From 7a57fa926c14643f3f3b1635cb9b28d79c3bd6ba Mon Sep 17 00:00:00 2001 From: Victor Login Date: Mon, 19 Jun 2023 14:46:39 +0200 Subject: [PATCH] support: add deploy setting Signed-off-by: Victor Login --- internal/services/support/.adr-dir | 1 + internal/services/support/README.md | 9 +- .../support/docs/ADR/decisions/0001-init.md | 42 ++++++++ .../docs/ADR/decisions/0002-network.md | 59 +++++++++++ internal/services/support/src/index.php | 2 +- ops/Helm/shortlink-logger/templates/cert.yaml | 16 --- ops/Helm/shortlink-logger/values.yaml | 17 --- ops/Helm/shortlink-support/.helmignore | 22 ++++ ops/Helm/shortlink-support/Chart.yaml | 23 ++++ .../charts/shortlink-common-0.5.5.tgz | Bin 0 -> 19746 bytes .../shortlink-support/templates/NOTES.txt | 7 ++ .../shortlink-support/templates/base.yaml | 11 ++ ops/Helm/shortlink-support/values.yaml | 98 ++++++++++++++++++ ops/gitlab/workflows/matrix_build_base.yml | 6 ++ 14 files changed, 277 insertions(+), 36 deletions(-) create mode 100644 internal/services/support/.adr-dir create mode 100644 internal/services/support/docs/ADR/decisions/0001-init.md create mode 100644 internal/services/support/docs/ADR/decisions/0002-network.md delete mode 100644 ops/Helm/shortlink-logger/templates/cert.yaml create mode 100644 ops/Helm/shortlink-support/.helmignore create mode 100644 ops/Helm/shortlink-support/Chart.yaml create mode 100644 ops/Helm/shortlink-support/charts/shortlink-common-0.5.5.tgz create mode 100644 ops/Helm/shortlink-support/templates/NOTES.txt create mode 100644 ops/Helm/shortlink-support/templates/base.yaml create mode 100644 ops/Helm/shortlink-support/values.yaml diff --git a/internal/services/support/.adr-dir b/internal/services/support/.adr-dir new file mode 100644 index 00000000000..df6a0cddfb4 --- /dev/null +++ b/internal/services/support/.adr-dir @@ -0,0 +1 @@ +docs/ADR/decisions diff --git a/internal/services/support/README.md b/internal/services/support/README.md index 3e2377e57ec..db10e000a8f 100644 --- a/internal/services/support/README.md +++ b/internal/services/support/README.md @@ -1,6 +1,11 @@ ## Support Services -This service implements the support services for our platform. +This service implements the support services for our customers. + +### ADR + +- [ADR-0001](./docs/ADR/decisions/0001-init.md) - Init project +- [ADR-0002](./docs/ADR/decisions/0002-network.md) - Network configuration ### Stack @@ -13,4 +18,4 @@ This service implements the support services for our platform. #### Best Practices - [**Behat**](https://docs.behat.org/en/latest/index.html) is a PHP framework for BDD. -- rector is a tool to automatically upgrade and refactor PHP 5.3+ code. +- **rector** is a tool to automatically upgrade and refactor PHP 5.3+ code. diff --git a/internal/services/support/docs/ADR/decisions/0001-init.md b/internal/services/support/docs/ADR/decisions/0001-init.md new file mode 100644 index 00000000000..dec4cb8516d --- /dev/null +++ b/internal/services/support/docs/ADR/decisions/0001-init.md @@ -0,0 +1,42 @@ +# 1. Init + +Date: 2023-06-19 + +## Status + +Accepted + +## Context + +We are embarking on the development of a new "Support Service" microservice. +This service is intended to enhance our platform's user experience by providing robust customer support. +Our goal is to ensure a quick resolution of issues and effective communication with our users. +We need a technology stack and best practices that can handle high loads, ensure system stability, +and can be easily maintained and updated. + +## Decision + +We've decided to use PHP for coding, with OPCache for speed and Composer for managing dependencies. For best practices, +we'll use Behat for Behavior Driven Development (BDD), and Rector for easy PHP code updates. + +## Consequences + +Using PHP, OPCache, and Composer will make coding, code execution, and managing dependencies easier. +BDD with Behat will make testing user-oriented. Rector will simplify