z%@L&LcJi=R=TP>r7SPlpGx0V);oYoh)?029jkGk<_3QR`eGAp9$>mhy7e<OD28x!?
zx8JM}vfigY)c2gzEL~i`e5jXE;O%X<v?fS638e<u4jX2j32GX9OTkgX32pXB#s$0o
zh>Fr(c4Mlj(LOcgEYtrUl2~LNKv&eTdbV}3v<j}aN3PleUjU?Ek&b(R!NINHZO007
zJptR=$O*yLPXRDc3@0D*YGU%H6*leH<lL-V77+=CpV2UAhosHwRVk*kCWc1qAegZ@
zimN^<+L-Y8i?Iiik;#&FXRRb67N8qYsMHH^YKi47QJZK6BQ?jjie=KQ?LWb9YQ5Xr
zaBy;qQP>9t$N<nv4ci_&Nu`T(#oud91eP4Mn)6K`#~-`2Gm@-P3(V2?`E097=KP7_
zd1$q?5fK8ASH1NJaSN;ly5I7~3p;k#h73R9PZ1-Zq4(f!lG(H*izu@I0bX{6hxe@8
zM!oJlI^tpM#ZZ)%O}9zYJR1E59oBOo?clvyI-TP(GC*a^1blPzzPNfgJhuKBuk<pM
zz9O}^Ku=CRW#F|Hz4WwQs*yB;pb%1bD)(Ncrsl)n>*W>WkvceL6XO(bq*0lv@O-+8
z!)`JNX=UEdqRNwuoLEioE?$6IjbJIBf=Nvp?kB3!0ZYd&v9^z6muFHc2W)Tc0i&M7
zJJw7u2hjRig&t;Nqvs1H(!_0I%c;W7Vv*ybqr+vc&m98CQJk9;*}~k?I37v5AaaG_
zS?`5k{7bI(M!+OqbsP9kXvZItQN9bUt&oMx#M^Vzsy{U4M_k~ejJpT|&7gnNhz`LO
zGT`!~WSw4d=KG}~{{@19^O*CkYc4nu)LdNP3<xcQj$XiImsdyoz2_HBcfgkeS9pE?
zK;z8r<s6s~(JrXjza>K`Lnlw|t>aQ^n@8WIvMF{ktJBYfN}7~KXdquSCMLVf)#H<s
z8h__4A6}_@SUIw{re}GfWWo(zN49mQZ1RMv9kdx|SPP9AF%na-fc@awd7Ny+nco#?
zfDItn!7}rWXTK}X%5>`;+`TXUmOl7THiM;etKVwpUcFjCOm2-Ya@9~ro{b(SbI2!{
zc)6dmt9<U|u0))leH-;NaoMGGV@N+sKD@u+&brbx)kB?1JaVWCRZ>|g52;5n4UBns
zYZhfr4w2q<8545v+qs^afAJw4ilNE^+T%pxiP1(fCN?^^x7H1xKFfgDB|m1~H#Y}9
zz@|Vp*o#Uf^W$kC4n9E((!{B`uNt?!iTIC-%X5?VLaK*|U!q5OU=($;&LY=vgkJKr
zcI1?H^k3Mfwlef&+rM8fT~7etnU0@tGru<fRT=R9ev#wbajYP!36{{?_Vqi!I=GYF
z{@C2JlNX~gI#+&An?S&)QG?F%shcOw{VN-n5`>ojT(p&5N6ptfCZtauD-6$L_>)&J
zVHt~)5}W9s>6yMsRH?eJ8tB2!Ht-A?KIjZvy%3oz!>c@o=?)ZBZlG5}So%p+<vgCX
zQ)ojtjuDx&*mb;;kcHU93J9+Ph2I5)5sn2mE&8FhFMi^?<axJ7Ji4>%eR-=<R$*cJ
zC!c!0dA+taPQ+iaDl}-OqgPc0sq4JVr#eiRB=Xlhr<F-IOIDwpfh{*)u^!)XH(nV9
z?uP!wzqhka?+W$amn?m2MhA=xElO4I-9pNLRYvr?I*?Wb!Q1<rPAtHOgV&WU5!jDv
z#_+KFR6T~B1<#RL+6Q=(etppa#{Jss6o!6ZoCa?Zs<akGzbFWO5m~OIok<5*b_Px+
zf;R`>ga1LT+8@qGFNTv~RYNF63QcP!J9|Gd_Y)Wkl;fm$YZhS|tyL~?GyE5ylu$5b
z$lqzOZx>+53tku40FJ<0qx*G^C%d(NAFZvOrBHnk2V36Bm+GZrXKZt>m*ol<W0pa2
zpMPn{4}d8`#-U_B7v<{b$Q{KdvTCdxR>6nKC_)IRih%yz_-t}FFQ6e+2p2l8NNk6f
z6ndCyfJx19Un$l$Ie*g7-uFmQ1^V!pug~8jN?QF&rQ=;nz=e#BB`_8W&rcDTcMdYO
zOy6`anVHTWM|><`4bDFInXe!vqa1Ira<310f#0VR##UI_s?0h6V3KL`vP}U;p>2Pd
z*@yJlzD~QDzaaQa1ON2A=;8@+xnMyy)M8}LSurZF%Go&d`YD|!>=hxM=W5}1ECJQC
zg_<xgHHZosfEFu5$u@s<fncX@aOC?Fb1k{&RlgR)x;;#pT$)=Bf0HPkwWjAlv>ixa
zWA@c#R-|3{9jfUAG=;TJ*Yv~~jIDM(h=k@gn<>6l;JTvr=(99d$~1ksEReHNcx|Nt
znd(n+n>M)$Np-S8wd2(kjsB>QB`H%*Q_BIqXO$iRXl-A1UXDw3$+Eg<lm_kgTJ?So
zJ3EMB0*EPsqz4TQXZsijdDqspFK^Nb@Nf6~+Xf=a`XaB(A|G>qZyc|FRg!_-@48;J
z1ZVo)2_A}<>ji#hc0y52@~^2?C6}vJX_QKPR84G<9J@Zd|LVgn$##EpYK3~%g_|W&
zaTTZmo&;*7(5C+4@6D%fAJ&-WO&RCgJ+hoiTy>KT?l*uH%>rRWnkaFbT}FA4gZ%`-
zXQZT8xYOW{^}hg-PZQ<my&b7Q@oP%*1MWD{##2ZYEY50yPfD}cVBiJwtD{DuTC6k#
zL0|s=(CIkc16ddxOjKh_t@`ATcI{r>zW~~(s0K~A3baDrvyQ%(&Ygf#$>&gB(9{|G
z{7Z0PSptl(m|_c8m<IGSeh?(K%e;unM$TG3>oCqWI~IM&hgKd0F{JQ_;;LmI2n9ik
zyl_ZDb}Pe?R?{1iz~=YMHffP*una|k?Udu>4{+zpo5)|d&VPNUbgoT48lMcOB@l>}
zA4awjs|F9tjtVUi0`J@E5~|yIgKUU2ZR1K^L;}ezEe0Aw)=7tQ;a!8khDq3GNIE&M
zdSbgLnh}kV{sdl(mZeRQ?BNK1H(_1h`DX`!5UiAfFeA`mAW+ph=e`9z+(cnT5zh26
z{Ij0ng>#G{$TXI0<Jqo80i4%Z;BiN!i3-fcI#Lw({OfJ3)Qk>>GcXt3M}nAq$$Qb-
zOKo4v59CZ#yXKF{W&94r+U!6TXAB|d^a@+VdP<J<Cj26DJf~VwJEVVEw#fV)EqL<Q
zD=6Ue{#Ye+v%Dq!@Fv24etB{H@0joIa)12(_u@N{!(=HG_h{IPeLr=9B|?-J17=qV
z@oMo%0>=6uLN<L^>JnF;x}9_0kH|T32xj8`#W=RaZh~Sc^_*p(@AG`rUz4J64)404
z1fvWjjqg=VpFte$Zg}}E{m!9~@J>&9;ai2>B%<{A=mj3C5UgrYo|5l+g;1u5qeiy*
zpwe-~)kRo<j@{G(6HXXVm5;75MNF2xZ1C)xy7-m^ew8-&x8V8Vk2$aQWjoX#**Z&=
zns`sGs%DUr+BJ+Ce)I=9X?itm#!c~hMV&W^7$RK+)i{V?d}fJltN<&6KIK7L$tOFS
z;xv1F2gy4&L#F;b=1l?T9g+oJrfQA@?HN*^`IpI&&OU8>o<9`O6L?n;S3<`hEOE^u
zzMJ~o28F*TAGs&#yAsU0V+{`#=G2!y63cFeNX{~%fLY`Z!4svkmNA+|94AR*mjO*2
zM}1XltRIPoHGA0#8N6}lqW2>|vi#%nyqZrksYOri(@+polE|2BcJv<kY+S1+Oo6P8
zfZNO27=t&GgrFo~u1g^$>fA77PM>D12l?5Q^N@8%T2(HvT@oC}F4c3sO7q`7!4CD2
z1-6@`xNWpG6|R-R1r`~;5uUA;4mWN+JpCd6vL!#c-si4BhiSxSJBdUFR(e_tgy9<F
zxMcHB2rPcm6n)(`@T0Bd-M^g<<mRPeOU_#;OM?cYChP#yKa_Qn*j>H;P(2GJo3Zt7
zZ(8Zk&mXr_fR|;_QgfnZgMu(#5!C@sF!AbJ8meKb+twRPzHT$Nh~AP<zw*ysfAv`u
zPvq4V1l6OD#7;auO{~%HE2jV1rVD@XPkxuR{E?T$kf4CefZ~w4k28-;IhV6Z#in!=
z`>pu*=oYZ8c{or$!E<TM`?X3;K9PV^Xl`#PubgLRhN};n{4ru!G^Qm(@P-x0n!kyQ
z-xxvp$AG2;`S!*oqWq7itpAXkl5Q)G6r(d+atfAI5W1Y<7`s*l^2~vJ49Iow?}-(m
z=v=P_4Wc+1w0AI$XeH0jNJUZbn^vDGJj6YMG9@r4LL3a(&IyMk@8q!}<HfU){R(N3
zp<POiUKpo+^e0iqIQ_R@vF1n8{-rKXcSZoWD?PJjrK}7x`ExTj;`#7iSa{>4S(WgF
z3foNI?SI_659~kgU63axV6RtM{_T@Olb8-l=0<XBKh5o^Ww1Ee%Mr^zZu}(Msi%5i
zE*XZq2yl7wGVFu<uV<@9r*^BE5b2jh#0?5v*gsI;jef+j%1(!W1rW{t;)XR^2hBDV
z1*5t0@}rRF{<*YY@B%?obR@sG4~l_c<%rZPB>H$$eet0%Xf)2LOzxraGdgI=7`qh_
z4Wa0*A?2-Krp!vmDCpu26qHC`#3vC@XlfCFgFbJz;M}xB*iaw3ip!5Uq&=_*yVSq#
z+$fepN~?=}l=L%167pvuI&3y}J3)Nt&r&2|ks0`Okh}@$qtwspga>u9wI&FXq0+1;
zKU2R}Q`rY-+rL;8uM<YKWPF*Z)0G~^?DC4XwsJ5-MY(Y%!2SNniy@&2%Qrxq7zXkL
zvZjkB8Y>;_xVTQUa_Cc4O|>H;hi9i<l8jyvuYZ^;NobGFGk*P?aVZ|i#H25gM>&8U
zqUllf_4=Zv8vCjxu;-h*l}$;y8+m-Bx6a%*qI(1jUB@^4{r^yUZ#Z%wbf`z2t^m(g
zf15Fp1ZyOA%TUTqtwtVZ0-fCS!hjQ~glYjEm*@+F%V=1azVvrAwV5htPYvsbmPI%F
z_$JvoK-!2SsyB`x^jMht#joP`DXKXm*PCMmV3s`|HqYKCqT4r&pN!e#yPL1+xI=ya
zCh3wvQ$SR`_d~t8O&a1p0Sk_(R6naZV@Tpo!HwKn|JRT`SLW}wp6qVfGj2wpbkcAw
zxQDG<76~KEQa_@2mE!jR`it+xT(0N{Msvy4I`2-Km2xv>6kWn}(!V({>O`|hL3)$_
zsvm-15Z+*Q6=k4Hfw!IaWRifr4CwzO4gVp>sy$HW3-WHU^T#2_?;Ol4tNkxX5+2KE
z)i~3oI>vmbDDta>>Osi>bMYO0gtNM;W|L0(vx8o*y_%U2qn;LBgF}MD551pI3JHtd
z)`x72RZ3_<B@RCf?(`o)n^~<aERBzjRYbhRYD2oI-t$tHe;JVTO*6Q?`lzjm`vNiS
zf_YMl@e>Dx8VQuSl`|r(R#I9}qM5jimakxSTH=e5#M^XBk2n5V-77>Pvf^XdR`nYc
zHMsnwb!q3BhFf(U=1J&dH51iNjxi<3PRmyXiL3MeDa4+-mMx>1Tpg_An6JGA$x9v`
z+qgv``Oe${rD=3ehbL<l;(;OVNV?_>vwpj*JEg0J@XhBe&xLJJE$5KtleOE1%}sx1
z=(|Kon(4QcE(imG0(kXNH8v>LE%Fb;S+%7tj3`AW&pXyL3nDRL?twn!*n87wx8L=A
zNbYR?MfF3}lBE9(C8ru%Y-nt`=ypy4C}L|Sw}-^cT6hBN!x=Ml1*~OI>@M~MBQwt~
ze0Uyapx*He#J!W+pVs-Rgej4l+P^we;mwRTvXq=^y@qGNB8>K&FG@sELtZJm-Xz9m
z;9B-qSG8`Q?H8K+t>OzV#vZGEb%mQL3N3{@t>&uz0V#L@jo%po;!^B*>dD+l-gy|E
zMSi7S|0;>_Dof3u^V5~@-v<}|EB@E|sQF5LK)1SeHW6pRcrowqvL6!fjE4Uv&ZX2H
zGv`Bu<~AhY6mRgvoc}j}+!-SKO5?AQ>XsU{rG6+6-DX;{1?<e<L}MJcQ)BA+{RE+S
z?Qy{r!IvJIa5u!<zENg@rir=>lBzB`m{dMg8O6Ldv5V+8T<M>a^mb$6#JF$n8Y0$W
zfxUTM0T%cE%@k9<A9A?{7*+vSEzm}rk|>7GbBc2So+SEj!KD$$HhFHkn&Fli8}+%v
zo6Lps$0yEVLr`q34eG+Xw=b<@r7WBd|Cp?KzFdOpcJddRHQGCv4Z|ezzTH3FZ@Cxo
zzj;`LyyJ6y7+|Ac4p$%2?#3J2>@o5LHDXs;d=RRJ1GEf4DB+{~LM~!8O}{RtOyKT&
zot@@@DmsT2dIVKv+)qU%wh|<G4m+gC-`T=@;{8G4=67Y2&hsY|;$K~Xl~5wmAf7KQ
z{;dk+x;n_1KBg7zLqQBC%qU+O;5ey}8eA@AurtzrG%k_5#3ysx0rh+iS_V$zrGvtb
zpK<?~r8CYb&pX?hpcX&TlT)A*LaGWEv>4L^IB<0C@H_N5@?BeF?T6T~jtSkLQsfb2
zOP0x_+8);z#0Q3?c>izffamI)NH03Lr*lkt2>t%~y0hU|!7NqJf^9#D<A98Wo=b?F
zit?)#StEVmXKGe!vAXSxV3nO?mWb<r**j3^q!9@*Hm@6SzpV#fPQ9FLJKx3vVAuCY
z6!g>6Rj~0f1~0!$@LAs5x5u0K#^mLH4uZ<Ikzt;Z;WoYt*7Hvk&!>)CW$b(2!Y?v|
z9J3C6{&$zRv{LNW@ZQwqul57c1ek-@nDj*^F@4cCgS##(7d=eh-_|?5md{4GgW54$
z!Z0p=;}s+j!OnR5qS9#k>^?aICyTMHJ0rx&8*d`!>=@ZhEcmosq_lWoc#kiA)Y;$1
zy16F%l-xSZ(f6qRphLp-neQPn|BlS*p(hM)>AIBP`))$eVLg*!UIuO>5Wvu{@An0l
zXAMYrEwfK>_7-_9GToG!r)grC_KV^LO!xV0)6Aa!fIY1D`J?4>_?a38kR9iV4~>By
zy)+OLXYm*OSC~{jnseY%dD;gkR8a>HXMEErM_;F1)0{paW^B`jeSY_}o%Q#wc`Zle
zK2>&}cMyJkK1*xTJt{p5KE0k}4$?o$$}V4Pj%|ASl0HS%)RFob?FK?I#|N9+R2sUB
zy@dXN<5reUAq0Knt5Xy_5Fqn7?7!@w`=0#cc#Y{@nZ+3|(T_On+7d>0rOAx`DT0aU
zvD-ex_(t91n?=`~mK~JY;l%J5ea1@H%ezplL_JP|ncs|w4XSTxIZ6Qjjs1i&CLo?Z
zWqj9a+BPZpeSGneRHLgTI=!g?$|MDJ>{85nhWClEQcZ5kFN(kvDA?tsz^QAWsa)me
zK-!v`);79z^9(z|t%uIme_Z^6r2Fl!G5Kk0Yy6DYc6)kl=^!D`gU^>E2eguMA>9SI
zN+b(eI7vm_k{tLi9|^VUO%J!QiUikaL34PKOCnNq2epu{oCoKha>J{UL~K5_69;DY
zf$R=`5T7fp(ndMf0CU1>&>#4Y*r-fb>&m-MZbdConAoJ<-2<^tzZ>*c0?Jzqu&K|+
z@!}M+JaySVt+RAH8A5KGO_Yb4_^z&K!;nR54SruBd}}3EB^wBu2pS17;5C#DkkLlf
zd2-O@kLoOW;NwYC3Th!*|7G?%%0!ElErNL95ABKGDbvDS3<Nr~s|~@{izD+Pjh`ki
zpS$W$izX?c{n2OYV&JeVLgaVjR*L&s?dh(co*>`T9cGqhizz&6MB{GBC0`W27J)Ai
zO)9LcZt&fer3o@REpS@$%U6&Wk?Yr=n4z0u3XRlF!6~>9)EH#R{6uxzDMySG$w#?L
zJm38T9+Y@4n*cwgET`K{bgL(=y#-`~D#b`1qgj~RAuyuq5=TGM>KJbJPCK&EDuS?-
zC}1-trO#!b$=j?adl~t&mxYJ@F8>beGunm_yT`xBJq$4gYdkKz6;Eon&{?%SzE8=8
zh@IqcMr_>WC|>LOE9+~e=Or`1v6?G$HM<>Y-mS$s0nx&)k`nmT&>ll=%@q~oiviVV
z69f^op;RO%8_*=bBwT#A_ySN|M(1P&%EE7*8sQ|kE+;LC6U8Peq{yRIbqUb0cR0CQ
z9At5IrWNtX4CyAkhL^^XlNQG_ezs?ESm#$sY18dDv{fw?%uL~`-zBXH1!q%pWwOwE
zGquYU1Lh~|m>=>N*eNN$B)nn*3L^9ho-clURO;Y`7U|Ubav*~*diE%Nqmy{eKb>~s
z(2F2^)bOkmEGX7ahkHh^TEI+-iVEVd&{RFYuU=bo%gx^|sYHuoCm-5UVc}XnXh2L{
z#xSWbp}o`_<I&UJ=3!qbq6Q-`sdq)PV;C$O08QyqY74)A{3(lw+G9*I*zxI{IZ9m5
zWT03MI*|NxFjM(OJ6utRBR?u&T+>kEcwxcZLQu{R>K(xvIr$nDWh8WiR>oxvF29#L
zQT-qI*w5bc(;h<t2`^sX^+rNu)kV$Za8s;Bbf(;bK{F(wTr(E2%L0n2_MA6W%&|?w
z0w^4Zh?jb-Z<7$tNEQ`~SDj6^7jdJ(wp0#o+Wi`ng4Ngq(1r}1-Vs5_Y^kdC&GUwx
z1h6WEkKN1vTI!CVgQD?~(ot+Ndsu2nc%u!tup+=kn@=GKM&*38{6Hn@=o_;&DV#6q
zV;@T~<!=*wgPG?z2piT|rNDJ$bH+~rfUIQr&PW{oL;1S7R&|GiZ1uJ4sEb1$beLx=
zq6p3C8(qs6Tc*gcRafk_Wr4U&&(=*NQhye+#!iOJUy^jtFOW{t;dr4>i`K<X6DUP}
z<bPs+b8_j2MjzglE+(ykvfe4Rx`1<P5wH&wImxj4+yV5)s8R$j7tg1Ocx^r}fG{>Y
zn<zkV;Td9urr&ajgU?XEni|C}%ZjM!?i0N#@8RY1n|PSSoMMqHrfiAH;pHlXs)@_+
zZ6MU`L5A$b{MT7}tZNd~QO@Lg8IzRH{VV;O_;7NR_!6`~5x1T5!u#gytz^jfX%-(>
zcaozx@THie@<qhXrXhIf!25Gsz>Tr+f7css@cO@%^O@YB3Euw~stZ;0Y+Z{jOrH{t
zqzDIpVm>A@2d88bQ8K{{H5#@)72v6mVo;`e3XnW|3|lINn#nT7NDxb4@?<OBG09}9
zjCEA<ff?gyB0Yw5(?YME#zBavN(VbryL**OZZeQo9G$5GsUuCfMR)^eh=OCQf1M$w
z=ne)!+jI;t6f!J*+<eHPf?{>SE9ACIoZH%V_l<o<h<ZF4^I)bxnVcn}2bL3^^e5s-
z<zkb0HF*n%X&XZXc}$H{Uz!V?sdYvBhX}<Pg-o9B`Y7V#cAC#CfuLg)_8N_!z^^e5
zd=QPra!^7~iS_@W@D_&*L_s`ie_=)c#EfK$Hhuyp$p%KB-;0h#6iuZmO*arAvB``>
zlR6mrTCK3Md}}?xq7W>A)*BPn_(`&0j>9tehlt-1db?xzN@ZxVnQKBqp}WZ#7ol(Q
zTH_~qi57=`EPDH#DSiq{SxNb($XI8Ij~gG0jR^3O&A>3`WTFpHN21qIf46tyPhsdG
z-=J-JY{pI?`T9*i1-FxI_$EjijuYFU43rV-Mh5}$Zj&BDmGKZpk}VoP$vG}*SHcN0
zdgb{Q7@*J_PawTzjmC-ZV*wimDidI@@e}A%G?kf9?eQE^GBM1b`e@3xB&MJbDVGNZ
zDk-6*OKauGgh<Y%qLjsVf6^0a%?H6unop<dQZS*u+VttD6WR_MqPujO`euR{h3X0+
z;IK~WY(~j{F=H`eo&Dp3gX6a3L=%_9Ba{k(QZxg}*`t3;%Rw9p1PcY*W=l^@)?4$T
z@sm{e(%gw81Y<~jBn02(-_G`weA#D~X-zxY^soBL{)o8VS^Ihze^f~SOxP0{wofU$
zJK)L~P(vTQ*GE>?5Vw^968lMjhj0c$wL#YLAI2~Q-MPr8SvW0}C5q{?p+mf=^qB9X
z5ruMAaAJ#$>27=P@TW%OibKkEhROWr9q^B0+Cz+3YMRb^ruf8@)+!H0oOKLBorw4?
z^G8ePA%Ce7hz<}6e-mz$-4M)Y;c?PGZ#NnzOgibXIN&?r)hlhnkE^=&>J@lFs30E%
zL#k%J((;9fE>gk}_NBCxP!$CLeTtCBm8msCRC;Mcu~%y;&oPC8_83WWnkz??(!}jI
z#%J4Dca%@~7&1kUNQ;PImK2m`sCGkJfqJiAHNbf$jk?~pf9y!UG6293qrg{-;2mTD
zGDbWs=d)V5!<l5C)Z$ef6C8peoC-q9Bv>jDnLbsN;Cod)Z8x$w55bJY3DssoxS0@_
zF77mEH4+(_Wb3NWz!XCO^}bevx&bf5GAbx38ZeGEzzYxzK^&!Bd@1+`>mbGfGKuV^
zyfk}1$shwte{NAIGg~1^E`8#dgya-bT9S4cQ#per3=)}>5!FOUIFQTK3ypASw&FXv
zF6;orz4puYt5*#}DV>Ivff3?>@z}dfvgb>@c0i;s7W>&a$R_U;lTk_!awn~Qh7=NR
zroTD}RJ+l5A4yMeDL*PXm=hDVBiUxF{wlt4uvT)&e@#MwIg{RQ!7!cknyzh?B3-+7
z8C$18Nm&C7*QbI(&PHkR5G4ec<V9Dae61q85;d#y(&RNx(!2HNjD%Eth*U#4#6f0g
zl4UU+^GpI=X@-z`uw<n~d6yaMoV`>!R1^iXY=J8dLmyI~wYO%9wLDf{S?aUS$1w^b
zL|L0hf5F<?n6v-i>+a|CzaJd#A8q&ln|MBd?z{q1Jn6}`T5Ov5EJD8sof~>%)B~?N
zU%xg)sm9r-NaqvJBofr3OqXi`<!Aw#31_uM=_Y8U-=$1!%S`ia>9N}Wplpz$<hv=N
z6#EE#5&Qbk14sMvC!Soz!y*0znynO=*i?((e+t7>bEC(!F^t73`tKM9%6}h5k;J{-
z_!BAUvOE`Uh<*sM?!j2BDP)q-<J3utP#BbECH*6e+XZIeh0Y@I`r=BImG=oE<h^V+
z&WG7#;(8}wG#_=zAeW0v#!?c<YiuisD@tVvjE4z5&BuhMrc7ypT0{?63h4*gf!;6m
zf5+9rGogio(!NxLQk4^2GjA70Frql*L(u$@wSHvH9JC+8+AuYzmHp0epf$A8nuVxZ
z)buSv%`2*ubPK5*Vp*<P+98|X>h}lT-WQ`<faXt4(EQk3sHYDtnzqjdo^<_}&R^1-
zZU!goTm0v)|9i)Khr9Xpe{Z+DUH>=ne<Y*cYdlki+KiEiHCl<6WY10qo<BBk0J8w}
zEYa0TYcyqv<h;0-xdfIwV{ZWIkkZphs~bQG$)24a_gvQLLq2W*Frp-mdZ2llSlQ%f
z)~rUK!%+tB0**PK{G@(;1g~Wi_3$f;4q8H6UA%yFSs>9;q_q)n8ItC3UXY-se|AmG
z7NKQn<mD1#n(_sVOQSTGB7J6REJ4p4+6&Ut)UJ!#A_T2+x-X%rE?z*o%s0OjZDX8X
zX3o33`WK<8u3QthMJZZ#zo>+wx_D8RR$N6YmsKCm5>x+@lr3CjT7<H?aw&dU+~!gC
zS^DZyAHP(rWZEfO+XHQ^IgL>se{b+w`Bu+6x=Fe+AS6IAO#7k%Tqfn%nB0A2@xZLV
zAMr40yVyxxPY~3q!+H$>9KDLvFxo@m@&<3}GFC^MSv(~}sA9PxN;+njEG)KJH}ec{
zNb75XK~7WW+vRC(0l8;-=ls=kGzT^O&0S+q#DAr6u$<ZJjKJl2>)k5Ef0y;|o9@P`
zzKqMW-tkT%+jy=*U(4&h26=DyGdC#ao&|%`F;RhNFasn?&TXw@;42lFJ2?z49~;s5
z<|aq(T0voQ%)cGr8aH<z79GH6j1yXavlC4{*BHwo&W~{79k0)~BSe{u1@EDJY9!?b
z)BkYV7XO$N86BSiTq5ZIe@QV%Z(%rlarx)}zAPVEQT>WT9y4pi#LH8=f2F%2(LYTQ
zc_XlT6~EH7Q{gVs@B-y3Ql`QMoS<qfpILE2%0{OoAZz{MSv0OmIq{QCimp=_2=gJ=
z&FXnqHMLw}F>~|FF?SXVpi()R@?HMJATYPfRo!q&bVon(u~HVoe>4$AD`9F~gvcTM
z`KtrtMI)#rr?Ih)LH7L2#~eT=UCy5;-c0&P-<;FFKNsMj?;Ae{<Es`02n0ApOnN~i
zh%7|7lU$eQ(67wyvYzR>U<SNuUD4QUHa2}rlGJT<20J>w+$1i^{<iLU?7(-qsa%~k
z?pvMB4)U#MLRY4-e}9Ct{I@i%?puj(a%b*A=6@ymc#z{qL%cHbEs#-|Iigls9F&r9
zIU)*75<)INLo3PikTP>V1y+`(m3_Zw5j($oD+}Ms?&YKN%^&9bh~2k7YMs0Kb1#%j
z!@<p`*`mSX)<=)4ESC2|iSKJwpHK69Sntbn^*`DLU**w%e>^LGfq?h9<g3oFWzBcf
z@je#)0)-yUs_&-3dY64?qW(>-`|b{|ci}H|@CmQ{ZhGC{(qEw6qg(q+#O*yS{smfm
z$E&}a>I*La&&;LM8a8;7Xe4uNVA6&Zj}I2gB$}-8D2yjXo4e`dwQAmU%DgV{k~%_@
z>$70243_dme-Z#Gd1Ge-S<DPlph<xiZ{<y5b0tgf%99&f7I9=q$RrN^j=o%!1mw#&
zkEa2U^sP^QFlc3V(7{RcZE;|zu#-*0BJTtndXx;rZ^+LpoR4ZO62Y+eV5oVt!e|%}
z+TA-DUKY!XV)r&0Spo3S!vQ0_n1DE~NHL+Ixccs@f3|TNJWFq?>08VhvXtIPtl>J)
z{4IbZl?UI1S<pe#w6Y_wWvWGh3_+jx1{ZVfSutXA=T@&x9MTcu>HWp?VdkDFW`M>j
zMu2r4MqY2-QI}PPs%<Xck5#Dd7$r9>+s$-{n%d35fm_o}f&9)S9l;!#-JY~bRLwaj
z+NJR}Jrfjg$cw8_0$!D@iJUX+=Xwz|PKnDSScoCLUIdMAUws50+EIS{Y@hA3eZH~h
R{|^8F|Nr#)CO-hQ0sv^~0z3c!

diff --git a/charts/neuvector/102.0.4+up2.6.2/values.yaml b/charts/neuvector/102.0.4+up2.6.2/values.yaml
index f5eaed4704..1ad558be40 100644
--- a/charts/neuvector/102.0.4+up2.6.2/values.yaml
+++ b/charts/neuvector/102.0.4+up2.6.2/values.yaml
@@ -2,12 +2,6 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into the templates.
 
-global:
-  cattle:
-    systemDefaultRegistry: ""
-    psp:
-      enabled: false # PSP enablement should default to false
-
 openshift: false
 
 registry: docker.io
@@ -15,9 +9,13 @@ oem:
 rbac: true # required for rancher authentication
 serviceAccount: neuvector
 leastPrivilege: false
+
 global: # required for rancher authentication (https://<Rancher_URL>/)
   cattle:
     url:
+    systemDefaultRegistry: ""
+    psp:
+      enabled: false # PSP enablement should default to false
 
 internal: # enable when cert-manager is installed for the internal certificates
   certmanager: 
diff --git a/index.yaml b/index.yaml
index d7e1d1ddc5..98e84db45e 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3862,9 +3862,9 @@ entries:
       catalog.cattle.io/upstream-version: 2.6.2
     apiVersion: v1
     appVersion: 5.2.1
-    created: "2023-08-25T13:02:38.902196082-07:00"
+    created: "2023-09-01T15:22:13.007833876-07:00"
     description: Helm feature chart for NeuVector's core services
-    digest: fcfb5680ae539cd2a02f6fc37b19cca58b85ca8562547768638c2a665564f5b0
+    digest: 0a9e683c990cf7e3dfb2612eba65f150cc17b186c86c2955e3c3239a4f27d062
     home: https://neuvector.com
     icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
     keywords:

From c28d3284e1ad57db8410513043c9304eac0061c7 Mon Sep 17 00:00:00 2001
From: Lucas Lopes <lucas.lopes@suse.com>
Date: Tue, 5 Sep 2023 18:23:14 -0300
Subject: [PATCH 09/14] Removing fleet charts from release.yaml

---
 release.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/release.yaml b/release.yaml
index 0d8f1ea34b..5f3c69caa2 100644
--- a/release.yaml
+++ b/release.yaml
@@ -1,9 +1,3 @@
-fleet:
-- 102.1.1+up0.7.1
-fleet-agent:
-- 102.1.1+up0.7.1
-fleet-crd:
-- 102.1.1+up0.7.1
 neuvector-monitor:
 - 102.0.4+up2.6.2
 neuvector:

From 590fded64b56e61537efb094456b731b32f70dda Mon Sep 17 00:00:00 2001
From: Lucas Lopes <lucas.lopes@suse.com>
Date: Thu, 31 Aug 2023 13:22:44 -0300
Subject: [PATCH 10/14] Updating regsync version to v0.5.1

---
 .github/workflows/regsync-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/regsync-config.yaml b/.github/workflows/regsync-config.yaml
index 7e773370b7..4d71c8c1f9 100644
--- a/.github/workflows/regsync-config.yaml
+++ b/.github/workflows/regsync-config.yaml
@@ -26,7 +26,7 @@ jobs:
    
       - name: Install Regsync
         run: |
-          curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.4.8/regsync-linux-amd64
+          curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.5.1/regsync-linux-amd64
           chmod +x regsync
 
       - name: Sync Images to Registry

From d2eec4590b34a8e13da59ba4dcacc0ced9a8962b Mon Sep 17 00:00:00 2001
From: Lucas Lopes <lucas.lopes@suse.com>
Date: Mon, 21 Aug 2023 18:43:26 -0300
Subject: [PATCH 11/14] Bumping charts build scripts version to v0.4.8

---
 scripts/version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/version b/scripts/version
index 66a5373096..2fbc8f5eb1 100755
--- a/scripts/version
+++ b/scripts/version
@@ -2,4 +2,4 @@
 set -e
 
 CHARTS_BUILD_SCRIPTS_REPO=https://github.com/rancher/charts-build-scripts.git
-CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v0.3.3}"
+CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v0.4.8}"

From 886d641067efa5b4f7763d02ff4cc713123889d3 Mon Sep 17 00:00:00 2001
From: Lucas Lopes <lucas.lopes@suse.com>
Date: Thu, 24 Aug 2023 10:55:58 -0300
Subject: [PATCH 12/14] Standardizing chart description

---
 charts/rancher-external-ip-webhook/0.1.400/Chart.yaml         | 3 +--
 charts/rancher-external-ip-webhook/0.1.600/Chart.yaml         | 3 +--
 charts/rancher-external-ip-webhook/0.1.601/Chart.yaml         | 3 +--
 charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml | 3 +--
 charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml | 3 +--
 charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml | 3 +--
 6 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml b/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml
index cb538b9453..e7de8ce4b0 100644
--- a/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml
@@ -8,8 +8,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v0.1.4
-description: |
-  Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml b/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml
index c5705a884a..eda6924412 100644
--- a/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml
@@ -8,8 +8,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v0.1.6
-description: |
-  Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml b/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml
index 88266126c9..a05d1bab45 100644
--- a/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml
@@ -8,8 +8,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v0.1.6
-description: |
-  Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml b/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
index d1ce69ed62..cc82074d16 100644
--- a/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
@@ -9,8 +9,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v1.0.0
-description: |
-  Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml b/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml
index c2163ca021..3e6057924b 100644
--- a/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml
@@ -10,8 +10,7 @@ annotations:
   catalog.cattle.io/upstream-version: 1.0.1
 apiVersion: v1
 appVersion: v1.0.1
-description: |
-  Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml b/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml
index 93feccac75..39f408a856 100644
--- a/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml
@@ -11,8 +11,7 @@ annotations:
   catalog.cattle.io/upstream-version: 1.0.1
 apiVersion: v1
 appVersion: v1.0.1
-description: |
-  Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve

From deb539c23dd42c64e117cd16fba7c5a08080852c Mon Sep 17 00:00:00 2001
From: Lucas Lopes <lucas.lopes@suse.com>
Date: Thu, 24 Aug 2023 10:58:50 -0300
Subject: [PATCH 13/14] make zip

