From 158755261577a95293290c65137558550f2cbee8 Mon Sep 17 00:00:00 2001 From: umagnus Date: Thu, 20 Jun 2024 07:25:17 +0000 Subject: [PATCH] fix shield guard on csi controller and node --- .../latest/azurefile-csi-driver-v1.28.10.tgz | Bin 13374 -> 13426 bytes .../templates/csi-azurefile-controller.yaml | 24 ++++++++++++++++++ ...si-azurefile-node-windows-hostprocess.yaml | 12 +++++++++ .../templates/csi-azurefile-node-windows.yaml | 12 +++++++++ .../templates/csi-azurefile-node.yaml | 11 ++++++++ .../templates/csi-snapshot-controller.yaml | 4 +++ deploy/csi-azurefile-controller.yaml | 24 ++++++++++++++++++ ...si-azurefile-node-windows-hostprocess.yaml | 12 +++++++++ deploy/csi-azurefile-node-windows.yaml | 12 +++++++++ deploy/csi-azurefile-node.yaml | 11 ++++++++ deploy/csi-snapshot-controller.yaml | 4 +++ 11 files changed, 126 insertions(+) diff --git a/charts/latest/azurefile-csi-driver-v1.28.10.tgz b/charts/latest/azurefile-csi-driver-v1.28.10.tgz index 1bf689ab9659ec952afc9698bb66df11a422a25d..1adf178d2aaad606e6d4b75be1411a057fc8748b 100644 GIT binary patch delta 13422 zcmV-!G?B}`X!2-~K!39D{OzYeDZ7>AtSQTmlkCy0)Rx!wWPK;&xNK+k?w!odfytJH zH3e`0(6%O%s(p}iUT&Y{7C!h5Qj|o0CE~qjClX}{olc0Q2y^==f%!<+q#~x%+Z^@ZDhhrTPgC zI;nlm6AOv?cY~GdDmU(tJUAjh0T+bPA-dY$z)_U@v%mA_{`O!a0O4~IN&V}d5*YM7 z2?6ahDlwtJ(V1i%j{zM~34DZoK+pEij-IE#pM>$4&<%>GFhnkq+qkOKdfz?sZ9LBT ze}%&sL}v=1d4K+I@9w@Dl;{7;!C*cA@8Tg-Jci*0LKj%TDMW0DratdaiO-o}BiZ-a zbOU8`Rux5vL&OA;jL(K>iwUuH8D9XWAVDZO+A2tu{zBq$Zf>hzqBsmsSV;WY5FL$< znLObjfXWSod_hh)yCO;>0B={N65lBMC|Bu={>y%wDu4H+#QtQF`mp^XSJ`g=MXSnA zL6F}Tsf(Kr3Z41q`BjDF3MdG1!r4X3!Am}g)F-+6cKX|c`4v(Yz=2jHr!Xc$a=btz z)yGx|c|7^Nz{1=nZ#;Q|PGJNbs1Hao#3&%f(UfsO0(=fqsGlzY#R39!Jprnz5jsYC zHV8$6!+&UqCQ?RXxRv9yPuNz#e6c05xD;DHqa!koId~BZJU_9ATZ*2iiFpwxS6D*Q zoY~ff{{18l!!yIp5dHki#uMZrV;-k7+i|lWU}lOO<0)*YA|Be0g=A9{;tL3MJ8%#n zLM1~}kT}2+Z}_^%J6&RkK7ZLj=n1;~v+!^f)qhyu4FUX$_^{{uET&Qon9l)A7$V7I zKu^%$RX3@BZz5Y3VN+P3YZ8X4Kg}lr8ZnM$EbgN-kc!0-4h0}GQa_?=O!bek0QEOV z?3(sfeT+)Z!Vvfn>A98hnZEG^Mo*CH4a7$1%<^HGwu725!MGk@E0JZITF{oFCMb@? zgn!BX62HmsE3&)6FR)+kf7OVh>$I_v>#y{6UB4-EA&Y~3Ev}hNS%RK^X|!ihUs^=i zhapmv!4oqfK^ulJWY>q&NY3`NZ&I!~L?Q997^0mGgeFYLW02R3U#4;;Cqy6tQmX0a zvp5V?uLMNkix2`OG+8rHz(63%Bnlt`8h;>0(T`_G$>$qL%>hn)al*J9qMiSIwY}?B zffK-?oMgomcRZ%=>5o`QHKJN%lOOF+pM;n~_R1*#Q}{I|9D?lkkd5EL6@)|dQvH>m zhL}<&vGSvnUm_M1CThfjy-Fbtg2mhiVVHMWN7c$Hks|pEAwPN)4XR{ zV3GP-QR^Mv5FthK0!Ab7lFaqMtil~zJeP=H~| zr~s)uL6xQ=>A3?K;W(5|#_hXJv>(Pw(SJ|4DE+1S`ftV`-9*QXf`7F(^ts+WGly_D^H>}C~$jK&UIdrFLqa|$l-c8EwICDariZR$xj;zH)?Hh5OYGu)@Tzt zJ{nV&{(N`?eyl_DmVd>3P3OR;xyE>Cilsj}yooqi2~6Li%;Atq1EIo`wdt72BU*ZE z1-|sFqIX5OjB)5C6KUg`(12YFmnw(_s2O>}nQ{Qq%>|Je=6Yq}T@&h380nOLxEE+wtItIWjtRlaDdvh_?{a^0|7JAV^1_qpUbGqJ2!zMjW+ z9y5L!G908nx?U9!pz`RzPNgU4XQnp|arg^58X-9Ww6}MFaHL&B^~Q$1xQB%xV+sM9 zVv5HQAY$nvVj@0->hA@f0+K*6l?V&{lW(lLu24>ZA~pR@k)s22P2@xuTdY=F#nFKh zEK5r_>%RAEx_^G0`+pLqQHUjot>gFShi83xBUhmoJJHL(KDpRey?adfb$(e1*Pz=^@X%R!Z`# zo3Y(KbLRi234{@F(U;NkP=Gn}e`mKc|6jjau4axUsMI%nU<@Ma8d$ z7Ab#0@AzKKGPaFB-`{B9UYE;ij5wikgnEAz-XBG;*b4J+3!p;3>mZoYU%fx|Q14T3 znHI6>lqr|Ss65fgX;R9pKnzJ7MJ3#O6Fqa-1E!Pp&UGy$y#jZ%Uc#~F)5|P+T zVRdeTDf&%Ot9<(8*uEY)l}W_QhmN%V%vntn~KtJlV;X#|fC%NV0$6Y1mLA zt$)2R+D1J@aTuluixJ}}#X|_xF!oV~gvbd%#%38Vp=z%{DD+1h(=jxDhfgbv# zm0EY-8v1shIriV@ftL^SFNFzgwExQRzj$4=|2x|+UT?4M|6M$#$(D|@4bJHq;CbFg z9w&?=0yh$i~2lgfP010F;KM$eG#g%1|?7pjtg% z#3T%W7xd%RAVq-Ths;3f1A4X{vmqkTfS$402dXP($lBg8J%4Gp zm+S{NRw(2Tj+gIRuNMBzH)jRFLs z2-w;*$R%syMBXV*!)LmEdKRFQpZ3v+vnjfs5PxD(PYL;JEYLH?6CB<1qz+eGBk=o% zW?!w#h>$?-KIDFg$@JL7y|eb8>B1*J?H8IaBsYjDck5HuaA*bvbZoSt(SQ2ix>Q0} zJw+kiXH;>E*u_7=m&!Xf8_k4{3!i6mq`3pGT-0kipj4`5XPhQ1nzl{}CDV9{1o=(3 z*)WjCca6MGW&u}Dm>TY!DC7pbNrttwpON3nLR|iR9_Qz!p(%|-h=oXE?Aem2Sg5Y| zud1Y~ot}T&lI7!ic8h`|S${f>$|chdw?