PHP code updates. + +#### Mermaid Schema + +```mermaid +graph TD; + A[Start] --> B[PHP]; + B --> C[OPCache]; + B --> D[Composer]; + B --> E[Behat]; + B --> F[Rector]; + C --> G[Speedy Code]; + D --> H[Managed Dependencies]; + E --> I[User Oriented Testing]; + F --> J[Easy Code Updates]; +``` + +This flow chart shows how our chosen tech stack and practices (from PHP to Rector) lead to the desired outcomes (from speedy code to easy code updates). diff --git a/internal/services/support/docs/ADR/decisions/0002-network.md b/internal/services/support/docs/ADR/decisions/0002-network.md new file mode 100644 index 00000000000..e8d2d4b1f46 --- /dev/null +++ b/internal/services/support/docs/ADR/decisions/0002-network.md @@ -0,0 +1,59 @@ +# 2. Network Setup for Support Service + +Date: 2023-06-19 + +## Status + +Accepted + +## Context + +Our "Support Service" needs a high-performance network setup to handle customer requests effectively. +This service needs to handle high traffic volumes while providing responsive and reliable support to our users. + +## Decision + +After considering several options, we have decided to use Nginx as a reverse proxy due to its high performance, stability, +and efficient handling of both static and dynamic content. We have configured Nginx to listen +on port 8080 for both IPv4 and IPv6 traffic. + +```nginx configuration +server { + listen 8080; + listen [::]:8080; + server_name _; +} +``` + +For PHP script execution, we've chosen PHP-FPM due to its capability to handle heavy loads and its compatibility +with OPCache, which we are using for performance optimization. We have enabled the PHP-FPM status page +for easy monitoring and management of our PHP service. + +```php-fpm configuration +# Enable the PHP-FPM status page +pm.status_path = /status +pm.status_listen = 127.0.0.1:9001 +`````` + +## Consequences + +Our setup using Nginx, PHP-FPM, and OPCache will offer enhanced performance, effective traffic management, +and faster PHP processing. This setup requires careful configuration and monitoring to maintain optimal performance. +While this introduces additional tools that the team will need to familiarize themselves with, +the benefits of improved performance and reliability outweigh the initial learning curve. + +### Implementation Strategy + +The implementation will involve setting up and configuring the Nginx server, installing and setting up PHP-FPM with OPCache, +and ensuring the correct routing of requests. The development team will be responsible for this setup and ongoing management. + +```mermaid +graph LR; + A[Client Request] --> B[Nginx-Proxy]; + B --> C[PHP-FPM & OPCache]; + C --> D[PHP Processing]; + D --> E[Server Response]; +``` + +This flowchart visualizes a client request journey from Nginx proxy to PHP-FPM with OPCache for processing, +and finally a server response is sent back to the client. diff --git a/internal/services/support/src/index.php b/internal/services/support/src/index.php index 70472f75add..fe7d25b17f7 100644 --- a/internal/services/support/src/index.php +++ b/internal/services/support/src/index.php @@ -4,4 +4,4 @@ require_once 'config/init.php'; -echo "Hello, World!"; +echo msgfmt_format_message('en_US', 'Hello, {name}!', ['name' => 'World']); diff --git a/ops/Helm/shortlink-logger/templates/cert.yaml b/ops/Helm/shortlink-logger/templates/cert.yaml deleted file mode 100644 index bd932547506..00000000000 --- a/ops/Helm/shortlink-logger/templates/cert.