---
 .../rancher-external-ip-webhook-0.1.400.tgz   | Bin 7270 -> 7265 bytes
 .../rancher-external-ip-webhook-0.1.600.tgz   | Bin 7551 -> 7548 bytes
 .../rancher-external-ip-webhook-0.1.601.tgz   | Bin 7558 -> 7555 bytes
 ...er-external-ip-webhook-100.0.0+up1.0.0.tgz | Bin 7586 -> 7586 bytes
 ...er-external-ip-webhook-100.0.1+up1.0.1.tgz | Bin 7740 -> 7738 bytes
 ...er-external-ip-webhook-100.0.2+up1.0.1.tgz | Bin 7747 -> 7750 bytes
 .../0.1.400/Chart.yaml                        |   2 +-
 .../0.1.600/Chart.yaml                        |   2 +-
 .../0.1.601/Chart.yaml                        |   2 +-
 .../100.0.0+up1.0.0/Chart.yaml                |   2 +-
 .../100.0.1+up1.0.1/Chart.yaml                |   2 +-
 .../100.0.2+up1.0.1/Chart.yaml                |   2 +-
 index.yaml                                    |  42 ++++++++----------
 13 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz
index 154296a545dede076354e94c08f511b7666da193..7571ecee2fe795cefd9cc6f389df5e2318c89fe5 100644
GIT binary patch
delta 6885
zcmV<B8XD#1IN>;ux_{mez2oE4-eBMk21h@*y}?PZ_XD_h>vp}8GLDiT+&lMGMeZvp
zD2gaYoY07Q7J!d93hBi05$7Rx2<`ef;bcs3;6WxUwbcT`;t<`~5t?BS&N69&SLg6|
zB~7(oiP|hiKK4L8%;k{8HoIXQ&uYJ;%!80b>Bri)TBheXVSj{19{d6N&cNx}Zhdte
zV#II;dc%OI{W>MKPiHZWaKxLxMltzCLp1MMD2|JtuG4dltpGDWAu*TFUg9{UH^8SD
zYFYzMVMaKaAdcbcDT5ckoY{T1@7hmKPL8c96}U_}kD1r)P6(f-BgdyRO`EPkXAR#K
zzPYAJz&y(ae}9fG8;VMn4Z4~Q4Et$9_>DC~B;trfIFTRW86u&eK^p!?){p4Z0??$r
zo{=bUt<{ufG);UgTWyC#&T~mo*R>vcfPLYmN&nALm|}MK31Ef(KROv4SM~qtz}@Tr
zU6g|ZcpirI8VC7k7fRbFLBcGg-e_(9>imUx>_Mkv9e*6a3pF$Nh+_s59N|RHBQT~(
zt}J|`j+|d`!e65ZO>iQ90vy0ughnBjZ(ycg0f{)CsOB8mPyU8YX&MGF!hpgAqu>Te
z#5f8=901}{TMBLHhbiN7ssg~WgTMoxq*y-5l|-jw2@qb5W%qVX_dpl~gvl13015(N
zI2;2blYa;Y;3LORIFJZNh~dGpz<q|eoGAX3MnQ<%_mRdSMS-l$AV3_!Bh}3l;31R!
zp(v1lU*VfWKuluHu%BT52F<VlN6;akTrDu(dYU&j!^s>cw&+N(^CjkpgbdJ#rizec
zh9+1{G$RagDoE^D@|j?rcyLZb;@^1iYW#-s^M3?09P#YcrR<P-@b0|@kl>gy!fA4o
ztNl9V4ZzVPpA8Q(*&xvbW|$|$XMm$1rX=Flfwn6E&j@EQ%-Z-cMkK_+hXntYV#YuC
zG>!N$|NeT4BRm)6=aArEvCjqNk~#4)_z70*pb4aLASPBCXF_dd4G7G0c^adT3F5{y
z;eQ@HJw86N41v}Ybq@MRQBRQbJfSnpr#NNe<NU|jN7aySwm?xgfl@vdAAG!V;O&$!
zps|*pUsJ{b%@GM@=VA<^Sui*Tl=xE%<frH2ORqd8bZ0ph?o(I(%o#1;EoZiVU1qo_
zbxglXN7znA$hRdLSxwFL6G!!(;C%j96@Nk^n5=&R%<xP$d*r?*`9nWWJ?OdaEbm{6
zK+R|U`p*sy;0+BhglL3ACTSSc01y+SeJ0R7IDiX0E(|MyP7+~`nY4ka&$=nYi9Jb4
zfV&Y5u+4CYeZi%!b#P#bN0;&mO+5H?D_i{2^B0z&i2$@>BnmZq{x><`UrXQ>DSzaH
z3_l5H&0s1K(Insk@l3*%iMBwnqG~p3M7>Nr&&^?wL7|?BM+b#CXP-Xz<=_-b$$|eA
z@|!Xo02%8Bom^<0OkUwxCa{Z5co5(*N<+z{p9teX#~{cJ!b0Ut3_MOlF`h9z5@?bH
zGx)EZgYd^^&~pZdR#r<ciG(y)Ab-b7D#UQHN?86V(42&HghD|TwS0N0fV#jF!nh!1
zr}IUbq)ql8$Fn#TGk5pR&u`Bz9sZGT)W-_@&+VU{l<mL1+wbq~znzq~R9Hh~EEbxG
z*XR+LA_js+To@-w8hMrlAQYd^L$K}K%6Rta6F3)YE$zI~PvQ0!CYXyM!+*dIp@ZUB
z)YP&Coy9I4(Pjr6xV?RnEzTDjhuhmPYao54WxetLVT!{TC(PmT21~&e<G(*}tK+}d
z>+Q$?PRgfG-N!H|GY=T%FeV}9H!*%T6J+tH*n`L2+gnT2vd%una^aCJEyVmP{`RGp
z*vjhJVj3n<)3~;aiehR6M}PU5<*0UkQ9cJz^XEBE5)xqeELLuj4}&B5Cz)NQ<1zUN
z9lK}@M}hoXf%-z2@)%Iw$2bkc8~80nq4Z?}ierg{WBnbg)@6Mz`Va^)7-1i!3<IMx
zY+4Bt^)bO=zyKv!SyniZ=7liHAB~jH?&X_HQCBQpSd9I{^(Z9ZEPqq!cd|q8+4|(t
zUy?CIIQzb=J9UjXArT)#=l9J1J?m5|sSnqpeaPzC?6hejW8VTR;V;UufW-=%_}VsK
zhnA{p2X1dI6vrN{KkHaioDeS7Kk(^OPL<1Sop^g|WwTQ0bv7&IDCENUcM=8kI`>Jy
zH3>uMNzfdX2C6jUrGHObTCMB}Sfb7dhx9soZWyLQ+^%VI6;c#1@U>5b`BNOEp%zEV
zu-W9I1j?7TT&Ea~E4J8hg@wIpdfht~fb<G_*|*{W9*?olJ?Ollms$Vfv06KeWlrZz
z47^U2xwT-hY;mMuD6g*yum94Pl+pbmqwI$yGrK$HpwNRxnK9~4t({&Y&fQMCFH57M
z(<tf>sQ=fS|4}d_Oe{(>f-2A4x{l#h`+tMu>imD~o(}et-v@CKTU#yrndjuwHEh2`
z!0f5oi<4mpmw(;<KK^4TB~vG2VVA2D?S9R*$HJQh$LygrY0Swa86jWRqY3$EX(lmL
zkE)b^CC0s)UtTDIyPzR9CKJfae>uKM<cDd{Z2CL!8Auf1h{JKN1I6-5DIQ}bb$e?U
zPc%56A;EDdR6*z8JJ9*iQEhCb^5uSqEk=-)sgsH_v47<r4UV|b#09ymie9jR(<>Y$
zcuw#&v*c#xD0?GkDO}%hl?{vSvUDV7Rpk4avBvgod(Y|yR%fHcPB02^Qm{Ls(M3k`
zzg_&4(X^Y@E>n7f`EC{nt@ZziL;;B=ZKi=${=a_Tt?2)wqvO5)-$}Wbar`GGBj3ny
z&V=6<3V+cOL*N3Bv#naGWE%))0W2yx4TfwlQ@T<=sH&Hxt<4RAw$?MUw>JCV-rnD=
z@NG#`VFzTIbekfzxlQu$a;R3C53LWsx3b>+AIMnb8ICqO4zObWKRq2BRrmiy_5J+6
zgHrPU#WCy7wTtg%&hwJyUGU8@?E7>UJ31=dL4RR9MNZjuAJf2tB#k(k;jRwU`HI!}
zntF}JSVnb;eu<A*$?v8gs^;{@M;3U6xIg_#Q73bSwcW#lyrz!jDwrtSt1|Mg%#?w8
z8#DB2;q==EQvo#XWqY(Zr=Xr})ACU*+MCV6qRCP)Bmhb#21{(PZOIO7hlFt)*(eAS
z%zxN3*OC8uhD>QdWvHn^P|-*lGoD~Hdp6}f_PX6(|5P^6t81XZG;69`YAd7@P8kny
zl03`9s`bnHv!0tjP;sPXsw~~56BKC#Mz-b@k)^k{&A_Yr98FAO$cN`fNNZ<}Hi{5f
z8G5AK64WU%D;G5t6u1U&v<A{U0fj>#?|&qrocc8M;O&d^{JG)25!9vsK(nv`jl6m>
z=6bFPM}kp6BFxx%LPyv$`saRpN&PF#&4)T-csbZ4BAlS`B@WTeCH83)Fb_^lyl_Hj
zkiRmdCM0vbQ&6()gtyZKvndUO5;O~t9=V1ZF}6rH)dE`?E%jrg5;pQYKXq35u7AxK
zX&ezgoy|}bm}8<_1o*46sNpp01S6jrT^SL!CU})?#rlIPRRx&UD%ra7po`hz>ZTTW
zz5q^TA}J5{C3P2Loh#65ucFZY&)VtkO7Ai<p{ey26U$O^R35d^lS^1$Rg-G3cBPhF
zZ=x@4r!JrE56fiRovyE;=$wY>41d2Ci}Mm;RR`uycG37u)IL{xs(coAubwiyOwX>|
zbBrePOA{_JJNz7lH^wn4STzaV_ms0B0{5ln?>Zsv4A9E?62l6wjj<B;ceH4LS5%bQ
zsPfiS8C|MTXVNdoZ|RW55;#jCX(p(HWssT?a<zb(6>>NS4RF>SG}&lwSAWAbAE`~_
zR2|kc<tdxQU(*14aNIW~!93ZwEU3dc8+dzLj+$T3|3er{akA-2;1&L#lY!f>p8q%<
z?EODGDQ)AkY$?z(Fj>6LVzPe033$)MnmZ&MI!<SGgV`Beqd_tTn!qFH1&Yy#goG2!
zoag7SbX<+|SHz%G4F#L`I)8`oNKWq)4v#_{RUvaexQE~#!Xx|}JR%XVecwBTM-#l{
zeNTLU2$cwjMMx~ezS<NU8D+N>l-w04^#<$Uq@w<|fSB|o^>>3=Zyn4OK%1ea8_I(t
zWn<gpTgcmEw*)4uZ1f+%CFYz&6OgK%>%;JXSbl<XJt<eyWVRVq41e=)WS_1)F}HE{
z1`(6bRV2rDBN4aSo|EltJ0bN^XaT5cKHH1b`;4#TL-}AMLK6LbdrQT(?fu-apBwgb
z!&f~wWD4Zlm=<zv)@DXvI2>Qf8)M|152e#f4}6Guz4c$V3f^!5xGMh7Jvv@E|LgA0
z|Lmkx?i(qE{(KulwtwYV%^lVDa({DNb@%G=QRBK^^yhMvOfX;V_AW;RY_R=*6JrlL
zS)ACb^G@|JR?Rj=HHh!q6p4Jdqc~2q6%jGL`AcQQxGkr(j4W;|+>em#WAVP1(rW%k
z$_w7s3|KM$yT=Rh|NZ0r{g1mTP0C(}{(ciWe@z|#(EQkSX@52TXEY+5w%!L?b^g=s
z_p0N6fB*N6%4Ttp)k`ZEkAG&OLZXS|(*#o{FK(`CnAfV-x1nL|4Cj{Cq`uNLKlPoR
zc`t{CD05QYJ9!_$!h56dJ1tH6-<jfYM&!i`cj{x6{ddwkS-AgufB)ld$^o1sE?6(G
zlv2!=w<N<TC4XT+q6x&vzd{qt9P2>cI?U2oE`fnfaTvlRq$8z+NHlo@2@Vk_b1e0k
z@f<~gbpR2bs7sa~#R(phk2rv9!l&>rhYtK4g*QMW`K15}Vl1!3!j9#<y!>#<X@ac-
zctK|~8o@6wE+HTZvz!UxUHPv9-*QI(OuF)4{a`xjihqCfPd1ObMMERxU!}3U`;J+U
z9d;dCkDU>^vK~8p7F&=1+d6<>P(o<R;ML1BW{K(VSL}1kApu5RRWG5xevQUs)A+wQ
zd;aqEnKKLS*hlmD@AppoN7eD~p6u<vos@&RtE1($)51*Bm%>|?9Qe|%Quo*S#SM%4
zm>AG841X6}8_EGrBDkSxV&0^f`J5bh#s7^#b|Z7poY=&Xu)R`O{tM;Ar&xh%S#PP%
z1yI~esg#TOnO)hZ?r$76i2cyBENeI%ju4w#zXLG`%B#%fm3{g<)wsR}T>fH?&Ur#;
z={t3oynduXY=EHLOSh?}asTep3_4(s!ARvHaDP)AF5Ng~y`5qh(=ephlCJU^`H(Qq
z6g72a@i;~anqiI;rY`}lxi?smD7!I~B>6#v3>3?<KEt_g2pY;~cv<AdX{vZ1MRcy<
zZu61#8SIrsw!XUBeU*(mm#7Wv&qxd_guBEXP)%-;7q4DkFko0n5yt_HZUCuMBU|L!
zuz%ATw*5$;R(l!Ru-ba7gdtO$;B~Tw>=w1f*v_GB{XWyNtVWF|X_eY{L@o<qP{@^F
z*TD^(LdtN<PFt5P@vR7u8kSq%W`3D}ZIfL_p;nVrrU6@tSJN%3!yK>kGz=l2{*}OK
zCe|S^PUx&Yy}~ApX`uebEUO-nt83(QHGiu_hNSokVs)<W-ikoYOysf}%?e&wx|f>I
z8u3zcbWccafn~+%$u=xgiIR$Mw}ec!^I>Os?xaSf4FoxwG}LTHkfRA`b4a=iwvS-u
zoh@=BuEwk4t*)(~PixgYQd>r$9!eO>q%|9frMct3tbxx9iK29Znk_)T5=t08J%2tv
zx*Kwp?Sx^e{fu=*)~qa*mIHs5%N2O1ev@dD2X>5UVi&Exf23DxBTBF2Z5GnIrJ@!S
zJjMx*e5_sW&Xmu>gH??liV>ibdQBJeeQky93rA3gHIymRg2_wdcOv6k#%@u(3!yg9
z+m&1kp?06TTS9Kp8mL8XSMz`SxqrVcn%X#6iKa3K*u9~-UDQnDpb52mHwOf26JIJX
zLzh*P>(wE@6$v%0f%_=}Ka~z}TMW!kqB|-Rp5w>qP<K{?sjd%xoMtKawvAxVb!Yd6
zo=V&|T#4SyOe(ll^p4!uWc%pp^n^M8YSFtkxhIrdGDll<9^N1Ka`ZI+)_>yOmN69Q
z^*838c@@BNgS9!&<`$4>fD(qEZZ|@$a#`t;mBz&g`SASw)sFp3p!H^NGrl!wNTdCW
z`_+q$P~K_OHE2kqhl~5wi;Ym;NoO`_NTY{~`_+q$P;QBP3mVesp~}4-Vt6;5S#vaC
zp`FD=zRp{{g9XuD7Wp-2V}BZu%lu9|#7!V~N8F6tVHTVDyv4l7o8Z>THeNRqP2<9x
zrQd(PQ@-WaI4xlK?)^rnH3?+V`jXVocZ7O9C}H^HMv`e=#@Hw08^Fk)7Q6M3G95B8
zv~7ktT;ZE%azFmvll;&3LqN$Sm3A1XFf^kUhK^-D52f#!lQ|A=o__#>e>{KvlZ>8H
zDTJBqn_v|;pmzJEjVFE@kpn)8V1$K9J0}4S;Cd>WAmz{wm0T45EK{7LSsdag-$8K3
zAK~%iw<Lc2*n@x2R8mS<kb)pOisGH|(fdcnkHdCRXif27D30xI#DJ}g|F7o%?hOY0
zlYRWxE=qm;ml^GaSbrAmRSwO1SBlFjJnYxk*N#8OfeIXxQUCrNcT2Uqhn96_M1*J^
zOBf(1a^uOJXFZs%r$p$o1kbUUU36+RwHd4wTY{p1&dgX7=IAIhncOf^Sq*8zEHS27
zrX|B{_ELc<I%I`Yp`PT_j94jvWptxI6}=9ZUMo5*)SUw|zJDr5hJ+!|D7;a<71$^&
zG2v6W`4;`(|NJkPnVF6Lp8!qZS|)cjQI*+<vrs!3@P?uZ&b6@&vk{L=bZ{(7sMZ-x
zgyvOYD1=5&K&5|@AN*A)Mx_Q+w3ikQ=WC32-IsD{(*JU$CGR%b@Z!I$tcw3X>R0an
z>z$ss`}qHzlz*JZ9#{uZAJ}KvFh>ayD-my5mF(P>2hVFF{`{;;P{eV18-xeu$JH56
zNHnnkCMsD@DU$V}Df)Gl=JTJ7FUkG<LA+a6Ev&NtPLHeSKaczS{Li~7EF~O!@D?);
z&o!sv!eF(P9|M*tE0<;hx1_j;I)r;VFf_qYfRkk{1AidKaDJHv{w+nJSIYcbc-!?g
zx+?qpTB)knhr~#RA|uu#%JW>wKvZO9<F%;I^sU(0F$2%IFRwbp3_}~r$&dvF<>^lD
zfjY>#qTl>7?p1Wu2W%Z9>r08E#r6FwQf&(u7goImN|k#PZ6NGT8djju*{$EX?;SI{
zbslithJSTApETnPUarSF=~`=`d!95q<Ig&L(QU3`%xY4U<UWI-o~*S@UNQbx>whEn
zXDh8=lok5F-#e|||JCpB^FQyVnEGEYl`m+BSy}B@6M)w$dolR3v07@%bZu81+C{wD
za<6wbG<6m$vz=m~!SZ&NjK(QqFR3pbovcU{m48Ou19icAo<D05{W|@$2F^lTOFh+u
zbEeXlqnsyTXu!B`UT8qLe|LoCNjvSHOh(8TlXt!e{soewg}Jdjm+8FT%%~xapE6Eo
zUn*q)D$xxdC^PDws3w|zXx+CjE$9C%V{KbAVAcG8?4DHff1m8nfA6L&oBtupy1d*D
zFn<%lH?93@TWy{#Or=(%mL5uxSD;^_&{qI|&pLH2i%cVu#S?yY=2>sKwNjGG^%>eg
zh_BIR+mH(1s|okeO85cG>iNI8;A6w(|BCs)cQhDO^FQ_7<NkjB-$gO!|03geW!A5x
ze{Y)Yi#C)tS-Lq6D4EEc2kY}~5+>Be27eCKT*=fo>_MmZq~BRXk+2y1jwXX6e-&w@
z-?{G{luX#W-utqeY05I%d(vNvW?BQsG~rK5DgD%SDn<^whN*j%Qr44hTLRyiZlaHh
zZf@#tvrgm%W$)YycM30eIdkWa$HzzcyT&x5)vLPKh0b7F6{@`LD}3WYM@5Q>iGPW*
zP62U-fy$3qWZT8#G4{C!oj3H-pW+}5aq*JIScZ9c&^Z%Oc3J>ziro@$OG)7=^FYGZ
zTEwNKX2$fFChWO3G4oYs_jFd-CA4DBuv&ICFsqJL)pVX#9o<E*n)3U>`JD_-6X4#O
z0GGt`Ytkq6?@hU1N8@A)CRaG>5P$1KsuUys+=CxoS8X~}j~W}hj`<B99t3!9XV1Tm
zAunNH+{^R~M0TP}G?`oKk~VW%aS2Dl@33gTvwSUEWq%z4^QFxZb<kCf|7FlUT@GC}
z0epM0%M{y}E_KBlb(Q&3H4^v2xN~7#t^)5aj9b=$8wOSF#L>7_$+QI=>VMjf9SP~i
zI%y;Ddb=2?y<H8|P1W)WyYq`55=(UW)=b$t7#155?;0!1X61l-2orf5L%GIU7Oi?F
zQae!+o6Z$qw34`=wMcvIv)Ni?yZ-;x`#&n<?WTJ_Kdg@bI2oLrR`b91-F^JWPKvqz
zqY^b&_I?!m*9!VnRW}H_mVbi2VN7+4C{7cVx+%OB{M9|}%|i8CZ0|3Ho?)&*FE+o+
z=C~Que|Ml;?7G)x2)`><rF*XBEfTKdW@mtXBR#tXrJp)QD#-#Gaz}nGklz@MT&FkK
zGLdxl|A(ZMhT$H_)!Q<;WXApe1Jf%9VyguE!*=MUA<g4*B(%F1v47=o+^6Qs?+RE8
z-?@$`ludlAifTies5ZW7owPY+dJjjL_Sz@JoSj8}auf4bDrjT!{J2Z%v{y7+xBpkK
z|FXMD?yvw{vHm;ipH%aI_l|n|_`jVLbN!bk<*h6L_5FRTBLB+1i~I(^(mKTO6E<wU
zuN6?fmQSzNA+x5>MSuEeOb2n*!=(yG$pmx5pWK!<nWK1%q^bAEevt$dpshhL6a`hs
zqj6`_G6^$X=_;0TsoQ;P`{oZJapGZ+c@bVk0sg35AKL+P!Oy$6d$bzNr%S-BKXcQX
z`87jm%e-&3^YKLriU#-#7nCJne$PiV?zOCK{~>j2?Ivd63V-|0?GLK{|Nh|gcyIsh
zqSV-bkX=w*ZwF>_u+ki?G<Jv6eRUl_G}*qHviA6&(TH%m(LUgc@!xX?)$`x|)Bb+^
z@1)d?|JRDu_2WO2gS9pUD-EuB(72inZo_lN)n@L#e^^I>HB{eD56&)P-E!M;iS{ia
f{m??YFZ;4D`x3G*cP{@Q00960X%MiQ0PFw&ogS4G

delta 6890
zcmV<G8WrW?IOaHzx_^@&ddL0alcSTq+w1?}_6EnNgCD@XTes_#lyQ{&;NH2fDso>*
zK~Y3G;)F)bvjBX=QAj6_k2nvpLul8>2`6KM0}nD;sjU_e7KiA@j?fHyaF$6EygG-!
zD`~3zO4MdC^05c%VJ?Rxw%HBicvkxzWgdhiN<Y@V)iOQD34bFr^5759cLq++cI&I-
z5F>^&&>IFs?bj)>eL9P2gd^VkHHyhE8lrj6LUCODbe*1aYz3J435mIU_Sph>iQ|yo
z0H0#0X%RSu8R2AtIEJgI3|{<lX7}B`Yd<|XIku)$;4|esW?r{DA$*#S9G}iKeYys%
zHH=sI=9(q}^M5QG{5iI4C@NVt=xR1F?57FgH`WZ1h$9l=M1F*4h=hU;Y4{&mKcY_y
zK$G`+MxwyAR#ThNH1V-)wH*>U-z8OD*Lvtd_63(F{Xa)xirL*KfED`x=wxtQ)&Hl*
zy}kb5ML9Tt=V3^%agdL6p|pJxB+NqUjn?L`&R>Yf9)EN?*1-Y1P&0#%IA$=x5l-Yh
z0%Mxwio!SQ$oT~){56Wu1SjGrzyX{^XcS`k24?CNkci`nYR-}U<ZsxNreOdh3@A)6
z3T}WzjH58b0U$0lrO<?am@+P>DgZ1y2t43Pish4BL3BEn0O8eGc5l~o4}?KLm~7z*
zpdbK-!+$X_GKp{iK63no1BqaS7#<u8+-Hc(iQ-Rb6oj~aA88y?6v)a90>lwKQr$cO
z9x~Y<iURrf6}~wH#3aTH`w8Z6&<qQ31Re6p)dJ(Kr+H&DoXl}zi;e_4Ut*3($N-IK
zst8GDXoAHgGr|z3g2av`p9$892j?^-{*4E(#(!@pKTj~j5zk&-$_|+a@7`Mg363cv
zoF+H9%CA%0031#7+3+Bf4H8XYhIvAK1~>|0N+NC@XuAUNjBp0Stc?$2L_!>VNbqkd
zX8eOs(})lA@2{sg!gE1>4hjAh`&>{inG+v_pJ2rfnm`%{Vp64XCe&8efWSPLr!fkd
zAb)O56Yjy&<KrXC5NJI~=b(QS^#nQ36FS3uic=;&&VQVJR1N873lwz|DCJY}!N(g1
z-cAVv8f*FaHDw&o9Fb6VF2*351%qQii9fYKetIsx^vYvGca~$}K6T~KoYC^#a%St-
zWrmAV$MmaogzaR6d|RTC)zn-+aa7+4&VT2ARUssT$@&+-49{e<NA7EqKlJ0&gP!Zo
z^8Td=)O^;j|LouZ-p~L;h(<VMl7=x205LJzX9C@W1GvEB!l)AHBoXGANgJ5@teY~N
z*prk5xEs*`+YE=;7hLLE2M3mTbSa<E#Dh<_vc*3=e_;ul2tX@FqENHvf0G0LwSNR&
zkwQMm@RM-X45kthO#&_u&m>%#XbS`@s%E1`)XT*4+#CiO6zZ9HbWn(M_UUt94o;zz
z9QaQmzbV53kg;yi$%WR*<Q1M}0=w9R2LT?VG?YyGi7*ay41(MstW(a!z~eL&;~B#v
zfhI{Xga67o2!DJAJ!f!eWwqpzNPkFk1#+yULJSwHgyoL{%}Gc{C=^st%a@l5s0%zH
zj0;kBI$xAI+GPK6Jc~myb9dkT{Pyh9;UD=%eXOwm-2Q20{V&!qd;4!E<t-J~5E+X_
zCgL@E1g40Apb;0wNs>mMWdR7q=kpM3JGU~Pefk8>g<4BHZ}d~Ry@d(pVt>dmutVse
zI2JXvY(ZzSOGmWX0S9hxpJa>kg~s9b_RAVbUujuy{C}9@FvbaUc)Y<<aK-rV58Ueb
z@42V@@xPPu=~MSH%*o6HhB=H$i1|&7pUnhW{3-U}argGt61A+ekFi{MWJ?P%zly(o
z=_R(ZdbXH`Nz^p1?V_TX8h^o2er7qUonMsCLDc+tj+2B07(R=YTjaywNd8G?m+5#+
zK0?PX8pBZ_|5l*B5T-l^l=m@C!|(=vOHn9&nSkP0BH>tn$EtN%pNl>OLJUUOM=8U=
z=nR`yf<%2xa2PN^309UB4y1V@O!7w~<*$4B=2FxZix(DS|8PAD34b`tRQjFl(0jH%
zx%8K03=z)0FY8WSBTh)f$I$sbvwzPzl}hTvwP+u*x;8s)n#kC<z)JXwax7r6!Y019
z&DWu&s@j3uTMNap2kXx|))Xg%i}eqD`jk`UGFvC!-dfqLRC=AwN;wL-F#erH0lm(B
z5^znzP<j$HN2P%(&3}05)0S2%djgiIGr}Rg&Yl~FsSvkonp}kx1q^)c6Jh=o2WhCq
zkuq#HxhR41r7hPfM&pVtHe6w0ubN)>js+mSf?oEmc!0-a>~jw~Z|G&#zj&<H&SII<
zITHh~Q)O-~7%W>HDHzJ@tHSHQv?XP9f5<5NA<4|{jyWjwpfgdXx>IYX*NAhs)9%aC
zsOU6``UC3!_2z#R%m@>U(u|<WGq<i|c-8*jpt}FpKXy+}_mkZRaS_{EE&G}0<kK~5
zzeK?7soIB=UkI0fUAMp2|GOxeIuQ%IT%Bn5Ypy*O-Yhs~52Z<CPA16+`LZ5O$UjRn
ziJ^K_rTi-~?$!MALJ8aj4Y4tqKxY2S@l7H>OoL|A-+|9Sq5wx6j&mI-mQPCY7%QpU
zTf2Co!TAgcjzggeI{)5*&WDa_V<VL>_d9Gcf~-uPRFsK-E%#_}#Dyj<$YoXZf(@Kr
z;V8j#g0Gn+H#0}s8#zni`i84)SZtT2BQdKY-^YwKwr|^eRyVLZ8zpvvQGk<z-4Ts0
zGLrx8;-`$J-K=(*(i6;gvp{IA|3@SWNHl3P4XpD2_4{r`{~sOo_xgV)<zB||pOlPz
zBf~ipep@JiL`w{T3p~!YYNe8GAe;rTsN^&lvb{{{O8ua!UY52tHw4;R&&b}|?0<WE
zf3w23B~67LkZICwiqz&d$-~Q`T4_GCKK$Owdh>rE<B(@K+UPjIiuwQabZ}JN{~PpA
z_VfQPO3D8h$E-WoF20vJ&r6zj!8gaS@6%cA=!kHC2ZiwzIc3*<Oal*+G~#52yE;(k
zD^}xc>NOT)8Pz5FB|c&$zngxjn$sH}S>P4o{`4nBoy-;1b`J~knmU%NV4`fV%E-Gi
zQwHj7%+RNW({CG01<<sY?a|_lf_kz|%SW|nZ#D;uCQHGP04SLlEV041B|ESk62@_4
zqaa9sFk{bLNB-v-GNl2Pp{52wMI&j<c!JUF*_89x>vntnQ`tbTu7Lv6tf_9Pt&mPQ
zWjw%1@+=Rl)-UJJdT#ze#gUe&vUHbDP^1wU*_u;Cmfqer1F!0HG%<-GAD$Z_t(`U6
zC_-Rm=#g$qP^ZMKT+~!h;2ONq8c6R16b^xZypx1->eJAJw=d4~=Z5=6P?!D#&B6vW
z^6JHy>$xTz2}S{lFk|Nl9bwPtpZoD8^{+5DAL@wV<zSPDaDu{@I7By>*r!pzJUB7&
z!U>^4{>qS=kj(K;LCLlg-cA$DrZfyn&@4cD<Qi(k*dp0f3v6Yy)Q^oy*vRwz)LG?!
zyEbE_aYXoZHbYThj)`s&;IGP}hSRJQjC^KvWklGT;8nI2>kq0_6<}7YWb4X<E@p?T
zn_A%c0yve4q&(P{)Lo2qu0XH7ibDH8Yp1&_z01girq)|bEKA8zdDKErE@639O{%@x
zm0EJWiN3U*x_q`jER$__y1s^@a~h_9GyGaC&P#+<9hf`WMdLG3`&{j*@>$%yddloF
zJ-c$xF`CFPO}NDD@N*R27{{n!)g*M^Q_g}2+?Sfa>x8s3Kr81<3@f}g#!A@V(V_uf
zQBh{2%3D)qbg4$2NxvY!r9&1=;4FotnV=4qL25?G)dFf($l)9`z*%?DWTUx%T@BZK
zq&AIHby&}or)&~`O#|$~ao>~#^JL$$pbq0~;O%WWYJNTc4`D3D$)+cPSNMNU25!H4
z{^Rs`@Bi6JX&awqOM#Yw$>Mbull2Quz<Vav+#%u6aXPCT%+BB%4U#d?1RgmrP>e<-
zB%EO8JU@S><7%A0A_kpmDA>Gz*Exhoa(bU|cogEO3Yqi4Jp}g<9^v2M5s7&1``#fu
zn&2hxd*b^;s6;p{LSh;A)u!0UD7&qo<gP%eH&_QJ74^3T#H1&wzZ=YY>tLn;+6*<_
zP#zp98`~b=Lf#&`B`{fKqyGRdG3O+jfK=^VABG3S@)MNnNx7OPv(2b~Vwis;`*h`r
zxs9_oh?sn?B007jiMZAFoNQ;?38{}l3qVct*<PgHXM80e$_E<}lIZW-TPn6~@8^d7
z+_0Y;zUsLlQy|~Qw2*7FHZual;rLSC7$fg|D4kw<;6u#ot^cxB@P-S(Rq=oB(ec9h
z-@*R;&rV9^zL8Ss&$lsuWLu8a+)-^W_czB?cds5FHLmMLe=bMK1oPEy?{Y-I2HXEP
zG4`O7#fiN-?^F+C)ofE#gZREpk;r#DisM9E5fRgyzf?wy+j3gV$l|ub{RqiE7Vmp0
zt>%BEyx?ukfEDw<d%O_;-#^~p|G1mdr0jL*?>C|I*VOS3&5vDwmsaC{MkB&$>wTbA
z=Re(kZ(;nO?$7`1q-+)kS-rG!@%U#ZDkPdXK20!X^3vw2hIy@OeH$9a&TwvNP3kL6
z^Hbm1nfG#Nh%zVTy_5G5EW9`RzSGjA|D7ogXGC7CaHl?2*?%X!h5Qev`}-evQx4!9
zalv|drIcc}yd@cbMkxsc5=|gR{uP>F=2!>n)?t>$atRD<io*~lAss0lM54(PNN|Wa
znPaKPjOQo{tOJPfL|wA{C{FO0e8d4<6F!B1IdtIXD7*n0$u9*+5My~I7IrM><>iM<
zP7`b$zzaH?(FlHdaR~uQnB`0e@5+A__?9#JXVR7b>Ic(*Nmu-%f3kVhEgBjj|0<2;
z-FM7-?6B+DdhCqQmG#)+v)Fq4-_`;Af)YYg2CrV8F-uH;zha+T4hb;os(K0i^=mX9
zo5uge+4GmL&zxCs$3B|Jf4_IyKdO#@_h@hb?W7#kT^%j2ofc-2z7*cF<iMA9mAb#q
zFK$@W$Hahtj$ydi+E5N~62T2k6Z0m;%;)65EB<c`vKyI$=A<T$gzc5O@?R(?KE(=D
z%X&+7E`Z`*N~K)H&+N)Rb${cqLF|W~Wm&`FaD>>@`W=WlP+ny&uk6#`smAp+;PMx9
zbiNZpOW&!x<n<#BVgm%_Ub;;+jr(_(X3zn93`Qz{4}qKFaOuV=>+KZ7n1&&}mUNZZ
z$cKb+rl_eai^nla&<t~&FntMV&Aq{jMA?m@B*_mVWT04<^%>4}L(ot@!^<KsPE*DE
zD57%(cbku_&tR`Cvh~%~?yGFnxkPPPe@0?hA>1YAfNFA!ym<BUf&s%qiZ~8nbOT78
z8rdR$*M^<Wu<b_zwc5+jhSk<vB@CJ31h11dWVfg-#&!;6>-U+CWi@I%NvqVpBXU^?
zgF>zZyAE#P6jFv;cG|jZiEl-K)Ue$8HuKB;Yn$vc3bmS~G7Z>Dyqa!N9p-qQr(p;I
z^{)g@GqDbVaYASH=@m9%Oat{dW?A)sTwNo7pQ~9VG9<-U5UX=__f`aIW+Io>Xjbsb
z(!JDt)`*vqqkBSX3oI*6Pqty1N|aQ5yCr0*oew+9b0;+-Z6L_eq@iXrf*egin?urF
zuzdtG?`)A9aW!5QZ*^_`d|IpKk=il}^-#i4Cau{>EX^JNWet2@NED?L)NBFzl~BTe
z@aggK(cO@%Y$ps$?PshjvSwwev>f=eT&}=7^_xVKJg{R-6T4{j{Ug0n8&P^CZ?llz
zEfuwx;4w~c<YVn}ccy$69;|BgP>cYb)N8t!?`tb;UpRs~tf5Si7EE3uzY`hXGIopN
zT?n;--mc_Y2(|mv-4b$()<7+CyPE%h+t2-N(bUGlN;H)@!0rvr?V@HH2TiEmyE!0G
zoA^?B8M>^RT(1uKtw^Y04ct!=_^EV&+hSmT65Uam@Eku*hq|*GOm%(m<1|aTw`~M_
zt~<Lo^i<-$;Y##oW>UeeqIcxJCfi3(rzgz$SBu`Y$vvUuk~!L<^YH$-m!qeD`L`DL
zwv3@bufH+(%&P#F8?4QFHn)I81C%iQbh{C1mCH((tTZl0$cN|WuXgNT0<AZDoAIqd
zLmKU0+^=42gz`?Ku0cZ@JzU(cUTlQ&PCBzeLmE9?+^=42gmO#VThNe34^{5%5W~Ca
z%$lPC3+*f}@^#+o9W03MvdFK0IUCb}T;_M$A#MV>JK|>C4zt+I=Pl+v-UPQ!w(+`|
zXc`yhEdBoTo$@WW#%Te=ckeestw|t@)|aGyz9ZD@K?%bjH<C>2GR8g`-vCDbwAihO
zl<AO(p=~qF;R@e8ll$@Sp5%YN9|B4yskFm5g`pX>Fmx>Ic_@9)oXl~5c=H4h{NwrS
zpJeouN+HZ--vq0;0kzvNZ9MVQh#c@y1S2d=+Bpeu0M}E|1SyAhsN|yXXPM$0&EgP0
z`3{0J{s@mBza{bG#~%EHrjk;^f)oVNQ55ftkKR8rejK)oLTifuLUC+wBL-|`{C_q7
zcW*Fo2mAQ1U6lIxFEiSI3$ZNNs~np3t`wJ5c-XJ6uN{Am0~I(XqyGIl?v`qI4=wA=
zhzQX-mM}n2<i?Xb&w4OjPl?cF37%syyXe$tYBN|Vwgg21otd#F%+XP1GPz--vKrEa
zSz=7FOiPB@?4<%zbjS*)LOsc;8L?6T%jiabDta9*y;gKss5=LLWPDYQ3<*P^QFx<z
zE3i>mV#23#^DX+n|M_1oGcz0gKLMJ+wM_16qAIfyXQ6g7;0;9+oNHqlW+NV#=-^nE
zP^~kX2+ga)Pza5lfJ*-)KlrOqj7kltXfG`q&es_4x-aF@r2pkgOWtj=;l+PhSrz|(
z)UVwC*E>BP?BoA`cT#d5dte<vePEwu!yF|<tVFzJRkCwi9z3s!`17+WK@rF4Z4e%q
zA6I8QA<@JFn5bkqrAXF?rs&sIn$LeSz9jea2k~xQwXn+mJ3X$R|2*#R^FQyVu#|A@
z!CTBYJlC9t3xm~GehgTqtX!H2+>+uV>JaYfz|aIo0Zx{GwG4n5!}(<z__q{=UMcf$
z;ceH~=&J1VYo)4Q9}*)Oii}u~D9>{x15uHcjn|?+)3;)0#|%8<zP#!XGYoAgCqot#
zl&3qn2kIc}ihlFUxL46pAFy?dtS=>s7T5Q$NVP3sTv+uMC{^xFw1KcUX;^_qXSaUm
zzIV**)_K5xbsN^@eA0|Fc)1?yq-(8#?s?Mej6dt}MYp+%F{?>YlKTvTda~9sdByl&
zt^bYOpRKfhQC8^xe($t;|5v}i&;PueV(NdrRKB1gW@WWsO#oi2?8V^A#%if4)3sf7
zXczHn%e~&&(9~J1%yx=_2Fu%7G8(6dy`;W$bh09UQB)dn57Y(gdH$?L^y~D~8aNAW
zE%j6r&Y4PIj&h!Wp#kH%d7%N}{@oFlC+)O*G8rLXOy2n>_!mfy7UstCT&DASGoywy
ze#$tVeW{cIs6;n-pv<UyqMB&>p>^NBw4DF5jJ0jefK~JVv3pX@|9!GQ|Gk^CZ2pHV
z>+*7cJHSi?-?a9tZMAu}FqK-3T6!o&UV(mzLSF&=J?qr9EHaHq7Ek!qnP<J_)=Eh#
z*Jo%0A-+bNZ9^)2uO{3>E8zz$tLOjXf{zWC|10MI-qB!C&HvPQ`$zlve;37^|BH;@
zm07=%{=I3oFWOMrWa;KOpkyL%9<0x|NtjT77aKTKb0t&Xum_#qlYVCnMZ#k2JDLoR
z{8glpe&@b-P%>ffdhg3>rYXy4?@50xnrRIj(}X`MrSwzRsTeuz8m8`5N?A|3Z3%p5
zx`{q2y1A*p%{q}6l)ZB++$p@=<;<Nw9v>g&?;6vLR<G(_7dnG!RjBf|ukeir9Th2m
zCMG7zIt9cT1}Z;dk!=@`$Jpl{bl%WQe~N=N#KlV*V;Sb*LFY_B*=Yf=DRxW1EhUAg
z%mWEqYY~@{ni<nyny}~E#LQQj-P2iRm(Yqi!)n>pz^pn}RnvJ|b#xcKYRc~i=XWwV
zO@MoA0$dW$uSuWOzc=N69gUMIm|Wq1s6(s|sZxyia}R!WUA5^@J!)+1I_5Wcco5*Z
zojw0LhP;G*aWB&|5ZQ??(PVC^OWMq7#U&gGzr&*W&hoWvmHl-H%$GJt)InD@{+B`b
zbUAd@1n}*}E>mn@y3`eK)K%tB)kxe6<IaU~xeC0yFm71~ZWvUx6G!7#CDRsvaHwlL
zb|j=5>!gjq>+NEo_I5Q;H&x3k?9MNKNG#FeTQg<rU|4KKylbp1o0S9VAxz|L4CNYY
zS+wezNbN*PY&utb(MsZe)*|h-&t_|p?fU;$@BgTbx0~+${IELy<79AhTFw938|>ph
zc2dm!AC;)NviGCdzgEzvs=7gc(6tow4P&ZXL~)v^)J@^7;IHm!Zx*WGVtaon^bB(i
zda?OkHpk7N{<{O+V%NPkL-<{>D&2D}Z;@~vH#-CD8|m3CDE-taQb`ujkUR2gf&9j3
z<T|~<mWiaZ|34(9Gz|AZuHKf(B{S~#ADCV_5L+eKAGSj;4QU>iBca`Yy@)M`<32T4
zepkR+_|A1ip={z?Ra6_&M78lv>!i&o(|b6|wAVf%=Iku;lbe{gQb8M&=f_=Ar@f-t
zy8XX;{g>TMa)$-riuK=7|D>A#yVpP6$N%l5nCrhRDQ{%~sPFGv75P{8UF0|TmDVAK
zpRi%;eXW4<wS0QD4w*H7eJ;{RV>*bd9xhclN+y^a{^Yi_$sEO7Bu%|P_KPH#0BsF|
zp(v<29*sMbmPwfDN>{OzOWp2U+c$p*i4zZl%!}|U3h+ne`q&PT3x3|k-J{iDK3xK4
z{h6EA%&!?jTjqVMosTb4P&B|_xS%Wn^Lsv`aj#`<`wyvGYd0}}16SC8Zhuhq|Mv$c
zCwu#E7p2DjgY1IhdOI+agO%oBrLjAl?yKwgp~?2ml(onIj7EghjrIXojQ^fHsGk4s
zpSt_;zmrlo{$DFr*N^{94%XTbtTedhLE~yRxDC%4SDU%}{$U*j)=+&rJvh6Fb<1tX
kCEB-y^g|2nzU<2tzU<4s+`0UJ00030|9;opZUF260N<Rf2><{9

diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz
index 3914cb25c94b4a24bb7c5faa513a9db68c294916..a918ef224e0da64feeb39c6a63d1c499bed693a3 100644
GIT binary patch
delta 7447
zcmV+y9q8i!I{Z42N`E+CNKvvaXIPu9%R1iO+)XkrJ2P8bsi_DeAqiuO;1Hl3Z{n+a
zjeEU&k}LcoL5limSxz#-RAnp@1iBlI?na}5&QKDLapvNW9A^oNU6Q&tcrd2)x_vfA
z8TW3{B>wJR#rJ)`cYG}W@B4oJ|DB`b&Uc;T<I_&B=l6O?-+%d?-bttP9r*X_cD0f-
zj<WCkd-qjG?kg!MNhn90(1ZmJK!`Ys>BtKa=P~vOZHGAHWJqunfaaCPY7t>+jBeco
zO>h9`nw#MD1^h#CQ{z{nHcL^615ghOJ|wBjZW+gu#_uQ#ASOxvvGJ|p=_$?_p-BLL
zg09!|I<DVb9e>9dF|0vfFd-Vh&WRh+NlFu(@Wo%Fl>BTUnsywNrsYrH>v%mU!Ys^4
z%H^|HIF0Eo@G*vl)__x(5KcyjW4M0K;Oysfx9fL(_xZ`mu`{Lumoeul3)<}w;p2SZ
zg>+(Q)3)er;Je1RH#Cb_;J6S@vExEn$#KC{bAjP7&wmKNbtZ@;9FYWP@*_M!Bo;Kt
z<A2lrh&~+vL)x1ONh04_PH9H-EX1<a^^hpWTvF8coyVSFUwBz0|EDO<F}uG4SR((A
zPI||6`G4B;_ws)i<=_Bb#xcFYQ8C+v&<;tIF$bwPMw-9AI1`TpXtkV!12|KfAw(QA
z7~uqGQh$%YkY<Ij2(3C&zu=6&K?xe+O#B2mfb#?mVl3alM7;u%a6D4Yd9t744I9%u
zj$nWR#TiD?Es%t96vsFM#HF+p(lCs3#-*wPz_NoV0G{PoJ}HDmtK|p~UJqsWZbSD#
z7(|507M=l$B49Wk0wbdYM-U<}%s7w)28iL_v46mQg1A%^f60?5#_RWyr!hs5tjr)n
z9KjRS%`@OJll`G2l7C<0+e1K1V$5)uVg43PumDHUp-`?4SZ@O}HZH^26lbpJNDSvI
z%n^whpaIPlA;|=duuwDu3~4S%>^bt87&`Ibg2p7g4dC_gE#(&(W;o&c)s^g!1@QhC
z2Y(>LDP@Gy?6wg5O~M<1qfwy^4>WI(WCRn;GZHeuNt9BOaOc3-6@Vv%GwAC!J`53w
zar7a>zvY<m4<XGH-Y>qt8RG;`1^GE-_*WcqLAh*7LJVPs)o{=Z@-z~Pm8P1h9o>My
zyx^xHikTp8N;4k7^W)<q$6{!ss0+|Pihp{7oEI6LU_Qn<6CW2p&OfS#OtU45rU{hu
zvH0NQtq1SMgaJ(r|NNRW4rq!<EISu-5KW@qF`z6QJ0L&35MKt>Ibk|0u<)Pz@@Fy7
z^4<KwHm|D#E=tp&U*`ktW&;$u5)EC`jQWYE`p$5n|5b&Uh(R{L048`Mn?3U1kZIy!
znC1a=e1B5(FIk}Bvu^We2M6$$Mi^o=z%i3FOlbs&iP=68=pG!vB_5WBl|Uy;Fvm>V
zz%*p-oZ-wJ<s`!Gghtq9IL4tErM7c$;D|?8@(IlX_;e>*{L9NTN6<t7S~C)bn7#Ou
zumlx<A)ZaRD$!;LR#w%sM%2^nd0|fj4TX9p9vzhItUrAj%E>8&k_Z1T_%~-b0x~oW
zdIi&ZnqT3CX4u&#0*LSs<*^*39|+?>hakue!b0UtOgv6wF`qF!5onSOGx(2U1mVvw
zpyTxp9bHQ<i3B&-AjgU;#B^~gSbi_i9L02hfMP)vwS0M{fV#vZ!nh!1tMx^hq>Jo7
zjwfj>G<W;$kMGW}JpPey)W;J0&+nd|RPDd6-|g=0znzqKR9Hh~C>ENCH^>nfBL;#-
zTo@-=o&=5qAOv5?V{qNV%6ReV6L^<uE$zKEPvPzkMwp8!!@!N9h0;{iG`t0^*)BbQ
z(Pj%gxVw9%7w0pL!`<DNHIcs3vfBLrFvf9;Gv@JhgQeh-`QPpN_4(iFboTRqC*{+p
z_EVUWNdOFU7?K$C+Z4Z;2(pA@9Kh4|-JK(9Ip-f!x$w|S3!z`d-=XvpJG!1L)G$dF
z&1<);C{!bO%FirkwfD2~If$A+PH~ohkqE<Qv2sg7=pD&F$>b^@4#`Joxn*NGiR9l3
z)H7kqV?ae8!#s{};kO*c(w7M+O(hbZ^AD_Am-V^mLm<RpfJ2ls42({&Z6!$5hXltF
z1C(K9S>Z^U7s4ceGEhFdS8uOGU9os!DGm=;qmY2JN~J%@4ucn~lgoTbhLB)?{e4w-
zni^?F5<Z01ADR0{)~Z!fAFf3Em^HQ8TBiv;d^1A{e^ZVHELPYgG`9IFv{Y4FaChgR
zG!0;Nt>cVwMz~o2z^6|IRj%|p@$SyiTB-6{Yo!8(f*Jool8D|EJ_)!XaV$LvW<;fd
zD$RK5)0S2%dj^iEGr%#u(a$Y^!&I=_4b84&iXsM~@rkf-jH5g@>_{25o1Eo9`O=l^
z6svJHEG}GQVXxX=_m%@7y@G-MRy@GNAr5%}t+(___b(o+wX;~}w9duEYt;w05e%jm
zM+%1O`l|H$&uvK=-5)e%KV;hMZrPK<Od4gXdyRH_13R}{>wQ_76|IGTtp14de>MG&
zq6uMQQK|{5Jael$hL`RC^^WWM|JXn6?e+gIitTS`9_8!ja`H_(1I$s!xh6>zz|SZq
z5#l5n>80@*O@?HYm)<fIA&!FjoU{GGp5+WK7Wj8}4nS>F5-Ofk0Srlg#UXb?<PI}B
zk)pkE>Cs*$^Gkgz<bK6}C2GlWD13wO$OJQvCTRdk9>>Mj)|&lH3-Xy7Zdf6peyaB3
zVuBN{2wV^}p&Xv9O4UP!gzc3U6l?ri*QjYS@v-Ic5oHs^txxr~@4S&So<+pR0kk!}
zu&ZHk0EURfd4>zG<S3yT-f%p;c~E$48ae=39xFGR3n(Rj%V?f|YQ}Vxd*Alk6>p{;
z`A6YHE?%5np1*u|u7CV=@yh(DxjkJ&arS`oe>M59O_z+uc!TZ0<?_E*lmA`6yO00a
zNzvj&EbIz#V%)EV^q6@w<Cr~^CXKC3vH=QZJ(`h!RWykudQ_$2D>3htemPSNcS&Px
zDHG7<zntGB3FAC}T5S4z@EJ%F;e^9+Ap^zoNeLcnC3Sb_mQM^gpCQ9(EJQ);|F@v^
zp{3f`NaV}?4p+<|M~jo1FmdG`4Nka_#3i|$np|*!(`%e$cuMdMbL3{`K);b%3O6@g
zABNd>Sw0Y26@?*YY+?JZyC3QWL#=0tn_(2;tQ_uyCYPFj<Ud{hplRCHwX2jKVZNIM
z!rJnGK$3_gqjl84GXGz<>(}J}(b4f<{_mtb$UOdw;*oD;I&0>4g+O$~6u87gy;UoP
z>;l3$0JB2QfFaw{LRZQMRrRW}wYeeC&T2;X*0lfK-NR{xZ;P8sJ3vd)ZL-wnHp%1j
zp;~D^wmkfQy_MDUe<Wj(Cpg*YIKUG9e|p+Gs_*}a>U;gagHrMTr73Gqjf?M9G3FJ?
zJL8*UI1K3|^-NT_hvIaMysGOyrBMJ`o^Ue3Z4;>T6^ro|<r+(|jOr5ok`S?q-_1N!
z&6$l49e9O!IQ~IVN4vt--NS;SritY$2T`_HAISTE4yFv$+ju~qmrlQJ3@U)3y=;$`
z=M>bFZCXC6MRzkDESjtYLjs^|WDSW6t}BNFyD?!LCoYPj3^Vq^_vC+p#Zv}Q8ER?~
zR5X&OjAs~4UW_?UgLb>qJ(Ue~ni?oE)lIc4ZN+rNDdQ2&vKK{IwRt&x(eaB1Dvq>D
zmASirbb=xafsw6wWn}5y-D2QXeU3&pG33JwE2OoxLK|fWtPDLeZ3*gB2CHB-6%@F_
z*cb_9b^=O=K+#D?ISpwXz`L`H;<@F%5!9vsM3Z;{8b$ST&UJhnjtrxSB$%;_j1F*M
z_0PlfiiX#i+Ye2|@O-dILO4P3D;%TSD;&~)Bw_)a*m&WL(5QH2aZOC7c&DJ~?SyyZ
z46`wfqY5-LkRJJ#7_qiUHkATfnJvw8qZT&uvN&~C`)-{%vT#O(bTUCnWY39q8Q`zV
ztb{W|CkFC`)s+=tYlBzYR%||~QWt=_R>jtp2VLwAmp3&t<}={b6iIcm&#5~b>s*6>
z-gp&-^nbCQ?5_1LBNG<2zJ_9%OOD#3HRR-+A+L)`wO6}TO0K5pE8D5_wf$k0Y`c^7
z4HTWyIG^A*VsTy}tm?qt$u1k8h}suwPnA#7_Vsh-R_WQ6dydISerdxcw8M`{d}|$}
zf@MnRp;gWd3p|vVzpp~t8KAZEC6*O`-WX#g?C)gO0I!KCyHVw>sSk9eMw3ZD!@re7
z7IWaNgrwP^_U1uqN60k-YF8-W>@9$^>7dC*x?N4zVx}&dr|Pht%}-j1zo8Kh;J9mZ
zf_<`YUQma1Ht_DQ8a2O~|A#P^<80HDz)So;Cq2JgKmT#s+xvfZQr3;nawS85%fMvu
zTE}Glj57#ch&6XiIJCUh@&@%8T&qDc1e(DU?+m4AKw`oPX5Pz-*CwvU`#WOLs)vG2
zJFP=_BGvnd!;=^%b;!IA{vr5>@C5$`Pe{TW-**n-$q3JR-x1#*LM_5!781v@uQtU-
zM%irzC4UJ@o!%-qsi?m#ASOM3N!{IG)>#EJ1<+=wnTCqsNZHu-#x3USV>bsTr)u;c
zz!m14BqNZbotwk(fLL*Yay2ejYEo}TmDBti*{7>2=5?ICQNrYN70I#PNW`tS=joko
zFQy@i9RQ`~^<JdeXM8Om$_E<}l9=z;w^Ur$-Rp+EZrJOFuUa=~0rG8ssD(nBt)meb
zj)zzB#u$0$L*?|+BOhX3ZT+WL!5c0Bm&O12N5?bgfBpUWpPiK2eIu37pKoKzt~pl=
zN3}cO-<;Ony=HzixUOgYxg2F9%$K{ps}TVkZ2#Y;IDnRp6MKEpsvpK`*ruol@qL>t
zQS5e<$BDMWBDObwE{|A$x8<zOBeUBI55pw;SiIj$Sxf&T<pp2Y3|ON7{o|SV|L*br
z{>R;vMZ(^M{(ciOe?=Mp*yFM5vex{c(1dWh_CC<E^PhgVQ=k9)`@eToHj9I-Us^eP
z{8O_ENk(2sGfbJhxVbK2-l$sNhJ<l7&TCqe=1SAz)VDtKUJVU@QRbw)ck&^Eh4)6^
z@3btE|K1qK6Cy8GxK|&`?7x%F$;|!V`}-evQx4z)aWVArN+~ti@|I*6<Rp$rGJ+I^
z*Jy;9=Nzb8hgqJ=B`~ltj$;_bbf9DqNk-2g!!hDyilrR0o}(mk4j{oJb;<IRG{Zyk
z5l3)C_!$1rp$9*ICh;xMM1Cnif)vXuv9RZOudY5^ahhT00M6)SLKFD;><S{1F~=Jb
z-j@F=@EvdPudFTqH4nz4w)n^VWYeTwHZ(xtb)L$*@0jz{V>hYu)El5{=c&ghsq^$d
zodft8WrXGoUcWkLj!=KU;*dKYi7;xbdKvxoYcw7g&Hu}P^OvvQoO_e#o_#Ey|J|<N
z?bheNf85>A|6P=WrmLgnwbQ~(GMB<Tj-2??u2T2ch2;&4=9n1JA@pZk>&ppF61b&#
zX5XZ!eNG;{=Kqg@zL7avoY=&Zu)S7S{tMy6$5?^tIPa**1yJ5gsf3I8sjuu)_c!(z
zuzf#poPNK5KR|5k`~idtlsB2n8~e;>s%>)%xctRDlk$Yn%6IB2dGp9XxB!4^FYQG&
zt?PH^CeQ(Q2v#N!ftwoO%7s(TyD^3#jbnNv$trJ=j|t;U5z|x_k5iPP3FbIs<_^$?
zYl9Vu^o5}$E6yQkP#nkk3>T&$SWrI0t1>OlqKXe>QAFno?sYzLK7+fo$kvxvd#JKe
z=MuGk^AU-Djc`|(18PVua`yVwB?E>97jYcH;1-ZNG_u7}>$h6{bw3iQHQt5RueZKd
zzK}7_@G40|c8l6<XlGxx{*c*NmZQeAyiV<VlaUb^f7P$HzRmP9|973_G77bZoH7fr
zm3S?>M73Ywb&<z0L^Qk>I8DSd1cn)%G-p@XWMCFhf8!ympO0&5<a0f#gho<)1*tk#
z_h3b!X6JEPj%E!no$aOJvxRsmK6)UewlHMn;mLJ|Oyx-`zugit_0IdP`Kgl@B5fha
z(P%-<f5ixLGy-D|NpHdS5!BAvGBx6IylT$s#`=X?tEZ9LG78O5LSN>r*@!Le4gYx!
ze4fb@W%AQ(0s5s-LjU>k@zMQ|tL-NAEA8u{E0bpFOj;iNRW4WHz4}d(Q4!ZMq?uc`
z`pXluQX5cuEibc>&Mg(RnBgJLa1vtUaref2e-a-oYxGde0F%>eJe%%oE5kl>0=3^j
znKCPwyhDB`JicY@X4$)BY74zx@wH%T|GB><<YujbM&x#-|JT?3>!N9lgQaLHbAUY<
zn%hOqHVzh{_Tc7#Ky4IC;bqCPdTzZY<hR11mNoD&Mc}8h0d8vmi-YK%N`&WyY2G)T
ze>Grg>O+|3I^*895$yQ><iXHWdHecH(VN&g1-FXck^hElA3c+uuo%Ba^lt3Y6GASV
zqAfZPA8zyt^vw9JG<sXcP@vb{c=YU>0OlL4i_>gw0f_}rLjTj<MyS>9DxI^^xE!Dm
zUS7Q3v407S-0W;NZVM!&)&Awf%Eg6Hf8J}>Es&5_50?)s7Z*Z#FPXVOLRvjsKCE0^
z2<4VWZ$?5|J=8~UhZx>ZW;UD*m}zHrk#Evg?_fc6pGAJd(U=9uX}{ABaTCbh6F2K}
znAv7NZ!zuhCb+fq#_MLRY2BAI_xsQHO1Hc=PBR$3|79c87BOVm`kc(q_k?;ie<-2<
z{YISWT%|Z9!&|^89GAQGkTVl8(RW>jIb7r07ji%T{j=iFU;2QuQ7-K;PN8o{E%ZId
zc^OOJGbd9V-#!Bb|9tu82N^u2G6*x-H^C}yK<)NR8&CYSA_qd0zyJ%Ac1j`~!Od7S
zL8_4*Dz_;7Rc1IxlQhQ9eh0xBe}9IjPv4RB>C*uINpndlVL=Llm?(<()<>m#b42(!
zAIM1S`CA3;K}-kj31S>)iaKqpvBR%1h;3gsE{o#-P@1~ihyh%7{^R8Is2=~<JKD$p
z?xZxw|Jl)gi0NRzYG~g3N?cwkgKlnayl{#m6*wqmQ8>lzO6~Tc<D6R|Btb^W5(Ws$
z+=w#tz(~`ZF%ilv!&5BG3zHg8MFS|!mZ2n~6O%+0Cx33ur=r{b+<RsFrNZ;zowZ3M
zLnvty->S|^Y!sH5@Uh%|P5$S<{+r9p+*bF`fM#$bll$7J%52m+)KUgKqGW^%bu8no
z#N!GXyykJRLr!F~COA`Kacgw<NT+6wfF#g`8+6M8=V>JlB~TILgjKYc;;c%>%X<YD
zIZt(1i+>mn8QBuRD;4nqecA4t*|3<t3{DiZ?W+w78PlSk_Rn5|iTy$xR3nBWePB40
zFguR0OeQoFhKq{gA~bmhDtVfO^6$c~P(oA%OPY!0eHn^&k^GlSZF#rNh8I8TvP}N>
zj!tXx|MaA@kN@6DDaJSe=Kz``I~^CMC?jGz1%LCZ=yQ7kyle>h40V;L4CD<qhz~8U
zD_}e$$;bg1sbopjP-Yw2WkHWlakpx5uW<#)t%XCD1kz2;6H5h>14?6zk`l|7ErePQ
zi0*DauzX;~@B<kJ%26O*me2KF6?3Rk#`ejxg9SMnLi%(Ci#|UwT-6pTI8Qd|ftIV9
zEPwc;3@6v>38iTnMEFd_>8}=)D522Av?RB>H>1iQP-w1Vc;|D6j`nRv(hlG)l!FJa
zxi#p;TDBhAYeQUoyb`<*KK~b=|7Ltn?)MMk-KuI~nfyOJuAl!t?(Xxy@20Sva2&up
z%s9L>BMq0<P&>sn05WB5V~%*~yO8W6>VFU(m|2nGB*NLemH`lBxVTIQ|CXcJoM2X`
zpv&zxbB#8NbG%}z`qd$^k|9a^FQL51l@4UMRE@w3BVP0|qrkc^vp&VFg%(tkp$iJi
z)7?A(b&!2YzlBs=Mn`kN-m|hkRVZ4f?^u#*U%)uy_9{`TsS6hfdz;5KXiRqd_kaE`
zo}Jykl)-BZT`^8(;H<G+ZRiS>Ifw2=(tJHWtBi|jbJ@TwCq;$tH3ZFMZ5-q!^MASg
zw{rikCH2d)ME-X>r}g{)y4`*L_uUj*{u@upC5<twihYX-<_mi<`Se_^G-dB?)pxYY
zfYtfiUV3V(yDqBjloJi+w=-upj(-t*MMJsM!OBE&dBOuw2^Na{d9&y@$)^=?7SdYE
zsYN(zkv<>gA_2<+jGOer0))HwM_5|$#>0~hP$-ml5e4%Fl4A{XV}35<X|tKpK$<XT
zoKC(}$^g{Dn*vZ~)B{mXH2v7JZ(r8b|2kv!x@N#K{eSGA)bszJob2`gPJhZg{SP|p
z`g}V;GsDugUt_C_wS_Iz8pP6L3Gy2Ba|HSl;2&6~u4IuJM07y$S7)Ae=36Tju3UXU
z7ZBoWwAnVK!td3Ddu$>6h-JC{FE9AnaQVMP|96ghy?Xw)?*9I#9Ti*uml^+STEAq0
zrP{u1LrIglu@Qi>k-T}dIe*_SVM1JN;7~1uOmo8lv^vkatrY|bOL6EKGI;V=nMVG-
z|BHvR5qsbHr7C6?Wf|@~>#jsIBY{(z@n@Bkp6Wg&D~II*)xAt88>PE0f$vSXVzaK4
z&5QcmtP^=b;d{R}I;EGpnz{G;<Kv^^-NH1(^{e_<h0YqZI#fm5*MImnfR+js6^e<n
zRtd4jK;=g*vu)$y5QjW~)?0cNj&YR7xO_=dEW>;PXq^ivTWbJpv)vqUi&$<2Yyc9r
zwOL$psy3#-G-fZPiJh-j-_u(kE+G|*0c#wt1%uTzRP}VeP7~cluZHsb$@x2(oHoFn
z6#=fW=hq}pn%~=ezkiCv(E_FrIO-JpV~P~(07?Mg`@Y(AsNXeU?K&1$_yiE)sjHuV
z9aCPyKD(D0ScvRImKZXxDNEMTY2__E8NbJ(`QH3BZ<YOZFwB>xBbuPA8~^j5dp;k!
z>Mj49u$>lcUpm*7Z&WIS=V~VInQ`aLI9~+bpBc9-12+t++E0n2ajTr^3OLlgJv(C3
zjb+kC;B|H}Q9HYusGExAC3fc*KPBeK@U5A$O)$(hBHk^mESr@R>M=~@ZA|3`Ygx1!
z*huX}NNlPrzGxxwFq1AD8GodAa$3*--1YbIA3G`b{*Ox3UfcUo!@p9{r>eR^(6war
z4P&a;h~l(SX;R^9!C&9g-YisqjqUxp&@;>p=;h{j)f~5j`tJ|)8oTcG(*)Cc=*A{k
zRW7=h*U0#uug`#oC`AJj6Hc(uP4-WdBAMubhQg8G2;?_LBj4-vwtq|{b;#y%DP>@I
z0CIJ<OfD3sW7K_QdKExym0*9`4!sPdMO==AcK0kcAC8BVT*XxpE8#me5rwjeZ&grj
zNE6k@H!YJkr%dPZD6_uwi7{vANtoTHd@T{QF?qh<C3V&pG+Vd-m#_cy-8A=D04`bo
z9d%FY`Tsjd`};q3Q-AFBpH9kMTL791JeNiORecx56`qxKh~+0-u=T!DK>12Oy+()3
ziar<Vqp=;tbq|*+9AzWSEr0U5w9$^@Et00$ANxfTOn|lm!B7&_9go(XS@Sr|cBQLW
z%DHa$t?ipX2FHnqk@h0IP9pqKxjwc7<cyzpcK2vGn9t{c*?)ZIX6?amm_l0~`?YpH
zzDPzf0Ds|(G6&4x^AU{)Ei2o9NL^dKi5a-W{`0%Ny8pl1J3Zdpf4e9R_8;gQ%A4&#
z%?C@(!CGVYINjIO@ne(in<*>L{|QY9ryK19E}8!wzgIv1-97E@=l@Ph)BJy<hPrwF
zYd%<ML$KE1iaZC6>**jjJZD^Q=KlMKO%zx`^zHQE>@3!6ZadDAz7?b&n`!rDU-o5R
V_T}E?e**vj|Nm{5ZL$FH003gwx_AHp

delta 7487
zcmV-F9l+xJI{!M5N`E9@NKx{y3~RG>*~Gh>yGh1nXJ%_FH5EZ5Bw<Vu90HW%O?-8)
zaj$nza)n<cNKw=e%W{$trYd8RAkf`tbT=9ebcT{}f-@I?<Ty)E?2^>I#={AvSKXHr
zlyUC{P2=zGRD9p}PmYe{|9#)D|G#&5bo^cKsDE^Pc-;4UM}Ob>y^~|#{|@}Sb-P;0
z8AsW7{+;`(BlndQlq8fRPH4gc2OvZo#dPe2i1QeGgmy!maWWz}3PAHpW3`B|G)6aW
zf~GitGtEu#`W*hDxT*0gQJbYG!~v*>1s{^sWjBoDY2$a41rU=Y|JeA}@bnC4jL;;2
zKSAF+@p`V`Tz?(M7%{9tZ<!E{U+2UP=`^JYPI&v*C?!7|h-N(prD^%o_j=xm6JZu+
zB<1qiX9wUFPGfole1f5&Mc@>sgp)Di7_Oc%c=_|0+xPpv`|SAm$eB=q&xG@o1>NqL
z@JT-OLOM0{=~}clFka!CYnnwYa9jvy*m0q(<hWp}xqrZLm}i9FI8#Itj!1$t`4OHX
z5(_%y@xSSQM4t|TA@B8+B$4kdr#7Q`7Gl}zdPo%GE~)DK&O=YKFSxYH{~3yN%<irL
zmdO9Z<CCMh{69T9+{^!6l!F6!5y$izN5xDRLOUc;#vG*H7-|0c{H1stK&Rsz9KcJZ
z8A8M{gMTqja3=K#jA&K}iqNVf^$X7U8<e0i&csiE12{|2Fvju?Ow}tO3CCmAoG1G!
z-mnSH;|PWrP@G{D-2h1#M{$fJKwL^nAqm4cXI!c(04zI*0^nJW<&#1{bUKaz;q^#%
z?>2M~gh51@Y~d-OC<2D#5il}Na0DUp!i)n+V1I}hJ~<M&PZ5`j;xBm;#d!Tb@-(I>
zl9d@mh$DEUx_JsbX0kt&MDp(|eDfF(lNd7`W|+T4Q!Ky{bSRXo1J>KXjE&21Hp7`K
zIugVA3Ufqa253lgMMyG5V=R=+5JQ>^5_^t(CWcNtIHxfQZvuEddQ16vh8a${esw83
zWPbs?|HT2wa7r2BG`lH8ev{w^;AmWE!voD5BpJgL^NfTHa1y1IB-}YLb_L)m;S2`4
zjSnM4VjO+Q@NYS0{6k3dgb#}EuO~RcGeLe18U7WATu?5Xkq|?eVKp2ygFKCdQl+V8
zYDYI9FfaINgkmO$o6?L2@a*X5(6JcWD1Ye!^pB#RAm@2Tr<hN0&cw&XkF$@eA=7M$
zqG<x<d?G&hc;msl31L7}!#}^~j02h>63foT97NOT<Oom}P8^V*o{KMo>YOm06<GMs
zeEG8&X!&mOV4K&~0T-od(690#cC#T0U5SRSX-56nQ+;Q+(EX}HOvE6YUjS1)m4D41
z`fo__Fii6RdcHp``j;%w@L9k4vx5V8OCt<18seBq8m2S?#Kdf$3Um(+-~x|Iqe`HY
zC75F-ZD1O*Zq9J#j&l;>ZbBpMG92Sjj8fM*IB>+HOZkLm0erfZE&k=jOGnT|09rE=
zg_u46Nly4T5_m-l`9R|*;cS>p6@Mby1e_zDO}Hx2<_K0+)w4#_)9iU}PXi5wdL|wn
zl<cfOeG$sZDTI;-|1S79XE*{fG7WkK(|Vd;;kjnm`6dF0@CfCx9Hbuz<3L9s$PL0e
z<xEUGPGd2jF+37zk_<EWk75Mj&(ERfoji7QEx9BT++2ekE3OdJ#i?NVy?;P+9Md6+
z1y$7Y<&^^J0*?vff|Q-k7iEsN*?$~Q(^zQk?%N;Von3nTBj2cxCH9}+Kdr6*#TsUB
z|Lvr_qrw^@BeBRtyg`n@1Thda;=(w|@+5E^03rB79)s%^R>t#BpTN6NYiaMTc?!3;
zFveU=83t|)9h9b`rr|B<%zt<3i8edn!R_r+y*Qt19ByyFtcmoMmeuC}hY5~ToH385
z8!QEv%>Vw0U!VUy|8zh9cTzrm>OO%PnFhcxhY^V}ze(})sUS-@!2vw!-rhQ*mUH$o
zl?xBOv=I7L{2fX!v7_s`LJgCoZC<-&MWGtOQ+{SStG%C<&q37uaes!hj6@hdi<Mgv
z!pWihlT0u3(TIG6j$1Z{lSuxpKz%7pc?_uNW0c474g8j)So$&nrKv>1bN+!<>#{x<
zeF%gY3~`8ZhJn#3wygw-`iS5-Vt_KNEGryI^Fo;9kA})$_v-DXs4EsPEXCpD)hHz3
ztWxO@vcur{>f|zCl7A5-SbtxYou)>bk%W(+^GD|Xk#%a7)Q2n4K4wjAcGhV^58vES
z!rzo*0gDwj35{*O3N2OD4&2^4C`|)cUF$d#oDnY8Kk(^OL6u9rPQ1N!v{tIT)>^4R
zp<u>;kR+nlg--&mNgPX0f*Db1ph`1d`n09h%ASHF>I`vAuYdJ(%P<w}c1^RZn4*Y5
zXnZ0poZu*r4LeeX?I!0rP`-5KI>l;S4T}p`SlFw!*S+HaNUva^zZDPgXoN!^K<6#J
z)cuRcYV9nRIh`{x@jCUvZ3Khq#gT%cy1pvC{tH`DM)wCz*$<gEyF2!zFq1}^>RzLr
z-oVb?&U#-~W`9MemDL|m{;#J0Q8Xn?EJ`&&m1k~M$MCZKzmxj@U;oHI>FxFZE{g4M
zXddOOXL9n*dPB@n&$%K=6u{3YCK2K!8SAC-OPY+xI4`|rC_)?s^*LwzgFVX`TrBW!
zZykWzrX*B6rvey~{E9>FhR7XdbSg!A<I<zMOy-yRR)5I-ic8dz<52hp-;pV198J>z
zl01%!ZLKx?nHA(SHQca5K>bwh!^H$AToJe+XhJzWT9vAg6%w{rT2QR<Yh9zJ$;8K&
z$48V+5Vt<n+rEoN&Uh9Pp9Ij=^un%&!2uW{66YB%yprRDW_ZK#@D@Sgv03N<WO=OI
zXfB|X{C_Q@d8!%HRqlP;Z&$pT_2eIg54m{p^5X2pyEFacr}J0lN6qc&8j7=fod2uI
ze{H&CG{zfj2QHWYCpG!s_x+>2{NF{<;zTU$3UOlGuZ8rOdo$;leJo8HTbX1-6v}!u
zBmb&s5=-=`O2t=V-Yfm`QZd{Gjj^RnK%4(^et(lBjPt17^!MO1kR-whhoeFUish3M
zJl0C;_SP+*7;rvAhSOMxg3kZ%K<7h8wXu=Nm-`*Am_d#fCpBT>$~_vKa3P6Hayd1*
z-~y*tILYvg;A`f{&CH>GBefK6Zn!=S^X;;HD6}dHL(Euf`>wkm>XxC_v&79Xif~pA
zcYi{Y3r+H$E`HE7?dsZ9N{=z$%>rR<`9CB{M3V73YG9fFuiy7;^8fI#znA|zDfcpu
z|Dt&08=20U`CTCp9Wezi@JMgfN+H`qI0s-}$QdwXds^s9`Jk#^R<<@b1ln26$ljXv
zzrDRbt?+GeQ)vfiNxDsz+T132cs^7s&3}iMhrhS7n*NVu9P$(=8yyE&qW@1%PY&z*
ze<%IZz5d@tsrdiWlyzsu#rLWh^NQr1^UX0FhIE>GCL-KJaXLX>)peiJD1a<aIGN(E
z3Do(D#rTSHjip#db%}mSh*-t%W*(~M%*KZfyh1#j{Gh0#U196)VL?&T#B!B`D1Y0l
z59D13QwHj7JfP1?r{6XP6~NG5wnxh|3hK!=Eg#jQyO|CaO;&;-0Z=x!hQtNemBWGE
zm@tkL7e!Hq8GG(~^1s01DFdhsHMIyT8p%_}GmNIsC!D82x7+KV$_9E(4V0Mbrn;53
zVmjuO@d#(x^CGO;yqrDn`NabjM}JzS%EDbbL6KHqWNTg-S$cch4!o+*(by)2e0Xk!
zw02f#qYQzSp+}}IL7mEA6|AO$0#_ItBZ16LK<N-DI>{)fA&mog_wu}WZn<v+b?HCR
zG;Tqos9w&wo^QjEVHA-BGj^WQAr7qmd6-_(@CtMLp@|q?3^qv!Cn$b}V}EpWi9?!1
zEP!JhFPsq?6|XF=iOCG_6coLk@NSY}HlcA;fo2ZUL*Ei3))vX8QeZ2yrFm}D!bV;c
zr_O5MtusejXGBP+Q<OyZoamMT{;JGNI5Tu&AfH=ZSrN82c(rZC=7TDA0jO(LY+ZTK
z#qMx<Q*&cJ2To0qR44m_x_|Sr&Nb+bS5Zj+=j+MtTJJJ4p{?~b6w5+#)E=!NCl?HP
zT}-OI+NDx*HAP?9PF<|+A6Ln?J6YdA(HV{NDSjgs=M}=L4(y%mvhk^?eXjOY`84fb
zJ!5W_o?W@;n2hC@He5nG{FuZy)-ftrriAWW<;=0beTn(IDx{qOT7NrVVp-vhF;>F<
zPUa2pnuxL+Ro<HVKv!xsne=n~TRCL00M1HCnhom7B1r8Bxkf<k3I&`eEpRp+G}%bE
ztLa+I)V6u54(r+cq?Py^8sPwr`Zg!nC;Ju!by#NuZ*Qwn^Q-xP2xB?UHa!Wv#Q$@A
z;`i(4KTePK{-2$cb${ctT*=TfFj>6TF<C$341(uk%^edC9j~*zL45|-YLJY8X7I>+
ziBdEqG2sL=@5T9R6IbK?9Wm(CL&0Xf&SQ8a)%%#kqZlW3$h;5!WAGotBm5gYA_;GN
z-+K&?#(2T|p7{PT)FK?_A#p7GYEx`vl-*WP@|U30J6Q!M6@T@&1;nH$slOY{daGcj
z0NM;S(@+r{DI43~xW#;Z>=wY}RE_=vxWt^3WDHWYb8{FT5GzhluEym`P3q04a+-f5
z`*c;sypFRsN|=1EB007jiMZAFJiW8+#WX~*1EAEr-itK*jIZTG`CubL67&7~mWu1T
zd)=_t4SU`2Re$RSEkM2vwNOa2bu<FQ@#s?C7$fg|sGMGU;6u!-t^f2Yc*6zYviLv$
z@M!-0@BaMHPD<^*kxJ;#w=recoU4VS+Fk5#PV4SoGd~(!*Yo~dj<PZ4%iZ49h=2{Y
z|8G(pKu5=ky*}^M4`VfKQ`Cd_zD<@Wc00=BL|b7I+kczCkVmZBa@OXN`E7;!VUm3;
z-tVQXrT>xgg0E`^EYbh|(Omq0|7d^z<8Dfuus5N<--OIxQN};?c<j2YHUFnHA)Kzg
z547z3r{C|*&HvN=`JbJX&Eg>ImsZXn|J1BPlCc-k3{xgAZLUk0H>%dRAz@sN^P1MA
zxze;a^?$9;yjMd*lsPHyoxG1=;l0uKJ1uSU-<#lgO60`~cj{xA{de4(%l~k?zyEPJ
z<p9nR7eg<vlv0B&Z%Kw>PU46pV@OeWg~ph9&VjmhnB}Ql0t1`iIEHadhe`&KWc(B|
z93xI<SjsW$IZ7hu01`Y_mn=U@Gdv<6aRk?dPk-S5JoeznB)$Qf$S(y*kYafy7WN$P
z)#ZmvPBZKrz)L!v(gc2fc?l88nB$EJ@5+A__>MRHSJsvPng^3{SNvmsvRTqC8yceU
zDo^Fzcg%U>vFp@%;tkQ2^TgxR)Oqrs&H?<4GD33(uV0-pN2tGFamXEyL>P5dy^Q|)
zHGdk9ZS())?8U1$XWlfrV;}AFzu))!{rdd(`^WqFzl(Cvbak}6c3PN8=2CdakrQ9q
zRqFn_u)JZ>91{aNg28-i13AG-0yi|z?3)y|&&h+={Qoh~H!?@<NliQn+iP{@zYtD*
zf)%Ka^NyNa0Oh@uO1Oxh`pQ0af8(Hq?SBV>;|vCaAz~Bf4<J;ayvbbN*k?XdZJS%b
z<uB%$bSH#XzEfApn@0x1767WfblYlL*Y7S&pabp*tV|vPH#NYO3#XiS6AU97$Mjl~
zRo)^W6ULb$rl~9*rzk^H%yGud9iR=@1}hTj3qwg(oI}u{IF9of&P_wmQa;10GJh>j
zTgCe*qH_iJIv+Wo!ChKp>&vU%SJ|j@iQ1s~h{T{qxJ%3dHKZ1K`TErb1BL|`aU8+$
z29P>5vc*vwbUK4|KN6@l-i0=(x4u@skO|K4DoI0ji`sl>=Rmf8pV?TJqsFtmPVGA)
zrz02?auwK3Yy+o|GrVS}YnLsJTYniJHK?|}&Ga(=cb()i3blruGA-CjyxJ~N9Ta$-
z=Wz@X4X*@FQ?U$zQAVfD*%dY!m=@}9JY@CraZQbUt|yhyNQ$o@RmbY?tq9cYJTA-8
ztl_1zy)=B*ikIS}dqQdpLslN1TxZBso}}{IEg@6ye9&2(I;j<D3qg*?Eq^uJ5#(qL
z#vGE~g6$)yowH?X#N~L^oYjr>3$<2HBei7|nxTY&%vrM$TiP4`iyHVmmnX{Pr`ZDZ
zOQD3pv!kQKyCGNGO&C<#*F#q(&C;2)Jou|zuE2Zsn<V2Ru46<qw`}#7M`ooqr1VN&
zW+9zhDrhmoBb?zR#Kz<9O@H__K3LZ1V=)6vPOr&)y05Ja``iiCK?7yVtYGpE`JM3i
zma&^>?~<u4^mfJ9f~oyy{+5uNw+0%K+m-%bU-z$zrZEndqN&UQc5i5I7d6{BXhZGZ
z%>jYhIF!Q6l4bSWdQHf0g+ncC;C_n0Ph|t#)&Ld<(LI$2&kNIhV1GJmz|_=-FwJ$w
zy=^1d^Zn_)p{Mfp4VI!ewQ~w?6}?0M4cR_=COcs<evRl|+oLChTsA{nbROQ{=oRRh
z@mp#1wv3@bufOr=**5_!Hdx!!Y;FOG7ARrx>2@R3YIl_`SZQ1gQ3x;2U+>tz1V(Q5
zHXFAV32C)|aldl06@SV*&AJu|Y4vb%zjCn^$~(!-771zfaB;tKu@%ZKjozGuw0fwI
z-VQOmo6KxD88Fw*{373^t=_?c=q`)=hNCep$Z5aR4sjF6-4QqIa+vvMK5sGY@g}%+
z^v3IEtZChsv+(=RcS^UsHcoRGzW-$-)Y=%bY<)rI=Q~2Z8h?~9_<keKbS_gIlF<!d
z6i&+BddQiHm>9S&!yK;g&2zaQ|Nd$5=Pv_5**KSW7^g6>qZS69<GhHa@0pVsj&Gg<
zf`7hv^MeeYQW=Dq?3-W}H=uU=rHv<kT9E@GN??eENjoDEj^KJCnjqE44wYLJ{wgz^
zqiGuBr@w>XjDJ7FlPB*;`s7If|D?I3l&~NLK};0Id+Vdpy*Va)k`HC1_2R99?l7jq
z?i4YOGew=Q)!5^&F^FwnHZE=Pe<)4eZNvaBJO6QfdRUMDJL&D?e|J)v<NxevKg4vf
zUo|xEeI+ihltI_m*IqcokqR7?vM8M4Zl!kjvE!UsAtXUY$r1(#%G`)D^uS2d>j@Fc
zEW<M_%nOqmPelVL&6c4gqEnMV6(@gh%%`H;!NPlG2c^RE;GMNeBts}^65puKN^BIC
znDB|*eNF!7zy6!c%-mM@Pl0A|EtC7&sLE{AI@D4IJfdWb3w12xti<CA8NB9kutQE{
zvnDuGVsT@1_gJT9j({Z4hii1h0_RC34kb_#<AhbTm*T8S#>+be7CBFJSc`uc4jI`J
zz$+E;0t4CZoB6PqfecO*v>m7o3mMa*o(^8V02BL#IH*PpMFzldC}DOSVVO*6CJYx9
z#YJfH6jbsw3FY5~U7>`i3YIhz%lk4EZJYd;OKo|#&4w30>atA!pB$dn<p1f>=|28@
zC#4wU0GtD8j_h<?n4ye_=@fq~s-n;B1@NLF<TKP&qB4*-*dRW%xUPWlj3i?RV62iQ
zRYRF=XqN>&I>p_p#l6NAAh#9{SrSM$xkxM(NDe8DF-l4-JGKz&I3T*a{=o8~8N&}`
z6evf5cv(KzcU3H)N*UWH&kh#kXb9=k6)gJv#BfzxsNg)=qz78AYO;Uek20KGt0$DE
zWf0+06{o*iP@;rF6VsC1>fVehe?XzRis4<%9Xi^#8A&^Uw@?lqyyn)R7i-yiXs-=%
z@$pLV-uwJ-KmX16g52*P#Jg41!ZP`PdQ?CEebnFQf8R}EIpH{fcbIW_VMZD*tf6*_
zYXD@*+QuC5(sv=*Mbv*GJTS8&!%2j*MJ)p$#&B_&4*o4iu{pu4PC=L3ZRQ$n6z6!w
zRQ0PvVkJY8_FqDIkt-d@XsH^3=SIBfV@82>UuJ!ZSqm+wCPNn#l&8CS0O}z7l70)R
zwv3MEfW2pBeX3BjOy992)xLmn&h1sAR8to&5cW2YYtWeN_V0iFUpzazeJO+27`kGd
z%)nV=x!TYbDsutdi=_E_d{!A3)8?{)Sx$-y-)jh($=W!`OXmM_`ETX^T}$ehWr_Un
z_fG5g|MmO({O`Ldw){7qk_#GRRu%ge6D$_?V)E&^T4~DO+p6zql>w`Zx4rb#RCire
z+bJg+EN*APY@B}}_KJpbr-PM=;_`$Cpb{(;`Sa${Z<0?d;4GxIlv8auYmvSf<stz~
z3&u@)p#|ao-4T`+yz%g4Llg?-T|~irf#g`j+*q8;c-CxYG>|6D8K=`Pl`;Ue@TLHi
z8Ff!o6HPy~?Aw<$^}o(oy{;LsO#dJG$MyXG$A^3UzmtEmNdJS*y1v*B(9E!O?bq09
zySA`}T7y`6C_!F>et|$=0{lJ8)RinUgNP0&{_4!L-ePN|!j-EJXbT~}Mw@LzD*Rqe
zxQ7<P4_KD#|MG&L4VV8*^ndU0<fNYet-rtjX-CD@|7FJin$|B_V5zn*+fdSEVQd7T
zY%FgcZO(tUOPCNB8#q)8A=BJ&0G-~`erE+i!crW1h76wkRi=@D@BiYVY|P&GeyNI?
zwk*TFr~Q>^W+ZS*Gyb%a(o@~1WaY4IQQgagvQfJ068O$^D>my&+1%FOW}V0j3g7#+
z(J8&$)y%!$9~~VQ?^@Fg*RSed6*_Cs>QEJJU*Uh706HpER469OIwiy!1C<}O%(jh3
zBOLMoI&bM^IKfdK<MJg<u?+JGpmQdm?5qK>&2|gGEn>M9umMQe)@E_ZsoI$S(wM!F
zCU(ABeNS(FxP(+J2CQ+oS_Z3WsOsr_ohG`AUJd2<lk;~nIc<P@D*{|$&#y_IG{3j`
zeieU-qXkSMaMUUGhZHH+0h9o~_kFeLP`_)y+I1|h@ChKoGgm+VI;OmYeSR-9un^ga
zEHPwWQ<kiw)5=?TGJc0e^PTx?(JK4vV3;pWM>IiKH~tqv_iQnA)m#2IVLL6@zI3iD
z->6gu&(uuZGvm&gaj^)zJ2P%s25uNswG&Q9<5oG-6>z9~dv?U68_T4P!0YW|qV{$*
zQ8yLKOYF`seo8Em;af9hn_!r4M7(RQESr@R>LE<zZA|3`Ygx1!*huX}NNlPrzGxwF
zKa(pP8GrcX__Ut?xp%UU|JX^f_kUEP_S)W$8vd1nK2_BXg03Z_Zx~a(Mii%wN|Op-
z3;z0^_GY2_Yi#c?gq~q;Krc7HtLC^J)PHxN*VuKhpC*{qLpL_Ts&di2yhg_Ne0>Hy
zL@64Qm~euHZnA%x6v;#fG!%~fMj*d28u?!DWPi&<Qip6FmQn_WdmvYD%j80FIzjyh
zrdI*PRtff}?a<3WTEyi@Xm`(Ii{ZFW$yHnxu@b&B6HzFe_*MnghBQ%aeA6;%bISA{
zjxy^@pBQs?mW0_&%GVM>8<XezT~cR#L9=!HfBE`P-%WFe1>lnP-(ml_p8vns-{1eS
zn}1@j|8!FB+5*sA;JGaFuj;!fuJEj^Lo7dG%hvl!0p%<C^co#9EBaidkH&To*F9XS
zaFmTPxBSWL(ndRqw@8|1f9w}YFag>M1Vc$wcRX5mW-a0{+m)_jDHpokx3+Ko5F95S
zM%s(;I*IT{<@(qTkaK?C`Q4-CU_M&_W`FaUo3#hOVG3<|?AO})_#zp_0Q`kB$^tNd
z&qp-wwXAIaA$4u_CT8Fg`_J#6)cybcljGC9{kMzKVE=)>p}g4+)O@hi9IQ2Vhtqvc
z9X~YLzL~P}{GZZ<aJtbx;F9^@^H1vMzx${De*W*IG|m4vYN(s%zvhFLHUw)8t~_|q
zxSkGj!*j;<X70X!*hGO9MBh#i&dy`K=C<Pk>03eip_z7H_GMr8Wnb=G{x<*s|NoHQ
JYasye007Io)p!5^

diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601.tgz
index 5a83dfbc4f17d15b81dde38cb421b0d7316cdc87..5309687352e35c79ec29bd11f8e7161cb39cdaab 100644
GIT binary patch
delta 7546
zcmV-=9fjhCJA*rrN`E+CNd2%aXIPu9%R1iO+)XkrJ2P8bsi_DeAqiuO;1Hl3Z{n+a
zjeEU&k}LcoL5iY&SeBEFFjX0g1cB~Gqr1^)pi>kF6P&vEBgbisB9|oY4IWM?y>6dP
zP|CeqG>yKySLt**o&NE${C}s@ss6uvblm-}dwhJ_?e{zV{(sSToo@f6+x-qY_v?1G
zk};0b?>hJHtBTxLQcxUIjyRz)^BsTyaTL+97a-0f>=D`yaLUPu;Lr!nE49@^!jcHx
zx-pt!AI>#5!Rrh7hvKH%uS9K@paA=z9_D;V5|`aFj;FQXQRYKL;_PGXTf@^coH9aV
zAN~YAukUr;PJexM9AU(;2EAcI)P9{2H=xsm#yIB9U!#QlY#^F-9h4-+&yLsi`c8;h
zkdlPUXRmM)(OcjX3^lC*r!Xa)j1k9h{hYzs&*yHh)9bj;Pfm`V2^F|ZI8T`0ZjT9{
zWJ52YQ$w4!MP~!wHNL%}X~=xXg<ysq7m7-b3#OV241Wh%O8BiaMI`2k#5k27;VB}K
zpg|V>o9;*S=>Qng-b_gxcAVvuW;9C!EL&X<iG0i@MLS*Ru_xFUUYg|p3`H4c_g4T*
z<p0sh=}A@opZ0ru`M-;DZ~!l(h~D5ZpY1|u2P90HgVY-%&0k-fiN`*)TF$`%oGHx^
zAdVS~aes_csYhT$(_B~tRvoEdaLV7H7>#i%egYi8d5ne;mTzFHUIB?Y9;@a&*-!q4
zO=uQ{FvNhO6r=DKNX$5jA{+wZQd$aW7(^N4QdI$9*+J+7Pctl^<U*p=as&vkN3wgj
zrh6a^Lc(MV&j5uXFdU75k#USe2#^<~97qg9#D8%ASl~WITq=scWN{eb_4~+@h@wzd
zW)LEd;EC$y8Sse7{!kpszpwG_As{9(W;jSOe~YGAfFtOTD^~}sx4s!0m*I4VQ&)5(
zhVvEXh(rv~kY<XIWQxXED4HRLBoid|9QjNPop^9TBNE*D@Ot!?@{1HR9CQ8ZN_NP6
zcz^$k1CZi`GQw$kn~VKA;SIpiIM;>;nm0&1hAHML2^iowOel%Db71TWz*E8*40IbG
zMu<c>{E*_`GR*jgfMzit<lo;+aExby{2WsJD-O7zTsk8Gh9JdiIA{u45(>pi6V23)
zZa`q3^V0}LOb|DrDfi*|@$r#kF|<+CIe+LMMLj{zi<C|=pWuv%kMkerA5}x9*#bq=
z1j_hCeDLwsgLf0cfF_22e$5yMG(#kkor^h$reXgWP#R1eke^<NFa7eIFrDRCbe?zQ
z&wQZeyTyZTUY7@4l)6Emk~F0$4&Cc)h~0FE0$1XrKQY69;wd0foErkFLPW%9n}1&b
zQ#_UJA9dc4{9%w}K6E>sX%2|wg__TL^`9Laz*`z(h|my6OcFDpAs{BE{Z!z6Z~&Kh
zR9IL7oixTAGieOdfVDG*Q+J$^5VvC*Vwd3v2V%I|&cT5r9$m>NH1*-roow+hFV7r7
z69H(&S`_m3;wL%t-$>vUDdYo<pMQk2W>%GmXcKUbcsAk6M4Ka6QB_YLQBU*fg*_iM
z6zZ9HbWrfM{`6%aXQ_}*9{jst<c#4E$jCJ4<=pFO#)TJ}bLX4zA;cq;MRJgSAdCYY
zfgm>sQ<XC@138Vv#K!PMph;59;6L&agg?K4uGc?wbS=3y5^P<894oF6^MA%EVfnp4
za~#njiUd{EI_8xE>JpC$<ARi})|X(LHran1Pm@S!?)KXs-<@B1{3G9}k0thBr&qQA
zdYxXcv$y|tQQlEu4Uv&pXd+%CK45|v2pVx=oTORoI}U)5cL9&Ub#p7@#ivi;U8=RT
z_trdxyE_<TE@lb?H-Z*Q5`R(C@D{Y@yYxhxE%4y(?wMYk&ovHrcVEQ(`P$2B^Z&yH
zM+r`u$CC|~f=lLquivT8|8BRtpZ_~4pFXvp!i-FPV3@;*M3~<u_{CI^C756zp0@Aq
z98t?T|Cq>yhhAC;wJQD&q?g#y^<1HSN!&EA-J+t<h~Ozdvz*o5&wtA2AZq?N!)Z!F
z44=iyEe@c6B>yDSt86qPAED(Ijo~<ye=AVWgei{!<$a8@D7uB;G89Q)CZHsdNO;aa
zuxee_=b{gR5Q8BOP{uGYI>okeAW<I?9EA)}ij_fyLupkAll;k0`Rrc3y%KfB;)NwR
zI9!cF0?sm({vbQ_Uw^DlF7qWBL5%hHW!Y(JBq@pc2wHz+?jKpJQb~Qd673^a*Jf*-
zCiL*l4JG_dITo;3VUxg^<g3t9Rc*oDor99Zht;)?Gr=k0V*LZ3KIK%o((A;#J4b7!
z(rc}iaujlA{0E6cdXxJk;D$tz^dy)Om3FDL-lb1l8msIXIDewf5J&VzKey~r!EQG+
zy^bgf83e{B!h#77v&gU`W!P?Vo&)7eS1wPi#?`R6aE*nTYJ1&V4uJFu`ubb(0FOpE
z;6Ak8(ktD+c&ygWVs+Cx7Za~l9o$+lm|hbp7|P44!t1}VC1q=W(3Jg<YHPb?PYN?>
zl!flqn&&m_+<$JZ_ho5Tv>I9c5#|4C`X7Z;!o*rs6I6NTR&@+7+yCnySM~pK=d{1q
z|GOx*o1uP`ub<1wH|q{DM_uQd#GwyAqlkovlX$FG#Ah@fk#Sad%TS0o@~d;s_6K{G
zGdN$@-`zO?l}$+~c}@i|B>oi#+zpUBO6gRJ_S&UKdw-eCFZ8XD`z4pCCC4H64Zb5&
z%s84RKEzoR<y%{8_A|@LXKJ`XiGcd4+KY<_j=3UmPSBWgc(N*04;2!&S6Wc4_G?|E
zqRGU^mZL|MO%S&})!V*{M$UK^5uf<b*7U-zhQR?CArfUN&b^Z3n5KBc@$eQw;jvlZ
z0Hj%@ynkmdpoIJ_rCFjG(^c+$+g+ExnRVqKxeqyiadvtB^4+=q@zcdC^P}SJbPdJX
z1J3`|<i9puQX1h6wgZ>T|9(aO_d30O{Krm;7AIn1mx~kQb<L&6+?zRn?4dMiY-N%T
zQ6THll>DotNi5N$D&=2^d9U=#nPRw08evPBfPXgs<@_db5M^Pr>F>d3AaRIe4#&9+
z6w4<ic&wGw-JM%JG2ncL6ep1o1+D+zg4TzYYGWgjFSj{dF@qc}PAbC0m3uTe=0Xw|
z<Z>!<!39pQah&2A!8gp2o0&uXMrtWs-*9yp=G$f2P-s;Y1emeL_FZ>B)D1(eXNj9)
z6o2Bh819(Hmzv~1UH+hH+SawplpbTgn+3w!@_$I;ki_G4)W9<TU$57x$p53G<GuXf
zNqLZY{1?R|-^g^<%<l?;=!hwBiAQ>eRtnh$!Z`r*Le798+tWf<$_G{Ts<flIA<)ih
zM)uaU|J~igX@zf#n+iKXOVVw!)aEwH<A3v^T4_GEJp8?t)%1TTW09vg-sm{M68(RA
z+CQr9|B32*{l9}!^8Y0XYtM{}?^QnLCCNMIn`1Z#=rr+6RJeztWP-f1>pr2O4`~*2
zGR18ZpYs)q@fGD7ORx;)68(|@v6A1-JXFn@jSn4fg?KReK~YD$!q(lxg1n{);eRRy
zQMOkd$omeajL+M6K%W;*zikXEfT6u?j~3??)RS#mKB`4`GaW3NEX6<qpmb~vi3_eP
zhXcD2VI0RU3d0mL_M+p-|9p$544^X9)FP;8Buf}iF`B-ZaGv<>cDHvb8|c<GP++Q?
zYM0uI=$KQ+L!72B@~~?2a`vLz$$uZHIMOmz7VgpsiZlWvTl0#@(!0B6;8lH&#x^nJ
z!wV~<wY5SUMF^}6Ju+<x>XZg6XEhZIxWd>N31oHx3Wq@6NlG~lXyn7Yvy1$><-QTr
zrT;|Jr~!?<dNJp^9UG1mqmaayv5S-rv2XRygXD?^*O=Q6O~mkGut`ifL4VOJ9HHAQ
z9MCvqKAhNi;grxYe`Rq^L}qxWpy=&{cas#e35~)MG;@$1bu2MrZINs$1-3F<>gPr!
zY~*Er>a6nJI&-9PMg(*^MR91)iFOg-ugbiHGeai^@`crv6<BM7SJ_sqKd4d_fVx)6
z)|Cfc><*VVH8<vS;8YYzd4IAms5>9xT!G$r6@~PFv7YR%^e!V4np$5&u`DD<<<S~)
za>0;S#iZJ+T`DD4Q}m_n)WzEVuuQhy$@&_K&S;cP@f)!?FA-LCVDDrXjZa1G3$>@p
zr%C(zIdjYOY|A~zcr3rP;S$>6$2hvRj#0rfCG^lLXO0CPO3dF^A%E=*(8{qA%L=cJ
zu@d%oJa2$kM3mjA^43%bx>Tdiq@Uy8(%FgyaF#;SY*71)AhjdpY5}z?<Z$*I;H*1e
zvXO3A(>0%|P4iS8*0cFZEAclp#6BGNY)-IG_ALtPu+9eF-Ib%}SM&c6#xk64dJ=ev
z|L3IN=~d5voc8zrpMRZ{b>p*K$<Q(|S-jRUSwG_x{1;-)9T5&KueH2EeFoQRkc@z)
z@WeYq2^x}!aDtil^5V6LtMUGh7__RPV6$%P5S~c&KIZTw!f_Qc??dMhI*0HC{{~M;
z%xm9w58=reFL>V--ycFH!eJf~$Fi?B#YRTiZ3U&y5|q0ARex|&QGZ)NOnQ=fyTPox
z3T6tR%}_H9<-w7%vF(jp#Mj4e0ZdNW=s$of%sGk2AVoVjhv5OS{NUtjT&~ol-i#`y
z`8TppS60mHID5mG$>%DPW4n=vTW!zNJKJ7F0~9#`O3mxNNVCuQT0WEyHX<Z3->+|}
zxURd`4SU_N*MALPwQkS?<l9gSxinixBQP9|uH=m|@~Vf@>7_?L#Jt-2Pp^VETmUYM
z|LYtb&z=A6?9cz~q*SgMDTV%g8&h`8xtcqw-NpXqr0VW9^P|RfJ@3!uC>>+I-0fYC
z2-slz|2Dxsv~--<>x)+PFjmbrMKy@;+hmD+x1%^tw0{*AvAy{VdBnOTXKfyt-&S}S
zCfUd0{a(si`X4DT__}7m68+yfo{RtQ9ryS5f9#|*340Uz`%TFF6=nQmkH@adTJwKO
zW5Vg$`#{Uie|CD^>ipl||GlHKSsY~b(#rYcpPE%jJoW;bV#?&j%~c8WM%DT@B#f(Z
zUelU1SAUx3r@r->_i|{6GAHGAlMfLryf^xOr=>~$dlMW@iM&|hUVSXH|4zE|_kZv2
zf80$ufD6RM(90{O)L_e7l3|#UC?xS15)@pcF=n1~pl%&zSt6Ifz$Q3~U>wn*l0hUM
zKZ6uUh?5zXa?E;;;?OyO7?0H@%TJONkH|+H!ha3n6Zk)e9{d<bw?Je0r2q*MEU(1E
zp5wi``f$Z*ik$;Eqthvk;pej}2uaEuZ%lYw{;R-uyy3snw*1#Tn2g)vAM=yV;&#!{
z5Czv+BJaLq&Qp)wB+gTBh_0Qd9-k)8)Bki1;AfN)nlX6&>YO=3{r!pq?sz1`sIBUy
z^ncf{(Rgf{|Ci@4U%ff^rr|yNXrBMQUZ>Zq&i~Hw{{H`+l!Lk(qvdVW!b~!k!aI(f
z_|mRY_tyo*4U6WO7|;<6=35)c2~J|TrCDm<q^NyP9=zuNkAc33Ic!dB;z`(Et1JJ7
zaN-lJKy{pV)Z_vv?xj@1Mf}uP_Nn_D2Y(H0KkyxAFc=IGn>c>}p#tSi=JLiq^O<Vf
zT>dS8G0&ttA++?Jx=P+WG7vTZQ0}GORMWbCcVPk@a7SQe@({SG0WMuQ<-D6<7||%A
zH<GOK7Ws%U&J;0CW$`#cDVk!AQ)cb}t+_T>kw{+{O49rsf(FHLoX>D!8iI!M8Gl|C
zX>pn=K130nE4bJB$oUNJ(jr@5UhSdEMx9I42K7fI1{K0xVGgJ!waD4)SC<SJ7F@(}
z2*X=I>d?p*M{Uq*4c7fgpjLYq+MwF{TKPgIIK`_Z4cRSf^P!ys+4@6fV_A+GPqQku
z?}?m_U{J`FU^lT1oI=L%nw_p)wtqBkMSRqt-1;`t%lzMUlFKO6YI4dnU@P%zx<qx5
z<8_fm5rj0j7C24CG6Y5`oz^E+*koWDsK4=$RnN!OHS)QdOF|<lzJf#@t9!5_P_y&6
zEJw3~m(KQ5^I0QaijN)$sVxjyad>i_Ayavhif^}sOttetYjNtNMx-qSIe!{A)NDqO
zqcIqBNO}vlkDzwW7O4@J<5h81*VfO~S~ZQ-mQkpO5(Y9=%|>i#Z}=~2;PYIbD3g|E
z3(zlx5(dwYkB{z$TxB<5P-<TfU6C|PXVUWEuX4Ep@6~S-kMp>W5l!8q)nA^NmD-Tf
zYk8T4bZ)7j#T1WlisJwqkAJ&2;nV0~S)+$y2AG^)llgRCTN(Db6R3k4$`o0_<Q?)m
z;qfhFH_zS$Q(NfmimwGzcb<2)gxtI}P>bBI^#A(0e_b?<aj+CkWe%_hLvy>R*~UQ=
zY7cG>2-L=b6ke7rYgbb0)giwX4z;X-hbaO-l>~5G1DGE~_f-BnFMmj~f$6LUQ&S&;
zB-4rZwvAx7)0sXPdMaJtU@3Z2JC)#8(L3tAA=^jKBqhwpuNJ)<d-Q~mOJ`_{&clZr
zy&OF=ek+aMmN69Q^)?<o`zC<J25WP6%`G6&03{4Q-ED+g<*w2ND~-z`3gG3%>mB=-
zz{t(+X5-c%A+7c=AAeRZHbQx?S=S&TtsX8PRxUO|c`upSAR(<DE+1AdHbS|j(VLTy
zRu9$D+aZSclbJOq1LoS9U*wy#)jL=a-Di<sb2O#_Iqi4aA#MV>d*WtY4m01(=PhPC
z-UPRn-gw=NHLd${7JmQvURjpc#%T`2_rGj}S`$MStuILUe1A`<SA!A;-*3d3&Q*c~
zGP(tff=RJk4;eEN69d;}n8P)`eIfVb-#^R${AB<r9cR)G;}iyV)WX1XoR^XGJ##X{
z(d{!p@XwcTevrXaDuXbSeG{zW2Gnl9wDH7GD{>$}F$}RVX=fzFA>2$v6Qms3p>m7D
zUu9x*G)*G>?0<I<obhLP`t%)1o<8;ApEQ${5*DN&h>4<jZ+%p_H^+oevZ0K$Uc6P%
z9!7N7o+8F^s;JYp8aw<NgV^?E<I)uWhmyqIMhxJx^B*UtN7eYh{?R`EcPFJj{?Cr~
zLre$zl|%F1m*VmY8FX`V;{`Jus=z@hi-H+$muj~U9e?NC3JEewmM}n2<VKXC2S%FS
zOo&isDV||rUYOK)DjGm(wiLx7o!Y@h%mYV<8OrRIu}W)6wf<pRPe$5)QK3mDXo*vy
zprmnzSSf^Qcxyft-3}JsD?2C@o(J!&O(GdWN#p2Nbyi@bu*8H<<nC+yKmYaLTxRCB
zx_<^Vg?}5F+}B1`W~0`jmNMWG#bcbSV;N^99+$}A)sKT6aw3~G!I=_^Tcf+jIyG|$
zB!(W`pj+lUPfKwqzKR$ptfajZXO%Ku-Yc-kd8)%&#Bj*S79U=zh!+^hcHhj0#SCO{
zqM+?SZCJ>d7WH&+_7Y6&7vi8AF%%g9!-0g^aestmGNq|7TvQYnq46_N$<rj1e;0Oz
z5~3<t(o8Jx%TTmU@?S2s<=r+LUi_%bGWp*>I<3h6)06H#{(C1SA7dY!1E`PebX=IB
zl!)o%FRG%??fLMsCgd~FRl*{W*WVyMG{3HZ@sz}42Vks{C6z;&ZD^MTJv#Z_s`<Uf
zC4V5d77keuNH@7iEagZJDUC3S3oKi<5NbIfy1V(nvY{En4`k#kM}c@*JlA(sETBpe
z+b7Qs=H#de>C+V~`uxOjSzD;!JlUiNTCQrc;Eyt#T&pLPBt;P6GZm-5T2P{dLKD-H
z-0I$pGJim>x$@y%%pE$~w;oA5fHzkT9)G;%)}ZHW*=lI74RQYQO7K4T{BJ)0&G>@c
z?;pgwRn@{W`G0y`J^y{&+vk7ZO<@_~*oSwRad>G)8ZND&cJgZgWXjsw9P!e3A=yRL
zA>22!BE@lt(?u-<AjWWhnGXIfLy<YbtWH4}+im6=Z4_mA#Z>jHLt-UElJ;Lrd4HZO
z9mr^@8i5x^yy#;_zI9(_b&6RFEhr~L7ZjAIySWeQAp4SjbE&qBj^=>9XJvgVQM5?k
zu_V>LfN{?4RiIQ+7cLO?Hj66InC$lNJHL2#cKbpGuQ7D_IGKU7#&Wfx%T?wAy5~vr
z_4uqZE~d?81GAhICBD}X)RVP#kbjrV|K;-E%Kf{R)Gx{s`QPiFR`37o_4fJScT;Tn
zZ#*TJG{USb_AMq@EbPVP({r`dl)blA-O(xnRu^x3>8Yvix+u3(Of*>B&Vt!ELF^R`
z<W2`G62)aP_dz9C$n)pTqhBYVR=`<EYbmFiaMmJyG0J%YmIjRL^g;u|y?^^7EG>BB
z;Yo)m5Xw7`g82f;v4**^IG6FP-pr^WO^`88r(Y^%04m{4J}5Klfv6^$er(ydFKg<5
zow0gdGhmtiKkl4V^Z%cm?DhXn$|C&_I_vskJ3uqT(zRc0tIgWN7HTzO>9GWP1^NX7
zeF^XnEK^sq$P6Mnp!lmZ&wsj$t(6j2u0Eg*g!me5whgK9do|%6TL?d5S+4(!3w}0S
z{x8x0-J^cLn*Xi0zyE1R#n%5t#{Y`eFIZrywlCUH(qv(51fX;*Zyv4Bw@a817aKTK
zb0JgTun(>7vtDZjLBbLoc!ms~{8glpf8Y7VL+O~k@BUI2Gfi2ByMNDmE78nI;Do09
zSt+Hbx=+c<VcDR%mkDK~bk`;Dz3G;3))lh3slUxSkrx!c?^H&o@N$<k_kMqTe3ZXy
zOfy`)s()4JtU;?nmA8G3Z+&Q~P*I_nC~FlEYYbF=)FRt99*uCoeQ3R<SHT2_S%iz1
zG{G{=$A{LrfU>m)z<)N|EdV!<<yOG@AYogZ#U-a|WBN;D_FS6S`D*n&z186oQZXN}
z+Tm&#th%A9rt@{`=q`FSl;2Oz-^t{(0q(8{aEU#?CV5i--sbyNB#ss^xxi7U*dJ4*
zSO-vi_`cIon-0~x2CQAj{0bi*LOgTz^RHvdOW5c4GJOk?oqxy@L*_MQ$vQf%xP>R>
z_gFOFo4*#VvcC?7`O<Vm9duRWe-U)g7eiOR<$n{l(}L|w=epvJN@eg|&BQ%3?wlDH
zi@^Ic<CbOMhCx+3aWrm~GhG3Py0>RXOuDg5+6cVvE+%SsR}*zpvAo3Y{Nks?0vWzF
zQ??F<`9{RM#(&DPSvjE|!$jW3RIag>MXSDz)J}xNrn=&b77`D$7Fl2VY_=BJuK$1e
z{*TIdz3JZ1cgy2HPWmUO)%?%B&OZKQC&k|XQHk0sdp~OUR|@)6RW}H_mW;k(O!XR3
zoHi<TDts;Yt9#m;h3c=dy}uB8hPeT~*!(V=<91O0{eOX8W7oZUnqXE9-Pi=H(na_3
z8kvsQ(PzK|l%OGr2q#$RCi|yJkxX<zL+;401@arCQOE1{w@f5;$mVe=Wng#!a&@;%
zE)*pb)O%!l<v?teV1L>Uy$qyzT#kfx_bj#;j)#<7`Bf1s;X5-Cg|dlnRZwk66V=8y
zEt58<On>+BD6_uwi7;p9agg37d@T{QF?qh<C3V&pG+Vd-m#_cy-8A=D04`bo9raGC
z`Tx5|`};q3Q|$GhPRd<b0GbOtmqq@SeHZx^o~3n&<tJ>|dS5A^d?lY=twUx-pNsU-
z*bd^Vhf5WX(lO?iKY3l+Xh-oDNmK8S{UQk_K!00-U?>i&jz{axtVJAVyV6xG<wCdn
z*7nUGgX6@*P<s(x$07cxTp!y3a?Z~?zk9SC%;yWhtUq(J_Tbk{p)HU7T00+KB%>IB
zzi>ub0Os%ch{l7KmF+*IuC3n03|wOWb$b1(|G(EiJ>J`YyC^mGALtv(>+L|z2TRSt
zN^@iPINev*@ne(in<*>L|0#_LryK19E}8$`PQQBoyLZ~#&;Om2y7~V`4R!te*L<+j
zhG3<^6%QI$(?M={&bZpl{r3;+D6oR)+v&mCd92smc3dEROGrO9)9%Z@?90CF%e~A0
Q1^@v6|FU7-ngH+s00A@kZU6uP