&mgqIT{QwRUBFbYj9#RJqi0f~C@DWR%8+ zN4lgEL+r~Khv6(GY6n`Fke4cQ!Q`aGf?jjF`Iig<6*14E^7?zs0Y!|MiGU>n>`xGr z6X1RHSIf(fAI{E|`Z2shpw^*`8z3znm(&gsw*B>zcEMsAIJvAJ%YTKYPHHv{!deZL zZlg!2C&?6w>QCZJpotj9GyopX@`}V7OJs0G_07r~?Ls5=t1nCo0xZGupCgy}D*cKV zP@uXut|4Y!1cN~l{sg9YnC&>xy_2J#UYr$vM#b(c$rKR?>phF7>9o~LEFelutgoV^ zr`XB4ot(70nNskX?SHUJY!fk_3ch5j2nVlLBO?@X76F%}xL=fW6AQaYg|*d8;=KsyFj4eOyOZ)uGXrir|3l(kxLiiyS&`;1-zSGLAyV@iHYX=|0B zD%I;8S)!@^7>Yx)Betoh^c2q!2d!0NnxkhAOQ9c?n?mS_Wq;=e#zZFWvCpQ{m=ZZN zs6BEKOUA`k09O!h2{QID_a{VxFJlf{%D2_5Q|%)6r@@nS)A(tD*UB_Bk9Hs%MnL(H zMySlErWI9_e0q3xp6*xc!6^5B$(D<32vmm=Is$G6QM*6d%+o*%solLJnNCS%HNKb< znM%6QYI|R=8Gp2I7zNrrLPr$s<0*vuSir3hfa+=Csg7+o1c~2YHw5Z^LHq*{+Kccf zm}6f8S98x7X2Pb^H#OR&KD(G%4dLtv#|ajnQ6C~HwybX5GKwHw4~ZwPHAMC#$oGD+ zH{5zbcZe3E>h5x(Tdbt1&QW$wDC?o!|IA#JPn&Qy?SEH@B6O~WjzFjdolK{()aWcc zlBvdIw4b%3LZiMZ`fZ*2?J8VqW$m}QhL@acCsBk>T$E}(Z0oRQE0G$ix$d@#H0$ub z=~=a+Q3^zecxqhV3$VNNHAMB^eY(|`Y~Pm*U82Wxqh~m%A$kFN8XOjvX$!0!rY1$W&Xd@*1)$4yJi&daCl0QFuRcfoFJnM(F2W?ac4}GUv-$ zQK)=bvp}1pd7nC#h+5J}b)oMl>gddQ>q{3IU4NtU94=gHB!rPfl!R&$6B|l0YdB*- z&CX(Rm77UnEZh@*4~@wc&;-?>tDoR2K+`ysBnmUihT&obZtK8k_EiKthl%K$5KBq# zr3%Z;YuB{E#dV(&tqfnD7O4ULM^=F(XhjUud zSZ2B0;GUWSIlta`>oMobRw(C^Pt$-2cB~K0vwzR1@(#GE3K)7a*_IV6+XO zIM*IR^{a^Wsi9FEqGuN~wVELTwr&rWi-l=QwV1U^AuRJ8UBE~QRxC^vm4J)=wAO)a z4!_LP)XiVFP}t6fW?h<(uo2;Q(VU^RqmhGVrqu`pn~2C%b&E`QyX%->J!Kq3^(4+l zJ%5~;E;XTxMh9mGvX746pC7u^_BliNije?CObDWu3j+L@8z8EPL2M$wNu-^eE+*t| zv33ydTF}wL!oGmYD(Lz4NFR4vQQGATWGcjJb#5D*%aL)J~sn=x^aSyRjnm_=*g228C^nXEt zoFv({Y&sfDMhMecVL6s&SC~K;DN89CiX-KmhHwR8PB6tY(ucl_Y#v3Qm4B{C1>lna z)a=wDX*q#eE($9NjR94Hw_27k(UNHVq1XxOc!yW=&A`CSJ zA=2Z@<)`R2*rJ8FZvYaLFx`QrIyVXMMCNLi(RGrj#4eqe*2*Rv*01W+6SDDGO=V@Q zNE&sbcFZuLNB|W?k}Jr2pAHj*=0{|t(*#vIOg5VzGpyHGpzR z8m63@tA**DYbae7L2ep{?wZv2EW)H~>Yei#dJa45B#NehEfhpGkWdiiEsG|rT1DgJ zyCOwBR0X?nvXrDgB~xC{&VK=PxaHm$q*Uyafyx6s8fSvbpIpU_)FS5ec>wiP%RXJq zB#8DtWNscf$S&tYrt`o-aW0c{XMx)Rs&gQ9E;Az)X3xBKAYCG_N5RTVZcjx6G>+eE zkcOCIJuo`%WM)Pgzf)qB=vk6;Y15gS``+l$Gzyi>P?utwx7^kZXn&fQ5tb4-9ispD z?Bkz)_n!ad*|VPq-hck`r)MAg`XB%C{4dXcPyYDR^XJc={rtm^Z_iH-e<9C*|Cz?q zOY_(7&whr(Us@7*{`@b0sIYS5<)E8t#mBg3=6!l9J2yHmGg*z7dAf@>YQHjmcaFYY zC+2^NFDi*hY*@`41b<#bBi$&$ZxRyu%|jvA5Xd`%Kz0g!><;qSCDie2f;c`}XyXM) zZ19awOq40_Wp34b)jdI}_M%kx>RjxhRn zLuZJ3HAg8sQGvynH_*HSBF`y45++C=;XcN6<0+kc7a7)9eKDi z&Tv&!VTTyPTYo?du8I#_9S!&`VgEWt``s44?<+?1t&ZR80Ik;vHg9Dl-eVQFhlHu? z3PINqUT$@C-0E1kPLOXM;oQD*R9hz)w$%}9tK-u;K%;emJ$u+lvsExxm1@wf=9bwxq5uyX(*$mG^zB8832xDW`s zpaYJg-w;O4MO?-9x?VZj{csa)+5Sp5aw5#}R1J)^4%iX-$cI*S3`BXo!gO&CCsEnL z*-Ps2=Nxt?S>kdVwbv14DNI0+&}x`J*@trwhJQS1%mGnGvl|$K2Y|dN*|>FrFNdF8 zoP`ZzQ7oud;Vrd{E7VxjIZNr964`pqgU*b9nT~)K*4`?%KXYp3Ojk+;0B=aw7h|2 z*ncklXgac$K&BT~)(K*ItxN?FZd+qZ=pLJ38iZPHR8r14q^=IcvCfY7P~lFQVJ!|s z-r=eXM%IQ7iV&O3bnBtKgqdf?af&0eEG`LNVvbAI`@H^OE$%T<>H&{%Wd0Q-&<@!CA>|b-XR#Ki;++2Bd=@Ck2)GG@?M;M}Zevjq9WL9W2RfkKFH{ z9VK=nks=Ep(a>0jBbMpyMGtlBwyYRFX-F5K{pcbLJZ1X=LPp18mE;EX8&=En+y=Z} z4x1-fb}Lrxnsf>yeZOl%ixy~%Ie!kfYKvBDiRPi9Ime|kk84lX_D~7?Wl~h29;04B z#AVO5ZId2#Xr7-BAPQ05I9Ts_uD5L-;1X}nDfPl3^=vX3JZWQ0sMJ~WkD0gw0QCs= zrtns!9rHt6Eo@WvG=_58I8qLpodm~Rymk~WTeKTm1kfBLI|`{eD7O!?eSgn*0w2~X zlhh)V7@hB+o5mZepj{kGHpSACaUqQN&yE^MO5jM40DPRs9T&ago~_VK(xCpvCZBP$ zpA$Gvt(zE}YPb`REH-tb372?jkZ*GKINt$iAOa2)PnPo`BxhP?+oR-|a z+s{&xwEu59q~7A(Qt^XQQVV@PASv;Q1ik#lv&E<8tipVg=awb)B!78KvVL~=YMMT> zaj;Q_YP*f>BCR_-U)axi?8daNL79FR#F^vXJ%>bd}&AO@`HQ1A>iI1*N0Vn(4+BplzXaqW= zh5(%|&$#5qvS1fU5&M(P{NdIMWuY|@A9SJw=~Yh!FF!7);D4Bs4Y`m`VN}vz&TyE^ zQCK2CR?gRR7J=WNm+mwF7(t#I8*Y0s#XLC)J+;UedlKBWDkA~m;G12Ie4@h(Fj*v= z=lB+LbvF$YI#E`;_+!1-r=>fv32AcdPH+@Kd+)?Sd0Bs@F4&el1^L@MIV!