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.secret.enabled -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "helpers.fullname" . }}-grpc - labels: - {{ include "helpers.labels" . | nindent 4 }} -type: Opaque -data: - shortlink-server.pem: | - {{ .Values.secret.grpcServerCert | b64enc }} - shortlink-server-key.pem: | - {{ .Values.secret.grpcServerKey | b64enc }} - intermediate_ca.pem: | - {{ .Values.secret.grpcIntermediateCA | b64enc }} -{{- end }} diff --git a/ops/Helm/shortlink-logger/values.yaml b/ops/Helm/shortlink-logger/values.yaml index 76a47d1191f..8154c490bdb 100644 --- a/ops/Helm/shortlink-logger/values.yaml +++ b/ops/Helm/shortlink-logger/values.yaml @@ -15,23 +15,6 @@ serviceAccount: # -- Auto-mount the service account token in the pod automountServiceAccountToken: false -# ============================================================================== -# This secret for dev-stand. For production use CI-variables -secret: - enabled: false - grpcServerCert: | - -----BEGIN CERTIFICATE----- - Your cert... - -----END CERTIFICATE----- - grpcServerKey: | - -----BEGIN EC PRIVATE KEY----- - Your key... - -----END EC PRIVATE KEY----- - grpcIntermediateCA: | - -----BEGIN CERTIFICATE----- - Your CA... - -----END CERTIFICATE----- - # ============================================================================== deploy: replicaCount: 1 diff --git a/ops/Helm/shortlink-support/.helmignore b/ops/Helm/shortlink-support/.helmignore new file mode 100644 index 00000000000..50af0317254 --- /dev/null +++ b/ops/Helm/shortlink-support/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/ops/Helm/shortlink-support/Chart.yaml b/ops/Helm/shortlink-support/Chart.yaml new file mode 100644 index 00000000000..29336777212 --- /dev/null +++ b/ops/Helm/shortlink-support/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 # The chart API version (required) +appVersion: "1.0.0" # The version of the app that this contains (optional) +name: shortlink-support # The name of the chart (required) +description: Shortlink support service # A single-sentence description of this project (optional) +version: 0.1.0 # A SemVer 2 version (required) +kubeVersion: ">= 1.24.0 || >= v1.24.0-0" # A SemVer range of compatible Kubernetes versions (optional) +keywords: # A list of keywords about this project (optional) + - logger + - shortlink +home: https://batazor.github.io/shortlink/ # The URL of this project's home page (optional) +sources: # A list of URLs to source code for this project (optional) + - https://github.com/shortlink-org/shortlink +maintainers: + - email: batazor111@gmail.com + name: batazor + url: batazor.ru +engine: gotpl +type: application # It is the type of chart (optional) +deprecated: false # Whether this chart is deprecated (optional, boolean) +dependencies: + - name: shortlink-common + version: 0.5.5 + repository: "file://../shortlink-common" diff --git a/ops/Helm/shortlink-support/charts/shortlink-common-0.5.5.tgz b/ops/Helm/shortlink-support/charts/shortlink-common-0.5.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a7d726119ad1a85c154516a71cf0a50cb76c1a37 GIT binary patch literal 19746 zcmV*0KzY9(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{ciXnoD7t^m3{%?C&2P?)MM>*6ke}_WFMV-Hl~ z4geG-gketTd;my*2b~T@W6U_6dp$oS!40B5CY>SXF`VK+OfKdCFf)zx{R7zu3n)&w ze061}q;3UpG)*GN5pyO)G(O=xVS`R*2s!+NP=Ad1Bpr%ovf12mZqWRe&`{!>y>@QW zA<8=V^y?R(=l2i%E_nYQeEkB<)Gx35)R{sYbBJR^B?L5uI2r)mVz1ZxpRsu32W091 zO%wgm0U)J$S)Znk`d(%=hmn*9imIkdx+?*h=6&%99p}FsK2Oj9M0iLcojVyJyZ)hn z=&U^c4g4RG;AUfUY#IOWAMBU;|KNCk%m0t@JPv!~F=AYB0PG(g4UWDH&=7qE(U-mM z(ZOMG7#G}{>;|J=A08YyV-zC_ zISL2B?RWe8UiZlB9bWhQgTtdi|JXn3_PSpl{Jq;Bbi3~AJn>h0D*Qi#QHt0`6@X>@ z-#_k``TzLfV9WoH@$7(8waA8O1k;EEHU3~kXl23jogHvJ!3dEeaC^}6f-F?l+1~60N({9 zjrqF>Pcav-0YI?;7!ClZDcZ92MxF})XT#EY{pR}RmCx_^ecM>R{vVY1|ES;VZu$Q) zp40D6F0aAslUFYX;LksSuhhTSaEic(503i!_T}Z(`J2~v0j)!eGA9=obtO(ROF|TK zo;?E>5rPaUS->%hIk=tR2mwApKxz&`t_%^5#~?&WMCK?2&z?EXpMQD)$3c{a2)J4j z-9j4Uc+7lCq6o+1YdCg+|5mMCsuH^YSi%aVYs!ms=YN|Y5cj3p@8^PTe%ph!tR z2_zuWufVj(lkYGGw>XM~XiSBY1ciPjkk{BYl2(){k{6FMYMPH3MRk$J?~5pI2p+Kv z&J&6I;6?i(&2h}Apn&+7ibUDMBk?S}ToJj1;+T(s`vvp9U~UPPYP1c+IBfp2FzKw( z6g;90U@?+%MD_Ggr6M>)(SlKxrSc&ycg3c1aW#G~b!QkL;QrkO?mKrSCi>W-X#0GG zXW{yvz>W9;maPB1-tkdc|KC46+OGeP@w8t5b1_wM3w(ER;##s@$Uh_g#T3$JyOc4W z=Q;M4157z#0Te2HXV!Oaa2yW6cZA|U!~zjrknlv8K-8Hc4nxS{zyY9O6jU%WC0*bP z#Kcl;D&1l}DWE4lib4RW0-XE{P9xxh_aMe`DD0HJ`fka70H!