delta 7549
zcmV-@9fIP6JBB-uN`E9@NKx{y3~RG>*~Gh>yGh1nXJ%_FH5EZ5Bw<Vu90HW%O?-8)
zaj$nza)n<cNKw=e%W{$trYd8RAkf`tbT=9ebcT{}f-@I?<Ty)E?2^>I#={AvSKXHr
zlyUC{P2=zGRD9p}PmYe{|9#)D|G#&5bo^cKsDE^Pc-;4UhkxJsy_2KU)9=8)Tequ~
zoN<(W=ij-nI&xo0K}kY6;)EtFZ~#KYQB22Ph&Ye2M`$<187CuxqX0CoG**iUOJj87
zCTNNSIMdt&ug~Ehiklk0617>1LL7j4Snwf9U3SAbo;H3*SpYFf@{f&g4NuQ-#t2OU
z_!IQK6R+p`&41N#j1j{c^p*+H_;pU)kWN#Y;Don-jZ*TnfoRrqP@0xMeXr-8I1y%H
zMp7=HeRcp|;WVZ<z$X|QS_DpEN;nxKj^XMVgO@*_xqZLyyU&h~kDLh=_)IuYS<vl{
z37_OcFQijLpRPq~1LGCGxu#jf0>_1Lh8-8mN{$Prntuxnhj~W$jWb0g;fN$SlON$J
zBC()D9{-!}NA&3c81i0ENfP<aa%wZ0XCaoYu7^Z1?vkp0&w1!c_63(V`9DK(j@jK6
zz!Ld?czil1|4)yO_VRxh<=_Bb#4)|bQ8Ckn&<;tIF$bwPMw-7qe<>aZ(CIh_2k=s9
zh7fVgV1JAgoJl<bBbpV0BDCsA{em<81|?{WGw~DP0L~ILjIn$JQ}qf+!tq!&=gEGG
zH*7-lID#Pt6lWMkH$W1`Q5@q45SNltNWw7A8JDUG0Lu=d0C<*T`J@mKosJ_wcs-Kc
zyA9m~VGt1}TX+g6ih$vG1dNOm96^Y@FylZH7=I#$PmTocQ^cjB_)DHdF<!rqJdG)e
zWMu{s;s_q8Zk_^<nd}cGk^K7#-#iAyB*qMf8Rl=%6bo<!9SY^@fb}*oW8*TM&2Z+5
zj>K@j!W@y90UFX=5t2;N7z-sc#E|BK#GWIciJ=n@&S^}-n*d&q-co*^VTKc~UtP)$
zS$_cUe{ldZoKi+O&29>j-z2yJI2sq)@IdnhNyae6JR>0koJ1)l33m>RT>*GXID>(1
z<HHD%7)Kv6{9BG0{}9qV;e+D)>j_TqOpu>LhJVE&7nI9pB*YMASPciwAWtKqRB5W2
z+R+UN%nN=Rp_mEcrZnRLJUco%bS#E8N`JZl{iCQS$a$X8DdrQLGx2fp<Lskq$TVA`
zXqrGdpNJ1W-gxkCLKx80@XxO~<A7#}#IkcS2hlV-IRcc069?p{=i<wtIwwqL1s47@
zU;ZoxTE1I6*yeS0z(r{q^eM?Qn&HU3%7@s^hA4C;KKc_g{KuXGBEy9dpen>fjDNQI
z1u(@^+5Vybh7=FOG!LNX`_lpt$qNmi^_xFCIDoe_!Vse&j+rE8N+Uo_O#7+8```dB
z@Tjz|1UgxQIcCxrrXlO*3}@~*ClT%@G{P>!F%HFWb)AC)M?AWePiPjvr(4<LUtYX)
z1Wg2>HEU7G+w-5~%zq<+SEP^+G=F{)&W2f4A)-ydIpW!bs}gOFU}aT3eMCLYr|0&3
z&`_vn;?Y6L*ZR{Jp`4{cI(hK#f{}BEBOoKwpjU9Orx_QXYtEf-B7g{wP#()c`hhSG
zbOeIjAk0+G#0=y#784u8BY`H#FoXXnMiBn|9D3f#V@KDLYa_wdHOR5z3V$(goC=oT
z3pB?u9imuJMXh6ADWER!m@qC#+39=<c4?da$MH0ch34+Q{qfz|rN=+=jrv$(|M~s8
z{U_Ei{k{FSi}H>NYlw`*A`|fj@c|RWK+uQ_<0Q+Iz;OVCybE~@u3K0c&p&+v??SDm
zy|?Bm+}^?%b1_pGxG{84ntzI#hPR+I-=!zo?0^Tiw@>xre6Df0z5OEQ&(~g7oBtms
zI8JfKJf3c_6kIa@`zL;V{`dUT{rula`Shv#1ZHF!0K*(cB*y$E#m}dLEa3zP@T7Zt
z>xf#;*~e5aJoM5+s8#WID80mvuICEvOOm#E?UogVMg&j!ndPkZet%Xz2T}9K8O|~i
zVfZXoZb=9yhw@J{z05}=@)0_2*%(eD`L_b~r7-0&prVga9>+KETaIGs%LJ6B5(&@w
z2Ue}i`dsuO5MnUIA<7vBMyJ>|4kYR$g5!t*%CIu1a3rk?VUj-@Du3Opx0j->SiG<l
zhmTjIkbtvFr9a3HgMa6%lgoTbMv!3reN}dv8fiunK7!64nfpi9sZ~-Ru0;EoHMQAU
zrwKiLb3+M#Q;r2JR@fvoCiyC~R8>20d+VSy4PbSx<4kZyxLE(dr%we{F7-O`_SVr_
zsq$KDr2>V58UI0&h+Y>y3AiS4EIkQkM5SFSt#|3umc}Z33V)8MGsH2y*3T__RIuAM
z&8}jKA_k%HiLh{jqdYe3NEx=9oaaFK(v`~-t8q0fE?i+@rrKWjjsqaQf`R^4Jiwz7
z4tW5bxAao?FCMG4vsm49&cwv))Cac_45rsa3Wn;ks`UCVY)RSLA2ek@WZK&9*ptFc
z8fBq-jplg+JAZdO>wQ_76`fXAe?a-an*K-8lrXUt)dW?Zxm6v*%l7|H>id8FBmczT
z>;GL8+s)8C%2&_i<eT+|n4_L^MUp6hpHWOA#7Q#NE8>?l8If^bddpCRI11`>&h`g;
zmNU3m*Wcbc0JTj?sCZ5VFeLdEhujU3JId%(iuT5(M}K#j%rEt=koy&vs3pgt@D08r
zQ_MJ;rU4{*92eVKYxXlM$Y*M}VTFMDsoIB&2~M~oa6!<7a(J{VRUa!PY_GJSSmW2a
zMop86k1a=!D4QT|eX6&87mb|pEFwM$psVSHT@8Z+FhV5GGhBEj#|h2whU4Kag2H37
z&;iKuSburXTtF%LTSoI#Gp4KD`?kBTcr)wCKMEgm@#5vh*^75)`o~Y_ugs5{x6?Hg
zXZJY&SCjwRbjfIpH`oqbF8@zz^1tu<hkN<Ii=xGeSlAWf#CTl`=`r_a&L8_&nl!dD
z$%ZJD^=L-^Rna7t=uwr5uf)7p`sJl!xC<I%OMjVwHvi@PCP^6QQM>8y!Dk>zgcA-&
zg$xwSCnb2SmDKI6TRt)1e1;6Cu@D8F|KEYmhmLAvBatt+Ib1P=94$_2!o-z(G&tcx
z5|`w1YI4B^POos1;Tgf#%#oX!L;Xf-Dcsy}eHiB3W%*EORTPGpvDWrocR$oEL#=0t
zn}1;x;jA3)geDi7<Ud{fplRCGwX2jKW4@aO!rJnGNRo&o<8{=)GXGz{@7Lu2;bDI-
z|94XEWgh=U@yItaoi+2jLLfR~3S8ik-l3I3wuNvGz`T$%V955g(3SE*RlTh2Xl@9!
zvzn2;HSK?Udw*Kt+v29u4$zWxn=G}tO@H$6e5h8M4=oRWZ)G+8AIUi6DNZ&z4zNW3
zpPrr^*7yHT`X_t+zl&1w|D`GG&WwxiRWarj$vfwpV>k@yH1$kGxQF6&g1oBhKBZ9r
zS)On*#a$Dh^A(Hn73CUBu?*%C{gM!|ir>vVRLz-<4;^oXcsTh%QAfMN*4@K`qJO3d
z;VK7FwpSm>yAGy|&)axFpOsF(Z44@ap}lO6mS+^ylWkf)szrA*9W0ux#6SX|Y-|mQ
z3$81N1G_O{949V{q6{<k-1p>vfyGk>P#J1!5mYpir;KM9O`lIVPlIl^*FTjF^qLwd
zG1X0VD{aMe%qim$&a&r4ShaaMdw<^Ziw7!>v`UqQyL5sgt-#3EyfU)%_O=~(RiC4=
zO$_<)+zM&!tk6ao0xLt0Ok09FmBA`lO~nGPFg8X4nVo>rAy9OZQBFe|2k`FYdGXwG
z-w5i`f1+vJf<{rjoO3<jh9ko$A_->fJflM#SpD-by`<q4=JrDqF}xUTl7A3RQ2YwV
z=;jiKG>KRM$2ML#BQz>rSzHs78Qv)<dOP9WB*Sb%<ER479HfW7B}S|*l1-(+R%T1{
z+^B_(yeLkc)xKM2j<n8*kWQy4iR?MiEd%^jnU`>8=)^!ix4N<dYi;mq+ltKxRq6sz
z*Q(gM@}P^|;qs>D#(WN(ntvjxPWA<L=R=%p&>OF!kp9otliju6Wn@BI>uV^Mh2*F`
zT0>4Q81lN9RC~2crQ~XgzOtRVSld6Yl5KagzJa1M8s}5|Ml8-NgjF5bJK1I9Q&Ia|
z?Wyu<+P!+l+$uf0a?ddt%P(!Xgm(BbiEpf9RIp45-M7k_V}bh;^M7|$NIL_xcC5s*
z!W(0(g#De&8{jn&WjCt4HT8k6)Mzs4=lHjBwqgOCm5?+W)RRS!+7WV%fZ7!bI8R#O
zY&u`Ek#1MhwV0`G^Hd$yv-wFY@i#QW0UY&hPOwk*Eeh(e&IaDzR-@)u^ZyXWa-3~?
z5_pOK=lI0$*Ux{P9)IoqKRYSw#%H;bp=DsQc&%fye#RLD&&8TMCLB6mXL*DA46fB6
z83E1Uk@pg%Xh>qh31;4l^VcS>#``;B(5Z)l&3c{3@JOonF^5MnPU?_(AN<GQKZZy6
zH+V!6-uS-v7#@xBg7-b~{bQ&_ILt%hSoYPX*vKfmt)S#DL4T=tvI<Tr>Te5(Nl#LL
zH<<NS!At?P8EU4XA~;euw!LwS`TE!`fXS&E{ReP~IVZ^&q-f{nFgzeu9GqN@%axkc
zn^EO7|3>!ds)~6XXK$1+`CLVEY&Q~dtL=GuXWNTuh++posd>E@Y4#ak%ZKv8Mua5h
z`}Hjq*LC;0VSle1_PXJ#)(u*Kd>d+^kY?*>1cu|$rMxjlUiDBpz4X9`m{(i>=~eKC
z3&3UZfBxao{Q2Mg`JbJX+BGAU(4TK(%C0$A3rDrP*x#Ji-MwahG`Ozk{ka@vW6YPk
zy{i!c8*KmIq&R?%juU%*-l-qPYS^Zz2l0KIEK%%slz+#Gw!$K|H-90ISeN9i%_H;M
z3irb#`&hi+OIb_*Bjp8O*9=&q|NW!6`2YUV(f<CAos>3VZ$f{+37Nm5jDP6y*mYTJ
z{!eK_I9+=mXxaHszu%ji|EK%&KRYR##X;6Dt(-spsab_2V=tr`rc7SiT$eC!RIP7A
z!nhjeHGi#1bERo<>RX?AuZD&wb5dS6c^|>Td!z4nTH55lH^K3g$cq*3)W<UW@3=RA
z|M&j>$K8|zI7eIzy}VLN4Ys@`8HPEDBa)0EMd1}1W9B&r>egYFr*a7lY=Yw$#xWf#
z8AOutQ^;_PIGJH7$E@cliJSvS@K{~4{3y-vh<|*<5nK~Kf&cT^gCCRl252I`6d*y0
z<&{|2bG%oVA1*n~uyX(}>2yjH`1$1}L?mO5HzvF*|5e~S-tb>pSN>}rOvYXDkNL@F
zNw;ihh{CHpm3QAU=ZVLzQ|E~{L|4uek55zQ$$vTr@H5H?%^AFYb;cZ_{(i+FcRUhd
z)PGg=GWzS+Xgs#f|BJI1uil(_)98+Uw9o&3-|zS9^WX39@BiOPIcT~uTHZD-%p`Lu
zyyM7;FYPLIe_dGKuxO5n0Ug0$zO{jz;3R<?nrHS+irVMo!E65i80d?bqxPgGo`mhS
zy7FHLCqBUnRL6NoO)h})UP>ig#7})?pMSc)anQo{gTQeHgTWB7iSq{#Dp1~JE^q8J
zpQ*OZ<=^rb^Gv!ELMz{?tK`ii17QmQ)n2-7HLdG+7begFcLY`@4}qH+;L3$l&btYQ
z5shPdEy*fxk&g-EOcB#m7LQYup(*A#W9AOfhHHZriS&h`BrDD#Xiyx-`3&c#A%AEo
zpW#)R7N@P^eH78Tf_t5hoX_AcEwc6H)$Xfo)VV}$(0oK<P$S$W=71Vfi@bdO>Vg5o
zf{QqgV0Z&a9U9r<s0})u!MYy_)Ee(X8`N80D__V2XLyyQA-hFwKD2WnTffh2EXz^j
zSzf319g))!3<|jl>?XE>Q^*-!vwzdI%a+EijE@>rTi<4Sng6>^av6nMLr$3%Y$aZ8
zm#7X3yw3ADhKPn&0;j21hQKJJ)8?cKn+!|~^*0`}`uVt~Mn2bbNoXX+SCFb>b@x^T
zYIYu%<!ILM(%D`bK5NBG@zFgYwS^%o4^OT$WGYWm`R$gFsdql;EKZ%&ihs0)AV=et
zn(YX3GzMc1NpHdS5!BAvGBx6IylT$s#`=X?tEZ9LG78O5!a$~~*@!Le4gW<Ae4fh_
zWzy1Y0s5s-!r<A_(c#^YtL-KXD(&l`E0bpFOj;iNRW4WHz4}d(aS_)sqM2K^`pYA;
zQX5iwB`>p(&Mg(RnBfu5aDNhF<8k*Ud>S7tYxJ?00Vb!{WIo;3R)&4<1nQuHGG$gU
zd58Q?czny)&9isO)E0WX;%mXw{xg3|$jw^=jmYgv|F5t6*G1D92TRdZ<^a1lG`EYI
zZ5*_rcJJnZKy4gK;bqCPZY`x=6Y^W(P|F&)pCa&6NdUJsfW<*{Pk-gV^TISAn9dq7
zHT5A(bDd~!+X(i2e|m4|sdRmVrRYuVRDxSY@6dlkwvV1kN?43vBYM~N=m{a0&CnK|
zhxa#n1$t)uRvNu6V<^z;Z#;VTO#q7x*7oe0TR@@(N*H{)-3YbXU8M_F8W%$p!i)3Q
zJN7Suk(<5E#;rv{T7T_d+^<}0h4N0bu0=vxJzU(cTx^B%PBODaLRvjs+^<}0g>p-y
zHzy&j9_pjFLk#aGGaF6@%(XMW$Tw-Lcd#J3%ObzwXiN)o+V8YO+yruW#Lc=KX1<xv
zTg-O632q&|@wypnTKDBF{QmQuvMjHS(;SBHf7uANHij%)Uw@GB`HoPp1|<x>--t7v
z%M^!XbORWLlXABna%LhX2CmC6hbw&ZT<*uee_H(c%K%U|&ZQm3DGcnWg@NZdFJkF?
z=46KBo2P)_pD*70AcLn=24N=qCRoJ{sNH^P<B6YE<UoiL7-C`4&PaqKxSoh6NHwxU
z<ram%%Eabqnt#Ul>F*#o<InKq$vcuhc@n@sX)Y-xEJ#5R6Gidf`lxhojtQUSLm6qk
zc&ng0jOnmDMU3N2QKxG)_V{ZIV%wLEOI!RON>g_mF@Vd?e;l74*5m(9di(g_os{PI
zKRenFF&*qz4b6LBiOVZx(Dn7T7tU~`0tclm3TL=msej#l>^NsuNRUyogaLvwH=+zZ
zFw*pTLWDBQ@C*y{!lcGi(Ev)bWhja0)DAXc9ymJ8P-eGGR9Z`_^$*i}GS>Es3QaOW
zOPmS?C5<!0Dj`h68}q5?cCheX*+HrBJa}hq63Gxsn#4D%vl1JHB_@0#cVCnL`LF-x
zGBdZ;{eM%S8C=WczBZ~d8?_F#lmU+@8RJ47%Q!3XxIzZ6c^vGJ6WOc@&Xic(7~MVA
zshJ}n3H0F_-LSxUQi($eRKz%8744-stCI2ZPJu<v6CKtfhC@cS1n^2lyud)V`({2Y
zW*~zT1#Jgv!$QWisHcOMFTlipAr7h$Ly-Y69Dhof9Y<IuQ<@3GMMZHDnmh%SJWWFR
zcVSm3A*zBU&BXG)3`N@}|K(C!-fgqt#gDoylm91&r#1P1dUU#v|K3R{#y9}y0GcB^
z9T#ROBVsxQi>l~zdjY&?2>A?km8cBl4K|1mEv_qIJR`~20T`=fN!3th8`@<-k4|y7
zYJYLBaRtb&g+rDE(oHTBO9hfcN@I+Y63dP)ggOq0?yf(ud}zk-0~rO%Q6OHH&-Gmu
z3#d}Y_Q|t@1vwf*`g8@0K0h&B)fOr^Pd4d+maCd9_@fLb*XjwSX&FTLRK@A97L+KV
z(8RPPx4Ji@${$c@u3~r>bBB)hZAQ`#;D0TYg9op<HR#1!wjSDRLtK2k61?|5|J%=h
zGrl1A`v>uERkg58{+}Mz&wn5F_xay<Q&>(o4&WVT9A21_h6`(`o#Gk*nX<MqN4)f1
zNOlo*2oKDx$Z!(jY*EVqh%sDTrh|XWQEW~yt5eYBcAL3I8^t+ZF;)HQkXXr(q<{UF
zP+sIp2Qpf!M&P*-FZ!5KVBMElpJLWR3#!S`1qJ2lZXSR-$iAfCLaHsJqd8#jSy`Vd
z6fM(tEJ?L5V4QP%l_=HJg$sne&Epz0CcFK6{}<2BZePmaHHNMjCo^!?Sgtm7h00t&
z_abS&9-mdl#k9F>V3w1j!uJ}2W`D9a4)T)uzg+%XxqsJ^`ej)n|NFhu`u%_X{yzWv
zZi+4cji=;-#+X&bzQqKKg}s=3dahQQviG*?J6dJH>f&uLJvG%`7u9yki3W??Suh(X
zh`pkr-05ItqPRTa0jLBEMgF{b^qb_<3OEaCE#*`j&RV1|M!879(t>f5UVmsoxPNzq
zr3G(1JlPP1LU|WaFkc`!)-X2~=Q5r(n;8wH33JBj^h>1-KrOr}0A)tq6V*i14=wxl
zWljCBGghx_1}xM6NB(g=|NrsfUjOf;EYkm=v#u|;12i)%UHdh*+O92Zq1GUl9!ikc
zpkE-+mjHjyGIb@3%pjrzihsX4^Q^bnTB&g5>I2$Bh_BIR+mH&sR}=1`h42HG<@&$8
z;Ag|-{}TP*J3Kk5=YQ+(?|<4+vGsqM@xP|^OBPtF?aMZlG+7uM0Vo^Gn@5}T?Gh%$
z#Rd-5LdY~X96+b{wBK1lkgyboo*{!Lf0b$E-}}FKC>yi)y<e(grhhHVaPMh<C7Kxt
zoYIUxt)%o+_bFL9EL&9fGNEjg?z#lNGu?{Kx>7c`^|x6k@`A$mer<G0FLyO_@ApSX
zhsC?rG{g0)`d5X{8nil8McY^SCV-9#6%~q!vQ7!H#z5sqEwgRo(Flh;fX-Wb8BTDN
z$GCh+Q!K-L0_dCxD1SR^0Bp0}0&t61ZUt-r61KHjTym;5roS|1FQkc`uU6mFTOTeV
z6^j9D9IlqZY8t9~I$x)W?xI&i`TgYlolH&};NFS=SJ?Awk|)jYZN6Vc;%EU=2pn~a
z{UJq)bpR!R?|olwI@IqPuy!4bD|`Zo@XXcEzm6#{VV~d241X*{b|Om*nb(vh>*%!d
z7M_gXVbOeN{#vxk{yG@uOVbfe(AACqMbJH43|;k>|4rCV3$`zv>&iDOmBBML6Zg!x
zb7ovD0`Ja@Tb6+v2376E(YRI4bOjvh-ku#X>Bcf?Bk+2=n5ey7P1H@r@)EoAi=Pq;
zWcb!h*(Mm~8-Ee+S}V(D<%D_&6L}j`xxrc%tp+wyI}s9_>WVK~NZij_WPRzg*;-_~
z{{Q9sKPuz(rh7l%Esy^=J~=+E=YQ^<?BhRnQtbU7m8iY8_oIe?rJzq$b%UU5$><x#
zRId@mX`|Al!q<YozNfuesQwz;`wO9Gm>bZ`&F`u?Zhr^$-yP^RcHQfz31;=sjZLts
zTy!t5k?}oWp8*e1iiRX6oM54w?4Kq@GSLAIg(JTa$Zw2BzSle1GLh6Fn}?;8f#Dv=
z)!Q<;P@GOs|AFaM0I^kq{b@V&GLRN=ITG64v)E!d?o)CVS4FIZ@61FL$|k;5LA4=G
zR2$#4On=&(GQEeR%=*$N#+;ocVRn=9wM5Xy<oSM=)LCE9Y~B7}zW&p9)7)VJxMclz
z*gvl4|L^tp_kZlB*y}%?l)JV7G#7X-i~OtlE{ZEWE9(%;PuQ~czEVK>N<O_ths=sT
z7wMz19mI7Hmns}(W6Ujo^18Iqj^Ztnrr96+MSl`ZfVKj`P!iQ0kJg=8i#W`7rK?!V
zg>Lt)?VCRY$BBoL_9DDaBK%RgKDGnooS%1o_h>no&lZ5$eCB5D!EcyCTORwhc0RsH
zMlk??;f%5X%-{17je9LC+kZ%1TfK=HxWxYR`zLk(fB)q8WN-iNqBPilpl>K|wgWXE
zEOs>qYmMFEbYD})4^6gjrmQ^wr!*m)ZnO`$Wd8U3lluAZ{;9v8|2rv7^Z$(+>gM^c
z`Cz3D!CHeW9yG3}gWT|(alM(l?;kc%U<J{)(}T0~Sg*P5xIp?=kbY>U-IsmYmwnln
TJD2|r00960{9mzf0Pp|+5}DTw

diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz
index f695461f42356154cd98cfdfc7452f01a97a1911..4815f2db506108416d67e4a093b8464c616e37f2 100644
GIT binary patch
literal 7586
zcmV;T9bMudiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKD5a@#oa;C$v&^vS!oaW<qV*_Jb`&DLcd?{4lU8JC@zt*z8l
z1d))0F-33)P>wh8)xE~O-tS3%g?}VSQGYGVNk;gPSR@E^HyYiIMgyIpBpl<+#UDA&
z5)`{6b#L%sOzCy|Y>YDQ-J(hS-MxzM`+o2ESpM((e*OQ>aj)}T=lJ-v)9d-Y-qCk{
zr+3mh{to>6b-P;08AsW7{=NIEBlndQlq8fRPH4gc2OvZo#dPF_i1QeGgtkMRaWW)0
z3PAHpW3`B|G)A{>f+jeCbIncg`U3u?xT*20>wJLSDb5(7NdSNP>kH_3ou22rKKunb
zUbid${8Qtnq9c}~5C@<h7A#Csm)$asCyn1x7C=mr{A1%=GaV{0bv*-8*E^jLQHEoT
z7}g|MFtHlH&WRh+NlFu(@Wo%Fl>BVKn|2(Orq)l-_k1V9EX+vC<+E2fjp;4$F@}cL
zfK!+dPDY4hxPH#y?B{d0>vw(k`N_$#Go}KUG3O}@+U*hH<9y(SbYckAwuo-vyT-RS
zG>cf^xDZaU<3d@<aluq`f#ERE2)}hEh$I}51ZVOiJV7KDG|1!srTY<mIsk^WHxrUX
zzO$UtjOJO0WvlBUQ7}Nq_XSP=oTrMmk3C_xTo%dyDT;H<?ymrr$p530)04XVKkaq*
z@_!fQ-~e96F}=Z2F-wKe4oQ?T2dOtkn!mm{6ORLEwVZ<kI8&M-L>x01;RI(=kHC;-
z#Uu}{I#R#jjK4t%8sSX*1UP{61Px*=-@rt@0+Mh%Qq6g?pW+Q0(>#t~fC0rBM$s*h
zgmDzdI0D3_loL`cjC01Nssg~WgD3!=<ybx`CU>jl2oPQmW%q7F_dpm#gvl130g57E
zI35BcqXb6~A}`E1kOT&Z;oh;peS)|Y@PEsbD8}pek*6_5k*v%hLL9*p)y*^DF_ZnF
zB$9t$<J&_(Ok&J%m|^}FO|Sq*(4o+f4p?skGd3>6*%W84=tvCbE6fpz8K42p6(Pw4
zjj&J<0}N>{NbEWCnHW0p;DW{^yba*>@Ga#R8D==)`qh=}kOlDm7Y882DP@Gy?6wfs
zO+pudqfw#74m59&WCRn;GZHeuNt9BOaOc3-6@Vv%GwAC!J`53war7a>zvY<m4<XGH
z-Y>qt8RG;`1^GE-_*WcqLAh*7LJVPs)o{=Z@-z|(k*1od9o>Myyx^xHikTp8N;4k7
z^W)<q$6{!sU<=Scih6>a7a5&kKE^o{9~VE)KdOdIvn7hA36%4(_~7HM2k*v&0Zk46
z{F*ZkXo^TII~Q{hO`_g0pe!6aAV0kjUk24VVLB_Y@SpqgXED(7-Tc8eud4$tO4FcE
zNS4tIN3OK|vH=QRiI4t74ZrW5cnXLN7YbZeh=~|&^9x{tC$jw`{|zY~hG{PK_M`wr
z@<PLB-R92@4&W_~FvMtpV<w52(g+X}(|#iGJ~)6&JS;6EfliiSj+r!uX~^0+!<jqE
zNrc-8jj+pbj6*S8ZRg;?5s$9q6Pg9^=}xxzx0h#*posvqX5|Tad-0Q;`EMlfiWKsJ
z#!tf8Fsmv=v<WyvJezP;qRkMjtg5GvsHge#!k!Nr3iV7pIw<*CfBG_%vs6eY5B|4c
z<ecFM$j~(C72NA-#)TJ}b7z|fAi_hG$8wN<AdCYYf*>~t6O%JB138Vw#K!PMph+^!
z;QtgO2yz+HJ9Km{xi%7PU4tAet`PIasbKlNKywt+0g44x)MDh70_qZv2;+j3t=5-d
zOD?kiIG&`j(A@2}KfXJ^^7u!-Q6Ed}KfhbI|GIv+>+kKqU6glJSVLqe7Kn&9hz}Se
z27*Rh7$;et1danB<Xy;PaNWYnc=72Ic$aDo?7cNl;qDGbn2VXhz>T4W(p1zmyalb<
zE<Mp^3p}{Hd!`rFGmXRD-4`)`zV@=({Qoe<af&nM@pOZw;F9^@?fLcj-|2Mr^M5Dh
z)2H@Rn372V409Ng81vf{znBQJgkv1Q)Arq+BWgM4A5*#T&`S%UR>j|;^b$L|o-4F3
zNfym(x2z~MB6!NrEN8X%v+_BJnm<l)mXQd<XR&fiLg*dIKgr}O9}dY!Xt`x$IEm!n
z3e+=U%40x9AHzJ3Z{fEb#nP7vC`~02p7SrPT9@^?=tCgHV1PrEGYpJQux%Vj)Q1Ge
z5d)NAWl-TrS{1@1e=<<MwpVYjL|w6XVJQv|SEG=Cvr45u$PR-StCP!oNrsSM{e4w-
zni^?F5<Z01ADR0{)~Z!fAFf3Em^HQ8TBiv;d^1A{|4@zvELPYgG$#2fv{Y4FaChgR
zG!0;Nt>cVwMz~o2z^6|IRj%|p@$SyiTB-6{Yo!8(f*Josl8D|EJ_)!XaV$LvW<;f3
zDy?_vn3l#Wdj^iEGr%#u(a$Y=RIu9(&8}mLA_k%HiLh{tqdYe3NEx=9oaI3I(v`~-
zt8q0fE?i?_rrNIamIENYf`R^4Jix;t4tW5rxAaQ)FCMG4vsm4<&c(!Q)d#l`45rsa
z3Wn;ks&w7YZAsbMA2ek@WZK$p*^|Od8fBq-jplg+JGWcweOZ|mt%a=qi1L3m{g0vv
zVPY++393AEt2&04?f><T>-zuLKke=H|1OH{W@sMe>*sRvO*;e3QOCI^Nff}(C?*l&
zBpK-y@fl5qWR#cQG87?>g8H1Z{lT8)3@+C7cXtjzZBr5|o>Kt~Nq)s4cSGb3Gdhu?
zy>aQ$UMBNPeJkXC#U*OVaVUI)@5lr*jwWdUNgl_=meiX4Obhav8g5u2pnj_M&|-oU
zt_WNZG@%@xtV-2Gg@o;u78GmzTGyy)GV!tH=n-WT#H~;D-tD}RGoD4n#{sl8y|Alc
zZ~%sg#Ce7bujDA98QyR_ym?S~Y#KTMSsp9znF}Z-|Hx>bYQ}Vxd*61~6>p{;`A6YH
zE?%5np1*u|u7CV=@yh(Dc{^Q0arS`oe>M59O_z+uc!TZ0<?_E*lmA`6+u6(iT@)=&
z#KNu+C&ueqNROE}Gyd2^Y0}urBpaYm)}tBuPeqehqDNIKz7q3Z>6bIbaF;a3mNEft
z{>%AIk}%Gr#iqXppMfM1PB<JFGEgj^l;E*eQg?T5`NV+p88V#4LKL+A+=AAJmTF@o
zkuSG7Trq<jElz5}#FcwAIN?GPm*jG4a=`^ouW^#$DZw|)k(-$V{YGjj+}v<|7-rjL
z`9Nq@6o#0wh3&iUeyA4=wVowzhEasGa<~(kTxyd4boqm(X<OH>QhJ2>ZWah@%l`pM
zB9e^OQ3K2Tf8DNMlmACY$9ws|lky<*_-~3wzLDvynco!x(GgSN5)btbtrW5g2<HII
z3ONIYY)=baDIZkTtICe%hCn;38QELY{&#l|rxm^}ZYu2nElIb@Qk&Z(kI#o{rTN(M
z@b^|$)Bll-A)er5qvHTe^#AE;@2I~2C#vuD{|-vU|Cgq$JvA=ASH+lDB=3xGj^Qw*
zlhiZO+#ZV4G4iUe`;<ljWO>5L1h-9m&Q~nPSCnfk#WI*n^h-j-Dt<TfP&H>ZK6Jbl
z;^FuQMIG%5TXzo&ikc>bs~kkxUVR|%JD4&)Z{q=dUON4@F{l8B_Od-%o-a^OwrTmO
z7TwKsuxPRp0||h#ku@YPxUL)y?8by~oVX~8GR)Wuc`(8A1B<5&pfc3dBB*F2PZ`fJ
zn!Ffuo(Ao9r+X?J=rlD@Vyc^JSK5l{h*QQRoMkVHuxj&i`l90(4^$j!l`3<0=>$a<
z0wY`V%E;2YyT!n(`W%gHV#tRVR!D1Wg*M6%SQ&a`+7i^M3|7HvDi&~su`v?J>;#k!
zfufU)avIV&fOlsX#dFJjBdAONjVAE|G>Yowoa^{D92rItNibs<86Duj>Ys<{6%DU3
zw;!5_;rU>bgm8l5S2#wuS2(0e!~!_6@xmFQQSr*+nwU)SPC?Pz3Gc=kW@8#h6=-H4
zJ@PFvVr`LZDh0MOTbk!aEo|gvaayeQ-8yq*;fx6BWP*~&o)hgdz+aVF31@~*4CD)|
zD=V<p2CufQ*nCi>E&z3{imfXTy4W2qZ)#@DXTYf`lImoiQ+GDRxdy%QDhlcUVm;Yi
z>s>}BENXoX#WI&1wMT2n$vHz_7n5qQcBzzHP0?4jQ|D{@!z$T!C+iz1I;C+w!EeOk
zyh2#jfxVMmHa-!xFVvnYpQP>U=gh6rvn}@=lac(=hD&INACvgjIz|P{l+Z(~oEa8)
zC^3Iug|st3YsX3~E4(qrO4#4YtN~sVQFf!sTT>tCN{uFyeujT5XDjBwSqVwALG8_h
z)Q*sA1k|ojz}Z^>XVdwTjdZ)3uEk7UG*8uGJ)57j5`RM@9Kdnc<^=m>-@Kp>>uliN
zT{UWcHUAG`EXUcVCxMsve@=RSw|@TPw72*F?4+z4pXEx1mVwFQwT{X98D|i@5Nqz3
zaA<k0<qhgHxK@K?2sDEy-Wf{KfW(9o%)FNuuT5Ny_fN#2RSyN5c3Ow<M5^}@hbJ*k
z>X3OK{6p{$;R*f?o{)q$zV95ulM$Ztz9YUrgj$5dEF_L)Uu}wwjI!GbO8yd*I=xkJ
zQc-_fKumg)y1T)wvkGPkpv_P-4HdzWva#)rTg=zTZVpUN)#yKfE6h1bMj%ByH;3T?
zvEtz5YFw_=q~44wr};OsPghmU>o|L(gvsYBl4HA(h+A#X(>vQ<OhXhq07}j4y-2gq
z_*y=c4>lqsG2gFmskpAY*A08!u-6S=wQkS?<l9gSg*017BQP8fujGv}@~Vf*>7_?L
z#Jt-2Pp^VETmUYM|MQQIXU_ln`}03LDYa`xDxp8$#*|%it`?4JcfP+lt-E{8{Ah4p
z&-!yY%0`$kcY9YO0yfzGzfExfEgdKJ`l3}ojMcDBQ4iw#Hd&(B?I@2EZG}Z_Z~j~!
zu`bD3n@4816&{93_OW=sm$H`rN6HJnt{JdI|NF-?@&Dc9-v0iNos>nw-h}>s6Ec5A
z8UNVhvFozd{GZT-aJu$B(6aNNez#Mf|0kXO`JbJX&Eg>ImsZXm|J1BPl93nE3{xgA
zT&_!)H>%dRAz@sN^P1MAxze;a^{vmmS3^UTIVrE3e28G-z0vnOEsNy8H^%XV$cq*3
z)yFdX@1!$(|M&j>$K8|zxIkPCy}VLN4Ys@`83s9tBa)0DMd39XVdgmp>egYFr*a7l
zY>eX=Mll^I8AOuNGstj^IGJK8$E@cliJSvS@JL;<{3OlrkbJ}u+z>v7|8eNSk4bzB
zG?8BlkRZkKN-XR--m9w*SDa?pIe;@dna~7&KD&a5WX$nKgtz6t3Vg>K{3mP6f6asO
zs4f06KiM>CmkkY2c%7&6?mOl@_1I17JoN_X+Ii~nN$NcPzs>>tj50!V2CrY8Ge@Yu
zUvbDCk3<-?RlSV<`ZXGli{}63`O8;t&b>)=&psB<|8CdscI)%sKi=Q}zmsy%bYrx<
zZCaQ~=2CdakrQ9qRqFn_u)JZ>91{aNg#K)6eL2BN0=G2J?3)y|&&h+={7($@Ma<FS
zge0DX?X|k{UkE2Y#tKx&c}Gnyfbw2SC0xW$ePy4zzp=l7?fZe_^!xn*Vq@nIAXK2d
z$z0ypXFgMHo6EoDFXow4C4^SKQ&-8GM+U+L091QvFRE!>zdJVz4!A?GGI<Ex)Bsm5
zoO0fcF$`%O(;G=vd5e5Z7-x!@rm}dPq6|$i#~CwsfHqtktVpCU3?*4{4nc$BIL>Fd
zFb%<i@)=&0>1-BNe25}CS8%WMk@FecrA4;ByxK#RjXIa8^_!1K^lOB>!W>XTYLT<o
zuPzxdEVzi{2nM%+)S;0rj#|If>aY8eK&|mEw0^zywep3GafVk(8nRo|W<xvsvh|0|
z#<CnWp5=9F-xE0<!Jv?<z;0q2IE9?yH9K9qY-!xe_^5uh^=+n?`Jd|~mr<xS<dj)}
zt;B25C93@buZuj6A)?{6z-c0uAu!D7q&ca=CIhp8`Wp{f{d`<gBcJQJBs7xZD@fI`
zx(6!)H9L>Xax`mr>1;0zpDn~o@zDbzwS^%o4^OT$WGYWm`R$gFsdwIQ%}<@Q5NQiR
zjz$Y=E=G`}5g2nwdJDFXpmxrdDGit7RdZH1)-TjrJ&n|sQD}w|`Z86`Mr>(s_|I$L
z^Gu#7la^)+&@Y7&`p=J#kM4(DZ8xD`X<rXrnKVmh((>T%a=8NU)o+rFinxv;&D^rp
zU!Iti+JMq)d6|WDZmFQf3=eUJlMow^yEo>O_+VM1hhhepoL=MEbYEK;_L&o?{RYaE
zS;6ET@;l-2En_#!-X&98=<SNH1ylRa{VgFkYYj9aw=4a>zV2TaO=BD^MN^pr?7`67
zE^4-Mun4sWHwOf2qcAfGl(j5t*HY>=A-@$4wXA`MDFQ#01aMmeSR6$6RQ@|JO!L0!
ztN~L~AHp=(iT1XQV8{0-4~Cvf*VkW)-o#ENxK;Fy{5NF#=$WL1#rQR%cVmy95OUcR
zZP9u7aHChCXU1=((c3bH0=@3Wqi5d)FyCNZoLzGZNGyO7`k(GLLalaJ>713u<p727
z^5XT5{YzlvW@oc;TOc8=_Aeh+E-r-fUbAk2gtU6Nd|0`-5XyVW%motC>f!QX<>Epp
zw={Y)64L6SK6*RE@P0D0;bg!}JF|;?leT&X3!?ih@*9rEEI>~Copy+uK<=KnS(n4i
zHuHIl*^W2Ct)(|!H)BofzMQ$=f4*0i<+X8|!SMYr8=<y{A<Ne1Bz(Rn)T==W{qHy8
zOy?@aAsOBRM&Y>Jt%sbMh>5=IGR)x`-@cIh@$a7%fBw=3l#Oy}hj9vhJ8GftInK*i
z`kpzN;`sI%Ao%yoH$TYWDV0H($-W6zaRX|%U)p%$rxiI6q67w5n6y(8;RtTVq6t!s
z>`=Ky;qNlBIhv#~e)c;E&iE@lefo~1PoD<xZ<<R=2@6sX#6(fNw>~P}n<K)<`9MZm
z&)+I&4`MoKPY~lcQ`Bi&jU9fCL2Uc7aak1qhtkyDMhxJx^B*UtNA>u>-qAk(cPFJe
z{?Cr~Lre$zRYUXMSK{(Y8FX`V<AqZkslY)gi^3^xS8BHp9p~H%2{KBSFhEe|MwFok
zMw;G?iBM)4o?>BMnACVG8bE2b3?&hr*uh5314oA$%IubjN^42A{$W~A#@c>Sp-Coa
ziBqAVq;ZB=C4^~kYd#g-_UGO!+b<QK2k)#+A{jzSllWG3R$`;D#DtIK?rZX2|L^~E
znVH+_{u$5=Ze(&_8&#Q&T8CQ7fJc;!aG{Q6oRxT7A%oXE4tB_iY}N#4N-S=T?jGsX
z%n^_Tx^RPTS>Qaa#GwQ#Vw|vw_EMZx$#{9Mz#`|V4r>v^AtPG?c%>p<pfB5fGaDAu
zm%)jGwtcl>A!Az9)Bf2@FtJ~VgKET3qz?>-5@yE{mdS)>!f;VhT!bdiKqXI;Q2tZc
z6-tPzU`aEvye~u1E|ULpsV(oe+3?~=U6#rJ-qC4I{-2(7_VM34Da9BE;2c16WT)f8
z6lFwAr(j+ceQqy+mklAGp{^2@fxN*6@u9_a1&n7T894wWl`N?m%4|csEa=fG?p7`C
zHLd`;wQ$IiK)T6!VyQrKKxvFoQexS%g;2`@(cR4lmJiGrejvj@ISRzf^0~gNVh&Zx
z*gko7upmc6NT04?(dQ?ItJ*>Z=gB5L&~jCi1%H&`<XSzUG%bS&pQ$+g)q)Zw6q=Zp
z<W~1)RQUr6%~cHVeD2WEzRgJ50lbBB@ZdGK2EACz)<b)3h>MR`g7?Aa|KjuCjL*sa
z{z1H3RV^%&|EI_G^WVqaeg5~|6qXZ?19*oShnHrg;nEsvr?>_{rmStu5iflgl3hd{
z!UHoaGMq#>o7XY`Vhk6T>EPdT6q^&w>J)Uj-Da-QMsbc;OjW-+BvvvcY5ygZ7rD}b
z440}AcwxkgK4uhH_hr_nn6=P?YBF>|L3z5H2cQnJFX^|CYRl+o4%mBE)~5<Z%k&*f
zQtb;EXWU*TN;P%i0%33SxCV{MZvWo@#j~^9moj*bp)1D844gHVs|{VDGUw2}NSd$5
zXO(d=Z7v&_<)o<ay@sHftc`=bWd1Lg|5onbwWNMomdO8Z=d^zRU$?u@|Gt}I%YWl3
zxuh{>Rk3d|!F*vaCZC?Gm8R^yt@@5u8L&Ek+e=SPb=O6;opPeV{C4Kd#xY{AXef6&
zSeYm;Pj~<-!9tNgZx;O~`LqJgLRw2XwFqY|(&wXGBw$&9ag$zHfN=Nz2ulmzczCh_
z3Wf46qF}y2a;#x)%+F;!Z8kF+NE7Ca)5(`g8Gu@NQvk}0dLXKarXO4O?aP|_UuUdd
z*9=&u|BwBXdj9{DlfC}mNtvhrL1$f`ZwF{*Si1IWY<01=u!UNKSb8i$UW0y)Kwkp<
z1IyHvEHZ<L4k-TW%(KpXYo)@Ks}JY`LVS%j+lEy5y_#^3ErcJjEZ6_#1wR`u|Ci|h
z&QY&d&;Qol-~Y6uV(b4h<9|)-mn^VU+m~%9X)-r90#G)RH;*>w+a*khiwzvAg^+1(
zIDl5?S+})<AYmyEJwpah{wmYRzxRLfP&Q)kJHJ%L%%UvAooC&ZXl5jEN;CeflG0P%
zr)1@@T%fv_31y>n*Cp`1=~iskm9lwJf17n8FDQKP*G8xGa#u6=et&#?RJ>c5X1IP;
z|EkbggI0&CX!{!92GCNWqCzoI)+!;^7^wWHWwvcR9O94%(0WU+!ZD8W7?&?;ie;Ej
z0IhQYWor$9ZMK^OZV}6^fDJ&xwl<4PPSwWrm&WXcG_mv5>U(<Y!zH9*F<_0uwP3KC
zhN_;<*J+}==+#huKRJIVlhX#cvm(G1_WYXUN%MP~?^lsHTEG+nN1bASOp#(8KndV`
z-&dOs^}7bFUB}`Ip8z5}b@lVFW6Dd|XZJD#3z4135<})SWyv}^t-OUN<M&uJ-<!YY
zt+KxkhWXNTL=$v%<9{A>&*wu|z2$!sw$p;`OXs@sjY?(kT+PHiGwz%j=ZnDmGvk(J
z;D$j}J8?8_l`~xdhq||CM@+i0Oxg&%&MqcuXIB$-Q?b0n?)>7X#2gvEHB+_;hS^5M
zyM>iyvvNW`hKan5soY>Ki&g_0shtRkO?AZ=EhHXhEwaA!*=#McUH|{`{U4R_degn1
z@0Q1Zob*mk>-nF%{yzR=C&k|XQHk1Xdp~OUR|@)6RW}H_mW;k(O!XR3oHi;=Dts;Y
z>wDUph3c=dy+0RvhPeT~-2ASZ<91O0{efO%*S&t4U|J8|*aWM}MfdU=8Q=5u8SoIL
zXh34Z2^PA^{%KMq6CKb{IPx2T{KjbHd!62viKGtMJT9dS3=crA&X&oA;&hC<k4&!u
zh^-RrFWaG)fwYLrk<jj*#pc8DkdmvoDq<ykrzWCMHu0?rstswP+W4kr(&m)uJRW7%
zmp(D(>^upx+mx>*f;J}4_q(Ld`hsTb_W$zrpT3*s9t*%F>%XJ!Nj?96=V*Wb$8L(f
z{?kdhYYRYgf#<TwzpC$|xWcot4zc`%3%1@@3MgO6r`PC^S<&YreKfX%xbERng`;eQ
zx#dq@mp0l_yhYM9`(wXIf(g)8AQ(!by5rHhGix4)*{*aIOF7r=zO{Yx$KW{eFw$Ox
z*GYswD%Zz$fSmF3&h8#92lM$HFq_ZZtUdS*Q)tU$zt+yj7s)6F;4hp}=79NoKBDoU
zWo7#hscWk@F$0&_e}1=D_y2c$r^kEyZx^M({sVnOd9xj;`CzFzSZnMar~8^Zer&RR
zGiBxZKcNZXbfbO1CG)@I_v+`ryQkg#{NG7wn*VRqP&dzi%?B%O2-X^0@t|=%9pr}R
zjO)$ZfB&$F0xO8VogSQ>#d^(c$2rosg7jlE?Y`{GzU<4s+`IgD00030|Nds|`vC9&
E02ccHW&i*H