{4>`*#a zi*qfvZmEuf&VR4_>Cwnk#j01(odq6tN^}_6xPsBEY7m`aDqMiF7}tQ<8Xs^%o3dl)l1Lqj1)5}@r|mpz}a-Jn9D|KO;h~6KX^YhoGF1C(5`Hzi7RZD}lRXlD zg6TNTH#mxA%wf3{4b@0-@;D;KWyNuCG1r!jqwVq(KF#m6H8!p(_b0moensGV>zeUP zLdTvGP0yxE+S2xC>xur)(rwWOtZjn|*6uc2rGM%XTT3-6*;;6C$DW=gFs0JBCC@0; zu{D#42sFh3WT|s*S(H_W>a=kF%(Ivs57R*X+oUS>XG`^9Oj=Ff4@U=gBj7PvYOdBU zdFzt+)u6x7@L{b5B!XGi%!zKh*TXn%c2=t8;E(!fYf z_-M-JlAm{@nH%{9|nE;>ZB#Vk7P@e@RsVJt1Q2A=NkKR-L{bqs~ zn<~fYzXJC)rhodQ_~Y?^*{&@roSRC{ds(0^(y{QBn2uPS#Me%SYJmW-0a1g-Dh{08sd zY@42~5diIKk%dGrnUT#I&|6rdD{0c^3d%jm^Wsc)D$Oh9d#l|sT`2>cD_p*MPB^Eh z*fvXCv-f0k7Y@;2A;)Uoety$lKB?ct&*=%L5Kx5z1A0ou1~})d?Kd9lQ56{1kC#6%blKlS)X`$$R}RbnOSZrGm90O zm2$Hf8l7clS@2ZSBRY$;&WK{3b=ru>eWvI!pCY;^mvfyyr{&3>mCx~XaB8QMGdc^L z$Z7QBzTyKoD<8L6{cz0#KT6Zx!9JO<_n6E|2Vzz^`tmprxvY4clovbaifEeM+EwN?@h)lg=M9e?w&7>>c36O~qAE>nmf_ zS4E^hQvCT>hc;i|zWsF~$Zz%T?FG@{>-)DK(*4_=V7OOBYl{rR(pfCk9>@@3<@_0#;|-(n6U5`yOo;u(#!C1DzA5Z9LaF;^tL zmZLwz)39wFe}lnb@M?Eg|93DLl>WQ3`+Bhb-S+OQ7rU=t?!Md}d^gy6vAwhX9U9zj z)6EkLiTQVfmFp@u?vXrZsvSTSve^`iYRJ>i=XgdpV)d!Syd+ zHuBL(UGx+}zykVN+)ectOC_^!DD_Yu{f;Q1fm(m= zs&7Iqe!PI-n ziAwv*_RZfXA*Rrx%48QIQso(63pA!vSZ0u;sLf~Z?%>CF> z1{>AsNZ%AT%gMO?WdQ-NbTpabF`UF!dcpjV?JVa#Y-2{1 ze|wd|<@knWcY?)8{S=d`1ZKu_$jA^}MS$JH5(}+WEynpw?4w{_t$? z;NbM|?CiOtU?rAMU7@c1tyX^K&f1M}fAR@^WSS;VX7z~8tHQY#!JpoDtDtj4rRKjjM!4+HAHIZp#HBfn15Lo z1T~2)gdWWs<0vg#9NsINj5(&VGR#x;t2x`HcqnmbxL16E^a7HPALMUQ{Opw#e?Y+l zvjt1+<~*0}og%{m{8%erMkUF)F)U<>`z)NlRaC! zb4}tV?3~hR(dBi>%C)VaJ=!XdWKwVMxF+=-X_iN*4blNyR24KUg3i@I!sq?#fP5mk zMm3NE4${s(%RcQ&B`i?Mu=QsPf2)ey=c1hoX{#;nMjwGsq!7u$PgVt9nc0z8dH zc%yeto>o4{`wZ2$Bfv7|;Ek~a@#YkKb_LuZ_YZF(tncLh9+NQUpjQV^fA80jCu6&e zOMl1u!m@h5x*{Z3KtTvE;_L$2sEg!_6ZJv28l!=9bs`rFFR3@Ws%6e3nuA4N48@6*k(V6se-knvhw8JTI}lrJ>I85oCnt={Gy+!XVq1$Y z=|zmoH%n43ccmeG^=4-we^pSd=AmnY0=M_85YnxZHo73&SLsv_)R3*t$gJR!^MBQv z+IbD$Ro!G@<9Bccp?e*j&elIX+dn({ba;Gl^8V=f+!ZsNg5<;(sdgFk_5Z7x-L|xy zb~WpBpV1K+*D#(Ha1$`Q{7Rzo1nl8*yN~9Ik%lbR#}r0n>3{*PWZpwTR!1q)MH=&GzC*skF+&Bou35hdZ!c7Q= zA-ncq8p&Cq2WlFuiyx}e`&rXVlr@g5EaK?~gc7N`&Ap=3IRmD)NaX9)? z2}djW4Q9`Fh*EE%T-TCaSm!|`6!XkG`~gCVBse^P5YNsG>VJq{6cK#ZbxL1v7hgxf z2@BjG*RNXs?}yXFPy45b2ZzV!M|e-bnGe#FraFms+VM|l(M z`5XdI8{%rYOPCGyNITxK$Q<9!C0;8xByUaJYp|G-o8i`0y^~s;lm3@*;!BJ34~>h1eaX9qugdiVbA zr+0@x9lmQ@f2$Uix9sfThj*DPv5=#jIW~8?3s(LZq@OzvxaB02%?sB+=Tw}=ar6Ts zBxk5Mf`D;cJJdpyGyRtN5+dC4p_-_g0}kHPaMm!>gb2OpvfMA_3ZhH0@doobsc6nghaZe_rF_7fwM@_N$svA(}6K2Aq7L z6Jszwd(RE>e2zKddaOSnd@!vryGG{*~) zFaXLOe+OA)H!%4=K}Z@*#c6uEc+Co}P|CC*V!;s|vG-J)=+rzIefo}!z@Pb{zEV6* z@_wSmLZnv!d+0Elz!W%E>S!e1au!DpkHPK*^a~~CYKVpAzXl*)6B@8<;VB&!apr>% zb2LKp{NLW)9qg9o|I61qyX*OX7mu}%m~R7NQ%28ViPHp0C4o5Z@GyakY6oWt60)lwBuFTAdWyiL|2>l&OBmZ^wMtbHI{u(v zCGN)*-+Z9>3X@Qcc%kRil?h?i zs@nt90`aenc?$P0td{N*E?>KZ72x}98l7;aW?g>eWED|NC7Hs3xw0UAZM*7yl=C8U zi!fuvD$8~r(>?J)05@IMJ3dEyAI|^wfBy97{2w1bp8ezO{P4#l@Lo7NlcS?XWxoOZ zuiih#eZ0&AjP7nruUct2q%uF6Ru@CF8Eq;1}4$8hZ(Nth!2 zzvr_Evd{$b)QTVN4?ljq!u;dMkX(HHs8m)6^5e%yXMGkQKh`d$K7K^r_l)}me@1RC z;L~(!MQaYjoX25Igygstm`#0XmT#xYXWh#5+zP6K=K5sG{p#DOy)5N*vZ@wp&T%P= zZp|im5j!_;N85^RT8qZRMOaSW{NdTb>CsPzr=Ly_-+nrKzyHIhlfCo5xo8-Pcak`H z_u=i)u_keFbn5!JEo`;*W{SfBf3%HMQ!kmF^^>y(EM%{?a&(ECn-#P}BL~GEU8e3& zcA#b-KRRpp;lp1KKOMh6IQ(?H_u~Q^Z#vmZ&5m1^XjgltdbZ>)?t;FW|Yp@W=(2|tll4ftix8@2zNkQZH}yu?k;(Bcj4WO^7&myk(#5j zCSF&6c;+s4D)xsu*6$4XcXjl3(M8+?IwHH?oV>ry$p^Eys3%=He*S&yCdu#J%pd7*O+`PzY)^mqcOoZAetmbvtMBkGnBijHg3Y;Z zZ<8=0`~B9lM3i0@k}%}otTQj%_1=23qq^QC|H?PXA5NZ#ugAH!lU(bBMgs07nY~cq zX6B8A7m*0O%HZb6eEit|s0w||eMUmCq4Cm})hfjFVyQaRe|M!