#;RE`R!%pMD*^$onw zmdBp12=AIJ=HIM}hpM8a!ZoC0#4pikkRjYm24x6MQOvLB333a4Ixu}!9^XIz%;8kE z3tyv-IK=@QRA^;)L6s@DRKJ9N?AgD47Ri69r)>;%v-+yOTP8`#ccZ5j<1h{(4YhPJ#!H>|2quYtlNn<^CY@}9sn+529{ipXj!MF& z3MGM*dt_v7%{rXI;AQ|A7i(78#$2!lP9YB_Kj@yzcANTLDCvJ}fw+kO%_@3d39yv^ zEBfE@{_!^c<58YX=zqDkCAEZ1q42etZS+* zCz0OBq$my%b-`|k0}fpIR`8u0keH)8?t&+Kb!t&T*()_tmUK0GRRwn#$Am+UNvu(~ zUQ`t-@E%m*J%s+Wi2q~6ZwbA5myiet^Yx{`68_)sAD8xj`rV_$?fU;H&nEc)wVEdv za+)+*g0Wqw{%vL{))f`+RSf`r} zW8J2MOU8L)U2Ep*g*|;(mRGC(^*lkAtg^P3ia1%N>zrvz>nzs5w%((MdKT$_2?^hY zn9)=QX1^Pz;TWxRG+>$icf8*%>3{v+@!?kgdyHoj`ric!&$4OqjhrP-T3}Kwy6D>? zjZjICTn((jqM!`6_H!FWaEjxT8N`vmpx~*mL)0!@_4%_0R4DH!8yE3ELv)4%bZ-an z68`V^EAjuw{e!Ll=TV+b@V}lXHqVba*o{z}v5c8YQf1i#-8zQOIQdEyUelDzxTC*t z>(5}c=JuaDg<}Z?15bRg1b}-QrHmtbexbc%IQb`>;%KgPpaHm`XoTol3Zp9ygPXhr zMwzyMela_63Tk3iMJ!Ob;I$e7KS_rX4stWH{8+!=+uO@wnwO%@tVBh__DZT``FD+QUQZG) z*yCKxJ69I(IE&lP*vvQFW4I0dUXFcL6ul%-MA9sj2t474aWHrxF%J<+PDwJ?yA@B~ zi4Q^us8X(45qC?`M@xLTZbH!vqg!_mly`rc`=c7%s`($|X|evlgMmDXv9=ztZ2jLq zJSzKtkB_$J{~qO8Y5!M+I+o*q^)vx`ngC8f%20KGxJdw+DH3&XLN7=>;HR{XA}0n z=E+xTniSS>+xMrZ5st?-uNHawtWp7?h)B`dDKB)o`TB+KzM&}k2+u&+x>Lj_C}kc= z5QSVO{P?_MRcf%eNFF_Y7uv19_M+VuE3o=X3~KPTur&^*W*2WQZuP-{c|%8eELF`O zt*j<=vdn?($ysina+1|_#6cV;1jjscC@DXW4%Ob8-GAX{(fU7or1L*VN9Ft(}h^-luvk9i~~O+v_#-b|2{)tgr& zL<8Uonz=Hkib^(S7u08P5tT2oy_RI3UQ0}#K6|Q`9UPxT5xGU7DHb4E+V)}+@AWXTpFv20^;?F9e zfA5;ahQ)(7!-$MK{cgYC>GeDPZfBMO@v>RxB^rnaqhta*dmo!r|B+8C{;$c%mA#X{ z7ORQN_vzyd1vAq7Us5A_4LW-A4F3%UL1{(CsFaH@Xjfmr0#XQ-L3h$^0PMo=OX)E zREz;E!mp7}+6Q+^V$tE;w`OdCOMymi zP{9O$OG%mtJs-F*Ntg@%oyFbf_^a=;p8Zw%nX`|lmoHDQUkXFv$BQ%ZmsONn<^*ta zTT{1YcsASS^Z>d`C{n36flG$Jp@2&}*o;2||9GLu&Ft(H?pD(%zy{-QDD9HN$IwUb!YvT8`&_n5=Z|(YV@E zV@2CG%bJjHKGtr_d>R6D0srUAN9SGs_r}lv^m_e+!^-)eZT|1ac{btyKg%YEYqsxg z-*pQg_=gV<;L_LL*)_fTv@Sh&a#_^e6wu|56)IKV&M}VQ}4AE0EO&~?U{rW}E?|1P*b8IY!L?KEK+> z{}yvAeUySWA&mdX5Ur&__HiLHr5Kw!X(N-4U!+lVg#wD~(`WZkw!1KVBMgV9GfN}myV?5h0qaYz6v#MSp1nRdKLK3hJhwMffGBIWxQ7=%Z zu{vzd0v=^QMJpE6m~g}ZiPeo0I3CMA?Uc#1&ax)6DO6870ALi6+Y5?kI6`Cek_9k= z++;1=-7U_XJ--BL&u^+<7x0?5O4Im+y(aM`AzWXTk$>D#pT$%Mn91<{RQ!E@rt%bX zA_}Nn#by-CutjC<29P7VV(p?C`E9E|15QWG$WKtf4?7(-055{?0k=Xty4d_h9O zG77SpIvfxT-^9^e^!=YWLTt`BnyULsMiCr~#+4D%R8;wX5cm%MfuaC1o((Y2Az?Ny zwJ_QaZvzHR0!VU}CGd(_D?&<=a>f!5oc!=Z_D;&50dT9rPk!<9tDeAz4}+#s9F8pv z>$3H^Mb7>48YTq=oZe|Qz7%!-3_8K%)nD=kMO6@)%lF4=cCtz zUr@wQ%%572gs~^3LA@{#6Wtr9I7A%@o^^H-io7J1H%NHuU6EWl!gY&=qDYdJu{Zo} z99?@5OSwK;ALTSd+H`bNPmnyOqd5^sn^Yi;T1T@ImQXT8QxD4w;1LyLC1 zHSc~Bk}ZW%GzSz3xS}sHk;jvSx`apbY_u{cQqFS%A_Qkh`G93E{(!_Rz$9gbR)Pt^ z0m?*%m|woSAW6EJaU4)#_RCcNae#Enei7ASv%>?AAXM`If!BSA)xD=i<}!AKOXxAN;KB z|9ywz*@`~kW&8h?`=9&!-R=I*<2;-2|4MaDA2gYj^OHQeLG$O}iOPaFcmYJ|nnWZ| zRLVpxV`ORdURAU*dV_|19(YuMZ3Uz6qTl5w|JDC__wx10H$S{QleX1f;mh^EE?xqc z!r>6}>F@4d!-=Q5-g{Xsg+jX{S|&e8kzN9T@(|TfsigBu+WgZ>1u5MT6!GuTJlpxw z>r@89E>UAc+@N_)Icszpj@B-nA{LQ8e8_GZe)WIeU7mdN&H44aAFp0szCL;N(y8>T zu21DFwY75O2_@XIdLn*{vNa7}oLpU9yt%yIY=a48?3U25u7{WBPBypU^mk#WKH05O zU~gc*HE8brPaf1_NI5t>I_}?VrCeS9-{3f0Z2?%e|9@~$j{n^69c<74KFYHR`Cs18 z%TgJ&%uG~>C7@%HQ1V+%=zy+MOw>`Rn}L6 z{|}CjD*V5Hu#NwGlxGwCuN{AdquYY2JWVddC%p%4y-|y*FzdfX*_KHH`9!N8R#9J< z^2KMHdpi>ZBR=`V@`U8+>*^s8YHzTA)%~hlRPvNrT&epVf+3=oRcyVi&DsnKIhhxE zY;#4onkT&CfGxd{;i@n?LlK-8ws#91s3}zqG5{c{?h+TkBn_Lw832|B0b=ZWLJ^yg zD6D}|E>aDh0AK`hlv1<^Ou0xMHXKh8NqKXBiUsP!E^-Ck%<2fwP>dL}rnU5(Y1V+i z6abPZ0G~h(f(Z(47(g>b=ipE%m!iq%iXr6YqI95UUmO4m?JQxILfK|+5yfg*rJ;U1 zUa408+?b`2#>VvJw(9wXELa zC;~%dcFj>JcZv}VCg!}{72+D!?F7X-ijGq_8sPv?l8QPCOC3CcnF`ZlDMes{#}fe6 z%?dcee6C@UQMnNnbTGy71qs;&qWPCPUrG(=Ql7ECajA@KU!^Vk1RHV;`6VJ?u$LswLrx)-haZSgH$ zivqz*lcCLxNLlQs4#p)ilI=&C07&Ss_HPsVe|MGAF&coL`Tb)I^IJ~3e@!pwU-wyE z|I+~*D|mpH=zslguj2nb-sXROoM#jIUopU};07*=I6ZYrOKSP9m||glSquPnD@~W6 z)VJfcN~rckC_hzeSDsqA$jtogXE`Jxj|R_;HSw!CSbxz%Q7?tt48wzuz+)2MQc9E- zqITvjHAKBA$3MKjUz4`7uG*DX(VSswwQODuz@K1oWfhwE3MN+V>|KufJ?XT_<1-$QyA6V`k1Li`YON@1M5p2IHJ;H((?YN zLT#xL*(nNIrzfzk0w^4(FyJeR1!^xDsyRo|e8)gzTWjXHm=KoV3E)0+9RS9Vqgy!F zZ+Acd%vuI;N(KEMI?) zMmmrO)~;oU7}p!?