literal 7586
zcmV;T9bMudiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDJa@#oa;QY;}=#zJElWa&)@>hnn*}81v-Ob%3<FYfewUwHR
zAQF-=rU(uJ%JC+?y4SeZ`#s68@I`_YMSWP7lZ^03Vv!)w-Dq?-8Vz)Yl5m1E7k}h9
zOHk~R)V;>T38h!vmlKq6?*>id@9tE5-}g_Bj^zKo@7MqD9i1G1*E{MTA07F}r@hnf
z{NBlN@8~=5@7C>VC1)IE-}!g$tB%}PQc#jmjyRzS3mkwDaTL?B7b4DM>=D`xamLAr
z;3xpiD~;76!qOPsxCxr#0M0Zw!RvGQm*S?zudebTc4s(ageC#}>95bB=k-oJ-}T`y
z(DV9z@#mi!KNTIZ6oohd^{`-JlDh1MaXfAOj<Nt^lH?y7-<s)AfvN8qkow-~Vu&&v
zW5lo~LCeHy{5mIYNT(@HaKhWaMk)E(fH&(oC{3-Op6~figjtx8l*?zI9e`Ijjp+^W
z35JFifm4_gPR591xO&Fm<<Dns-|zeGv*Y6<XF>%&6V6i>bh~51C;89|>C_ObYZ2bS
zc!h7SX%?}-aUq;x$Az+z<ASN?0>fdR5q{%L5lJ{A3C`q4c#23Y=#a<%OZOxCbN~!_
zucsu5d}lee8O^g0%U0JzqF{oa?+d#AIZqXRA9~Vmv9!tm8H#hv?ydlq$p6FR(>eKn
zdVI2%|GOv$2k;_}={1gu87hQ!NTQ56NWC%A{Pp=u@i>4^$2mBFmr65)h+_t0oZw9A
z5g5^|nBbvRN9q@x@i!<zW1NYf00(fEpka*V8<?tBKoX9}syR>gQ@mjln#U0gF`ziZ
zD7pcXFplCFM}WALa6*EGan86@RRCCa5Cy=q9Lp!g#O`z)0mAE%?A~qY9teYoFxkRW
zKv4t?$0J~5oZtvT<b@drlE4r#d~zgkpCT>={NM5<it+k=<Y`P%Br7wB5J&Jxb@LQ>
z%w&HkiR9l`_~tPnCNX9>%rJk8rdWU@=ul`#2duY&85@`3Y=$#ebR>rJ73PS<4A79~
zijZWA##ktaA%-*;B=#KnObnfPa86?q-URS^^p^7T3^SZ?{pwP7$O3r(ivy71lrq9;
zc2kJzCV>mU(YVlJ2bwoXGKMMU83`HSBuXhsxN~6a3cyps84PqAA4Z78IQo#`-*U|O
zhmht89~9qTPjG@~g8UpZ{3{N*pj<X1A%-x+YB*>Hc^V02NK?(!j&49;UhvZh#Y_-4
zr5O+4+0oIVV==T*t_A2HMLj{z^Ndb0pWvK{kBc8?A5}x9*%C$51j_kDeDLwcgLf0c
zfTo6je$5#NG(#koor^h$rqRg}pe&p?AU{19Uk24VVLB_Y@SpkeXED(7-QvMEud4$t
zO4FcENtV$JN3OK|vLOmxiI4t74ZrUldkTmQ7s^{zh=~|&^9x{#r?UM+{|zY~hG{N!
z_Ot**@<PLB{pQaO4&W_~FvMtxV<w52(g+X}(|#)OJ~)62JSwdsfliiSj+r!uX~?=c
z!<jqINrbxzjj+pbj6*S8UFYDy5sxnA6Pg9^=~lM*w-+xRK@$OJ&B_z<_WUO~^WR9|
z6)EHcjh}?GVOCX$XcKUbcsAjxM4Ka6SyfLTQBU*fxji2=6zZ9HbWrlO{`5sCXQ_}*
z9{g{?$T`CikdbN7E4bIwj0?{-=gv0~K!isqkL4i!Ko|!)0zqyN<|Suh267sUiH+fr
zK$B#c!T%{n5acrC<gue`$+eMS>l)-(afO&SP6f;F1)AfS4pA(qq81~s6i^p<Oc)oW
z>~y{aJF?CG<9M3JLUVWD{`l_f(&HcbMtv-?|NMU4{_Few{rZ15<sB8)5E+TZA>s|<
z115-ppb;0wNtP#p;{XVG7xEZfx3DsvfBFR8g<1o9Z_QJ<y@fI6Vx}-~W9XnX6*UcS
zL1(^8Pqf(q4{mRt>P7Wj<8XWXMa-YCy{tC>KTL3(;*5Db-C!xWWd8S0{QCUw_5A((
z-%0uOsrv+GWEud&97ZI@{3gZEr-Cfu1PAb>dwc7MTF%+WR4zR9(n6?J@pmY_#E!1#
z3hhghwt4NA6@^9wPx+bUtoD9ZJ_k|r#~IEt5@Gl(R&GfMCx`M+GQG@4Bk~bCZrK=4
zBKfxh^`$W7F`%N4Q69%P@LP^z>B|I^rV<Iy`4?8L%lcgOArN9P#39NV21cjYHV!1}
zBZA|I0m`s4sBk2$3Sp8z8Y(~AtGAb;u2{UV6o-#jqmY2JN~J%@4uj{blgoTbMv!3r
zeN}dv8fiunK7!64nfpi9sZ~-Ru0;EoHMQAUrwKiLb3+OLP>uyGR@fvoCiyC~R8>20
zd+VSy4PbSx<4kZyxLE(dr%we{F7-O`_SVr_sq$KDr2>V58UIC+h+Y>y3AiS4EIkQk
zM5SFSt#|2|mc}Z33XZ5V#4)|r&n<gYu-i4wu40NJ2BGnZuyBH-JT~k|8Md38=Ro<=
zmCF;WaWyP1Tw!6R+OG4C10cPEf&NxJz@rfkc>tZa^iuaP9;>ypSlx8a#Kh~=2e%On
zrq@IYhU&7ablop(N!i*TG-W?z+S=~elfq0IWubeG=6M4<cRTBSS(z1`R#tyN`M;X}
zN70lpu@=<?Ri3$39mC7^|4xqT`v1s3?eF#fE{g4DXddOOXL9n*dPB@n&$%K=6u{3Y
zCK2K!8S54COPY+xI4`|rC_)?s^*LwzgFVX`T&(MFZykWzrX*B6rvey~{E9>FhR7Xd
zbSg!A<I<zMOy-yRR>=K|OVpC%Q1}Mlktt>zP1699JdTU)s5SeU734ED+^|AG{Z#Fr
z#RMl@5x5{|LODEIm8y>w61G=bP^|H5U8APS#K)GSN0dzvw?5T-w~I#3coq?#1kly=
z!mftF0T>|?=NT@%lH-JCc*F7V7D3^$S?B;{d91u=E})eBBcpk$8PiqnecN4EyqWdn
zAB7LOc=7V$?8Un?{o|+eSLR2}+vysLvwNKXtI2<Dx@0uQ8*B$Im;Wa<`QP_@$9ws|
zi=xGeSlAWf#CTl`=`r_a&L8_&nl!dD$%ZJD^=L-^Q_&=r=uwr5uf)7p`sJl!xC<I%
zOPPQ+|K<E9Nf_r*yXo)2XCO(06Anj(3>3>JC3vir)a|WXJ~7~Yh76~%5Cxq-ccAm3
zquSU=<jZXiSIi(si<6o#apfKjPPmZ7CAplMTyTNYE1YC_M({Or<YwkjzmZxBH#b}#
zhWU0`J``FNg&}6FwSCv!4|U5>>sjJv7)3ZMhdZIkg(mq=7e8p4c6IG4rN@}>W`VG_
z{2!7eBFT6iHL%S8*YEo^`G0tLxR?JsDfcpu|E7548=20U`CTCp9Wezi@JR2_N+H`q
zI0s-}$QdwXds^s9`Jk#^R(3Qu1ln26$ljXvzrDRbt?+GeQ)vfiNxDsz+T132cs^7s
z&4-qUzqhiQ{*Pq*@DwK-9S2yV|4&a(4(t1WCrAEX|L>wy{C{c6x-;YAdsU2iMe@%1
z<`@n`I!!$j$?c&yoglC3x=(2oK$a(*OmWx5=X}Ltd_}p&QY?eHM870Ntm1bw4^?w!
z<3q<=As$YCP}I?`uyyyapr~m=xXMA4?bQeJu7fG#^EMvPXQk6`8-og9XfNBN<=F!D
zWSf?cYSG<H2a6^vF^~W#8(Tx-g6qoRz-~+!$BB!gD8r0BmxmHOKd^Yp04hUGErN<h
z@|5umqv`Vr=V{RG_WGx?fnHMsC8oNmZl$f5jyYvK!ddpb2&*<PXU}_n@j%6qR;jXZ
zmrhWm6&Tr?S4NiJ-nIj;>T@)<i6I}JTOqBT71}66U}fl$X-iP2GFSzxsaU`j#>Pk>
zvlCD{1d2{F%4taB0N%YkFP>ZO8$n(AZ#0ct&?u^xbFSyxaAX)oB*BcGXLN`ItA8G*
zmo&V>+<s^xh8KfP62b|JU*Q<tT;h->5ewkh#tUbJM#U?OYhp6PI|W5=C%l_vm`!LL
zRiK%J^w77&h_ywssTA1CY-yewwXl&F#c8qHck9fN))^7f=@ccAJtw+lfWIp963z^r
z7|7>VS5{!H4PI?qvH74%T>$D@6<b#xbg?^J-qhTf&w*1@B-P2jpzeH#a}9dqRTR?y
z`FgUu*1L>MXls29#j=nbwMT2n$pu4R7n5qQcBzzHP0?4jQx|Ld$5pcJPS!V2bVlQR
zir<LEd4;g51A8aCY<wzepQ}ApK25t<&zM`KXIJhyCS&=f4VTakKPK^wb&Lv@DWUsT
zIdd#<Ut<2Q3TbD6){d1}R(NBKm9W2)c>}yAqU=VMx28VOl^RVZ{T%;R&Q>gdvl5bK
zgL<+EQaeJf5m38A0q02zoK5FTHqz~Cx)w9FZJw&bdNx04CH{s+IDn(R%?b9&zC}SD
z*4e<@+iKMOYW^R>SdOzzPXaIT{~VwA{rdTj)04gbXD4Od_$*g4v<yrZuXRk;&p3nN
zxma_@ghR*cEN@Vs!L=GBBcK^P@?N484M|Km!OVMc{@TRVc>hEUI`vSnS+DaL9!d2+
z=I|)SNgXopgZ~)($M6XM29HR>8{hXH!=o`?@V+O$e+;z<hj~aG%f8wa8yRJ{6_orX
zDD_TO!AV8^Z2>XqN$T$gv)(G0DS$RZ%`{X5N6N;wH*PUsAG-xGIaQ<o04_1-BpHJg
z?c5xO2gHhlldEyLQj>Z!s+{KE$Ua?FF|Xt7jS?oGt4NORMj~#tJx}j!doc}B>;Nb=
zulFL&KI3coP(Ij*ki>kyzNO;2?p`<Sb;DjaeAT)^3y^O^Efmsh9gV<nJi3%O#>lH4
zDyNqo_z?4I>p#5;-f#i9EdI|wJeoiMyFdT4lTy28q!Rk`ZA{rU=W5}ob{G4b)4IFY
z%#Q}w^}Iiqqil@%a<_LiB4C5<|C<yC(9v;Xug^R6!&nX56!jp!Z<8g8-H!4&(N<W*
z_U13-5$lqiwRvQITj73~WFL$7dns$_f26$N>zV;e^uK>J7ysWsI^N&^v6Ip!>`mzJ
zHzD&^l<^Ne9=k4U&HpJ)2&ZfB11&rM>Gyl}`G4&1&;RVCY!(MuzqE4x_@`zSl8n8O
zW|%U0*>YXNyiv8j4GH6FoY%A_&6TFbsc(Jey&4*#%t?9O<b4DS?~T6SX=#)H-UP=}
zA}?0BQy<IhzvJHg{onihA9qs@;2d!=^zuq6HQ4f&WEkcojz}_w6opr4jG5;gs9T3w
zp2{UKunCT17{_#|WDrTlPa(rG;$()U9J8LIBytWQ!DDsF@}o4vBk~bPa839G{>Nhv
zeoW#Upo#oafCMR)S7Kq$@m^hixa2g$&H=on(<x2h=a-idk&HRsnDDOrSAp+%!~bMm
z`LB5}8F$4$<|msa-Ljz}3a|21-hIcMCmy>_ohRN9T{%xYK24n`|JONypHW6=&fxW{
zGv)~O_bU#$<B<rXuBw;OU%y7<v2FfeoV|GU=FFQ$ckH8m{`dQSzh9sK{^9=q|DBYB
zrW>Q>ZPUU`GMB<Tj-2??u2T2ch2;&4=9n1J5e(*A8^{Sx61bsxX5XZ!eNG;{=6_<K
zFJg|`laY85w%6*)e<7Us1S?P-=N&b<0LptQm2eS1^_6|<{>DKI+YbWA84LzP#3s%k
zK&U`@lexUH&wQrZHkW_PU(7RUN(ildr>>GWj|_w@091SFw$-$*-(8pm2iy@@nLGq;
zYJe*jPC4%;7)CUX>9r)QyhT1Hj59?{Q&~JtQHG|N<BXX*KpU<NRwU9FhLWr}hoC`m
z9OpBfn}(pJe1=zLI-9nN_fbUW3hs42az2B*w8++%SG%vWQRfo1LGuxbL5*;im;-7^
zE%Ng9s|yAU3oha~g5eDyb!cRZqc-St2J3z#P;0ykZBTE0t$ZO9oZ(fHhU^x#`OwaR
zZ2dm7u`EZ8XL+64cSKG{Fev0Iu$$NhP9bM_%}&=YTN<}AK59^HeVgfJ{^vT$WfW=+
zIb~X~m3XyXqB<z>I?v-6A{t%^oTg$K0;7yho0BSRGB7RF-+0LC=i{0h`CQK>p^+3{
zL8^|`-CGf;*?C-+qglgCXM1V*tQ9ZCNB4x(7KW@mJh{%0sXR&Lw_8G{-ua-jICWAh
z(iVaojazEABgoMhj5#E|1=~kZJ7>$3hRgA)IjbA%7iz7ZMrz9_G(!mknW|<ZwzN0=
z7d7yCE>Dz6OS1*&mqH1HXGceecSEkWn=q)fuZONonx!*odGL3+T!HuMH%Z1tT*ruJ
zZrSQDkIYJKNa>Zl%tAW1RM29EM>xYth>geHoA7CTu&mL?Vg{I;UX%HBUt1aWxf7^^
z2FjFK!Q>tCJK^yyV>i#<B~x4I?TW7jQ~S^SEg?5=4KyOREB(K|?q3&8V;n3+Q<($o
z-q74GYPNCEhT6TG0|K>in3)91T9$QdDfOC=-wKCX*1-J~fuBkOxUB&!4x)Q1|D6}6
z`M`A6fT^huVVdhid)r2^=lj!pLr<ma8!Sa{YNrz1Dtd?h8?t@$Oj5#P{2I}_wntA0
zxon2E=sdi?(JRn1<G0f2Z5cy>UVr1!vu^@eY_PUx*W3aUEl|SX)9ps6)$S@?u+q2~
zq7Yu3zuvKb35?wAZ8mN#64Gk_;(p~~E0lMdbuALo>fz#k<zg$8caoVc64L77;(p~~
zE0kLry*UYK^-v$Z9b$Mlnb~kMV6L6{MZQT}y@LhOT^9KbM`K!$(|)HN;wF&0BW~8^
zF!RlP-eR`nO>pbzjn~as)4DHb;rE~Klx2BsoaQim|I0?GwJ~Jb`htYdcZ7O1C}HsZ
zMx5zfrZ^;{8^9=>l)LqiGZQf}a9xHuT;ZGNazFn4)8fxx27t10F6}T*VPHos3_Qnq
z5li1QCo>%1JOu>*e(~l989b#j2s7C?!76S*?e<F>PyDnZ2SSv<5DSxbMj{-+^+Ys5
zs*xQkw<!EwCN@XYG{#SV2f-PCg(pwmk@U%v0RByLNhx7L3WAs@iucw>rF(Ns_#_|7
zNbAL01>IpxhutY+9A}C;U8}LjUt<v4zHD6D;{Q;Zy4#2WTz3BB`1G(I|98^g$N%o6
zG{^th(SC^OV83c;-up^iUMYjFudlsuh9ea?C}mMN!`({l?qkO}vqFN5k|hifl(`XQ
z=z)=@*ApU?S%zm=m=`8Bo{9!gnk_>~M5lJJ5%a*&VTLlhWunqrQmucO)|0WeUsPz4
z30mS*C@5*1Ayx@t8s3;sMYn^6_sR}Rh3COLYm-QZP|_s6QJt08C@eAI6S@1E{MY~c
z|6FF~wz_``G=poI+}B1`W~0`jmNMWGC1YHuV;N^99#_cVHIIWGaw3~G!I=_^8>73&
zIyG|yB!NC$qZ<}DPbzUJfr=O>tfIXXXH_y@-YKxid7{Hw#Bj*SmH=L<h!+^hcHhj0
z#SCO{qM+?SZCJ>d7WH)S@&%aKFT_DLVkj~IhC>On;|R-SN;6@&s3<N%lc%7Pr%5RP
zDeMX*L{+e)nONSJp=jIWzg%j|yKOeS_)(W-^8e)Uv?l*gkNti8_fASN#sN47&>Y$6
zxG+N*5z{GHR7IcL3*bdV$Y-dlL}egvut9uiaa{r98A-+tz*r?qs)jP#&@Kylbc(xG
zi+hbLKyED@vLujha*<dnkQ`DPW0aIwc5ETkaX@r;{ek5}Gln0?C{T_9@v?lb@2Xfp
zl`^(Zo*gX6(Gb$7D_HdTiQ%fYP{Db!Ne{GK)nvgRWjMK3Pbf{xAi}3APJgwaL<xl^
zrX{)6y%|;hfI@Q>!@HO}bhK|Xl6C-Zp&UGT&8<N%*0S}`UK`@#<CWmO_xay`{+say
zx!*sCcdM#}W%B>@sDA$YsK3wuzMH~w!f^oaFyrvTj5J(WL+upT0LYZJjXC0_??SSR
zs6%*QW<`dR2xp6020)DA;xZllTaIFLf?1t{F1OpvHQFf7@rtSHSBJz(h9vF3gz_R+
zI*`#)H3H9#c+tm<0_(oa`V_MkT2M`fE+{BZck=+$LG~s67E)~)9nArI&&v8#p=g=D
zV@axg0ppz8t3;`$E?gk&Z64R4G1=|k`@eX0cKcEWuQ7DRIGKU7#&WfxD^%tJx)(|F
z_4uqZE~d?81GAhI6~5OHG?TS)keAH=<?`Rk{kxXbFUu17-|wB)@Bi!f_xay<Q*8Nf
zJS7)2#;hv#Ehbnj?8W5MbG6cxy|-20(JBL07jJv%sj2R|sJ2s1G+5lug4sAh>=g~=
zP6sO!#pMYPKqXix^5@N?-z1+_z*$IZDW}?S)*^i|%0&W}7L1$pLJPwEyCW<uc;n&8
zhA0%uyNH7M0?Dz4xv@Bx@vPa*Xdq3PGft;pDrEp_;Y|T3GwPnGCYpX|*|#ri>VKWF
zdR;SMnf^cWkL&sWkB|2He<x*;{s*0PeX$*&nPKVLud&s3ZD9+w2C?)|g1iR(0)f5+
z_<NSAD_LX)5gkzc)tP6##nwuND_0-T7D9ZDHrs|&_`RBN4=scruq@aA<pn<*F8`P4
z|K8!rNj?8te}Dhej*6}S%Z&dutzWXhQf*(hp`^*e*a$$`Sl&F^oNt#fAucv>s1`z|
zx#0jhy{G-o3W9{CIP?q|Jo&3kBmdt2#Y5Scz3=@}6*FyFhI>!@E78nI;FM<kX(gqn
zx=+c<VcDX(mkDK~bk`;Do#|F=)|Ilkt-sAWkrx!c_iLk5dbz8ad%r(AIxOC`rWvkZ
z)xRoq)}Ym)D%!rnHvx21sHjj(lyypoH3lj_YME^tk48A;0d(Hd%W#6DJjUfqnqnE|
z6F}!oK-pOXV4Lk0fLp|JD_{eVu&vGFl2f%Y{iQK`Ax-Rjwfdgk`fv%USPWR>aJ39p
z(@@pZ`8rK>7rh$F?<eQ)WOCX7_f`bB!k%A~JZXM!^ZhCkM+=xj;HXpV4=GZt11JG}
z@B3=gp?=qZwd+`1;S)fFXRdz!bxe5)`}|&JU?H*-Sz^e%rYu=Ur<J$xWc&_`<~#G(
zqE+_S!7yK%j%b3eZu~ET?%87Ks<-@a!ggA)ed%0RzEP<Ro~fC*XU3f~<6;qbcV^tO
z4BRlNYA24yt#YO-;86GW?1)J>mPs3d*W1NJ?d@u!ZYq|S*qvYelvp6cw`R&V!7$&5
zc-LB4HY+F8Lzu|hn92>-vS>B1k=lun*i=`1(L&;W)*|ampUu`H+x7o1-~Uk=uQ%QM
z`EGgq$MMPW>0JKj(|!EMPKv$%qY|~(_I}jxuN3sDs%{W;Eg5~onCdm6IBis#RQOu(
z*Y~tH3)Np^dw(JH408i|x%pi+$L*m0y92$(u6zA7!K@y-u?bd{i|*w$GQQ{QGvFag
z(U8Q16D)L-{nMmKCOV*@aO5`v`Hj)Y_j)H=CXza2^RSdMFx&&VdRrzJiqi?|KQO%t
zAht@dzifwI2GSxfM?$-M7F!I*eM+w4s)&{FotcP2*~GUhs5YdDYU7)hNt;uq_i&V1
zU;4zDv$G`3Zc@IM2-=uD-|vz->kFE#+yBegfBJ5kJ1hW~tp5)C$MyXGy~F+eAG;~`
z`cEh2t}Ot~1)j?y|Ej)=;tJ2oI>ho5wrstx6i~jBPp{D-v!c&M`e<wiaoxkE3P;%(
zbIYH+E^V}<c#EWI_Q!sa1QVdGKroa<b;qN1XVxMPvt8*bmU5xneQW#X55aNbVWhnX
zuagLWRIZQh06FL9o!>oL4(783U^bt*S$pssrqGtheyyF4FOpFVz+X6{ECBQOd_?13
z%gXj2QrA{*Vg@d;|NQ<*-T&V|IraDU-!4jn{RjGn@@6|w^TAScu-4cePWLr+{Lp0k
zX3EO*e@YX==|=m2OXh#iKdGPp?w|Je^M5C$Y5u=aL)|?8H6N_BAy{j0#e>H6bdVdK
zGp;vt_x-~r3alXdc6xAj9_ux?9T!O73epeFwEMCz`?4?la_92j0RRC1|LuZ;dI0bM
E0G>h)kN^Mx

diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.1+up1.0.1.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.1+up1.0.1.tgz
index 31c13b00f00e0ef8c2bcf4d12a92bb03e00dacab..a5c8d7b28cb27bfa5ab38d5b1ee4416cbf584f01 100644
GIT binary patch
literal 7738
zcmV-A9>w7wiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKD3a@)9;VE^V*oRw#G5>H5d*p}0*$<*d1nVIa~<htzKzI7|r
z6+t8<p-mBN0F>jKcxzu{UvHme3tuEiQJ<FOBrSAR+9E;Vd;sSh930><ltvTGeEeBp
zmZHQbnSX<a6H2e!uO^6z;1*4jpYByUold8JdaC~4>2&J<@1FHfe(Ii{o_G8GPQQQh
zQ>WWM>z@Avo%?mWUdg#Y?5EDX`>G@NofMR&R3JfU%0mwzLINdp97ITn1P6q+Bg_OD
z5gdnL#!6$gnD8t?w|<JIID|K5G{M^o_?sS0jbB~oL+sBm<AkOm{L8<;fNs$32OYly
z{|4Ql*OPz#OXH`qBc7oMhoB!8LzrYfzvTi?8^5DGgoLE|=f<~oI#gil1s0@UaK0EK
zh7*i9HY8Xwu^PY5i67BvMpK-MExyjUU>HqHz`H>w=z1t4zt|@;`7?8Vsv0ro5hIyU
z&tBs!p|>C=7#ey8L19V+86$z=`Z<SJzr68#onFU(es*^1O{m0sB1Fc+c6&_3Bp(J5
zom!%{9R^ukuJP>+WibyuAEFudd?+h<KG<qLa2(}~h+9t%nF0qpNW3W`sX!#fOf`k4
zh$NDVdGbF@?-CLZz%u7%O47LFt>zV{Ig7Arbu-jTPINkw(*K%gn&OW=<tt^G{GXvD
z$Nc^ZV1@iY>36$z`G0=aJ;?ukl%pefnI!ZE$HmN(LOUWc;~vs)tTcan@k%}pq1Ez^
zj^LHn3=tBT!x*QSDLn!s%8H2_IdznN!A!hEDH>xYe*zrAn-mQbtlq#>zXFm9Jl4$x
zs-NNwpU^ysVTb`G45RoKNXi9D5*z~(N^(ib6eT$qN>u@1)j=GBU^!M#imBOZc@l)T
zBh|g%&^-_iG2yC(XMo}uI8H{u$vDL^L@0=u0FuHGaoj(ZxKEK#BKl8x8Yg)3KJqM~
zC{~p@#7H1`qPuwpBH^k(l*a1sYkd0@5LXy;95F23qbZi)NIDc6(gWvhXnEsv%x0MR
zvLngP*H|Eua6m(vYeJGK8e=K+hZwS4k~r|xGs!yn;DRP3x((s&=sgt|40D_c^Xf`<
z$V2$}s|UbvMmZ6b-4?>ONn`>DG%hsLkr^8#9m5n0Mj{S4jWbG8;T>7K0`Qaw4g=H1
zrx79vjz2N{dycvI6wy2tgW~&}2~P1$l3xJBzu`zo%CQ-VFhmS%c2EX+7E2{ZGc%|?
z(}2Xh7*8XVa7o;ZG7-Y_)6)~r8PHZ~7NCEY^&~kj7@cA<!8w;77eC&7)(zQaOB8Jr
zC>Im?!ROlmK1>J)n%VL5Th0Zb86t`5T+Tr>jr*s7STylKeR?6k46Ad(c2;1~dEQY!
z3r4GVi<xa-R~ar#6Vs=JG0Jf4E6a}!QRFLp%qN=to!~6cKrmdWUtJ*~lH2wdz!Xna
z`zM`uq<9!*xzf7R0uVJ88b0eae|B^P?`e!7K|`EyMa+!GfViCYQ;GM{5nSR?Y3)dK
zSc(Pa${3~*Z|58{f1HyTw^JHppW_5al3i`@=*W|guGACCLilp0TKv<?SDvJa1hi(k
zNqKwmS2gqBDd06J)B}T`g0o>(Rfy;kaE^E`;i^QNBUoA0Odna#jMEEuJ{TzUGx_MK
z9M|U4myw#KQaT0jKjlEqIgWvhY=c2DdIK|X;e{Ew^G$>h;}Oae#iTzIE`W|ek{hIf
zD7c(~f+lieV|XIbBn)%-Uj+w2EkpWGJyT1qjpVSdL5}sPkn_f?VEMB|bDYp2O3a!{
zBxWk<g~@9T;3XatE+ko7t;ezom)U;;PqRd7?)Lk?e0Xyeh|glHK33R&o!<Fb)&A>s
zdcDrU{@X|SK&3TAMsm@IM1%N%3F07WB&2b|@-*~304eVxk$~?PR>q4jUm&>DYvAC$
zeF}GXFvdd86b^m@EtF-lrX5?*n(s1@ZMGnQySry*Q9ai<+}%CeocWQ;dh`F&1Sc70
zJP_FyOTiWMzt``b*5-e=+dZuR_ENrlX&=LkOhe#Uz=$MR+-CU2RFWl{;1G`6cXytw
z<-PfwsfCAGT1d4j|BjTG*faHfseMVhY+n0iMX3cL(0*n$tAk&(&q3Dw%M3F{Vhms9
z$}Nqcf1>^*)2n<mBA=n<myO{xR)1?yUrAFQ11kC$<w<f2zvn1XzDz(_rjQ7{zhT|F
zsxM?85+M#l9HE?J;B<;z<3OQ4A~=aTAcnO;g=1w^NR#}@Q2WnbzrT`o<>G~BIC{Ds
zg(RF+D*cn{FnqB-x$Ku@1SvM(S7oQIkuj2r5w!l9`~S>awMzQKwP>I4rZ!ufG-22`
z$4dB5?O4Eag-s%BlCMKcU9|;wcOJ^J5Z2c^-UKru<oXA`d?~1MW!8yzcb?HomDffq
z6(|&g@oyxJ=}qC2fE$t|%9CI@s_ar_y(`DGGFJIB@MN7KPUww!?%1PpxZO~8olq2W
zh^$Y9M-v?9i5-rVW4Foq5vX4JYI))`uG!+lHI}BS>pE|F0Lm*Ens4O;JR0FhgwT3V
zuT1~)v0gjN)lKV-oOrD|a~r|nW=*7Fs4lBY*Zsnlw0-@_Q1%lu7Iw>>6n4^R3*9==
z8!hvOQQdBB)j(yAw3ZM2eaip!^goKHgv+(4A*lAut?L+Gwg1;Yt=s>no%8-d|L>!?
zZiZ$qUq4rqZ`K`Rfx6x`N#hWHK?#YGAnDkwh+olkM8<jPEkiL9D6G#p*B=}>&fsEQ
ze|P5r)HWrd;yIPTkn}ek2|q&qh|#GM?Tt&1_9~fQ>RT!ID=tw-jzi%a{6MCd3pC9_
zNb@8qHk3B(XI7BU*6^bW0nJmrFP0FT3QgdGpeYsbWL>I0)kwHrX-TohuT71bCR4tP
z($OQ!Hi$c)n!VdaoU@)qBqkxW4ZW~$VDJD&h$K0~g;#Q%QiiwWN3aNrfX^ZifaQty
zp80?>@}G?6nHiYAcJI6Hy5h~OtNti_$i<6Smv3Hvcw>J2_2RYtQS)~Cmg4*Y=l^>0
z-<U3pCU}eOz}51<Uz7j6PVcb(+e<OxL@w+Kabmr$h4h$vGv|+estgxbnXn;>R6WYb
zKPsBU5k0z6@s*tSTED!~1MZS0*ij~6%zrh%Ng5@2yxjB;;46?c#;JhQLI%p^lNLPA
zO6u;;FP~U&z5>HpB1J*#Ut7@n)Y5HiCGyoahc9Q4XT(WOnD}as2B$(w;*wlmO)mH#
z=rv9mo)LV*J++xRG;fra!p#lW*)ZQO&xca0qA0?gFKyrV53F9oYBNiGhEa@J$?lY<
zmxknjz5KJGY1`DUQhJPqyCitH`M<IJACfdC>39=0u*(0}>vd}K|K#NKApiGL9%LT>
zNso~qWICI{?@NK`$tiG&M`njs3E3rt^8n_BoCQO*XN0bj54!4AWk+*MpuP2s?44=<
zySs<e3P09pD(wIxNq0G<wzo+he;n$S=3~plKU!H&|HmpWc#6}ljsvXF|L5oR`2Sv4
zRzK+fJ(P<7FUxp)W?g)*3!Yab@0@Rr<0zujEU*#U0ZOt73aYOAjK(3bJQZY$+crMu
zI~L<>$~B&070f03B@yBkznguio3k4qCf*8(X!2)G9pehybPo%Pnl^;1WTI-X&dB>R
zQ^n_P&Cuti({C3{1+cVN?a}gdfPS(|%SX59Z>NK0la&}q0K~=)OMLKs#SZKzgbSSd
zD2^HC{6!~F|Ao$&vVf{kQ-`3k5qn1D#YBiKY`43;bJak%seuwx(^R|CRzk;uauH+3
zUKC-~_T}tFw^KaOaimqMEZn7&6j=(4YAq-uOYiQM1F!1~G<J!h9$q*ht*tfMC_`XX
z=#gzpQm4YKVyNj@z%_VdC6L_-C>;VtCyWXj(IkWquP%z`j{8PZm;N11lO<>r)yp~8
z?YM9-jAD{v&Mz1p;?U_|MA;RMuCZ_*+KA!BV3U*xf|A!bLAO^pqG`-SICJsBjL^7v
z<&2ty%<x`8G200rCJgflP2vhPbC8~N95Lc-k!&jkb~0O<=SD4T<YjRJtoGd|b7bj^
zi0E{R(%797?J~e$mw5?iStl9!!s*HhtaZVwZ7Vh(RH+L<Q>$X@s)H_WhpU^K<M|vo
zHAPaL><jA7hd9@uw_Zgl{a<V*yKB9xScGM*Z=hHflB4!$139^X<#jQs_i9&4$@LU{
zWjl4TwtreB+x}#I14U;v$*1_8T%1=3t2=OavdhM&vi61EQx(&!ef^yKReHA7o?|*z
zU%GHf?eLd0xpj_F!73&6&?;wc2t1USzpp~t8=$pgC5{!|7-J>v?{wY(uZbwPQSGg%
zGrCfv$)ukfzm>BU3*fATq`9E>7eVSq$Tb4$Rw&@?FM+e^e92b2T~F6yrY@VO`mmlm
zo{SQIM`IkqY0n)A?#aGIK^@N7z<PMudj226d5+n(CxKV^f6n@yUj6*XdH>-5*-P0p
zKFe1FS_LM{*Cr<G7tA1hA=lgq5zq=+s~a?DaGeIp2q=Rm!7G%ZAxVfJm<KN}-rBgD
z;J*-uRy`DK)@?n7CrZ7K1w2V`T8Aw7)OiY>r|<;-4o^rb8sB%H!jmyx@V+a*e+sn-
zhj~am$G+MY8x>`@6O=kDQ0n&A!AVE`?Eo?5N$Twfv+g>WX@Isv%{Ej7N2<nl$G1dm
zj@<&7ysFWE1XoxHl8!-%c3}_01LDQO$@NCLR+DBks+{IO$Ua?FF>m7RjZ?0k>qw5>
zMk4OCy};~j2MLW(;sIziZ}uYXKI2>UP(9d+ki>q!xuxR!{y{e!bi+Y6eAl|c2#_B`
zEfmsh6OF)eGP+VX#;B_vDyNqo`4IDZ>p!y!-f{uBD*mr?GJpQJb2$IAmr}cCq!Rk`
zV@%l%=W5}o_80q`v%0(2&W{Gy^}Ih<AU4KgwcEQI5wOMf|80gtXqh;%w->GYVXTI2
zih2;=k2xfY-H!4&(N2bl>&;&{Mx0A>HXbAM+X@deNDi@hf0VM3{zuvizNs0oLjQM8
z=i>i+r~SkIKYJ<5guM;@{UK!jnlk>e`LXY^(fps%lnA=<KG3T3pPgQ}KL5`S_y6pt
zY!?SvzqE4x_@@~vBpnA4WtehxU2<K*ywkOQ3<={KoHw*4?Ukm*sc&=Uy&4*#%}I6L
z<U<4tAB?^~Xjvxzg9%QiL|v?KuRd1Ue`npZx%<Bl_do8Z9Ki(=lJ)9JDa~wkOEL^|
zlEfq(Lx!SjG{!vej`Xd=JkQh;82AJy35*ju)G~;q<7dEdf&`giCC8lSD2=@%Nby)-
zviu}tctk$q7;cD|z<+xhz+ckj7HF!zlpsNd)s<K{@PgM@pRNRD*gJw(bULLe{POAw
zV#2r=jEQKge>M1CF#HE=tAFi-$+#{5u|N4NZI=xVQFNVW>h3%49S8g-^Nxcdy7rC(
zG0nW=|Lq;YFNhJEb9npu4fmw_`wd6J3rLJnTi0Xsx9`z-TsHqN-@JVN?oBX_@7c%l
z`QPiE)$f1m_B&^X_@BL$qoy09)os(#OtP24d!Cy3%C6G)*G1(Gi}sip&=CygTN|he
zPExp~IdgAPG(M*Q-U=Wb%uUQO&=kt^Ms^E|L&gYYQb=`!Ubm8pq>_dt@Vw*W_f+8U
z_!u0h374QU93g>Yb=ls0C%S2A3+Jg3ayZtP-%3HK1eHoS0v{H2|IA#iuI_;RICzcI
zTVv~%5#@YPUbUrSh#5^1%zk~c<Ti1JN0{L>!fky&hdMWus(=4cUeD&2t?~9zjMH1Q
zax2-wpGpF&i#rYd6}#W+ED91$`A%`)^FC0UUZK3|Q<FjdG`Aq?D=`O4B*`H3yun~F
zM111?6G*E<T@J4<LA0Ogwk-wJFCN(3EreFS)3@{6M;5{*091QvFRSU?XuL475cnf-
zlA}o6^qi^O;pKgpU>MOPp*M=GYFH$M3$BT2E6c|jVrYs5X53z@+He!ICXu;=m9XMy
zhXKX&ysvO!8-gX}E4(hV{w%Bb5Jh&b;ojsU?<@E#i)wv!wTCKOb*@kwG@m*d)ChNl
z1)zp(EwA3bzU08M97R%M4Q~PIb2vNX+Mv}MZ2FNzt?_!fLA~{jQm{-g!|UW>*)MAI
z(Xs>8`a>qTS&f=td7aw#M9wHnja&tGt40NdoZ}5U-MH+CZ)M2YpxXK_Gxq%VP4e|<
z)Ed(CEWuXcwZ?_CgRgLrCkezfx|TRi<;o65j82<#Q*6te1yF9yvigz3rbfQj({mUk
z<yVmDlZp>kBx-JIoYiR7@G=Q>8a`W!mmWtCgwzgLR-Q-Qgk?JQRQc_Wkg0b*Xf4i0
zwG?RwL4n3gYA#1mpfOl;NI773kD&2)mzf_|<5lzjH`XuIT0Jw@j!|fa5(X;!&sM|I
zjiFf7z}LCdTQ<|r4xnENB@CXQo}Szfx!MNJpwhl!U73f>Bqs~tKh$ysKI-2j9T%Z8
zBg*`;)pD&mr1V<d52E~qIu5j4tXg;`VwxPSYV@g`0X9wAWIlu1PS`$osCUpnnKIFu
z@)Yc4jPDq``Qcp-Y6rc2jcYlmJI^~iLT=s~Xhd#b`hRoXzbTs5I9Q3MHV62Fp}AYs
zT;pIFY7cG>NYus=vpK1aENj=Y6gDBhlM(7z0}oRqembw>t{7OH?GJQH!63@=f$gjT
zQ(GUREH}9eca31T)0sXPdO8E*U?qA}H#_4_(L3q9BfCe>=6Njm*NEPY%RMRN*bME^
zdH8VLE6}t2TZ?-;#!#Zy+nRgs<qC@p*5wIHcYwqaC}HsBZY$Jk*S{`UX<QCb1TQb%
z?%BTtR&I8;<J%Gm>9l|OuyS!Jl=qr-OC+Sz!{x)u#idZ*OJ**SkWLSm4=Wd!Lb)UE
z%}Ge7hdTH6h~fQYX2W5Nxpw9k`8E^y9u`FRS>!jIHd=z5@jLAiH;LRmadYn5nQ!Ln
z4iiXkgImjNylyu%ohyhIe*g7eiK{opX%54Wzix%vvH@APz95J8J)vF?N*MgS)yVX&
zG8~c7EnpN)%H4X%xs8|@_&&!1uJP>)wIBcSS@Gwu13+w?D?3b37`RajgTV7%Cd&6L
z$P6d9&j7*SU%vaZibvB)nYrqlU>!H0cl(u%Cx1GT0})DLh^0w8BQcKQW+Iy))yNK=
zt`+`6<%&nsEWywI0Kpmm4#&qINOpW2!ry7GC?zdONe~-F@zMFHbZ?G{nB+qhyuNs=
zpgm0JusuawV5X_lb{c#7Eyo2ei~mDe=I<f~aMk&bv-6XB{9pg%5dXWE(j5QiM*AUd
zg8kx3(A~#M*jqVaZf<UZXoh1QIH)F0G{fym?e<g8d*j5fSdBn9ASiPqs(o@h^=~Fb
zN?wL%Sn5KX8c%OsYcb4F8q=v88N&ncOqihxxl46gOKOBAH$puz%2vnG*a#azr8HHR
z1mcx=o8hhfRCYU9c(3fBl+FQsaCS6Q2qjIETiscSjm8oaF;QEE>Hqsb|5vEY+)nq;
zfHJsI$$ec^RW@o9YN?|0P&&qi?odHN@^OU>K{FrR_z2akjm=b8+*(C5HmR9oASv|V
z2Ho<|JFWyxggOM1@QSF_Bde0}@?KFe-m!_nknB)l7$LmY;TbSc?Y^6j;TWh$I!W7s
z_O7b{4E=QQ>Lu7fB_u#MVkt5Jjw1!L=Sej>rA%sB9dbly`V4gPGzH~<NhPR-sE+Kj
z6D#;Ow8Ap^uhxa?ZksJHel%s3{O_Nf*W~~CS+{qP|NAHfk3;Z|pg9cD^I?V<k<%$$
zRK=Xz3*lu$d}3s(#AVcJxJ58yaa{oyjHF`^V62lRRpV}5Xjet(dBxqT#l6NAAa@qK
zR}#oHxkxM(NDe7YFiJ}-Tdojlc_6#H`NZ>~<>4nX3iYa1zAT@cyDAn?r3^$<X9o*%
zG{m2o3J!h#%5ha&=twfvWB^948nWQeD)!l^CzNGn#M?6+RK8vWor1y;(~;cz-i+$_
zfI@Q>>|H!MOlWE|l5VtVp&ZoFg_7yT!mA#K>Ox$6ycWC<KL3}W|K?&r?)Ojf-MVUF
zmHa<Ht)Krs?H%&J@2Bvb2pqx(%mutG4y9Z=toDj)094A_#vJi#p{<6CtV2X-X9dG)
zjM<`=0TAc7xJ(ECo}<K`VAiLg%e^6cjka7@ubHZTeMp>SNXq_8sVH)#0~xJUBk;nC
z7jq^ibneTnPcdhq1=VEel7i}Vw+KNWWM9#5A=OsV(H^i5oUBh3ik9g+R;1dOFwXgC
zN|b8q!Uw|N=SdA3o8A6n=hwi^ZePma4Omz3$uiF2<$A0uROSM@7fJICf7aoPZF3c4
zR+FMK?hORZWNl>fiuu1<{yVvUH<J2gSt0*>-ShhWf4$xz|NDN5EB~#h<dP<sSH-?F
z2o?)_Ir+?7tu*Cs#MHN6%IM0)do*Th>bowg?UWM@7PqrtHck+KO(W%&=VhX}JQX46
z1Pev}ym|DS<kK2BOKGj-)H0lnNMDR{k$`0h#!Y%*3BtYmBdjcV>)~NT6iMY>glv3+
z<k-O6Se(mv)@)`pkS5Bxpwn-aG61z$oDj4b^*~gUO+U8mJCqIezsXp=sTr_J|DSfw
z>iPfA&JOy2FJ+Pb2a|Puu^nIr!^*W^W2?)xg)7t=#L{C4@*4CD1o{f#A6TZYWszA#
zO!Vt_XP$KzTPu}OxjsXe5aN5Z*|wy@AJv3=Y$5!JWwrh<FZkJV`M*N{cTf8Ldj7Xw
z=k&1ux0mAT|1#r$P3xCKV5PP%+tAWvVQd5-HdZ%}Hs{+VT#Ab=9IAzoX>K@#R`*%2
zwT2+!8IA%=hCux))5w49{2CxO<{!JiR>jP+EW_Pry|rj&C2&TWcvea2sW1O=a#$`=
z-K&JMRl1uJ_}+9YHtR~+ysW?NI#CxCe(cn^Q+m0pnR|aeJv}MjElo3Azp8&-=p3fi
zp(@(G#<wA~%<Ub7wkdCw5E~41e$+DCHXe;|BtmGtr&rMg$9aOwmo&pF%qN7_8wq7=
z1AyIOw*cJAEoGF4pkUj0h^vumjOlM}uou$A%~xyg>8-O%O2vX<jqF;&tR_~~)A@Q$
zbeFwa${!}@A7pa60C(2}xH3GyCwbER-W~VrNE{<z3W1}KTtB8raZXEw@N=i5Hy!E+
z<DFf{;=Y*>Vm$NB^Y3HIE7<4vGD8QEy~q+v<_%@ZCOWOWGKPtJESm2<z80;rzmEa)
zt?7s+=<3G*BIuqkhOT<c|2D(U2)1v1)Rk{^Dud^GCLRXk-Us7i5qST>xMLZ(Wl+^#
z9F032nd%~EeaXz82I<x^X)Ex$`<STReNEJD#qtWf^P8U%3uO4tOxY$F<{OdkmR45H
zstNTNCh{((a)Y%jTMb>L_97&<)fL~gka(E2$mY^#yS2z}{r{`?e{{y{ZTEhDS{?s!
z);~M1=YQ^X4)Gs*DenG{PSjr8`_b%QE9g^K-6H5(4fHKzsyB$@bWv$i;TyqU-_zbM
zRDXl*{e{qTEG+2d=6BT`cZ2%x5A+7R?)B3IvwG;pHds||Wmk8ebb^jK10JCa4M{=-
z!BRK5KW&O+VpGakM}8xaKNyWVLASqSBI!dmk4q^F!vm13yJK>pB%7e#Bh#w@Vy6WA
zx82aoLR!S-C}{UT#1_NxkdmvoDq<~sXEvfxHSwbgsx4`v+xVen()N_;J|1N@mp%y=
z{7o9M+e~aEg0?2l&-<j#=7MJD_W$bjpShdn9t*$~>%WuUSv~)M_vCQ@$9{^t{xgXR
zYYRYo+vKXqzpC$|xNowu4sra1OSazE3MgO8r`PC^S<~mDd^E0uxbET7MIbiD!tp0>
zN*m)S-XUq4{juL9!6ayF5DcYp-SOz$nYCzyxvq2_OS#bPzO#Mv#~5+)VQjnzZ_^lm
z)~=7;06FL9o!>oL4d(L&U^bt**_inaQ)tJ$-)QIKn;a+>;BS1OECBP5d_?0x%i8uI
z(swLxV+O9U|2n;X-T&X~pC9sn@1-=@e_*cDZngu>I9O>8)*8FV>At3pADe7HOj&#W
zPiaa7-D)3j#r*Gf`t|eQz4P8-{_mwU&Hs0r)y?zYjDxi{1ZxehdC<6?yKu{M#`R|I
zzkk?7fi*<mUJuUBW4+<F;{xehLHe-=?V%jXp&ZJg+`Ih$00030|Da7XM*#2u0MRc?
Avj6}9