%o*+2^0a|$pggK=5 zyy=am0F4;eS21Eq^x{F^FblJ%+}!h7BF1PqOKus|domN8+#IKVx&VpMmAx0;ULLrA zc7!y0t@~9`S)p^QpEvgK;E`Rq(@G0iswP`oz$azzKiPl2jR^S(`tR(%NNq$FC zzlg-I(#=I$e+!BJQXTHDuOXJwR7)#RVRmAm=zjKGVvu$;X%LKk+3l6UzO5X)c=&9^JwCTe)P9Xz1b47Y^_%vgVjSiqXz=oAn7l_L$? z{%sZv0qi@9Orh;b;z+nQ6R60Y zqws?PfBwzeGk&=s@NcOL#g+m3Rh-K#6t`tVaa*;axaDp&>lSLa#Dzx7;NrHHLdBI; z{TdUu#>7?2-z6q4o8)Um+_#2^v#>R-)x0rhaa50q`zcerIyd$mLhTHH5%4JyLak`4 z@@o`xR^qF}>~)Wjn{)HgeEeLF`6X_aS|jb&e|H>}SXra%^3T_WuA6@gQ=@YmadJgM z7(?Kg5vzH=cXR(!)3VCB$lxr(W4*W-qQ8@2sI?qhwQ+}L zf5uk2)~jK<&#ARM_v;X04Laegzf)|D1^Z^67Wl8^sw^+JQd$TEHs}7gm%A^^_do5t ze*J2V|GJB(v`dm+iAB)y~n0#QWUKkzS5ehC4>LOZxvsiaS0#`%iwI2NrQtUO=)d7xf4*3U>im%GrvLHF@NY=u}{4f?0c!nIS z^jFSt=m_xDR7D# zV>>1U902$9>?MrW<(EZKi(tQOfC4l{TwC?#QeoJ2o^aPQXZ^=7 zuGAe)Oh!O?Q-Upe*4D4pRy1NYd>8Y$8y3r z`AysJ+`ZwA3qt*+jmCO#BY{&KdJ$(=M3DyWai*Q`RqhYxacHKxhj2vnf6l)cqMv)c zUp7ig?&n^VUb<}q(YDYP@C#jF46?V0dLa?|zt?KHqyAw!OZ_W=5G3gDmZ;DVF`2fm z)f@?O)m6N}-Bq(K;VVb3WjkB839f+3C3?=bW)t46B#{fx^ERqV>92$a zgpO}RH`!zKsam?QRjsC(M11j2@TFBwrafnc^_wPJ_4JEtJioHGYZF6Ln$_;xSJnF} zx;hb(hR)xp8NpjMD_BbGPacs?sn_nED=CewX{%ca9kJ!rVN2y?e@1J%h$ZR7epG7T z5)#X}OD4WG#hFgLwbrarMGsYFCLV&kd#&kqB3JVsoo=v+#JQ$fr#{wdZg%IsUDj{& z6hL)mo?CtxDw}$ZwC&30+jJt`OH)sfOkC$Xyws zd)8NXt*$zh_pd-tf0cUUesq)?mf9gpJ104qcE^gU!5_zr@J052sn zZKV72=VT-FzPCWW>1Xl%zr~XP&cT0fzu2wdKVQCD<3I1@nX~_QrzS`z%6M?b=blVX zzB3+_vB~FKyAw0x5R0{e>FQ~#|5rH#Fh~FIz8+NWe}6sLe_reVyLcS;zgNxx+zB|O zM#vsVxMYp_=rmHY4z}NIu)X^VJKefnnu*pi!CUq4Tw3ixd35zh1v>Tb8npZUg~MD- z8SHcloxVj2bdMq7I~Vy{0%wl@Z~F?=c)e5d|6gst7_9yO zyLigye@lVof6Uo0rSx%5wdOOx%`xl6Pya4+jCYX~{_WED7tZxHeP+meBq&}Q)WpR+ zjwMjshGSE1Zq<2mj%*O?#1LQMvx@$2yAv>1|Gz57|94-#ezDg7ck$et{?Ee5Yt6sb z{OjkQp2hY5;yVFz^#5S@MOpv98VuIwKkwvOB>sPQAjY9?J$^T)Vy)-a&-z(E-@^0% Q0{{U3|6UtHx&Y<@0DO^WO#lD@ literal 13374 zcmV-EG{MUsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJa@#nzXaDV|Kq)homwGsRTa4KA>j@=f}^}-%rDMOy~y1Qy3zb$ZcF#YW>nZ z^KCp%{lCUx45Bjw(5(O4ySsaXvi|Sx?XLCzJ{~f~V;F8AbcqF=LBxh=>hu1T_?!tg zl6{{|H&CXtswhGnA|{Ard^SW|Oo*+k_!2k;2|~%yRza%t7ZQ(ix~+bR;xIgAA@OHJ zbUZp?@|1%BDmM`F1v%yHnkb6^yj_(_e5356T%|AiFZ*q(+?NvjlSS&o_KRF)yZslf zDmw!~ep{q2Zaye<=AY+R6_RV9AjBzWmn{b``6N=G15pbYBAjuG;fEY(p#sLZNIY^;?z62Bt2+++0sHR5f z7-?+~iUfzz5KW|v#BeLeX`isIfcaueVsRz5d`3rP9CPp@7I=Q*54RLOPZRSZPOh

UQ8D zK!i$$rXX>ECEoCLk+-_U5PkZ*fzT6l^=IMXD5~+k8v^(>@nPThSxluGFrNdKFhr8a zfS#bgt8P;N-bA)6!ltl5HzW*If0|DMG-4dhSlmbFAQg)v911{Wq<%y|YzbSGdi-Q9#u9-|(f}Vb9tY=VPT141~ zAyUfViJ6d~9YYwho1DP*sV@jruKW5OZGeh=CBEnGu5L@(7}c{Rk8 zGKp0jo%|B9prEJ`3-&98I0zPVAB17vKR6iO_E1&HoUse3%eb!uXn)g}pxm9ktaOK-8R_+kqd#k$?^tG;cXQg_Teetas z>GhP>j7EeKIkVcJO!qm2;7i8sPm+bet;%S!9=d|r5cRZ~=PZPN(S=X7n)fUVEK*-9 zYQ3XdBBV%Oz-R=%9HQO{JNG9L#3A%r(YH1$QWoRRYw=d7W+xLAC;_pOGjsu`l4}4-@?0)xIXHC7l!1>3*9~R%D;q zuS^KL*Wc+UD$@`~7pgue`1&>+IHHkdxNrnJ`lBq|sH>>x`AdG#DKr~47TPH@-1i0PYmKzCaueyl7r^(&K&7>paq{SnE{WlYjZlV)L!Frw$8A(757(G~2+8FK`{PrW zT0eMAe7Tgg?yjPV^Q(N(RAp;TTyoy9TdRp#_*{ydnOHU|U+b~eW5%yShJ!Rl*Ruiw zR30B%ReFMcW_r;OhrgiX5t0)?`}>CoM>;fAZ*1C&dsqlErVyYhrg#hiB9<;9CgVe> z{$AiIAPE#xiLlT=`Npg33grYSQtEGt93P?^A}6}oVzt^Tjt`Y!Sz5YTUwXZ!>&LnN zCt(_eSc2F(d3SMi-j}y>l{)6F|G(HRumA78+SysJ|J}!Pp_DSWqH`yL;eK(s~RE^3j`7p%UEopCmD~HD_^0{pL@vjZj_OHbQ;_3Ge`eFP9Thci@uDO zhXTye|DD~6{=eE=LcfugbInNZ@w-Y+O)y2jDQcBZen-E?Ocpx% z^XH8Tgwwv5Y-#zdZHJZKex4_*Y-l|Xgop?~#fW5TvK zt_Tf=7NK-zb6kg@Ga-c0jRc@HEM?BjYFCDu83Wbk@iHc10K8xyuLmgt3`fMnQN-Cb z1VwW?M7;#LH70TrU-o@AEw7NN7I2Eg{6d|^ZEfxCz3e3b9Kz@YnSzjb8VwPR!!TWu zxzr4rY05o@9uF>L)r>WnXa)szZnUA%`ro=#LRURSAw6JJaf{gHKf#wOIyMW1rrT^7Nb|c!UMI7Fs~}7bcTN;?1KuRV zTH4RaZ)G7a|2~iNi_*}PMk2&QBsunMN>nUV*ZbF1Qq@k+zir9#Nj{)`2PGtnIFR|1Zp12xB=4Q zamnluVcTCXX_qXffs@Pnv0O-XQnzUk)@rD98$CijNv2RVe-d8-O~f#!0q}5^Hzd|s zB7-ZcZ&u!E7aDO;ePLPnS3qEU%oqb57+5o`hoZcsHA0vs z@~%C!$ z&u*4NKdLZ=&=Je_4UCCQ!egIJr!ggRW>9stpKhe+!AE$VeU_e1YgD+wp47Z zS*JQg?oWd!