#S>hjvn#mq)FXFi3vYmSgBSd{MRX-jzJ*A65BIR!J?zrNN z1Mnjfz-SS}sXm9rF0R3W+W%Zi%PxjZCdMLBmenJ$EJa=9Iv=*~G@lPscz2q?V1-li zITM;+y;tz=0?E`{m*(JO@m#$q)qe%=8a_|+FBgdB4G%!SR7g#7J*7#?BaG-7;<|Wl z7c&&39M90<-Q7zuk=Xzo>#sQGh|XZ7W~zEOgbcm>O+gV98G!w%lQnC;Tp${tSkcOS z#qoDCgfRPd_}6oPucH4+HTwbdzvIK2{9oJr?~n3qLjNn8U(NbomJv{|5W31=O5^K1 zQ|on};6@TS`)GDnGoZyY&j}@Wb1z1B+)ER+kPm<>*L$;yOM(6Fu-i9(?3+Ih-21lW zX&LVBZvd28z1)6RL9<9C3~+U7zf7O&H)n4K;0!YzWDz0`am0X^of02oK1ql2j<_5P zBh5UCW(PBtBG&n8zrPPw8v&I%GO!m|S1gFD5kx_u$yC=~x4vn8t?I*+GVV>&h~q>o z#uC;#13OGdBSdjL9srlbYxM+jq`GpmZgo!va0(#P@^sQuP0uCg(=fht_0tG4ruHjj zKg+RFnX}5=!N--{s_ws3N(ytxGVuy^Z}RmlR|0^&x*kmr4Qgi(TCT=c^gn-sqA4E7grZI97)$;C{gVH$ zcW~U>?*Bi^vjZ+57wVJ@x>Mt>0`-O|j)YkV5*XaTF=D=>!>(AGsMJ(!f}#kFBQjJj z9UPCJ1BxOj%s0tu)_WL-&JKvtSmm(WO(f5maIOE^^MTwhC$X$4Pyz{}GBuI!_-9w| zt~jB{*#W0=qJp=lS0KccIsO>)j{H}l@A$(%Xh;5QUQEUv@sIh*W^pG6B$zo(r0&a{ zXFj`4oM-+J-Z;;EK24lw|JT_8Zz07bW#IhmC3F0Q5@A+4J`NG=sB)D2=J+!fkPvk~ zBYUyJ|N5@4X}GyImd5`a9+dgNyFLH;IL{6!&j82yub(sPt?M89{rna$JRSRNf>9Kz zYrJ4MMjc()lVv>|E2l6fF^v8<vWRCOf*>_}$5;#VKXV1VtOw&Wi;U9$h z+BCtWlTp3%wd3sUfL9Qkq^XYc9=uj|?#n5}5qJ-Nq!D=Uya%4=c|iTo{2||K_~1SG zhyJtI>;2DI)E0Ko*VYH0reA~ivdt@*Y7Cr`5IK&8tz|&vlY`K4{!8I}iGEKpMKXb% zXF_$saD%0M3Geqw}-${6s}cb0G)|a{>1`{ z6K*3^#l$Nh>bwW-Zclg*hJ=Vw{gu-c{R-X#ftI(@YNvnfQd2a^=yW)#yKYRmXPqbPFB35uRLcRU2pF*TGh5s+o!VrE6(ZYUn;-r zJuiV?vi|qF{ZjmI@3?=s-T!}-r{tmxAV*`FoANv!QOGz=1DzW&!U2kzknSf53?|6y z``v=4ch+~Hwfahd>x8)^9e@+?gIdYKcPN?yIl1I{A(UCnD*Jzq5BuBwzejm?c0eW_lqlKR0q0VzQl;L9LZF_WcTUd$Cq$^SysBd9z%y|zN;lX;f#e;y6+PA4A5i1|EONg6ES|KonI zeE)lYfB$I9|Bvys-v94Bb1o52X$&A>WW;6W>l2fnI?OL~wj=CxfPgi1WRh=R0C2%> zhyxDX8#H%;`_DITT;Qtp#s#|(W*oTRoLsu%-~ZR$Qvuo%8#@?baSNh~ieRKDJWDB# z$5+7wg=vK2@wxN{>(?*uWYm!gMDldlBZ~9Q9O=k@ncbGk?3lwWXKEpdEy(U}B~<9s z<@70~4D;6Jocdhe4{F+>%d1=abhikPCwu^Uj-9WyG>#KU!+VXR0PwKms9F$J%yQIz z813Bb*N9G8A^!C97|R8tcaMR~#*E8^ovz}R2N^+ECuy!8<&$mN2NByz4c`J-J!_}t z%PLS+jRMqCcH?l^_73Rn5*z3uXsI=abomK@!27d&ZA zLklfKiYFOjVDKWRpbPx`Lsqtem{mpga}QLJUw>7~M?%Q6!VQbnODODX9_75=Esu{1 zax2}QsHwPTg|GCwMG2*OIVK$JsyMxzXnWP*QR`>xzbHU zi!#ht2c?XWPBy2PJf@;@F|uC8Nv_1w2P z-mAO9bUEYQpY3XxZcUbJ&2Z(cMi0qs3)pL8ob@^|4Li zzvR>2|6|`hxta%PvHz#nub%(!A8qe{c${Yq{|}!az#$zY4)T}}ptq44C01ej+~jvP z=S#d5^gLFVh8DBb6hGQ9?1BqQ*|!BDD;1B%R^Mpabf>g|Vj5_KY>PJC%4S+gzGsCV$_Q%c{zvq3UtSqIzF zDX;LCA{670qfr{QpHX&=$0U{R`o|!WIUv)HK-rlX)BK+CmRv=LFjzs}++QtH4W@iTDE>nwV_AiSi>hyq zl&6A(lylF9Mw)P&UMbHmb8NjHWk{Fu)7Ho>Z1y)&%egH znT>ObBWt4te{-KLMx3qj>nx@Ulv(H z+)9NevM#N>x#4(=D96FNgE89<#wvrs)FlXbBu6D>C{&T@+L;9~1N;8|-+ku<+`>8F zL|r4*Q2G|CSack7O2RZiAxLA6qpZNbzwdW-5`lsjNPy8)ey%S}5Tu4UW&p+jh9Oo5 z(t!KthYv0QSzx~J=va7xmb?-nYg^s8fX3)fZp;82Gmc;g$Vl#{jGA!(A3lH~3Si2R zf{f#_oSdTHH%Nu=o3c0t|Je8Ug({FnTwnkoaAl^Z5e$%|$cUtI=mMFi#CM)OyC&++ zkSUp=P#rfGpaaNZM8;2e(ri-{d@1(&;Q?t ze?R;1;fV`&3*-Us0Vh|S3QFwdi4NrSSv1=|wtsio)879t2XE!r&%d?E|J1A8|J*z5 zZ~gy|^0f2+OObg!p(Gto6c_8ue3CJRGD(0sZK(F7%@ycO$Hu9ff&@q@42DRR^Bw0$ z2FFNU5A|dQBOFRCM`nHNcER99WoI!j#B^kxFB*=JFF|HIuJW6TLP#K=_?-9#t8UlL z^T@k-_7WGkBaEU@R#8R0Zr9D%x(bH9hr+P80*1Xjb#WOL&9Q2bPzIh=F|oUq?MBy( zNRX`$@p$~o#2#}FgS}b`u9?LWpa_tc7 z_j4i0u{^DyrXJ?tmc&mv;1f!2&4MG^)mQ=#oMwOJ?Oi~MVr~jGD_hG*n(uIzNhO0& zej_-RK`T`%*!%Y|4r}Tg?JG-PdCq=Rcog=Zo=6-uO$RT4`%8Rra&`67o6EB+@bdEV z&E)|6i=>Jl6G~<{L|{%*3WAhMD&+iIVsf!Y>tn&b+uZ02t(FyDy1&Gr{JbVy-_D6< zDAqS{QX~`=7)7%0&jE=-5Kt7Nm}3|*Fokn50b+zgrR4Alnwz&bC=vP>NW_BAxaf_# zj{*b{#8b8rwEvk>K0y>%sRBR%W6?et%F}%zfIK^h7m|Sa_6b9EZaeBs$gRgohf|Uc zBg7_za8I7UmTR!5bCm7momYunnRh$E5%RKe(dEs7?KQgiMX8dG9V!&7PRRH2zRPV? z$LIXC*Z=TTCIQ;K{&(2jFQ5PE9UN`*zdXvbg8pauFA_=;AppgckcXJ-)DJyjMrTar~^NGLa)P`T6&tahy%zDsa89NXrk?MtZ-e9^Hi3WCAe1Wr~v`J$nQ*A%5< z{VkfyF%9t;F>a${b@&Bv|EILp*nNIc1E{9grN)arsV+(G7p(II6aTrTvgNU}FfHI! z@gr4RP~caG*v9pzS?5e%FIY&TSG)|q$}jrZmCXP) zjl4o)%R&n;08A1wZiTmgE!z}-71MF5P8F)@FUcbzf=6K2juE%O?8)&clcjv6TcP3i zAdT_wipKV>@NF*_yC)kUVJSm-VXSs12%SGmxz#+^D-5#n8DFw|m(21Se3s93{nc2n zVj(eq7slI^XpW%NBU@W;1AJ21M&L=L{U561MbC!