literal 7740
zcmV-C9>d`uiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBhbKAJG;C$w<=#}r?8~cXT!><hM=GNvUx#whel5yFYIdv*E
z6+t8<VN4Mm0F>jCcx(U0{=NMrTX>NmMLjLcNk*8ej75S#KY;E=qk(29jmDVy_>;ga
zMTt)`{{|1nlwP-Aju8{VEt(`h+^cjtozB_GiTZ!1)2aWzdwO>ML-(Y2dUDb^J@20X
z(CMC?cF%u+&i%Swt>j!F_Cx31ebtfsMhZ$(Dv%&F<)H@<A%PM)3L+##f&)U^5oUr6
z364WBW2LcLOn8={TR%k;9Kvfen&8a^{9TWx#;>mP0rsbuaYEA&{_Q`XLpSK21s%Tw
z{{h{g*OPz#TjQs)Bc7oMhoB!8LzrYfzvTi?8o#4FgoLE|r^dH-I#gil1s0@Ua6TU*
zh7*i9HY8Xuu^PY5i67BPMpK-M4ZhB}U>HqGz`H>w=z1t4zuG5L`7?8Vsv0ro5hIyU
z&%Ss7uW**oTM%Om4ZVY)Fd>4Bkic;LjKj-cU;DjIuj4;EJw5TpRN_7sBI9AZJtAV9
z4}yqJEMeOYlPo^h`1Xdfn1`MZ(G+_=l$AUmY&9P^j&erCttW>~frlL^-UN|UAd+IH
zn!*!A5=qHC`5&ft35f?_8FVutY25La^NZ7*MOd}E9%>~wIvq*vf6p^b^~av}MOh^O
zrzpuWzrO-lBL9!iy4||`KR-F$%l}=Jg9CVxB=iQy#jKM;J0daT9@1~DG=FpPQa%o$
z)$$Gw;HB0K5fYfg2&b4SJpx0@ib)$eb(DU=OuR)Y8et}X0vy2W6b%xr-oQk^0+I?m
z(#-{`pW+Q4(>#e`fB_{8qxcp`$^}Xi90L+cYDuXSB{>&LRRLhtK^%f$IaW`KY1wLd
z5`;HH)xF=)JrE8t;i`qFfZ`Z9PKLnAD8(^ED2SK<lEMISe0CynpCF+`^k4EcPVoAD
z<XJ*dtSWPekwEZ7ck>iP!c~7Ljn&`R`1TMGR~T~~F)ZGp36|hUIushx1LtjMdE;};
zrkMG%BgxKJSRj&cKm(d<LXrs@VJYwj7_wZFIPlan$vXMqf+i%o4dKo39TgW0bDRqE
z>PmIUL-_EU2f%PfIT4iI7J{}(TmlF*Dm2r985<-W!2}CNA`Uo>GfGn79ay^p@Pr5s
zebdIrAtDKmKQjDBj=A_4(L5FX;`^I1PVrQdUjW0u<48!#u_=i#L=0<oPzHGxO9e+W
zGpIe&fW*8QPeYV&N!*Mw5yG>RlVi^r&{km<pnsC}Bsnh_onSG>IhP+7KVE;*4cTT(
z6m1hI7i0Osr`rJDj|m5w+41vx&IO<;B8lo;&OtPZ&rSfbXzYRd^g@0aR_BE6tiYo4
ztfPJwj8^aFGuytdGF+A>rcVfCl;PM{mLD6S$XEE7Pc-{G!D*m@V7O4dx<W!Ex9u;0
z37)9-k2`Nk@i5AArEw<(AZjc$eAa9J?BD?2(HKL51~}o0m>G=$aXIZL67PcpxWvQK
z(vj$}6bsCiF-#-g&N*iOC?_#)r!>Ys#|e%kyV~BtfhQkbsV9_$@cB-)_?H(iJxLP@
zXw7ny^7i5vHS^yp;58}K1B0J}vtd?Mi0Be<hIlUFszjS1SXtFfA6d_g(+hV#7%22J
z`RJe=*XGj~k(#AaItB1Q<v`9kj)4qqgF!KR12b^pxf!{$O@t8RA<7fQq@M^EK!+g7
z4bnIiT+Tp26FIRlJdtP;hB^GNf`g!zA!mo4sioFNa#+_O$9h!AdE-^E{86GgO6UM3
zW=$m$GnMqh<dp{S5|0QMlB})PV_AfY>_34gSt2!e``yp)Uta~{lh~+_CH7yZcYa#6
z|9YKX_hfJX?V`M=(i$Q|x!^;hL43d%aga0;(l}vx8hRdply{Lx!1oI)<N4>$5M1gt
zaPZDPg}XZ#VIgM<2S0%p$}(BgjxA`-b{WVvTM)qA-BYuuo@pHJ?jCK<d{1Sy`Tuc@
zlMFK+h-`zU;F9^@JL{d)=6|=_*{}b0Qa*ofAHkGNLf}}ykR({#X88F;k|i4B5RTe+
zcb=@}z5bM`g@;*MNVO{ej+B?!GxdC_eM!1#Ui)Q5sRbd>er7eRgI~4JLDu|viWws@
zhA(pEmPT-Pto|gEt9&>lpP=QJjo~y_e``=*N>d&KD*71aNpcH+<S0?TOh8$tkO;iL
zW8J!{FJvDQAr1o^p`2sjbb?*uK%qV)IEgtRhP6S3V`WuHll;j*`_5jyyOMR~;)Q28
zI$VuH63!}>{zY{dK3|<&_DeE^6r1m>veVYc7)iwtTK~%Zf90)OCH>(_v`=_bo2_-4
zFzlOQCHz%87O-4llgOIntI$$cZNc50hq5e$)wPZ{#*7HL{(;Y*3#we1b>iKfXS7n~
zwb4oi3dLajJ4s`DQ}`s{h9rsdBv_6ryHr{4$}z2sRsIw_S!aL~dSjkD_NW|gH<Vo`
z6vZ4O>l5M87{_^Hha=_KZE|)5s+Yc6o;Zzbw)k+3rD^KA&RZUU@(PCLTloMFhd2@;
zwBFGx)4zPI*UoZv(|Ro@UaQXBMliTp6KNQ#%c|0KKer`qUw<@|{m6`k-Et>|oiy4)
zw@&m%%e-M!w_6)EP?;mG#RGqr@_#k`kKzg8axH2Isy%b7I)<0+|DB!G?f;X`d2g@(
zcTrq7Lo=7JpQ*_=?GCU&UGJKtaR|Sngv3aYbYxb<FKId?qrCK%p%@7i*5{n-4-On>
zaIvnxyYm2Qo03rRoJwFw`a6z<A0dCp=tPP3#-&GlnanTst(5x}m#8Dhq3{j9ClkyC
znq(oQd6E>HNo)2qEy!nU_)&#`=BeHjO9)PdCU8N}lnQvVDpe0P60TQTQmpZ7Q=_KI
zl<%T+^vJRa;?AdL?{*&NtY;C4aR_ZgFYFr_Jb)o0NzQQLl^ms%;SKo_%!4A})5rs0
zd7`~%KA?>JmC-yi1Jl>;eb-%AyqR{@AB7LOc=7V`^^5nf&5vI$UfCZtZ>Mi5&L438
zuO|PE>B4A&H`oqbF8|MJ^1s*V?$>`iDMp;gg<T;|tk<=W9y4!d{IQ41aB-Ch8=y$l
zqm2BsqDdUlqbn6($$78!%S%1rE@^@tWdg?hSM!^sQIf}tP5%JC07+w<3OFfbpj<v_
z!Q-r??(Y2Zi3R5iFq|b)6tw=m1+9-Q-Nr^DUu|>vat3)uoYaJgul8tgDx@SX$>r7L
zf)9dT<CNhk!8hDfo0$XiMrkSB+;E)@v+eSHAhjxrBFy>1_I-cP>IJMev&3f@#h8`s
zPHB2+NdC*^Pll##Q@cv(5f<)};Nj-~+VX!u(wL;9b=1Hz|6i}ysmcH2<Kw;j-${9p
zdHfeWM!u8jYzDtC1)?XXz$G4<9a<%17ZA<^m=$ss4Aq_yx=KFis#ldA%?*L}Rx`4<
zrv2~k9!@KKU!$qC1B@iy=8)RlCVBjEs8^bgEf4=}Wi|aDtC-*kPB%IZutfi#pPwDq
z_y5jLI(z-Ui&F9bWf^Zzt&8tf!Sjmbo$<|a97S}J1vWZ6KuI=6LDhAi(KrN_r-Dpy
z+s5a7!(x0zxyCcBg1KbBBtpF6ce4+5b9Upy#9JW|jepYAF|M$6_pqR-X+yY5CaU)8
zjJz*1ReavY41HEQ{kFkW084w-9xYD>=qKB>d~}QcW;$3lS&4xJKy2i&#0TG3?7)6P
zxWK88;+SF1pLYWFU+9b}3#bY;bqFdOv1de{kA=v>cDvg<R}FNV8YnR}O|>g+C3GYx
z7cpk+c@b7^UrwKQJH-PXM_Q%I++8|Jk%hph)`Bv!^zLpk@VdT0BbONJ;e`{@+FGHF
zG6YtI9@(}ebt=p%hMJBAT!A-M0@<B_(jicE!l<ATO+tA8@}hX|xNjtN=|9jUS%5}S
zy_|F1jtd9FC?+Z9{DRQ|4xRo*lwHy28VmQKjToK}Hc5#fD0zhwbbEy(n#MeYQx`AH
z2#t$Z&ZtSq6z>!ivz_pM%rGC*B(6X+1L<+c5hKnP$)-|ZE3>6}Zq&j?UKA(5YTvCh
zM;6YAh)yObjomrXE(82^nU!#sb&`?Kovxg~S{J<9wqo-^mAU{lwJNr*I_TndxV)(u
zp3i_&QzX^NKBw+%h;t2k>s6G}|M_~dyVkpkMOf7O8j58uIcksAkdt#*UKf*kuXd@F
zTusqewo~V8`@<^Pb|>o_C_1G{KEZG0;=Dpw-GRH4T{b?EwJ-FZs+eT$>u21r(zC7h
z9Mh5d(uGTEho95r);UH6%aqVVtDKo3@K9p@z6xn)fYy$cI97OLjFq&%(^&(&CZgO%
zwYR3u=t_+ylYVCWR?b$;fwK~l=7M@Q4^lTmt`ShTLILO50yvw_mu#fl^>i&}>Y{n7
z59_(($tdx+G{zyE^xTo)p6r_!)Zv^BtcRDa=Kmp_=a_AJ5_pOK=k%=8tDpZkKim6%
zc2d@j&+^rPR)NX#wTa346*CB*%QbgG1hj(I@&?TrT&F=Y1j^t^@DgQcKoTMd=D~}L
zH#V*&_#5KTs)vG2yRAcbqSX6Hz>@^0b;yE`okQpx!V~-lJRzxQeBV8UCnG%PeOG>e
z2(<`@Sx7v`zS<NU6=k;-lsZdL>YlBFlaBh^0%FRO)Y}ba-BmEt0BwevZKw#2RE=$q
zZ;4nRyE!m<Ripm^uCNd!9f1<<!XAbP#EXNItBrE4Ce3D4InBS5eY&b*UdP!Rr(8YP
zksRBNMBHk7f!Wy(5*nez1JG*T>_ysr#y9Grdaw~8iT!?kOU3v7y>8g+hP`h1rgei6
zAm4{tD5Tjs8iC_vc%^QPQCB@wPA@(3A?DTAe`XcD;R0}3{9os|;r#FZ{LfBG?V6EF
z=+E~tW!Idmg`?V^?{CiP?p`}T8eG@2{#=3B2#e)z?`lNA2HXF)84jUk;>6xuwCabk
z8n!9wL44omkSKOL%Hu>^86vJXf9@D@F3DMYjLdE;Jj@{3$Kw52%3As#X)pM?X225t
z-#M9y|L>ig?(hHENm(T9ZRqcJA@f(1@sG`qU6-}y|AeMQ(6#r0mYx6X^t$!=f4aZ_
zXE$ZDILP{?m9xh`%}^ofD2OP-l&h<f>k{UzuJwIL7~kN$rZs7=G%Zejn=|j#&=74-
zs_P~nB3O8D^!-W8BKaSTaWWz5VugG4vCRHE?Viru|GmHeaW~}vE|8F{S651DW~*D0
zVUUv~Cg}(=6kVec=7D#hZyn}&rk23K$2dt~l+b~eK_neL1%?wO$P_C%<~&Df>>WUg
zNBWZGCmF*-@(IUqL&O;V+hG7dr^zkQRDCHyf()xGv2fr8udY5`3Cgf{059oeLR0wl
z<rTz)aW5DV(N_Oz@V#L0Pu5od+6UuNTmEBz@@d*G8ycYKI?vSIcicM)_)X>=1p{>L
z9R*^Nc}M@-JAhviBQ)pm=GANNN%i+Tj)WJG7^AkX$LR0hqVc$B{$IX+@#^jCU=rW6
zkHz!9*E_A>|I|I}obKa)c2W+SZj4s9O-nP$UJCDdYT_%qO5a}>l{YNfV`4yu(4TFs
zuO>K2;g;siy-CsdoC0_wfN(H3F~>ktD9;<&Ehr8dBa}%Y)eU;xN*a<%3X;I{j*i|@
zfy1LCaG)k!g354&1di2Zd$XPBrll>Mr$)%(SYLiC1)&mDD%l9UpV$3UbG5p<1M)-v
z6;5xBty@Nv^L}~NmWm-}G)XY~?a6}M#2Fr9hSLbQ_5B>`+)%3i{bzYSn_srZ+XpdD
zZ_UcBWD7r(1XdS!8u}}CztLF~B%1P_;=bp-r#8JpdDW*TgZyc3LDW}b_7_N!e&~7q
zet&@Y*!vfdR)xA8UR{D{Khten3aDQ^uz6but$e3%=eLh6gbM(u_R?Nd)49=jZek(u
zhu|bfk+|tOQ@O*-dq2i7q)9?=6j{}<NC+2P6Vq0fk2A#31Pjc#y;im1CT2|{a|bJ7
z#nBD}isyM>;KDWp3(6OGRc8HJRPiB->|DdW&PU!C@Rt_V`toWIRW|Beq1JCcb<(d9
z?g|S)4cS^=zIk=Yfnzy}q{JHB0@CMjw#c=9tJPokBZ*q$^>Y1s>uaT88DoZ5$-}Z+
z)Mle)`>OSaOmMRtHNo;aweN|XQI;CH3hY*m3JN*LYj(PJ*%IH%kh6ZZ^=)SC`S0uG
z>(Qt+r0H3Jt-@=C3u*gb;37{Fh-q{!ahk}L9Sj+rH0P$+lsR*t+?ZwcBZp0me5t4B
zFi6U;Ak!xmAFN2!+|)SB(X8QR66iF1wh%8pjvff9EwHRSkGc-abn2<{+btne@4Vld
zpN(oE(hh<GjTY2gjG#axu;!3*z-%8u<L@prKQ70s=KpW3U#PWuX09!x&<rK?Rra5a
zhNT-rF|UCyGpV<1rk^c9zZ6R7KRY=&z8`Y64Vr$XeZ#sk51C0$7Qlb0<qCYzzezeO
zLS=@O`DLr+T6I9_wYncf`3rR%Xt`Lm@QlSIIat={p_~CWP1<-igW6WuK69wI-$0o%
z(VFrU>|~5@8N1oxT@Gpoy<LrKIjB3&I$J_+)*5I;Zddw$ecit<n$|d2il#OP_=BOj
zUDRCTU=eB$ZVpJ)MiH|)sf{da*Rm8gA-|Oo>R1C0QzU*mui~~CSe)$-bV|V>%JRPL
ztN~M7AEGQbxeK?AV7JqmJQ#X917d$EdJ{K0<5tl-?z|=2N6+SYEcn-m-i^yWDdgA`
zZP9u7aNH}<v;13$dt1g(qSxD)d+y~5^9|O;2}`$t!~!Ux|M_ks)N0qi&RJ<(4p0Oy
zF5c|ezXVopb~oeO0txA~fBCR-aUqoVnso~#q|?LY!^*{lP~J;sE|8E;50?)s7Z*ag
zCGO2gNT-K7_jZWk{bXjtVT+k|W*7N36Zj4mME6<bH=H(FfSmC=?GQJK+&yt~?%SDd
z=F1inNN<8$%WS-EHZ+|ph~|F(<z9)a*T!iE!w<i0gxaD3S++hWhxR?8UJXj<|G3e}
z^sX`-k>M?16phQ>ddRtrnCSaH#{#bL?Q^vs|KVxz=Wl&LY?LcIOi<{%Q49UR^Ijy%
z_bkX1C$~=l!9QNS{Yk~6>7>kD^-Zvj8_>J`%EpsFoydU*r7*zKq@9u&$8a;2O^|A2
zhfdcD|D|%pqe+(Fr+<RrjQ@nAqxU2`Itt+*G*^_87NjJIjiUJAd{nwOM?{SCfeK!q
zzg5s4By`Z8ATBV|)M-179e&Mmfs5k*P?q`Ihyh%7{^RugxE}v^*4xMb?xZxw|GCkA
zh?`))xDs^tp%V61PMDjUn;@FvSO*TOi4#q6yHdM-=y|W5_!X-W2nPgZZbY?DZm0gu
zm`KUX@Dxj3Xj9|qt!piY8A@Y1aU)}R0G<gmR3Ue%PHRbxu;fOlCq~)oI2s#aBdC<7
z%92355^poOwV%pv`*ZJ=?U&LyfcMUhh6<siX>zMOE3wg7Vj{+Bt1$h4|L6Y-m6_Y=
z{wYufH!8WWi>k^-Z9*+obRJ4axX>LcC`dl8kRfR1gBu^AnzgZ+3X5B-XhtSAa||Sf
z9^9Z?9(qTWpovh2U=m&twR&V#GG5**3dTD!F&L5^DhwlpS2{cc`l{WxvoRcf6-g&)
z+t=Q86@a0i_FujL8>oZ?=te9>`oM9dVD>zzMkka>EvrM02u+`YPM)Tq{F_vQT8Qe%
zK0C33uR|*=lK*O5sP4Ae@Zv{PmdXFK<MW#QKR@l9?dAV2O2Ok0yaQ+sL-c%@B1YtN
z3g=ZZ=k`K)(GZ^)nJRG^bsBCE%vfAkzy%}e$O9PZWJ%SyTNm185qe&6w`y^(aRtb&
z#qN~^GEL4CO9hexN)wFI63dn=gjycR?ruKvd|-L_kqkq<s+BLx=jN`8IaDbF(bU<&
zf*cL;XQqNfpI<nxY6~4nrkV`E$W=oY{7J<=8})>;tc-Yjs)Nc`i=b0b7-Bk-Ti=^e
z9Uo9=u7bVuM~4YbZAQ|KHZ7EcI=WCYy;ykF<4|3Qi;q`=_rd4?;`85J%*p-!QNCMM
zEi9A&=O^{^-zU9&{`cJ!o)dvXc#pY&7sa8JONZ57aSeb<S=*Q+UM;lMaFKP02<@z3
zIE^uz*D?U&92b}A;6HMd*b~h96m+>aWUtYd>*^I#)vpeTlMG4Oe<>A3u5=*7rD_D8
zTk&Gf#Dva$ne{2=EVQ7S3|&%Co$eMP=!5J_`Yoi|GCJA=_JNc2sY1~*eaDhi`x3?(
zA5Do;O<njv_`5u*L1VMqf9U)cxY_MX8N3GT3O-rJIlNqrb%n~DL-!(SzTwX*e6ejV
zW6W|=RK~r5pqZ?VOkOhom&<=A_wQO#zbs4Sf3JI9zyGh-+vk7ZO>yPF^^{!F1oNuc
zcLu?HVJ|12nX8qi+>My}_DdOEIe(AFOig{)MYWxBqQU%j=FG-1;;(3=-159k6qlzW
z1f5`^$e%Zhev^D!0cR<#m7H3Hvk~d@Q7#g&EWo%)FDyW~cYlPH1#dk(Y=9!Eyo->H
zuaF#Tm>ctR8Bd$dj0Vy~ITv*DwNeJ47K;;tHlrShYO?9amVNuOrv5h>tJgIHmg)bK
z&S^dW|LMtI|L>&C)Bj+yuFtmv%wSl$_G@f)v9@r9T7y`6EJ0p_evUw20{jEZ)RinU
zi-?JS{pQTG?tE*dGAdVR=mJ7~i#FSaRQR)+aE~p7AF(Xg|K$Zg8!rEs=>P8V*;zgR
zTd#Ax-~Zc5arJ+h@xP|^%OS8-+m~%<X)-r90uURin@5}T?Gi4<#Rd-5LdY~X973!6
zwAWfeknjvgfh9wrewAtDKXiTz5F7Ci-QTKWW>J>m?$h2%G_w*oqf9)lr1aF6|2R1;
z7pU%KLfI<abqRcLx)qysrEFf*-)5bt3kpAUYTPNk+||szKc1W%7w;CP8LnT|zbbSN
z)9O$aZC~Tt5L)K;4no_Mw@Qc&20A}#nQa>nhd2@;wBFIHXpG}L!R1SuVHM^RLhH4J
zvb6@l?y#E!ZsnFT%0p1Ftv$rmNHxav*EZM-Y2xOqHTU$^*(If7!LUYlEnrp?tLo`|
zy(YTLUM=PKlk-n9IbDFeD*{{@p5Kx@X@2jH`&A^45io_o(MPTyQ=~YjB|`YI)6ts_
z^@H)wu48fEOb9Wa`sVq!G36EPvwNALgUC)~i6!%zvSb~dR$dvy#61?x_a0yKR@vXi
zfce^VL=$v%<9{A>&*no{z2$$CVP^!}*FNgXH#(KUGd&acgK_7BalQz=|6ts*4BRlN
zYA24yt&U7}k+Z&JW=Df`W0|xOc->u0)b6e(>ZW3OiQW0tPl-7)d~2p`6AZJB$af1X
zt7g@NdJGeJ8&kQ#T9&PbE>b%Y5}WFZuUbev%vxl9>9g5dWV`<V<@-N6<MpO{KR+yw
z|2RE6J)g<{e7=wW*hz8se{`bu+TM?5|4Kohy6Of&*J_||7*oAQ6sL<ylL}u8{`#Kw
zW}*6PZ12y7o?~G_FE_ud=C~Wwe}ACY*mbX;CYaVkH#Whlax1&K^Q04W%o*?qWoSSW
zA_$hc$^B_lBomub#yavFf&9*B)Csz0TPBh|Wb?R`vM@XVxw=~>7fP}*>OC^O3Lv&h
zu>aT&y)2|fT#kZv_d{$x91khEimM`4!gp#T3RM%|tDxGDCc2I9S|)8yneO9JW_{_C
zV8LIf5xdRAS|Vs;^8C0<>Z~tlwr>9~U;mlAY3{KAT(bT<?w!{2|96k~_kZlBxa&WY
zsIayGw6{$zi~OtlE{gjmE9(%)Pq<*~eWif%m3(@Q4w)5wF3LyaI*98YE?op-BP<+$
z^18G!j^Ztnrr96+RT4~swgSOW8rL0<&YfBFMwshL*Rhmy-R@i4H-C%~Cm+Vfi|{6m
z@h9#2*bb00e%{&Lqvc>en*(O^nVYql-!O%?%=@)=KEBF<Vgdfj2g)2U|I9};9<;1%
z{~>+H@+M~B68o>yJFENuduQkS{NFn%4fY?H>$IEgKr;@OnuE2*?s2-WspH2c+jmn|
zp8pe?5<xfG2V64$yPdQ8`S0F&Z$JNcQkv%fTg~d``ESO-N*jW;23I_2T+dy&;W^`a
zGxy&=Y@)ylqHm`MXJ@fqbK7x_^sONM*n@Uo_GMr8Wnb=H{(k@f0RR8!!J29S@Bjes
C1Van}

diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.2+up1.0.1.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.2+up1.0.1.tgz
index 21faae9b2ad5d69823c0d4b0792146054d453362..d56cb47a6bd387d7fa860acbb3b6cbf1ad111779 100644
GIT binary patch
literal 7750
zcmV-M9=YKkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDJa@#oa;QY;}=#zJEW3Nel*p@S@&DLd;>~8KR8JC@zt*z8l
z1d))0F-33yP>wh8)xE~O-tS3%g)b7Ms87psk`bmVW04@xA3%4b(Lghlgk#Kn{83<*
zpx7s=e}e~OO0SzQ#)ygF7ER*s?p0c?R;zn@s{Y?<wW|MbcTd~jwNFpa+ud%f+dcWN
z)$X3PPrrlK{kmPPWLzNjUF+U`RgwEj3Q7_xkRUYSJr5v60>yL`gh+@O2ZT05%mf({
z9QDAAmD*|%;c1L+{RB;L4_=wk1g|gPUwSmves!G<us_9&6PonkPk(&|?V#NaT7C=u
z0_~vFk$?WF_EXsrPf>__pdaQ#n4~_x<pNJ?zoWbdF-fwIwQp0*CPZ*QuXTJwl8D~$
z+S+#VlrZQ77J*K1J|BLDV~jX91Y0l-YroEjAJR!m6P$<*zD~Jd7)=Vm+d(U6dnhG8
z+b2``Gj)Ed8WH9pBdJi&Ug9*Sw;;wCYI+7iVL}8MA%WrgDTfz7zw$e+PRoCKc6REG
zsl<CMM9O>3=7@-KHV8sGu|#b;?6kOC<J%j`BHr_S2&dTdp{V5fV5|ASahNe8Zaq1`
zavbcC@+OER0+9qW)fAo}5=$y(@&7WtOGrEb%bc4DNurjwoL8J?EX1nS^-wD~(P{;)
zp!4S})f9i=`M*g1Pf?s<et!k9ME;+2+cWb2{H(o~|GOv$2k<<O=?#wZxg>>lNFv5P
zq~BO+{`%sDeB6UZ!#g;D7g{rfNMH^loM5K(2n;F9r()>TQThcl@dhPmgqi#aZ~(6o
zG>EZ!0~7rUNFwk^Hy5aW@;7`;vp9kQ1{5=lqFW#d7buQ#1V|`ZBxOw)XIv;%1%Oot
zQ4a*muzHeDwnoE~AiN%`?){qXfpCZjS1lX^iXz}R9s(z$1V<2}AY=ka0t3Wx_f+CO
zK|%@Lzhy}j<MsQ<(wL%1Rpt;Of#8Ym<`_iGRevan)Zf?m_7D(P7;_vlEZ(9Cmf%P_
z<Qmcg=WWmO#^;z#G4o|dlASNHKqTgX1~k)zBoj2kQj8BUq?sgf;HhVlb@IUljY)Xh
zgV)2iR9rC3aU#sCE7c+I!TVo40ESb_iJ<H@7oT-P5I~?&u4@j=*dWOWCRi{Ma==NH
zQj!Soz}gjnrNV~3Y2(8Xkr+oG82&B8Tzm*=mWY1-{mmFBcq+*+fZ<<pC?w_Bl!O>U
zhBZ4VgDj1t+M=l$)ShWTVxEtuA&R*qZc3Tx!PC>z6VDmYRt@H$f0XqkIWHKUU@^v-
zv?|j4$E%OJA=_+$qHO|YVk|%ScpJdGG2uW{JAQu6xBxUoBvzfvIfy1v_Y@Ed#~!Fp
zFXWfK@|>`p<yf?yw$#s@(dylNX4}_ghRagN^a){%G93BJ@?!%O`U)TOiDrK*I14lo
z4Ce|}SBQz^w*3V#!4uW~N$U;CABJhB^ynl9M2&@-&pP#=9UQ=08exdh0LNSrGo=wA
zE~ouO;(c%cmv~s%FA^P=V1c<ZhH1!~8OO{YWhBDQghtrsIL4u5SJOK<@Z_T_^@Oq>
ze7aLD{_Xh-PtrsJTCv5XyuJ8I&HOhCcuflRz~HCgteI6MBDw^eA)ZUPGSOxTR#Y|9
zN7ggr^unDF1`7R5J~}AIwfXdUsAj2@P67OHIgm4sBOpWDV33dAzzke?W=8I86FrFV
z5M{Aq(hr0SphJ-425IsME@z;iv7Fc#o=7wa!yNuk&OuPiknW*pYN@r69M%=cu^tt2
z-gqS}zn5r^Vmd&vSyPGFOeMWAd8q-s#3RCmBx|Gb(01OuvdI1uc#_6ab2s1q`0mwJ
zAU=wX`dDKBwL0f#W&5ww>U3Ir`)?QJ9hKG)8OmiG5;fuj#)yNYk&wm-%aWew0Z4fl
ziWq!9w=$l6`UJtHUeyL~?NhkBgAo>Trf~3MXrMHeHSO4f#%z~?Y_kCY+}$0UW%5kp
zaCi4;bLLwrtIhupV;rZL@j#>-ECrX$|4z4aTABatc6-16+e!KKsd)rbGU)-w0)`~U
z;x@(4CXy`S828|)d3Wc@THdRVsaklLrG-?h^6yZ2i9J)#m)e&ki{`aoRFql}0_|s3
zvpV=$`y6D=AE%fx5@Gl(S8hoN-4pdEnOtSVA^8Xmzi136k@{PM`a+uW7*O8FFpJ|`
z_$@=R@?`=_Q-ws}{R`{XRed4*kO*-Y;1FdT1E&-08V3sXA;EFP0Wqu%DjX@RLYm}H
z2HGR`^6izZD;F<3#o^&<6q0b3sq_ccVei@M<g#CqAtcy*UzVM=M#@MchS2yU_y5Qn
zl}h@<m1rOHx;7i@G-22`!%Fyvb}V4I!X}|L$ycGJuG)aRI}fF44_4PY-WW3?<oX9b
zeafkFW!8yzcb?HorPoF)<tXHX@n715Y<&`NL*iI@5-dlRU8<~i<#JZWDnABK)*0ZK
z-k9f(Jt~LW4Q1CcMG=S4`b2m*#!(jA;Yc}lo17hi>ZPxiCr;y<Ek0ahX_~sO^M(hY
zyn;RRt$cuoLmY}8G~UuH)4zPI*UoZv(|9E(UZcv~S}?d-6KNRA%c{b4Ker`qUw<%^
z{lJWc-Eb#`oiy4)w{G!T%e-b(Hyax@P?{r+#RGqr@_#k`kD>|TaxH2Isy%b7I)<0;
z|5fe()7E)+um5*ZTsK2Km#?3y$v15eut06^nj}#Venv5gkRZv(tcYLGWJpF?;VnZE
z5~x?5bFM!)aGb&Uy8iCY1E_3DLdkO~fg#DSI23+}{2`+gCE9D39?fMkztFc*?w4Gm
zjvR;FH~5ZBFc)Z&_8`gPINu^#v!7{BK3l^NO9V7e^-fnza3VB;bAl#Rz>`&}dZ>|b
zz0#6mwO^YW6-}mm7loromQ4_MJ~ex{^EhWci%5)n&@}YIzJb957$Op94Ch|SQ9>Es
zkRQQ3C;~nWJph))+I!{$O36PM%~CTkeeK?N-F5k!X<Pk~`;hY&FD_p_fA`A#`03)M
z{Za9D`j+DS0q6f}^52*)jK+9_?ZD;ozgv<2omOYR{@Y10;zTa&a&cn4uDSG>c{AgW
zJyeE^t4!Dcg{mH9<Ub`%;)otyDgR2&d#zty=mB?0W9%psFy_CS-y{j+ELv>(2k;q4
z65&L^X)Xih@<|IGXC-xa=NC^bIG=&xG?t>E@#h9KJ~VV28;N|i&Ed-#<QZ{N5hlLc
zqrr)glDHt3SCI=o2zreZhNlFpu#_og1M@~{DO}%hl?}7)@@ycrDhfl)`NH;nf6wX#
ztTwa6XBb7873@xEa%o8Z)8!9_rcG13Oz9C8?vmi)=KtFAe?XFmB%^iIz%u_|r_-v)
z|C5u`z5L%vd60ShH$6tak?Cv(zb^%%C#S$A9-19mC1e*6&I6bgauy8Lo)NlAKIp1f
zr5();f%aB2vbU!F@9rK>D|}m{sjvf#B;Dqa+T132{BfvPnvX3He{W?q{U51F-w94O
zIu5Wz|DT_CPpbQWvie^C@1T_Ye`(5_Q|sb;ne)6Pd1ric9ETyDq=AjO4p5wqQBZc>
zr!?vT%Mw8*xM|~azG5-HqFm!CR>54dUlJl-^1IoGx;eY?VdAZj2**EY>KIqpx_elV
z*R&yA1rt?!RYu;InJPYSV}?F0oPOJ2DuAWEYL6E2{`$!_Eg#*YznKn}O_pLH0T3HG
zEb+nj6+5sW6E1M#qbOpS^JlF<{nvBGlm%3UnmPoPjo4Ek&&EQey=JrBIadv|>l!F9
zHBB{3ZN+pXC>IfC>{%XGZC_5GwOjcE9Y<QG%G_N#Ns)!XsMdlavh?n5G4Q&+KqHqJ
z>fwbG(%M*|jUohAg&x_qBy~#6%7>bc1zdqQRsz|bfWje=cfzQkA&q<R?!`s^+;QJX
z>e7FsNxT4!ym~R`+AS9jhEYTk%=rbQ1Ke}^7h!ru!)q+uhc;q(KG-B7f}r>%j?wKE
z4rvnc9-O&&VMb__zj8)ROs06JpqTB1cVmY6n8r~Fni)t>T8<cTwn#RW0$Z6a^>d>V
zHu5|_(^dIyojI~_Muc=SK}qD!iDnVtugk22v#gVheCBlJ1lGFXRkjuD52{oJps7`|
zb=5%^x5MR4&G38%oQfhTPxd)=XG5GT&|9yfl>X1wliiixRV>1y*4I!hbIDP8w1%9V
z!}6+_)O)o{rQ~XgzO<b>U)vv+$+kOLUqjI;jk5`UBNyi-!s-s(o$R9ViL8C0_f*9s
zZC*d+ewm(4wda_O)R!(?Qak*Z#JA2dDp;n39$Mwh41tFd^Y>LqI|H<Gti-XxYh$dW
z{hiDj;1v<&HmbcfRYsR;)S2`%<F|CSVh)_8kTe(6?mS4{2)SB7-3mFJ-34&goiEu)
zx9jPe&(uZpR3FxJ$CFXwZ)k*jaN2Q4f_t)WUQmZ~Hn19AwwnKkaGqhd=}F)v{-3jM
zt5ZGyao*kge|A#VjnDGcfL4LY^0kS{`WZ9mJ(Fwhm<VVDjpYrRGq_HJWC)bOli&qP
z(SXE65X^(;7q4wxP4G{|p-~M5o3<N=@I<Nik$@*LPO6XvA6kddI)o?qH+Vu4QTx7q
z2v0_M&il6f{tzk=4zrMWj(xQ$HY&<)D=4*=pw#ZJf|HK=+X7<BlhoM_X6;ol(*SLT
znr$c#j#Q0pk8iP9AG<j)d1a&j0IskQBpHDc?ZO_02gLJ(ldFw#ttQQ8R58uJk$t+d
zVqVAD8zo#l*O46CjYQmPdx6>64q_Uj*aOgN-t0x%ea6@7p?a_pA&LEdeM`mn{k?A3
z>xR8<_^Ne-5g^}&TF9l@IvRoFczC65j8RuTluj=_@*(Ec)_-Odyx{_HS^Qt?WcK`T
zYk&S{C#7=DNGbH^+nBOz&ehye?a%i&r&V{aogX!>>sf!UKx~A?a<_LmB4C5<|JxMz
zpkd;~USBk-hp}q5DXKwy-{z3WcRPyXL|Yjmt~Y<~7;!GiS$mAkZYw;@Alb*_{a(si
z`X6a8__}7m68+ygor(YNoObv3|LmkJ681Lq_nVOUE6VuC=EttfTJwKG6C&u^`#{Ui
zf3`a9>ij?3-~Y3lvRNEt_0r1O<DX`zkYp5ulwr!%1;|wi^G4VDHYAL1a9-1zv{#zu
zr@qaZ_i|{6HYe3}lMfLryf^xOr)81+55_p25OuM_z4};Y|DCnZX72yq-~YIqasU@d
zNY<+>r8KkEEy*y*NF0%51Stxy(FpUvJJ7cd^DI?MVBljM$1sZNK+7PKjE;ff7zr}P
zN{%_tQ4)Cvkl>NNWcf+T@Q{4O5!?_lhW~LGz>i6M3p7z*N{}GM>Pjpec)`o74_AUR
z>>a=hI+@S}etvNU5n<d5Mnp8#zZ!fm82pDd)xY+^c+`~t*q?lwG>e7?D7?;6b@v_j
zjskv@dPl(kU3*7?n55p(|Md>wXT%82IJ|!OihEN1{fa~31th|#sp~QN>(^*JE}H+B
zub#hr^D3A`_v~Zw{O@$ms`o#&yREZ*{LfCxLEVkf>b7ZVCfQ5jJx@)1WmoC@>%!uO
zMSDyP=n(p|t@YIeCkforjJY={8lO`DuLTee<|gI{XadD~BfAB~A!URzDWuv#r(H@e
zQc5fmc;3;`TPkqx=m;FB374QU93p`ub=lr*C%S2A3ulQDayZhL-%3HK1eHo50`KN^
ze{8N+S9d_Z@4v*!t+92Bh;rU9uG&&D#Eix<X1_dHaGN;8L(Fgz;-<czL!BE+)W82J
zu4nU$)_C(E!pW^!xfN{ThmyeR;!Z<<#qQTSi-JT`zEj-yym!>5S17Lf)MSu9%`J%f
zO3eNONz(6mUccWTAU^i~0Me>Zm&2<|5bbBWZA$_5iw8Cv3!$a&^zHoik%e#p0Oekq
zi)uPI8qZBE1pW}5<R}t1J!eXHczN%}7=|>C>5U?*8Wu6(f@@;h%JOlF7@A;#8MoJ}
z*4)IbNo4L|B`iPMVL<Ub?=xK3hG0SY3@?j3K8q?oM3J3qxYzl}`waflqFP^G?V-v>
zoh#J(^`}ny6~bL%0jMTh%Zt}9FF9~5N0F3RgIhrQ9L^TG)^9ZW>wY9rtG!;XUu}J@
z6f9%R@G5y&c8l6<v}|9s{*Vc7mZK(ER;Bhmku%CtBUggms!>59<9N+Z*DhP)TM=^B
zFSowUj6MHzoqRnSwVE_N3$Rsqt#Bc2|1(@<aSRa+uO&_sxw3;Hqm%mF6q_<<4wM_S
zta{|Iu945x^c)6B`4y!4q~e1WiJF@lXE~Y`yi5X}n$H&ErN_|&A+-gT73WdcVVO=n
zReZZ8WU8I_8}qYKEkxQuP@vI*nu`$>Xav?AQVy8yBWV2HMJ~tXcvbxWwe@qgR?W<{
zWfbb6gucrDv(d10V<_e|@OdWnmd*6D1?ZPT3H_(1rziJAuChVXFST!2SL7ix$;krv
zyIQWmd;OavqdZh*NSR->TC7zElwPa*L6pBx$AK1$RSVBpOyYxOjULJwVAG_HXEUg6
zh3zwkdiyn$DH5$IPr**c_?EGo9p1&DcF^0^xR!&u^|ZAm<YujbTI6=6|JT?3>!N9m
zgQaL{bAUe>n%hOqH4YY`_Tc7#L~Rr@o0HnevSuYqVIA^Y8KI6f@GwQ<r}HXqi-Gys
z{y?V`48k<)+s<k*we=xPGn2b;+X%K>t;vI-r!ye-m!dauvomfLy_41(vVHVyp2wVj
zwdmcr+>=6%P0<#ehY!cS96igwmAJQM3?+J<jk)Jut}x$VU7WCV3rH-068fL+HbSj(
z{p*~S#^nHo@ciQSj{Qqu<z{;`zAccDPWzV+D;F0+d9PWwKteh_Tt2K^TnOd8Waa`1
z>GW{<uyS!Blw0E7jD&Q0sB&+I7~W52)*QB&X=iqkZ!>}KU_o@BMSjg`qXozrztawJ
zlgQl@H|M^c*=9a(F@f|ZxHZhi>t;jKxq@i!_n+^TxO#1zW-xsJ%SNaz8jwZnb8=|k
z6YABVg#Py%jZE(<#UUBq0!HDu*sX_*+lYz2?{h5R8s9!s`|<CO^FM#-17f30*<pf0
z-;G-62cGvlR=#IJrZ~Pm1_b|p{^kc2kEW9{bJaJ&I&MJk_A47t{&XS-LX^M&OOtj=
zA{@cZST;e*ksUf+EBsyMibs<)#>c;d;Ecb*(a}4S9v$`I-!xN{k`|;Sh>fCn?|f9a
zH%CN_vw;d;pTAYm9K>|coFFbR)6{7?jU9f;ae<5C|4^Fx+lT>NcK+k+{G=NH*FD+C
z|L&yJ$N#y}eu$f3zo-;+_r4VNR!o?io0}k<;z$P$s)-X$akEsrdFXksocI;15eNqa
zMQ%j3Pj09F&6r5Z%kUISU1(F|>8)!mh8apCI&mXocmSRWGgKjWiB4-tjj-fKsK-Xx
z>Npx3VI!!Nrpl5)ycBOUxV4|kZu@iZmF*YOIe>T0j)n@Mq)B|MJ1el!SYjf^YO65$
zumAV|h04tBbbkz#!Hr7p>!PZ%QJYXp6`hBY5zcjo3JQ{sOJoS@`QXM!sAg?!ro!UZ
zDw>f=%^U$qpaVDPmiN4)QqV+ChhP$36193{l`>x5D+<OtGBFsE9V!f?2QPJa2J}_C
zZ)RgS`YMu6(zdU?>nZ?4KkdJG4mMB;3DAvLiu8fwP{HhZQjJb1lUi1X91)rvgHE2N
zp!}y)f?9~`$UZx<f-gfWERz3fU8wH1+3?~=Q<lm9?#X#Y{-2+<JA3)Ri<0xW2i^hH
zhaq}COc5h;I`!sNG3WMr@Vq8IF*H@8BI>laK`>)}T>%%2BqI-Cq?09;<8EDOmqqA#
z`Q57dy~ZUVw-&os5Xdw+Pb}p~4k(Q=N(w9+t`KT?AiKNyz_Wqn;RiD8=~b<KSv)s)
zRm`DE5s0SF4(8;ji9a(H9QypkaamjFNHW!A07kAFvfz&@_SvW>l%_?*+p!KRUoC=8
zL1BpLNN#;^MtOWduDNpd&L15nG_@W{H`+8;4(jMa!SsCLRgFV+A<jQu3El^v|BKIm
zb1^6P`v>`MRkg58{-2*#&wrnG_W9p;Q+P%M?!i0E1w79WrCd6!_VQ~0RLa`g9Pw(Q
zt%i%NLqyNc3Wk#ivw1B8AkJ}qnGXIfL$N)<tWQA~dqegbZMm*qF;)HQkT}VZl>L`b
zk>^SWGF+-g;F%RK=1fe_xi7Oi#hir}l#`)L3aZoHq6hjQ`;vZhskV%c_JDohWPK`8
zv`F8vB-OrzamGhepj1&8J`nyki!0FB?Dp?lzXWb}`$7h<!MdDJmT?X*S7TkSGUw1e
zPnvJ|vkG5qo68upoD`*TZy=~AYb}$P%>U)`-^u;EmeeoG68Yb0pI7hy>vZ<{-*;17
z`ENZXmo&z_EcTs2Fkjfq$!F$jsVR3Orn>!7L|4w=qcKxc-*r)Lr<iCkznwX=ag6v&
z8Y;IuFA~LNiRgh&u#o4^n?=7)KCOVWl-5d4EyCG|^!X^~30M|jT&EWnAl$h>!pefT
z9v(J8p;X>^$i^2)jy24U`MHdz^=3v5X~K*PI{8v515k;@>47$*9*AnP>Bp9R`?99~
zHyNwfH3OFE|I^l4HUIzF*<Szeq|DR*V6v{yw*$;zSi1JBZFRA>aD`fpSb8i$UV(m&
zKwkp<1IyHvEHaCTiGKa+%(M1<Yo#<QS7+z~LVS%j+lEy5y_#^3ErcJjEZ6_V1wR`u
z|Ci|h_DQ!}&HvVEo$mMlc2ZpZUu68RX#HXcEY<c!8(Nyojg0`rM(XC#`h2^DOL4J*
zLp2vN^$qu+(LU}pRuCjS#bIE{5U5{88u|CFUjoEN{C)eEvY1(vWw?FZS&3#=0;iOT
z<5Egbeff`*!*YS@UM7^S(p{Ip_oiFESy#yBMg48oiMpWheXGKq!pmLG-246M=}G=>
zVVdFURsE|%=P<1bRo?bBzU@K7+}=TGlk!FZvB5y+M=i2#<KYm8q6dw)^eP<VD2s9N
zlBQUN`ShUiN<!IK17LU9%>lP`OBv-oP_V5%#MMYO#`Kpq*mG&(=BqXL^j6s=rDD#o
zT6Qg9RvoLV>3qF9y31ZI<@b~GcQQF$fZHnqTpFHVlRT+^?~eObB#sd<xxmp!t{+pR
zIHx6g@O`VLHyx@6<DFf{{JxnUM0o0(=U>N^SFq3SW%e9Ib|OnGnb(vh>*%!N$`~f@
zv1q>c_?oxM{yGNCm!>1?psO1H^Pqb=AG-1_|C<auBiO$5QCGatsSKX#nYbT}J0Fbm
zMd1Ah<CbOMhCx+3aWrmqWU7mt^(8Yq8l)S`q>aF9?_#31cQsKr70XNP&M$sS%#q<+
zGiB>wm~BM9TUc2&t0vTAn8@3h$~D%qY_;biwG$z+sjm2<g~Y?GMb?)-o2^B*>;GTA
z|D!WrZ@TyM-SYU4v+mh>HUD#`wU7VUNpbgobfWgk-j8PgN<p8x>IOmAYM^fzQ@utM
zr;AFR3SSHU>Ynyyq55lV@6UyvV_`urHowc}xEs`ef1uacb+4W#m{vnKHo>ZNE4#Y$
zq!qNx8SoILXh32j2$s6Z{b^Gq6Pr@TI`V6Q{Kjb13fkQ*6G<Pkd0a|a7#@IJ?JbiF
z#pxJz9+_S_5L+eKU$#Rp3uzvgqoCdW5StIjLrSjvs)&{Fo!W>()x@_ds5YdDZsVJl
zNt;uq{dkmFU;4yY@K;I5Zd0+A2-=uD-|vz->kFE#+yBegf97tQdn^E#tp83rXVv`w
z?UVieAG;~;`p+aPtSkWSZIjC)|H{6L{JzQ3I>hl4F4%fsDWH5MpI)s)W<{Ti^3k{s
z;;M&B7lGIa3&)?lE^UmXc#EW|_s4#b1e2hxKroa<RmY=qXV$zC=DN~#EahCc`_}f&
zA7jMHhmr9jyiOwgQM*321LTaKcXsz^Ihar9fLVX$W^LxzOrb6FeyyF4FLIz*fWPp8
zG6&4x^AU{)Ei2o9NZ+x%i5a-W{%du*RsVmdd%n;Ay^~U7|ADzqyWS2o<6x;dSZVAY
zr~B$Uer&RRGiBxZKcNW`bfbO1CG)@C>Q>Kxcg{Qe`M;A=H~-&gR@cveGY(eT5Uez~
z;z8qT?!pbv8CRRR|Ndbe1y&G!J3Tl%i}jk@j&r1M3F*fkwEMCz`?4?la_{or0RRC1
M|0L(^r2y~%016av8UO$Q