>7wz|0;A-8%99IkVdG?r=}HEmwa|~evz(M>%l1Ze#w`MYzS0` z5jp~H22qDU+Rf8I3#nbbBbiM}Wi`H>5}8W6&}REU&lz-V7zH{!LdO&x;3O&;OmbI;0#t@|QA@RgDhsd4;`Q9(~hTAUa4$(qXU0p78i?B`;wze z?09bU30x6uoY}F%rBFZ#+z**)%T-=OcE!OoFHKKX zUNQ>rMlSFSPxlD@+^g06-Y;{$tQCdImo*c#IhOaSV~VIHjZ`Q4j-rmvoHxI8kA${71bwthpwEcV4k)WF>NOFObFXS%+;Wy z_5x8os+Ry1O) z(~I3ED^r723ZqbyDN4;k3H4`!Cr5Bvu~=rh+z_6c0=c-}MC&o<%2%l1l26lw33kj6 z&2zx0iVxImAQm>$GE3)~mmqJ{V6;u3IOiTh^{a^WuAxyJqGy*gHJc#;wqXyJi=}Bw zwV1g|AuaP9UBXBSRxC^vm4u7^v^IcjPQT2v)XiVFFxbw9W?h=kuo2-7(VVHZtuhXxT8Xn!4`-%JP3odCz?p&Uqmy?RM=rB{!4SS?BtQ`p zf~e_&06*pih$>uGZYJYO`CW;rLH=rX&x z>{(5Mv7A^$#}oxKil@X!qMTE%wgvfEz-G>hr(SJDLcM=Itutk&vLi45q;Tb4QpHEr zxL%r{kuj%s(yLuvujr$C4w~b$(*xw=Fzlo6wWD-q_8MBTDxa#H=JhQRGT~G-vYN~m z3?KoCIEoloIw5taP&Fwg*<{R$gK%nR(vj0SXjWZ>jOi7%M^Y3Yz^@^&uL8YMASX$-Et`%8lM%vnR+x^Zrz=b#jFhL848@TOPD8kc zFejMe8RgJKgSG~ipG^Whk-3^_be$wB zu}k&Rdf9}-`dOWNLN*>NRaVZ5q**6w#|#sS1W-XFxrTi7>2N`4env(*T~MXNWV8D* z!+L{7zT4bMh55E)F4qmIhYa~J$HHUGBA2(*$%kq$Xw&=D4Qb1&^WU@Uu>$ zXbRXuK~w_?1yNqIX!5F6G)}%NQq)6Lup5=7B=sqo@_cp=Ig=pT$B;QaaFAUthD`OqL2)jVbG5)70M!MM`Ybae6=u!6 zb|76MuSdbkOKwd?12j(FX^@7PVm&ZA?_@NijNd7-O0<^bLfTYQbKe^~nr5LA4Rsl& zdDCs(fF`|+u#~{*5dFVrAO7^a_xvx$(zZOG#p(#7e>Zf7s8_S)V=Ez3#d>C3|1W(|Zasz4$7cHb2M>w}fj%w=!!?rqNZFPKF2WYe|uxAe& zX|@WcY>gg!$mp>SuwtDc!@i7{n9srrPGVI=*CWSob%ECEOcqx}Vy!NTE2FGB!c?t_ zpjs6#wMIvEg^o(@<;cOKaz8cWqp~an_I-#X1SjS5?|No6Gda>u|LHSoFjeN-R8unq zKP5-fsUO$p70y4e&^HOhJ3qBBL%-A=U8qaUIls_yYvjstilLv@lKutFM;j(z*z*k! z(n};3JKQjbtFT868$mZ+ewhDh9-8D3B=D(T-b-dAb=i_+${{D5#p5EZ)|Ca#(#`>d zAd_2w4vA_rpDC%l22gkP~5!r)prVcfgL!M?STx zb08|}6{d@GIEl&<&VEvlKWDQ$$qp{JS$myPmck?i39Y92lXW-;VaSul91vwRyMZBi z0LY7yk6Rz`<%pAuTG%ia#e!-U-qOmrQjJBMvy`nVk*&8p=-kAY=?G|H?VW*|&-e6* z^|Zl(UO7NZ3ngivy7lxayLTwW)(5#3pmydMK}8=9zJv;>b*kOM;iU<5G1wLi$#N#HD9P zf1`^D2*{f$7U5rGP%bEkrdVz&=8U)Wi+pt1!5)^jyH*}d%=@jzx@+Y1-5{@x0IdSQ z))czJU@tQl>2e0r`Ml#{&NkLK@1#%fdPZ>{Hhhs;Ls#>JJDC}DF&B6g(f@;v_t#q( zzLJ>!tB>N_ueGdKSHAq}im~DMu)LB>Bh@ajm@@O0SS-u+Yb@En<}9tGJgvC6^3@%W zP}(E!vuUKfYGJWEW1Awq7~jCwVmskg7mlqdnLp2Vxz?J2&54O+CB@s$ZTA1 zz3*U3Uc2S~;QTo88;KNI_=twaIs&oGZZEp2TeoG!^hv{U0XmK@!oX9uFCk=fELJ(( zpnkz>d7j&V*UM@11j}y4s$G-LV5IMNZD`Q~jWOHdR&CL0EzvwQH0PvL=IdIMwLMhA zewiaGP>)eBAmXa$TDD2IIyCF&1IR*@7Y^2Ip6g|s2ROx>vrE0ONj+00gC}jw36(l) z{x%bL0-zqj-jv>|v}1mXtA%gMp2k#8n?TAzvyo#^yWdrul{{XcxzlO|i6OTnOWX^Wz4R5;zhh03YXZ$Hl0)XDc*H z8r0v|JStkNV_cs4VA?qIk^jS=IOWB-&b`DZL-c0wA? zWeIELv=sK;{V63$`~Rj>>Miyy6+b8)YN7WBBqctQpqIaRw)oWSRhaMc+_I#e6n*<0aJv- zXoBq-7K@nm`ylHn_DlHht@=V&<7<*uevLE`EfY|he|e_g>(j^ zlKpa~!(4&F5(%>Mc|GS5`2BguedZq{$W!CPZ7-&nCnuq&7Wra#g1csABp@7ov#OCl z=)m`=X!44Qk?~zU-#4Fk*SPlXIT<3Ly_k05TQZ>4jRHFihxSOAst;~yG#Zv zcN_uMcq=VL=zpKTJK1`}YDk*#!ul8hz2y$3K;@>kALc|OeRANrdefg`N=6`L-_`+K z{Jir^T{xhG7jE%13Sl!@h)YATM2Cnl-H}q%2G22}vORzzmK+*>qnoSTqly!;&ESRP z3Wlhs6W|$}pOo}}c3t?Po@eHiz@949Gt8yw(Yzzcm^8@)PR3(!-~E8>G)bTD^jw*A zqC9er1ht3tq%OL`^v^rL)N)+xFXhMK7VVfRIuWXuo?DF+Gb-_|s>xT;MqSV9gWj|@ zU#mbs1t$=OUNZN;!86qh$-vp;Trro8(wZLe_wMlB&~T;%YD|+eu0}-JK6Bt#b7+A~ zS~OWB@h6y$)AI&Lv5Yw^cSJ)qQ=B}GjB(j;e6gHs%f``m=M+B8ue3EbuIcPgb`AWR zz|GbT<5z@^Jtdl+Jt}ES`=6~R`aeszMLV#z4JvrMyKI%JM{F(CsAOrOy&rpep1_n! z-fh$5Qh&Bo55}aG`o2FtydMFN z$x^ynJLRoA#IFV=hFnN7RCny3R}IS@OFLiaO5pn7?;F1#^x*tBpU8KyTS@J&?+9J! z?6fp7Qj`8Jo}yOFk$^pgDP6wL(je$PCAUuBMwtMg=|dJ3MW8+l%%P%~B0}ZfZXdm) z`uoiUF*a3!(|-l-YfS(2NAbs#|FT_I)IY;BEz~NA3dgtq^VPr`Ya}Z*IMX&XRq3azn3-5^Oa3{>yz5`~x^W|Q5zN~k=JmeiO>yugT z=wucvGAo_UVrX=BI?IB)lD?w7Nb3_(%(Ff=;_Kd1^fm7y`a&V+`uLodJ9}2%$J4>C zolf@XEU+V|F^+r08*orn`+Zk9V8QN*iKU+4}NzZgN?1JIh19xpvuo z3|;S9Sb2}aW7&~#5Bm>R-)+$4-hx$k5_Gk1V7*JAyh~uE{Q#XH|5wBKuZreh8MogF zLVp!3{wk>ZRq*v|B>lpTTO;Y$NcuHqevO%5W9A>;{onIbWZ&!^;KfD7RZ#0IW7Jng zq<^LO^GAm^U*Ep{I1%J`diVB%=O793`D77N%1x*r#sQ#SDw%ylsfYULcSH#d)ckW-eWS{2 z*X^KdJ~E~Bmy-PhPeb%ODpOGAWDc?19X5v7!lgDXD@dSl9HNl;Sk(1M^4`=WAOv3~ z)7>eS{^V`0XKOnx`R=Ww^Y)SsZ#goF$*?@+1V%k!ft`g$@y{6}t%W45Vw9G=Vf-p& zI5<{BiJbKfg7WyVKwfc@7VQ&Tb}JSzL_Mj3_yYYFViB?6ZC=c*1oSf*`11ln7O`Nz zEN7bWlB~_I1(kr86DH&dNY(bb9?liXYF4oT@nPTBv*?quaVWmdQOhV$7QlHyf^`T` zNIx?