|e4Bn|V`1-8;kHNb&Zoz-A6qru zK9BIMVE>u)(kmN)OYFacgX4<-|LAy||K(AhRpS4@)%gZZ`fGq*+OYyS8X2tKB(|xew$knbdoiP@S!NPk@vc-s>O~aL%)< z>p6uni)1oKPC$r9GW`Sxb2yDah!S;0Pwwu9+8+)G6=>p^qcN(uy3YjRY(Mw)1ZAJi zhHiG_q0zKR-0T3a3{Gb6T5$}67fYfF>Vhk4g9`|iH#geA>%#E%s->D^=2QdL$eTR& z`Bccii-9bBzp&G)8xzt>{2n&}w3E5(-U(JaXTViM=~mhRpa!1((T+S6q%r_;%!|cDO;^(O|;#b(62974*jace#!gO76-m4;;a|3V&5SlrOmzQd0v9HB3-N1 z7f05uPTmKnZbsYyQSMD)499XuN^fY|7yJn6dHur`V0av(&=D2z2nRw}0-}pzImOD> z)r7IDJC|sbCwa766Ou~i-%Z81WtVX6WCQBiV3rTAfc;8=*7vmKX0QdR!5dq1v(aKx zcR{OWms*Lc31r`+IVga3%Y@MP@u{saD#U!NYD*;H=Gx1=xFkKXQxht!HM+U zlUSc-lh;N0Oy>)+^MA;&4>k*mC6>{)kU-?VZT`oYX^x8+Ll)YG>R!(#&~%VoeDwLmD0qhpQ7ZO8KM-2 z@}^Ik#sN6mmw)2vRXQ5sJK%avsq0QDf?Ok|&=feE2y)0&*#2;yqpsGlWgXB9O2N92 zd&S-tLU*=1qW;eAGXWGO5eyJ;|Ly|!ox6UgU`Du68bx#PdkP~w!on~~64_bb`3WiL zvOE`U2+Ua)&dfItYbi0&sPi2j2sF| zap}x(ExcVB!SXCDKzkCmhS?Acvf?CEUP=@P^UrcFHk;CFHs;;4CZ@@nCz{c&=)9bc z%Ty&*nYTLMmzh1~!mam|7vN+wi`D1?j#*f018kF#r`S|m)+xt57g?zG>%Cd27V4&1 z>LiNDtsPY@ry@(lYN5j1i6T#k)ZsvRSFe{B%JW^wb5{YG4rTPQxhZA&qAcOmtju=5 zRa>^elW*?7O2fv5OdfgD5$AR|_*0gXsO|Dm*U!>$SG=DdT$cI3xa^tTKeb z%`K#1z5$OT%;&zu;O{sdkruZ}bvQ++Gle+r6t9EXF}+vqN}5)N!#=~6(^1_bBYRKc zXf9UvTLdO>COR=g6h>u=G9mfxq)!jMn_Zlt6$NJbvQXHw&a|!?0u?~ND6c~URRDG5o0K02#OYb;qQgPW196VGZuJ-Df?87v#u3-jseUVKl;K}pU|4_ibETF(GQKF6mI7z>MfWtn?3lthB-4y= z3XB>~;DK)li4cs7pnjSld199nVORn-pAL!In`;3&_g>VfIi>MXP8=zi<=JTlahP9J zs#F`}dt&KO`_7l0PX}J*fVv~bjnGgYL)Ix{q?62CI;u~|%Z7^FEGBPHEDnl+vsI`v zOO=4yJs$yBGlfN4B#lFm#sZ6MTfodcL*1uL*UV>wap+~Zs(l5>YnsXP;K<1?CsN)P zWGp)b4xZki`NC$nNi?Howj49e%Ik2>lEz=CNQuHd2Y|j0F0#A^rmHgy%S@6JPYBGM zU711Jkf+G23-On6pOQf{mW8$muoVYE(h1ZRQuMssZ=`uNBdRV~+v$BDTuRo6<`%b< z$fbLH0%CM)IH^ieJ$#z&S%L!P`O#f?sy;j|$PR^2-mvIfj^5Jczq;&X3*(avv%w4C zx*$8&sd=;XIu`}yOGvU0rl6XFO+h{2rB*|>N~dGP?9cY4Z^h|hl(S0d!aXK`)?}79x>rpa zj_X|Q{>A-*{o;aWK-(ys+4|oKL5ICK?sfkk6#jkz{lY z8m@&=&E&NY?3GcGNio*S2vqHrR~?(THR)tjnx1+@EbC=cX@Qz?spa$H;Wl4uXr;lw z;xy~YZbWVo1-oMHIEj)81iigI_49Q)MHC01w+D99B&n8quXF3XbDQ{AmS+LR71`WW z0gch!rP{ndiJ~7cmp&`^mtTIeXdw^5zZc3J;}jgW1#TZUcQZ=lB?=73Ch2Gtp<33f z7dn-W3qrk4rxo-TfUFPjFPM^vJz?vDs#AuTrFo1fnU+q~2xfc^h)~aOF_UrA3}CKv zhba}uteo0xXklrp#bj0cQn&L~pXk(LYdTjl@H4dq?M^j7`Peq#sXJu|v zij8Z%ED&b!A`kO-e~F*gLVP*^Cv==n1vXFZ>QBKGGp3JYX))>-3I8}+kLBr=NyMzy zb{q7aJ$toLglbfFDo)>0wIWUHl!iLLa6zQZ3goIk0&}a)c?c4UW|*X`YL!6Syk%`< zhAO#CW_&auup*Nz;}O%_(!|{Cq^xS;|3Rr!|0A9i_WwDdaEvy8{=3&ZI;igdZ}WdW z%Cma@FFSq9m6{Vkp82blt$NY~qCkG|EKAQAp!(f7t3aMuXmLbbsj1w>qd!O-<;IT% z+%J6es+qXTJ32aFN~M~8hiS3J7mF(`+$5E9vsz1k+C{(1jo?C&z0%f_SzPTh>d^Bq z?k}#Lg2uKXmeo~8OFd?dz1a%(Pw#0j|MLVmtF8b`IjQWkAS1CM~; z7>R|feBu5n{Xf1ap>lwH`0&96@4*lpBa0(gvXQis# zXzA`w62fP}@oM&H z6LkuQq8Uc&U=E5orrJABM&Rie?5TDs0vv0HxU1vx8aHE0UeaCTUd@py&JgRvizbg~ z!Erhhb zH18GXp$y<#btV?tD+hq;?#q~*>>EWhL>c;Cyp($a@~19UoMm>=@*uAlL*du%Iqwys z7Od$|iXQc=+vW>B?V9Ppr=f^$pO5mi*Z*%Jjd46)!vt9B|LvCjzy0q1R{wvLX9fNL zCp7^89Fmml3%@9dB6&^|ju)x@+1%0Pui<#X^$(YX@I~Ui7Mkrdg>eXWGtY!;4j#C` zy24>kr&})H#_(Rnef$&0A#gqV%P-;IpS))i*grfPxGEF#PbZhJ&tHE#0GE01L5MgC zI10h8(7~;%B0hW=h&Q6lhYx$tfz~nN?Cv9#&{KuSL~}rq=q8GF2rZlu99F5V?^#Ub zWsfpA6vZ=4NvsY|$>SN#HxOysAj-@oL^6n1=4tYDE1qb@vr0Oa?_#@V{D(ZP<-Zlh z)_E5|#$X&$*lICYBL5G&y`z%+KR7tv?*Bc?vx5BBQGW=Wn$gcgX7VfJAXQhsR<3w# z6Bn7!s|;Y1bI2rq&H^{hL7t+C&@Mcqc*0DVQz037XU**s6zRAO69biDo%uVMr?FM- znuyZ6(I zW}q&gB9(ird*-7ih)POZJS|v>;$>xT)hZFtmF_l%Ki5oNcNt>2kt@yj;ka{H`l|4kvqFdVjY1un7wj*t3>W&5vpu(kglN9OTjLla=(v>VeQ(uFFDW9xu^p#-Mn|zQ46U~D)XCW5@ zBkjv43pngm1Kc<5gfNt@5_zL;h;qEW-FTp_2vA>EVr_BnuF<;IGm4P;Rui?xwU~Ay5DwR6b>{R;H971Q1 z!y#nl`k{XPSPrEtWDa&zT}kTOQb;E$pS;ZHiUlW|7Y%MG`TAw^G+V`AVq>wy7JUHk zm-0c_D14G`F)ix;0&X!?!Dh1iw3@+L?u?Vkn~Gg7;qvf4xzdXEN%`a$;w@Zqxma4} zjMF7sOnOz`V~BfMTKNrn;4~sz-&wD8+KXKn%YY$D62K|s8nho1IjeS_=rm+}m4L8k$xu+USXdJ1=j~&XU1&Yp>-v{!VcgfdB!Pb7 zzNOYqjAqsCAzc^`!(R9HTqwT!%;UN0)#%S|G~2rfGimr~$8oLutmpqp2;*alS~`K2 z#DDdUD*m5?*0JIj7n_ghO{o^ErEIgA zUoGBj*VgdHhEmK_u_(G%G=;2zTxk~CqnM9g(T`BmM0q?G5PMaJ!otbfY6KqEy|B1v zpOT|tJ@q+60S-}i{~QvCi4{>_7Nqf9wB}VOTgs4cZa69=;l4q0kBmI?ZPB{ca6zOG zWGZoi`4DB;s#~~mtg$vrSV@RCE-H(AP*kT&Mohze<<6{>IX0VIj7tga_Yit6rXJd11lvpMNz z6M98SSBAO-)Q07q-CDA~$g8z&KjZ1r*rz2^reR7XB{sL`!