literal 7747
zcmV-J9=zcniwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBhbKAI<V1MSXI4jTW#2%A+_?2c&rZzXp%w+c_*JbDSty`(C
z2qGZ~ZHiz6pd8=CTl+Wm@9i(y!ixkc>S<X{(n43IEfNII3+Dg_2RIC+(HJuye-@af
zDDg?=-{QfT(wp|HF=8UPLzCpE2bE5z(>XsqRsZjFI`#i|&ri>O>Ynz_PER{$7u}1W
zI^FZL?&(j^d04lrm7EL2e(F59uR3zyNkM5!1rmg&JoEq}Bv3*}L4<@za6o7~!c34M
z!Ep#iRvN3tgl7r5^HVgzA-plt1aB|lZ(5ofzq-i>*q>s?2~9)zmw$f&-Jp9Obo>td
z8+3zSPyYEYji1Vnc!nYzf__+tFv)y=#|54=en)u-2}$$Mjc+r|CPZ+*sC9fx(wN@z
z#@cr9R50iT7J*)HF&}=06O1@E1Y0l+8^6wpAJIuhQ=EzozRtK{7)?sRyFn-DdMG2m
z*e6r@Gjo2b8ZqV(BbiXozIp(!ahA|K5MvAty@Q}IA%cvMz;N@N!>eE3_`OcA<3B$;
zJN3p?;yxB4<6*l!B4V5mf{0EmVcQN%Ej~B+?v}Echn^476nj3Dl{_D8H6J*Raz@0R
zCxxuQ!-|zRK_nH3q?oCu@C1=WQZi5ehv{8H;sIC&-A+gvcf95N;xuOwR;{jwTFH%0
zC+Gydf6X&Z^+z24i}e2#B{}8~HvmiY|H*l`Ti5>=r)PWpzl(Bk056k--r~3zM^b4=
zBxc-0`i<4*Z!cfT$04*@-oXL9(v~4Y0&^JQ6f<Q<U`Sap3?rwGvM-p4cPK?8%;Zmi
z19+37L4wsAnCMqPQh`Uhxj^+(yy0V-Cov2#poC!*-vLRvKuLmQKtkyusb``j=R%n(
z0IWKQLl7*->Pa!sS}jk4@OG%W_Zzwg!XYMHwQvk5j)CK32%L;k97BYHhzTGm3=qfX
zrxN!G5=!a*DNo}Buir<WB^1S~GKUxm1kZFg#~>1}`a@}~{=UI?hk&@knB$0H@g7aE
z1V_@Lu#g@&Z$rx)pJO(~%$FTWcD}{}k%R*p&|DLeOwb5R6+Xa_<&wmKr=CgH$p@D-
zA<<n3Z-?)xxMY~)RG3%SszV;a$6q}FhBL~EpzN+tolOc5K%h}!YYvQTkaPqSEEtJ6
z;55!CNriV{=M{jZ!G^wR<I@n41jnBk{yoQBe2QqEihl9^?HH$cD#<T^;oop1B<0wY
zL>MB5H9IJSJd35tqL~qD&om%0FXU;65-y3GQ6@roetLT1IRb4>U;+APSx=JllF<nk
zW1P!bMOOTH^I11!n=MhaO`u$i<p-bd0{Ac{9B5|c=eL{-KvP5#)wvvlXcC{F0%FnF
z1NG^p{4%VL3ENqLMdx`({VW)*-pyyWeO+a^EKN+G5XLCOv9D%+Y=9zP;bT70?C%6;
zfd+!%!kFp`36b2kzW^q9qS`;{yd%ZKD9e=%ofLp5S!npI*ZkSR0lcR%h6D|8!WA(y
z8Ux~T*iR(h2M2J4hvnQwqQg=wFjtdd8u50{G4n?`iE%rnG4?r5a3tB)_6`m_`RH0b
zp)7<i_o~G|y?o_Knn*xvb1|uJFaN4W{yPP{CWU%n@KbO$jH(I|T>{P!&m~-yXfp&W
ztD4~>>lrz{bjO2%LO+v_4obN;pT3OLD3#hNfd454Ip;VAGPDf_h4cnSaN&iK+}S2V
zi185RiDJ^92^T<zAju7Kx+l0Cfr2J-U}JbD(IgCW_+JGFK`leh4?R;$t&OBu*C5AQ
zD&)BFDp>w3(HtdofD*H&5{Vf~dSUWf19*i;gbPX5R_ih6c#F!S`Jcd(ERmMG{r)c>
z-dqRbv)HJQCG)>d@1nN;?{#|n_5W_l2P$VnWGI(#NHnMq7$XjnMnX<bSe}NS2O#xb
zBogrbVwUmZ%NGc)^r|*^Z=b^bJ&drBBZY&XKnrD=tZ8KnTC-gSvdtC*aDRVnmdP`X
z!~Ok}jhP>*tTz5Xjd7A;#siUUuoPS}{(I-W)7tp&c02p^-%iSxFYP0kl1T_03mB3F
zi@OZJm`JijV;sU!`~KdOwY)c<GqvzAOABdM<=>I=5__heFRd?07maJbtSGG@1lrH6
zMs@Iu_BqI!f0<&&NQ~jDT)CwYoS&#a$>cg84#{U|`DJ4`jn&^8)K_vUj{y~Z4D%$p
zgWq$MC|@R^EK^7X-rulpUDX$|4~Y<m0gh14F>pG;?&LtBJ|sAaIUt7hgbK%MRw1Y4
z&j#8X_WJ#`tSc8UJj2o9Y7~-iR;lz)s>ATb>g2Ltk|Ctnd|%a_wnoNCDu&SdXYT(q
zZ`CU44_Bgn!kgM`t<!{I-wZ3^Keb~4%M~_>?38>JTI#ATxWD&MmW8mo)$zud5h2$<
z@a0QEm20z3yubI1RjRx;R;fUt5XQf053==1z%5A<<w>v{Rr69cdsi-JHCg4y;K@1z
zoX}hI+?kI`al57LCZQ<i5LurHkH$F86Dy9CW4Fm!2~;nAwLEbe*KG0O2Ft0b>pE|F
z0Lm*Ens4O;JRIUkgwT3VuTB5*v0gjN)lKV-9C)oda~r|nW=*7Fs4lBY*Ztg<^!)mh
zq3kDSX4oxvP}o7EXXw@~-Z(RFkm`18qXsHtq_tS^cd7qZv;Qcb5H8oEhM?Lrx2j`!
z?ft*rY3HK1xBt5+uA8Bm%Qw%};G1>_SfH+VL(({eUr<6~BuF|kE8<r)9g<OAddpCZ
z1Pbe8&h-Zejx)Ge*WcfJ0JTj?sCZ5#FeLpAN5YSgKV)>GRD0vnqrFV$m-bfb{fbM}
z(c@6~20xGq<^oN!5YjwJitV8_`<WKxvo-vvLO}CW?{Xysr$Q6BAZSVjJX@8jhZ+gj
zD=jJ3__e7~vt-J5Q962L*#vRtQ?qwFk8{?uh{QOAwxJjH4GbQ@5RoKjxbRAjQp)g#
z{0Qbj5%6i`0kAyL-ZLLiM*fr0JTrpnYxlnEt}EV5yXud^hg`gPb@k@uhd1WOUoT(V
zA2n~MZz;|nas02Q|IO5e(FAX>9k^WopV#z%uhZSH|8`Q0I*|*zLY-KzYoR@6-pu%8
z57orQH70C;B2|wv@{fuoaa514RD31Jy|yo}w7^}_1UtqA%=BN4Z<0ny9xtBy2k;e0
z8sk*JX`ut<@<}TmXC-xi@0U+3IA4L`ERm|9^{*{xeQN18Hd6U&o5PnQ$TRAsrc8Xb
zM}t!#HE~HUucjA#5cCG83{MGGVJTD02Ih^jQn<O{IvZx&<@rEbRTM>-^M&pE{+`tf
zSZzj$&oGKHE7_gW^vaO@uUCIIG;N#ORZ5SraF+y+H~!bw{{xc7Bpt0|2A28%dc96f
z|DT+k?DhXn%A<_qKWQ2HL58yteqSm?PY!`AJTyDBO35xDoCh$g<SZDfJ)?A$e$Z8~
zD?6GS0`09f$=;gvzrTMxtMFq<Q#lVXnsl2YwfUUn>E%$bG@n`@{?W>6_CHopz7w2o
zbR1xb{lB<4KdJBkou790_J0?p;{VGs-kw?)-|K?s70o;2o8vf&=p+klymf$*Y>a}c
z>pr7#2rN$pnc%jK&-sqk_=<XsXIKSu$$m+Mc*XB#AL{1p#)pZwLLwUfSyRWj!q(lx
zf}*Ak;VPM^+N(42q0ChAc^fnIdFk}q22%kn?NxiUjP=(~wmI|BE&7|;VA*6P1`+_V
zk;4)nd|$Bx`w8I!r#^~fhB<%H3Dkd~BU2Vo6>91bR5oHyeY_Y8k%jGcw|Ai$=r%P_
zVrrUdSK3PGNKh_f%-D+}tlGYuzUX#}2Re?lN|m|0bdn+qfl;jmWn}67{bJyCeSt<U
zG1S9LC#1EtLK|fWtO`A{ZAt1>m{o|Hjs;wSH&z4Loq*CIP;|nmpb<?%`0(noc<#7w
zBz5WE(Ii=bMp3;SbKQ;$2g4{PDdzl=(E$#f{za5s)93~Z_o0m#o)0!ji6AI>jT3Zt
zjU$@IJcKhBFU$yyi&u`+BxH(r3X0iI_%LRek7*KDpqYX6q~oX&XNzQ0EwGi*(mXb5
zVIwb#GhMas))^xUM?^#?6O_j8m}r*){<_R+ILkW8$QMpmPGGGIUTs^k`JhT&0h(Hs
zxvo0s;&!;asTrQnfKxLh)xkce?rey24SMTUl-mErdb+#TyNX3v)cP8RWiB~tkJiwW
zb68$ilX|aqsg_*L&{wuo=Ue;3D%p0Y>l-LKrAa=)@8sgVLRj5_yOUiuK9RLA^`5Gj
zWbK>h+^^EJt@a$#k^0hwOInA&q{*Fgj0%<+p~p5kGa~R<YW|@HX=i}ej+HpG@WvP`
zIsZ;)C*U;|<u<ClHFZW;YBWvhXXLkXwqg#Pm5?+S)bn|ex)E}XfVve5IL{Zr*>t{S
zBipWrYcWz6jZ=MC&y^=*#NW{vhj7|+CBZ$}H!rBeIU86HFI&z3LpaYd+w>&x693QH
zd8b!D|8a4?_y6pqtQ()@D}h#l$?~;{$@&E|2w%uGcR~cTg4Xf|%^6&$K{5o&;92kr
zWoSSWA_(Te%geVmt|s^|#GzFW1)FwThwx09_mO~S2~O*f1)n;H&^d%>_;+|lQqlOn
zdkD`)c+UH-{QeMX5e~DEc+UK4Q*2a}-BwWQEJ3Mzz6wq{>Te5(DNj;wH<)!-!At|R
z8EUqnA~;etwmrTjVtwr9z~ogY{ReQ3g&^q&lxi3DFgze$9GqND%C(s^n^EO3|3UWY
zs)l(TXK$Qx^;}1CY&Q~dtL+75XFEt}gc1)xn|ZSrY4;i5s)y>qMua5x`}JokzVGjC
z!`?RRZNqnM8;k<^G0Z}t&DOC994EtTbz_XW>Y;La>4^_9ueSa(tKbb6fXm|lIwuY1
zfA{Bqc2a8Bj8sB@evBcz=2$Hp)&6{cb5?iv+VRogx}Npt3dBZOEO&cXBLX(q{=ds`
z2rUyQ_V%(>KaAC|O;Hcx`!PkL*zG8f6KzFATyOqd8F4PjSzAVCw-p{oNcORKf0VM8
z{YTmhzV0+&iT&@K&cy%sPS5uD|LmkJQua3V_lMB=E9&^C=EttfTH}90QzGcv`#{Ui
ze|CD^`uIQF-~Y3lvRNEt{nE<W<DW)UNID84$}r{X^5eROd8cdr7#hYmIIlUIv{#xI
zr@qaZ_iAW}o=&RkCLbeMct7d;gO)}5KN#a=Le#|y59(vt{O_zglmFpjfB)ld$^l#=
zAz81kl+w&rw<N<LCrM1w5o9R3K_koq??B%=%=1hwfq{>4lE5gT1FeHdIywf16C}tK
zD?R2sM``RGK#E8DlI3R^!$a~J$8bx;82;N~0Dno7JD{ohQi22-R##%-zzbeqf4UZw
zVebH5(aD6S@XM=fhza9fFe0L@{?*`n!QdaPt^TzS#-q0U$NuEgv|TndK+#Q}sk`sE
zcNFm3%sUDO=*Bw=#3b{M{<n7kzaU0v&f)FrH{6rv?>8I?FCZ~SZC#Ji-@eDm<D&6@
z_2%X4cW;78{J=gIkN;lpY&QQ(=WHMUvy*brbYrx-ZCXx~?4|IYrv|>7SLyrfqVk4C
zdrS=I5c;#N_0<3;DcsSVxi={qpHl#D1rQGACgvDu3gvkty9LD|V}vrPq`E<`TS+WZ
zNh%U}-qF!}DsXso1P;`MOHdh(kifCJY;U#`-L#ww=c!S0IM$cnN=2v?l}aB1ALey`
zY_3*UcR+sZzsBjEnd_Dj<-A{BwWVT+8BG$*etov!HgSfBnBg?SZGAt7IyaQ6fB#Wl
z&*qn{@%BNC(>t?rE7`&iC4tq&oreC3-EVak1&OA7r?~HVAE-^QP+s+^$sm84TM+e?
znEeHsq#t@-zuzAqKKA|z<g7wn4zDgjw4dp=Ed|ss9@tDQgjT-OxAWUa7QzJpRC{SJ
zs_EQlJU6ir_(O1#qe$HJn5o?1<$V}q7}6x6w~DMvEE2*6*Tl4y<>L%7G{FKhZm(5s
zxQSVl$lSq7SaGz&fZ}=HSGcqd!GiJ?UYB`%7FB$VB0JY`uk(@j75t?|wZ6RCW0j3M
zSE%)yPo4B@guBK9P(!wsS8rcmao|`=k<?g&J3#sz&K9}WZ?*dCek4(Ayk4$fZ+)#4
zEMv^@DtTCTi`s0oY+tqhm<eu{qb68hr}hJpGsaRQSApG{Q9&W+c+F1NE?eST8FJRI
zw!Y1bJ^y{3d_5YqhBQ43uvK`ia3O8~D_rJD0x^wlBu*2#vV$R`ljhtMn=)q(lpC|G
ze&n#Jk+1di90p1G6=eFP;-eLbnwuJDIhr-ROah&T&lcjP<>--++5*eU^Qh~vOsAeI
zzugit_0IdP`PrxzBJCh3&}c!;#Rv*C0y`a24w&sDX#Cw}F306~)%^dB^$W9B&&;)D
z6q=!gzRLcykyyGh6!RMRI+J?KX8PFz^h=?H{`1q*lZPQ!+o0)J+Bd8#^N^Y3WC8q#
zTCTuH{hOqtB2;EbnP0YAu2lz=-l+RQl)q5NftHI^3(r_gl7nT99?B75)1-}OGpKEa
z?K6jZ`wf&S6Rjyv!A@j+%h=6|cPZ2kdb^TqDb$_koh>0ZI~!<3ZddkyecQh-ns#!q
z6iq!H;E#spc2RRD2a8a9^yz>^Z4@z^liKLAb}dU`6Y^V;P-iyqI7Q;8^D1tOfyLSW
zK&KQ8qAc&*&KfYa^&!e~le=)+2zEQ2$)lmCGa&YtqBn7~Gj0{Vlg>M`ee`Ue$AW*2
z=-s;9lS+<F(H5PDkH@_NJ<Gq9xVL2tC3?M$x#wQ4Fn_|jIAQ4)kXQgE^uOG1gj((T
z*EuVVs{xAO<>lKQ`<KA#&F*G=Tc9DG_OBjSFD``gL8ESghID$kdR)D@5XuMX%mo_K
z>EY^e_2NP(x5T{}4e9hy=iUx6e3;H`IBYS~&g>%JW&+>Ag6JWO{D#v;3y?E@ryb%Z
zk$WI+&V4(x&3xTr0_ja~YnhGL%|z3=f@tpdUmujXdTpF$F#P!IMyM?k$g=f0IkX=L
z^=eQ;|L2V))4R@aM22^OQ8X@h>mlbhVxsT+91FO?cQ4d_{Kw<s&tLn1*eF-?FhQa3
zMlJLM&wH6D-?Jc7oZKA)g1^6f_h%K4rjs&r)i=R9Zb0w$t2v(h=|m1hD1`x*Q`#ws
zaSXR(*#xOZcIb4i@E<ByJep()KK=s)XZ$-H9ep6#(NPG0r@5k(oIy&0*eHsR&PSzt
zb40{AAE@B<`CA3;K|%-Z3E~1XO`W#W*x|Pv7q}??4`rFZjTpdX=ReLaPU`W0=e>RW
z?@mf{{GS``hqwv$iz`8QA1h&R<$$@py$zx%j&<Om8aUAuw=1>Vho1MwiC?i6fp9=j
z=0;Te<aX%aj)~N~3{SDNg*G*w-n!Omn4vVL6E`x32jH17LlttD>a>>BC`)dXdSZ;N
zj-#;=HiAlRs%8?1SK@63clJ}+ZGY~)vi(v!2k^n!(NH0jG)?YwXC*coOH9OAZ55{f
z@BjQ?p)zwj-5&#GaI2F0x~Qsb)F#wYMdzV(gbUlDf`a7Z3K@cCKDhA_s#zPGsj#@S
zhGt|^Gsi$u=)o<z<Dqv{37QCX2qxhbRjVbdlJW9EQ83<-iNTQUP+=G$yw>3v&{yrg
zn~mY<t4KOY+rIX$s{joBwEyZQ*gz#DKsRD3(g%(s1+(W#GdiJ6T3H=(L}+>pI(eFc
z^1q}J)JjxG_Su0Id>d9_k^WcfLUp&zh8I7YvP}P<pIp@R|HWD7e6Rm^Q3@W1;2l77
z7^3IH6fq))Q#h}RIky+W%ZB*G$W)2TsMBzRV8-IQ0xlRyM;^dPCrhfv-MY{&i_r6m
zyH$&OjVnNIEq1RYkZE$BS}KqnP?}(rmRPo2CDigjc6a-U=L5^bPh=SCRjqtkJ~ww&
z%%Msdh^EdC7UXD%KQk2^`uvsSs<qIOWU9#kj9xWl!Jk#^voTL7%gTtiV;xk!S_GYf
z!VuHZ-1^>(s(e6UxeE5qmktw}+Ki+dZCV%yb#$R*da>}T$Dz6q7ay+#@1u|Z#pl1d
zn3MbclYF<TSy-n3FHY;{zfXJn{O`LdJSPH&@BwoHFN;GdR}QPa;u-*zvbHftyjo~0
zaglY12<@m~IE^uz*D?U&92b}A;NNqU*b~h96m+>aWUtYd>*^I#)vpeTlMG4C|57T7
zT<JiDOU($pu<FH}i3y$iGV4RkS!h8u8M>sPI^8Wo&<EL<^jm1PWpuO$>;ot3Q-z{s
z`i>>3_9cunKAIAxnz`_S@b`IAgT`jJ|JeC8aI@Q&I(QA%6@0Rcb9lKL>k5-Ohweqv
ze8Znr_+r~!#+c=#sK~v6pqZ?VOkOhnm+OBg_wQO-zbs4if3JH{zyGh-+vk7ZO>y<V
z^^{!E1oNuecZ6WRvX_I;jMYk0?nX>~`=yMooWDn7hNiyjqS{V5&|rQ$b4KGB@z*p`
zZh2lNipx_Gf=;kd<j<Q$zezu>fV0%rN>44q*{JmSC>IG>7GT_D7ZxDgdpN>s25&t)
zY=9zZyo->HZ;%{oOgHA|GM+Y1Ga5(}<y_Fow@Mj+S}aZodK&deRFh3VweH)OHSNF2
zSiSBvV43|t?VQ!~|DT=i?f*{7Jo^tO>-zk8fDwkJYrn=;7h4NgsWqsjr&8oK=;tW(
zCBQ$jPF-n6W)U&buixGDtUG_UQjyBl8M=TF-{YKZLn{1Hr*KcLgrBf1xBuk@KN~Lp
zm)QUA$@zIb|68wfvfuyPNpbCeneo47^-B?0YVFH5v^JR=8v%%o)Xk&K`F07H>S6<j
zYN2GB8xEn>J?^zuP$WFVQDDgss9$9o`H!7n1H?xBWB1ppnpu=(xO?1NiDp&<XOxNK
zN=i?C`Hz#sa)Ieyrj)JGU6;TQrdzRDSL)_P{cYBXx}fl5r^cPq%U#Xf`}67PN%3xB
zn&J9Y{i{OfFs%+%(e@3#3!!Ch?;x~Id8>rjV4(A(mf5!PaEK!jLhC)fj>b676I{Ne
z8CGFFA++8|C|hd)?26qSa4WZzQ67SVZEX=(l4>T?-<q%&+QiLQYwqc-vrB5lf?<v9
zTEMI(R@Kw_dQEhfy;{oe2j?GTaJm3@R|L2sp5K!`X@2j@{VE#AD40Uw=p)xpsZyNN
z5+VHD>F7;|`oVZ-*Ri;7CWIJIee?YL81f4C*}crrL1ZVo#FBYUU9yf%E3b@U;sJ~1
z2g}#IRrdEGFyESuXo9Xj`JV^f^ZC$KZ~5Ou?2Kaj)}^j|qf;3?*CTN+j5`;``6}??
z!nkD}xM5J$P8^L}l}vS!v%X|zM?$)>PTB~(?k)yucUJ>-Q?<Ng-ucZBi8(raYg5@K
z7-k!h?-o{8&8h+Q6jS7F4CRK|vTQYUk=lup*wj{h(@NrT)*|a`pUu`H+x7o1-~Z7W
zuQ%QM`DuCl$JzPW#Z3O^i+%jZPKvw#qZ75)_I@<`R|@*nRW}H_R)W4^O!XR3oGvO&
zCVVaU>wDUph3c=dy+0Rvj)eui-2ARi$K9a*hXcLFu6zA7!L%N_u?bd{TiMl}C!L^U
z&VWZKLj#f!L9nz<?oXQ{nb?#v){)-`<PS!pPS8EyGLiHlo2R9eh2as%)!j0=P?C*N
z?}_PE0I^kq{o8ivWg#u%aul??7qR(pJf`L<u8LR*->Ho#R89P-ifTie=r(?6owPY+
zx=%-$^|eoe1%H!9>@E{)si2L?^YbpLv%aF)`uu<S`p?`=^MD25lJ(z7@2sBxzk9O3
z|6@1BUH_Rxg|!8sy=`(?<X_cyQQS9KS%)}&!UbFJD+QFV<kM?($gJpdQ9c^iL0tE6
z=^_vtVd40b*QJed6mO9<&HmVLl3)_F6$pmXxbAp#?#!AeVXiA($5PI9yKimZ{3#?(
zK8%eQ;cXh@&)W5|9Uy1?ytBJU%fWm;2h8R(H)}J$VF+!R_iOEZe3OD=0sh7XWe%8s
z<Rco7T2`L_A$`a4Cey$r^S@5-yzc++onP$pfA6F;%>Te#r`<dcG;*+XI#_G$0jK+#
zI(}-h{V-+a@jsy{5p<({z$N3q+c~eF|L$G%_TzsirD^=X)2wbD|3(g0+7PTYxZ*+M
zdhWsv&l%U7dHDWe69raKeLFokJB#(2+m3UzZw2Y67TSH;mwnlneR**C{{a91|NqE%
JY0?1j003WjWi<c*

diff --git a/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml b/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml
index e7de8ce4b0..01088687ab 100644
--- a/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/0.1.400/Chart.yaml
@@ -8,7 +8,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v0.1.4
-description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
+description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml b/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml
index eda6924412..1a4f89d03d 100644
--- a/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/0.1.600/Chart.yaml
@@ -8,7 +8,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v0.1.6
-description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
+description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml b/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml
index a05d1bab45..e8c427ee00 100644
--- a/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/0.1.601/Chart.yaml
@@ -8,7 +8,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v0.1.6
-description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
+description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml b/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
index cc82074d16..9315a217af 100644
--- a/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
@@ -9,7 +9,7 @@ annotations:
   catalog.cattle.io/ui-component: rancher-external-ip-webhook
 apiVersion: v1
 appVersion: v1.0.0
-description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
+description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml b/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml
index 3e6057924b..2a46a3e5ed 100644
--- a/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/100.0.1+up1.0.1/Chart.yaml
@@ -10,7 +10,7 @@ annotations:
   catalog.cattle.io/upstream-version: 1.0.1
 apiVersion: v1
 appVersion: v1.0.1
-description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
+description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml b/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml
index 39f408a856..924faa03fd 100644
--- a/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml
+++ b/charts/rancher-external-ip-webhook/100.0.2+up1.0.1/Chart.yaml
@@ -11,7 +11,7 @@ annotations:
   catalog.cattle.io/upstream-version: 1.0.1
 apiVersion: v1
 appVersion: v1.0.1
-description: 'Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554'
+description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
 home: https://github.com/rancher/externalip-webhook
 keywords:
 - cve
diff --git a/index.yaml b/index.yaml
index 98e84db45e..7509bc6a8e 100755
--- a/index.yaml
+++ b/index.yaml
@@ -7560,10 +7560,9 @@ entries:
       catalog.cattle.io/upstream-version: 1.0.1
     apiVersion: v1
     appVersion: v1.0.1
-    created: "2022-06-21T11:20:07.473046-07:00"
-    description: |
-      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
-    digest: 6b501bfc24a841318499dd59cccbd15d2ea9a1f031459cfa22a7281f5e4c3695
+    created: "2023-08-24T10:57:18.493507-03:00"
+    description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: a4ad06ff3bd92933bd02ebfb09f9a2608724e46120ebd72e7900fa4eec5d01d8
     home: https://github.com/rancher/externalip-webhook
     keywords:
     - cve
@@ -7592,10 +7591,9 @@ entries:
       catalog.cattle.io/upstream-version: 1.0.1
     apiVersion: v1
     appVersion: v1.0.1
-    created: "2022-06-21T11:20:07.472413-07:00"
-    description: |
-      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
-    digest: fdd4f98e202af33e34b565776eda0eddbd93e6564cf067ad8f9bc80521190bf8
+    created: "2023-08-24T10:57:18.492894-03:00"
+    description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: ef275af3072a2d5b46b92c44a686b19dcf58f7ffac59a4432eff8bada97e7c7d
     home: https://github.com/rancher/externalip-webhook
     keywords:
     - cve
@@ -7623,10 +7621,9 @@ entries:
       catalog.cattle.io/ui-component: rancher-external-ip-webhook
     apiVersion: v1
     appVersion: v1.0.0
-    created: "2022-06-21T11:20:07.471731-07:00"
-    description: |
-      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
-    digest: 82dab65b91d9a82955166bfe7fd26675f417e4dcce70749477e750642e5c1b79
+    created: "2023-08-24T10:57:18.492328-03:00"
+    description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: 162b34ba56ff5aaa776822af399b40fb7e6dddacbd7170dd4fe80dbac6174659
     home: https://github.com/rancher/externalip-webhook
     keywords:
     - cve
@@ -7652,10 +7649,9 @@ entries:
       catalog.cattle.io/ui-component: rancher-external-ip-webhook
     apiVersion: v1
     appVersion: v0.1.6
-    created: "2022-05-31T14:08:43.357548586+05:30"
-    description: |
-      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
-    digest: 233266335123f2e2bd480907ebabe73c524ea899955e85b2e2e614a621005963
+    created: "2023-08-24T10:57:18.491819-03:00"
+    description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: 060a9fd478127c08df81e92989dfdeff1d64fd3caefd982e30c8bf3c5e95857c
     home: https://github.com/rancher/externalip-webhook
     keywords:
     - cve
@@ -7681,10 +7677,9 @@ entries:
       catalog.cattle.io/ui-component: rancher-external-ip-webhook
     apiVersion: v1
     appVersion: v0.1.6
-    created: "2022-05-31T14:08:43.356646058+05:30"
-    description: |
-      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
-    digest: c8e02ea5c1179883061676f717fae3b9f39ea2d979d49b58194bf0a49404d57d
+    created: "2023-08-24T10:57:18.491305-03:00"
+    description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: c855eb96f3dad845cab81f596340087ed2460fec4377c00ca83c2fd24a7cea31
     home: https://github.com/rancher/externalip-webhook
     keywords:
     - cve
@@ -7710,10 +7705,9 @@ entries:
       catalog.cattle.io/ui-component: rancher-external-ip-webhook
     apiVersion: v1
     appVersion: v0.1.4
-    created: "2022-05-31T14:08:43.355721287+05:30"
-    description: |
-      Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
-    digest: be9c55308434a42f8e101ef8cc595a70f5aecea189007e0203c8a712276264fe
+    created: "2023-08-24T10:57:18.490703-03:00"
+    description: Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+    digest: 4459ac23370c3953c5966b2e9b827156469435d387ee27e9715be8652cd3492c
     home: https://github.com/rancher/externalip-webhook
     keywords:
     - cve

From b99b28e45bed4e17895dc6f80ffd7d5cda8ba268 Mon Sep 17 00:00:00 2001
From: Lucas Lopes <lucas.lopes@suse.com>
Date: Thu, 24 Aug 2023 10:59:17 -0300
Subject: [PATCH 14/14] Adding modified charts to release.yaml

---
 release.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/release.yaml b/release.yaml
index 5f3c69caa2..9520e9f49f 100644
--- a/release.yaml
+++ b/release.yaml
@@ -4,3 +4,10 @@ neuvector:
 - 102.0.4+up2.6.2
 neuvector-crd:
 - 102.0.4+up2.6.2
+rancher-external-ip-webhook:
+- 0.1.400
+- 0.1.600
+- 0.1.601
+- 100.0.0+up1.0.0
+- 100.0.1+up1.0.1
+- 100.0.2+up1.0.1