%L?NN^ZDa4`DYfqI8hObpTTI{4AF+_YbLCZK9%msGZ=2eh>Vj$Xk`tBol^vMB zPeV+hMU}}aLZr$!)*NxdIFYjqsbT|G&o_58c|Io^xY*dyl7+y_GMM|Zr3^Nj(~-U@ zY?hO8`^y3XUg>Bu#bY>)!|)t@4l>7m`Awmgy043sSL}lMAzN9_N7%-Vs_-g<%kd4% z?gWcdWfE^uZ>v|VzV8cinth=>0TV8{SAJ|l$rSd%l1y5 z;k?RYDX~9kt?&D`c<0LQChXL@wCM6`zH)6VD0o}_PV{bj$EA1or2Jo@!lnbZsJ1ri zYUi4o@YzaD^T)9@YHGS{pZ3Rj_GwpIyFeww)}Jk`&3Dg5J1uXk(D$RVC7aW&0ya6i z1_e=1y>2b1KDj|_r9m77`K`5|J2Ry_cXLjAl*?Ud2w%V6Sx8%p)jV{CEpR(mXVc7j8+Fan@SUn^4cV&FWCfR0 z(N$||=X<^DI(cQ|w{Q)idrp@s)E}N5oF9KYIypRjcYJc;N-<4Aa^j2B01W#2|J5j< zEp0WUX0GTnIwIp5#152lfv6?&ki!Mga7Dt(YOy+m2Vj>;mQ=Bt%R)vW~;rOugOvqehpBF-f9SvW)& z2d9ZyqOhE^YQ<`kA93+*O8hpL?~1)BR8;KMkqJ#NCLF|sg~1TLEWB4f_YKH0Rw*)G zBjIQz*KU^hhA4ID<+_&a!a66PP|P#$aM^?sNpN@wA)cKZkoXY2C<4B0bd$c`F20U{ z6Bf8Xu8;ly@B6c(j|XQ*heszD$NO(Tet-P-$TbuAo-@bU6-M=b#L*8hb8bpTc^B;Y z90E@};%d1om<{zvJKnL#?Dox_(^YOr-kZ2*GBG8$!>z6QII^mR)-LJ2K&PDD&QPyc zRX@YP-!3jr&p)1?z574^aMxe8cR9KxqBT;|$YC1>7w2yg_KHIF=H18h!yi7refQ?$ z+oPY3-nOk(i^>~ze)z-NERdQq55Y>r&yhW%dge+%J1t)W^3`}y5m{O4fsYPXF4+}YWF zxyFCq$K!ck0rFWnMRUU-L=Vo7?E$@wV9?^Mumtg36uVi%wJ8$5Acl?R1VA#cN4f0) zi>zZM-zNw;vtWOgUM^iTeyFdMP7nD$RbwI2 zD_}iz6ir|X94q5B5^p$*BS#2eQ{??ZiMjSQSLb|XAx@gmNA5Mqu+Xx9Jj z7q4EvEb0HtS385X{@=%Ay(y+a29-4f+y{y;L#X~93;3Jzc4q7kQh1w^H47)lFlF={ zmOzsyl?39XLom6EY6n>IgzV}-@`O^SC~|ZB>$&7u!q^^Gs!SE3^s40EOpB-4P;uF=V%r zlSW26!VH`5+G56S<@H>x02$BYk?XWM2V!0bjIP+)cj28K>?h?is@nt90`aY#c?$O~ z%&op8Tv~u1Ylaz>aGOhs3h;e4jZQgJT9=<^Swj?4Nv3dUj;v2#+pc;S<)X;kl+8G? z$~>IMbYHv|z)hF+PA<^?`-{K5J3GGk$A=H+|2V%m`Z39*7q(91=%`USXaIk!_g~|} zTowUF_qRq@t+bpYnV%l3ON!YOO)6`B5xW5{CJ=^wxOE__{mM@#aN`|Im?HhZ7qbYm zLXlFJVtl*tM~e)tgSQ-8&W54Dr24!1LNYlmwt=#5& zkHeS<$#E+fmio}lu+Eatx)r;*6;x%x^~sWJ#CK79SrF^QNzJ94<5HHcnuX^g>TBLA zvX!i~7LDYJu$;X9!?VM)zG-QJ{MLslm|L+lL%o;^t-r1#aY^*rUtT{m~B8?866V4L`j9 z>(R%PcZWwGPxgOYV6jV|hf%Z2m7RsEgGa3`xjU0kE5qzku{vYjoC;3_Bg=z3Xg_Y; z%ma1LbyhK@WQ4e-Ei8a=^c=M__>H1Qg4cg|R#cZd8(Rfof@( zrO{1ogQ7`A3}1%ejX@@;XCbi^uN^5`Q}hi;d&ssb*GM#eK?q zz9!H_(lw4UU4kd>B=%V2E;_ino?7y zytJ<|Yf?+7?7{Fu9az?;PXp2_^S<6Lx#V`qg;V3@J(G?iHQN(Srm226#C@c}4~9CC z?93*2wcT;i>BnN*64#4UUv6>g!K^K5y(k~jSeSX7<)|CMYP;PEZp$}H*W{lKH(QM> zbB+&|=m95{DGT7Wn^ege)ohg7Yu+gJV&E2nyEQ@&X;JM_EP2h}e4fZqjGvy;oJ zSqWWg={X{w^$r z`hBmhHpi0dMbbyUNcwQL&p)2{+bX%X35^8YvnG2i`R&Xb2`?fMc$LA;k@@hU|3MY{ zko$~;U=z%xFRN9E>E%*&sP9UjJV9~-0<`fG2y;kpOVZ0V=C*pDO(QJHB?*bt_cX%n zDL1#}m5Aw!yzO0GdSzpRllzzSef%JC`Cj>h^JAphYu&Gk$_kxZ{k*Y<7q889bNRdO z@Ck-q?P&yaM6qexeQUXFE0YUWRua(8gtH^TTtp~W>Eg`{(-4tLkrkdbJrr4{Zg z!(A7n#Nt5~6_(siV|i{Cs@&;dR_=+0JY5ral`}r(_^~EFD^9K46LSDj-`KM-{%hgW zKjz}U2D`iE{r}s0FW3A3@8v12z?h?SEb^-hB$qv#r&AnPm1YMhE<<#6440wv4I;Q) zqw?kOTW)Tazj>~_QhA@($(gov02fOM-Nz+zxx`RFg=5lfhbVcM-vYi2=FEJ%;%#z< zr@O&}S<7%&Xt0d+hlmBM>5WeDfR7w$*5**gHO}mT9?M@Y(BhQ+g;rhe?&$mGRF6^P zH4^M`Ai?S`LaY>94gZt~Ys2K@0f4_8g&z#?Yu)XMM|0iO~f)V#1Nzs7cEB_17St9yjhoC`tb>Y}HQen;Bc_BAfp*zDNU15^yKAWw?Ny=(J<#h2@z%nhQx%$VW8L@Yp2hVoM5W{M-iD4dZu{KulFD% zS^>n)V?Kr<8f3o|AY*2l>4t=@hRA9?`W+mx)l^ppII211AH-2yRo0dTN!cK(7B=LE zv5>$swKYodQueb?h@mb)U`yY3A2Ic!-cL#&L_5ANXo|2bSQ7@{iZho_TK~!AZX@gcG zn7PThyjz*GA2in3Wkt%A&l@pEeLiD6AT+P=uDW!HQAazKf}|U*_7tQclaNF%JkQ&x z8l}Gy8W1|Z3)^IO7pG?F(pI&aWfJk_Kf#yQIGOgG7v^u8Y&Fs^&hh-p+^$UyO<7jE z;#@WFtJvy9NE$kSqhxzw!F7;CjKyYtvC z>$mxaEHf?jc6C+$YOL(qnpUi7UMJTEwcb#*wyF1PQaK3n+t(L_E^1a+$ZM=r!}50I zzMRk(wpaIUt~!