=iE@$A7$@|Cgc=x4#Ht zN&Mf@ez$!8+y2q^{>R68oOK+)mty!I=J>CgS)YvWSEAGG_LZOS=kZl7JdCrqLd_d>eb`)Rm~;+y z^WZmm2U4jYZe0+?-qKpt3h4LRt{K;0le@i9uWl0uR(2NGM}bv?1VhYh=i^GG%3O%c ziDVaTO`ZalKQeTZ^2zGssi*LA98-oaRzmZW@a9`r73LJWPb6W1+RYx+tnUJU)3nz6 ziY_}V{;V|H7R1ikC7XTQMG@TC@XB#=cI%(N<9eAJN(tCSYjypiu$uF!9>zT_GX?aM zbUCRNPhB2q3^CRF)|8eW8NF~mppCULEu?wbZysh<#~!oAq(7aY;D%+pFp}O9e+ls^ zGZbY?pECkn@g&&QIs^Fn1?U~@wH}FDwc{T1zZRb5?6OxLBh-t_*X{~B*PdDn-3HxD zG@$PRU32XyW4l=Wz@w(-ZH^VwdkHgsZ2ReRf7Y}A?KN(>7hs9~e{i&4w*L>i2gh6c z|1q9*%zteTi!##CAEK(QuXJ}=UNZJ6iAUY85H7oAl`p&HSH5zaZ2c^lL90k!x2x6U zhSqwUZLOEJ)<)%P()83l$F;Pn>q7O;f2>tjABF~M`5S^F-v{z`?B^`G2J(fOb9uw zZ=yNwp@m+bFIDP_Xg~9g6%3~3vxnh$Trn5&IqYWx-Dnr-OYv*&lWwQpX0y!PF~5-8 zm-nf$FK+pYf~71uoqKlKTpPCj+%nDMGEK?Us6Yo^v3sVdya3ngpXEpvJxrtpGV)hp z$|CQSeU|Iq%${>x)8R^`Qk#xhJ}TF>{Z77{8$WyI5T^B}y4yXg>~lYv!R*ASU zYHAODiGPVrG~yTRm$=5#QH?9i#mH$2_CXdh|yR@N$)DxgpNi9|F!3XH*quvB$hP=N+3ZL zL^wvivja}$)C6x&uRw??bNn&p9r>?9-|>fk(2o4qyqJtT;ve&q&EifD zXb6LwG?BIsbDsI^HgTT$LwMsn^Z7J!p8a2E2fT$8lazt;vzN^A6H0zV0e5^HBG^&o zDEZCtXDlEg>U>6Ci6#7h`SRrK)k}XG-lvTv=f4h*d;JpsA073#{QoG=4)_N17*4U_ zh9B^d3a#Z-%mc?c0Y86-qG|Ed&lTJti*5M?<0qaDn=sP`=c0`#y z>Hi*6k|si=sM!S~GR6TIB7TcdoFSs>`Hu4gAvdBlCm>}Akdy+LWC1ixsHX`fVJf}v z{~KJ>Ir#bQt6NABILXU_Q^;XN#yQeM)sP>MX$Qp|(S%}#_MXe7J%0gEh$R3r%5bZJ z>pRZQ4!Hi|zt1im=ht6<6()caq6EbuiUW+anIV*bf$q3eNVLy)0DAtNe`msj2*aGv z`2dgr4>}!+#+Y$B_j-Ovf*VAAObq^tPNGTKZa`v2BIF2igRK2INE4w~XT>CXFu`w4 z^Ru3FgX3@jPDwn%<5w_orieqK?F-Bm-Zdtk_`v*88bvC0Q|`cDv6{R>Ol+1957=UJu7!M?vpeR90XpA^wpy&6# z`n%&P0Q-L5@BUrY5q2yRFyzmx1O*sI0LMwn0ShK*3gwp_a6W}&bV&%$CxMw;V!Ze~ zK?A^~+2#NcA{J0AZMOk9lM@e^;+9d01yEt9MI;cmn*#v4gVQ8J1CUKu$FZjMlBO=R zl9GA~zL;J%WIg>m@fgQF-28CV5}!?6vf=l72Mo)@AahOyV{dh}@DagsEOE=Yuf zrMOCBkLCa>@E2LdY_CkJR8LQ$TR3M=g}IgCA!zng`qlZ<=W5qW*cqbu`RFy_7ZfoR z^QQ_Q6)(VYgdnAG?f`%}QeKS3m>MHIngeE#juj9wD>L+UJ770IDFj)@fNalqoDdCD zi`+xCrC1@2>WkdI!6PsyDYzwR6oLrfAn}DE1kfF)5a4)3=u`<*wIVQkkkn?QnA;~Y zz%k=64v+>mL<46ho0j&B+bKxW;(XZ=^lupb9bgSVut&n#0jld7BQ3~wz=aT_jH5U} zIcMpO*2H2r{;8Zhku!7L zr03v#WagghxzB;!%xfw8U02K85Ho=%1L0h*KT2AQRRqW50>-ZAIt~m1#MmnmqGjlw z$dX`6!aQKP5${4nmk5SGQOwaBIRFg*v9z%({0Ca0g)hIwjw4K&WpFRFmvER5WLSV? z*6oGU*-RZZ=sShsP;}h^7GX;S*a4CP66qajfLYCEbM|E+4k@3ua;aa^OWTWQ;+eFA zu+Z7*TtmM>^H(qtTHl}yOTW()Km{{Ffsi~mXf7qcTnNOM*lJmP#Bmc63V$+`HrgU$ zE8QkTbqCnU?f{VaB1It+n)5xHXQULglpPj`r9x8uBuwX99VZGHiW!#1u;fLVJI7WL za15YE{5fD`iU7w`!~}p_7)z!ci`q&9rYfKzA&lW6jxe9AW~GiiL71{KHH2zmMt3Kd zA`TX#~DReqaqP)kx?`t`cLqk60z&6O+)^(Pd|dmF_jZ_s>Ui#L{MyKRH|yjC6<`Qd}4pR;3cdq}dD zII76}%eV==wKqUDgS~!p{qoA^cf4Ta++%~e+kMabC(4c-g~=Qj?MW< zNTd;=fmk^S%R&J3!E(8WA!HVgBB|R+Q3fL0Iv_Nk@BWpkBD{ z^AaszxUQV>PfJBxdh*K+JTZ*^PJk$R_nUVpoQ&(xT|y`a7MK@Lc7AW!>)r3VQ!FonMnYWzFG z)Kd|POmtW)Fj-(gFoE$HG3D4&z6|j__Y`OzlLi7OLMRZL5DK|cVnaL{Avr7~1bIpY zs4zrw?^bnnUujShir_=7@=BjZ)|Bo6z?`9IB#bIZL#UBbok$n{nqb?+PGsG~e^V&)*@67JE94hf~Y}m|)#0Pm1+DY4!#%7LzIj zQzB`U8@q5wQpHymUcai1ci-{AkAezH4bl$PUn@Ax_Wc4{Blvq~N0;^_a-N>%ORy0Q zUKeMRz=MHAnZHKaekKVkm-}aO!vstq14E&_6B;5hp<$Fv;1F>fNRE;k?u1Oq7{y48 z{4Ja-Jy@&&6O?&YE#H`)W2a)WhKOo!uiTVM4Yw;s!P!g_v+G>D8nouD%A#^fFrs7% zpy-;KizG&7O)|bd%{k8{JT?&~L;RG3kq})lo&(HSidg$5m5#3YNKaH2pcqn2gn$q- zTaT1>y4bZtf|zLDh%Cd8FrJHn%+bhuA?<_`v)Nr!Oe4@{i|{TIL$4(ijSw}0>Sr<< zVd->~#X=IK!m^QLwwQTl{dcqdcT+r81Kiok{`69YyZ|!9_B5O5Pw`j{p6LT8V79Mk z%a06=(g;L2zLDP3f0(vKo4)Px=P4%?!-#b#VkDX&PoUSA|L%JUVcg46Q6t^?+J@Ms zH?8RUtc$Tq!M-{VC8x!?I(E^9yF0L8+fJSE9oohJBS0ZHcnEtau;!!?eh z%Y`6~Lmdl$lE7es420*v99!!9U9c+(xcZa3_ur0~Hd8p4Gf)U#IsB5d(OrNN$@u}9 zCJ|QFvspDX2;cda20(@!N@f>Wnq^Lx0+2h7q{g7rxxKyhp+wOqblizl5!U(P{PgAP ztCwEi?|$t#KgJPaEMF&wbF=p&gmnaOfsi3%ij-`}F}S6e%Z+A6M*J31$B$oVdc%c6H=221o2d^>b`S@P@!?-7w9DoSM;}nh& z7?T;IvD|k@bc&f;CSe>p5uReMg<+*T{%5r3ynVLM_W3lP|33f#|NkpO!yo_(0s!f4 Bt;7HT literal 0 HcmV?d00001 diff --git a/ops/Helm/shortlink-support/templates/NOTES.txt b/ops/Helm/shortlink-support/templates/NOTES.txt new file mode 100644 index 00000000000..51c75f74568 --- /dev/null +++ b/ops/Helm/shortlink-support/templates/NOTES.txt @@ -0,0 +1,7 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- include "common.warnings.rollingTag" .Values.deploy.image }} diff --git a/ops/Helm/shortlink-support/templates/base.yaml b/ops/Helm/shortlink-support/templates/base.yaml new file mode 100644 index 00000000000..0f69d0b39b6 --- /dev/null +++ b/ops/Helm/shortlink-support/templates/base.yaml @@ -0,0 +1,11 @@ +{{/* vim: set filetype=mustache: */}} + +{{ include "shortlink-common.ServiceAccount" . }} + +{{ include "shortlink-common.Deployment" . }} + +{{ include "shortlink-common.Service" . }} + +{{ include "shortlink-common.ServiceMonitor" . }} + +{{ include "shortlink-common.PodDisruptionBudget" . }} diff --git a/ops/Helm/shortlink-support/values.yaml b/ops/Helm/shortlink-support/values.yaml new file mode 100644 index 00000000000..b7cc5a40fe0 --- /dev/null +++ b/ops/Helm/shortlink-support/values.yaml @@ -0,0 +1,98 @@ +# Common default values for shortlink. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- Pods Service Account +# @ignored ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + # -- Specifies whether a service account should be created + create: false + + # -- The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the `helpers.fullname` template + # name: shortlink + + # -- Auto-mount the service account token in the pod + automountServiceAccountToken: false + +# ============================================================================== +deploy: + replicaCount: 1 + + env: + TRACER_URI: http://grafana-tempo.grafana:14268/api/traces + + image: + repository: registry.gitlab.com/shortlink-org/shortlink/support + tag: 0.16.13 + # -- Global imagePullPolicy + # Default: 'Always' if image tag is 'latest', else 'IfNotPresent' + # Ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + pullPolicy: IfNotPresent + + # -- define a liveness probe that checks every 5 seconds, starting after 5 seconds + livenessProbe: + httpGet: + path: /live + port: 9090 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 1 + + # -- define a readiness probe that checks every 5 seconds, starting after 5 seconds + readinessProbe: + httpGet: + path: /ready + port: 9090 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + + resources: + # -- We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 32Mi + + podSecurityContext: + # -- fsGroup is the group ID associated with the container + fsGroup: 1000 + + # -- Security Context policies for controller pods + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + # runAsUser is the user ID used to run the container + runAsUser: 1000 + # runAsGroup is the primary group ID used to run all processes within any container of the pod + runAsGroup: 1000 + # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context + readOnlyRootFilesystem: "true" + capabilities: + drop: + - ALL + +# ============================================================================== +service: + type: ClusterIP + ports: [] + +# ============================================================================== +# Prometheus Operator ServiceMonitor configuration +monitoring: + enabled: true + +# ============================================================================== +# PodDisruptionBudget +podDisruptionBudget: + enabled: false diff --git a/ops/gitlab/workflows/matrix_build_base.yml b/ops/gitlab/workflows/matrix_build_base.yml index 43729598d2d..1533c999832 100644 --- a/ops/gitlab/workflows/matrix_build_base.yml +++ b/ops/gitlab/workflows/matrix_build_base.yml @@ -73,3 +73,9 @@ REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/bff-web DOCKERFILE_PATH: ops/dockerfile/go.Dockerfile CMD_PATH: "--build-arg CMD_PATH=./internal/services/bff-web/cmd" + - APPLICATION: support + REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/support + DOCKERFILE_PATH: ops/dockerfile/support/support.Dockerfile + - APPLICATION: support-proxy + REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/support-proxy + DOCKERFILE_PATH: ops/dockerfile/support/support-proxy.Dockerfile