+WM_{K)z42vilp2=WAxk?a*-~}ShN>YR%VheOnqKKZmKW=sZ^Z#G zB{FTK`_rdnA@oZxfqc`?;_H8l9|AWA|GE8QcejlHeED)`z5aI}&z$wYdv!tj6ov=q ze7=y&$#=$sayI$%w(iBvIK*P@V7hwR+W%EH0nD-gyRQc2^FLqg?Y&&v|ND3x_di$m z0Ne{Wq(;cTj&#Wy^U-OhWSwlk-(-9D6?VFGyEGH6bAopo;km5ZgNo?tw+eI`-!)kG zFP9E;F=epRDRlY{J24i&*0TgDgNKv z-rilu|M&5f_y3j>%UQ5rI*i7tYR!9qn{(ES@BUq88}A}VxVJmLy|AyZ=`%y#BSG;l zl_oCcaV&x2HXNIBbF0pibDV^*-fHs*pH=LC+m(R1_J6OO|KHtv`D$(d@8kJm_CHG_ zuPy)D@~@vS^ek@w7hegOWB&)cFUt1+<*U8*{?B`P7RmqLpL3|2kKd20SlhYvvwqgk UxA6S`00030|B|Rns{q~s0M=Pq>Hq)$ diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml index 12cca057ae..453e25affb 100644 --- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml +++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml @@ -85,6 +85,10 @@ spec: - mountPath: /csi name: socket-dir resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-attacher {{- if hasPrefix "/" .Values.image.csiAttacher.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiAttacher.repository }}:{{ .Values.image.csiAttacher.tag }}" @@ -107,6 +111,10 @@ spec: - mountPath: /csi name: socket-dir resources: {{- toYaml .Values.controller.resources.csiAttacher | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter {{- if hasPrefix "/" .Values.snapshot.image.csiSnapshotter.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.snapshot.image.csiSnapshotter.repository }}:{{ .Values.snapshot.image.csiSnapshotter.tag }}" @@ -125,6 +133,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer {{- if hasPrefix "/" .Values.image.csiResizer.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" @@ -147,6 +159,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -167,6 +183,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: azurefile {{- if hasPrefix "/" .Values.image.azurefile.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}" @@ -240,6 +260,10 @@ spec: readOnly: true {{- end }} resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml index 82a79caf39..f55111f9f4 100644 --- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml +++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml @@ -76,6 +76,10 @@ spec: - "powershell.exe" - "-c" - "New-Item -ItemType Directory -Path C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\ -Force" + securityContext: + capabilities: + drop: + - ALL containers: - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} @@ -103,6 +107,10 @@ spec: fieldPath: spec.nodeName imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }} resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: azurefile {{- if hasPrefix "/" .Values.image.azurefile.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}-windows-hp" @@ -149,4 +157,8 @@ spec: fieldPath: spec.nodeName imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{- toYaml .Values.windows.resources.azurefile | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL {{- end -}} diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml index 9a193798eb..e4517ff0e3 100644 --- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml +++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml @@ -80,6 +80,10 @@ spec: value: unix://C:\\csi\\csi.sock imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -118,6 +122,10 @@ spec: - name: registration-dir mountPath: C:\registration resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: azurefile {{- if hasPrefix "/" .Values.image.azurefile.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}" @@ -193,6 +201,10 @@ spec: - name: csi-proxy-smb-pipe-v1beta1 mountPath: \\.\pipe\csi-proxy-smb-v1beta1 resources: {{- toYaml .Values.windows.resources.azurefile | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml index 3afcecb755..6332c7f4c8 100644 --- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml +++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml @@ -82,6 +82,10 @@ spec: - --v=2 imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -114,6 +118,10 @@ spec: - name: registration-dir mountPath: /registration resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: azurefile {{- if hasPrefix "/" .Values.image.azurefile.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}" @@ -172,6 +180,9 @@ spec: imagePullPolicy: {{ .Values.image.azurefile.pullPolicy }} securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml b/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml index d84398364d..d9e8e6f248 100644 --- a/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml +++ b/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml @@ -71,4 +71,8 @@ spec: - "--leader-election-namespace={{ .Release.Namespace }}" resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }} imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }} + securityContext: + capabilities: + drop: + - ALL {{- end -}} diff --git a/deploy/csi-azurefile-controller.yaml b/deploy/csi-azurefile-controller.yaml index 3d2e7c21ce..f71087d50b 100644 --- a/deploy/csi-azurefile-controller.yaml +++ b/deploy/csi-azurefile-controller.yaml @@ -53,6 +53,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-attacher image: mcr.microsoft.com/oss/kubernetes-csi/csi-attacher:v4.3.0 args: @@ -75,6 +79,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v6.2.1 args: @@ -94,6 +102,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0 args: @@ -116,6 +128,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 args: @@ -132,6 +148,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: azurefile image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.10 imagePullPolicy: IfNotPresent @@ -173,6 +193,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/deploy/csi-azurefile-node-windows-hostprocess.yaml b/deploy/csi-azurefile-node-windows-hostprocess.yaml index be0a24bf76..455a4dc270 100644 --- a/deploy/csi-azurefile-node-windows-hostprocess.yaml +++ b/deploy/csi-azurefile-node-windows-hostprocess.yaml @@ -49,6 +49,10 @@ spec: - "powershell.exe" - "-c" - "New-Item -ItemType Directory -Path C:\\var\\lib\\kubelet\\plugins\\file.csi.azure.com\\ -Force" + securityContext: + capabilities: + drop: + - ALL containers: - name: node-driver-registrar image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 @@ -77,6 +81,10 @@ spec: requests: cpu: 30m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: azurefile image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.10-windows-hp imagePullPolicy: IfNotPresent @@ -108,3 +116,7 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL diff --git a/deploy/csi-azurefile-node-windows.yaml b/deploy/csi-azurefile-node-windows.yaml index b5558fa403..20739aa72e 100644 --- a/deploy/csi-azurefile-node-windows.yaml +++ b/deploy/csi-azurefile-node-windows.yaml @@ -57,6 +57,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 args: @@ -93,6 +97,10 @@ spec: requests: cpu: 30m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: azurefile image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.10 imagePullPolicy: IfNotPresent @@ -150,6 +158,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/deploy/csi-azurefile-node.yaml b/deploy/csi-azurefile-node.yaml index 46fbc2545d..5587228671 100644 --- a/deploy/csi-azurefile-node.yaml +++ b/deploy/csi-azurefile-node.yaml @@ -54,6 +54,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 args: @@ -84,6 +88,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: azurefile image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.10 imagePullPolicy: IfNotPresent @@ -117,6 +125,9 @@ spec: fieldPath: spec.nodeName securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/csi-snapshot-controller.yaml b/deploy/csi-snapshot-controller.yaml index 7ab1102ee4..56c7a65f08 100644 --- a/deploy/csi-snapshot-controller.yaml +++ b/deploy/csi-snapshot-controller.yaml @@ -53,3 +53,7 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL