From a1bab4fd5c7abc5431678acba3a3d7cc61d24508 Mon Sep 17 00:00:00 2001
From: Nicholas openSUSE Software Engineer <nicholas.paolillo@suse.com>
Date: Mon, 27 Jan 2025 15:17:05 -0300
Subject: [PATCH] [release-v2.9] forward ports after 2.9.6 (#5046)

---
 .../fleet-agent-103.1.12+up0.9.13.tgz         |  Bin 0 -> 3206 bytes
 .../fleet-crd/fleet-crd-103.1.12+up0.9.13.tgz |  Bin 0 -> 50475 bytes
 assets/fleet/fleet-103.1.12+up0.9.13.tgz      |  Bin 0 -> 5343 bytes
 ...rvester-cloud-provider-103.0.4+up0.2.7.tgz |  Bin 0 -> 5476 bytes
 ...rvester-cloud-provider-103.0.5+up0.2.8.tgz |  Bin 0 -> 5473 bytes
 ...rvester-cloud-provider-103.0.6+up0.2.9.tgz |  Bin 0 -> 5463 bytes
 .../harvester-csi-driver-103.0.5+up0.1.22.tgz |  Bin 0 -> 3845 bytes
 .../neuvector-crd-103.0.8+up2.8.4.tgz         |  Bin 0 -> 3393 bytes
 .../neuvector-monitor-103.0.8+up2.8.4.tgz     |  Bin 0 -> 8353 bytes
 .../neuvector/neuvector-103.0.8+up2.8.4.tgz   |  Bin 0 -> 26684 bytes
 ...ncher-aks-operator-crd-103.7.0+up1.2.7.tgz |  Bin 0 -> 1246 bytes
 .../rancher-aks-operator-103.7.0+up1.2.7.tgz  |  Bin 0 -> 2049 bytes
 ...ncher-eks-operator-crd-103.7.0+up1.3.7.tgz |  Bin 0 -> 1208 bytes
 .../rancher-eks-operator-103.7.0+up1.3.7.tgz  |  Bin 0 -> 2041 bytes
 ...ncher-gke-operator-crd-103.7.0+up1.2.7.tgz |  Bin 0 -> 1413 bytes
 .../rancher-gke-operator-103.7.0+up1.2.7.tgz  |  Bin 0 -> 2075 bytes
 .../rancher-webhook-103.0.14+up0.4.15.tgz     |  Bin 0 -> 2800 bytes
 .../fleet-agent/103.1.12+up0.9.13/Chart.yaml  |   15 +
 .../fleet-agent/103.1.12+up0.9.13/README.md   |    8 +
 .../103.1.12+up0.9.13/templates/_helpers.tpl  |   22 +
 .../templates/configmap.yaml                  |   13 +
 .../templates/deployment.yaml                 |   51 +
 .../templates/network_policy_allow_all.yaml   |   15 +
 .../patch_default_serviceaccount.yaml         |   28 +
 .../103.1.12+up0.9.13/templates/rbac.yaml     |   28 +
 .../103.1.12+up0.9.13/templates/secret.yaml   |   10 +
 .../templates/serviceaccount.yaml             |    4 +
 .../103.1.12+up0.9.13/templates/validate.yaml |   11 +
 .../fleet-agent/103.1.12+up0.9.13/values.yaml |   67 +
 charts/fleet-crd/103.1.12+up0.9.13/Chart.yaml |   13 +
 charts/fleet-crd/103.1.12+up0.9.13/README.md  |    5 +
 .../103.1.12+up0.9.13/templates/crds.yaml     | 6859 +++++++++++++++
 .../templates/gitjobs-crds.yaml               | 7690 +++++++++++++++++
 .../fleet-crd/103.1.12+up0.9.13/values.yaml   |    1 +
 charts/fleet/103.1.12+up0.9.13/Chart.yaml     |   22 +
 charts/fleet/103.1.12+up0.9.13/README.md      |   30 +
 .../charts/gitjob/.helmignore                 |   23 +
 .../charts/gitjob/Chart.yaml                  |    5 +
 .../charts/gitjob/templates/_helpers.tpl      |    7 +
 .../charts/gitjob/templates/clusterrole.yaml  |   38 +
 .../gitjob/templates/clusterrolebinding.yaml  |   12 +
 .../charts/gitjob/templates/deployment.yaml   |   52 +
 .../charts/gitjob/templates/leases.yaml       |   23 +
 .../charts/gitjob/templates/service.yaml      |   12 +
 .../gitjob/templates/serviceaccount.yaml      |    4 +
 .../charts/gitjob/values.yaml                 |   27 +
 .../103.1.12+up0.9.13/templates/_helpers.tpl  |   22 +
 .../templates/configmap.yaml                  |   26 +
 .../templates/deployment.yaml                 |  102 +
 .../job_cleanup_clusterregistrations.yaml     |   40 +
 .../103.1.12+up0.9.13/templates/rbac.yaml     |  114 +
 .../templates/serviceaccount.yaml             |   12 +
 charts/fleet/103.1.12+up0.9.13/values.yaml    |   87 +
 .../103.0.4+up0.2.7/.helmignore               |   23 +
 .../103.0.4+up0.2.7/Chart.lock                |    6 +
 .../103.0.4+up0.2.7/Chart.yaml                |   27 +
 .../charts/kube-vip/.helmignore               |   23 +
 .../charts/kube-vip/Chart.yaml                |    6 +
 .../charts/kube-vip/templates/_helpers.tpl    |   74 +
 .../charts/kube-vip/templates/daemonset.yaml  |   51 +
 .../charts/kube-vip/templates/rbac.yaml       |   36 +
 .../charts/kube-vip/values.yaml               |   79 +
 .../103.0.4+up0.2.7/ci/kind-values.yaml       |    3 +
 .../dependency_charts/kube-vip/.helmignore    |   23 +
 .../dependency_charts/kube-vip/Chart.yaml     |    9 +
 .../kube-vip/templates/_helpers.tpl           |   80 +
 .../kube-vip/templates/daemonset.yaml         |   91 +
 .../kube-vip/templates/rbac.yaml              |   36 +
 .../dependency_charts/kube-vip/values.yaml    |  126 +
 .../103.0.4+up0.2.7/questions.yml             |   11 +
 .../103.0.4+up0.2.7/templates/_helpers.tpl    |   69 +
 .../103.0.4+up0.2.7/templates/deployment.yaml |   57 +
 .../103.0.4+up0.2.7/templates/rbac.yaml       |   37 +
 .../103.0.4+up0.2.7/values.yaml               |  106 +
 .../103.0.5+up0.2.8/.helmignore               |   23 +
 .../103.0.5+up0.2.8/Chart.lock                |    6 +
 .../103.0.5+up0.2.8/Chart.yaml                |   27 +
 .../charts/kube-vip/.helmignore               |   23 +
 .../charts/kube-vip/Chart.yaml                |    6 +
 .../charts/kube-vip/templates/_helpers.tpl    |   74 +
 .../charts/kube-vip/templates/daemonset.yaml  |   51 +
 .../charts/kube-vip/templates/rbac.yaml       |   36 +
 .../charts/kube-vip/values.yaml               |   79 +
 .../103.0.5+up0.2.8/ci/kind-values.yaml       |    3 +
 .../dependency_charts/kube-vip/.helmignore    |   23 +
 .../dependency_charts/kube-vip/Chart.yaml     |    9 +
 .../kube-vip/templates/_helpers.tpl           |   80 +
 .../kube-vip/templates/daemonset.yaml         |   91 +
 .../kube-vip/templates/rbac.yaml              |   36 +
 .../dependency_charts/kube-vip/values.yaml    |  126 +
 .../103.0.5+up0.2.8/questions.yml             |   11 +
 .../103.0.5+up0.2.8/templates/_helpers.tpl    |   69 +
 .../103.0.5+up0.2.8/templates/deployment.yaml |   57 +
 .../103.0.5+up0.2.8/templates/rbac.yaml       |   37 +
 .../103.0.5+up0.2.8/values.yaml               |  106 +
 .../103.0.6+up0.2.9/.helmignore               |   23 +
 .../103.0.6+up0.2.9/Chart.lock                |    6 +
 .../103.0.6+up0.2.9/Chart.yaml                |   27 +
 .../charts/kube-vip/.helmignore               |   23 +
 .../charts/kube-vip/Chart.yaml                |    6 +
 .../charts/kube-vip/templates/_helpers.tpl    |   74 +
 .../charts/kube-vip/templates/daemonset.yaml  |   51 +
 .../charts/kube-vip/templates/rbac.yaml       |   36 +
 .../charts/kube-vip/values.yaml               |   79 +
 .../103.0.6+up0.2.9/ci/kind-values.yaml       |    3 +
 .../dependency_charts/kube-vip/.helmignore    |   23 +
 .../dependency_charts/kube-vip/Chart.yaml     |    9 +
 .../kube-vip/templates/_helpers.tpl           |   91 +
 .../kube-vip/templates/daemonset.yaml         |   91 +
 .../kube-vip/templates/rbac.yaml              |   36 +
 .../dependency_charts/kube-vip/values.yaml    |  126 +
 .../103.0.6+up0.2.9/questions.yml             |   11 +
 .../103.0.6+up0.2.9/templates/_helpers.tpl    |   69 +
 .../103.0.6+up0.2.9/templates/deployment.yaml |   57 +
 .../103.0.6+up0.2.9/templates/rbac.yaml       |   37 +
 .../103.0.6+up0.2.9/values.yaml               |  106 +
 .../103.0.5+up0.1.22/.helmignore              |   23 +
 .../103.0.5+up0.1.22/Chart.yaml               |   22 +
 .../103.0.5+up0.1.22/questions.yml            |   11 +
 .../103.0.5+up0.1.22/templates/NOTES.txt      |    1 +
 .../103.0.5+up0.1.22/templates/_helpers.tpl   |   62 +
 .../103.0.5+up0.1.22/templates/csidriver.yaml |   10 +
 .../103.0.5+up0.1.22/templates/daemonset.yaml |  152 +
 .../templates/deployment.yaml                 |   95 +
 .../103.0.5+up0.1.22/templates/rbac.yaml      |   75 +
 .../templates/storageclass.yaml               |   10 +
 .../103.0.5+up0.1.22/values.yaml              |   56 +
 .../neuvector-crd/103.0.8+up2.8.4/Chart.yaml  |   16 +
 .../neuvector-crd/103.0.8+up2.8.4/README.md   |   14 +
 .../103.0.8+up2.8.4/templates/_helpers.tpl    |   32 +
 .../103.0.8+up2.8.4/templates/crd.yaml        |  977 +++
 .../neuvector-crd/103.0.8+up2.8.4/values.yaml |    9 +
 .../103.0.8+up2.8.4/Chart.yaml                |   27 +
 .../103.0.8+up2.8.4/README.md                 |   22 +
 .../103.0.8+up2.8.4/app-readme.md             |    5 +
 .../dashboards/nv_dashboard.json              | 2036 +++++
 .../103.0.8+up2.8.4/questions.yaml            |   27 +
 .../103.0.8+up2.8.4/templates/_helpers.tpl    |   40 +
 .../103.0.8+up2.8.4/templates/dashboard.yaml  |   19 +
 .../templates/exporter-deployment.yaml        |   75 +
 .../templates/exporter-service.yaml           |   29 +
 .../templates/exporter-servicemonitor.yaml    |   39 +
 .../103.0.8+up2.8.4/templates/secret.yaml     |   15 +
 .../103.0.8+up2.8.4/values.yaml               |   59 +
 charts/neuvector/103.0.8+up2.8.4/.helmignore  |   21 +
 charts/neuvector/103.0.8+up2.8.4/Chart.yaml   |   27 +
 charts/neuvector/103.0.8+up2.8.4/README.md    |  309 +
 .../neuvector/103.0.8+up2.8.4/app-readme.md   |   35 +
 .../103.0.8+up2.8.4/crds/_helpers.tpl         |   32 +
 .../neuvector/103.0.8+up2.8.4/questions.yaml  |  283 +
 .../103.0.8+up2.8.4/templates/NOTES.txt       |   25 +
 .../103.0.8+up2.8.4/templates/_helpers.tpl    |   61 +
 .../templates/admission-webhook-service.yaml  |   17 +
 .../templates/bootstrap-secret.yaml           |   16 +
 .../templates/cert-manager-secret.yaml        |   33 +
 .../templates/clusterrole.yaml                |  117 +
 .../templates/clusterrolebinding-least.yaml   |  145 +
 .../templates/clusterrolebinding.yaml         |  142 +
 .../templates/controller-deployment.yaml      |  334 +
 .../templates/controller-ingress.yaml         |  213 +
 .../templates/controller-lease.yaml           |   10 +
 .../templates/controller-route.yaml           |   95 +
 .../templates/controller-secret.yaml          |   33 +
 .../templates/controller-service.yaml         |  129 +
 .../templates/crd-role-least.yaml             |  403 +
 .../103.0.8+up2.8.4/templates/crd-role.yaml   |  403 +
 .../templates/crd-webhook-service.yaml        |   19 +
 .../templates/enforcer-daemonset.yaml         |  195 +
 .../templates/init-configmap.yaml             |   12 +
 .../templates/init-secret.yaml                |   14 +
 .../templates/manager-deployment.yaml         |  164 +
 .../templates/manager-ingress.yaml            |   69 +
 .../templates/manager-route.yaml              |   32 +
 .../templates/manager-secret.yaml             |   24 +
 .../templates/manager-service.yaml            |   35 +
 .../103.0.8+up2.8.4/templates/psp.yaml        |  154 +
 .../103.0.8+up2.8.4/templates/pvc.yaml        |   26 +
 .../templates/registry-adapter-ingress.yaml   |  106 +
 .../templates/registry-adapter-secret.yaml    |   21 +
 .../templates/registry-adapter.yaml           |  204 +
 .../103.0.8+up2.8.4/templates/role-least.yaml |   28 +
 .../103.0.8+up2.8.4/templates/role.yaml       |  132 +
 .../templates/rolebinding-least.yaml          |  269 +
 .../templates/rolebinding.yaml                |  173 +
 .../templates/scanner-deployment.yaml         |  121 +
 .../templates/serviceaccount-least.yaml       |   76 +
 .../templates/serviceaccount.yaml             |   12 +
 .../templates/updater-cronjob.yaml            |   80 +
 .../templates/upgrader-cronjob.yaml           |   84 +
 .../templates/upgrader-lease.yaml             |   11 +
 .../templates/validate-psp-install.yaml       |    7 +
 charts/neuvector/103.0.8+up2.8.4/values.yaml  |  606 ++
 .../103.7.0+up1.2.7/Chart.yaml                |   12 +
 .../103.7.0+up1.2.7/templates/crds.yaml       |  211 +
 .../103.7.0+up1.2.7/Chart.yaml                |   20 +
 .../103.7.0+up1.2.7/templates/NOTES.txt       |    4 +
 .../103.7.0+up1.2.7/templates/_helpers.tpl    |   25 +
 .../templates/clusterrole.yaml                |   15 +
 .../templates/clusterrolebinding.yaml         |   13 +
 .../103.7.0+up1.2.7/templates/deployment.yaml |   61 +
 .../templates/serviceaccount.yaml             |    5 +
 .../103.7.0+up1.2.7/values.yaml               |   23 +
 .../103.7.0+up1.3.7/Chart.yaml                |   12 +
 .../103.7.0+up1.3.7/templates/crds.yaml       |  226 +
 .../103.7.0+up1.3.7/Chart.yaml                |   20 +
 .../103.7.0+up1.3.7/templates/NOTES.txt       |    4 +
 .../103.7.0+up1.3.7/templates/_helpers.tpl    |   25 +
 .../templates/clusterrole.yaml                |   15 +
 .../templates/clusterrolebinding.yaml         |   13 +
 .../103.7.0+up1.3.7/templates/deployment.yaml |   61 +
 .../templates/serviceaccount.yaml             |    5 +
 .../103.7.0+up1.3.7/values.yaml               |   22 +
 .../103.7.0+up1.2.7/Chart.yaml                |   12 +
 .../103.7.0+up1.2.7/templates/crds.yaml       |  250 +
 .../103.7.0+up1.2.7/Chart.yaml                |   20 +
 .../103.7.0+up1.2.7/templates/NOTES.txt       |    4 +
 .../103.7.0+up1.2.7/templates/_helpers.tpl    |   25 +
 .../templates/clusterrole.yaml                |   15 +
 .../templates/clusterrolebinding.yaml         |   13 +
 .../103.7.0+up1.2.7/templates/deployment.yaml |   62 +
 .../templates/serviceaccount.yaml             |    5 +
 .../103.7.0+up1.2.7/values.yaml               |   23 +
 .../103.0.14+up0.4.15/Chart.yaml              |   14 +
 .../103.0.14+up0.4.15/templates/_helpers.tpl  |   22 +
 .../templates/deployment.yaml                 |   82 +
 .../103.0.14+up0.4.15/templates/rbac.yaml     |   12 +
 .../103.0.14+up0.4.15/templates/secret.yaml   |   11 +
 .../103.0.14+up0.4.15/templates/service.yaml  |   13 +
 .../templates/serviceaccount.yaml             |   11 +
 .../103.0.14+up0.4.15/templates/webhook.yaml  |    9 +
 .../103.0.14+up0.4.15/tests/README.md         |   16 +
 .../tests/deployment_test.yaml                |   73 +
 .../103.0.14+up0.4.15/tests/service_test.yaml |   18 +
 .../103.0.14+up0.4.15/values.yaml             |   30 +
 index.yaml                                    |  401 +
 release.yaml                                  |   32 +-
 236 files changed, 29907 insertions(+), 1 deletion(-)
 create mode 100644 assets/fleet-agent/fleet-agent-103.1.12+up0.9.13.tgz
 create mode 100644 assets/fleet-crd/fleet-crd-103.1.12+up0.9.13.tgz
 create mode 100644 assets/fleet/fleet-103.1.12+up0.9.13.tgz
 create mode 100644 assets/harvester-cloud-provider/harvester-cloud-provider-103.0.4+up0.2.7.tgz
 create mode 100644 assets/harvester-cloud-provider/harvester-cloud-provider-103.0.5+up0.2.8.tgz
 create mode 100644 assets/harvester-cloud-provider/harvester-cloud-provider-103.0.6+up0.2.9.tgz
 create mode 100644 assets/harvester-csi-driver/harvester-csi-driver-103.0.5+up0.1.22.tgz
 create mode 100644 assets/neuvector-crd/neuvector-crd-103.0.8+up2.8.4.tgz
 create mode 100644 assets/neuvector-monitor/neuvector-monitor-103.0.8+up2.8.4.tgz
 create mode 100644 assets/neuvector/neuvector-103.0.8+up2.8.4.tgz
 create mode 100644 assets/rancher-aks-operator-crd/rancher-aks-operator-crd-103.7.0+up1.2.7.tgz
 create mode 100644 assets/rancher-aks-operator/rancher-aks-operator-103.7.0+up1.2.7.tgz
 create mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-103.7.0+up1.3.7.tgz
 create mode 100644 assets/rancher-eks-operator/rancher-eks-operator-103.7.0+up1.3.7.tgz
 create mode 100644 assets/rancher-gke-operator-crd/rancher-gke-operator-crd-103.7.0+up1.2.7.tgz
 create mode 100644 assets/rancher-gke-operator/rancher-gke-operator-103.7.0+up1.2.7.tgz
 create mode 100644 assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15.tgz
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/Chart.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/README.md
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/_helpers.tpl
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/configmap.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/deployment.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/network_policy_allow_all.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/rbac.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/secret.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/serviceaccount.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/templates/validate.yaml
 create mode 100644 charts/fleet-agent/103.1.12+up0.9.13/values.yaml
 create mode 100644 charts/fleet-crd/103.1.12+up0.9.13/Chart.yaml
 create mode 100644 charts/fleet-crd/103.1.12+up0.9.13/README.md
 create mode 100644 charts/fleet-crd/103.1.12+up0.9.13/templates/crds.yaml
 create mode 100644 charts/fleet-crd/103.1.12+up0.9.13/templates/gitjobs-crds.yaml
 create mode 100644 charts/fleet-crd/103.1.12+up0.9.13/values.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/Chart.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/README.md
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/.helmignore
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/Chart.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/_helpers.tpl
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrole.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrolebinding.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/deployment.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/leases.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/service.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/charts/gitjob/values.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/templates/_helpers.tpl
 create mode 100644 charts/fleet/103.1.12+up0.9.13/templates/configmap.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/templates/deployment.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/templates/job_cleanup_clusterregistrations.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/templates/rbac.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/103.1.12+up0.9.13/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.lock
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/daemonset.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/ci/kind-values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/daemonset.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/questions.yml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/deployment.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.4+up0.2.7/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.lock
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/daemonset.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/ci/kind-values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/daemonset.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/questions.yml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/deployment.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.5+up0.2.8/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.lock
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/daemonset.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/ci/kind-values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/.helmignore
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/Chart.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/daemonset.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/values.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/questions.yml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/_helpers.tpl
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/deployment.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/rbac.yaml
 create mode 100644 charts/harvester-cloud-provider/103.0.6+up0.2.9/values.yaml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/.helmignore
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/Chart.yaml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/questions.yml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/templates/NOTES.txt
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/templates/_helpers.tpl
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/templates/csidriver.yaml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/templates/daemonset.yaml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/templates/deployment.yaml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/templates/rbac.yaml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/templates/storageclass.yaml
 create mode 100644 charts/harvester-csi-driver/103.0.5+up0.1.22/values.yaml
 create mode 100644 charts/neuvector-crd/103.0.8+up2.8.4/Chart.yaml
 create mode 100644 charts/neuvector-crd/103.0.8+up2.8.4/README.md
 create mode 100644 charts/neuvector-crd/103.0.8+up2.8.4/templates/_helpers.tpl
 create mode 100644 charts/neuvector-crd/103.0.8+up2.8.4/templates/crd.yaml
 create mode 100644 charts/neuvector-crd/103.0.8+up2.8.4/values.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/Chart.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/README.md
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/app-readme.md
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/dashboards/nv_dashboard.json
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/questions.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/templates/_helpers.tpl
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/templates/dashboard.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-deployment.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-service.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-servicemonitor.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/templates/secret.yaml
 create mode 100644 charts/neuvector-monitor/103.0.8+up2.8.4/values.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/.helmignore
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/Chart.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/README.md
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/app-readme.md
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/crds/_helpers.tpl
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/questions.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/NOTES.txt
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/_helpers.tpl
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/admission-webhook-service.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/bootstrap-secret.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/cert-manager-secret.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/clusterrole.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding-least.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/controller-deployment.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/controller-ingress.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/controller-lease.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/controller-route.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/controller-secret.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/controller-service.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/crd-role-least.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/crd-role.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/crd-webhook-service.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/enforcer-daemonset.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/init-configmap.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/init-secret.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/manager-deployment.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/manager-ingress.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/manager-route.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/manager-secret.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/manager-service.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/psp.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/pvc.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-ingress.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-secret.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/role-least.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/role.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/rolebinding-least.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/rolebinding.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/scanner-deployment.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount-least.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/updater-cronjob.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/upgrader-cronjob.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/upgrader-lease.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/templates/validate-psp-install.yaml
 create mode 100644 charts/neuvector/103.0.8+up2.8.4/values.yaml
 create mode 100644 charts/rancher-aks-operator-crd/103.7.0+up1.2.7/Chart.yaml
 create mode 100644 charts/rancher-aks-operator-crd/103.7.0+up1.2.7/templates/crds.yaml
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/Chart.yaml
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/templates/NOTES.txt
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/templates/_helpers.tpl
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrole.yaml
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/templates/deployment.yaml
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-aks-operator/103.7.0+up1.2.7/values.yaml
 create mode 100644 charts/rancher-eks-operator-crd/103.7.0+up1.3.7/Chart.yaml
 create mode 100644 charts/rancher-eks-operator-crd/103.7.0+up1.3.7/templates/crds.yaml
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/Chart.yaml
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/templates/NOTES.txt
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/templates/_helpers.tpl
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrole.yaml
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/templates/deployment.yaml
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-eks-operator/103.7.0+up1.3.7/values.yaml
 create mode 100644 charts/rancher-gke-operator-crd/103.7.0+up1.2.7/Chart.yaml
 create mode 100644 charts/rancher-gke-operator-crd/103.7.0+up1.2.7/templates/crds.yaml
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/Chart.yaml
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/templates/NOTES.txt
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/templates/_helpers.tpl
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrole.yaml
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/templates/deployment.yaml
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-gke-operator/103.7.0+up1.2.7/values.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/Chart.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/templates/secret.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/templates/service.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/tests/README.md
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/tests/deployment_test.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/tests/service_test.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15/values.yaml

diff --git a/assets/fleet-agent/fleet-agent-103.1.12+up0.9.13.tgz b/assets/fleet-agent/fleet-agent-103.1.12+up0.9.13.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..5233b9a1ce1f1daf138ea36d52333f44be80fab3
GIT binary patch
literal 3206
zcmV;140-b(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI|CbK5wQ&S(CLF1ofd$(huft<19SuFB^)d)afmDcjkrt86L@
zku3>p5a0lyJX($Z`xRa&k(6vD8IL_PtNvh1Km%xijRy~!fW{0_M`VIrcTT57>Ud6a
z_Uu8W+wFFTM@RO5x7%(1?{$Yq&w59%js{0Z!{g)rvu<y2)Ezv7?!%g~T}q{ieAfNh
zZM8f18xg{}&_q+gRT2QCL=z?^aZ0pi7*o+nQEED-m?a<yPp2ris!eH@Ax|LGvczz!
z%1t@KXogZz!4r7?pZ@{9xIc)yQ5XK*eEg&N_<U<oPI6QQNihMJ7&*UHbEPrgT12P>
z80F=UTXPGPIn^p!X&v5Do{3wvRoi#GX?#Ea-rL@f?=f8>L!vM;T}Yrd-2zh3zg88_
z`T;45)z@zP$GA5LGE}Lgg|=yLOi_48IGLb?6H^65@F%MOQYauAu2RA<psCTFYF((L
z(@D*YR<XC=m_w98tvXChgz8vpVl|rto7S!R+UpMDUfk>dTUmIsp4w;k@^Dhe{~2K=
zs)t_ycHsYDIPA9Ze|U7f$N$F=nv)3{<TpqddJsIckZ4d`Vj&dOLe5w4->IVnfF_d!
zW*!-W1Gt_d6y=D~6h2&@gBXLJBK%J|Ldj91f|K`eL7|+X1X*%U`NV28;Vmzfh7p27
z4O5gD9KhL+Brh1Q!3|wPoQgad9vuw~pkCREKU|(C5QddGruqVNK%R;WGq8SMS$2Bz
zjW))?0lXap!?6a;3q1#_fhr(Ml{sdhr&P7;ygt7&DvC}xW-yuqfm>t@Zn(JRaC#E2
z`*3<vb>TH?vs!Ufa63gkMQM$(4*=9ulq>@+&48Vrz^LRILj_|ga;qi^lth~zxW)3h
z^2$mJiKa#lso)$_tE2^x-~e*l$K14#vQlZ3F<i?MfpYk}t0=M+{2g+U;USC(Q$ANq
znrfFG2iD5#^Q(6v!vw;5(be<uEr7%cRa#m$;vQ0<#f@bZR`;BYkSS|omYILLR=6w#
zZ`L3<o5!YsIS`4!g*N3d12Wcr496tZad5zF#Yu1gFcu<#5s_=#s2PN}uPZO9+A~%t
zB~nT>!Y$R)z^T4{U3a||acLL7MQfBZ*nD?2*vyMH+u2rAD!3+e<&?gVYIa^>Dp9Mz
z4ftg(>*5YBRn=3Gs^9?LTj~Otu!EOQ37@#xG(skB&E&K`Q*wq%!CaIekuWy5{tUNM
zqHUt-XeKD11e9x(oG=48u9>^6Sus23iP@#2Q5PFLr5YZQ;T1AWwU9u#aSw*B!wSZt
zK4mg2n3x;i4s1o1N*Rj|4&Xv$2+kdBsX}DtG1Cdp9o!upz$K2?Aat{u;D%jgB2}GI
zp^PRa&9Gyvij*~r3f{5h185kVz+&m@J*P?=H!-<jp0KvQ?mL3;ox~qXDzSkomPHR=
z7$9DEIDwC!0%KXK+3%}k0YC&dI8SV4amqxQ6;jM-hB9uNTyn~(ri9UdVio{^heBgn
zc=kg{SZGr%(9||A05~3FsuQ>nSLqb9l3@@`m>4;~b#9tiP3NVraZF04{Un>)Sqo4b
z|LyCjSFrhR7460SUVIz`8IH<H;xN^HIma2Y1iBB-z3co>V_q<#QFT5~krgOatcwSr
zf?vP?KYsOUxaWV5A&W%>8ICE(YH|LYId}f-*OPe&(Q+9WMLLG~uWpmz=0mm5-8v6e
z#R^He9z*yC)d|0;0yNyB`Vy|~L7r`V4i<~f%iw<<kzFshlrhU1eCHetStPVv*TRW9
z42+6f++1>f71082g}h;cWC~JCy9`715a9`lP*|@qc-isxRfB9ZBa5H4%3Ys4w1xF3
zhJlg_qE@uLLa1;JQ6_m4;94WI)ePkU+u6_r(RCE1R?}1a>|P#Dw&Q;)_?S*|Qang7
zU<dwpk9xxv{tpNH`0wM$4dqz^r}lZjBSkYP*$Z;iBqN#_7PA>6ta6;YB=A#Y$;`t3
z1z0TVD~2bZ%cai^T|$^F7FzsS3Et9NE)UoB801-(tae&q5-t{1sVZ@~46A}+efJqA
zP}8pGESHY=E&l~0o7?CAdW-ZB0I*~J_m5w-<A1~B{(k;Hiqz*jDGJq@^#X?puh-k;
z`%yp@nA#0}weho)DJMFep8LRxn~tO?nk4}$m-A(6?HFN=;#(^KsG2w8LnA0xg$!w#
zt!s$9{TC<i&aU2{oSv<6Jj;3`MV{0W0mc+rX12zSRG<Ey=xMUDJ6;88R=O^}3eOjd
zRbTHR+A%DbYmBmG<Mq~YxlG!bnoO3<=d0E>A5N8%iaaMgtB-_LYihMfzTJARan}@z
zBAd9G5;3zyt)(v(@IxsyHfysR*?N^LeqT#dn3j_2`KjO<f7JDnCya^P_ma*i!wH_L
zlrZAnkGb9QT2ms){=(V(QV9KqGIWEUfZ6BQ)QYOEY_p1#6l6ph)f83p@n=#L&6EgE
z&d-~@s;^lJ<&36ylBS~MdNYjWpI<Y6vH;3cR%Unc^%#BvPI-o0!}qYcNn3}v;zoST
zYJwL3M{>4P`6p<%(CAnr>~x34jg8J%7+v3e?XtP9d#B01DK7L~K7Oa`$&#O_3&D*$
zwVcRieNZS9=yki@X8NC`C<~uav*f99zmo0iKSyo0x}OWdXgdFFC!P8GZERo{{~rwd
z&Go<EI~wfcKaV0&6g4=%fAW-1;+yYn2w+7BE?m}o>l0fzfnUxd>n-N5&+*~?#bPz*
zs@DK<>m7iZ7}auKh^!S!rhFn%`53TG!FGc4*XwzKKJ~3DV?Up{k54_~zb@H6{|iIj
zR{X@TUBs<jUylL1_<#4fJ^%at{rrC%Y0v+WdGhNy|7S7UGSjVlR4?jC0MI%`1`tk>
z<*}M}rb66=2^2!<h;pR~V~6frSxh9!a8o_XkfFxNP3ABGo2be(Ma(cegb|K~#K<P6
z5^cLH+-UA7>YIZvqhJz^LuiL`2J~k3#2ehPyKn<y2f>La{NdLS{&rB@zZt4gf3V#D
zE<H^Qg9)29ye}E6da+rwrBY|#)m8yMhQ5LD5JLOR&4(r$m=xbF^D!#S-^JfTQfiSK
zg{#J>UyB>$e+xa;UWT96dpkK%rpbthhhMl>eEMZrb2X~FDf3p%$L7l`C)h=nw<+FZ
z?1-c{Vmv;lIn@dD_Uq>FQns)EazxUHI|sP){qOOh{r<PVKmYeQQeXS+QzxaK3Q7NI
z0b*khaO&QtUJ8cyM+N->o~WKAO(|J2L(U^01+{x)&(xp4d~VMhDpAT58;LWNqgp})
zT<}Y;_~G*0XN51rrmjh7)0?mB;(t+|Q9k*$o<<{I+I;cx!>Z5s7!m+%4)xazuqsFY
zz*O5Yb~QDZ;H@#-)=n+<$F1Vka{DU^S?uKjWjp@6(}NGS0_=+a91r?!{2%s@_W1u8
z(t6)pq1?U4M#IHoG(19{uBhcb>TX}M<z(wdC2bv7vN{30p>8vrPV3<JhH5>(Rl**#
zzPrHbiP5iM)J%#Ui@`_;ZN{MZjlkty^Z(~Xe44Ur{`b1=`TuIL=YNkQt@*!|Fx>z8
z_o;iZm!Bis=l_f_nh}i;!vJ>f{|4>zzr$XCAOC$6SuE%nIKn35|Dv}wiv^4cW$;~f
z#`k(k71(R1t2<mi?28#tZm(giud@6>0Z}&1Uz4?Yb$AJPn(@Nffjo0(T(|URvyRPM
zB~R6xO-r_QsP@9TPG;&xhm8!Xz~8E{2b0}Zx<h+2CKpNrqc_OrK$sGBG8ER^ern&`
z%P%i={J%UqdHwDz&a($@V;BDS`tA5%|J9(k$N$HWg9Cr7)%~Ere<RDm{tieGoXt?q
zU2f!23Nmram6k~I=G6*Wav<Dau+vkb?OUXh)70<@`!1onu<4ph1=mtAW-pc+lyya^
zf`1sGC0y8xt_tnVvD&?`bwRbdo9mHy)3`VYt~B8pVS-mJm&z0^6}lU`4&BE>ItwCq
zX-s3*xKA0w8zCVV5+OrPC{v&i;p2T}K7Ci+rE|ZtQ2P}IZ(dYaKWNqUA`YCvl*6Sf
z3YkD<7lWqxhcGHN*jJ&bw%&A9P)IS6B+rSaDPe3L2f_8~X=EZTjheeVYN|!9rMo&;
sjqb-xq;QKPMK#{jwHNVIyYyc6vX{N=<qPEh0{{U3|Hv0PRRBx?0QoC2n*aa+

literal 0
HcmV?d00001

diff --git a/assets/fleet-crd/fleet-crd-103.1.12+up0.9.13.tgz b/assets/fleet-crd/fleet-crd-103.1.12+up0.9.13.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a2955e69384746266680c817513753fb079854eb
GIT binary patch
literal 50475
zcmbT7Q<&yjxNgg~ZQHIcTV1wocG<RVbQyoyc9(72Hczj$arW7lCl@m_nKQY_ljO-a
zGG4+cC^VpdmTzhxT0==CCSyrC4p|Rwb|Y3bCKF|LOD$z?4h1ze4moujD?>XI4;4jw
zeo0dsTcC?BTepqoCPrVqcjcW5ewjbqnF%>ua(iB$o~nPO7FX)iOerhBx3(ZejLaNF
zLFj;_b6p=hzA-s~e!xTf7h$i;M{q{4lR?=4;lAItq+t_VrG`H|c*lff+B@WauIH}r
zkHisvADt?{T>tHLeEWQ40eU`KC>45q-wx+XdtT2fOTV99{-nkE-9K#4?E4`82Bat%
z-rC1qe^y@|{74AJ-iM(b%kX}JDgdL+zFp+&lQuPxf3*}2E|ig;GnX_-t%^ADv5}ik
zt~EcAj7Y?L{L$|qZxVod2bUo*HF1=LTQ0fv4wE+hQ(W`4`*}GqJe!8QGMA^Vi0;s>
z{@GH9C6GMh)R0ePvD+^g_Kg%d(dh|p)Atq%Q|xhi<lg>Rq1!tdB?C%}>Sf*SP3!@M
zwUY!SCr#=013sY>4Z4j;W{e8y9$D^T-ntm(_2PkTHcV!U9{kavHd*w~d^DhyFJyM&
z@bXO2&85YTPJzIW+mFTXZpbe+1b<0ysprRc3m0t!9~dZ9&i9By%hY$8LayxbH}M)^
zW}Q97LW(u8Of;Fg{{doHvss9YaluUB-NuU0ymGpS#3R8_?7)&_uImnX`_=F6pz`mP
z_M7GY{^!yzx_l89PMS3=!H2_2Z_)NY^c;K~;g(-ltW(C>QOV@N>$$}_6*@$sFR=u-
z^<$9BuqGyw>}O>&kslu=Rx%t&)DuPc`jWeAuJ8hG8&08qqXbVJ`yu-1srd9Oh^fJ3
zKYAnirX*L7!9`te6B4UHkwmnTU$4OLyIt@~*Q@*xk;#_2gCfqj3FH$|m$#E5BsRG=
z=B>i+x0HtO@up|HM?2=Db$;&fIPxPi2h?c^h&Y$m(j4*?*N@(q*@=VVcbJvA)qMu7
zo%BhPQ)!F+%5@e;$K>zoxp*aSe-CD5HGMta_IdI<dh6Q$dOCscJ3TtN@0oBWA=gW&
zw$~e2|3b{9w9nhA(%7ebieu4C!dreg05>!TF#3JmwcmpZ(+gd;c4$9*s!1pIlT%K>
zx2$LcAT*%;VP|YWW3IvRA!#H!YD$JlEVE(tTX=gdWjBOc?<()v#XzTyWs<H}q9H*t
z3uh^3l7ZSAUxJ06s$bF~3SQqnkvEN<YW@lZ3;3K!7PXR#*JF4|)-pEDv->rs`A&*;
ziYk@HRu17Kv52EczDa2Ih}sK%vK@2ABw@ci__KcVP@1rDDX&a4+Y~qWy4HX9ablnr
z(^9;KPzJ0o^0&nw@QF!;(#?i1;2&i@3D&?l^@|^^x3a|U1&i1uc}-!Oti4Oy9lX-^
zy!Uw0?AN5BbE%Z^3s<TlE;Q%pz%;+w#cScQ_M*OtBhGASHfz|eQRZyNgB!F-*gR0W
zjUKKSkAH7jc;Y#DRa$wG#-AuOzYWoCerd#VN+R*2sMHTrR;kr~_RBCp725o<CN~#L
z>0n05Jti-*a?W%p0n<&6g!RZw)K1KiZqGDKs46FkpaJI|0?+AtNMDunc&oHR#dGW4
z7%z?QAn6=`1~o0;!d>aMqfiGVekGOcXB{uwSL(L1J8Eb)Sj3PXYYNC|jirjFtEUAX
z-(dI81uB<Z#Fls-k2w{nYLSg@OOvE*eDPer&T(7Z_LfDe5GLoEGhp+KaQ~UABSY-T
z_FO!WWmNnK<S>oA#GHU>^mPIeYk<f1*hFDqljuQmDR1_>yvV&D9*9*$iCFqTD8Aub
z&oV<e8hm;PpTWoEywBCw$S`$JNHCX-aPpder7XlXe0!`$o#9P8KGNhg;RS9FwttR6
zP&Lta$VKj)9Cy)nN{BB5_Abp6wN5;gyrI+HIT+qxZ@_j5<l+mzvPdluBjlE4U2el~
znKju(C+EndhB0D52yUoyto~UNw_#Aa^s|u{-wukpdw}g7G$k@h4o%G0q6gGR@^^3v
zoPHsBiDw^PUGr<8wV7RLqxJl94JtODx!Dc4VYzqHFJrsOi+=tHFik683wv79I2o6g
zl0P_y#b6K=jd-iPJK&mD1mJuNolz(g54`d_XIWILWQ1JI1*oQnvqDNOX5}eh&et6o
z@Cp2TRaqRPSmzW{;wVF62Sk9&eX0=}&GYjqxJQjbI7Uf|YyKl9Ib<kY8chK|!1Yup
z3p#tqRprr-=`xkfH>Rjank_x#jXD*iqU=DR^$*z59CLNd&-DtsTzC$qko|@!uB`2*
zJE;x0_=Nb!oM`GKH4R=Ntj+jI=o2=rUb^sJ7&7y!X8SMOdVf4<-q%o@d`wz!SHP8B
zl(x^j-6)Z<O*6*fgF{(keN9RJ7ic^XTCPSRG16<4?Dn=+E{p(v+xt0&qwDz*h6Njc
zY-O?SiEr)8$jBVs?;oVrTB5UH52{i-Wbk93K9>^NvyGXd+&pO)V7iXQ-}fK<DV_#&
zVwl;Zv^6`7eV4%q@*b??w=SI5eVV3FumPNzW^&d21JYTSa~oKTJWA!@zZmFF_eK$U
z%CHl#qdH`<%~@-Ar#lEE&(fq@Tyz@MuDbW@jX^vnKZL``GtE$ck2(k|C8r8n%^cK{
z&}I(8Q&Sp={VZTiD7(ZQ+LXiXQkJ+{%$WxH$#v7HzO?QL=cpeB`w1>d=*z=NUtPC6
zK@}+m5YNJ7qcC8&#>33S{SevitNr|rfRPo8C(RD1;~}l)tmfN(k+di}pH_}&lyr<@
zrB|}(o<jN)?cbNCExgbiQ?_}vq=RE<ASDICkz9mZ&&>nOPjlmx)Pk>DPfD6*a~moh
zzDoytxkT!IKT6y9s_=Ybi^ql27Y2d|HnPtv+oZ66M<R}2N#NSQa2TSjo2UfUuhLux
zqO^A6P1z9g{1cnL=NYYK_+yL@va(V_Gw#nX$GKYc4(f-Rpd7Vr9pO3aQJqHi3;vAg
z_z|06qi3gR3j!u$+ev#$R+LDVg8X=HOKT=$S?R6&s||kRNoimD+1guwOX^&X1d0-R
zn#=Kt;Ngr+BT5XDB5KV&7UdKfjx#(0eU~jKZ$PBve5IB&$XD@AAV{SYHx~>fA<MB(
zki%z6TU1k>8`b`p4f_zXp=%mK)DgCV-OsV>l^Y4(iCHR_DO2@0;}g5+Ju)F?YI1DF
zgOACOC{!#H?wqLd_smPF!h23kr&!<qK*i=aeFG4@qvW^zJz1xB4!k*dM%^lciuUcz
z-mJMp7CU*DHWxMNmN}Q9)~*q!Twx2-!%F<@6mFC$jS2vFHfm}jnqi3OAGArxwy~|N
zu;62GjDx0Bg3o%lV;q}qvtWhbN@s|@d?N0i$8kdk8=R{K6S+iOuDa0Zh+kq}JP|WT
z5E6F7)kBNj31JJ%{BXX}9=0n5`00)V1GXL}n<+`iko-mKa*iU+wag~J?RbTqL!mGb
z<Zq$my2WAy^m^Kz0PW6|)7=ZD2t~nA)%Bt?LT<q@RU}ZzwvJp?rZ%OI;dN{eZKo~T
z+7@-bUbT|v-`6&SaYk9MK4M+>AbE-+Xs;H>hv-dwNw`SOKjeNGU0@lyp|36JZALxS
z3$~g;Ev6s|flJi#vm|^4WCArEUAhHIYwpomWH4WjPTW%sL;M&v4>rKw%U#dRg8mMY
zQUQ&=u!Nkyve;(`ysVwy&^z}rQPAwF6I5Jmh`tx)TcGQ6X_;s93$~~prorLtmtgC#
zpnXFCjqEZc9YOkhym1TC2b+BI97w!|Zos4XAzk*Vhdxl*dWtc4+lY_+gH4ovv|6$!
zu!};IfW1s0p3Y5egodDrpci`V1ip^t2gZO*K41WqOtLSF;7O#?LE|>t4*U<i{1Y63
zMB+;N-s*&le=4?KK?l2GC;{-ZuFzm&6ds=|T*{F24qNB3Fb7k<{ewy@aSwX3W4H*5
zUIM(<?P?^I7?|ht5%?ZR7f;WFym&l%inPrP$azc|XY4jO$o@hXu3yM&X^ai1m;A6J
z&W%PiUkz|<ic&dmM{9d5#kSa^^m6VlNguRLi1D{P6NT|+6t^(tQlVks&E${$6LbDQ
zd9z0Q7e3FN>1)(Ie{Z23=!Dy&sHm%~8pa5nvE(0~Z)r31LK*zWgo7Nh4bj`cKCkr1
zfhAzGe2gi%GPaKo+ocA*vP1;B_IeX)qBnEzN*lpWAHG%e@1~D1V^pGYxC*CUnQ7cc
zrrkusGWCHQN)FDR<`lQ|QtYKp;+|cf53vZ-lWu@~p8N-zeB$QS#jH1SXNFpS%f%N#
zQx!ggsX0t#AADlE;}fS-bB*Zbs|qxRm0?KyeXR`MjNh5^(9@X7A<cd>nzF0(J+m!?
z&njKS;CTa>-wkh+8b7^lSVpe(k(!mx%}**BpZnxts{jyBaGyN_`>Wf8)7_ur=6<=W
z-|vXerPF@TtKT_Ze%~JgzCQZ7)#M>3n?>b|=9(`9>n#94b&{+A${PQZlhp-bb<Lan
zpf4khhX`!a5je4#-mGI3)G|LKFGU$I!-G64HJcvI2FI43;n;7h8DoVHon73!vsh%}
z<%P<fX0w;(SB$Y+_yjY@$A>jnv+p)#lw00V90R21Jmg7e#zl51E}4D%^_J@84T7bd
z)2MR<WpLpZvxzP0#ih*m`)h|}gREcQ7JFJSbk*Tt%TVpXJ6nM=Qjal}t@p^G=@jk6
zxT`ZLAF^mNjeAWNM)K(bu5Jef@HA=H=A4ItP~vC_tZ62^v~sDJHkR`?UE3_IpRs17
zP~XO%^1O83(0)pIz^t$YnrH`3$WKkP$l^k@0|cs1k==oaR$UhUoq@-K606a>Ahc%v
ztBEyEIxi8h<;`TsqL+)BZg8h390Yv`<G~}wCE#dt*d|mblW>aG!3SMZW!Xi}LP`}{
z)K2G4%nI(l?Gt0qQl1q(Kb(o}OQWJ0<q0We0()NHDu>ih=SyJ&dp@6NJBjrDUWexG
zbG_dm#u*9xKDl%m<_;QLHFNd?rB6)kc-T&#OXCHe)j!=Zh3ofvJZ~Sy?LQ6eZiiJx
zQqx*r0&KS8g|44~F6HpH5~2E|*Fn}1h;fkn9WGi)t1Rkn=Skr$_TeTIPN5M|o^TH}
zg+;KX;Qg9nRubOQ#_&-sVTR^-Yz<Pna6F7p5QVcPpBF^nEP}yTZqj`4ImfF@ik9r=
z74IAU5{jN~2ohi@DD;}G!d9?0m2Ra${g`63tu?kCZza013T{4BdV)_-ltzh$d#cCL
z1GndrfBW{qUdZGhr^wFA(q8!bKz6qew}8<@0ZRc!p;n4z`yFD3VnkePL&<_aQE14B
ztwSci4?WAY$cIo&v#WO=nklYOXP;2etVxmzJJr)}%A!iI<76A_tlX^kn3r+Dh$Ynh
zhMje63PjLxkkwE0EUmqMse3BH8XX_<ij2P0^EABq5XJFIOT4<zr9S1{-_^<=;0i}N
z0uKqWZJ%8I+SDERb-s$vZU=UO9A0j5?RA~pDTqAv3j=fbOXScp>Q(?zo~pRtRD0C}
zuAwc9Vgl6wB#`;g7x{qsgQ$4R<s|k<0UU%1-}0BjK9%Mj9XUw2iXu<%a}Mf+_*oVL
zk?o=qoq-pw98=>lE}wgBpps5jqkWx5g4xj^%Brk0t|cS6Zk-y%M6FbM*34%g<Qb9>
z{f`-Pt`mF=?EKr}reHZ)D<`kN4=#L>u2CjF*Ly+cfF`bH8z80w_X!erj<9SMtM(6*
z#Ro2&<<>$uxKJyVtbCxDdwJUYZVPv7m)B6+puMA?*6oOxPnJ*>w0*6HRVJt9xquE~
z>``L4c4mA7*)DmMOkAg3ml3GYhW94Ftw`7hx4;+PVnWhGRgT%Qqs_g7IivnUTe(Yw
zbosSbz%|mx?<G+b4I7QxUDZV|q7iT<@ARfyZ4#EwgwpSsoX`0--puupgn1AuA_h39
zeuKOw>irwHzwhvmkngeXS&WZ>Wb{A3Bajz3-I?NU%Sd(=f$k2RA~-rl-BfDU`xM@8
zfFqwiR8pgoBj+RiJ=b4`Y(a@D^q>8Fe6`@&wpYF{KeIL6JJt&9MaZ(g2Z#n<2)SA3
zm!smv;U54Hp`?=d=`eiS@Eml?K4%2&Km(6oItD%)L7I;vfI1nMRIn;J&jrfREu~wK
zK>!1v^|vO-@>-z9-NV<F12u3MM0fq7{ZOS7ot<Q4t!QVkGd-sb&=xpby-Cb!WO^kl
zc_f(?QTiMpUMfVLtP3ls*rDrjjH58{^eLYS<_Hx)(uWoc$cmFNq<PqWF*A~3cw2_}
zjeMuaUb@vngL=^q*1^=rAX^LjU)_gBXjj8P-Is^CV#*cpb&8dczuPSya{p__`7N|-
z!TjIRT#h~lI01n^2A6fP4y5#3u#TOK|2XM~OfSPlnw-2OB<fsWunQA0zN{qVBnL4*
z+!N=&ebhOj&60<6>d&`*sh-?;gbEJ)Ci$$`wf~x1ZBFq!2>LX?MNSg(S5`d2zgq^v
zJSUd_97*vT^kG)fPnah?9>Ft|jTk@u@2T^lPybE`fAP4X{7WWUEcSTwTd7!ZroMXg
zbG!BLpR0`1n@lt+T0mH#KYNOQ?At~4b@nQ)<_EEtON6T|VoSyFCa`Yv;3j6B$k!~1
z!r`JmQR<&)_JEp1AhY^*P}~$|v5PLXS#BF@8mjX3f;s&~7elchh^DctvPjv&7x_Ne
zimAdRq}m0^RI*JrO*_TY*@j2@^tYfBDoAubYI_8LINyS~_eye})XiCeLE%T|<bYlM
ztcD%B4Z8!%H>lH|Zg8OFYX^#mY2lA4(FDH1hn<Acrd2d1=+Y{+dEO5$P);#2=c}G5
zC7LL>=k{aajpfzFP^ebIhz%_p#7}I=2!R92&ZrZXdjMoy)^Vy0>=dK6E<36Q7<KDU
zgzS;rg@WEu9%>cXbrm%cykum?l>JdKZ&CI=|34gIyb#*Ok6?z7>AgccMA0uRj9{Ur
zLFrWwK4%}E90U51x1g^{DbMboN|FSv+XkPx51;TH{nTAOaecA8A7Kc8X0gp<As^%h
zdm5t~IKfJ@-dPJP)fC?MMWQR$yrQUN>RG_k;WUr93Hrg_R$7Ndavt;#h?{8nKgwHA
z$VkAR+w+Y;cS#?x(Xz<D6SzV}B6{>3El2Djjuk6^Y>mSXnKK3F?2tcZ&o>`DPW2KQ
zoh;o{vQH~TNQ-}~fp8Q?4D;66j0>#0T{AEq;1z5qfu$wp^8$bw4=-Lc3e?pZzrbdU
zZk{3(?;rEA`mu)$%9vb2b3aLIS*08bq<0mh^JS6Ei~^U)Xvuz85NX25K=I?eENVEw
zXJTt1=hf#rG*8?hl@(j&^@qT<EWT8(47*=#<57AuV{BFlVqzz#)~sYxWgCUa)fByN
zzL1OpnVF#n&c4&iqcA9itL(53=gEM&X!!YL5vgIF2G+EDaOZt5O@syqTTuYJB*)2Z
z)z<X0DuBF`ZFqzAPZGbz!wDOSx^CymaWXyR3W(Heti6T**wga2`mEM@sHL$^5dD5R
zE?TvDDszl}NFcdJH;nh;?|Bu^T*#EDC8Q@P;(d*mHi_=NS~<7xO|2KwU#vgIVv#!Z
zhSqxmqfJTRK8!OF0@^V8OAPr$HuEm0n2kAun4-&IpxrG!Lm?xp(713vxcG{io>&Hq
zPRb>q+D!PY#XhG>_UIiUUO|wI=b@w}2~`UwT=Q9Fg4ZdzXqR3hwBaR-s+R*WgLAsN
zKW@j*rx3fUT6m53yV;X~3I;P($qV5E2#bIGs=f#z9_E>lU+2^Ubz};$VaYl$`w~~;
zRWKebQKGG+z=C<^fonV(ySTcli`G3)L7MBQKVLseg{tnM@E$tZuAG)~ySMa^py4tM
z+?{}mULSUv@T{4`vyUh8Br7wCQD{Yrug27K5<)VS*^+j1hNRr}&||6KD1A#rb5W#W
zIIxtqlX9gwwF(uhFNq}6;^O-c<|XxKa$a9Gti{V2(MhO*u;wpLX{yfrg)s*<OJteX
z8~}3D(vu=;Lv#XkXQm>fvf5o6vo4m3%?CAV&!ASCH}x-Fc@C)(E}yDlkmQjtpXe3+
z1*u-(VU_`^zDY2G&9rlgi10AvzNnhkuP1($B-ic?8yT)WXfb5%BF^xakkLT(Zat67
znNgpW;xu-Jy|i>`;%qaK*7(i_Uc@6E28)#r8@h;aQ06aNFc>%s%V7pR(Q)lDoOVDD
zH&*7XXX!2$27TpEws1bo_yPUFk9Ld&qoC@AMd~H&=RJnPsq|Ne{mE==nR@b~fzyAE
z-(C_zh+brb9TeSQ=g+GMzhJX0;~H4gI`{2iN22jaqVGTgXbtS)^B2Y)X0w=|DpA%}
z4oD>|00H;zMFxq~a4#UOM9)XjWf=@14~`3t!E?UXg&NjF8sy5tp5TAqReKI??5+#P
zm~_Jp`us5%nWY~s8*e!aU2NKG6v7T(M?%Z<b9A6FI~@Jiv*Ty<r$dj2QIYFjZP!ga
zj@*95RgsMMi~XPuD4TU&NeLYAvP>+jPwrR2HSCJTw<vgt@YF0e)FUW0#pJPVw`I}!
z7k#mS82KFL2K^KsgMbJb>v9gNBTm{Abi1}QG^Ub$nksa_zwiWGp30J7rbx!s<Z8Hj
zURC$^UwrEV)&rm4;t3YmorKbsGaRz`xXQ}o!HdCy)52xugV<(M$T<zzMle_O?>Fq;
zZtdr@3Q2vT26YjVG;?&g4la(TGv0GxsYugJg$1IYA0+e1R^C3<_Tvjf0}f|&oi)^+
z)?smpbxzC?DNhJnVgcebE=i-(o3^m}SZ92=@R!ESaY>TTa!Hcn%y3ECxuDqmy-2ZX
zGA9>W!h1?lbj))~@m<*dr}SKBJ&zUsYsNMAk$3!QAJ3XV$6-GEzG@<C?qp)Yzu)Q;
zZW3PXm}9~hp^oTyX?amYQY5o_t(Fz4U_<L>O6vOEAjkRff3SF{cHXxSMrYjGW_A$N
z>eKHXz0IHzv#CqLXr8LUmu10|2E_w^+<Y<|s(u4jC*HtWQ&8Y-a0fv)o@CUr+H^EQ
zVwLXE*CL5aJ6{&fYy{(QX)@FatXa}}sp!B`Q(@WRD8aTRpUu#g@%2>L+LKz^Xp~&j
zX4!Ms@E8JpcJLu>!utI$S>LTA_0&P}b~`^?&HBF|*?U!*e-y0`n(3$;+73(7fx@^L
z8yIS~JDuO@dA45)gd@ec&0M5@CsLM$@-TBH7DLN$31Pf1S4CzQahimLlxQEzJN^pQ
zb$2j!`HAc?;2@7$wm||V6XCxK<SDu7=e3jdgqcsUIX2X!NP#}ZvJ9KAbi+%LLc|4_
z3p~?3G~mlp?>p!c@6ow_G@<xV=S1Z}E?M>FNc<UbEt339Ky!(oEH5&gE69EQo_2>Y
z;^H-)e4*2=t#9$ETevChrv1yZc3yDx3TmOQ)oBxwdXc|S*3E)M?~$*B?YVEv2~x)C
zS|=8F%<fq`22#dxy9n<2ljP67wEcF`#S;_J;uLwyXBGqbKb&|GmtZ|3+-ENTMU5ps
z%971MVoHsY$5UsME|hx0)$kWFsL9FTN5WP}t>P9T=Vp`_UMSF}b>Ompnyo?nGW~TD
zM&ZOyU=~9m7Q~NV2kHALV@7x?pvqYL6?adOYq3=c@|Epk<dv6aqcASkujfB>wB+ie
zUF;TZ;Z{7z7G4o*0O5N0xp5CXeP^yKnOlaKnwzdJsbaH(g~uc9lV{CtkXoAvGOrHY
zq|3v+YlT$H`>0XB+Sp6@wq7w7?GN*D4@0A{)bm6bDn?@G8J5`9Tev87Hw$511tb>(
zHm8JTAHPpvK)e*<5n8{`o^JEQuFojoytlcL-JGzNY%!M&^T)^Pu&za`))}q_1=FTh
zxt8iQT6{ozAqjct*cR(sY~)LIuAI1k9_B+3k(2||&14OR7C){J3z~zP9Bl018UM@e
zydHDC)+bPMF*V|sDXbXA<ej%Xhb~^tG;z9M<%oT?j|?3gX?Yz~h3i9>+1zVE(?)hI
z&IJd$XUAq7+z1`2zzCBPyVwUpWroLYesRh>BkYxAm9!Ek<P}{Js)Kfp;B|5syDa?&
zscT~`ovvCah4@SACSP~z;sZle4d!~tF3|iu`PNt_v`UewYTmwiv(AESvmB_aZIzW2
zhW6r&2#{3)Z$g_bF{63I8Gy>;*!0KBGjg{f1FkIxf9t1<uwe(=&XDrAPG|v(Eqcnb
zWb&7{xQS5+;pQ`r;j)1)@GQt-E28POptqe=;I5xV$9GzQn$6=!rywtx>9YatOhG#W
ze)=-kbsh4e9>1McZ>kjby$(`?pJCmHpD-`IH9=J5>#-Y8ymD1S`)czb$AX<2&Ke@B
z{mW$M)dd?6<$p<>YSW+4tW($`eW8%{Px$)>Vl>1mclj10bWciGh&U1{y03W~Gd=Nf
zIDqUBT{>?{O>&rhl5yym5xGOVmmGb*{=!V$bijfZKNw{WGq%l4<g}V7HOWi|CnFN(
z$>J+Hiiub;$^fNFz+=f=mf;GA!P3)a7AA)t!k1<U!J1MW0lTk&!7z17ds0;8ITeep
zN}L<}Y5Plv-kz}~C?`Wr4J5TeY;VM3F|q5+6@IMmQqmhXJ;#(+k5_n5&Yrc99&9cW
zb}65}%eK?!XnVG=q3^A&(bxz1(KBIr;6J<#{=az}I?$e5WG1}5Jk<U?E^-4pawpzG
z`T*+a?K|@<Ib-FBqBwEyMEdvEeCGr*?L9a$#oA+P;H8}d3d(k(igP9mkzHND=4swI
zlD)*Q&dC&sywm<YRmSu#UG(41#vtGlj$XiU`t9g(z484A)Y-%5`2aMA#^Er$Ak7Tk
zndD$;_iq0;zit4cUwpkbf~u-*<2_#YL*Al*kU61|F}Lq`U~S6Z->~{V9)xP@29qVL
ztPkH`(dK@BeD6<;d7mC;-`4^gc|X24&A;8QK0oijUmj~ZRknu}JNiR{-5%EkI(^>X
z)`V~{_$rR<yBHgleyt>`--TjOND_YJ1Q{(a1p~bFT%x7jV7T--h+dmLjWk#^{vm7=
zpSgT$|3%nbeg;@CyIXVvBbCh2W#`I|+)467`+mf-Tc2P42vSSgZKZCcWm*5UknX-|
zPp(T*%i-zay?*G(T(`NG*vF!-ZQKK|we`PEE!$C2^2wsUDm?BS*$=fb5s@Y^GtnqS
z2LRlhQ9^@$JSo#57Cbj((OerI-Nl*}OYvpW+aAsCa86Wp7ip3?`c>uGk07inIpSG{
z?t3f$s6nY6zd%;I|2i`fqwMoyXJZqj=yT2wv*Eeu^)*dY1j<2bFod9&A{j;c*~^9b
zhuLI&HC&Sy4fQ*?V2S$_ZsK^6ZD0-u-oxIB>F7i!KDk0o<+EL90yQ^}q2bOaG53sd
zI$Pl0CE<4Hbl*hkhEw0K>4nDU%|+;@W!pCd^WdDZ$Ng<G$v)5bb!Z<zSUN72nT^3&
zsjTx8I%h&IjDqzBP5A1&;`<6DQ~g7oG1vF?vKEnbippH_76nrveiC=?oD?s=$+3zd
zf@lIOyY3QhV;l*{ZUm=xZV+rBnrUVbm$YbaTzsumT%)v~!;cM3c<ts*^SWoDM<w(g
ziWSH8G@v#xXwBHT6_Q*ucz!27D7+C3C$~1P$f!-`K3x{FZ@nbw1}SJofoi-P48;#j
zNE^p83|hrw6!_CYz%y?NynBBy&KsG!`&*^Q{{)4^iuj<s+7azvnl@krqd_Z(N}W-d
zp@tn+?Dn#TvyIY71a?qBLTa$f<bleK!O37dcW7#CNec%5<cUo~s!uJgQ5fBTp53}6
z8Wx=HMb4f<6`2p%MIrDq&4K@%RS+Lwdh*Z~u}5;*%GyAVHM~=G+r)YIcy!lRDDRj}
z(m>*kGequWWlbNt?xLmvF88(}JAw>ue9gCO|4Y(df&qk?3U1F8R~5Td*2#-lFf*hR
z?m3&0j8<^*-PCY71GvX4P^Iuog5Zi<UCB?l(l$h8_-+F4jzu6v(dBpi8W8VW486$+
zW@auA$}~s^5i*s`*vc)`od|<vWv3!6E|VrgnQ6pMTS~*meb{2@RD1b1bq~3~fQ5OA
zZEYZQOE5V41UV~ab@<f88Vy>J);t+!Nt6ppWqe<-pXf3U&OEX({!Qg^7$nz~MnB*I
z?%x6Pq&k0D8j)8c&b_8B&1YGDeT^rCMPU%`H%CZZ6(|HI_#iwYqXDbZ1jeCIRLqdZ
zYR+JR?He*kf^O3YL@@hl<|i9Ih`6^!CWgkgUZ3+f4zCRmJ=J+r*x51@ZMi!zr3>s$
zxm&2gw>FZ`FD~~Oioyhp0Qg*FMxo?H+|+0VpRIDb6(AdBRd_fs$8<r#JH8(TJ2pG!
zY-!@E7Y)EqMaSABs#v5IVhHVieYF*`8l;GI_qG>7qt?lc)q$jwF4evMvw2f`-DL&|
zuGQpbBdC@RzU#R{&WG~Z{w0reLcbr1p|7V=1vUDW?d3)gJi|Tk?gFULU|D*Hb@GeA
zQx7;5zMUW46u?eIQiyP6i|yyvug;GwZ;FLfZlu3zUlj_-GIlgeRIQROSFC5w9de&w
zYvaJD>Asl-tVp!cLQxw}TIPT}Q*&>Drjf@^3Tp*5ej0hlfFna2!T`c&L1-2L+On*j
z`PizTAu!j3wdyoqYw+iuf{v>t%bMugq&Pv#Xj=EYNXIfm&Q)+f*LEn%q2|iwn?$1#
z$1l*oBp+!+L0f+n)d%|ACnp1b>g5(NcE3G)LBG?x(V1Ee4^7y3PFw$d8ON?RO<u{}
zM!KZ9O+(VD__d6|m_5A_Qef&xE+s2dYf(5&WMp7!%!$IP2JV~K-kf#T)s?I^9BMjr
zG&(;-YVvjSR8?kr%7-Ub{}D3UV!}4)M~6!?53;hfj-?xp16M0T;rIA>*|w!K8jA=f
zX@l8D5>1s!q&k3>WZsTl&3+>#^mJ33AfC&_-6(};I04O-NRczQ9`R)JY)R4P<p`XM
zBg~x`vgqeYGSlkY0WmP!oW(;zX#_Dqk_eMJpNgSRhbtEzFsZM%j43Jqu4ksPwo)lO
zs?hRB-ivT%x)`u-6!vME&o?!bH4$Aj26v4}AOl~DE@{8O-@b*CH5hS&B4TenpV?0k
zf-1?o2CiPY*Wt|U=F#(a)&Y;?!A9Z>R9PB7xb*z?Fr2i6N9Vnjwa1Mt=hrRWdAGtN
zig!emjdho}=Tf0`5j3G}<aD8Ag8(%l8&ejIE7P4L!#Jg`IObxbauE=vVq*zF8X^@b
z04)?Ln1xcb-~>yb#bVl@DVzyFE}HTASu}%nP<BEfK`L7Ssomz@NbSNkNZrV|K+Oi@
zLDN2ddB?<CsNgZu5+aDcdFXnYeoLid0ZB%~h7bdD*<R_kvi!^=P`3~#|Ga6)cS{-}
zUMb8=qISvjmO#sa(?xR>X`j~DMj43C0~d+j&X|af6K94#Z`|NLbrr5=v207|_?v{V
z5ht3Ff2PqjTlrIslNL^0TCw^C{IMWTn0}*DT;nv5FcTt)f$KCdi2-YoLf2sq+{bnf
zoOJCstY<g>KYO{jzN9eW+;~p|W18)CnHWe08*}!AL0Hdjo3xv#8tZ>SDKzZKeyY=}
zt*vO%DUM}K6JAqj3<<!63Z!!wExO*#t^=ayXQqErN2Jq(lhaLdi1X{uYWM4uxn`GG
zR{GOF;@gdN7Ea4nKu!Jd)6kiYBjS}rag;%IN+s*OK$N;nhs=yym&C_hy_gH8tI1xi
z|5ZE3Z`1*KV$sjMh4ksnf^|RJ7k%2jN47$@@0P#8%fyCRwIbu91=-JL<)Nr4)|f>F
z!P=idUhqb9Wf#*CDCcrpyjl`jNVr1rrdK;8Wcw-+*79SNmjS&$;^<YIZSI_Il-}`?
z>ao$*$wnu=6FQmjtu_N-Ljjd8ki+R5mCun!&EM7M;kP8CBI>H*GWxX_KN4aKR>d_;
z1Mc^(Ej0+ibQ}$FVW>E%HFTAjW~w&M%rIR9c(dMYwlQgP@t;bEf4G8M0U7u59MU|B
z|89aSg}%lW_4^LLtw`E^x1*uvm?=p#`jsUe*~XEA_IDM+n<E`5M?Um-ud)>L{NGj2
zPNGo)Fs9dX4n>n?hn&^?Z;t<Ll#Nl6*4WDBf^3ztycOjC8F_4yvR#Apz6?5%2@4Kl
zo|=RLqB)+ZtndsNnHf@S%o#<{s`umY76ftBpE;L%umdV3UQ{=)XyWM@NL8^I@?Tt(
z$-#ZpyHTbmq?eXTG!!x+RT@;qm_xm3w+MhaQo6${t_fNc8qXX9)rBk<BU$M9EgSl~
z%I8(`J&|T7C3CM;Jj>EF%S(Q<KiG>8Omu-?r{S0%(EQkv3H8L9%MB{Wmp1r20I^XD
z6tMm~po7D5CkcY!%4M#X65jitX5;V3x0v;gV(hql$eDO%t3p8?Oq4l}+>Fh3AU1a7
z?`PK`{HZ3-EnoWlJ9mYgtsmkF^x#5YY|!yc=w{Ry)MF9-Eeb~tM3n(_ZKHL8mCXv(
z_YadH*W;5@4>pz3J(RjA%|`n^+s3O9)QEz#!sALnuJufhkk+p_XRQp6HMrb={Nvhr
z$H!_|+CnIcU6iD~)_x~@uK!M!mp)B*l#?#EOj6>ZF8-C3Jg48RG!{Y>(T?PTtxbH?
zc`IEUB}s*y(7$byr=`gBnwOig;pliTC{Nk%qTbb%0b%yG(YZ@uQYw+gg!A18jsE6h
z`$w#d%g$PI`}A0jn6$6KCLjq{*~x<=sKy3c_$L_X`(p9Wj@R@oL^etCM$d3C=GWTl
zJLdx4**ggJMIT0$cH-YJ2=f<+Dl`lrByVZ~e}=PWl0>B~+Hc9x0Hl^;W20@rugfJP
zKC(=E*;;HNl@9!e@*cxeUUH2>_mD%695cAHtV!~>49X6@))FAywL-05iIv=Y>FoOz
zW4n|SS9;q-EV&zk+<^Fuk^~a_Mo9C&MaUh}Q+2Y5Xu@C7Wy`bdYIV3m*QU$jJ@MqP
z36ouvS8I@5{gu}DghdfbO`IWRw;dMLxmzqq0l@EqRzHYd?WflDtQcuI7Ec=wC>$hG
z(g^n#Jj5K0uC)Z^D1<!II4Hp)Qj<)Uo#h{N5MA=x@dyC-uyw*21`24_tD@^vHRYmD
z5tLew&$giDQBOHYWS6o7!sw4@W7c}^o)n+FRj0=9+DANB^2+Gv@<L=diTg^t2x1lR
z@;Rkx)Xvp%Gox)2vx-YqnR5Evl@s_T<@TBcJ~i&d-iuoX)NG7jnOJ`Tp_?*Ehx>bW
z@9H7DpqCk|xA>tKV-?_zfhbj3+6sl&FW9PV3bm{lw4Oy;68^z}FXGN<)-|aEZTX0p
zCnADds_tpOYUWxYma2+)A|;McJm2q4<7M+u?XqH|3$}(})A{Xc-3q^VnPK~gxNH#0
zdA*COGB&4OSGO5E;muF3m}N_sS*MrmJ~}mpC)dd)TY_WeqK^pqUEVSp>+D_amc}3Q
z=n8tMJ<UNd|Fmlc>so_f`d&oab)vSYu_@5587r*)DTdQ$9F6i3Nt=X;RQb7R|9~lA
zuCw?DR*zjjFGHxc;|T4ef_4SJhLi3!muXy)^!RS`DGOaXcdx|wX9x*QS!RM&fd@NQ
zanIipoV)R_4AYV-s2tg9i(dCQ6cZZ~Vy|u4w*v;PbW<|^X_##Fw<J$uPS3ds+)@qA
zn=&hbZJfA)*{p_UO@@AZr2B26s_sVakPjqQMUHyH4}txp(*p#NM3V#E@IM@wkZqfi
z^~!r0ve8Isat@1tV){_RyTo3LN6cvDfsY31oC=up>-B2ngZaPJ_`u(49Qk)=ncmr2
zo(=+Pz~wGIpeD-^_QZDr*%>M~-qO^KP(tAR&sQ`Cu6f619QB6$XA=<sTp=9K*rxrY
z``j~0GNE&{mgLRiOuzq`%rq6(TTlS1`LL2ZzZ@zPMfAQ?1;~f4zgcd+mo5kBXZhAr
zdUg1Y=}yy1#No@QJ78%1j68WZTgx?d|Cx>PUi{ET$d39&8k9BpB~{SJ^Eh>OUFrHU
zo%_w6+$6BUrIgf~2*0OXpS2WXJxL>GZm9<zhb*S^rz6!r;tRHsoz_B`F!gSso%aHB
zTT0tHJef`ZJ-F#^5%R8I$wlh+$@`&K#a4Xa^ls(1<|k^E9^$0hBfEeR@T1`S1ht?0
z`_p67qvDxFKdgm);xLMp&%5Dl9daUPW2^iU*$5I3Mm%`SsN?2+`~J`Nb797oU`UXM
zR@=^={$#1e{0V}LntslMMSN1>n$vWaMf<Gl0=#V`%T#TJ2HSQ-d{A=a9%Crh;gq`W
z3v)9z%1)JKvRyiSXR&VEt`pamEBS2}w{)8LQub>&*=i24%dkJgqTtQ1=W!H?#l3T5
z+`YH6<iYnCI?@$@KRc%`H9EMSw78Li;p2u8YMrU{6VPyC7gxM65WmhL1b<evk~bu7
zGWm{}4d0@D<YwHvvEeqs2`t$+4fLnoP!1v2c843skhB^lbKf!nTX-S%H#}f$6g?FJ
zJHh6H>YB2aj00gfH2<!|!z4BW_2riWQ}lYyB+yT<f-%T+b)c{yV5K*W=kju9PeJAV
zIS5X24KMhOmjj!q^axj-LUYhCKaZ~Z|0*m3&IJzt-wI2%vajd+feItwqw=dG3PkHx
zzsvpYu;m?Yku%9JB8qVI2>v#h5Uwg9Von=HDBZE!Xq|kJW=pXtmIaNcocTw$XJhq^
z|05`2$(43h1H$89oY14#c47mS`cT?o>$mORQrn1tqw(x7y>+tFH;Q&S?Nw$N!xD_k
z(AWcN*@gqgwHAcIK7PvN+0BAKtT^zIu4X@I_~Foo+QJO1YMW7w&TjgsGeq0b3%U;6
znEH&5>30yNc($bQXg$>e&JAuGQ;+nKT0#bI#yLaB`eyc5Nkn=IqCJPu*W1?)#0d7s
z(=-8-RWB*gjs;K8W{auLp|0wI4xEos!x7O3K*BYZk&SU__hH*3_cDT9(d(^&<%+eB
zGwd2dS}zf1TLqzBFAZ8>9!AqJ;HAh7)ff(A;OdOYCeF6@Dm^P{pI7nDCuxI?R}5Sz
z@AI8cTs;S@7HDi*wD1)0qI*RfHSwN|5ElD=g~l7%T)ZMqy0x1Nxvkugdoe?tB?GVU
zB2CTxzzisVZR?G>UmY?N{`krLYJ|6+8&Ry%+R4OANNC+@xkoCz%Ek1-hgK#e4GO)1
z-vNeRwv&vFX?7U*kJkd^pg7O(K&NF2TjruGSYKVNH{;m~dOHJIk;M(NF!X1Z!*eM9
zcxgz?^bN2IVUd#=Sdfct0Zh7IiEdgMKVEr$Rj+rNdOS>&o=?i!_&0(<7=rSL&e=WO
zB@-&56A`i*`Mg~eBd(WXSW-&8DrMuynfk_nd^6N)fCzxlAQv)AimDgixRetvWrTQ>
z$>TCgS$noh$BbVg8G+D%VBR!u<}Nk7bvYZxd3N$7!Osa{Hy4WYUE`nlkwt(RBE?>R
z)BiZfDIG2>IGX#@B<KRNn?PFg8%up4r4|`OK&-j9f<`(l_9#p*$iZ@-fFzpQ;eu4K
z_2Cv_{;{T{JK7lg_Mdv&L1{VSD5`iNF{#%L%2&yn1lk5jL-<;>4&=R)urqQSC1E#)
z?=$S`CU0tSX+tfx6{8ar24I}>68+V*dtUIHlQWK)WP|oyUi%WXU+o~t5CBM6&fmLL
z6q_m{dYC#yv2~BQD${8pJ%=Ok6rcGo2PWN<HYAy@TG-%(h%NBdl6}M5_`Bsf$&7a8
z5z&vZpF)HX@|5jiCWAOwFOkiv)sKCK3E3r(x^I3l-k9u2KX#dGv<y+Rz#yD*D+(9K
zzp=ag<z<JTi|7nd;qI=RXjS-wVer&--!V1{-Y(7Js+m?Fbc&rW7MyF%u5+SN`K3+6
z-w!|7Ip#<c*se)Jj<SSOK>e;Zt1s_&f5k>-{x#Su{a{XTAn?GA0!V|ZxahbroB`p@
zn}6|2VPQo8zv(5+62g!A6DbYxv04>-a5I$Q_f&CQLp_6X8<p+M1y=Ejv*_OxI^nF_
z#U`m^WTp;H6nn&?_Wb8=Vv*?B%=;}s3Yyb6!dsh-*R`VL4<~)-o7?}}1kvdE#{>Z(
z0s9XV1g7n;2?AmN-zG>A>X<B0ux|m2oVtt)T}P2$c*xnYDCj^Bhj|~j<L0PBJ`jq2
zVN3ksGyW9WEw{jSM*c)tIsqR_8%Guh#cq|y;sb)fl!$cIQa@fdJHtc}I}rhv4o(CW
z*Jk#KTNx4cN2MEsY7C7a@Kq11Nyf2;%|w$@4w!QY7MSL-=1GTwa2iDPq;R-|be4T4
zK!eHzw8Cm%KUL@8<Yaq(-cKPew8izDCB?T#QEs)pBF$IV8k`B#h4wgy-9h1vqfsws
z7Z512;`tF43_xZ{Fjp8@6IcAkaSb4DH#g4C2Q!z-IHk35@crq88$LW4QV&fTacSJW
zg_^zptbV}Y4Wi%gEEsVifBr+CKevdL*C)A(SsVFg8KkvC#eGp=4M6a04>Yf6E86JJ
z4^+6=g8ktE`ww2()s}_7H8NXv-#XN_G4D)y6zOWPi1v%E`O}Mx$~W#_ZqsXTdB=9e
zKfbI{ra}F2*qar^dYvPYg!4(_vRD^FewoE3O^madKgc1l&Nzp-KtmNS2{pf7(;z=7
z6ivxY>b82cv2s6P(q+Y`TU?@=HIkchL_o+^!?sr@>jru==Wk>oc6{5g4?8L<^|=FT
z`!l&(eM2<quScIet_imj4?jZj8m2RNeP^YuJ<H@wpis(rOHRV2x$N@<PuWao_H5nw
zPJNLdeMyaFaJ1DYno@(e3&aE2Grc5VZRbO42sRu{azEOy(`Fw2ZZw(76_&9Y4irs{
zRvVshq1eDuFI#10N=_Jur4qAMs=dgPm=IEyXlzn&l21x%5xBue^Hz4N2lxEsY71@`
zB#2+;8Jul|bdxlAWQ9UJm7hF<)p)vpyr})2>FpEo2VTazu*VYpp(LPwW-Rw8B_?s0
zy2n@vI?&lIQ6yj@YL3D|G8Ymv0IDw}28+%4GI;LF+y`&$B7M>0G~V*Ln?se!bcekQ
z;;mJ?bDe_1tr{yAD-aMt6uS5IBWCMoP)+FY4Zmvq0wZ<4axYmUR3mXk+w4=Ld^D>8
z1hP<-g*HYbV+*^R`4z+!HNA_B!JNNVj_F`LVaLs4x@t4mGV_FK7~5PWf{)cboGC@>
zwE2+>{6xuOWAliu89sw)ePN3yXm1mkW1|GS1aDyHy_LHeejxvy>Aq)$gZ}_!F}9Bl
zHzvC4pJy$`vG|KM^GS<l-*NFnk<&o?P>o7UK`R#h$=O+S^;*JMwmPkaxRcY`(QKhC
zzs<F|QugQPOB<J#Ezy0t_03J5c*0y7R}p<kxXWMGsHKmd5<M`6Z_Ds5wJ;u^#4|E+
zyrlL!N2lvUuu{u5y5IouyC&I*Nt${yED#sCeNB@1Vb!2H%GSFSLu<5f-h8OSYG6OY
znz$EXg^v8{*dR8}%iUTLc>FyH4A_@Bo4S{k68?=1XP8#2u$+(dhpn*ej}z}T$l+@_
zaiEv4^MDxwD2LAh{a*Qjm0OT*t1jOjSod`#=TY2N*1I6x-lAao1BM+kTID$=SA3Yv
zkNs{sfu$&$c4Jp8oteFL+kH1yCyYjB#tRCwd`BAHP4Sz`_RCi3lFM4P=dZK$tR}my
zvT)ECM>gFvs7A$lx;2lYnB+hg+Eb|RRW;ddT|F$3g0HHkg*&>GGLr}UA}VhW#greM
zm^h}i4_BLqA=#u4UWq$OC@z?6q|KpYtG9K+fEv9I=*TA_drFGT`Ba}Ns@O^`o6J2|
z$li3>N27F)Kv>mCra|Kd#S$piGD_=2bd-Fd1iBFN-vrfPzeLk0O12kpMQQhwG|Ymw
zo&w~*4i6p?!@dTppq;Xd^)45WIk%dW-eq`xq-gB>R7nJ-oh{yZ4h$!=bNL?Xz2*D%
z)hNukXVM%`m+TY5aW|+1heTeEpfnND!Rv|JCU$cGE~4^1E9v}wv_3wV<aF(vf(pGz
z!mzx)enbv%?o4l>%3U$3^0prMRp_tt`UsmaOEi36^x=18G3qI+DU0Y^72FE*)oKrS
zRf!G`sl>+qJcCv^gO`B`lPu~ACC6uR+Qv^Ie7hy@fb8^KSu3kZa-9RiA3cHp!y!^;
zuqZBQ9|i*MP$-?PD*yDx=N#&g!j~|=s3oNM(<kcp;NA5W0XHs!4A6^-AS_=U5D$h`
zcKsqW2~9?v9QXMG=L+N^j?4Kcf7Q_lRyjzqrG0loJ8sw{mVMZ!{$SR2I=fEgLTo3%
z>{JBK3o#%Bk$;1kNa{94P~cLOGVZZ@l18`eP_R(>AV(pi?i82PU(Mrv)ikGL3pJ!o
z##34L<S-zR!FYiF(@6J44IWaRfUL^t_g<qiRWZg4gjY0F;Rd%ii|pgi(SxhL!~t%s
zvXn4nHA+{Qco*XMz7)K#E1w{efrU7P;0<oDIdwEgl^bL472{s?T9GniCeV)`La{{y
zxZ2*E=BSadHXGExnWrMq@Q1lL{E?y1XIQS$+gtq}uBiY^CrCp`2i2ChUw5DrUZPZc
zqeO$Q{)YY#j(v!{U@~FC2)K1{LfRi)LGU9X*lNJRy8%OxSh2T^aZyQJHly<1P`g}y
z#x{*Z0i=QZL0}_tj2ssGy|-${!fXh<$tU?eA_)7SJZHnI)?NBk+h2f6<^V5Jktd#A
zcfyly81R$L@Ae9@n9abeAB(UD`vwoF0#}X5z)r>@`{Lk3F>y*b*if7-U{}EVlx~cM
z=!9n+G^3Y>Rz8<#a~!T&(J%;+a0a;O?V${eg(b~B`Awq^O_xNCWm|4ADpBx?up|kb
z=559fYmACD(bQ@VekzL&>8n@3X78*L+oWZ5HpmDNiTEVJHkgE?qqTK{1{&#10S2`>
z1HB*bMk+un=`(<v;I3UgUI@?2ccf_eE0}2>lKgX~0-ZV`osMApHlS)lt5A>@5|L)%
zhsXL`L4P#~s@oy6m{oWBVeW8Y^X9CtNZs?O3VV9|I<tPQu?WRLXUHF0+vb%~V*py%
z#0&oywX0yvlOdSsupKL++Zeo;-q4fR2BA`G-76)>g2$qz?Xi#*S2L|%!-qJ(ADNS8
zaX4zA!T*Ms$>6?^a4jPz1wd>GazKfCoDqaQe1dMXQA3ogYQG@LHm+)`!5Cq=^@V-%
z|5HkQs6R8`JvJ|UZ&*y93`eaRjf@J#;bCR$?YZckSngil?8}S#>n5JVf%+!=n`VBp
zkBcwYqOgky5&uGvPWUItEW~e9Mz;iYC`G6$=6>00R^6}Q88XB@J=WQFZ+7zE`Q-)#
zXIMl&`+y^k)NQ1NPbRN<=CsGL%D(IL`oi_RI=}5tTK3w{ynkXU8RyTw@9U)dzdrt&
zQk6sYKF{se#^<m39(PaBQ<3bxd(H0k6x=n`6R`bLdiq~4hrf=)7$^*k$FV}><29)R
zLZlNDL>+<I0r}nd{bm3TL(r^JuTeD?n*?jt8*!$B0q8~95j&>DHA@^XrW8peZ4&^Y
zcQ|9ymN}PrT;7G&wKK6Uo?`zhJ#ywL<$oHG>JKuN+DgF7C~)TDUYoH&SMYsfw-C^U
z5`of7FTu2gJ&*t7e%;;j3YwHcyj?xp3&)s?f{#7^l&xj=%PC+M?+NFY9Hg3*Cf1l~
zkXctq7CtU2>&#%w#$ktMm-bX(89i%Zt9-o4X5`eDa-`PxS8)W?FVeID75wYLr3nS6
zut%x&tVs~J_+~aH(*xUQEZrD|*P@+8;q=Z$Tbb&lMr8}TT>g#ydWkX)d3C!WsJ`dN
z$5iUnK2DH}9CJ~wa;N&3${}?A-{3Ex@)GkcGGyhwV%7UdaYQhXWTa`Ijlv9yQBtkT
zTj`Z#LjNP+5uz|rdZ6@;EY2$p5d`|`)vJrS7(ifZ9lDveHmi7vJ#h3p5X<CL=ypBX
zp)3!q{PE(<sI_LejHrxty6l1&a0QtM5_a}~$a<&vPMWA&ILXAu#I`23ZQGjIwkEc1
z+qP}<AKNxh-simM_g#E9-K(p1RbA|^?&@7@uU1Djy&O0RwvvUV<y%lo>Q!OO_5lS3
zw-Rg`1K(=7xbGH_VEasi`_(vy-*Q)*7x(q+#Dbubt6qN=+CPl*BX2V;ddDz6p<JY#
zqh3Q)iIk8DRc56TavF^l{^G5#qGr=)5L2c?Aj8^cOm-Gk?Tv3n##*Zjla@VBO}kGI
zuhpi3$v7sj%zZ$kB&Zh~g;GN=3mKZ`eXO8GyNOfz%rg{5DwE!dqz=D+J0yM$Myc`N
zLD2dMa3e3$Nt|R0fp+7v;d9-pJ^!i2eMH;`V};L)rY3ZPDQ(g$^lur#fzdGaxYE*M
z-#o!!PsYLl(i1vt?rO7}F9(fv@&*QZ$E8CIr)=L7PZ-uyJ_WzBSVt!lzby#9Ew7RF
zK&(v!Td_|Gs<>_^Tl-=<ozjmWag%EO?hRxr+1btXiQT*tON%m8kImaTxHX)tmw>4Z
zufvmg+$?1%u&M-2of~=h14y6y!FdnR6dq-N%#C3LWxN^jl4GIP5AStX68fG`*Xs+2
zA)THeJ7I>NJWZb{WS>j*TSfR$UX?zEjC>CEr!rl=4w=WdVh?YnuI`_UXTLJtZM^eG
zjfHPW@)qy?yoyJf3)6t1H#9BT=qgI@KTU7N;bHg#RD){L-0;cLR#5H(2Pu|5B`cM2
z8Dc5jgL0t{h@Xe32okt-BgU6FtL&sZ<;SEkjELxs^tz}gkvx@%FDO2n?QGD82w)j*
z5SMenM9ECGsh$Eueqa$4124soA2-&gL@8!Hi0i!`J1s^8%wVP(&U}qcVindrkXr%x
zS9#gyzoras2GuHOJgvG)LB6b7T(ZmDT|8%-6YM_gc?xh~18|&1)x{znpTn`z3Ob^_
z^nmM}Lsf)1TG=*hmx0bgrkplgQ_WG_g4V$O7;U0wz5V}+)D8b}c-37CX))hvUmJ-I
zkD12dj#r34!jmxn-BenqUNqg(Kq-{kCL3Z5sXmuA!p%CqfPJvWk%VNQtlG^aJCKD?
zqQ;F0C%qVdUU|2LBE|vQU}@!tO8JIx5z>)O#-0xqZRSs$z7zWYgB{+|X2>Ww3KiQw
zCL?*$cETt)bD(0(eMsK93eq2~3qLKsSo@G<?1X<=|JQ|AjO_m!9S~0ZXZcen)Dt6t
z@)qc44yvIb9u@d?6(F}DnCrf9g64AxG}p)rgJ88g7wUqJ51Tv;FZR5leusuJRe5g+
zDlRR6ywWiB>*A^F@fbqT-<(#**xf#qe684I=MCq1@PZ=~_ES?5OhUOijo@$lrz|1^
zitwZm-LV)HlA)Q8J5sa+SBqTwrs1PUM;Jf7-&-p45|ggK*(NoRdi8k)b$OAUFokef
z@;oC()%Ls!rFb|kU95~vD<%4Y2Qli{@lQH|he-4&;yv)xa_ljj3FVBTgi&_0zV6X?
zhSB^!tCBX7C@84H!~AZ^V{9aZe{Ut>LKP_MKY}T(cTff6uGY;Q@c0gKqEN;@T{~%j
zJNH{N7i1XriXDE`J|WaqPVB5Ju@(+U6$eRY?l96kY+7X}Huz=!cgIdmxtcz?Q6a=s
zZV#3nvQvxKW9`;05I;eaQ@ygV)szRtd__Tb{t%hXKE6IzzrvZ?#X8gX7I&#>6?x?|
zD9N1Sab_R@h8ZaxF)$%8rBbi12ziam=^ybKmzL%5M=-ssG*oY=x^^-PEp)#T>1`gE
z#u)%M`a5^Ixrw{@9EHTq#IWn(n}$N2>dmmrtNBE)xf{H~o}lQm>WZtdEe$wuiOrbn
zU7s^^O|^?^gXQCQULUUJ3P`vb^vYkuD>L)Vtv3cDMA68Nrl-~f6Ed)h1u`&8#adot
zunBSkxFETMmrs~})%5$%qlxTon97Gd_u#MX98<Ta=aB~6@4K8HJo20inQJ8~m<V>;
z?QXj#ivZ~X1yS4c4Tn~BY0#M6j88>yF{tTyMaSq}Bk;TKTvh0~?Q*;8$jM(l{-&#E
zY5L~Vqp>~ryo@_|BIaBd1VuR+$C`t|(&;qN8$z}ih;HW-93W)NJnQJuriY5y;Wn=u
zz0tGpM+V84C}^zD6k1PV@xS8t#R3F;>8)Ot)vDdr@8Mp~KYIx5b&Z5wn`vJ9<r=1K
z=k(~S&tRpTH>X)#w_wUlvh;lHS6`=J{vp$X#(|lZ`FRTQCBhJ4C<re<iSDy7T#Yr4
zDgnQ;r+UY;&OU0zsIFOs12&peTPQ{%X~UGK=Q<bDF)$))t=x3*A1RR>st?I`3jdjD
ztffdw$orFWn3FgkrS764MWsDGmAyXr2k^uwUq5*Miwlrj{)1b+voBF`+9*+x)|mbS
z9$t~mS?s8@X#^U>|7oyW^1_?(`WGiN6&Zz1NE2T8G)v0W@LOt}+}1G*ov7KLA>vnT
z%EOEyU?MS}e^;wixhOdb&YeY;42spzr0Xa{TE8uMB&O#S8-ves7j;W}ANa@J3PeVg
zQcR_?fAs70qVJ@(RS&zh{q20azkep7R3YFgEWkMToPQ7vR1lwPA;@0+$}KrT*jK?R
zJpoFs&3E9~c`en|U<;MSdi?XCz|abTxKi3yga-I*g@;rG`8P#oIc-ePij^S}GPk8@
zQ!W7HU&`Nh<gbci6*=+Z?wz%)GtW=pJY7`2vRIb;_P%T^F+1MM^=KV?KDU9?u1S45
zz$_9v{l4naz{1$D@sl*sn3!Um^afxDhO@J_?a5J5D|%+|EXrz)Zh3ONPQH;#FE#pd
z&!yn+zt2}5EHpm#7C}W?)qV0$p%!wA2&K)sIU*<B$@w*CmhQ0+<;=wh<92Ys%maU}
zA5iqOF-0ZVYYv=;@knd){{3WVMbII|myol<Wi6v-*)ms4Bec4eyT$(zDx5j3GbBwI
zJPd4h!7d_v6}o%5$iI+Qp_;xn+c|0`n8fqv#GWE+m&scnQN?bPaM-l-#VdOHpDh9c
z-E5hb#Bjyj+VzPNnfoWHuaA(IPckN@0Rxm-RTDdtXANzSkg$(`Z6bG`W*}%ic!w|`
zW4W52;?>>?S<|YI<T}w(Iqqn&fJ0{!4g2I5e*-$nJ;5{!pmeawhOnrQ;XT&0y-LY;
zOihKdd#3$OQ5zn~L1Bk$>90jgU0NhXv8+<ZW9|k*vL)6WjYCnE|4_!d^@!7O7BZIM
z1b34bo9UizQ#Pj~hTd!0X8sxfYf!X}C2FMLHnr0Bfk>&FatD&?)9?{o3ub%dM0J(k
zKZ$6s5qYBnDVg|4ugCW~x=xJy{sFw~R14k9W>Q)><p(U00@>TDy2q|{n(FnH6WWXb
zK;4tt0lOCJn5gp_&i=Dx%ykf_xtG}n5O#sT6~)D$BUO|i;(fuJldds6Fgi#k5C(FP
zb@{xw&6*x<RSm&<s_uS8K@(uK)7L5IzI#8chb<&*1Q;U?sb_z6I0`z@>D>HN{J>Fu
ziTu?oeun&Yqe+4{=ivUo1A~t2-785>$T~^RbJy+d=rQrIq16kq4m2O;iquGmej*6E
z7RvQDqm0zjimIC@3@voVC?&lX(u2{{!R<bM3*10nV-D;*g-6lfWz$hY4?T#UE;Xta
ziwbRrg{7+!@x$Pn+7yR;#HYk*0am<uj%hQSfiLK6EIhM;B<)0jaCWBYx!iBYUc!Ro
zjZ8Jc+L9fXa(x2_<Wy!=@apkFXARa$a+!^@ycwWs9-6SKL2IIB-sgzM+<yLWH-c9F
z2_lfM0?NukQQx2q<YGynErJ$ig(XFP3M@GB7=EX17DR8fzs`MEY4{=UZ^PNeuem$|
zr@RBwLKX2h6c_Jmwq8XMG7+6XEq@@4lTVGAs&6mrMBfIHVy8K>j{&IjZ6#=bHy6_n
zqW+#S)SS?D9fHlgSS)C>|DqSa?;ldtCz%K$VQ9&N6K^}a2!ix8x}zRJ@UGW_YaFvd
z-6ZQ+GHOY`P)*phsMnHlsTgHltNJNBP>aTRBgy&Us_@3xBzW<T9shraIP3p$&<BCf
zp#pIjw$R{8K+JFMO$NWtoicLY4fc0r-U&B<o+Z;h^s<inY3qM<bN=5@Z(ODapvXFp
zVc^$95b~$~B{^d=d^vYBB_H>c-(KT<&yDh5uUNnC<IrHKh5?;fj{yBV+ptkSKP#sx
z--~5%iee9REa*bk+_1tLfFq2y)-WR|Q?I$CqB0@_lV^4Tsj>OYpx{a|VbXIM6371K
zX(X(=*|1upO^*$@dtjyl&8Lu2Y{2XA5b}kIDCn=*pN}NiSy}6Z(w*|ZGLUw2N>H(8
zb}xI%9k?WIx5@RJf<*Eux|=qz56LV;(TK5dOP*ED00CO!H|xRH!EQ!Plv6CnkYh$k
zF$Mw?;E1bIysXC-^CcFM3sL6=hzZ*Dx%P-*EjI<%poiEh;YHS`=!@S?kpo;<UUQ!h
zt63~-n~^<cmMv-kappgL1yE~-9Nj%E7(<$YV$bDlUK8}(CV+x0*nTtg0{Zni`bZZR
z_=0!LP`*V44BK%LEr`B!V(TFj%T-*N&St{akyftuk<F++ifICFA7KF6c^5`d*M3v*
zZVO>iMUBXsxY%=hMc(gAlRqNQJUY+pdY&9BhLI&^=)cZ*hB<r!3D^+Skk4&zABWxm
z1DvDlA9V}{#A`>bvuf{rjq=c9PdSE0V$wm2<7Lhj%pUefOT!Q&II=u{sN#~>Z0$u;
z>nU-ToeDxWmfVNk60d(`bIR6IT}y?<*o+*VkXefwwGzDX{zo-u)%KRJgdy@Y?SFE=
zx^NyzFcz^?xL4X&>agqs#kza7b^du`z(#xi0T-pC?-Rd5siT$`$>LWOS1Jp==rwNa
zrEDnbtdglUN@Ozq#^PZtICYvjsvB_VNMIuB<K>?>X%l5aUNC-8CM+pd?Nwi&sxRZ3
z-ZP%d)F+#Zb6hbSDm*)(@UTLKHeu<W`MRB%p}rB%G>+O8!7Cc0XT}UB8;G?<OE4(K
z8!*DSYy7XM-<lB?uIWEm&WaiQ#Mb}6mh!ngsRm{#(vADUYkfml=^jSvb4HP*`R06#
z-_J-HA?d7Ho|qx&F2yu3o9uwuSklsFRBLa2I??>rU-W17Tc?GQCNmIncgko2M<MDu
zUD&c#hNaeBgJ5O9YLp(*V3h75=9Z#h{>fW7_x;XN`CRO?>_a?k=lIjOTBV7Jvw>Gh
zG*}^i=<z+gMd@luq&b*3zuXX5iKM_t;Weqzs5<S2<&BgEm`sdpfE`Lz{+F$<R>szk
zQO}76Y0N?sjcm$Vs`5SLMdOl*TH`mXt~p1VKE)03G@lBqJh~6P`@=DubKRXjroFSm
z$3ne%p@oIPV4${bv`<`K`Gtd_>j%YQCkX#R5%=pcW(yBa$@#|LVA}KsOiU2c!_(=;
zpJDOaTxQ4ZC(VeIj!7hflTtBVCl)hdX5QpuFd*!Va>wWrUnr!km!F_Ov0uavgoAb`
zo2mBSvg|<#)dBIGH~M@>?O_SEC7ZTlj=2WG0=BYVT~g)ld9&Cc<gKEieGjQDoB9vG
z(t_cD>Gkzk7TsLJ$j=77FQZK@69&d2Pb#Y1`Q{6QkP)-*S79c9i7Ys@cc+-}TTQU~
z?Y8%xT<%1&-S0Qvn{+Cnin?u!JTtvRSg|8B95Oz`kd4SV!Sw(kWe=UJV4H%$z1$8R
zrkPPZvDWo#utKJbzu%#;PNMD0d;%m{0%~t&+QFXfb9^lPS-LH4&H*v`03V&Bch{8d
z2^C)8GcN}_wl15SP47Ez+8d~sV!u<ya)5VxEjdu??zQ(g5It9G@%4VP4~FkZp7vab
zy%7E^SQq;9y@B?OrwiA$mo!n#9!75A?JESt1W#*<;VXgc;pRQuQ<i1zH+R7MF~$W~
zk3OS~^l;QzE5jn${;<&o#vIwc=;OT6M(DNEe>LSY!%?2m*8hXy7RdI4OK>+@8QRrN
z*nN0u18i#Q?jacLFR++;j@@2=4UccL$@0GK;dI@L)h)zzjp*?d?Cm0;!SsByzc4V|
z?C)*Mq^b(H-1=!V1mK{~@#d#qcjvENqmFflP&{SHiVvQ8zJ#8a3W7+_z5hlr!>jfS
z2MKWOZOJSyrAP`w$5&9%ubnAd=Wn>ww9aiRXCQ^>)S;DRNy2#%NyNceM_1bP+hSe9
z#jyDSWmo*QGR_eB08qLXo@gjt8#6SNPHmoGDBbA=GPgD;UD}PGQyy#Igv^bDO2*FN
z&-DDU@=y7JAlBtvHw?fNKkbX#e{KEDUCy7WEEAmf-~8PJ7-3+UB^a3fSEQc-D^zFu
zQz!ZZc7II2z~F@b@A$SEXYh?Z3`@AB0A*MGaxVHM+|)C8FCu3MO@-S}{tw;sMu9iJ
zyuDvYDAzCTUR{FD{$(J2%6|Ig{PZdWCzeWJ{#C3$z#K(9#}Y+cuSABx8%2B@bbiI^
zzZ09^!~ZS$9A^Cw7XMsk|FnQ?{I8#0uFbJl1Ax)SN#l=$G1-1x+wkMg|HVJvZrxt}
z&+GI*{&idbe*>@DUjK~zzdc;aHG}v)n|2aO^O&~q{hga=TCcN;3fV0tzfS56t<|Dp
z|CM))22)-_Didmd9SVos)D@u*L_sPt%+?;l>lhzW(mZS$yv(><yERAn-U}p9#%p>k
zN=uZ#-HY11YmP=gNu>3wr{5i}b(?96!^50KDsuYU!~OQ-?DEhxWo8=|utn6OHdqY~
zkIWIXkB{pIES*X3P5%AXfIqYK@pyJ|ct3MlOi3>lre;G?G&MX+?JVU^*&s87^!}V-
z(3j1N(vquB@x)#Fno6>lO!iq}Fp1l`B?Dy=`40c?&tGZkBBfXp2J9e+bGT6?sG&d=
zQVB!}0YlSIYB{M&l2rhsOUt-D==*7z+d*KS_A+MkCqY!=?J>;oJiSO#iA{j4)sA{W
zT}>{<Vc@sV_aF7t-IJB5uV`%s`05a=YE`ChSSmE5lhW75mi=RoNfPTT@q`uun=l~5
zsLdF1@mN$ebJ4<wiE~#=5HR^jT4Po}TgXC2R)*@%fGz?lZ4>C$<2bpEjr-RxS-Tjh
z7U$s_LL<!P0mKf@=4#9w%N?9)SS#Z)Fg#0W*Jn4N3}S~j`{?Ar22!1_!65{r``|xf
zM%);$GjE{$6!R;=r<2#{n1tSgo)P(8!dlMckrZZ!bzKliF|(Q<=qA@MF&S(nJiA{g
zN9$7X?#xnO|Bup@;UEA?96ri%SVAdxVBW7G2u&*YTGfp>x_SB|<d|4xq8XlznJ1a;
z-{|{B{UVoW^L4hj#N?D*+#Ih+IaWVu)fCOq5B3=cDZ#-dz?KLG{hg{h|KN%*dm<8w
zKHSXi09+$rxZbF4;T*_3Qm6or(-o3+yBQ7@k~idkAF1C%Or`ki-xA)4ZM0>uA#8xl
zF*>(*u#v`ZZHln}R93UkKQY$1szL+|c?9^>d_kiWzFuEmdVJizO1^n{zb0m;^!$Rb
zdrZ#bW|3ws?zGRN-yX74eKq~g|46uvC4LGRsEog+OF6%CG9$g)^({=SkXQKz;oL*)
z4n1Pxxf5MzO(`mK1b=_Z(!E+%F5CB^xcXCxV1&lSVveSezu7H<3|}S`AdFq7*zgil
zf|Ar8FpT83cQ?Z_AUSb*dWYG-&GF%|5V;3WV7y=Hb`Cu5g{qs2&h&QTr>Z111v92A
z$=55XE&p+Q_cqx|BNuW1yPb1Pa{O26GvT*oyd|M887jIPs*%AJpm^a-uNbg=()<pO
ziQTl9m?#*5x;9+5n(KW^fK#MdRDpX?IG%1$SV^UYfAFG}o#d{Kmfvv{#W`xzG)c!-
zxDhw6MI{E2ud8N*bt9Q5S+Ocb>tG0I3_@s&{7c}BWt!2&%klQl$vyz9LqS`j$&@9f
zwDnxfRypZ^G^~W8n0VUG3wO*H5FRMaT~z#;Cri31e)K~fL0yJIY2cGbv>>?}cs64p
zPbMYQGM$F9o5gf)*Dpj1D9&Us_s`x7e-G^l`9b&>JaeS>aycHp=w=3#dUQHtgP<_#
z)56I();c)*CykF<r6J{;9CdX=5R<djQX9C~Zd~HBb)4CggvI|TSMhNan8hb4A~7J6
z;OyT)%l>h4CBZBn@PowNMa*tuXH}6F$Ii>Y>z>`^feY{S9CA9V1N%p;F|nc#<if!u
zap~g8{6QOtyn3?qqhBkE`j>i5QW!(m2!7GBwj=^>fJ0`ZKHGT5e+Bv_US9>;UsXNs
z=I4=2lYU&pDBB?wgghxdy4Y{Taf+)bW4}s|6iRgZyU!Z2^YmyZlAu3v)r{eYMULe=
zvnBgUKXh=6Y}c~&7#jQw1{h+=WWlqFV*@CG#*OoO%_^>xrN-SN&r#X(@PRi_Wa2g|
zqPslY<Go|3CDnwG4H0CezOW3f_{_VTO@;9cJi65}pBEEaihlfKb_)YNqMgrF&6BO0
z{t4!OBuE9^@gw`lINEMn3T4Q=q8P!a<>;IC&BzTs@;7OeW%=*kI9bQZoAAl<>nRIa
z2hPR_(LcqeO6<SJN4m0YFDN>wCD*2@&n`%^NxQW3&jyr<vXzP|4T|h1<q%b9{6?+1
z`*iatcvTS%KDvJb9(_QE7wOrasEdJI7V=;8Ld<m1!i-k=X&oa`A<cLm1fhPNa*z_2
zrM~9a+&Dy!$)<y_jEb^Wo%$l=C{dtDO02IHx6(aE2ozCOc4ZAb!BV(AP3*~baLWO}
zeUg-!m6xtlbOCdIsn)T&q{c3lFr+w|;Vc4@K#_aCD)ukrMr|ZvZ`YzbazSI7Lv`ON
z?>*mmtxN-q5wFr#%nOcgSPIGWh2yWxOf0zOXT9v+#fT^sW_#gLi@)@vqHI21eSriu
z@V#8e78O2zbV(yxBxPqUV}Z_l+&q@|?oioMD-Q(xWjb9dS#Nzy6I9`<eqwVra%Y<s
z`+Ge1%3fDGLD==TbbeDd4epJI84ilqQl@hB9LC>(Q-)W6MvS}?LngeI2z_xI4Grk;
zz&f76`M?Ha!1?`n0ybdE^|2~yLhP27UvIcVW_Kab<EsVP^j`HL@il>sezLPCsozno
zfw`~0UGyIp;aF8W*1r@P`umX;Oj*rq9`ng5Ftl(o<6yA)Op~FZBLTE7UeW*I6Gts^
z#B96hS=s!ePeb|90wbU5x}CaQ_(+4|bfRd^Mt_~R-whARVh+k_R<)5Y<wMXlS&Dr)
zo1D95lQp{+WsyGwSs_uNwVTJa={RB`*Kz>v3&|<!P5?Hr`w2MY%*=g@fg%J|G1fCe
zwk8L($}5mU9{ko1!z-A9m1mrCj907_KayzyDu`?VxU&{6rDf;Y`rJR<?tflr@lC&u
zmKtGesMGmDv0hws*&z!PJX_Q<uS!fEW3AC$5!rh#FWi5h-2aOspw>q|lIH`8U@x@i
z7^5&ayCb5I$Ik(f%ix)footU&5n;SAUO1;C7oRvVVL;eS)lbu}^u!1HI~oAz9jj_^
z3TWq|8ra45xq(`sqK`{dRG)XFw&lcWTFQ|TO}}vVFTUm72LoO!cfad(xhwSGs=LuV
z#=#ggHI27qUvU%Cs}7br-_1{9bC<UhRMv_i3mR5ZR)jZ@Z?C3cS_fxl9xf+r!w{KC
z2UN8}bo8|whJ|uFP`M{UXXisOZK5L})T7;wN0-|dqvMA`()d=H%ezl)t2RE>%)=zX
zpV3s7s{D%nIL0@#!kE0JkkYNOaxe9M)$P5tVg55F5l56zYRz9vum4r4=qDvHzZ2g%
zO#7mZb=>;39G2&&+zGVw^!y_w?x0Y%@%j8K5mg<r3$M6cfUY}!n@t_kBLdZ32>R=4
zD&pouE5_2LsqnfgS<<nyo?JJF#<d(AN6{?l7Hql^b|mf!#zd*ev<;=n7a{YgHoaPZ
z`DKfK)h~7|dZyr+r$xj-1$9M?kZ?)NOB?=(qw}v&f9QX5=sq}uhUO5)jd(Sef>-}I
zS@;AvXbI*_2oQ$u_zel-RqcUQ*|&E(6^Sly2r7QQtVfHmJ3qE(EGD*K1AXnKOh`Kn
zKBA|j{|VY|2YjZNZqj0Uo8YRqut#jLIO!IID42kB_XgMQ6y4bd#@bU3DC(dvVq5|2
zc~(m-wQ0-vl`Kd^$SmVGUU;g*wQLL>3m;&4l6Q@jRLd$i0{$LAE|iM}8g*kkL@@SA
z*-v=$;@tkwY@$5`p}+^SpP3D(w-7UJs;xpj3$ee-Z#BDQw7%Si*Q8HOrK{2m8uqoc
zQot2ve1Pz?b`#a}GNppLnYY)M7`pf-26Z!Ir-DMY0*|mpEnt#g1!3r_`{hvEb{tcC
z8R2N;)rU~Ita67(-&<x@s}@!X2Rcqt+MEYly_x<lY*-ow@~Bj+FXGo;$W)%_JGtmF
zP(5jW>m_VkG>!XNKAbPhh;99=nhZ0hRM3Q>$DI7cHbL;y5nbYBGoO!3H0vsmn45)Z
zOqUnZPPGk`n3IFb==Any^f0`-`nfk_on%2FceHcw8#vm@prv6O@q$!k-?&u#t5xOo
z#ADMK<eaKMbQRy7kyDEme8f2g1^Lc>XR@MIK2r#IvhX{n2gI#=o?|USqSa9liO(Rj
zoOLlc`RgT9PSDlC;YSRnho#y<lvEGu>|zEs>bW}2@nJg`_l%4Yv1b`9&jI|2%gCnj
zi=v?(T*o)=<7+rw<BBB-#hJMH)Q!U}zk-QwfH1hgP-%(nMo{F#iijy&9<yTtyBbO_
zBi;U`EILJz?Ye4WGzVT>HwkQZA>Tc+V~?yoaYYBITS^R=8Nlj&0uT~|tz|(Nd_y=4
zRSIuHGg=>`kEyDOjCkWZUM?ffQ@EpQ<FZ+@tC`Z5a9v|tPD~5>1wim$-4P$&O?fhf
zKVe7uGaG#b8{fGE5+z8-2iqAgyZw}?P&xU8VCW&n$Ay;xWw$_Z{b6ZxXF-8Ati$S2
z*xaI(4B&0U8myT)X?DX_!s9?Wwevx@GRgB;&|{vNy`3Ay_FqxLh^c*)7#RJ{4MLZh
zoT3(k9A}+}91`V70jTz=csCor7hlAtXZ8*dkL4I<Y~|YiRI=rwv3Qbu`LME249GAZ
z(X!jLMPAU%njDI{=yHawyTVg_cy1S2%s|=V(TR=xs%&FWxg@a6eC~O<g~I;TG6!53
z7085=uu;+L8Huz@(GM&2sH#tv_uaybb$lr@F|HMbSXRyypB@p!q{sY^Fg)x!=)^As
z$bX^12V(f>M;8xJXPp6y&vnW5$9uZoTaJKSaZlx9^jrRD6+;Vnf2#Y!U*Hi*BCMY|
zVc2~~gNEtbA`D-@*kAwj7v7pC(Y;_+&r$M;x{KI1BFxe?I2J~?^ZBAYn#loqtlVJA
z2~De0&oA9WjY8L9>qo?e05PH!lOIOuhO@HF_02xF(Se*K2`UL#!RfQI`4H^|H&6G8
zyCq<~JzuhyZUVT|bRh7LK#1kHzQ6{1Rn8KIO^9tiVS=Khaop}!@9{Dy-J~Nfz?+4^
zu(RcCB&?3=IVQ6RlK4lY4h@@Kx=Y+E&lA4e)E|HN1^)tD^sA9UlU6k(0tffg)8p;>
zbnZq2w68L$kLkj*v}}K|zBvtdbKE^7@=0L(b;0s#ObgBmypfG>PaJ>H9sspl)V=nC
zhZR}ilM_)8@^s)0oH{eW<8OIZtDMA6$LPSKAI%SFl~}sp<mdDp=*^)5ft{{;`ZU{3
zbLY00^nuA<24STrk3zuyeKVdp)anuY30X-JZuX`~hI>2^22*7fJB2eWAlUmO^`M9M
z8Cb@tmvC?tkGtr7-SymA2MZ{huHpxGJ!IZND79el%o!%dCAsajHnzJ*Og@P=O8cTS
zxoR#oBt5|4@kMxl)$rvLdvaveCfbLZHo3CZ^Ll62;qDtl_WgYP^T{fayzTWkWZV5^
z;@;@1q8=F!CprpR_3q2h59x04`RtvPSgl54axpc6Ti$0uItmRRM;&ibvf|^F646EJ
zEs}LqywfDJ!Kr};Y1$8fh<Vt{hPMlJpdvM{D2?l3p0Pn#cTq(6!rR}aG&&lB8|B3z
zAx;%U3xutRxa#PL$+So9fr_rVSnvjhfBJ$-K*_`69}<~`<+XSVls2mupbSA+ljdly
za}yWs#%+J;7v9NNH$-dms<{{dFxzcj7>b3Rh+zI-{zMquQ6yHxQm!{w2ICaKs^m+{
z_nBeapnO`oub|ZaTbU1^JE<GF<E;ZR+P1z~CI%wxzOGzH9lWiXGj|UBf=@GFO^Vr#
zi@;x5{2zfK?27~tWdi!520h{Uz(&WH_(GSS+Q`@YxO68HKW8NjD=o7vW4_)CysZY&
zU@ETXN2kZv*Fps?775#=7Jj~_s^M&nqfPmpE`XAp+-$clN|2Ih%n`vn3{hKrKfbd6
z1snSXPZ{6Y9v@+Q1MvHq+Mi`e2Pc8NH9n2|p!~NOiuG_<DZdend12Y<hx30F%x7f*
z{h-3|h$zhZZf`bW7PbkV((AvDT`!hq^x|(DWg=DeXR-#&2Y0<jbmqw_1T?BJk2whx
zJf5&NYAi`?ES|WMGB+62n>Q_D<|fAzYC3aTU5UAsLL_?%QyS6I>4n&eGW%5En+pu+
zOQ(0<J#{H?5Owf;wlt6IMvOv<mN`THjd&eFJiGPggLXnJgc)0SI(vR7sWH7ibA^@9
zkKV*SBJADGCpYsR9UiU+n;s~JoeWjZR(Kv;E-<<f9}<8C+pbk0QD!ZW+8X=%>gU!R
z@T8Z0Z`yJPqwg%E5p#x%M$mHi7Wt`40^gp|R8-4J(+Oz{Ql`~DV-(5}3hO6lm{PY8
z!X>yJNLfTt%CS(0zzVEXpns96(95^~#`mF_aoROY@`NYZ_xg;TJMygL+s&H?rfKzS
z*RI%HJnRW(A?TX0#%(=Y^Li;?X9q%Q+qlzrL(UeWg^9uF=kcrp*<HH6&&MSO3u-DV
zmLmpMR3Z<8;obC{hu#03m!q*vIwu+#OJWVjAR2v^c=&nYMEdNFWF0XqIs;O(LNawo
zuIB1isKQk+&(L%pHyUxvzY6Ladqz_BD)KUp9wV;pg^5jcAudEDb<IMok-Zm)m7Iu7
zaIC?Ovj)88bLyWYvy0{p_;qxJWu^|IGgo2!>QOzOukHk=k=}SD>?onyBg!>&!KixL
zJ#NXp-P3$zttRV-3Q8~p9ce^UzC<s|*WAfk<%>e85&U~chkvWf|BnP_Zwm2`1SUO?
z;LB1XPFM!%Mj^G~p^gc=_T6}+UcUCLeCX->-7wxf&Sot`#CJ}Yt93N?2(s{dgD=<s
z3iei)!E2q)0@EA{w&zm(<$R*fvSvN`RaRQ4Ks-6q+~1#{5=l!e&3$_Z0Hw+C+Vz@B
zvg?&+5{3QR+3B>y3wds>vK4SE@1C~B(=clR(Tf;?==sIb`Az@z9Oe0OdqZ2uDKKth
zfUF;9JvdNdd2i?0KH9wWyHOGpL14VyIgJOeN-_cpp!cr_>k?6UW2iBe<!SFt<#MX&
z9<wyNl>_I{lwT?}{GBhu^1j#&AT!=`{<d6u8_t*XQRz66&%>I-7QgXLlNGjaS;bvN
z_yXA0%goB^TCKxp(n7}jU3;N-H?_%kF8O-?OxLJ`u3e~jt70$X1l0};ad;sz7siG?
z@ZdbjDy(;u@%QIldI5JxX9SX7LklXGzy}fHJ3U1fV8vVhn)pQ;rX;X;dHfg?&!`jS
zbblW)8OdPWd#4{8<Bmk1MfF4kX*Alv(zPnQeHf*7?>BR&QMr9y&3hejxX5GI0yBo9
zf4ri`_vPkz6H;HDl4hgqhQ)Y>Sd4fWY+&q^p?7=DT)15j8ww4nQkez)?$nN6-m?Hf
z#YLDA!QnX8N_klvIvcJcArVbQT)Vzxmq?(|h(K#GaoXN+#1<NE)4x6^;%dQ~vO;-$
zFP+B%k$V8rd+>Ms@1x-KG65qC!2yh@?>219>37m;oT9Z0Aziii!{$8a2=yHX<m?i$
zQZrMa!lhI#wYhLzZaKRap<b1u=+eH{RR75z746X$q)I{`>eIc*P&*0Kz%-(-WReGI
zxtP<yezuAeeAW!_(HJV0^^e%a>mB%^c>Sl+UW&+}s3*LxD#!xIO{W&C{qUF2{iL?d
zjZIw0T5hk9daoXMp}@QK^0!iaZ)Z;dD)%yw!U(4H7-L_)>71&ieCm{@$wy~-*Q9zg
zI>P=%gDpf~B>B6`fhlX}0djAB)<>xb&104kq5}2tqgXK<+kDf1B2a9bj081)nNYBs
z;bse>uVxSR{R`;r#t|kOB4~$mOlp5x38+KqLjM#5Wy?u4Ti*Qv5WPFrQ!hsAod`=l
zllk2LV*@S@5BSpdl<185pzUraPm}`ZiJcjdQ;#^4!4gs?s&WPJnpgYu?K?GP*n6XW
zs5lg7bVAtPNxrdpR(-iP&sQ334eeIm)hUjzVN=+~)qjJzGtalVUsS%e#pksz$w#*=
z+m(N2L<JD78*_$t3p3!a@f{WubQOn7(^@5v+{wNgH7OY`$YL{0n1t6~C)QUV_8+6t
zU5?nIUd;Z^q;*w4MO~8)z)+HQ9aP}fN*UnFhTe7xm?<7+FeWUC?&9W%#++XfHink}
z^yuQ`^D*$P0{yc?C?4K}dI=2&g+r$q7O=qVG;IlXoRYKV<_>_Z5;=hJCaENEDu;kr
z4Ms%J<$xq+_We^|PUQtrA{o%K4zxz^!o|t$WiDjF$o`^KeThFM3W1G>vK#y?o`tT#
zl36zN@@7`6LM4@`uwd<6E_`0qw$O6qpmQXjy>xYA{K^G5`{;1@sWD<0p8I<tF(#zC
zZz7UZZo-<d=38J+l|iyhOvP~R%7kf)?2&M@h|?kx?m+FxaE;qiP?wX29vwBt2vgs0
zg)^i&3GgKU7`1qB{x)o2NlihVph&^X$UqO_)AFUSIlnV0k(YE&!C;!5LowZk|9gw5
zL}`)n`TqTN{e7Kr(e?e<qnmCN@O_(Od$*HC3~K`~bRNuT>k1tn8(Hq66cIk#<+<ra
zv(A2mz`k%99q^ee2p_oS<-Gl39q&)8tNw!Z=vEUD;Li_*6fzd+g(v^0Y02)X>v6jI
zFe6fTKR$4;iszpj+u9+Ip3Q+0m=v;kJvXKIV3;0f{Aae)xLw(p)%JNvMd+`vEU^jt
z@sWVg;tGB@Xs;liKx36_<~ASd=5F*x40d4aEfp$FSfIl9fYqfFk-WLQ`-D5|s=nC0
zx3iI7k`eF)riO~+<|#|F5@B<yo3WDc!lGVEKeP+h#nj|Z3=}BcbH>q3XyGoV#L}Jd
zDO(%6m(X~Tdv^?DlQtyeQc>>x(UulE7lQ42>V*E-b%6MHvM)_SFiVr+Ra>hgQC4xU
zh5p*P3lbatWCPgvE9i-KjE>$}9&Nd5OId^9PJxYCOQ0JnB;E)U@>UwjTLaU=`Lx?x
zgrnx|Sm&FkpQ~NQSVCv;bwQg1y@m&bfb7wD?p*=MUxJZtxp(K*U*f#TSl`l2fJs`Q
zi<D2-2R5Tz;bulJyh*4j)=KrtGmO#?PGP#sd9Mj)q9))1j|>|;jnI=Khao{=>V@8a
z<3z)j3)`_)oH%EuFJ64o$B+Ti_AkP??YJfp32X*0;4p4xCXIafok&J}pa#KoN{NFG
za`~W*oq$~vLnnr~PASJcEV`Y%%o$yr=y<jME%;_Az;aY76Ips0U)YW%mWptClVRo>
z38KT<ao5OmRd!?xy2Ah{#^EQu<jUUh-^a+gr7qa5oHa38#(<`_r?r`)nx*MRCm#{I
z*Z_AMrETQ=<jomPSB)+xC?;7@7>!gO7Xq-Rt6bk1m5_e^Wf3{a5-AYyXZIL2s$ZDM
z$!Sr6B7I%ClE5&HX7XP53@L*4YvYc$1|nuwLlHAAGv|Qp&Vj(Mmc60A9|x))RMQ^h
zfQntE>zov47p3VfDO9Fr^M(V~%#-ZH6DG3wMJ6;Rh}hogP#fkk*@tWaM7u1GtC4yN
zH+=MA)E~Xov%DdJ=Yc3F!pSS@bcqf+tHmDD$d7=jM%6~!);<;12o_2n=6C<ko2Y)o
zyrG^~Z806CW(rw%$~_OWHUprweOB09(q}{De&yaNTp1g_?GGS<<0+A`>ZfhZ^A=d(
zLS$BaIG^sWuI{->hH8so`BjY<SwLE{x|Z9C_{c^w&4z<5Ctv70i>9LyZP5gMwtyW(
z*f>}5X+1(vODSX{{|sqed}B?d(bVaLF!OnazqB=Zc=fLQN1`mhU3SYH73b@<@+g4L
zOYO}kIOvL%cfwKm4o?oTi?x4UxdiU()3}vHaIEEfX5yQ9FmI{bffaA0FLMM5vg~{d
zoG}X(W%2OpPEN(8XXR}BeCH65lJUr}l2p`LNVc-%Kg3L*s%rd5)3MdVXnn1RtzoRW
zb^b?O<2U?7WuDw(A@iwDm3+IKAX@qkvCj<j+uH9x*+r7B3n2NpB-BJ#<1PB+&>G+w
zjkF=zbWkyd<7mqt&mP~eR?kdPkuywiRE9iKkk=1>qh?GCZIOnJA+q9YVGR_hnRfey
z?_ZY<HsAFsXfU#6K|sbx+z);S>8hyQ?EH(|7@4;Bcn+j&3wWW`@#g7;0`gl^`MAaP
ztg*Y0+W{28+!}@X#d&1GRehU0cNToZWv~3c`T(cx{mw=~s#7S1wy0JrzNq61dnP6C
zx{fOIj=6<N)R}H1n!NnP>(`?rHXrU@{rf%;F>lglqDq8wz#q$oQf5LE2tvQti3}JH
z8+kS(`CUBPf=H~>x{yKga#%d@sJ}w3s~<J+kgHpcs+5gI>Z^+xqa&|{`|wmMSKjX~
z$4NptoE-d_%PJV`(bChx1JzEL`3f^v&>Q@fsL&xv6uMJT;gbaLMz<Mzuiq<`!(07L
zIc+*+NL9ApZsMTg8cQNofA2zSu5t=L!Ad_Za_Q*H?0wQfhCF-Bo?O1pjdi|jd#f6^
zUUx+=BQx~A)~5(ol~N9i(ZHatc5a)@mj@g)M$fU3FX<w>3s=bZ;PD>S?x>$=Ee|&R
zR4&uIk|t)yV!Ac@E<*Cx@;~#zIJ1eENR3Dl03kk7ufMSaYYghw)-P##*1Q%**;uE<
zQhu^eQK}v!X35JKOY>oUPV~P)Fddz$SI>9Us_VbK+-6k<7zNu82z(DEzZpH2V)ET!
zd^YbpgFC6DOz6{~`v9>~SgP$XYWLh>WZPm?0o2J7e;b@!CTf0p!HR;Xs8Bsd(d}PI
zW9Qn!L)5>~CJimy*R?oW-;UeQy9ON5u^cA43h*N*&@(|RbuDsA2UDoe&cYX=hJvZ9
ze!$udmEeTa5lYc<WP@e=RoX{YT?F}b9G=2nc4r%1P@T+Go%CRPa_^f4jl9u~BiRS{
zoiM5;`|g2&%5%0T@^i$+!yeemXe(-E5=Y519Z<qFq8dscbdRv_2MNt<9pF*UKTB5w
zZ>NGv5yhlm(^3YfyWUY~@v!`3(=-9l)vZgZVI%!~b{h~4E3*>n4oZ2ON@<eR`aBg)
zupgMKb)#5mJg*KMNByj)$d4Lg%B|WnDRwf>a{~+l$hKH1fo(Gu{aa)@t^NBZ0A%2u
z)_c}Jn`D3k2>{vS(h?0Pwh`Y6b<x*lT<~dQs6*-WI^|`$e2GGEX|7DWggKo}eTpz`
zi@7>O9F@BKqZ%)@4szU+-BgzhXp^|d8h3~7{YM4?<_aPgKH$1fuX{kmGwg0ZW8_>#
zB?jtD#ION3w(9A!c=(m3i5DxU!CKJ?%pKN{_b|)<R3vDjyp-uz@CK~qVw713{au5G
z?+Ow{DCRcWVA@Rjc$WD#N}J5nxi3hRHP}<Zzyc}*u2lV8L`np$QreelU<fPA7}Nc>
z)h!ScD!-AAX>0)vBi)7Y%8}NCB;H@XLD3|~1?Y!+A6k(}8^71{{Dto-c!qcJzZ&tP
zok5+gy@(47G3r-Sh9JevX>Ebq($|SaCq8PM`6(s^u<q^}cgwz|1?vkLh`rL$A7ZB)
zUxolR*AlHF3DzWR@1j_IV~v={Hc5B;;9*Lg^kWxn9a^Sl6sy%~f$f7%P@yqbY$mvK
z&E|_^OcObaD4{~cS$C7)zbECu+e(IcW~%*QR$Tp=k!Bbwp_H&IS>cQ)dN3{mCoW4d
zRhUl5fb%>5K;)Ny%yoE5e76~}9RF3}I8XVe@p#`RvOc;vQL5iM<FMNISuE8;*O(8W
zt`_g~&bvz(>FR!$jyE$4b)3!btlzirdD1)HROVACc$06YnDK*`#%ru|!9NKfT(bN~
zv36D0@sJdDKX&<CVC%mcmLk@Wf2{FR-2}a&m$tjVxuUWes#C?AG)#k2r2RLAtXC)q
zq(pZ=2o9{tW3*vceN~kL+l0NTq@Mt(RJ4M3dP91RdcWdvb#>wFBF&K(TnJGSIV0Uh
zDI9)XQ6qN!djV>y8Z_ckZ}NbuRTr;3<Gy4MnvssH7LfOSl|$_%ATkumrezdaG5DJ^
zk1<z7)L~ADD>`Ds?}w`fNyuREAQJ7j*O&3P@L~sTD5`wmtHP*@pOT>_`Yps#aQB%&
zB?(@MvqWYFVJdbag;6Wjn)1<bXxO;kB!Es*DhqGw39z*fk(A&<GQ~R5<Ml1x`e)UV
z%)8$G(9uC5$fZe+nxn454eyzAZA@Ss)LI5Jte3=Ksky-BYH@yc&PC6UaR!e#%hxEv
z3&!h?cFG0v5P^+$znNJ2RV^UvYPLGnb?LzZ@X&3~5wHU=I4`#l>HB%M4UFW|rMvh-
z1oD8d-y2SgWDKhjX&{@ldF$PW#H{4LNTdHY-u5fI6W6pBWg;uPg;w8<_e4CS$f*BU
zyH}6|uyI+$G_@ixSr?UsD4EYsnKvLS1~6MBErL*5m#s??-n-d|oi@%yVPj3^SkR1V
zI;7j^nn*~@1v{@JEn=feyt5-9M^jtz(o{u!(Um4~GSl82fkGIgpWBt^Hg_d68zV5k
ze^_JDUZY#BE^AE6ExkUfD45K316*BgMuLmG;CKn1)IZFW-z^bEKC;WHKK>GXOFsV2
z@D>%2U+Hn?8~CoTuJACJv1R;usq64$2W3u~M;X{kW=@H_iLD6&9I5+9K?1!JR&Kq8
zUMC2jV(VjT;xQ8K@ztxxDk?r#p0YgMqq;U0)EgkBhytFk>zmZ=fw|x|Ew|Qo(TE5D
zuFb`NpHx1(=H=9U)6_6{z@ZOkAs5<r_^{6^uI;+@stIdm%6=h!Yn-W#uwS-LRMTle
z)I3ou62^R1gqZroGK*X7^g&8l&)t7Q$|b0Bg4B<F;c4c3)!swENij26jq5CBjz{sG
zAcN|lR});aE^dVQ|1m&faazXMRW091oFsd;J;W;tHU~BK`m;TO)guht>^J;sp~KQl
zOBYeTJuZM{T@lV|1bUEgPI^@-@JW$27KdE#sTxU4Uu%Y11Hmf%<}m}-wpp#_;5etM
za$t=vPh!z4I*wsxv;j_aHKy7iBXa#A1gAPhi$gn{u{SWRcB>}K^h+=0gW1{QZ+m`u
zKkR0Z+V`CWPX0n&eQ8nW@>NpXvakbczefV@kv>u*7AS%#;I7?Nge|aPBg&3-=ADo^
zTEmk;wO7GP<n>d%VU%%prrBmd!2&0*h{?mb<J|()(VXNY^Ywx_{yz0c{R*0_aVAKz
zO<HNOg(jnph&ORw0iAM_-%UK8+NyP9`>CF`{P-~1@%->-MF&9`?rWYg?No(9axxNa
z^jzRuZpP9ujPSLpJX<JyY;K!mNSqeVHP2mMW~DaavEB*gOr5beXSOh2JZ8ie{25O2
z%gR3IR*^%?tePaLAtpScdB6Gtjm?G=!M5OBtDHAWudl1TCx9zk<5ARx?$lpHh9t7B
z$gxMw53ZsvV<(xVDQD~GPI~1!FkY1s%*rVCRIG-}@P-|{Zp@LLR^W*<b!o7};!*xi
zWorIt%S8uxcCxHgDDB;BQw`S{^R@hqwf>+~S$7CxolUi})xF4Osv&6#w6l!YQ=3sn
zDO>lzDh%{w=?@V)mTSGohTMBs4D)zo#g2lj?<%5H#FA;|=`T&KO=gNV4P!9_q>!ti
zd?;_3>dnkydnDv|Tm8qszq4{!U0aeCY;G75<qlug|F-ZcD-FI3Q+fs#rRijamvLns
zb#fKE)|Nb+h-YS*Ef6>B(#c0G7$4tGaX_L@$*Oauj9Ou{hlsbg%uzH1S;$vKc_@Mc
zV?5fs8lQiPtVULe5|56{$m2_QNX0!*jNpQA)c*DyF*$KRCQ--DS7-U`LT5R=jvp*m
z{|+8LU+J9&aw)B``$wLXLB`h}(Y+p4Z^g{~*mdl~=1S!XVv5CQR}>zYVm)Mj?;*}g
z$xT9+`^rgBT<+BHY2_iRPReLF&bX>QZ<Duu;njf5>bCk09x&WdO7p<g5lqmyf4weS
z^VMy7+@@P%YG1_kn@W{-vU?7LZlF62?@xS;^=Hy%M1>%+XhenHvu-7t8f&`NY(Xby
zZv%vVlL|{DJM{h{GZ>`}Wp*i08hF9;#|w~!mwm{;yw2XIa3_3otvamL?LTP$O7T!y
zRbruTRE#pk>TAdhd(Y}Ce?=lPiEVmZ#{88d3$+|05I^s~Yp%83@nXw^`uSH1hA(Lh
zF=k=pSF)g;vpGvszIG-OWFn3K^>z*IVFtkq%t<g&pSPiN3J%Y-ZkJ-;iXPv$Z#zuv
z*YvrJC2&6oveH7{`b9F{fXm9AdoYPY*}q{BcJNZ0yiy(tsZbQm%28ZU051$?@LNqf
zgXXlN)XzTV-L!K`#au*cRFT@ca%Y`fQzc$S1#ANE<{THViG6Cu{2N*zI-K)`s{Vqn
z=?z!xz&pae?{@15KEk!&D2Tc<Qtwfa#6OW{4egrhse#K=BEYi7a698B2`J_HvhkB!
zBNYvqRnFqQMWc|sJ^I4m<yE6hwWc-pY13Sfy(7EC9AFv)s;h4+ML!E0J*Q~-I-2Qo
zt$|_cFXg)i3GXe#dw1pUFWb{fk|Z)Z6_k(5Yr5&_Y2Ay}7y%8E0l?!s`g%1Ct&_OW
zPZ+li%G^z%u*JyGY@hnN1_POFd$Ix70|mM0uba>-OxnMr%65*4oPYto<KP4VHWFyG
z_H$jouQYdo?+N`T3G<a6QhO@#&WL|s8j8*0hD0u3H$;%(t&QA&jt%jWSjp=qljYeQ
z*TcM{bwNcKrK4xobmN3K1MmDtPAytGS2b?b#@1LACioz1>&JRHq-)ruo~#|G+#8=E
zJjTAzWsqBG2`g>J_D(u-9`(+8%(Jz7$nEP%u3^rgQfi3+VK<<wua8SHd|NmldFvLH
zPck^a&9=z!PQ}x>ahUb2LLIbO*LE__Itm*(QFG22C*KAWH!wDgJZX)P6p$R6!Q)Qh
z2=(aS-c8swoKBb`EYl+yk+FHc*n=Z#k!`w&V%(o=2#mRel$YN>`@v2;tN9?LijZHA
zTWrylQ9~FGDpbZxJ-jO1@v@4-VP0ANSq5!Mbuy8VXv_TR7dE!z1G7(08I<@;P(KHP
z32_)}B~e=^%NlyTML?j|Dn>gti-?r>03jKGvwtF84JHdN<J2n`dd-cAQ_j}t?NONU
zKM~my=|kWHW+o{kPAvse=Ud5GQbF<C_&8d~iN!KZE6Z+N9>*bnn0o&g!InFG53UBC
z1k*LNHQN)~4ql(UN@b(zde>cgdwD4z2Z+gwfobiO(+inVHQQtRH$+iemS-*$dbXi~
zndbU;{XkB&MSm(_sFpM698+U(kRyVBLBkWecd8IwQ`m8BnwJNEE<N65eil+>pq%|P
z&11(E14rWwwLzK|!e!=LS(H+Ju#4VB*~KEZOB)_1DycWA!Bca=HPw%fT%V&TM8Dyf
zHuVFlUsbDbrrdGv-^*F&RT@^3Zef~R_7tViH?0Y@!s}1jo|0#T?_qz#O|;yYl^=7_
z{T4YA!O9S1EDP*}pL)uZoJxs+WY(Hl5sMS)P&8tdHQ_0BPG793S=;BTDt<(TNB2N@
zD6xuVyO9th#_U()Y^J8eSAJKmi*LUs(imL<jx(_Ng$;Vu)NCM5{POLra<ooog0k_+
z|M}vn$5-<h|9?t*=O9a-e(Sew+qP}nwmEIvoOVy!wl&jsPn*-WZJT$`?|BYx#Eo;`
z6Yn3Ll~sGkZdH8pTWhV%)aEU<g%w@&Dj}<0T)_2GT7%ON6xt6@GOI%=wQL;~!VIN1
znzLwKHLWK~mTp?P%&Z?`FYu;bRcHKFU=iEF&mS<Sx}hD(9^v~bKB(HSj;{SK+vVT{
z-IvIant`nJX4EkDq(*-i^Wxi=Cf4O$vaw}`%x6t&CCOO(Q7++3Gq3e#0bKy}0Dm|s
zvR~@S1_eDHI$+Yz(%cm@@f0=PB(o$!MKpHLjdI0&sNc|*uM#P#s!aD~Ez0CMgRce2
z@wKGS6QVTuQa4CRLa-UcMJw=SSa)X<cwo4$(c*!+DKA-kIrZ4P*NI6|px(|xS{I1&
z;ggk-TCt6cXkO|U9#8d>S|?mhz24JxwEN@dpmuYpMVQ&X?nS2O8{#2Ek@Lt}U7Fz+
zUbdvN!6j7+lcK5Wm|^z{bCjXY+NoRo>~TPxhJbP@OVF*&TL>GQo!Oun;AziPd!B&-
z&mjskZ!CsBV@10<n-i;@W3%8^y>n~?RSpkaI#G+(l#F9%Km}PJYS@>kHI!T0v_vuP
zah>bFPt(lUTxLD<h(lV~EFmG^NslE^>QKhCkoN_W_V;mTlxU`7QhI2-s>CplQ`+}0
z=sh}B<faFcCY3sdD38kDS#)r@e5|B(&{_&KuI6}ueoeF+CP0CBN}1rOJTUTnzPMc*
zhRvB<@Rza*5A5lpP$u^Uqy#7<`B^U{)^GRRQu@?uo$4Y#n|!@(M}NGTe04APFg^x6
z3ki-^wNJBDw%-a%AJEG(n=tH=Wpw|R!I!qH60y)&Cf5(NwV%54I@$qQ8F`m&xtqtt
zk7}ek(TqMwNlCh2IJ)TPt>sbOrRJ26W@B>6(>w{809&jsT-VINxLqywoU*DG5-P4s
zYI-7n`^x!!v|z}#*-wBLHi@2hKw<Nce5rH#nl?Fq3xpivaJ0O-a9`U&Px#66j!2Np
zeB2xSOG(TDy&A>OWHa;AjO9(e+l#EK^#JQ?v&-kHEYE-T%kSxOV>4h2Am{sge+>t`
z_P^zQo|FlG-p}QI-Vg%LJDvhwPXa#o2!lQFCmS$kCw_kRcPyIXD_n|gI|T5;9`kv+
z2&1qRF;4=bIcp<eFNYQ+<I#Sd`aJ>I*&iQQ9|N=dY|lgQEj)>b$5%cDY~QrzmPEdk
z#K!jXmU`^^%{XFTbcROQ#7FQXhv~|_lScQlg^&7}32S@0%j0<t^3tJybD-Z$NPga4
zye~!PT?m*KTFdSI?uyg%{kT0i#kfo8!T6AP?7pir{Bm~j@qhamI#ta=KwS;b!hKLl
zQ2+Tfb0@Et@S>-d+(r-LJHc=@c%>Hhko<=I!xXsk1KEW^go(l{2S=$4jBX4^VbMou
zV(LkKnTM<tQ^8?t>4xSotYB<zagZxn8cG$I(}S(;!}kspEJt&oo#VjNQKKN)J;;LO
zIa9*`yyeS($olo|F;j!`u<64;7C5^hJ25?{G)YuMe8~}-EQ&e=ccl8I8GW~k)YyWo
zbMNlOLT5&;`A)c2Sg!$!z#EsYPD`Hq?RU{9*TA>r&&O}#S~9!1Ow2m;;T4B?w71s@
z(^w>3j42)=7e`4*!n;@|G@2i=eMPn`6@h1CMr2h%nfUKKKgw3cm(n4uvJNtsLk~N5
z{b9a2Kkfuo!V<WxyAdSqWEyUUl&22RGeOs5r-)lT-7quHjB|JrsW@k;sy_BPMR7nk
zElT@m>)#z0KGHZ~(rJRGecy1!Z-7Ox>KQ5CdR+@4b`stP=dG`&V8QumVArn&9oL<q
z6oSsQpu)p$8)RF>$~M<+Px-h*j7((yQE(=Qv?*-*5Sm+@Pd<KS;mXV5FghPUjPEqB
z_<nzg_K`6`RI5F#FPRCy;Et^onQb%K&d#TV8oL-dsNDLfFKSciY{9ez<ywoiN8wW=
z4K8`<J&nsMw8Uze+$lLV@fzu7cq)V0S(NREBG#f+z*qU;&1E`UJ&#cy(~RLVCM6e8
zcMR1DPHQiS3}d@{D-N6U?XLFi!C>AXhS0w@BXAeu2AR+4o5|~%_zSqY4~oD7jx9y{
z^WrQFE=U^TmCwMy&vVty565?MW|$8$DsxJLZ@y+~b`zIOS~2RYqoroXh;9NGFlg?A
zOg$Dv-RLXJe=;=xm=J9GO{VU#XnuJQj5g<Qa+Fzsj66pb>ekcgKeKV05m!`C*+22g
zitv5Ot!zy1aa?*WiRzp?YIDcaYrP7di^9Vk_Z?HX;Cn1>uZhFiGDcv<ZLeE<lEHAX
zP0VG`VIb+3Vq2|;%0|ql{~TNhzM1?(NI)cKCyw?Ljj{Rk8skhZq&{HSt{BMeNC{zN
zYyiBq(582Hu@Darmh=kbcJUgCNpoYEN#OGlbANbSiWY(=-TQ3RqZRmZp)PK#$rb)w
zly*YjX>omU$i)pVw_&@N72}UqF0853??-}T6K&*pUCtQ4^;A^rsXmeBXo~HYWcO+?
zUZPlwi41aOvD3}q-fTxU(d*M+@G*?!oym79mu*tqbpodUd=8)K3F4Xt|KK^Z*iM)y
z*G|Hd4DU`>&oBKRIZQ&4mc<~$hYIh7=~JzygkU@R;Cy^hd&=Gr4iUa%85~z4#8sGk
zBNZ1b()EyL5P@TRY98&FADlz-+mIKb{?mhWtJ@AK>B{g7H_Zo3-G}Ql0$ejecU4(f
zoQ#A{+Xtoy1_Jhd<HOc^oxb<CH=zf6N<ZdOtL9DOByQwrbFb3@JAwDX_9I-2*Cq8Z
z5xo3v_4rEu^=l*p?<1uF@XPePPyXmx@nYcQtwCF|PhL#Y2%UaAcTZUy^4dE{f%o(}
zI7mVL+oD6{rgVzX*Y#`LH<0{z+vY2T?c(K;*V&EGNviN7jYk%cQzksv3w8MX5qH}F
z8W7DLn<W?!-3A^ItsNWPGkD*UPU#zcazKjE={o`Vf$2S8v|^*v;tT|G>wWK)1u*tr
zsq$E^l?5pG^KO*|;I|#*7106$Y)&2IFZ#AJbEj)6(li&g4;CVKuMSeuG#>$7=uuk2
z0~e;;xZ4bw<hX+nGIifU)lz$*YAdKC<MfZS)Ggs9c#O<9KU;4*#7!g#x@rZAT`1nU
zAa*Yvj+gqPU-5Ms1GQIUciL!1XFo6p3g)ZK2{YeMI7&v8VpMF}lElx8wj+@ECHL3q
z8smR)>-!RqGG0H!ABIpvT|O2k(Q_B-MDj3awMg`*QA$J-LR+jg>kT^;rZ{Zi-m+N|
zEV0-V4v~^~^)89gD?(aHs?d0c`0?Q<u3C0X)`X86@l{40XUbp(tb0<KW@caZN9KS6
zilqbfNSy1+Q1I+jnjnAZ7m+QEk{YksD)TmGF{Nr#C0%I13e8XX?Ky3Wo+f`X`?+Po
zCQka%?0iWd_%^JsUDpo38))<ECk%qMOWCm1&T(}gGQ-!f)%znyo#6c*X1cVntGD3T
zQQ4p(sTS4GK?s7S3<_^=9>*s>jM5A2;8+GHG_`-jP+>NpN$~|yn|R!2`?Zhq-H4Vf
zgySu@=J1bD;SlVYDHi$h_@o|uDJr{L=188-i1O|>5y24<#kv6%=Cz}H+LREJ644(j
zRSUiBi~@Yev>lXdi&HZeU$yl0>+31l7(Xs`Z?}Bld)mlA+(Fbj8Xxtx@Pw|)&bYl%
zM}ayT(%z~u1NB<*`+GISI-0Z~OstgaeRcEsJ!XASQ0hAHJo$d=A2Vf;s<-&AmU-V*
zA0dLTk3xqk0@q4_+V&eBcK2+8=)_p~6Z>ze(@>~{iR3w^l18IMa5O_MC^Q5R+D4`%
zl0l<gICB-~$);wscp8|dh3B{$BxdTvp~mZZRcUS@ri-<?%+-`p3`OJ!9EkSmejcKG
zVy6e@^PT!(WrPt+aR)MlaA0;p%`?rO3`%AMX(>yf9h@f-5$kmz)z8iHOq1vXE2{q~
zgKY|J))DJ5w#065%YnQ^3%9!su2pWlGO;wX_&W8DLhi!;_VFj6a&$g&J1QIxIhq&E
zUNx!|U5Mng%Pe-g%dBM2i!ozEc2gF^lW`?f9_)&|3h0Xb3|9Y&{LbK~^R>ZG4pJ}1
z73my<D{>ot1Z!w;saM`*O1sC?QW}}c?aC#%BT-}`bmTGrrZ90wogZkwQc^Fxosv<8
zLRV>5rE1<QO80oF8tIn{yGU^7(3@NmAZuV%5Qk}W=<rRV!QNAY@2gr^6$JZ|ET^`v
zY7#@4(AD@2980(RWE9Uf6y<l*w+vz1OPT4mL*S(4&a*U|R$b)!;^N87But}d;(3#$
zg-EVc1hEj0kRwC=HjTD5>v!SRYQOn!*FbyZyW~O<`0r4kEnP}pl>?#pncwVjPAy2{
zg!m@IRG&#9HoB9TAKfNxTlH|adV=bZKGIsOoXR^*cFWe+8uLsiN<YhKzh0}S?Plf<
zL>t4GzZ&&>_kp$060sw=zm|-eq>&)>PcIi7WQQ{CSMBRub2m{&?)*STl&%KNc7);~
z#pV;w6jvSOH%IPCQ#G%RP9ehtAu)<de5SxI_x+BlkGB_9V=Ukp5y)*zER~&CkDs_a
zn~GawHWs~7wkOeHH#-o1w-AhYM2r6?{BEUdzyAe<aEfzB3xaS;6IdX-j?vYRD-ZB8
zB;nN3H!{L050$c|@Vh1gNUKYU`O_i%BZcX_kFj$!tMxJuj(1ooX$+$^z4|SrXp~M0
zl=p&Ubd***tvfFLK610g+2@zBgdxx+bLZaUV(G9l1?ty1rKE0u!n|}>#@CA3L}7*N
zP&%a<mE6si2DIf+|7=wK(q9!Qia%Dv!@-<pUh!UL_%S__=@}{(cpj*`Yc#=wLN{c@
z<P478V;*D!v6gbtE%3yGwRE|+tG^5PSYzCtJ?@X#IYifBg3zKe!}+Dxb0u>+K_xqu
zguRlWLyLvVX4(0zh7UP&l2F*iu(8?LW%Jda`*0rqJYhBWfY%Kg%GWjzGJ~c?BI~BI
z=4anF5@*Jm5*aA8G2hxLCjH}8XAQZl^YKClQ~z*Gv7<(hvtP2>8?n-i=I}jx4gR!r
z=9%$2;&f#lMAgHVwG}jUL#NkssjJML|6<Xb=NQJqHrrs^U!1=TNwQ4%j;ugXNGdt2
zD)2^1nvrP=T&*`!oEJ^{jZiVXm?K5L0k{@osHifcwqm~=3>tK=KrepyWc%C`fh-gx
zS(Dtlw+aQrQKu420I<L)fxnTB?p^Vf%-Rr=aKjH_yONW%N+*7onwx=K_HdU}sPwsT
z>eXk7Q?K@g?UUw7*sh=6?Ih9AuI|&8dSy<0DXsPCQ^dY-7l{Ere_Ui+)i|S;C36rk
z%FotXulgdwgt8L!QRwi{O}B=+z_On<TAU<>qUX?`IWGHe(6@&0fxBbhm_37(p%uGh
zJKSN`souuE8>lk?xVX6It=`sqW5$)InS#8nZeB;TMB?pT8LpW!-U}Ne<9S=ja(a_q
z+xO&b2WI$Q<H~3FK6y!Q_)dR4xJ9A&GK3jW1q8SbxG!%w0Y^OFn-&hzmt6-+H*de2
zmc_m8F(fT(<d3id^8pV3nKF5UY4)f`eYn{3b3=Va=0eRUs$;)TRryi{FipPw2(9%a
zEgWf}$nvK|_TZ<)lpjZ3X6}q$jM@Njp>iO1rd5Lgz8GD*(k6UH$NGFmS7Y|O%mCl3
zE3Nv0tDGE-=;SKG<g=^2A}W!l^^{#Sb$JmU?LyN=3#{xwidlC>c5su4V%}gz!umjw
z9e+!>z^)JD0(~XDwmc`A4-`dw9u2+KeYp&{1FV(te~+t})14WUKg{5QB8l<XvDB49
zmr4}Ck)5(1Mts?lWGIhbAwh<HQJhL`nJ+;t6zf4#UL>C7x(x7vm?o0Z4E$SMnuJzx
zx5_m2wWR#ht0w|4d0>iflYN7@(>M)=+~XP!Q8thI!EW$#L8)@TEyiZU>zeH}bcl{f
zZcMa5D+QM84Vd~aV5DM0a{R4+E|)~~GqJf_a#Iq+z0kB__$pjTo3xq^h@zYUQQ`$p
zNkJ$ke49~oQq&%}I#A0vGa(=S9tf3QNY*V4L1VZhhB@47Vv~-DM`DDa3x#q-X&X+~
z+;|{Cn{jLMc+xs!pT%~w<J+{|{~|Mdx8v*1_~O{z8-6FxmD(46ryhuS1Q=2Xr;hqx
z#sKF{*rVZhIrAqEJH9o;!kHb&P3=y@ZK(GaJuJN9I8RpM10eI@%})9~H|V@-&)~&m
zu=N+7TwDgIky6TIFwl5*)n3`P+bArk_U~k;QhPx*e%wYQ^JJ#q%Fq(6%cY0GVie`7
z;9~!iS;Tq(W&smCwzhdbn)77Q-0YVFavw-7J%17iH(Z<~S9TM1YE<)f*Syt{q?T*M
zzOm&DCy!7}Sq;W8+j8M@?-A=qgFwnis5sS$N!N&U=Q1!G=o`*62GX}o2|Uu4pT~PV
z^_^9XUkW_xbG-J?$l7u`|2mgIT$j?xg80ta-f%R1{tafKe27;&d8Q^(@O~Dx;abig
z5ozh;4`AQ$8p#%zGV6IF#y1FwiRJ|_+WmEVcTV`}fFMaV#uJS6cGIjrd?L9ekfDw+
zfhHT5megfoO)k?tNYJOMJMQmXJn)&6&>z4eg?#$pF_JRgK~4twAPRIaMN|~mH?C4N
z0|u5C{hn&*Gl2CgQd*6T_>y67x$v{`0sHNiR{eK0g_(&c{2NU$+y8~8>Hi5$9|k!!
zBPOndUsK}4Y9jq6JmJ^Ojj}SA{9g=z3qcb?cwQ}_1_#C-NKzaSI|+B`cSp4tKc5#A
z$4!qd0|H=r1<mcXal~OwUmq{9=f~UOZEy*4zL&?_Rcgngb6OezkAUiEbmPv{4?u>K
zc6<%gB?2{5x+?Xek54KH0Mr6yWTM#_tr{yIHf@L4GHpioRc@cX@m1#ONCWhY@}nfW
zsd5-)TAorFWx~B?FiX~iFWJU)UJ6~qO#w|e)ka0Ofnjp(Utna5Ty_vQ-<%2jXBn05
zjG-EHyih{to%f}dRDs%uj>t`d@x-kmiSmC}Llx!*)Y(@S7Q@tfPsXb^yO~P9E#P4E
zS#hgOXy{z<r>gu;SMm|Ztw<4EaP@`!-VCnWsA*=}Ug*wn3nzu9tg5!XYMcjQi?-eE
z8bOb8tqU_-w>ic20j5~U9njMv1IWxNJ$UwI1VhsD*LVoBN1FNv&>v?G)dwQ7kTF-r
zN=EY!qrF2(i+p1%EeB~6%>X02Wq1g=aU@8PT0Vk@@CT>e6gsdzgxt(@gycDj+%C9m
zX9F^bz^BJ~@ZHn%D`p;%tmtk3aW7<3_VyHj!gs+5iRmC@GvI$fr`ttcyW#=8$Swz|
z!vdX0Elb#as-icS<jGtOtWIdF#hAYB4qiOer_jTueXcTKjD^G7n4N?a=9{7iD^T`G
z#=OqFOC0GIh>9R=K^9Ub^~<udwTy1}$+>dEts!w=L<mey8D)zMG^Nh5FxphFfqeoJ
z0huYB9xU<>wOJHJch$KlMb3-)&2`<fMLzS{v0LYQ$G2qf#ZdroOK=$i7)60M4rplr
zfO_~|i+BV8)&bxgFnaXAD4gEEI(9Ga5lwDH=xns^twX>5GR(*!iG91D3JU<H9tE+@
zf_=m_Q4U@b3l>cNDFV_0Z$nT<+ZsBdgCl6jJ?pvME{A}X!!~+7Pc0sRV?DccwTC)K
zBWhaNXcmvkM+~dhm|XT`M+eSPKzJmUc4AvOkW>T^frRxM1tk4l{|w@rN6T6_DfmS>
zoT&>F8MmOsNMb~y9~<LZ<iz@bGKW@H^wi0^vRKzuKS6iF#Nv+OehbE$F#uU*wkK=T
zWh}fHs}`mUVta<mWw9dzF)9&-vXzUuRJ0_a!fYI^6pCB3-NgVk91t60_M9tSAEzwL
zJRX&i9JDMWwg@YApcggCE!Cr88DyYKZ0Feuu|k9X<v<qK<o}3)i3-Z1#&(b3-BK@O
zQmC|&Cz>CrWG2Zk-V80nUq6#f-5xx%+zOY5RMH@ytm+V=+KeR{Ar}-BEBR2)*J_}4
z-e#8@nv`niAsfHv*g!V1DZ7!j7&lIE;-v1_Mxqe0%$<moLCntp$$<zK38TO)Z05%$
z<yq|8^5^E55cBQ$`O~T4&(<+6W++71<lJ%EM9xo^T+|d}cMkbPER9~Y$R^i@Wsox;
z^7WEV)U4(kwQ))8%GU8nV|a-P{Xa|`Bs9~GCXYsO#liCYrztaS6gUrmPFIW3AL8(N
zB1f>v-*^?nlM6<rpvNKassrzsY#ETIL;8&z?v?d0^8F80%sW5z{NDxBdfa1#SQ|#k
zk>geUn?YEJ<q@U@>ZL4@4HHTu+AcZs#gk1Dmzbi4i6Xw^ovizS-*Jb2Br}RIr}L%@
z=@~ZL7T+ZLLdi9Q1x47oiH&L;HEV$8m6oaAgbw@OcqTy+&462|K#Sn^p8@t8WzG<`
z#hfzEe+peiS1v#Z0-<Ksehx|g-e^XrizOh5(eFMqpvnqlrjw((^`${=Jq2xDgNc@A
za~O}vDaEejmnmo=H-y;)=Up3HuYYE^-EhWr@fmw$Kq{fRzjKIi+3|#5OVu&YF^rZ>
zGepXj_lLUZ)QRSV9$TSBrzrzQ;``;pI9he+8+rYe9E$is_Nj4hje_k@xv<5+(XMwS
z)C$YzwDfQf&ZuZBwbTsRH6am7R}jpKG^7G53c#cE_sB_*zN0`ao{skH+1Wxc{uh39
zN9ltNvST)~oy4Dmm;~}MTBI~rr5L`J^{<~7);d!12}|qBZ!jAD7;pGMv_Ae}M|gzv
zqL|)CcptyK0UAa$Zw5V_sPt>MnYCpB6?Lc?_to&Bun!z}QPkQ}u!whp!tWxZtAsu^
z@=OX{H*?TtUq-AS@Rpt3eVv+(dU_knx8_L<GoclF{QMHK+GgROzZ#{&O$a{YAAO}1
zH)#;Lv*rddO%}|Go_^u<WfwQ#jL-~oc`BWz^(?U0ivXqxa+%oN?ZO%$^u()nQREn;
zb0|*WpP#()h)9?9MS|-q%6?^+QVe^7EuGMnI(zM@*AlDMO24wg%3teI3tL#3!aQR5
zZb$6xA@^83iHRL8X)K`_cr?Ae6SbdZi{KG+l>}jUr};?xCQcI)kyX-|0M`UR>xAAM
zz{XTzY4vJJ@mjV8wJ_5ph+PROLmcg$WKYJkic|G-rm`??-oyY@AKOM3CYmvDuWW=V
z1vvA}W)2uyE%MWbI+~(m8-)l<9x)r^32=-Le1SRi95u~v>ll=>T0!+LuJ_%;L-#AR
zc^urRp5RepV#siB&ggQX%(b>E*s=z8=I|Iyxyi>wcHlL@5W-YKj8F9XL272-PrJ8}
zR}se1h2bu|V_YKy4JtMiwg(pd6tE*tu0|wmgKTJ)BJ(8mWHcdQjfmpe*?7g4jSHM(
z@MC<R`caE+$6>BPev1oLLy^KpG+Ob_7kF^mgrwS+<$oYRUbu5p=_!@tX8EO$!TEO*
zVh2Eaa~hRz_KhRSnY_p=JVWOJWlXJiQS_0O=9fpC(x(Gm(oaoM$t201Z6rj2EvLw2
z!nD8V20cT#AobF%ja>w%eJaG5VgLetHqG~GZ3$era*iL(?!^0Y&;-LpvMNv1Mn7jC
zjeTXD&!h?DK%SCwkALQ6-qYRFN!D`zFiS-GBdGc<1&Lpv8KIF6qEI23wkCQI$FUoG
z8h@<k+LDQXznGujQveBB+&-JGR^zyN=21$7{!I-})P{LRMyk~seb3~gQZXj7=@-{#
zE~KkioFK}l6k8W3&!U2V#I~BEOTj^5oLW{tmQJG>9i(Imx#fibv`$8>Fz2J@^ro+^
zALul4%HBgg93T$mp7VrQkR>~11mf;$p}Q>w0^%<#{Hl-Tf|+fY5&^T+!IZgqr~~eU
zDS?i2oPDaF9yQ@uQ`!YPmk}*Hc%g48tO&uQ6QzJrv={4?bk-MnMvk!1<<S>CSabu4
z5gi5lv)=CB7jCchk9<5I1+Od2bMDwH50YwL+o(&`TBwEgD~&>p!x4l`++`0|8i@(;
z>DK3krs2iRY3!SiHDT#nb{foZvWe$&LE9@?dQu%zNQKq@StOV!TJ+6#3`*?>$k8KD
zPtJthB4lMTg@#m*AIncylzJV`1-~fBQ()3F<t!qp$Kru`^2uiIBRU-}<BBvYyM=#K
z3Kt=xzkV~0Ah9n0kZCPe9k7vSHZGalOLn3`kBDp(0Ky>eY_qe4jRE1Lcv<&`%eS-~
zE%{kPwa5!C?@%{C5Gr8pP?0UOvEnG5c&A3sSONEfb50Jt=}a5e&fK!_0na8L8_!Zn
zrHrS}V@EXapOu_HsW^;24n{??>gasw3Yn7&D}L@Eo%f4!u_H4#qN<{`rfsoNu%!P-
zX2ivhd}K-DNeUAuIYoWEVBLtwjk<g&t`*Nmf7@|bh2V5oq4)dwQfchy(L~y*PLIV|
zH}BsH&vKHTM<z0y<ErbXTST21iC}+nL94*pE!L-iGe9|{L?P91+vsCd*f#<DvvJ3F
z+UbZy7l$eo4(blq?CG-E7W8AcqMgtIZS@+%sxF6W+`Q(@$2&$Yc#QAh)$M~ff2?Eh
z^sST#B$FBwWii_Ix%k35+Qc<}SKv~3vu%HLJBO2_1+5adDWR9MlA(8L>-5bF^mSP4
zwt`LC!KcsSwKJBns1ZLaqnEQ0xsbubO`na?`Pr{J--z$T@swcj#S7wa;}dIiF3%+{
zuut!AgSEb!MzqKlddIX+t=jUA5YMqem7Q0N4DK$YPa6V6fMShf$mI@t2Ia+hc{0Q~
ztYcT!zkNMB?;I2$`*J>0D{p$mX$LD;@u$pLm)1zQBvYp_8bo5bc(o8hn5GPUP;I?Y
z5t?#-1@o8Hdc7jETuAMRi3!z4pXuXyW4w-&1bT}@{!6E5Kk5`Ey7YO-LY`dx>wGb(
zH3*>m)$@CpEeF96>*LQz|B((=OEfVtC)-WpYSN~Y+pr?Q?=(bV{vKq$to@|wxGbY8
z?VOLLIN*H{p|7am5Fe)!q>eM>$hAYOuAqpdvsKK$*J_ar&nz|1`kGt&J!@`eFtR7o
zCYE&5A?67iu`7Pg^=0=ePlxFHQi4JjIWF=<Swb(5_}M_!YO|uE-a>9ENK-Us<>b=7
z)~F7JEYdbBnT@gO-2j_!wg%1~u(K*Zb$b4NBtFWSB(mq)u}bV72VcHgHl$VdAM}X0
zWaYMMXKk%*gF4|QB2q%_a#^&R@#MbKKN`L&G=;OE-&7{eM7nimQ0|(Hf3xo=(^J=!
z`{-M(vOD#qOS#cPCB2TfG`^zgDr@gqjSRiziirt-nbru6Wmb*bLm&&8xzQ+cnkFk7
zESZ+$>?{pJHOcj#DkVG7Yl&*xhP@H%I{SO5|E^l^dDax@s8|+!iu*Qv+z%RB5qw<e
zqLAeGahUKODTPqwiSaIjp%2v$1cD+Lu|FO5tc+xK7QaT#g^aUU2Kwz-lJx?A!ui7L
zDb3Y=eu6{rrElx=bN8=xPLzuD*CA(gPlN(ZRPt2nb@l1v^!TFNQu=iN@P~-%3@FHA
zgv6{+^L?QIdL^H5s}P+ss1{0yph}D_yJ#^IUNC%->t_D)`>&|h<@T>NIbvNzrvz#p
z3920MFYmht%^DYQho6`~|8ye9JMt5<{%%2BGBixKm3kRx71nB9_xfPmnhNN8ZhHas
zKG?)!?!0>)Tw*k=wYM|e!rRPYd_P<2SzpiH^6#;FmuhHt5CJZZulsAP-?iO=pZii3
z^<#>^8#*>Zdxcww5`1$IR0f30O9P~K)#5#Wg@;vA=@v6157sfV<N&d8`&)R#Y_aCx
zQ-0x1NYnjlFdt!+<KXyqUl_yTL8Zz`Ry;E`x&vK*cUDCh(D^su1<syEO$x4!u2fP#
z(FV2S)6ZQaP!es5pk0Q8T}hi19{aOi10igmkve);MSAUaoEf~--a04dLLy&IBps%;
zt!VV(D2tHjxO09+{c3*qJT+OuzNw!9*;l^kwl~h*5Ca|kbj`o1-QPQlQS($Ao0gZ$
zM!27vsG!iM6%1uCSy+C*i~P4b$9hbthp)hwoa{rof?xprZj|`-bUzcZAvv>|ZN+I}
z{Q>lrZ%-V*7IJFhb7^VU&jTR!BY$xMz%)J4V!+>zz>YgS6bfY+Nmbh$f9vs#Z;T>7
zYW?7VO)QC@VYYSEc*QZu=IDmZ*kum2QL<v@Yj7nTvXa4be*cF!oZZ!q_~9feeh?I9
zz8~i4r(^vEfgL_WV8^a|rq<m>T}eywFB<~=dCyt*K5KBMC%A_n+4{#V5KcM2EU4%x
z&Nd}pIx2@M@yT~)IHgQbe#4|&6U$qt={6@E$g9=hh6Q+z$VqE^#Pc9)$1;oakI>Re
zY<#qGOsquF7yPJwXy70HWx23PutYlVj8C_S&fIf~+tMyLu13)-Q@5pKeGj7{EjPyc
z4fkdE$6f=REf%P84DBq{@Xdx{hv4F(VPj&H<mEv72~oIxx(wJ5*aum}C7ZMtAjT6n
zP#~Q`7msE9`HxE<{>ml@i@?tlyWn#8{icCKLddP7JvtLNy<d?XSz2%WGK6vzOCvM^
zT&zv92R~?ajXgao^&_LH9iqe>PIF7^-E#{SK_f^s3`XLC8SBBzENZ!}5eF4s9rbwj
z>p9hRuHxD<3hYwDk}1n***<*#32uNhJp^cR+I<_^c~yI&zoTviMei_5OL2L5a4<ZZ
zx^J(Q^M^%vSa&R;ljiyFt2bQ15>kZ#I0nrTjA+yq`lp1yHIv2~U*#Gy?ql<KACAW@
zlaU!_btgn~+Uk#AHa}%Y^dt=zyxD5P8`1G&BpvOUnXDb*Kn_>rOkg4y=3;>Cf0K(@
z$*t^K_dOq4pe|Z!6A&iMMk!jcJnzbox06q<de4pbRZuu&d3XM3^3)|O$8nT;Uk(0P
zIAe~9ZoBw?!OW#;b7?e2Pr0#D*pa+0UIvRX%>#)WU2}*x`I&2aE!PjhHzyQifkWBL
zhIicw*{(&>j<Zb?j2G_=C)c1$1>958sLI~-w0|Ji!)U_kAS_o+5u@o)(<@6u<|+Nq
zNS>nUkk!WuPv%*A)0hzknhTmtE^1`{VfmZ%YHsk=wZ$g&WYo{5n+K|bp`sE;2M^bS
zdr?6Z(Kn<O1AccEYR`z}mm}tcFz*hYYZDkgok&^M4oP(g2MDiaTo3OdM#1YsVB9fX
zxRcwO!s4d!7QW&7fT0(+1*pN47x&SD9yEc$ly*p(i|JS!v0g$Az+%^gc)Ftbmr0-D
zy#y3swF<OhnE7}L>Fheem6+4RQ3DYGy6YemHn4rN71*f6(4j=9sOE;9zth%HG%%iH
zeeDbhYj7D87?j4#zI~t&$JoZjFm18mg`cgl>BPpT&dW`uV;rs(d9wUfo{nBx9;bWb
zM617p^Zdpakau)-_wHw~{kJ6m(I;#P24+0!%)WE31w&*!s_q--CTvjw6|gVCRwZmP
zdGjM|`3W8npauW=i3I!k=?Dh*{$ULN{MJukc<V%qPioyej!);=#tH&qa5*2C#>?Nm
zzo+py40z3SuttktLS;~s&-@f(AT!L7AZ(?_{srGv8?U<px36^RBG8U{;P>u?Hlh6R
zM>CmF83q_fBiijk)bf3x=P4|(?ZysCzO1p%L*GcA8{>PZk%!J*HjxY=cnboVi^%vO
z56nN$gNg4Taa%?L5mX*cyLfc13Ca8e8CaOAxma%AV73>l?|41oYN2l7tre;qr88=h
z<q&ow5{##Sz^<y$QlxE^y(pn#kS_<1rRv+XLIeD&l9Jex+U|$W9+Az~qNA^EPPx7a
zm5>+uHdH6fG-Y#0InaovQrwf(+)4&)*NPi%KTsbE#4nxtG8?VBqVY)UNa9Pf0!3vK
zBL%`zb5-1ogNnO0)gv}64uCgb{$a!pvSfv4c$XfAp`#K|KH!S5V~XX`L(n>x?pR@u
zhMd}$f*|(e2;o|3L!k*Zd3_p&3E@HiT6z58Dqn4(L}ipxXaEFJhESFPxx7h;(Q)g*
z7CZm~g<WqLzkhp2iUGoeDYiUURrJjj#1y4b*6o=z)loM{r?-Dap9i#0D2T5}F2~8~
zTbQ^heLuO;pGoNbz;dRxot+$uk3Q*Ha_`{;Mluk4G{sIF8&HE-JFK~?hNL5NKo6{L
zNGC+oblmaYx_VO9Al6U7b)^m`+LNo)#)#;kY5P}0&d6itB~cWoPR9c_4sdScfAi%J
zoK0z20lqx>>~ALmU+gHNcna0MeO5Cih$$kU@FZJN`l=%0kZ;<x5ECb0R@~Thl&Jn(
zTA2h>OxTy{+gc8iFocUx8C0yLF*Gu}vJs<u@S)k_sd_-PeJDuDl3fVIb4*~=K8w8Z
z-&TKN7?Ebn*}kJjpqq;+PYFPy{ASOU!%sz(cX0*hQ|Hem82Gs|`tb=;%u;yD60$_x
zytE&!M_P_scWq(udg`sCT!gLgG3D(I-SF3zU+39%fvPS=ZlVqpoA=3->GR2SAG*yg
zwZ6`!xUxD$D(Usfy!GfTt9W6*vdZk_KjW9*oZAQ2BK1^M#ZRO>wL$^-Tt-=mOIiJ8
zR7OD+h%7M<B7tgRRBPxs2u&4SR1-tmP0It*VpyowRj-AO`(>$2u^Oy7+SxVU*Z@!7
zi4c+=_7I^TC_8Q3TlODMo_0|*pCHla$)kvbSPoo04l|qDvwphB`(Zzk>+oqQxYh~|
z_L)c&1$E7xgZ^=;dqPC&Z@f`F`2|meoif3Lvxpx)p?(q$_Pz3gKW?OFJnkpC7lLCj
zYF|GipZSOO;>ZW8P+=XN|NBtetCZ>AqT0M`4R}$u_*~B)ASN?Lqu7*NC;t_b8?0*P
zJfKrkupzZ5{w*f|6jx2u0Eo%T;#ORWiQ60{9$~|>JuJeVDmKo9D2&B1iT@!cH?Ij!
zFz*1w<YjmWcFFtTGO-LPn16}M-Z9SqT})0!aLf-frE^+HhU`4$2&V>%ylH3>M%3(e
zC=!)(0e*81v(%Kzd{+8NdR<_~Yx<(}(;CnbNUj!51|gJ5?b#C@%{06#FiS$zy7_y3
z0=8ZP@CG-jTuZ79HRPsN;UTQ^*CfM?Sm)@M^QlAszf$tK&i4mQ0;S-YV`5ktZMZn?
zNA|cmbUl%8H8C0bI96~>8#@qDSs7Z_du$|d@C(OP`^=FN9?rQ0lUR*liX$M%eRq1)
z-nig_vUNkPX#i`BAY)$&U~N@1qU0flxBZh#CU4Tp>K>>$kkLYPV10`ih20RVv0q&z
zU1gb%p_D?hfjvqgXT4Gc7x7z3-EQ6ZC_C79a-PT~ej<$je%<{L3s=e}OGri>6ydni
z`CaiwNUO$g!0eZBsM!yARESi+vmw1&-_rA1_nib&PHMDxI%DwQ0Zei7?A00i<KMZ8
zNDap-GZK0F^P?B?)b-sc{(qs%U%0}~4-4XE#YQCKe&MN`f8b2mYBhVN>p>WF*K}~A
zS1<6exFO60aNbqRZ2u9$e)G@cEabzl9E%TfDG!PLrE23zT$zwSmUT?4<7nzKgdG)C
zp$!c;iKV}s8LSBxIDo1ft|Ct~y~v*E`HHrX%E0wb;7Qk>pt@@ruzniP>|wyc<Z$1b
z<l5H5*ZzN)ioWv?Q{xEJ(B`;9;|k;pztwTeL8qNcAg@Uc34;jut?k{YIX@}i5I-qY
zRyz1}0uSpy+Qs4ay}W~UUogANZ9Q^b+r`-#+}OpnIC{HAZaTR>FtsW-v#)mIoGmP`
zGI!zddKnxpEK6KlSF?MvH^WKR4Xt+WFDxI4rhQa4M1=pfw^SR@e2J@b8UT&;_4j(f
z0YMoC(7xjvLRG!68$#LK9=Q7w(-}gI|Godd*Pq7o&4_5ZJNNVeRm7AJ(WU$v#cY#M
z;xyR#Gj+f4&{!zpc5r84!QU0SEao^UYL9>O;tMklMTGp2TdH!MTbk1V;0{h_*{Dw@
zj~F%J!aM$zm9_t*PbP)KA8*B^CpItOMX1d=webB&?@TbM*ABOe>rFfXabQ?EzxaZ&
zkHXg;#PC%$JhX3nJaw!%fLKsvHx>O$1-V?&f}910MU}yjtGM0zaL`G(qI~-kySE_(
zz$kCmTht}lZb2(HY#;!6h+psM!9|BQrU9(rye-!k@||FziZX40xu=Ig=QALlI1;((
zE9dEdLm|-(=MsyU>ZiKnwVPO%hlC*_!V-{i?-tPNv`eZF>FdTGI+^N%O6Av-U$%p#
zO$uA&S{mQ*j55f4OX>X54OCyT76Z!**|I669kXV6`}ax=Gl&c-*xL{zF;yg_p+vi7
zYQghV*DeST)34(Pc+Me0GD*GrR14+Ez}HnVZhW};CEB#4or#G+N~t0p5`kqPxu$!W
zQ(LXaKn>io`q6?1o|jki!)do$W{6AM0{yr}8)?bpeW_NE0R#g4`>C|qpOsh$WfqBL
zf)L5aw*bhQtOGD<6teoC>xY2R0q{;9GDWszxylHgb-*fg?jNId6B2EMz8c64KyE=c
zG7E;by$Cga|A2@m4L)k-7#Zy^g$jcIO(DM6jB@~mN|$Z|ti1~7pgh^siX57U$uiZ$
zdhacV^2q_KQ$z$79?8tC<%8)~UvJuHOqEJfaH|j!pq%+k9`zdomU$_%b&{rEEM;`E
zX+v4;Uz-qM)tEAsG2=%(Z&dZ;_%?*@+wmHx14h8l?%dJdU7pp5-!dt14=~l2-R~Lz
zrn<ery*`I$L;|ce>$jvBafB5izN}Ic&i0i}#~9Of7=F`i%(3G|GXnd9NG;Dp+W_H@
zc}$RHZ?P&HZwRnc7#pGF^Gwhdq45KE=Q);TP830qBiZ@6woAX$*ntou1>zs23M>C)
zdqO?R*(-%{0aNOuZVF-|Yf)Fwq}Tt}Z6fPU@{<3>m(YO!;>*4H|BElm2uY6r=F1{3
z$A9wWIpTldOY>uU95!sD(_0*2>c8Q#YFUS^{x7(+jtT!(^g})T7hIr${=((=KX8#x
z{})`KSpjef<-V3r2f#%>{XgJB&kBGG`riKrE;|6YXx9SnF6~<DYx6e10RWeEgjUA!
zCdh6&&9sQupL*SNX^i6s<IemINhjmZ+_6Dg%}%T-@XE2;)D}sM&awISoxdH%pyg<-
z)i6<y-4^F$Bjo>Pc@~lL{*=|m0HG*fS<!%BS*>D^`(#!EDjfh`03+y?)!5ceZt3At
zXPMRQV>N&(ib<G8vD^IefC03;OggZ*M^_W(YH~*vt-g0261#Ghu@d*gv0Q#o*qCF=
zB+rQr`F|kG)PInL=Kq{57_RcBTD_3iiCD_7TV4Sd<8+~9#H=`~Vi|vk)m%`#JXlxf
zkf7Hl>U--}H}4|eJKm{u6OVu>xsdth@io1NM!dhGn(_ZD!&B|S+v|Pux%fB3GhR4=
zQ;AdZH^XDAb9S#EY;HaToGSfKhUcVdB+eK<f<~s_D-o=Px{H<1;57w$H$^AuE#8yZ
zJo!J9h8v&8KcE3g!+v|Fa_&M*KJqa!mEM1nhI6LL|2=7#?-~dSk7pWLRm!)m-oh<M
zEEN-11Ml4m;*X1Ok_o$<#wyk!0!SJr;sa2!hCLphs2+ky4k%^t3()`!dB+D}<~<XU
zJj=H?>YwWdf$YJE<W-`#VxptPQRRd1EJH?1dGBMk$+{C39vn~q<P4W+s(Y>jQDP(z
zwUx$9JSTqE{VTI$V?J>{D`m>mh47{-JCQ9BT2O%Fm%>LeQ_TWaD#;2#--r5BNbH(V
zGip-;czd>r`O^HqK_z<N{~Ic~H|5OR1l&gba=(xrh{BW>JQfFrTS*=VofYF*9hP|v
zqI({+npMWbZVIJVoM+A#P2f$Six&|BywT#J0#mwQ?KLhs_}wD&^`^b;2)Ip>UbNu6
zkWs0_516wOvGXD-%dlbfXAEQ~=p5x6S~Lo96s3QlaSLI_QuF52J}-+W+Uhdw(ZzNR
zHpVGpk@&kqHt1@RGb=~<c6B2+YLH9v5W8DZ;s5&m*CR(xum9_jJGq3)Gxn=AW2L^t
zjYkdTTZ##&9*teBGbn5d_cYx^9TgeULH~M~eJrptWr6V4ftK?R1cl*Hz&x`J%uNNt
ze2WtSDdNzQd@U+rl7UzodU%TdZddKvqqRJA{uKGWNg*_P@+vL{pX4S_fPUr5B$JG}
zI*=O0rfs@)KedHCoz@gmV(q*rC5}bSNpr3b+w9Q;>toF*BCu(6S(iTnj3J|#GxZ>q
zXO?l!SrP37lhI5kf|RA%!|j+1F!9*4YWUXk8sL%3^jt1KZ{m6w^%Ktj(W{Kn%o~sU
zI=Wp#2)8GpY9j-2ZlC%_kE(Koaqj)@igANp5!ZF<-j-9e$J6~yi4Q^;hg_(vn;`uU
z@p*S3Y_RrvU%8X<ibz5j?0UD;vVEu9c@Zj$J5ODS&SUa>Kolk4Vf1j87*HewSCS0U
zDpKLX33tpWoJp1u2xwO+Yi$IKn<KoGRo>dV&k7H%M8kJu7qp9&5iP7!(^wgQ=VSW~
zlAICdjPe5#6PA!^FWIgoih0ThmmwbCwysOoiI%E2SUz{`nzcIPRb8{4D8BXeKED=%
zW_0s3oh?Gm6Jx&MyO(U1N`hfUjgk7c1(=cNR<!mR#=X;%Ct0Jd46>*(?gddkTKI*1
zc(}5-M4uO83YD2_MrOn-do)Z_&6RZ74kI>5F_6w;nFytM0ZHI2*zoA{;h_gy>-P5S
zArlfYmVZ0sBaK*zj?yc;uyGWk@yID2bI?Yt&%R&o?C7qggZ!7}c7C}#GLerlar7R)
zokQX@G|#%6L;N$ELY0K};0G{X%dq?;neaoA&`?EwW_vhT5q;QXD-YULZRB?{p|;G}
zec(K@Yn2WWY#_AYBf^Gpuj3RsFkQhDciv%YhFTShTb`e7DnuHqV65bS#L)E+V+9NP
zH#2Gx_9QiViB285-h9_ep1pcNlVGB>s)nfdy4WCtIym;)Qmn1^s6jn<WEX4@e+tv@
zJkfuXr;bRYJQTRO?}RKUHg!=GUQ(TbE-N)>Cg^kHiLTJw^h_xyOtCb{?GcgW)s&gm
zUX8zP2Pd2l^yJ!oI?s(beqa5~e)TY_K;Sk<d4#q*l6i*hxEQTBZkiPO2}F$Cw5n5t
z(+U}V5FJ%v$wAR>ImvpR`3dYj!p=Ar?92E47p8M5l=<=yBRxQR!RrA;bO*#oe}vl#
z!<7ZrfL5hv>PPoNYD9XU7yTx_B|#*~eB5xI``iutM94ddQYe<B{>Ga`UM;lDh3vhd
zXzG8S5}Fx5+6E#{QW(L{>x@bVaL6;~rezFljl<EI5Xu~Kngi!&f{D=b)1Fgng=l_?
z+$Udx8Q+tLBZ+2x0_Pb2Q0HnX&zsQsLru#3fxm!6?I^p<y@DDpy*_FL3<p*@WN1-d
zm_|8_Zl~5k5Ra80tQKhT_*hr-k3p`?J&@qeP8FhokduG$1Hul_&*qKLjqytdxfI-t
zi{Q?zg~vLTSiA2#mbG_wS4^BW=W%&Z04pM`quSI*kBMozgT~gI>Eo=%Beq&At)D<c
zI{3H5`)%RS3bXTEqL=P)XJg5>jnT!$Zh(6mr{3Y;?zoJo=Kh6C;-j%%yVJ=Z+?XG3
zGK%&Uijp80nF*+jcm_jK5l4B{zoe}2F%{V+5n>BLzsroHq(R_)oU|KWVG_U>3TBrp
zg8K}S7LLS*e9VC;drZcV%~$^XU~V*freE&L;$R}^w)gJUdgg(dqhBC3Rpr~!4Waaf
zwT!F_xggBmw4%RP+HY_Yv^O>#|LN?g!WNu56_x+}2E)}D7ThkjHP!!4p&Yx4(;Nw)
zYn%x9LFwzgfEQ(L=FoM_rNTbbgP&;nAE$WuD(h(OZG2b0r)!Do0+{4bLf<AYf1{BF
z>K<(Arw`FxF9dn?Wq8B6{`?OuHX|fyfqFV60$`4}Fb`zy2GgCdRuJ@GUs|AM+vU-7
zag@#(s<Q3erzG*TT=xkUfrvU;ds(mxiP-iG{y;;9Rr-2#=y}!gOmPfQv<s2Q+qyMM
zmxDtTWV0aPz1q<HC<n7&0-6b|15BKqc?eXQ_BlXDTiV^(I0nZeEsV(4fZxR{x!O{!
zFWeHbn3kqNXJQYsew<4L=J(K$Dx^+u%6rEZO;Ga-35}clRz6Me)D5db>`u9pr~q5U
z-h^nKjq)d2wL&Pyz!zUD`MPxR$5bmA!}+DxJdfmblzoj|6J1y0ShBl>yo3<xW5U>t
zjcu50Vs@Fem$doFlF|5RL#hh%L~L8og+;v8iB+<)c;s%xttu$d!<v|wsltaQ9jf=@
zj6JF|L(zjZ16o7ZhmU`*%vI$Ha7n(0ro5A+Q%!{rPB<1ba0k8+NsLfxZ0(hzbmUnU
zXvF9`Es+%4isx^DIbIiA!}g6!PP!%|!Z?+#ZFl00p~@*vVH!Wj%Kk}DZqMCS=j~+e
zI#q<k^ASypOoqP$<+eOKZ!>y?G*i;f_*!OB;imtG@bCr5Vov`8Zv>q^_Ero%T+jC@
z$Kf;zIv`yRe^^sS-)PTE1m~BVhIIyRuRS#U-lp7BG+p0Vd`cD}cAJ&pqpg(fSv7N5
z{OiQ#7ZtlIU+i>+p;#BuRC+mcmKqk1PG16fX6w0obJ(P9_!^zxw#GD+V{OJ07^SQ!
z9N@a}a^?&*SQ}O+{R+#O9b9z{2ix@aY@U&q^q1Yp4;UWM0L=yGw-?rJa)quxBo(cV
zqkzI}1PE^|ftxT8A~ZYsQ;s*JTW~Y1r0dRi)9QNA(IUeP1&JdE>OB6{M$5AY1Z!i%
z?d$m~T5!5@wK?f9rCz8ksg8aksROk_hp4OrE29vu8554j*xSb6h{sWM6d@D%eBTrm
zz;n<o)ST8Zy#6q6bM5$&AXf=Iw?QTc0|)1ok<KASjK>c+J}k&4;%gy+Kbf&)>XNhu
zGqHj(zC=xr?w@;dEO5*80olroJ%f&4|EymBvB{-M>k!B#`euIxQE~=7>iI&2E?0^#
z&<wMc43>WIG4m_BM%?nIOLCFqsw8_ONTF8fd{R~Ryk0=PTF`A|Fe_6O&F5@420<f^
zTYk}cfP#>h-brUMNYjT`k{V0sA}2HIS2S|r;GfXt{(l+cJ3ov}9sU~QGGnX2I&-|x
zk3o}3++eAQI(uu?XKXQm6#+_i`I5JNYlVD^W5&$eaPyJ(c=Vf5pkGEr^!LsEs`J(T
z>hDcekW((1!)V-*0X_ghMtIX)6<LbyiKW%#1`KFrZup>BrLJ)L{8nd;?Y)CAKm2@7
z>^*;EM6iIQc2IJPrsIVmW8g?7+mA;>!P0Vuo?4pks%s8Qc%HB%f`@GNVS7}-Eqg!r
z-!D%iI$HhC>U`Z*+ePj3#t{a>A)!>kXT-ztNZu|dNnwd;crER>_F46-$zH+W<oMF*
z&*-WnXGi!r%~U4EugjC;Px=(k_~dD|dbU1g9iB3ng(e7ZXX$4UR@-!vzHVE3a=?2F
zx6iKv0&XA?=fb?;@~1?QyFMOw-fzdlIjhR=nEy^;zf=_bDE@l8-00~4>VDgM6a3iu
zQ2e@|158{$QT%$21DtQXeZ9=Rc?3Xhy8V!bE>=Ol3HPWO=E+`<>=gtfWQBoZ=+=i2
z6zzmzNEIu`WSpoo1dK&Ued09ehJNF!!3@T=Rn*QDlf1@{3PR>Wu1iuhM&NSbE({<|
zp}wIPOIw|uP8~1YyT+OPH5uBEu}JACWTic#XiBAm*H_4hAwKESmD_?}Zz>gHpD!1>
r^6d^_#ycnjxMN$Nah#@grI3gOeAx)^TR=cSUtfYdP60sMFhKtgCkGic

literal 0
HcmV?d00001

diff --git a/assets/fleet/fleet-103.1.12+up0.9.13.tgz b/assets/fleet/fleet-103.1.12+up0.9.13.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..15f659410b0534a472654bf7d0c24a032bd787ff
GIT binary patch
literal 5343
zcmV<56d>y#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBxbK5wQ`25XJ(Lecjm6@DHJ^Y$w&CZ?IcCy)Z5})nN-qzNZ
z2O?V%Vi4c}pd5|Y_t~%TphQxX<=BpLvnxzh#>Au102<wm2D&w5h`Mt$CQ^q}lCp2U
zK<ak8-TmEN`~PmYTmOG=cjw@n-tNKf&hGC1-d^vUZm+-7>wg2?FM&)w<w_IzP4~%t
z)d%+*NrZEuiKc?9C;*6wCQOXNm}t!~q@qJ|E!vbTO&E*7l1n?5$?sF5<8fn)7^S8|
zib({L@OX@}u^N8LP|_5+CM<%MmN~W>D~@TBAiuZDbw0rM1f`;aNATju-$O6#?}XiU
z7k)5*{?7dQqOmC_DXNUb7=g=dyD_S%(wH_j5h?;kdH$)fG((wEt=h9%+c%Ua;zl*s
zmSRE^RPE73Mi8@HX_P9oIFzbQdW2<T(rbj_XSq57{qTD~{(gAR@Fg-N3fpEH{PG4Q
zqdyg(CjEe9+3d3${x0n81PNxy6XY>P6$NdG1y889HAYm6OohnFfMF5<ILITaKZ-#B
zATbk)Y9Xf)3@O8?(+NAV;XkV5D<!C6NizrUl|c#K5>7@ap$)I8exE5I8ZKhOFrcxi
zHP$*)QO5%c{ft=pRSLE0FfkIU<EB+jMnQSJvw7=vcfwxS>;HS6`GJ1z?fJ!%<Np)F
za#UYR0IcBud;LZJzqhyH|7%G!B_oV#`_gY8w_O4NO-2z+{FVT)ZO(GW&IF_JG=ew7
zcS4^@RLFG@kP&kIW+mLVt@qi`x8RkK1)~IsBdWBt0u1yRA<GAh#_-|%6vWWx{5c<>
z<fu`>;n^EdC?_Z(&6S1$f<g^rlo)Km$tRL#4Cl-QT}Bv-G}_<Y-7$>u!Z!bKei}im
zwHg~t0eLJEOu+830;!|J&qnXf5Eu?MV4CSEPz_W8Q7TU{0X?Rw4(amr!c<Xo#4&-v
z6bRfPV{pyI4Tqz{a6X))!(ueYsEzpIsNiOddW_N{X_pGrSmZ1LEe&!<hcL)_!cf6b
ziquvU8JfZK5jg4jLix%{3yB6IH==@LY%6I2B-nz~@^+&L6cZW3rOXj1ho2pwwgvDr
zq$0s>7!sy@sg^X>E<bdHcX@j8RwNiftK8HM?humPFOF%*M=%r;#^MIVP$PGvRK+k2
z;Ytkz#z>?dAknUaqcO(Ul)vE`<;1Eky}i`J|BIiosmS4maBT<3n7Ek{NS+B^qY?os
z!<Y`IW(KJQMh3`K7|;<H5|3QN^HP&jTOo3@V7fgLxk1~m!iZ{vHxP*+a&3rAO?eDA
zRFD079b?AC)K0h3L}M6i!Jo_`Nz`&`rj-EC(*a7`8jWl>lxFagXh@0+7)c}=ZphRO
zKubC@!kKWuiGi!fL_;D_@fR9mk}CuPOo%LWbj*del%3#^<jhiXZ?EXe)baCm!hgvz
z$75t<8bPn$Rc5?qd;U%R9Wp6CP5p)mw%n)Nyiup~L#|L7A^+ol{*V!+ZiGyJjDE-^
z`!V{#EbNa4R4mezfWnMOqA>wRm7TLhq=a$>LITZzB#A_&P`QEKP{!;K%((0>H$4Yj
zoH-17{e!S;{_A|d-RsW(Jm`nLef!btZ})y@zP@*#``e+K#M@y({!GM#1;IcFZB{)q
zeAFvck=aog0BphK7-6QpmQWiY7^OWnON0p!o>(j`&>1BbH61ac!~`h!+L~8~9hY{v
zEcSO}slfoY^*oC(8|t3U2;T-ebS%umw2aFZ7qp<o5<T2@@NSM?t7Rb^+Kp<rT9O#G
z(4SR6)3iJ*i6whWu66uExHM?kt*R_g!O_$l=8R2YwhV5h+d#E4Y-~tJ1v@cwZ2B}M
ziMZiPOC;$`owqP4w_w#+=+MhWKL~}fMD0HYR!ByW64NvQ$cP>*$De}{69dBhK}|C&
zV8JunV>f}GRZKlc--34{LC;m}@?;`0a)XYz;Q^+`IS%JS?|LRhjP{&}Sar-+YL9Z7
zV26tY+X|WC;DUF8t*yXhUDzBUBe=aY5KsL+GG(9%HT=oUykJH^AbczFmz+wh2rYYR
z+y5@`wd|1;{`Pk}h%-rrq<VV9h*E|K{1A-n6Mk*YaKa#~*K`x%jwOp5DM)aTj|y&T
zKTdIiEP`&3Ns*Be(RggKFHjq)r7p#xl@kSktu1(O&nkq$(b)&cGAV{t`Uv4n3Uk;|
zmNCbInd!pB)Y6paB3Eo`iAa$NCWed3DVXE2NDTZ#J~iqCO<*Eeo??yqV#3Yt@<+*J
z+fuk!USNPm0Of{zjfK)@M2~~5ILprrno+O?zMlwM`(4#C8LpF~av!!L%pmwrN1PFK
zbeeVSxQl!}%`k#vDlJ(|-^(M*je;PhBUv&xEQ+@yhJ@#tpWUym9{<xPcmC6uW{hZ5
zovSgj45bQn_H0MNRrbH`{%-C3w|mg-ZO(t|NVm6bBYG*vLSer0lK9H&snZs;@9qLq
zkq#mJ$(ahABq|I^jS^_qER&S$A+-KYby|-CfJWahK3a2pkS7a&2e-GKm%(40$*rn^
z7zJUbW*DJl<)O9FSxKd~15?FuOqX4fMMluv2zku}NsRnAX9ROXi^rJc%n2er77EJ{
zgO?qTUopwHux;gN3Ah_m8?Mm^?y{-T=mhrY82Pp)1BXM5jmGd!T=@P?wmW|rG2A-&
zB`2&^pP5E9lo#F(hpPOan>tI7zBbKn((|P{|96^2O0s7(2Cm@${oX;h#{c*F-MtO}
zUq`Cg`g_4O<w*oi^?OUQAVp0QqDeF}<og>S!L>AMtPF}`M>!Gv!=6cQ1E&bK8aaC_
zg4XRV6l8ag=n3KOuC-kNo0}Ft55nzjA$H~v!ntMg?k;Mqp~<MZ_qln}<I&K#X2-0K
zqhv^Q5M}^MC5<hP4qb!6{x0$u7TO&hE}&eqSk*dgsIdUS8`T<G`jT>s6_%@31alZG
z>fYVWpw3R=roGPuXxY<o6|Y&%&=!_Z18A8=Usm0eRcpJG`Lg=1wA#WQ-&+whH*v+)
zCNrDLvVLY2s_m)<k!6jmwMr1?Q+tDhu@Kki7$a?>$;I;Wa*wDU=YtRDr)Ls}^i#EI
zt?=%yWt-h?4tD=XQeFO+OexQ%0Ia(IJJ{K)%m3Y--HrTTM=HyIl4YthQv&Aq1P{>y
zREBY6ZJFK@X!p5&B;qeDJij1W*3cYglH4~e^=J~Sz*r6ipg_bVQ$#37IcsUoFq1i$
zwja*B!?!0FXNN~8vl4&kdL=~~l`;W_6j^eP!)mV2x3;kv@^i+$(BZ4olatG<v-9_7
zhp!JWPp*zn{_x@T)y2u><(qe}FRm`%Umd<ad3SkH$H&M{_$3z_XOjPZD<$0B&0y4y
z@C}zN<=RzLk4`^aT%Md?oxJ<64<{cC!l#FSZN%<@;EVI*a{S!=P6I}Nyu3U!bNAo(
zBXDo~i>Cm1_x=H`{e95qjkz$)-m?&AAFj^M&fmYfI(~D$h``(w+xbG>o}HY(d4K!>
z!YqJ>&cOV66Jag!P3RmQUS6IW`upkX?fc_}4O@C9wzMnv<^f)O&iP@67_FThz#blI
z#hMu0U(9-3!Za%gm7hGc79cj9CT7j;EhbOOY|VDn(378KE;N)>w9<pE>Xf(J2~{S)
z?P@(>0n4E0TIdSsvx-lnkapW<F6OiuPLP%I7l?I!^RqywOkp`sVVv6wCc!m+(q%bd
zZxGKUolu4&JW(-W?)JoAFU@O8B*}ZursqQFSCpZnzS-q&k+K3-vIrt385vMUwS9vJ
zrIbjKRdd>KczSx@+`22DxArALxoI0xlXo_|=Ba>nWL?gE0AFbU>hF#gL09t^@OD_M
zMR{ID)Lu6qQ+GT0U_9Gp91Ou|@mG?vMfTQkT?YREPI-b{L$5mrS{gu55R;tH7!Tvv
z%*ea@*hKA~^%f|PS)MGj<%T63zK2Bvei@uAt`D$M;~!9mRauG3o$V6bD(3E0=#>rc
zjo6hdtUzu-uc+T8&uTVZ9?uW63#D@=Twd7*Mp)xjOIe7_`Js9zxM2%5W?+jxD3lTO
zy4`Ly|Fsl(<_k)wJV5`ipZ`9J!By<8V6VIeSAMVbs5hdk?7#h;e)as<@Ao$Mf9pxL
zy)nO@50~G~8`5gG+m(0X19Q@wA0GcC2Fp*44obU;yaIrlM*=`=j4Tb+xHA^wx)nht
zlrB6Hw%u2rjU-8Mv3ff}h8o*hVXU>8Dvx7C`&43pLm{zkv+av1D){U$`{*;Nd+J_2
zjD7~ImuQGm7uw)EoXm<I%{s~~;(ngebZU0%=U1+-NUzHfzg%A~smuOec~M_}UIp&)
z+ShXBuinRU?QfaJKc_`Gs;EWPm3yix;h;QS<^v2!d@Y8<Q<_p8LGLq#*CstV)#bk&
zkodX%Kvu~AoxNVa{{E-8@&8y)D$8)Y_9WM1A?dH~;o|l8%DJBvH^W{j5DXt;6_z=3
z4q_yuRsdP1)b`$Bb2l{m9#)B5#^`Ijc=;j#n4lb#G8W*}+~gh$#y-5QwVc^*mHqV6
zn>gvM9tqUl7&?fvmlh8JwsdJ0`zX{Z!941vi~;2d<s+9ruTd+iA+w<CeIA|s!2x~{
zxd?{dv|fz=p56k0MWS4OL6HwWVyrDSx@H#@g=~4t%A@$(+wk1EOopXP)kn?IQ#Vl)
zfqfQH#X`u0^83ljj`f+SVm;*WrRbn;qG+^kK5ef&U{*@D(q)9<nBIdp;hJ`K8R;*#
z$4k9DdX+1t=+*oFH?ObO^}ni|dmc@2h5pyw>DAwV@AvmM@Bh}48sGob_R0fT^`m&>
z<NGV^(%<|J{JP2Q|MQc><F_YantYKyR@r|KcIxkcd;7Z^`|n!PmJhJ;M`S73FhD`z
za;PfB+E6iJ7{aV1!MXRH^WTOvXPRaV=Rr)YZ`@zT#I~?a|04)q7NQ)Gk0{4z4wTGI
zk7cKD!jqDRpKn&dKn#Z{Ay+6Bq{4dGSxy1o4ZrG*YT(6!D^0kDRB)<=bq3dCDe}?S
zkGdG_P{h`GjtdQfvuOd-S^um<shyl{7~~qL2Evqp5uKp&7!erL(HIgONwfg~3hWFb
z6RPMOlE(({6NxpO!i}FiZ|%mU=)Le<HS<|==$_A7F|9G-#RAReaPBN_(2?Y(?1uT*
z!?&l~jvibzm2LQQuCz$$uec4u%-<AZkq-RHp$KH4#}YAwa~u(wFjT52aBAqbb&#DY
zrPdKLnR1fSm@qa4ol9<=khQ3GZf415P&=WCcSSGgVCMc=gHNjy1&3xKB&wY0ZND&P
zZjgU8O_wauwj~s*H1c@rP$79jb+PzvgjCjO{*7sz<km+v2&{9l9gWA-Zw9lLq&)L8
zT;F&qDyl1yTCA*laVhkUnF^H;e9#-y6G9^5+y+&$Yh!vwt|ejgS3A3QQvQ~R7;bQ&
zsK&p4TX_CDV@fG>&Uc~ry+!M;Yig??cx^*cnDrRiNC%1FFEotF1cB<%E!B?c_+zd#
z5I8!069#@-oM*NjeGn9%2BQ)aa-)H7UAO^5Ci+Ie09_n`8=Sf8+W-eg=f}>i*>IoK
z<PI5r@>?qWE((I5fBrf6{|;jp8X-x%%X%^JV#w~XvKhJ4H%yzh4^32nX!9ob^qJFn
z+g&2LcuLMuzTLhdRL>)4xxYHI@8^MBhH8fVQ2y_lRpKu_do;LJ`hV}BSAYN8-QC~F
z|8=AlvA+7<YBa8+nF{VgE6AL~M=?+^Aj(N6BUEe@5EWD+e@$v&zxKd4$)=|L|J>2Q
zR_y;?cW=MG|983voBh9z<d%F{psrcezIlwUe)ln9Nd9$#_EhfH1At}z)RizN)*x$r
zzss)Qc2*aCx&azI!skBWbC+;4Sx*j}Qi+f9wW)QJo;x-1|L2YdveN$BuiJkPc6T=R
z-?gNFw)h`kdp>__>Hhs+dOGj~b#Rsb*X!2yf4{r4v(f+7lAiUh+N+EHUfSq1m78hz
z6tQKW3Ok*pa!2ioUzp>h^PHMpR{IirgWU{sIk-$DOTZbu@x}aegypXrgXClS^G|%9
zaRl=>9iI)f{?2M?C%&d?E#!2RCOY>8wXRz)TVI=gH|c5V!TjI95BmcCAKl%${@3sA
zA8hP@Ye`??^^YT?wx^iqeDUK2%=~qaJvTSM?^*cef!cc>SbWd}|9bl4{rmrUqJgZ~
z|NVpA1^utLztR8Jk{%iVqu7X_74^fb6s^a3R+U<>cC0FG`X+}a!!{n{yi|6YH;UEL
zFaW;X#Q|uQe0mmmQj@>V{E2)etKIgT)uLW0TJtDYx#BlD<2U-9Lp2@?tcb}1%j2@Z
zJ+WEf!SPvE2O)t~fk@zCu|(={76Xzz0#HL>l4d9k!AX{^&+4UqNNf&R8lR(~Ta#gb
zuwaQZxT{sOpU;~Xj^fQ;YpZ*!d&awJb-VtP`dgnj`YQf^zx;QP|DSpjxJv)u@6~_*
z=b*p8iT|~h^gKQ*4>SBU_?s*@NI244W_Eaf?~`H(&){?Ngj34e*Z=<g?^UZOGJsY4
zzrVkD|FgUC|6EJD?>+u%y+0GOh!<4o0AsDQ_V-0B0aGD@`KJ_G#DYa|d309DaUw^k
z&wNE&wR)VWX#Zb(zW&+LgZBRuy@6Kk|L(zF-Tv3@?`-z}I@06(alV$c+N9@BP5VC_
zBTHRm?q}&^)&Aexsr&!!_4hXR|FxtoI3rr4biZ%n7Tx_&;~=NZ=*p0h_?nE+{xF~Q
zWl(u$1wW`UG6o|i2F~V3`Dhy?GNS1O?QcVs@(E9ZE#NqEo(bP(HX=AC?(qHpz6;^K
zbFZ;24N8!q{dpD)gYfv`>Ou?qLzqV*O$CRajxHdfQU&3N>W=-_p&x{UUuDPsTV#w!
z9rI7|sV2NL2Q(n@b)MNDBUZu7P~Bv~%Wy!hgO{OB&EG=OQSkDAf-U%oNGfs#Z;nq?
x5N1*s1wROBf~4cBOYt!XCn^>RcE0x7Zqg=g(k9)P{x<*s|NkbiuoVD;001k{q-p>F

literal 0
HcmV?d00001

diff --git a/assets/harvester-cloud-provider/harvester-cloud-provider-103.0.4+up0.2.7.tgz b/assets/harvester-cloud-provider/harvester-cloud-provider-103.0.4+up0.2.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..10e8ed4adc97895f10dd5738c4083859182c91bf
GIT binary patch
literal 5476
zcmV-q6`SfGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<`liRlO`J10&t8*uIYEjhd&ek-Yac#Htq;WkyH=Rx=<AKPP
zgdPbn0H{0l?B8eq4FJALJ?;^mlMtEsC=!pw0=rl&b{8um)+iN<z8~@==*NPuX@Fwz
zaz%u4HzW$bx@+=0&pVw=%wNy*>VJpR(e$g~<ZL{ejHaXM<STD@I-HEZ0`JZ(ACMBM
zi1^C8b6fS!{X!C9j4PrjXL9BM_(YMAFI}G~6{1V|z(=9zf?_ZOL72Zn(V8uwG7ib6
z&q#zb_**us;H92b@GhNItwk@AIri5mB;{-dU;pV_7`mge>-9bOqkep@AHQxbs#}vW
z@o@&G7P*lMqt>ik&LE^LxoZ6yqll=I{oT1z1XO_?xzAEqNA3<#1%^l@rU=?bcCAGd
z+V^=BbB0Xav}i1qKoS)od+x|Rb4W~o$lk0+4vFL9r_M2U0*sLb$b5=&=JdhmETGEd
zumeV87a5s{7&rj7SJ?*#Kw!)zRa|Ulu%IE%1_O8CYn~zprEDdzPTh$Up!5ZeZ8I<6
zZx}{k3c-Sl?X&6vH<w%l22RQrf=DG2UnK&aet|D1B9tjY848oLHWJRBkx`o%XF%dO
zq`n~-CkKA$ja|>3{2_@gb|0FkZ;<xz|B(9^cWz@3|M$k@(+2+^dmaBjMyiwfA%vWl
z*?ind(Gz#%1ayf~%|NcmXnH!E&*zK9WD<;@kI$wfZ@id1d*<PkoSiPb;Q5(1U5us}
z_|x&?+4JdmgwJp>e(ndOaq!$H&qs4-i3|l%dO7NiywSMto%X%655u$B<ZR|m-P7@C
zGClo+_iW~Qy<ZX`K2X|9|7#K^DDOo8+(ZA<@#L&d{}b=5qyJ;16L^ISl7tHEfSZMO
z+oW)v6Zo*A5~u_M|9<iP-}?(LBBB%qhB@dAuh0*PKv)w&wRj*wahM~-L`n>RGR0xT
z69EdNI3x<C>o@|<vMOKlM9Vls$Dt8f;;hDiQUPqRLk5bIFnq^D>ThQ7X7QG*cLF6c
z<p7+(Kh`J&4Kz$E1k(g4vV_YOmk2?M32HxE!J`n3TnBXKR6?3Kj%oWPXA8P~N7QNt
zy#XrUFhjvmp&VG~e3PY@_UT;`hUe%DRB{IY`O%0S8C)~y^_)c#hK-kwM6sqmzVLm6
zBGa80h48MCOoBlF(Xgkvf!OR0Kv~d->(8eAhZP!z4}8&9N>`RhbWPqj3t(J<L<NKe
z;0q)Q4XQ+fPl4EqsDzwDLn0|#nu@b7<zt?UjJj(AB~OHp1z`U|NMu67a03E;9!1Ck
z)4bv!WAy1_laE$j+Q6kagh<v1O3zcG=c&(`^eIoIsoGz0-9<gkHDrlI;o3<}Ldk(L
z-7|?&4?pwmU!f$3gaK!OY)u7c5i%v=lByMiR14dt?i`e-AQOM3oBy6Nswaf25xC(A
z1RO32tMsH)EMc~{%A$>jA-|+-X=)EC(^*LH-$a`4k#2yYk5Uq`d20GEFyf~72!0~M
z4a@~GxLIhq`RfAJU%P3gdf#KG6M!ElTAKBu^ml}jp}XPe+4nT<;!g?6LrXY}2Y8Ml
z`icu(q@a!Jp3G4^)U(F!L;HY>1^Q|RZ~3{u!XPmSzQD~4bd9c|tDGxUD@_<>R8bPr
z|Cy}`k9Ead%;5D;2?@1`qB-3RdV1#e_BPfRJj7ZXK4(hsupftnVM`n3I$vL*pQyc6
zqVn6I?b}l2eeBLY8Fcm>XzP?i77LA=jUI`Z2QQeSFG{b#j4l-zyh;RR%d{Y6%Qs8L
z^VhaRTE;VF0QwM;IfmtN&Qe5_zj}QY3zRa`F%&879Esx^GBj_f<Scjj4Xb^!E7z>{
zR#(4cov=yqn1_71`A)-8g<-{|GH^J{kk3h&sz+3awk4};NLSDIxTI3)iQns)uYQ>5
zcHibqE)$V;;dI|TGrUu;D&@(q;clIgH=L7|S#m|ClC`RfiFw%6Y^^X~rrQ_lhzg-+
zPCx5@@jzo`!~;_{TUVdCX9hoOTjiR@A1PBP7DmUD;#R*UBF-sTzYFIdEmrGqV=mMT
zdZ&}gxG3$@K+K>w9;Jg77ljujlxb<X_S-7e6@*9v6lTJk%}%+PE%Gs4Og~EW6QL=r
zsDo69PNTg_hPNd|TUSPhA5cUksyKnaZ~^bXdp&dt0@+2M{e$LPG2NP!n$MCN1fzR}
zpnm`e4=rYYv1#l6FPF{-A6FR0D5R_6+ieB+?Efa-*sJdUM&7j3{~RY>Uk|>4HH~IQ
zve$b!wTbcDNTbDH;S9bReE#g{T+ZvO*htv5O@on-T_?@g*K#>!2)(VFNL{!G{UW;&
z<6Wz8)C(rKKUn2Mc^3qq^lHg`I31fu8l5ML1-*h^zXxeudYAC|vtz-1X?G|jZ$WQD
zHlXDtbDp8a4$~3W`4`%{O@5_Y(4CSnN1r4TLGlRUyPWsf?k^~YfdswPH9|C|n=dNi
z@qA-Y^Xl!n&Z~DpTGoH!I&T(`9t7A*Gz%k?rMrxD52fIehN0dwCwj+hHZdCb6xzcv
zoo%}cY|}-K-1;^%L*mx&hYUa{^Liec&dk0&e1r=abF|n>-1in|wrmDx<>d{5iv?wB
z0lnYL{_kb4R+nw`@cGvMSeb>T;ng&hDoORwnjuc-i_K+(>6;9*DOQYey>Df-+vilF
z0iU$Y77`z!_lF+zKK5=-WIT#EvmnbGfNTp`m{%A^u3XvEp&49X>rHr=1P654wLl$E
zK&C>`-_wTO(riny@*>yt=x@zUNv_$xzHTY<34Thr!hQ206V7gqvU(5ttw36>%0Vcx
zoWX7HEM-y==G(ej>91{?*Vl%2h0={WUDkTNZCyDY@9%2C2;C<+@2S>p(9znrznbk|
zy5B3Qo$QXU*%_PhW18_}ma&xy+pT4GVB5N-Y@zEx?^YEU2AKWm74YcZ)}J3*F6q*7
z(gE^+fN{t-5whEw1MQLj$J6PsCjSpdr^8PEKSt{J`xRpl6323|9y%A41v7Y+54{ti
zA^}lkma6Vkvzz+rU|wt93F!)_^BbnOmq~~D()<Y+WdSk;6I<2oRy8eirzc3}aLGcO
zGS140lW9a&^p{32@%I~cp($k)T{*Q~kxCGS%S_?Q!;rG&KjVNX%v2u{x%wv~YeGY-
zd$I}}Yk%^-T)=_+KqUpbG)PAOmBW7@J$Pn&0FWWpJU3S8n-7$&X~m^_i|Ue#i(E5m
zv~#?$+9@<cx0@1$ipVN1bp;s;cdXpHY-#S8vTmX8gwLO6jn9fKTUvZqI-YD4Db6md
zC5c!zH0S+(`Ec>uT_=x~lBoc~aEl00Qe0~pp#n$NuE}96*}g6HVS7E5N=ouo@zUo}
zL|9Po<X-(f6o+TCS{sW0n?zxW-m_!EVnPo`RVdaxOd|YVPvi!^BmLGM^B#=rjB&MO
z&=8vA!+a-P(%cqM)z8oBool1c78EyH%QVnM7E;qd-$yH@bB!Wb?XcsPZP}q};Rss>
zLo*jMdX)i+&3Im4=lXW&y?`|dX#lmueV{VW^t(d*uIH+ei{;sWp&@>$0`&p%pO_Q>
zPIf?h<iF8qbXwQ{dfsU#{~aS$41qJT@4T|6H$=bNEW1Y*8S7%LnZqPeD=z5&4D)d>
zo>{F<*6Eja!Fta_yoVl(B*gSEm&Ek1f+w+@!GH9U`lC}_xAfaoijuvj(9=BMJm4Cc
zl39T@in-0aM5RApY6(?8gjAXri4h9*leNy#PqE2lsyGZ1)A~Rvq7nl{23hv10Zq~B
zj<$TxML<~@^X<)>X|cV}jV{8EcO2_KQx;IRyq8ISZ_`)s5Z~iM*OcLLN533^<`lm5
zrYV{K7k!n^-Bx~32sXD7zYpOA56u;SJ8A3s@2)V6s4+LVYa9FQ|EJ@I|JQiho&O#s
zoxnSy6bfrWYR4NcSIA(V&`@(mh>3qemMC-UUzx-)7fOO$VHkqm_gQrbWy_}^FeHku
z(FoV2_k;z`2{2q5)&-AafeU(tf!#9v?uiTkVBrQhGbJ@h5Th_wkFMjsI{$dCxIpIw
z(le(YUY<ihg>>8{RRi;{1>bS!{}TiAZ}wuf9O!?tpK{FxMMZPsUnH?P`<Bi(uDpz$
zZ`?V#aK3R>q@TH<OXr*ab57s~A}CKJym|FnI&LhuW|fXh10(~RUGV=p?ppdhz`-wp
zjcuiWpAIzh@85$Tz&`pPHT*x%&W4@;=TTC_@csnesIMgu26#oK(jv(`Q9zm97GETD
zw43XvVC;~MzW|02m=nV=wA8IoD$P46Ga|$Rrt&0+D06kyo!ib4(^mT5?&Ni2(cs4G
z|7bj&PCEKOM(Wo8ZvDS0{ogb+#6J2TH|#&h<4Gs~A0_P$1n_LHPk!$COMU%)rBp0u
zgTa!jRWf&d9u?Cje-Pwy5E07qH*U<9?cVu$^|hZnobhcWfrrNHFD2cE{%>j;zK8xN
zqfy=dV|q63^#4amKcD?~PTZZn_dVNt=a}v6yMImg-TAP7x%S*ShzHtl*SplP*UmFM
zkbQQumWVL2#GpUlRL>{UGmzUEb#LwFp+?*_X8J`KZI?Q=-AKE{kZShUX#|0-#@sDj
z?m*-15+BH_?WGUB8(4q05C>bMP#~2sfekp!IS-Mr9k@~a&zy%9eBe*;IOLZo;IZQ8
zwl4R{lhi#l&#8Y^O}BTIwf?7he)IG2(!<*}>+Ni^vF6t^b%y5;o$e<82LvO|B<|J*
z?2-Sc(_wx8f7;o9A1Upy{WfEJj{EF?+LopRPWe9-ytx#*u~)X+-f55xb(7{DqC~?8
z`*5r2+cooShfyS6DM4(Zvbo@mZ6M1=*i94Ze#2<E4_34hH9J|lFh?|RB=jN@_o{Hd
z5KGxK-xY){5guLO<|#Zf2ZVYba6mz7g9ts&8ca`>dTA|BswMi+?_Xb=cHr~pZ?CUG
z#UVUSTl@ssQuG8KwU`*EQoy$A_E{t!`ZAAIQR$^#Fq=~*69#fjv9+7Wp2!7&8qk*F
zOw5ZQ5GZBE!ZeNh(r&_P&fDCySgZMJCC9$5Hm5RMZ=W1`YM5zJH;S!n9v@w_e$FS=
zqjftzuCG&h{t;_fn3u7VX0r7i(!m4zY@Yric=QE#UV~SUh*M%QISu8e@ROTkrwuoC
zw4|?Qx94+Ean`u83&y9qexkaKth8_o=Zr?YOq=fHmEe^d$im0G<V@j}+EZUG_tsh)
zLsxcvC}-T}60v0%o2~4gF)J?Bi;$XtYZXVJ^yQuA%{GUkeJ)Gw5=|@ohkI=t*Q4To
zT1%ZQc6ePJ#~0<+?Ub|+v7p>gMo6TrdL=bJRj7YQ!BU$KEyv$B-EIGOm}|(M{oly*
z8s|SFuiO6}CEeZs<CgosT?X?FHS^Eu-%+~(0b1*-s98y(xOGG*#dJFiF<ab1dcCGE
zM8zkh?uAit6JbHjDO0jnb(%>1LaggV;VqK7P&B<XTAegn;7VOIS{rLRr!+h^j^nV=
zJ}YlM-+m^Cj5a6>2aK)m7xzho56ytO^q}cB>;Fwn!uPEIr{lA_|L6F0*x7#^CAG$X
z&$-FZ74N+@xchSDi{d_@lEK)|9@YKC#-Hu2J@?G@dX8iDVussW)tHUpdjc<4=wIYk
zZaJPP9|YW&gR%|$U=fm~95|_huq~8rGmvdt7~5tL+eQf6)&RDx;cLyymaw(Eg4#N{
zMmG=8ex8OdCxN{bh=f4IGO=ON6)!79Y}8l0B2gUTQ~l9j87-L}jdy}as8*Or_}hmM
z@66U51?c`hg+yXC47v?E9_M9rk#kdG20hO;|IJ3j;Yh<=($h7-E=6%K&08C<K3AWC
zzy%64LEs<1*42q~BLzLF_X;i%e8O^o-@MD_O?IXp^8l!l7%r@NPr~R=3EH;uSoDG?
z3dNgOruz9Z{%Bv&APu%|ERa$u<U|W!=7sgAuyUar^We=p(|OzP|NK}TE(Um|P%sl(
z-wI>_*xLvm%O}7ESSO9|NvwY>4wPwWq#a`oJXGs9Yl)^Y3_zMTz~@OAWXBa2GepWu
zE&_uE!zZ#ktKiRneV5`SkEgF&G_BV5E&5d^3~JP9?8S&e6Yd`~8h&v;%UYX7NvP<G
z$A9XX5}BZ-flRAtX!cI3&a2f6$4=5%5C4eCPe##X!R)6U{|-0hfveT+l+J{jb5(y!
zCD)X-k|40wXZaZ&JWfsX1TMHh{p}qO<dgfqbHai}QNra)Q=tITuo#gmGt6_$rkG|?
z<|)_1{c0|+Fmd#&(CK&QHMOmNe*z1cZXHIR=V|;lbh|!@$()8%(M-)of}l9md;9vs
z#}}`@fAhBT=KYI*b+>5zif_@#)UFM7UaY=pmb84o67S|DRieg4^r9?2|HWA9|BWnP
z%2|qAlf5ihRvKH!sT>XL1<eLfk||f*5lyLZ1Z*(ktmX0n!H$M?HXt@%+HQ8KgDmjU
zFWvi)zNE26{h1LchP6vf41pi(!iHQCo{@C@u7HzU-4$@sIHkz%3dnHM7M4Go9ecv^
zN5ovGSmbZL65t*hsv~emdrpgvzt=gM?%4ku2BinY-Q4vCxPAU#li{cy|KaR(+U@_3
zk$j?X$whkm<BrQyw@AMEG||PgjlrxQJuOqc&eEG(Eh9H71hXnR02Md0UdGMs4neJQ
zXOmKKSBvgTD^K-OErxz&7cXn1YbrKh_TJ9+&?E6MX?y&KJ34)q(mwhho;BkC4ksP`
zA0_Sf|D3qPL;XK*;-EQkN54^W`{L5U^nZsqFnj2Kd^#T2>3=fp&i{{+9!CGa`*zpE
zE{!|FMX$ZJ=br955cslm`#W{`EqXxsr7HsA%hm+KHdP=TQx^!GGVplHz(N&RRqHjC
zdSxZxzPw+C1`0YA)SXmNH@!yoDC_^h^4}fqgWMzkO}t5c|2Lj?@qdn!y7(Vm{EsgF
zM;HI2i~rHZ|LEd>?56eZBFHZN+R`oL|HFcQl+r%^?{Ionlm92)SttJ=C3W#Xe%AOO
zcMsCBHNHe^5Q#2^MDh8Hi6L>6t0ucR2hCc$003W_YyLwocU`KbTgZPmz7KMb{5L#1
zoz(Te-e}axf5%9j|Nk%B|G#tj?_B=x;_`nm|G&e1fcxw}oA>_=$J5UL`zWcq|L3=T
a|4)~?)TQ5U`u_j`0RR7vVug7Ct^fdjV%`}5

literal 0
HcmV?d00001

diff --git a/assets/harvester-cloud-provider/harvester-cloud-provider-103.0.5+up0.2.8.tgz b/assets/harvester-cloud-provider/harvester-cloud-provider-103.0.5+up0.2.8.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7c39c0c43f9854f1e4ee386c0f158d1b19ccae6e
GIT binary patch
literal 5473
zcmV-n6`txJiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<`bKJJ^`J10&dvYgs>f^m7`KIZNYP+o`jjOTTbUK}k21oAQ
zp&|hW08hHg{(bh}0N|UvhaNdO36Y7#Bk@=)u#3fFcd;a5g;JsDdI699ZY21M`Y3v@
zmqaLcO~T--ho*kN-#;FY&EI~%U;R6n3@2X=#wVkb(PT2548H0QjtAqDub}_nmiI`p
zR78B$e{fsX&iz6XVT>!HC}(o&0C+@^fG=E+C>5YfdCx<k=$xWI1woj%MA4Ydr!or2
zy30t2Q}|mttKhYsRdAlns>Y&M@eI2w6q0f_g|GkgEezb@$nAIg@JIdlN<V(xSX8$r
zBjVu{Of7OP6^4yjxtu~kS$xy@H9`?mCA-^mB?u@3J9JMIScmQwPz44^Bqj*jM0Slu
zW7_q27;%P7-L+^Wl|T~aAoty&d+Lyg{*b;|4IL6i`A?l=?D!ZV^O1QJ<<#kd$C*!+
z$zcbKMlLck3($7}Y_HM}4uHUjORBh7Phn02oc4Nd&(l0b_6pewU>%!Ar6*`)n>mBO
zVGx2T1amGn&#Eh2UvuFbI4PS8B9(|e6$^B_Ili2bP^JiFC```ENH{x2My(^90*Ru4
zdWK+}4ERBR<o4akAL7Vj_o<2c4rvGf54d;r;5K&f|NdxnT;u<vam)V?k*Z|A4<Tn|
z)|Xo;dh8AzpDs|UDaa)mPL8Lu*=#-^kNwfB(aB`kAI-<7r+u7|ljC{ce|6HI%!d>7
zy~${P`f4&7;wjEYuRMP^@?Ux6)o|u4kf9(-FGrnWe>m#)kGuVokAsux_+;9jxW}X6
zcyj!Q{^_*e@BESo@rlw#`d^VCM)@cL;12qqjK(Kb`X3KQE&U%N9l;x%lQ>Xd2iz>Q
zn<j<p9KpvWl|UsB`1jfOfA7w@2#HeY8|I)hyg@G@0%1i2)#8B!#bJgJ5h>9J$`pq+
zj|C_Uqkt%suHy(a%c^|MV=dzh9EXNvfzt{DN(8Xp78xjtgW#M8)LT#C-TXaQ=K>`%
z<p3PPKUOFN^)*aO1k(g4vViL)mk54>32HxE!6O%qTnBXKOhR%@+pjsB)5SSa%PDkv
zs64|A1w)0hXQA^<mQK>A^Ee1D&=aWS6#nz05j#@2rqJm)^Ee1<FCB?uMLj(8JcA<B
zowHnc*GMM5um5P+liWaTb_bv+=)>)2Q~u);4Z{aMZz`oLizT`y@4GoLu0Wy!!hG-q
z5`_j;BF2|MY(-Q;#-SmWlr2ofX_vAw&qPMuHGz`H!owV}e<8#&CPA<UfgTS-WWH%$
zagY&ubiU3;D=Tf_QXB##D+HzIDbe%P<4k&#$I?{oExGQZp5_{|SfX(4q$YvnK$-5D
zM5%|LdG@bR5=6{^GeEYYg0m2rl5kDc5(27)ZBus!%1e;3x75vlPZ`w{!qo^|^B8;%
z*MyaNQYaQP+goMP#)E)gQ?@X*2bAe7#Q$$B&G%3@z|cb}iCDih{TCQ=(|ZIj7Qq^3
zf*9P)wcPx5j_R-7q*A@_vC|2_i()O!_QT|Nh@qjo!SM8Znso7}80Eet9L9aTzyLkP
zg)WlQMtM)>C?4opWA~w5!1)|KHHG*5!ds#r8w6kBdJ4Km*U(kQmCBXIj54Yy3F!aK
z)`Um8VlJle_NSNxT13&DZVDYeb2~d5>k1xVr45fWC3w({0>ZGNjbfc|Z_ta?&MHxP
zP0)62sp39%Yo81{I}S8;$|3W)#?4xfM8y3wrs!GW6`0Yb0{u6!plp#8q-^nS!FcxC
zc1X*3rVKzA0y4v(IL>JbiSm|jZz6$GraFc^C7mNtR6&O34W*pLF27@yPj=;+R^ICB
zx2zL3DIW2FFV^2_ILa_Axl{%YXA$rj2@>^)3edJ>bq&et`2iPHDn0Q#9rM)-V%_fh
zjLD@UvM!wLo2Q0%>Q$vU`8C{)GxCmevNTI>s8q62bv`loo0^RkX3KQ*LLE{e^vvm|
z-OnFrq>OlA%BJh;se5AZv$9pLXmm-LLNPZwo&>l0EfG;h!TMb=yR=xXzKyt0Q|KIz
z$D_QoM}0Ac&S;nnR+JZ>lRze=<;rWSR96rn@lluwZ#Fx{Vz$U-vY1{<^kShYEU$x<
zh)$!uOosO*L|a!%haXXd1*$lLzi<H`zI!`xast^#pWVIYTRz?Dl$y<w3IxMPg`m3!
z2v03$f3a!f{x6fxdzVWLA{5e9(fzi9JNAF${-|Hx{|)t?u-*S1BHiBhzJV1Dr$(~Z
zdpNa@@Y_(M#arSOzUh7b?C4z1+ndNp*p*F#k&j&`$=B6#Ib{f)jhjeaxC7lhyAk7E
zt8ml{Cb&OX<wJ271fTS3$vik7nMWF4#Pd15fljvrNnLuE@cFZ2!F_FaC?sn^Z$j3f
z<t1~Tp~Vi<5!d+_+PY1CrCZRQk}yM$#1cXB5aGLw_t@^wDF(g-z11~BG$xxbD&hHT
zZBX;({e{k}cR^a#f8jds=8zl&*h(}DBa|h(jARd`;F<=3-ZRH~$80t+8u$d-{V|<x
zyK-#Pd4}BTHZw)y#_#(KKp?Yvo|(=}zukX?a~LzU*h<_F7H76>3TNr%9f6AkWoizc
z-^=drWv5b?ZFK+n*8EtSg@xhOG?XYw_0XCjPUefvWrXRw46`Ygk8!ncMYP-JM4<tn
zw9FO|525pi4s<R%cPBC)hMZZD<sCq_1uV=<3_@2f?di}IZg2G_Jc#{0y6jq@_9!3|
zq3G{P!){@=C0IGjG(GxTeN&QYwr_76ihP2fVy<x4d`N|}yQ8eygKi^`R;#iXN-Sq^
zn>$OHRD^l9u15N6n&#EDp;@7Hr%o5OUhf-Mj_13(nlnQ8MaFx|bsKav_U*4``<LwZ
z3Th|2<EwYZX1q)?UZxovnXuhjrU$l-TgnEy?se`}fnk8@k4_Gc?rrt?spXP39VYD|
z|N9sPd>taYuQ|{T`F}K-3@Y;fV0b)f<^MyZZns-91|d--d#izSMVUW^H`&lTAu8e%
zMW%`BJ~6wgt`6q4=ADqNa5}$XdOMkPkS)!hfKlcnQ!utw-EURXGIw%<WDb`sv<c%Z
zoj93BWJ!N%^b&u+V;AaDM&6ZU+ZCw<QMgDIt~>}RTl_QfiNaL%5t5sKGO{8xu(~I!
zu(9?hABqJW$PQEzpbLX!^j{hLkI{ou+XH|UvF5q9Lf?I$Y)wlp)q7OeTwG<EQKOyX
zxz$dt8M@z;$W=sEaj7dvQMhI0)@2KG$CPz*eJ6bWJgt3JWYN&#dEt1nRwO^WESDr=
zQPZ4vyT!xBZ?~O1mP#f92*V8`L_u+_WrPwOX}czev1I$U(1*?SlqxC6SNThihaq8p
zwUayb_mCf+O)G6E{%;Zn1$s}93G)d(7?z<}@gNTIdp(hB_zv}3d(68xu2aU<kU>Le
zjt{e)a6xmMLsdOLt9Gu5IvY@2Yc174=UGTa1N|7S6wWpBT$RI)d$whVs(~YH7!1u^
z%;=Q{C^F-Ddz<Oop>qZ+5>Ov1hx<Tfmg#r7_+8CaAs5TD|3U-&QU&Tg<UcVZ-h=Fb
zcF2Fj;qbVs|LqTkt^9Y0R5Aok#lDNunqCwA?z8M3SY)h<wPp^JSS`7r|1-?Ty*jm8
zowU=h?Sl1z2lxm*7IA>dVJ?a2Uj>gNIfeh|CG|(Ayl&~Yi4-L}FQKD(zInhEG9}Xj
zD-<)Ed4WoQzSa_|eh8>EFJdDU>L+WRqn{#^$yBi)B&PMAR7AxFh!nE)RSlZF)h%s#
zoC}|_BIcW$H`8KspKD!&A0If@f2Pc*Z1E_Q{L!Yb-~oQXxvnY2<CcCo0QD(+?@d!Y
z`!9MbnY)erAQx=zBYyA037(oO{&v#F_1|4$5K?1q@X$7P+5b;QHUF>Cq&@#VNIHUZ
zq7({iL2Abvu9wJQ7Slj;Mu>=aMHVPC>t7j15f@5=Tw)M_-uGE`31y3yATS_`uFweA
zh4+N{&Ji$N7}f>PBY|^zgTCD|{O*Md|6suyI5Q<RND!egR*$aZzPY%(P+XvM1j(7x
z53eu4r$RdJf~ubR*Mjf3v;T>n`8R#BT=eum=})<0y}Y6s@vh>?oPA5@8&_UO&NuFi
zTshykD%8(h(1r8O|2aqS0}+(R65hReD;+lyT(e5Yr9P6L%`W(V9d{)??qlzlz{WPx
zzejtT`F9_|4`3Jl4{QFPCntl}|MMWJW_W)D@6^{42m`#KQfZN77Av64Zi}zt8QRVD
zOE7lG#$Nz~5X^~T5LoI~D3#_Nlo=6X4^w&Khm^Ux>eg-NfN3NBZ+7y!vuJSV^?x{;
z9QRxLKSXNR|91VqEB)U!G{i3YAJyzXN275o{~si64+L<!(<eXk{H31$zEmob(_U{u
z)iR#B9uM<rlRXG>-3tk2*&8=vi)Qcqtoq8&EzbBhlE72r^_P<FL;rU*4c|fk<KeJs
z|1mikxBCBsq@U0JJ0tGa-usd5y)(?V_T9fG`|fO5zg&Cn48%R{x2s*M*=uJRp2$AC
zUQ0+AS)kvYt;^>V$r;G~jJh{=b6+Fw3N!s8jJ6A%+H9m<U`Q2v>m-7}Mq};<F1M%g
zc7YG1)pnAH&K<138;FCgP$-Z}n7{@cW}F8|*cRL<{%6jE5<c)JcpmU;6!2W}3tN}_
z;zi;fn&s5L%BI`f%3A-^EWi1=f9b(}o9%CHvbN?|Gqr~2Pn{kn|N8_(&LnQv2JDdk
zCzC;S|9{-te;+7qvHdn<dx5*`f0~x2Jx=*Q<-EBNy0KHV+umxB4ONroEuuut2z!64
z>H9Tvy2U6GZ<HXmP|;lQ&Nh%mBka0~bhl<S+yyJzh>D#ootq<?cM>`wi8^IC&%{F3
z&36T13xsD^xPA%G%mJa^2kcRh+8{#D(*~1MrA|`Ii*kuBbi22=rXBeF`P<uDP*DKS
zlNLWgx)i;DXALICi4?G@x?L8@`@YO#Rg`+E7tH#UNriz7Q*7mCu_rPCpaQg|I1}^2
z_XSE>vM^2JzBHS#n)5a{Db{GdTFSAjtM#eOR+}e>o*HIaRE=Uwo5yEYji0kg^=#FQ
zkK5Zso`1$_7Uo5)B$;e|`*d)RKAWe%2p)dHo!8)1BjOZTOh!YQDg5~E*lEH|6)nlD
z>HYZ}l$<s0?1J&Bs-GxtBTFsZ!#SfCFVm(6c_s9V4W!{?UUR1KM(wDtl6zyVwV^Az
zJ`^)<a*5b5jP+Kw&zL2b>MWop;9AKMD0%syd9%r(XqU@UvqaMf|NdSZhxMp<oYoR2
zi!ELkhw(+ZcRK~`LnJ6Slo1dq%U(&fPbKQ#Qn1kGQ_J!9O%L1u?dKY@WB)ho_iN`r
z!+yK}J4kxC|HnP|f7=Y^Yij17)4!u~0|GSGRZ_E(SaIu!P>AWaA7VDRg>*V~Ux<=V
zNYx9Y<R-%Wh*PFyr|dM5_=Q;4iQHQxaiOStX*4=%G{BX(Xf!rfcTTB!Y#hd6qj^@|
zd%pcl4jD~Q<_;Je-7g-K2%nk(wdqOIeb)cGnuPCI|Bpu}RsYY?@vyc3I7n)Y|DJJ^
zpDW&bV{rGy(i8c8Km~)bpFOJkk&QpwS@qo$x8HFbs~0oe-m1oI4BsPoy+rRSvvSMu
zM0wBWp6nHE;Cu6cEM(6~6ogHoZ0mt+o5I-EgV@$W*fs{RZ46&)UN(fS-4@i=$uzoI
zfcA?dbUE?ur9dPAA{Ma?i>`Q4A!4Jx;tdI-0AK2l-qL8v^k|$59->-eEa7h-Kc1Vd
zISSDIeF?F|au{?QbUez+=pq-U#1uMx*Zemf4hBOFb3sp61G^B#y)bWWy!uRi1_I|O
z&;)^h{#I8fE{qiPqS`CCM(_yB0DgC#&YSd1J>ou4B{7&=^PZT|pJKFaWwGc5j}?k{
zZ%p;GMRaLjP(KN_ZY+=zDdb2CU*?7Nr?7IN8*%^Lx#_&^_kVsY4;KTxQ7D)Rt#1V~
zAM9-e&*cl?0<4q9_axH46$i?+G}4T*8Xn5^o3%vK82TVh8{qLc@YCZ8iy0#2H5b0Y
zg5eYComKGXzn&*J$>Qnj7EP;_eT#mT3WFLo8ha6<(1iQPl!nhPrfF-_Fb))5^5{<;
zQz8|#G>}OZHO<~p*?F~m;n-0U>){^}`N=4nESTM-<KN-BIB=D^ox+(=eXi<niR7BF
zR^t2C`Yb!6gXf89p1?U5sK1?aU%q(!J0~ny6eV0QH5CdVHH#6sG{Zc@bc$&fWu7uU
z+^^>H3KK`a44r;=QBm9K_eU_7$<|@m@Aox+Yr0*JL}W$-s%WZaBfg&>>b-ya@$&4=
z_wU}9-h4RwS9^=bulN>?RP9=0=lSZJWJ$_*OYv@w5+!PsM=wg_^Iwgm{@=**g`9=B
zHR;QoWhJq7oYK+2PS9)sC7E!=Ezy*6N5C2*PFpS>5Nv5!X9HsMCGDn{I>;O^-NL;O
z$x9k()SnoEVo<rn#1QzQE^NpY;VDU1?+Q4&*IfZewNr}hu7DILO=0=d*|8%me@M)A
zih2IVD*+y%p(+BmwC6PF_&cqm>6ZP!VNiNN-1S3mfZOH&H69GB@gGi32JQa;5XmD7
z7hEK_KW@1^b%W%aO%q)_-55-((bH1Z>omE!)iQFULNKe615k1^>!jS=?hw>6b2cdy
zceUugu<}$V(PHRVcJZ=Cx~5|DW#{c|PdyS(lQzeHc%ai~A?>37!AULt?_ko>|3T7r
z|Ie{I*w_E_E)JSwclaA6w=XX3P5%#w1G9tvN5`X4mHx+r_Wb`K>1p);+i!Q>@6xyf
zT=d#m_1)ub2LfM~Zhxx|zd;WOzjQ?)eA${n*rW=CL+S#dRR$hT8JMdA%WA#4Qm?24
z+?Dss&_F?}f_jh&>aN$w9%TLBTmE~%eULlkzj1$D-T#dyZTz3Zq&EIX8~>w?|Ix<(
zXybph@ju%5AKPiYy$G^RzqWJ_`G3ElABD6_|2vqRROJ70|D=`w50cvWA3tmSkB0~8
z*ce};F^EJPLn8nD#l(;}$W@bVoP&C;Z2*8T%{Bk2m%BDq(mmwAJKqPnL;f3_9FME|
z-~RBpmH!TrTL1rFw*P<Y^544rKg8vKZ~p&)`v7;@f7b8+8H|ow|L=pO_WqyW_WeI?
XYEzqjyXpS}00960{Db?p0ImQ4gwoUU

literal 0
HcmV?d00001

diff --git a/assets/harvester-cloud-provider/harvester-cloud-provider-103.0.6+up0.2.9.tgz b/assets/harvester-cloud-provider/harvester-cloud-provider-103.0.6+up0.2.9.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..f893780b4fce14bab48e74f16d08cb89215e612a
GIT binary patch
literal 5463
zcmV-d6{zYTiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<`liRlO`J10&t8*uIYEjhN)-;{D+HQN3#=Y^m>2x}o8;D#<
z=#c~ifVxx9{(bh}0N|U{;~vpD36Y79BJo%(u#3fFcd;UTjY1;tx;~4&Zp7J|ddPck
zR)kA?LjwP+hbG5yoXKdU|2mFS{o5Z8CtvkP)8TY79ge5dublp*Kbd|7&VyS%AjLuw
z{+09KwyK@`g(MP&OcF_1C}tLbOC<5x(sqfIKH8M^T;!52D0(yCBy?BE8?$*-L_XPc
zLlWQ&{+7-vc%x<&oF}uYvFKGi$L<=rpe&rh*MIsJ`u1RGJ6#9<s2*Rd$FCcUs@6nA
zT%3WfMQnt`pfM{GGw^8`-!y)WkOx$X?(SR(0?NP+>{kh_1A7Ok9DO7L69jD|yT+n1
z?Yb<8Scsv#YtcwZjwHxIcI<)u+9DDCA$_wRSR{(_pDM@5@-V{C!_cKDW>yzm7J5|b
z9A?01WMfF?K6(~_=~eo{0^k@iK_%mx87!!evtBQ&adYV^<|2B9`~~<Xx^>}l8kzP^
z;cw^%pbNo*@$J*=3OCn`dm3OGE;tdA$F7VyTHPFRRzPSd2@R3!oRuN5_6(8SL^uNy
zMLu;k<yaZ;eP?Jp_T&$7WYGN7)V)9L;r~8!uO8gS9{%qP8~Fct(DMIdq$-&|Iw8{~
z3ONI@B7^Z{_G&yuZ{dul-Vn!5zdslaa6WXMF?l_57Oy807aect_4|&qaGb?tzHnZT
z`_pN^|N7NvKpbm{A#x(sa?}|(gHg9X==NWK>`!Oo{%kO{Uk#??!T1l(tC{0;egX9N
z)M+dIuZbU{coYF}5B-maqiL1?N5g(g|Hnut@D>*&_9d7B*X!%HNnu+j@Nq>2Pyqz~
zefs_1y9>qxA|-m7Ij9V8(e(*OSQAc_cpyMBm?K0)2=su4lEH?>93%#jPb3Q4vN-D1
zRJ>ual5zT$MFX<LS%m>50$6W{3>3w_f6jdBZf0<{c+ccHM}eWV08Zc^Yvi1I3Z@l;
zZUQ7(!u5&?1TVn^HJ^>Vk&8yQ1uAnUAz8ZZH!NJx<vEe78FYFmUCj)6h!RE5K<DZ#
zoup6avF~4?%TbCM{O3n4ZKQC`pwqDyvG3PjS_1i+x_Iik8b!K0r@8R1kW4&J{ZX(d
zxq+DM7C=$ZhuhD({Kpk)h7WAfR7zDA3$%6Kvjv1qf<Or*^uXmvBx+Rg7+(T06;S~h
zhlW_taH%U!yOfQ2CNiq7aTF}(F6My!3n3OU@%;^ObXgE!=;`Jq0}-K17n^LfveFtZ
z$-qalMv!Wr5;ad<77CZLSm>(V6;oYQ(_BFo3*@$$)WjDIXsCK7P^jS#UGtYq0Xz<Y
zg@ECjaux;{N&(kYuE3{C*w%Gtpu7YTyDQcF_cWwxLf8s{8y17d;F^S`o)n73q3NwO
zXk)(5u4%Z`wfi(wS%~-FSm^J8Y9K@xg&=(MQum)@z;y2s+?e|tm~*0Wvryvl*Ey=c
zwv$TLzQ;@_05^)25bFfV?*Ic$cm2Vu?`hJ-pJEh;maszR;RX8WO2$=@oHojPGD|XF
z%^I^0?E)?q=*k(qXBX}Yy;vjo3O6%QHQJi4GOkpvG!AJ<B_%%npWd3VNL9@E4Bq_|
z6JLoaiqp-Yqh@YrZ)07~e5|zLvQTp7cO##K*w99?&UZKH#&U0!DBUJ#yQWleAG@<p
z8l4>rnmT2X#X{j`qedcP-f1Z5Y2g*<(WM-{w=t*TGAT&I<=HZ1*=y4wCFAKb0A29O
z9R1=rrzs%PUA?=BI0}*K81j^Kjzm!f8HzWQau&OM7FIr)m1|actE%6zPM9QF#C*2g
ze5c?j!?0pPYB;Q=&*sEW)FaYI(~{9OB&+8KTv8#`#P4+USJ#hKyYDk5mx{=$aI$Zn
zY2K+;mEz=Aa5v7#JI=|{EV-dVib~b_#5`<jHddG|)6ENYKsi@4r<-;^f1r`n;(;!k
zuB)%?sm9ORRJo?nB@HF=h1T&TxK(cnk1`5Y@BI0t!D{tw#JHS6XEGWM^U^N$_zXJ3
zK{8lTUU)%#k(3r|x2aN9fse#Pt|z?S>=cWcBA3ZxdMVJ2xuUSV4pJgIh4wNT-j@(f
zT`3)YL>?5V;spM}IDGi-UEj(HWEXvQ51McJbgNTpHcKiH3?3DN?g1b?wV3_Irmg$G
zOgisfuF#K=3tL9_+Y0X4|BalXQ{Mj#oN=rFIZnF0?R^7l8qBn0ul8_q6XCakLW{e?
z8GO_G{Mk~utamq&mar?E1}z`kR+6u)<Z>D!bhd6HRpAbF^XyuTw~fM4Etp{cV3ZHV
zT@ZXyt7YiIWT+o$a1k#S^aeWJ4kUG{UBc(jmI3#T*`biE1+@v;fRdN=d4>`@bVqFK
zUuf#q`K4+>bxOb-T@nif!2*QuGTvjlzo6)Q0@PMl3(=TtzNmob^NmK$+xHhLui6DE
zS^tG?oh=|a2r!i>7Di~8>@t!)l!R;Q`)bb|s~xl6#3<ksXb;D9y6wubO&1w*tJ};J
ziCe!PG625F>UpL+GyC@N5zb-E&|)gFKNy^uvMHRUmv;m%;xv>C==@%Ee=j<fx=f>o
z&$s5s(kv_tucDzuNveic4{<VIOfD@<-({F}v3!iHeJi5fJSPeb_@rbupSTE}KXjmT
z*||HBu^?cf0a@GuWK+Pvyh1;)#j2;fF@xJ%wF&oQ?|?4b2B-rHh(sv*d(yC7m~9DG
zPBTr9`c~hRWSZ^U+lC^a;HQ{L+&3Rm;q2}xtM;JV2&B=f9E1|X8SLiH(ojeex~8s1
z`fHlz)wQ8np>(HC7qwpR8&{6!`@5PmLi<I=d&+fdbTszuuX_8J?Dq<4C$r<LcgAGA
zOfp`k85^0f*;=LtwvAiL2D<Kb?p1+ifa#A;4v*?>_4%pgk~SSD9U%XE82M}yV0d41
zpgr>ca6Il;<p2KA8MgBOF;chNEg6H5C=$JO-@2lqH-op?&|3jY;t@$^iRwNvyQ!`Y
z`nBSnkgRYjzh-)SnY5oR&7UBop@*S_k*Vr_tD2IzlM^I;xMZMB7-#9kNjD-&`b({s
z`1>8ZP?s|Du1ri<gyclxGF7-T->2d7pOHr-rmByC-25{nYeIdadol_eV|MbPSipkp
zKqUdXFi2YemBIfQJ$Pk$0FWY9Ki5|1yAPD9X~l$mkMf%Ft4uShwR0>t*2y(P_nQ*A
zipVG~RRt*ucdXp1Y+>%`vUaZTgwLO6wa=0)8(KUs98cDY<Y$-Vl7ug7n)7bAc)0lO
zu9L@7$wUANaf=91P+Th+p#(?TuFjz?*}g6GVS7ELN(%B-{?cVZKtiwD$-Vk}$PdqE
zl{O^%HwpX#y{E^7`GoEd%22GC9|!oon#eVL2kNak<~<nKDdTF$pdi%8huKcJpt;SV
zs-B-!JJ&>=4JfX)mTI8$ETp1=evDQM=Nfsg%3;Sn+cHDdz!A0#hGH&y^hyI1>G8b1
z&GhZiIfXUxsRxzAeV`)C^t)XAuI8$ci{aUSp+0`80`&p%AD<KVL3TiU<iEjSFsbT)
zouSjpf5%8AL*P{GyC|*cHPP=r%kGgy#;RDW=P-%oigEfs&3x>uS4OLocKVH3us$#!
zAEC!Q_AxokB@z8AXK^HE@E^6L{%DogE%i2$qD1E<bQI6m54grqinPEQ`P^h)qEw%+
zm4vDud@A&dSPO;f$yn#8r$}egRU8J1ZoMZYk+B9Mg)DtlgC=ivM_Vpq+@oO;^Uclc
zX|cV}wJySs4;<@1)6k>g@=+%FqfKAVeEfh5Ra1(`9sRNZ>QngMo2GdFUvy<McN_UZ
zF4){h{62&eJT+JR?WC>izr8{~pxWHvp>6E5{~r&>Rr}xJv_1blN;-jaA|-NTL2AYu
zu2&esJf^<lj1Up`iY!rN*1sZ-BF3cvu|nSmweK_P5*jXF0!N=nx<)Nr7v7W5vrZty
zrDk35JmR>ZH|Uuy!|z_$@Q={n01I_V1rkKawbi3-*>5i{FC^n=oj`Kt^uwDA@F*9S
zy`-|I|25!S_WXamr~ge~td>3XPx@1=!(Lv|oVZtUq|d&E^^GmABkLP`POhwPY#FF$
z#_7`f=Krh{_<?ZBVgYAw-wDf(I8&_BvZ;rpXR>qlU&~$#mwDLxC9tur^zYK1V*cGn
z@B`RK|ARr5{-@L7xTXJNq?+OV37pBV1&|Q%h6<@fl6fqFhGtuQ70=OZu3v(-L)QKR
z=m(%r41M2Fw?rWo@1UU;Ar3H=Ctg59TUFh<?Hn;}rT^_tUUwD^?!5jFhU4j^rT=53
zcKvVH|GU!vT|-0cqyJ&e{&P5-wDSK^((XV2ulBm)XP&>*Ro_=qMq<|MEva0^bK7M>
zK5eoGPOf_ap<(vMj>2WLQ+`%`<>w9`eB*cg)Oh`+r2EkST}{LH(En)CA64joJe{=b
z|54J<XaAiMcWdwc$oAeDW?TF2Uz2@zHmqN+J$DA;f%e<gF4gR{vkXsUpIxsdAR$?z
z*PU<5=M%{p$o-7Ew|4VTBkl?_{UVIE3!U0-q+MW06?^L>g1}Z|?glP*pz(Hr52V$0
zl84S6tiKzGBU~ewASBm;4H(QB^O1x*a3k5D8S_i{z@Ol`&#sZfbIC4DUG|F?iF;_4
zQ~fHNZtp5<{7<v|`sd-L`}b|u+1X@m&97!^Fg$N<?vI)tCjWZ`0~QM0tqs^C|BuI$
zK}G(b4Eyc=|0rpP?YAD=3*2Y_)3h`laLWHF=go!Cjh&+1_D+LrsG2nI5G86x*oRw9
z->;chJB%XnMsi{b70m_jYy(*|!mgW0cWXw&T`-~zuh_}bg+8J=6VM4r)G5Px%9o;U
zzRO9tM0j?Eo0srR9}ud2zySrR2_p17Z7?}i>Lj(iD3|C$w|jf5+kwxYzrDQ$8Ts%$
zY4H=JOVJB>)?i|sNCDfb+h>t{=*uitMX8r+!K_c2R2axG6|U_p_CzKCRDd=Vr(<4t
z9!DWc7N$wumu3@Iecom##Tw05OF8y+wLX=@_4di3riPvtRioI_=JDB8<L7KrJzF>9
z<MuX@=bwc&3-cmYl1!$)LppdspY_vUI19eu&MWY$5pfDECZnOu6n=Df>@?w~ik9Tn
z?EZWXj^(WJsjA5+Z#YY^+{2Bd7FpAz2l+2J#Rk$qGjCWZ@kZ{cuabLft+hceI!P2W
zZgZa4GT`-AcF(O96Y|ujIy76!Whi<1pc%H!^=O}SQ?u;T2>;>!9mn;(c%0S}cZ?nW
z8OQNjxpzB-{b9r@)0E*8A<F(swNEAL-%+s8=2J`j<@B)q-(jvHd-i_=$Eo`Njt7I*
z|Mw{A;r<`@-2d$|n6Igse@_37$_)t6SXW8SN@B^3BSImj+hK^=;ug~B)O{gJJ|R^v
zjFOv3=tYc%Qgq5r6Nz7lah=G$MG_Z^x|c?ylSTtviHk;KV|C}0n#aa*95$L~<-O<I
z&*YHN1ZD1kvDN+JF^TZ08Bm*^G~H+YzpF|3p7nn+oL2omhm%q3|9O<u82>%vCO=oa
z_r~Dv%azOX`+y1tV?TRT_Y)I;wzGEZsqJ(u%jm^4w>PRW6T|le-mK8Q%B<WnJW<y3
zm@9fk8~EPBCri<@5(QyXDBF4<+omwK^&qyj5Vnm0Y#YPZ>X!{+Yj*{;wK9!v7NGqi
z30+P+b14w<f$(K)!lFx7RCAc9uXsa($j6uJqr1{tGBq0KoCPRX7z_B@$B*ZF!;KtN
ze_ui@up9>61RamEGOEahE-{0SW9$EBgMNRYU@qwCYG4<lxEJQFiC3Sg&w%3sIqD$r
z&)=!)_=T2&UQ~Mp*9a~NGl0*|(|MDgsYlEMDh2urW8M>o^rsk2TUji6&SHuD?5(bT
zzKkx-3+g4o*0lvvB88kN;Y+_T{uD+ov?J!7o$Jn<e*fpk@^FQKHxhZML+cxX%mZ^9
z!E^Bf7zg8|@jZ#uZ^?j$N*Za#SPc*5`t@3(Xbe3Nx(#qy?0e~Pg~1FF;+k<!V?pzY
z^v){y^Iy*soMiFzRg1dS%DzRtN`*m%8il<Gkt@ReV@kuP7qhgrSrGe@u2}S^jxLc3
zS_;UdikiOer0l#}zHsa$iS_W0i2S70M+VGp((&(bQyjQT-B#gDs6JQKw?uMHSS#^7
zV||vL(ZTb?G>_wgaa7;VnI~R6{+$yBEQ$iISBeTbkebDaSm|M&V>-nYi_%Y-cI{Vl
zd4-OnUxrS-yQnB*)%z1zh-B+9a2!YBx2CamNkrz<r;?`1Gvayqq2Bv<A1_beet-79
z^yb6qzuH?ge#N(Fq{`G9JI`0&Bui4hTZ(sclBh<bJbF<YpZ{to)c;zRFXSx5tw~?z
zEGvnvW0e&CdqFb+ltjW6cSKXl9RX{MIBmJ8_TSO4$_B*bOWI8@br3mTx`lfml9x16
zsGn+qqF=ehL=*V2E^Nru+bKy`?+Q4%*IfZ8wX=upu7DILO=0=d*|8@qe?astih2IV
zD*+y%p(+A*v}ZMF?mMlc>5l!sW>9KC?9D@OfZON)HR=zl{@;$%-v4`)<PwQX#*^D0
zcifq}Me@z2i7K9M3})5nX{qXUmR#6s7`av<=vB!AD7l$+Qf_W`2y&G<n-q%MN_1Zu
zd8(6WG1M!wco`#IU9tYM_jb0Y9*L((+v7hx(CM>~_R)WTT8sbN-v521wA=r4WcLsC
z|GbNX=ExrWM#=4qO9#{c1LDB!q5t7zIIPnDXxN_rA0<7F{(txFu7_P3cZ7>xJ8Q?D
z>^czmvUK}9b@&Z>K=`FA0^!Tn1j05|ARJQ{2(2>kc*?+B6<Aj5)s=chCE&iiUxo$>
zS{2lTR8V)lM)oM{|H1O#1MY*|Bma$@QFZ?}9Jld*j+5H>A8q`PHvUH&|D%on(Z>I1
z<A3a?^)@I)n|^KS9`gTTK|cy<pZ>Q$o>t`lQNNA<ah%k~|M*$se>^-$$JY1~jX@;Z
z7!vvCFD8aW8@=F(q8GGo{a>2H{ZlV@ZK|Yu$bWaf4|0$E*Pl+R@t=pzXw=Go$4IUJ
z|1aDBzjgU<UH%{9@_#V@f53f!`|LmK_y6=qPV4`Dl+@n;^V`1vr%i2Y({DHZe*gdg
N|No_C_9p<Y004Yn3R(aF

literal 0
HcmV?d00001

diff --git a/assets/harvester-csi-driver/harvester-csi-driver-103.0.5+up0.1.22.tgz b/assets/harvester-csi-driver/harvester-csi-driver-103.0.5+up0.1.22.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..636c72865bbe26b9320d24198f0f06fc6e0d9e6b
GIT binary patch
literal 3845
zcmV+g5Bl&QiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH+#bK5wQ`OII@$7E|W*(LSxYfg2(s;uSRb=|~vMN^sDy1H^f
zWJ|&t1ULYwSTo7}_ALM;MN-tmk2sSZ;e$<qKz9S^ZuA4hjL11EjWUQ74Pr^>C_85}
zB6YYR348GrrQ7Xxj}H&+|8BS2{NFq19lz)uo*W#V9333@PF{3-NB!f&7tnnY>|08v
zG?6d5kH*y;+&5AP=Ry-r1y=(PAR?MDF%2W4HN%jKPJ~j^3B`B-lJIDTvb9-ERm#XB
z;3UBT{Jr2RI2&ES&~jC4x7%!t!5pQcf)C)2|9uL*uzwJCgD(7+dHhfF_{Y|+29ruj
zgafcp)Iw=YTAK<r07iLs*ZMX^nNY2Q&8_mm*NN?i-{-XU!wsZLWJna|lhY=0t=%#j
zL?THAN3QSFEmc|~NtUE`!(Q0$c_gJDimG|vBWb$)*$w+)--}U2lBU|$y@kIcOCU1J
z0472<RyC*K78f6djMcykfbxkXO3N(LnM5yG((EOKa!n{lX<IgC!rL%2dXeG)NSZPl
zSw{8BarL?fVK+SbQ<mBh_PwtyP2XN=)&FzCGE`5t0c_F#{iEJtQ~w|J5BB>1Im$~I
z;)G;OgIjbf=xt09dY(ipgX&CVMj;(|9!<y;&Aw6gFh2kyMV-=jKLI4BLQyT`qTEJ0
zYZRI(FX3vAQqmX|=ox~=1DZ_X<4h=oIH#Gq*G@$(^;wvM(PTOR-|05rvt&7fxQNja
z_#UTJX-PIxnouc)#5iDrPiI1MDlE+gOip+p3qV!e^L}^`c0C7I(O))C$T~E6*Bann
z*v|o{Qp~9t^}~Qyx;H5Ag?(E?v?d0`L!cLZYoHIpe%SK>(u}cd!DzG?z{TWJ=xd1z
zx%TXKP;kHieBYa7jIC69FX6`-RWPB*Vu%QbF+!#=1}#9P7}3eX@rRHSRVsK)`4mQ4
zNHWDUMw9}<ZHt*u8X}e%b__l9tJ=z9Ge!nO{ay$?q;deAIguSk$DRCz7cr5=XM#`Y
z)J&DaNTR;98=G&q&p^E<dNu&R>|4yAyv2S8b<~M$|6oEHs*dk@hQ&t6Fw(*<fI%iX
zYE*T@#?ykKTpDr#;ADc49>Ap-MKg>uhISEdap4T6IhER4Zjw-LUy0N}5OM(LcT{P$
z6^!M7DHw)zvLeB?6f8&?;n)QIb4FML^7$P`nce{~>L^|d&-SbueQR2RQ*{II?bP|U
zs%4nol!-B6xmm0kIstHYX0A1J^|7!^{IzxYLrUxZuQ5p((Wp9?S3jPQLVc$ngJaA7
z-|h9A{@?M*-v4`^GRmR|l`{Hu0WqdbEHG}h^o>$As`A%gA$;!~n((sl!Qk^}C>^r!
zo0Np#XW1hEH#1}@N)_t#;jX|I`9C;3XxjfL$H)D>{69ze_1DfDnA2nc3N;wB!}!~$
ziJ6vYh68xh`TW^4t-SNQl<?T<03+%kCQIWx^zwFrvCSz*@LQb-)6s`u+0>fxp$j+~
zZ35v3=X_SJJ@^D#W;}x91N%smQ8t;-JMaS^a#+Y?^XN!DlSniIDKR+xW()uu%QC)#
z9YpB;gbucCuMGw>AO&NLNTv{!ND%&~v_jm_t;MN;NCZX`s-4NHjWPOq>}<~A<;b)(
z2B$GazYD#K3FLtw2gF!OgmRU;FSd?q_(&Nm4OyaqSmJYPcbnzHT3*gHos<*XG^L9P
zT>E~P$!DsB^U4lnaJu{IE@>>M!~v=8GbNq1%6k%*O3L*F{6DDR56W-Aa!7aQwf4sv
z2UeEW$W9))GRtb0H|G`Cijgt0U6<H)S*~w$T-7Oe&$(+1pN#*;%$Du{$p`<&zrS#a
zBoW+^t9B&UHFosQkR_p-b?guZ#-5-&Vp+UpsG%cfOJkM$N<ZWX!wPrhGx4^J6PR}-
zO&d-|8D2D&&Ptb0@N*_KZd?DtXS?4tHK`9;33S2ItyAGNK-fM=%9SQOa&TJZtTvp#
zSyw3ceM-sBV;+mu(Yb~<dBdBcVXH!NZdMV%ZgsC(_`Ksk2!K@v#Sec;j~Q+A`D^dZ
z&r!D6f03d&H$5U4yv_eRI5?`?fBkO1w~zlmOR46BlnZ%<x8FNG*z;~Fj|avF%u{#?
zY7!Go1|H-ooSZvKHkw5=q{1^Mk7?xMfA8_<j7p3LW~V_9V50seMV1!9zxPPupCr|I
z#UuQQ>e*jMKQ2<!Fct9ypNK2|&c&Sb{&T^y1b?6tj202YcOpjRqB8+po8c&pT>mZv
z_>pCc{Ko_n!4*F0G{9#0@AZ2}y{7#4PEPjn{~V<%|0GS-QtF3x=|`wrr2am(2S6oL
zzb<&>L2f7+9M(SA2%eSJ-6!Cb$H+At8Zd?4QI(K6Ktgmh`=NwyGgQmO`bzd`JN{KG
zb4kas8%`lZIR%v|G=<fO*-Xx33Hsg<1W-(lL%2-G7ia<?a$5QA>VjZ?dbCn!lRI%N
zQK{2cuip-b@6Si0?^c@SxsftErm5gTO7!g1a6)ds)iW#b`Ew;Tn6hk2x$3m<GsZp%
zm56RDh>_2mLvT!+6Ipv#<^l|)HfS!xY52BS&<)0|;rGh8Y~RoTZOJ!=%QPB%{yf;Z
zn<mp@Ju4JmS5j#!pq6>IdQVpDpY{1lC62U62aSosyCwH5OC*wn@ObrwnfK0^@{XFd
zz6+w(YMDSFC(x-f%$mhFOx0YjWw8s|c~g1kxL{Mx))a+NCaGSW39j)@H>ZZqDZ^>S
zlqrfcNvxT&B0`C&b*Vo~R)b(im>CJ`Af|Fd@9MO)La7N_71lc8HuFK_(^s!AuZHJ0
z7sFK<Mjoeva((*h_1Wm+=KOMaeRXm9W4o}s{N-tx;4IgyW7DH9-5eX`WgFIDH2lJ5
z7Pij34y9=m<aTQinO0TBvJFDT&0SWm)gSo;wds$)N|CIJfQ=Hq$4Q%T)Xrk{S{m5S
zZq<$6wz|OVn60E$*QH&*Wt`p(I-M`4=E{W*%flbrR9ssZquxF>Lx=T<O@r!xE7dny
ztG70smVs?*i!dfWUKhISTt$QtcgC-w!~i0ak}+jeQ&i27k+@~B0gV1Jx_LW%cX9a?
zs?rVC>53K=0U(jYSDY<cXos4rT+u+Sn3hqohvGpUb=E+s>F$jNPhsXX&QU1Zidc%2
zO!F1|3yrD7$o$ApH!MqYh>mqOZZMD9o;D9r#LYQ=$Y>0hz;@g+k{IW$0PL30d|B_R
z7EMYkU7If(8?+F5@)YAVxHjN1oSld`V=Ij7x-&Ws+TXV_wmqA4F|5@olye&4+bA-4
zFCXCeLB7X+q<XeY{ZvjgEt@sZITc;C_y<W?yFb&ifv;ez9E)1EYMhmNATFoIYW~v(
z?bR@DDu>0w<w>#nCgtku8nSw-tRimP!BsP1OK|0xw7TwYN^=!_(WPljxpUe>%hp0J
zuB1zW)d{E@Tfs*Bn>6b-WUIPwN2E`nrSDJMie7#^jitG^iL@1xHh2#YCTLe*{y}rt
zvMW7i?wVWFu4Js)l(z79eG^)<J8gkc-;LI6Q(IuP0@$^4`$n|734QHA=f1R-ZSjA5
zA}~Szm;}I<{NM56LBARQKkOdu<Nwc5HpKtSrGH!kAjnUHGnDG<Bm;`?R%+V6_A!e?
zdf%i$ePHmL$Q-QF^ev|kG)+)s`m~oEb(>yS5HKV$%D~dzjEA<o4@%ZMef9eKYIt+`
z_TBmD`t8~Ice{lD9+W;<cCR6P{upAxMqxP#Pa6F*L(e}`+9k13G=0KkM(%p8d@coF
zC^rA^!R@YVzR1Bu*~7nhrw{iM@dOf4`L=Essi-#pB9gKCtsm^AW4{-C0nRVJ``m@?
z%eG&H=Nn(3!WUuqeW>)_q0--cJn3tDX3tZ$`2TWDqDS8YvBm#CJn64||J6G<-uwU0
zQ5yS(bNxp(b@nZt{|kbkcFm3DUy|vWkn|U;##T=^yRZJ=3x<E8_J)8*5BN!jA_c>I
zvnMIF=cPA{#{*ay&V#5|+4!Fr>HHFbR(@Ej%lqzeyKutemhd;Sb{WHb28*>*1NdL?
zBOzo=d36{*{GXj0iArQLLf6nvj4IyEQI1{x6t(|n@IMkA&CCO%%2vc?mqhcFr7>|&
zk=^4Qj3y!Vv;OTgM2hCkB9fBGo(Wk?Q9(#aS&qF%QChsr$!#Ic_g6{r)ACGzZb|s}
zrQ!<^5ivrOCM92wkdD$sXDjqLBrT8|9MFQNSbRp5TAA|pfwtk{Bvmt^!|e$3#mzfx
z#Q2nmBEijM-V@)>GGy%aUFD`#R@))t+|s-P_a1_H4{WK3A2kM&rm7us5s1gO!59R)
ziiMl!hjQtTJmcKSWE;Cw=YO39?#4hXXbU-CnX7V5?_>XMvHz<o;K6>tw(tKAyT{G^
z-$`$O|HHGCUB3UT9-(fruc`+u8`p^f)EKDo39>2!&ryEMmX;a%o;|Mm!ScPmb3!eT
zs#Y&MTlejubQ@w3GaA~>)pK%`Tlnupj03nx5{xO)_&f3S+e)kahcjdeopK@ZDR69)
z|D)#jzrCZwll}L<&r)8(HPIR+SD*#BHHVKg<S@=Cv-jntB)TP2RAF)7p32fxNUcE4
zkTIAtF?QK<%BOz@iHvAEM;ptl)Ds?iFM*>w0t>HGi4%H<u?s@}$9ExIakc=#ZBIiI
zq$q(=j-eM0M>j?dq4yH<`zJn}jUc8{dEu1mj{WP%_rmcnvSa@i6|-r_{3(8_Iqxh1
zjY)KyrS|R{<-G~j$JBchj>)a}Ce(>}7LrcAH~;Uwgbzegktw(so+~d*r7*6t7t$C>
z$2FJYpI$guk%+PLEvS`N`TsdXWp#MCc#0cfx9<PFlji+zz25%(&$E<>Xq*aZzxLR8
zf%BT{wo6tq-RDG7GG@gQ=*EHJBDgYuGxHYQ0ck6DR#$icwfm?2QRNCxt4xX;rz+h;
z-vgMs;FzCZ`eCYEz+Y)e`P2foZwBBuP8D~mhqb@WD;)P_U-o5R9#sAn00960W2X>I
H0Av6FaQ%;!

literal 0
HcmV?d00001

diff --git a/assets/neuvector-crd/neuvector-crd-103.0.8+up2.8.4.tgz b/assets/neuvector-crd/neuvector-crd-103.0.8+up2.8.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1b59cc0a45911814288afe20512a3f7922d641a6
GIT binary patch
literal 3393
zcmV-H4ZiXpiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI~~ciT3y&oe*8T;=vAX+v7F9jDc~+1;$&-R87)bCRC)?2`hK
zLkSy@U;$8$H}-em1AzK#5~O4$PFl>1X<|4S3<j7VfDxHvIm1|S5ym1pIGqxqqDzvo
zdwZmQzu!MOJ~n^*{r=|P{?n7ey}|L*<Kx38gC~Q*z5d`x--7-=m1v?;DkARnZ(Y}B
z<Gv6gdCnD4l;?670K`NQ#wSrslwufBeh{NjG^LmfL6AJ2qNrt?(j>ur2t6fA?A5a5
zBtuz{7>8hQhD+y@mr`L?`<Ot6L}I8PAHtfy2Be^GP)N%2A<PB=DT>9vPom@KFi23w
zf)>i$`T<!6v37Atxqx#l-xyI3B%HoF1BqfrW0b*^>zbxY6>@lRu&6PLc^1%EOPZIF
z8Bs*Y!)QX)v>cZbMa*-BxzfxB<-y>)qm!qHPoMl%K0EC9|8Mr}ILHXi6`?r_ISfL;
zj8HZNSr!Es>Tm0{0oYcLF{VnYDGChg?4T|S90Dl{Mq|^N!EA1aLH{V~N8f%^7KhQd
z(Q&ZR|Lfy_Mp%h*-xEOF_&+>(x-tHb4-fl({C^6%4`-N?k}0r#Z$`$_34{Ca>y%2M
z5(xb3`OiOvDHj=03KK{vL(Oo8F(U$DMg%2eh7uHqF+xG4!~|%rIH)Ot!mMCKp^Son
z7nsW_P1O)m!XySkERqWxPdR_5=OOFRr>v9;#fz5#0OneDG6X%rY<jV$U1@#%FS_Vp
zG(}dRkdZ2GJr%T!|HJ;#(Z={cIXXV^<Ns68hYtr|!;EG_kf_X%)<f@Erp*#haR^@@
zTwe#8EBO9>LGr{5WgUZnr{>xO)F`O<LP#*BIYMtaiD>Q~gv)X>-$WK{o@-Ij8yk2u
z=Pxr9f+h%8dZ_0yoE(`;n!PU5l)i^vxD<wYVy>-*rviyWAd5QElCewpy(G*)7#$&v
z?osd?TIq&g={j^fq>i+tln9b%2tSr%6geuCw#6w$mPpW(9iti5lc1T~sDy{(OJj|*
z^Vgb}<`a+w#*d=lMG6&!u|hOJAT*a15;6Cvf(y!+o;6E7XA(W#YUL|!9mdsM>jtLj
z!k+WOg-z!?jSQWP&g4?k|C$C2pLOro6+IWWuu`H|)=>80g|2INw^pzaG*>C~zLMcr
zvbQ14*1L_THC?ZH;7Zr(Aya`d-L0m3D_^l(jEs>vyV&sc8XL4~Z+l&VV7LN-1tT#+
z@0%X<M!l_Cde>8vr%yml@jn*H-j)IG`2Y0i$&<s4`2XbisgM7kgf;@k5`{+<;9gGj
zJU-U*yq?hJ><btV4<%+Z6sJ5Zba?Fj<=G$_9ESZKJe1{FDggrs2N0c-f{ZDnilU5k
ze68lH=$}+omyaH;)_LTpGv~^v^{BS`?`~T=P3xPrv*7FNwH*smP<*d2*Z;}r-M2EL
z{9ra%hOln@V^n0Yn7Oa7gLgDfhHzR+#j{r^c`0H%(@}+*t$_>`Nr)oD#r8rzlNgtR
zs!LHa9j-SvAxwxe`$J%Z)(}2?Sghx2LRF;I(A*XBG5qV1_xd`}07(m-2woN|TN*1{
zA62EcMd!2Em71?ghNgf~seY^}{E13s7z$Pj!frItlu4RTN=C$HX#gN&t{0%^^DV2S
z$szv#mi_=RTiL)`>BL2WF+o`M)NEiiM=@Khh0P7c1({%V=VLjqsVSafMr^kL=)w5>
z<%>5*uh(t^6oMBhw8Z5-fO(HEsh&?0P6WyucLAuvtmd{$lqC|IZNS<x0L;s*sVoG-
z7{6#NO)$S~D6|_HQVE(*>a|*K+BN9yXmZCo<}5@AQm?4-u3ei@aG@I2Ykyi$u1B6*
z0L>Ln%--`&lE}=w(IlbGF*L<I%P?2X44upj5DThMP~sBQ(w$vZw)74gEw`oWmUyvO
zab{O>j}is`UQ&UHTV$xs(!#-u76zlblgDb!$N$DywK`7o;DeR{2we@t1)b2Gu+bi*
zwHew*B<GlIG>l7jSk2S5MGaMkiz%R{(5Xvv*QAuym~i*tQ#6jNk3YMQaY|;id4hDu
zzKrKoaWRUgB%d_(cnD+0<98zx$0+5lu^^>PVWXO@j|&arB%QT{vN7ijNu7te9dmBR
z+Cr=P{``;T9{<eA;~$TIn#kjy8uIwZ<DX8tG<QuQc>Je`KU(srEE1x2h7GrkA4E-e
ze0WDsx}8sq3c>5)vD*d4L?WYkgQ1!oU~y*LP%5VsS<+BACX&VtW&c6J!$i=uUUG}=
zGoI|wlrt)0K5K~NA^dE?c0=h)!Bx{->(tiK;fja})&zccUlyFv`0_I|K?vsu&v)rc
zH-c&hBdzGEL%?ZAPOZ49D{AV1nK}cKcD&SCR41&|QCb(A)P|B;Fj6~0>V%Kl(UBX?
zbTCLqT+~5Q#`95zO3=7Xj4N6KOhhq~I+Vm^<Fcj8(q~1Ia0Kw~qQ)doMi(?`j>uhP
zxxLQ;9i1N2EY$%39TF2(Gj`o`h(x7mK53X=oD)=+$;k~7p#>&FD^!FwxCmWmn7dwK
zIKUlrnR(o^j#NaI4gKUE-j0edNb23~CV6-J817cz+OR^qL92|ln=8liVHp0|azkR9
zh5v=5h*ZBBaAu0s@YE!X)V15Ntmci>FfG$Zs(O6xh|e8qEcIt6{_JEf$Df_7kv}`}
zXD3_9{#?#ZeC~)PpF6T_q0b$uFZKAx<Da=4kAK$4;~$TIwvzq1;2)nmvMI#pj`-Y>
zRr<^lCw%UR&mHl(BXjb(BP--{M||#x&mCEC_``gkJ7UPY+nS<(BzN<<BYVpoNm%iP
z<c*xM!kII&QC^cTve{NsyqYVr!Qk^m?mSOKVlL}eZtei!T(Pyxrp=Ra+is0^sgD%P
z_OgLm5T#HwAH=k3+Ff5u=1t4*oyQKA+5)kq5K6&1a7~dUjmv;l#xYOa`{<UfAn`kN
zZGl_b;@qIqu|`*;RNcBy{kj~JbX8B_1mAbyd+<Mo^T9sb@rOR23FqU>$+fproLeHy
z`Q-C4Fs5tiT&vX9z|w{x4=lF;mL$oj)N-|#3eLU|l=*zF_Ni6d2{~QNHTctMk{e*u
z#qE*log>qj=P8|RjZ7KET#a@+TB*K&(NNk1j#{FdeT(QW%ky0i$uj2=P_gSNm@5j{
zM%EPQ7S!Bc>85Qq!5WqTf3QRKmh-Uo=UdLgTGk-l)*o#vrp~CZ4GVV^<4ObAN{}qa
zqb_+^oz`;OtmeAd)Y29Rz1v!2OOYL6|5j4FLH`yQyku&@|J_yqozZ=_EG<~zt&u@P
z`|wu7whuua`g9vfqdh6s?iMW$;dF&IC+N`qZ5^LbX+PWJeBO25OIx0G9;KEH9bl*}
z#`SuQMJ|xh1~WRvz~v{x>P587zV7XlaHRqVlU{#~I&oq##S8^uUD$7(a=mj3<UFv|
z6z-JO<`?PiMfwFvzmRqLZzOdt#W%`pR^OX#y|LilVDM|~J6~h_)1MZlI;mDw<WGOr
z8U5)`1NqaRdh(|~{`AKw!vo9ZD`|LEFiP?mtDlp6#?bO~q3cVl>kV*ugQM<cG&fp&
z17O}@@euRQA?D(PdfTGRYU5;NKa9TH`3dGqG$N^6!$w7#a%($Ou-brbyL>IXiwdP0
z<z+T*eg#0s8rx&hN?o5i;#6JQJ?QvI;*KP<lI19D6D~jhVDe^F-KKa_$5aziYMXu|
zs?>4$z;fq-Wyhb<e%z3-uNOfi<kA^Ay8IvuAmJIIx89N1V~nC1nYcGLKCM1?{lk#Y
zCrUOg&5D&7)+wYZqOM%t^_PC@Y5n`pufBhN_Vf2qmh80-_xGRsgOmR8#`m9(js|`I
z{pU|X_u(ANH^u|t2V@zTFUSXhxwapuPq|oOS{(4f{50c%gwt1N^Yk$pEt#v5hZd2+
z9FoBjlRbi%6si>VJNXI5OvmDt_c|?Vv2P8aC;^FJmq2s#4gG=^=DiS)^?!Nw@%&`T
z9FrWz2niO9Ut$7^Pf$%!zy(!P`xX90gH~TB6$QcHF(#!%!=#(hD07S{7r55!Sl=iF
zPs&(n)u;rC1rZu8PM4;o5@LZwVG_YVxG+_XN&N1Dh(t%zf+%W{7YHPh=Z|6jVRrp&
z&J_sE_zaV|Js#+qA6W4byh!1amtb2#B|L~lQWZXi!hlhbsNn6*?|#1p#UUjcjn|0|
zAh>@YPED3#DU8j6;MXZa${FJqG@pRdattt)b3<EZeOuciLxn;DPfhWPiy7N!hfq_b
zV*UmXyKSj^=H>ihxPmj3v7m+V75$%Oy@GSDQ0f(pCAfkxtod(#6}(-1SNttpX~Ws>
z)eWIJ{8C{4S{FVx_A<s)+~7&Lg15#_Z{aFfHKdLST2?F)sP36Kp&zJl^NW}Ip}U>~
XJbCi;=cNAz00960L+FTN0F(d#5EP&p

literal 0
HcmV?d00001

diff --git a/assets/neuvector-monitor/neuvector-monitor-103.0.8+up2.8.4.tgz b/assets/neuvector-monitor/neuvector-monitor-103.0.8+up2.8.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e7bb77e5e71979a044d8c89c3686a690b3133107
GIT binary patch
literal 8353
zcmV;SAYR`eiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDFbK5wwaDL`r(U0EUN#3($O7fAYcJ})m+u6zYa=2_K^Ud2y
zIS>g+Sd#<?0A*`p|L?B=@Bl9zzMY6wsaV9(jYgv{G{6wY6YL7gS^*7-ploArjF@Oo
zQQ$wjrN?m`XM1x~{qHzV`Tx%LcJEndb7yn2yWQQ|-g@SAHg`H(&%n7Y1ZF)k7l=J`
zZVanDxF_<UFr)$rLPOrS09+)HPe*MR3E|^5p&Kq{f(!}v`oK`=jxnpP<`EwGXxa)<
zfcx+P$Db8f!F$bBwQbJg0d7q&<AjEN_~{=%ciNqoZKvhH-=Wj)_2i#F)wYySc!XTs
z2mP{@^D&=tfrHv+l=s0WVSG_r8etX?!CP}`F*+e0=B?3$^&tb>c4@FN>C`q!=vEji
zbld4ryX{xaBW2jfh~tE=mDO6?Moc3~7(eC$vzDOLudNnGTriA+950E}riCK%Iejzf
zSSX6JpPjbT?pPk?E+dgpuYSRP07HyK%rLl8cEEG0%8>s8kmt2%2!a|cF{BI<^hr2^
zb0WqTz#*dn7GoUqjejyUL?LQhV=4zd79!&Pjg11WE#gY(X&IUzff(<$M?{R{LCi68
zX((_g)WpOaomai>o$k)o|KUG(9p`V8pEs>DJUyq(<9(|I9J?_iVrm75gaVNeGxZ(^
zi1>ZraTHM|{%;Wl06i-M>=MDn7&B}&%@e0FbFu0(#aW}O@XPAwe_7eAbevw>X}|oh
zIMVZTtLwii|0l?gF~3a(Fh~CPdflCp{NL(qbyxELKAtt$$3qnR0`$DA)tR%owFW0+
z!hvu=@Z0YDcda310TKdxFeE;f751^~BZgsu7(oLcbGh6H7$U?u_JD+ff*4~EIEZ{C
zFmGGd$fpD3CmKiiSpEf|MR$VG5grjP*t8F}ZCNb)<x%$xvo@g?#X%o_`pJ?KQXDce
zAwC}AJ`9o1v1Q>4xn?nweXqgWp?<#(>3cXQz7HW45?K;*fqWl(761<AFuXnp7Gn#5
z1Zb3C$Z$ltTqe^@9p+266=gE4l>$+%1RABXQ=;OIQ8<!hl9Uw`5HO598v0X^f(!n`
z0@yn_dUyKi_~7Wn?)!s2ATJ<c`ucG9`1se4NBj9}S1|t=GnZlUK?$Irep2HYQs!cI
zERf(D|7>WQMrq4ZLllwYiED~6K5<)8pfc+Fn6*$u`W<I;vu6QB)O&{p*ynxtc4a{(
zO82Dvy%5P;*;t9y<C<dGYT}kKOo$Jl)!Cj_XKxSHJD(!&HS$sD%2x^60H!sg;mT(X
zIA#;#;`RUw)Rtxk3$bKGLO0N#F~cp{Uu%$b*dn38EJS`EY>9<^(|%e!9)wu*!A4QU
zlV7$R_DHL`eZ<EDikR0hOIp(;7LRSi8XRf6Ab-COWC%Ej#8eZ=oDzw86KT#~@)jo^
zb`fg{#70=OJi^qhPy4VTf@s4_vEzn%QZucnk(hXmsIMi+DA6JX!EvEodoI2+8`h0$
z4US!gBDtysW)tMM<?@#+onx`Cy2{NB@Dc&Yi*2OLi#hf*nDniZMjFO@EEsW*utI&0
zhC?#a%Q=etsr-YZAd=z`4W+bE-IH*%4ue>VoFQcr*a&lpd^_os;bFhdLNG)NjW9z}
zQ`fy4_;j!#jhKyn>c#;MHElLfMB0J3#x%CB!d8I{%u$eV#QX5CF9|XWj4c^QI=F`#
z1uNnI&}#L`JXQNIQ_~x#W9&zm@wSL=WD3r)|GK@ct&;t>({pxK_TPOx-@a}9Crn7t
zm!eUbbW+{^97wXbW88=T+_<{3WG(C9B0{03q^Hz6K!@sY<@2?zq+UykQxamZb0bpL
zwxN}mD{<S_fhK8oK>M?HI%Lg{6U-R#FkDI#Aar57r~V|taXcK73$R;xXE^lK-x|X`
zhLOO4G8n_y_owhjjC>Wskm5_>-nM?lx_4DyNEmV)Ql7ae<`_5)F#LC>;q{1z1p6Kb
zY3%wWAkqj{wk_fCd@xni*#B@W>q^I#N7#MQw%!hb8Ol1fgm~gCt9L|bV|0L($^j(J
zZHat>?F{0|T15hrVMfoiFr#T&r?J99ME7~#(_hp8`adr|uLhnOEp#vK#H!JaGh7RA
zmqsvRBosri|H@l`<#wqz4R;w%Yx=vufyUIzC6l=Fa$42&CcL6+DaAE&id8+kaX==$
z_1{Un1}>$);v*M>{a-fNr}naID#u2<W~a#{pQi3uE!S!1E{!zRI(0RJ*|4wGL1C`#
z+4J?#!uAn9v-E#v_unuWG%x<&*(t|=cD9|)O8?)-Q(C%d*rHu_OxuZL2Ul0+0Pz_K
zy*_9s;XR7101M<Hf%;j1G@P`O{#qGNSp}c=+qVT!$m+vou5C<lt_!cE6PWmu$~j0n
zI?Z7B!S2{)snrZOabK^rb19n%`Wp)T#hYG2NJ0;X0yYhiRF#~~9hvU1LZq~Dvm{<-
zca6wplQ_vq*Zwz`(|&2m8GA!~%-jFO0&FuzP_8c3P6`2vARe0ifB0vX{7>1Z<>APu
zQ|X3ZOB2kI|6842$^Ywiws*Ey^8Y@bCIOU+`&LQbqbTAVnb6<Q7^6<=&x(t;B3h#Y
z77*sj7*@4YMy)ZG+o`ZlJg;i+X@xOnM4(ZrMiOY0m82IZAxle|xQO?mqe7p)0;q8c
zkZ{NE3?xC)X)y|<qv)s6xQvSB=w|W?An#0VNFy=s!-kII@uo^t63u?;Y`?S{s_5`%
zDda8bjomXI2OC`N5-2*6(Dh>v!*gZ5!(ZAb$spRV5yyu}jKNOoD}iCZfHqtLAEWNp
zHjjgp_{EuBifsCsJH1*ho)a;yvUs*}kykEiQA0DnEOwY^FSTct@P{rimXg{vI*k2f
zd&PiKF3E@AN|ugc4mEXCLZbw{xFwc@PD1v(u1n)E+4316PTbmZv#bPf7GX;}KqmC!
z-p}=^Zfq#kkZ*AY0>#clz<*@JNL^d7)4$q<ZGYQjm$ZG_nBt&VtoIJVHfA&faCNm|
zyw*)OYB28CS;wm5wm>7ey0Q!SBtG#nXxs`=b9UxpQjp(`!38PDoAJmuW8vy*F23{7
z%@*1r^@%&}!>)ghro7awp5vQ#H;WJ&*?-0o=yVrA9fy-*XX!#v+r_(wZ%>a8jy}KL
zJ1A5Fz2#r;eCaLVBAC42ga3c{@#y5>=v4k!-)TwLKvhN=wuZ4!Z91B@pg+9%c(iwL
zbb5TUdve?W``fn#f#i;)tu`#}B40Pt`wgQ(ndVyK9pPbhX6uGs+<GsM7XYftV8OQE
zzSS%|v&*>xvZco|n-mO7+gX&>%gVcZO3y<6Uz+xC%`o7+_}^ByTlW7}`Cs?+B*F=W
zUb7EaHSi|x+<0K(LM`hTF6<M|Fh3{mLgBJHb-S5&o{74L^gdxBpD1%ub*faI!jMFf
zrTO@pW?j}SrdPpp!#u9`XumUR+b<HLl@hd?a4JEnQeW0hh~EP3#!Ab=GSykp_tjZU
zhvljfqk_8B@59O7VeX|LX0OLWL>1S5L5K9oD!paoe^O&<H83y#W78?i|L)edvy%V!
z@iZBy#oWHeaA2Ot-*zd(l&9w)3Q8b71o8m7pg4^0MJ+5iYm0AO)i-S18A|odErdbM
zNj|Q2r)E0stu>1YaOg#pgk@z>)C~&~F3SPUV|H2oXRRii*Sz98>8P!phHdTT@T(+k
z<{ek_IcuYAO9RMxVSC1~7Q~;`Va{%dGg|`NC#$b-`<bQxjR^jYV9e3~&d!cg&j0B2
zR_8zO<uN>g=S>da3wRz<F)s-90xH&lVF##a(lz!7^FY+&-zwDJ*T)F`5#ua*qI8g_
zPJ0xpz$FZ}H*x5~CHxUnk$^89{Auhaty0@fjnu2I|D%K5{r3m$z`Hdbn`i%Tcgp$S
zo88UT`oEWF%{Z8=j`FGuQp-|*>jc#yWqGBaxOsLr(ZIZIS!-)a3RujPJ#AShV+=#;
z`}AB^6;hOdPq^SZ`8BO9Uq^_c01M1`npK`-rIAQ7&k4%{_Q^R_%Q{RO!zJwJN0Zer
zUG)+^P=UGCN*}m{R;%V$`j_=J-Glln8|S#B`#g~Co?XJ%`hCK$aA|#|SpE+m58fA(
zz%SuzNPJbLxK%4_?{XdoIHhw!0Kx&O0DFE^F*#VIshOU>UI$Loc>$#NaXGjuFFDUV
z&Z-yk&fD<c7)LsxU6B_M2d=W1CD>9^=^%YoyC!NJWvwAc@^+|>@vSHD%~My|Da`s#
z$~%0rx2%aO%n6wtp03d$b-fBSs_9Okk?c*GKBCyHsOWTC!i8P|@->Jt5->&+T$J~U
zZHsa_IYS^Q_;f@<NDjy5hb!BVbB9#T+1k)R)#?f1YrXdP3V$mXrI5d7Q_asv6k*S5
z?BfzXam*BbXW@Aqk4BgaS(N6P%PQ#tRfkjciPr3pYb!tHdI?`ujUuT_C||-M;{2R4
zZzd-7ebsLH71&b0Q{5dTl{s)(-DFF6lbk<{FjL2$Ll?`@a2l@56_pNHR>_#kqnN{o
zk0%htz7KncpEd#<P$ma2xoya3kR8zFZ7G_phj2xz`X5D6OHNgQZ_5UlXa8?+ZkNyh
z_qr?ne=pD4+8P|iVe5nhN<0hfD&_er5n~z)*rS1zs)S?9%Jra!eKL`21%XS0$j1T$
zi^G<Xy`*Ulz^Nar&QxqJ*PRigF6Mk=NPL`}`B%~T1hhIa6Z;`%Xh3|`k&D7mN?Vr(
z0}^6S_bAt!k|%O8!#gy^40a4SL&ESm^8I!?FyJ`kM34yvX`bs|j3MMrvoT1wL9Y4s
z(k2lcYJDG|GYmXt7>*8(Phj`(ZKj@wiAkZwnAEU_VkSI2Ox?ai!BAcQvog7_2V>^?
z@AS5ut#bU|+3c>)f8NXU%>uAbPe~ZXg4=!gmkt#t5i?tzEbN0Vmy5o_#$Hd$l&dWZ
zbE_^dH0}tJRq_JqBscXK`SFN^Z#`Ka)pV-MKO{IAU{wX_CVyGi<H0@-aHvM~?J9Z4
z@E<W@xMq|oPRTKe93b&(U#C?0XSpCb=qJlMPP^OgC77+(!;4Ue{W7$OU>%yMfIB3K
zY^Vh|8&n;+Nh6`dDv4{y*ml~^HHIiHtSYeM!rO&MRtrISn^h1e#n(54fiG%CaZ-4D
zLkJ|m95aGzrshPe+G1f9T(%~Roi4d3EWLyY7uj;iu>!CMG4aJ)*;8jde`|12->5yC
z&s2F_TuNEdmC?IacecLz#dtp^Ud>zL(r}OZl*xYCXn>wO>(K3V)}gz#wGN#Z1_Bw?
zc8v|dzrn7Lnc!wUojXt-oI30+N#Qt!L8%?8-Ee9r*PRp!1sW+)^JTrBPKjQvCq-j5
z9g6&7CDm>05mBO=JtW*k{%;sb&xeWkG!$dI4+?iV1JU?|QeTiLd#NTTjD27I@=17>
zqi#!6?*lzI2dUY$Mv^u#$ZYm#V2+F)_J|Shkn&=eV>Ka0FA~F^@%thjUh-Q`lT+zi
zf$qJ`e(SsIO0Zn&RXE;9;V4EUy?T8_!h$?dRrr{mzat_35C;RycrBaAI`2tH-lNDi
zZ_O!lL~@;-g!XrjOn{52kAMDMNud_<$tdi*I24%uZvW%=5J3L>kALMR`#U<KU!Irl
z%Uj~Qycd5TFx7GT|Gx@Xv*caV2!}0?y1W<;%iC|H9em=_g*f(+dj@-B6o%N(yGbui
zl(_LWmz5N5h`D1j!F*%S>21H+{(t-b^K!4I?|%~UOFYQCtGjIP#qZ(o;omnrGWmze
zje(wQJ3#Erqvv6jAGICwxuWcIBZmmJB<-C3hm3l$E8v}4TorRjF;A_An75>A^mo3b
z{_-tvepMZa3P$O$ZL#wtq`}Kf?<NA*d})wOj2Y%*>U-SGqP{8#%_t(_h#PuGKgB*9
zmZH&(aHR;arPwMgyQBicJod|?Jg1(dx16AjUAt0VPMf|ecb^fTN7yCEFLq%zFG>HL
zK8-X)1LZg4(wJ;6a8xB)m2Ac=*#kc=_oFJP;BF%F%VRD4{?a&&ai~<H9nuij>oA&J
z_@PzF;zGSQN2d1{lj+^9+*2tiG)--Ev5y2gR2d^h)!w86e9GP@bEN5K;Gwi?TB=B5
z6#hHrf()l=F^UB>izy?i6qUte%E+HI6v*Uin_(|@@yFT~VY|q8tE^!M7=?BtFX}*a
z!8wDBH~36llq{Za<#$aZJSQH0ho&?ZwsEiDauQV;X2n4kXwYby&J&d|Ph3KU_wj|=
zPi7UPRFy?)>4lS19tQzp)6*=>TO_o;Ni((cPfNDEs-m`fLQw}N%`vJ@U|RA9NySsN
z;N@b#BOH2fGT`67Y1&?06}w@0s6BB*K&HasOI6dQ@pCxR2W4T8#-XSxI_3NQ5Q@&j
zE(wsbl6xx+m^S<VG$0>SChk`SZZD<+U;gMC&_`T+pyGpEAS*@q;EK?lU~iC)?K{?m
zd!G+LuB`#$7|P@Qu{B{ifVR?vD@}M4P55d-XV6(v6|QvQN*CU#E{v%6UHgOkgu8Ol
zV-F6g_kDYV5%RGRxaInYbK*Ahh#PZ3gK9_Ug7DXrd6*rKi#si)N_#5AkG=oFjLxcN
zil@rHL{jNpx_@6+c<3WnZK2mJT~%p-*sf1TVN%B_6?+VwAB(Bx1)qc!6*eTk|1m-?
z5!0IHBZfRF2OET_sxu}Ye#2_WnK5-eg(MSY`(O3t6Y^(8)<ISI%k_wv5~;PDJ6hY|
zw{p%R>Ssb-zC^4%9{KiH;;Fs5PN__tY&#}@N@8r4jR6<=c%N{=$RJKYR0xtTn*{XC
zQSmW7&vc<3;t8(c$|Drc8a5ZmJtN_$4wVt3aij%Fh46tn-!qZS&8L*jDuB|?=y2F<
zlr?WoJgm7kVi<?Z+H2+Nvj8yc&FcQ8b3<b=!py~?P(N?gB-}2Ugq?25CM>*|wd=b%
z%P6e1`!cywZ*dh_Cix~_D#KK=MWI4u3fTb_Qa2PTs14*4q+uhKEU!$O6|l<oF=Jnl
zQoqtp@9QkBsy3ftfxT*X+FOs+0P~2*wVv9tU)n$m(8cp`a+)V)p1M)|0tQofp3LTp
z->(z8xHa1>!J=ZEp>R~qk-0|XBF{$MJNyKnI2z%a&FVZa>B-w}t1att^B-I9b#AEk
z9)3T(*P!jXONK!1D*~d^mR2#4A14Naynt{ypi>Wrq_iF%OC028(GN8)*i8polkxR^
zgg&IDM8cTHymjRL=Kqu3xfbm->BmgM`(!j0Evjvzs;F12;NgoJVPB(40POBuh*RwQ
z^n5m~?n1D7b73_pNCQ;w2Ihel<<^YK_iFT{Lvm^d{9~9zb1ar8nZ#GlU}!K}9;?l=
z%HjJ#OqDEkA#;qs>s=ee|4;JxzFW&>mALRk)ZZ#1aMPrS2Ibm$b$8lzfZVeYqjBi1
z!UA)3ZN(J%!IiB?xJ$zjy8?R$KSJ{SzA<2^j(7ph>ry`s!Wq+@>WaOXF&v5-9#)Gk
zDV>4z_om|;b25A~3Tp+CZiaooUdj}xq0H!_Vl8zvB)-5bIm27Gmrg>dphZLJd6F^E
zbDYK@KJi`cCG{;AjD({FG_KWzv$o4{m9esu`Gcvtg`#3o<%-ev>1g)EM~p_82~t6(
zijV<Wvuj&V`z)))sn{(G*hB>wCX3I2RBxIl{I6!dm7i`cAas2M6+bPD(~w+XZ*TD^
zVY&cRyW2!R*~G17AyXP3OmHaRM3VBRb7@GK84wF826dxsTzz-2fYhB0cejGBPmx=n
z=g%Zb4y&K*2b+O+hzsCSV&B0uC~-ZDDjpK}gamk(zvcAC3t+Cm>^j%Xc)A0^4;c;a
ziv1U5%421u!6B`PzK5fWpbt%zear<3^<rI)G*<boVfNB2xzm2-{MDWx0eD%80K6(i
z0LnQ5+ZC8PygoAmQ19hq-~R<m-KlIXGhxjhQYtDlY^y71kLY>*{U`d;pF=cCs9NW)
zHM!o}*Jo9Sp2tD6BhQT#>sljGR`>-Y4_EzFl{xo%I@@|wS#{N6K#|Lu<m)U(nd|j)
zmr>s@0dF2qnh02o;*>9a%7;@yNZmp+!|OyoK|C{MinFJTxSD8;y347%xwQ^koBE&A
ze)Xd4edt=foptDRU#-KYBdfh^sJG>;LuaSE4zgFL{c7h$GkZw2lRNmo{r1~$t@rO+
z`}^?AFa4mDpJ~L0yTv#G3D0WTJ#ocOw0T?%E<{KO%+$QTSKr?#Ws5S*F`MMb)m$co
zLL#&vsVt&`tJiQVRpL6;yH$;cyXt3Ls_vQzZ;E-%V2HH?=k=!J+#d%tMg5Hlstuzo
zLgG-}1yxVt28*XAaP+8xdyD7Y)`<T+`sdTpDW0fX8y{n+uRh_nI-(^*f9V&4K|6cz
z=*S5BF%)t+e7lfzdx}OQhDS)05{uH>*)4w!%%Nvje<|aHzR}9HFa|^OU(H?dy1M|g
zk{^AYUML%(Pztc7j*5(mFVu(VU#A+iVp%F7RHurS<)J?q)l{yGaNbl(yv7p6jBX>`
zf73xzQTC0KrV0^l1e;tc+*F+1Y*=4Pvysj;u2nkDTyj^Eb?nb+RBCh9G<53cKm*%p
zo}kWF{q%Ha%}uXiVyYPWbW}Zdm0v2kJ#!jgHq7Cx857v45-^*-PL)WBS5!Rsl9wq8
z^=3{h!?K5bUaxBH(b-E^9qW2MU2x@QCVhp6J~xK&?1J2@I(MKAtcz->?n{kJC%wdM
zFEQ<TexS`{$puiH3t5qEFr5!qbK$*$e28IY%zT$nt)^f1rKje|)p_f)cFn+ZV;}oP
z(Z8%0$nZQs7cXW-`sztjwPw<TK`NYT!4ppn`rglT`*>LCVRfE+b)I{5p1TO>!FRsP
z)o+l+cH{HhgQ>v$p-*x*#IZXw^TbytxmPE-F+0`Y-zpyFzDA_!2_EHsufII@1Dxi*
zvE}v<M#wd^*OIx#M$<dkmDRq)+U`T{%l<+};~V4%+(JH4z5cyM8qs2U`R?ZN^+V3%
zd+d?o=4}lQPcAd8c}lJF+Xc)fGl;s-S5G=kw<0co0ZuZH%GWG2K>6&bA+j3Gtvj%*
z)+-1VtkR;8j0iqSwHU#V{use*>#*WeXU1VkOFVJoFfs6W9Ha)G`ex&4;hT|CA81oA
z39C1odX*HwTiQ<S&b0p)I4{r;fqZ<#)<XL!lKb^yrnDb(ff?+5KB!z|x!k7f>|N60
zOeNV(CGmBCG3v6VVC<#NG!T}IWiK0J&c2Um!H@2&Jn}H}>e|rcS%sO?DyuMa4WLz+
z`P$cpT1`kV;t+qXq#(j94Ve@wDpw{8ppcJjBj10^mAIWjtl6}>)zdDS)LYgy_M4om
ztVS*s8>=)4#_FK&F#d7p)BU005{K1vHxByNV<XFNDRsJ)-u0f+%uhzF_LQF79R#<x
zsg!=u?+3daIQzuk>T2M;iwC|vV6n>qiig3!E8BGe_3=R4V)!DWOknRcP3*lpb^nOY
zGN-Y!V?Aj2P&u%9jl;VsmoGWEyRsyIfE`g|?JsLW&JhhsttJ7{gjdpRfoo7<j>ynY
zg%pbdZrbN9fURCE3pKVcl-RPq*5kjo<Du8to$OdY`b$vmYfF743Yq}VO%#ATlL-&D
z<nGa`nR{hNuX<(2va(X!>9dv(Q+FLa4!daqV|ST65~ma_*(}9M%C|^#HY=U$PfKhs
z9V%H}BavJqag9qJo>*9Axpa-Pe7XNbf*XGpV*PuW6*I5niO$Pn2_Bz~Q4`GNfD<{q
z%JeXvd(QOuPEHd(g)rg`FCh&`n5H0X{eahy)~f$|j5OZWrD$`n=qq2fS_}LU7~wYy
zBQ6W(5k+H<a74K@1*RKs12n>YI6>9<YUb=!oOBM9xl5#)lJpcJdW$2dMC!GhuVPD0
zfbT!d{LoV1NuN9V(dEEuAvXbjz##DrrT78{?@gkOTcv2@&Z5!A-YVKyB1~Phu|m8j
z7FR4rsED*)n_`C2|9K(@jviZ_a4wb27~m74^I~zoBRnEpuqi0#h(jq3xC;Im&no!0
zI^(rE<Fz{DwL0VVB%{|0_yUjaDlw}G-A8fUXLY(Og|Ir^wVLj_K|hAmT`w!W>mb6`
z(m{mP>8?i|E?EBb)>F9<@S3Nzmb~@PN_vy<q&=gid`pkk=I$5=C})PAy1w2P$gqcO
zp{78Xww-4DoI}i*T=E5#66bR4tIy!p#@*77*dEq%O&)DG*s6BfNC{fHD2s&3G2T_5
zPbz`dAIp#(?<0Xge;UnnF7-OAwoC3ZH<yBG>_l}}ncIKFm`$4<Syi0gl5g^yF>{^5
z+Y!DfSLJ6U`o#R>Y3SCVoid4mwq-J&6xmmL&WRC4P<P{N8~wbsmC7?)(Bz$6XciIo
z%+Tp_PCOhIu}Oz?nl2_&+}K-2gr?(|Kg^O|p(K~G_EuoF2+S5{NwPcqB^`~F1jfwG
z?X8pNFx%V4-<_`Uqq}MT$jxti$20LtE}JXT|4-==^}+shvS%kR6It*9$Dgs1KI(lU
zQp3rqhxm9v5%V0!>FB~qwzw7Z*yk9Z9SfwDg>79uTRq?56XJNHIHVQOkO;~){)jPG
z%-x=%z`qR`j^jAno15x?$8pO4cY52sXPwQR&CTw1cWZm=nbX<YaeB|dxeeg+o|p^7
zo;f#$RUX_Ed9vB=TWbjifUClvvHpw(w^}ekjG%#!`;cS-v$onPXtON6$O1?rq$)0y
zFx5t`!CGlkTUF&QBT9zmeS+!}3VljN)CZkrW&tQQ+=qj-g$molArfN?Kn0JIi;q<@
za}w3JXN^FhQ33S|b{Z*xMlhr-Yu$(%E~0j#x^Kp8Ex(@{T!uprhk_u#I0g0i@0}dI
zJN<NgaP(pK{Xt<2$O}kV8HjNo^e2v)v`iXDQD4^_MpC+$<J>@Ih34Vz@$s)8kM@^C
r^AK@<PMNm|nnvAuXg>6kTRp31^{k#p@%(Q900960)xh}y01^QJwU~B<

literal 0
HcmV?d00001

diff --git a/assets/neuvector/neuvector-103.0.8+up2.8.4.tgz b/assets/neuvector/neuvector-103.0.8+up2.8.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c1b7aca07be4821107ea311535108ca190eb52ba
GIT binary patch
literal 26684
zcmYJaV{m3o`@J38PA0Z(b7I?=cw*bOZA_d@Y)x$2wyo>>=YD?m*1JD+?QdPRdw2J_
zj<rsrXc!ET{~jO>2%WK%3iB^1c}_V`9u5;W4Q5kS4l5m19!^CK4NiGY8*5`bQ%^Nz
zdjTmk8(WaeFK_P+&UxmTo1J%zSDGy<#~-;qm*?&;encydy7sw)=~piK-Ot-pfl^YU
z@~C<sYDJX3LLc6H;z8sdv;7Up5uKW3$$ds32vBUn{c;ieJons%-HkLQU7Z1qyG%d)
z-oN~SueVBojhmMTAW~dBGJutvpND@_2oE0-%Kr=*=^0wmAM{I}Y~RadnB+^=|ElFa
z_d|{lCoDuPPI@$q0fc|lSeQ~D*@>`#kx~H1dA^_IfEgx?m?S+;@{7nk!CTdW0a-b2
z1m{gm*!WZ))fMZ3B^s>lG{hk+Y!@@iKe;d0>}DVJd=k|xBSh@>vDY8R1$xK*BUkX1
ziTRWeKO$c-mjluTO9UA)&}&V)vmYy_II|JYSPW&C8L<0_N5VUh<7zFV%sL`yk~@~8
zQ@rvtTFphoU3Gdl?t*#gF0c90=}&h<BLNzOaCRq`<(zgDErlS3!WL&4j*iA1J%oCI
z(XSm9-*@yElI%0vlZ~j!2!q0(&=tA!gMo-8em`PDv$wzqY8d7|gLD^G0em>*4;vCc
znp1?BIH;I`9E)K9b%2lDY4t`H+FUNp3F?n$uS{hdW5qtMon3q<sWm_Mpf`5HAp~Vm
z+)zCv&&?m7SG%vKz{69ZvC!qq2k<vw!1w}*VH^Ft(YPv^eLG8}8a3%=4q@L2Mhjme
z<Q|wS0SdygO?GHJ{feQyI6ebH#`2U9V&<SuEz_mKn6oT3>^&=V`rNtWk1c6^$khQ@
zNIPMUK<$i2EXV>zzj2R000$1f2!K1o4-j3#zi^=O%iq!`SSfCn(H;1P5R9ORUr){^
zCgQXb6Pyo&S&$N_Z^1l4OJF8Rh8!@6p}0ZGAV^1X?m>}wKz*V>B-!dqP%m0^$VExA
z_gRR7SP*cmo2j#mhR;l3eD=3U)`v=l_68l$gUko82t@2*xMNX0z^LC9V=DTBl^VxD
za2{yjc%Bc_mQ5n2>%$cU;s;4uSBiI&Kcn_}kY*t$wB*28gZlsCdfZOZ9|1cwAh&zk
zdp>Wr^Gr(kg-v83iT?z?7jpg(*j<qh->`k-FiE6^0)ZP6e#c|Dh0xp5J4<K7aO(R*
zj^wj@QE?!C0EE~iMk2;R{fAq|oRm!5ri-l?BNDKS56T|>y6>ri`_6_>c_ciUuwzRB
zQv2u~X(kH;E>w)7JUWM4q$mHgs?_)k3jFd{Pn#$Px<AbK4$)!2cM=z4DL2tVIby^4
z2U}#4pq}3MK?8SG76+g_m7l=(f`S0Wl@gZ4&LjS#;n=mPMHWw*_iKOvya-ZQ+Hf)a
zHwlJW2XzaoOc01Ni?rgP!}xGs@FToOd@x8z2>iX`t-bbZCMA6Zyw7JNWB`s$93{L2
zsI`3$rAWZQSoUbRo@>;)JwpBDZg_SE94TRm{dR~0k|S{zL69Fj2!AlTerQny^JHX!
zfc%<(>|fcAVkPO7f>&p_H8tTvYPi49Ybf|lAh#^V^_%CC^+F<g9AjNH_Xi+znkHB}
zAmSM4^__W;3H65*cT9UQkmls1`}tVm&?4vZPf7h!<CWAo$o;(lhA?OTVUlC7TXK*%
zMK&gh1Irj{2|#qlzJpV7!oc3430l(O(;M{Rkc#=-63A)53yk6)z01L`!y0SJR>$a5
z8%tj>Vif%jkwE-~ODYzj&Fnn?2x^l_sqM8g@atI<7$Xc!K~P~*k){x&eu>l9Y8+40
zKS38+rwZbqa*hh5XbEHcnt|fFQrqm}LC(MCv(YHiQ;l?TAiyv=l$~hhrm`bQPxBL%
zP&kp=-w4r&%)%w6>$H^JEm?4AFQLz>e7|H8h+>$ty_eAvd!wSIIh-X1&mr*^FJMBs
zOh!Og$d9F}*IDug;k@;a>Gj8S=6~&`Z){Zk5dLR$htCX_AcV??o4coU1!~fK@o#h`
znq2|AESL?n6QJZ|AXrMCC--E*^6!rza&@MU2}=*jYf2Av0a+f=jDL>@<n(l%J(FJt
zH($3vx;^~Rv|)ES^<jS_L(@Ll@DoZ-u3fQ6d)~N_p}yg#o0m6|p8(K;$3~K5N&uG(
zQ6lWpuGBqvbhas2YZjUw%GwD_n7>g-ct$Lyo7}Hsk#84I1W1J8{D>9?-;C%ax(6X0
zS2ga*9F%t)eH))ql<yE=_a~u9g?!P#8ix}^E``&7o!u%`VK9rY355XxlE(ceL6lCk
z@zIPN^Y#*-BO^bn-H|CBid|hyv4Z~r!hzuje4+HT7j03(8a>iewR?Z+;)Dbb&Dds6
z4?na;Spysb*xNK&V?+q`Ap*aw_JeaDKTg;_^rP`0q(rEo@Lq-z@|*xi=^G8Toah+)
zA?3efz24^nuM3eoG=9*=4C#uWM&r8(YpdA`?z$i`iFNJ}p<@WFahCs@ZF>-fg$saW
z2u7zQUXEtl*2&`Uq-Mv8eX_C87@c6x{Z)q>fl8gc&>vJIRADcEN*-G(B*Y$?<b4LD
zNH`_AMEL>vNqzz84e-09IT2sH6^uX`&&K4r-v*4ge$LKxx8@N-&>lAD@cVNd$+YjP
zwB)79Fv1XTE->reoE~5$S~0k{C9KS%1zW+Wc0$m_8Nrz-+QJbD$m<y0*m8vfB)P=f
zEpC$#cGF0fc@9AX$ojF$Ty!uo1@7UZz39sSA|-=JEGMQKY?u7OHeDNW5Ji|O$T+(;
zagNvGy(jEj#_a8~XKWu!F_aqDELuM{!wh?lxV8y?T*s^b017lMnSS(!n>&jN|6(cV
zH!o(_1hSpDG$8Y7wElAa-(aVaZVZhis+EM8(h%^W1&Ax{oo+C+8#_t!cB@cL$w2|#
zphnxpJ$^qzuQwCFL&1OkXgr)km@1*L2OipgFxC4ps3{M^VM0$weeArLNeqdaGt=hk
z5;<jD;}4tTE3*!R{v$cw_8?VEP?`4z6K>s*2NaYT_xFV>7Y9Ln7-)-h;s-YtD7QoY
zR-reK;H2UD>F3H)Q*mbH`SkwmLmjVyb32C<J_@ZWj+*h0N5&?jFdQV4%nXaFP#r5=
zCv#DirVkqtxoXmK;LV0R+lpoP7wuGFbm8VAqhXGLwjo{FI<0%ZR*a<=n#~IMQizfU
zqa@6<2_&l&PQ~j#8@hW%N0jmh7|%l!$IZipAuo4%u&R<(yaP+o!uWFS+~Icyr4CGI
z1?g8lTncmdzOsa>Uzn=u1WL2q5IG?BQC)mi@&)%z1D-weONgiFg#EewY^;QI1Ho3b
z#_RVfd$dSk3}!*mcXa>is7<KVS|H;rA_hgH1g>9F9hW`nmH2U}dGH+8QUV!hFfYfE
zCRkB|oyNDBT^Y@;^ykM5<6rtPREQ$Y{!qBP{$ZKWoo>=+az0h@zhsRDqsIt|)9Lyd
z9gs|d<MOcu{w12*hXbwzU>@(X_rX|t)f*MI3%pk?)FPDIV&|UF`J$$#@cDQwEM3OI
zi%%R0-^H9e;rq#*x}QLt61S_>{-uLku?$wo;Fe1rK;lLI@pfWf0dXe0(_7JC7FXyD
zKbj+K@AGBZr#>;#P7TpbXFdTI-CW>cH@%pbLGbg6(Zb%&&al_V+x7k7ZNqR{(J;rb
zSHRo%?VXpQVg@F>;Omg;t*NT;^YQ)3R*ZV>fycp|9v`;2Me#^a12sIt?#{{6DDirB
zyt|lB6#sa+n0^%%(dB1Hs6q$fx(Uw4#lN$^9vCw7p~{1ghSt;<O%GJN6kTEgLl_ho
z;s4q*e$~sQZiExBce!nkpY9J4l&L@}F4@aIxm9h&KF&dPSY}psv%Ef?KMiM%moLUH
zp5dv#U-0p6G@KR06jzr$T1@<)&f_<MY?P1`Rg}?ee)5arfnz=(pkQ#JMxZJp3a<S$
z>_kmrh5zNsz>!3t%0rwCW=L-QS4ofhkuS$Z=@h;)c@x29^0f*u4t^HFRxpChj1j|!
zpjgrt^XR5;2afvVrDy<rS(%9_5<&fBCaH~(0_}G<gzjUO_5_`|>r`lr(wm7KMsuJ!
z9|k%Q%9H#t6NiH%5Fc*nkt!lMqiBOh!bS${yP9~fN#jblk(UiFMPw)>$EBK!3$wbA
z`noRgPMJ#-Znw)MtBHv*PEL>RYe;coXU5PdVZlx{`;Gkm5#Heymy|Z^Z>uVt*g~i!
z1hqSc?%?f7<|%xG#Lyuuwc#+RG@5VGBQ-ODd$<}b@)rdCD(8$&+b5*SzB0&4m?|vN
zf&_N%>s8E$u(OKTn^&fcd#kTRo}LXQjY;vkkCmz+oj{)#c@C{;Jo-EvefdUA&)zNP
z*zH0V;wD#f2m4@2ll$I{(4EnDQ{Qnl7gI}CW5o-4aU!xN8%<9WQ-1}^;6~ENHD^sT
z`fvO^%*iIPepuVQe#0V8YuHIa1A!`8uI>xn@u&}d^LRUVL)S$3<=TA#mA%X3al*4D
z{<B)THj}KLmw({-vXbJ{AVuXd<L#n!T?e{$Ve<|FMu^6RRw?rPuI^p$bJ)-tTA&N?
z)C19xv*ybafBW>i>X4f-Z~}cdUr#kzwygnKvmiL)a+kTjZnL{-ySb^B_35bMylal%
z*jP!YPxYaIV~g_awgx~}sddViuHh<%*&KbY9%fOgQ)QY<vn%Ey&D+dzA9{q5XInNe
zu6<@efO^Icz|I;{d>1>T5UP8`#P2FJB`~klMWe|bO!(1vg6D+aJ2`C=%Pe1=f`luo
z9h;Bz@IJbI*=koH9UV#1G_Fq-zPT&_y^r*8?@m;M9kYXB==d-&#ng4ot-}5|YFM|X
z6WkY`iR#D37Iee<7U%`V%ZKkpSr|KM4s^sgBL_qUv#~1w0<%hi0!(|Hn(=|M9A1Ax
z#whUAYc}85GxtUSPad`%o%tTmb)vWjQ2lg$`RA7}lb=gKGF^w3Q{>0a*%$E8%k5_A
zV&fs35!lD&GSWo}m;l^K0|3CiF+l${0LYmaPsAr`g&9-+ksSq6I78N%^#|@I_NRFd
z@Xg|aO2#~3Fvr;N&a_)wAl<)2S#Vp=5NtB6hUR4M@5;w(Jx1GXEu?865gd*V_E^IW
zzY*R3OxjI=(ZU}eG*A(YcU(tF+2YV$pTbp+R}7YRff=LIMq^pUY;yyIrm3p{H&7DJ
zmky`KH`Po3I)h$rfA6RF_vdi?JlL9%1JDd&B;H(d86=eM4vj?9j=H2)e*i2m#OJgW
zHO?OLRlI(^w@azwTkkvYI&0udXk%D-q<UibUHwD=Z^&bY*vT<fObo=BjwF~TOPU`i
zoZnpk^uvTO!KV!P+Q^{ub329HE@;P+KWvAbEIG5mB?P@imut`>{rha3sf*6l^^8gO
zCPf_K+!(;f-+KuUho;!-Y?|zP5_j<yguuq1+y!&+2nT`q^+-7Bfa6RcCZ5oUh_0u1
z)<zs@vLJuh=`VaOpK3&AF+=%P_KecdzT$whla4sMpaCC{{cy3vIE@dn+7^g*8v3TX
zX!&CfF&ZT#k_=n^&#E>X);lbpvXE|e1jOMwa7RHIg=D;ge_e{YAnOabdwa{=3M3+U
zQFQzG-|~6y1o7k{rtU|Alc&8Qi}nU>V<7go3P`(l+v}bXk=BDptJ5w+6U$&G&UJM#
z=+_nt%!%+Jl9Cro1Sq`g(^BhWIw;XshHOP7)tyAB)Fb<&{j)g@JOF<~pRwD&!|?~X
zQh<}AhrH7@_V|f<7=)Y2IqZl+-{)_FGiu}l@-uO;d*dBiW!B7-aUJE$$S8!L8iVqu
zIm~BP2BdoY2o9uRGG5jqX(F<z4cTO0W8!>~L01Q=8RP+4wRhb{2M#zvnmnkqRxMmG
z<&JS4&jCaNY#bhR;BbqH!^nCSKLI+w!tjER-0)%w4a2PE?9j0>;Pt1Q(W}^lXY;Mx
zu&BtG!#c*w<VGoK3^mdlP7`pP*Wc_4pMB|?HAUl@Pb_eGF^ZyCtUb~yb)m{iA~h+|
zgtkm8?RUD{D53q6uH-&=ehH+ijn>u8dcjvq_rI(T@<YbBCW10Fd0V*~sD__#H$SZI
z(a7gp3@YcDh{N|M*wkU0PJ%ftcSh}PXXRgv5q;|}qVYHpBSBjV1+qn->2yrDU2kSh
z6g9y5M9-iD#E5*UF{aRxv=prZs&LwOP2qjOayA`kGy15Qc?HD_Pf7^*IZ>jVH>Ula
z(DZSK$XhyVoA5d#%3d@%Qyz;~%Im4AnC^u;Dgt?E2KFE@#waDECHTFoBu{Fr2F9w@
zE;-P>=5gt!mSUe}Kv?OE^t&gCyyAOiMks(3Y1MHp61b@DL%Rta_l7`^-uzVHGxWzt
z=WD#Kr<1YXjl(H&e{9zEGJ>NeBg`?`S$+Eo4N4SaS@2cbnF0d=;S>Zpns*w#t<-G&
zo2$Bjk!b~~i?VQp-Z?4i(O7PQ)HXMYR|?NZ5&GbgK**QhyWmr9n*iIi;+b!^k5DSZ
zGAqc@Rc~6)BrBB!b5vNV@oI|zu=Xh*!hg{Z;bJ(XCK|X!bokVpJTL&T`?5bseBb%u
zORk0R18z8FG5`|~r+n7D$1{60cn3o?46c2eK5l;`PJ^zLt-R{!B_WU{a^O&*5lKmw
zn)_=c_Q(Jd4L^im-R5jY=%K$7F+Ev<SAsI#DPO^lrimzPfTrbvHwYN1JW+5JvHX5l
z{F@rh>T$u}<e&0%!Q*UGn|BMa?X{O6(j8q_m;flWNp$!I92-*rY>X!_^rP*-(kV6i
z&RVdkWXpAAJfaO(in4IyR8cVS{E+#@NoTMcvVfNuUufh*w#8A3u2{BU6;^#z+GQ5w
zd!;W35u9B71;F43{V)n7HY?)0J9R&_3U?HxVjlE2B?#in^uf)@&874MBg~wVdZneS
zcduDp@uT+bB(IL^l)~z|I_kL07(`HzQx(iJLIUr*B~KY6*5O@d5iSfbrYT~>qz044
z>-hO=X$zLZQ7uE_jYiD5VzLK6?Tqnt7T#$hJ{eeb@DumQ2>p!M`W3i02at{f5)mP~
zod|vZ2cP+IM%I;|VIJY45v^a0Dy^Xw2vf%qd5PK(G+?%w2^PHz_Q4kPge(gEATCe^
z-cV%R|3Hs%>aXkWV65^szi^$uob6}q9tw)45*#9z^BUiJYc@KRh#|n*bCHI9WXjF^
zXn4Jd>Jf(+t9uMFtMIW*>^ij7u6ryz$)nceDE2NG6l-pNqp4+k{N#Rg<UT8>etapJ
zo#j@tax@C@$I>&n!I-b%Ip|$e-X>u%Tew?7K0umdO{6>IqyyxT@y<U{-ZTD$hRCQO
zx^dmFjO)>wO}hUV2O%RZ%<gl;o^T+6i(CQbTTTY+O&aw`I#K?pK1KZxuS_(!^p~NH
z=4Fo8q1L_VSHttN9PEWJo0>a@?m$xvkK0Ezos|xeyE=Mw%r!g@64kmxPP<oS`7f-8
zakMFqTq@);+ZHMbCk$d}Xns9wO3iGtcpHDG#nmNdq;5R<qSQ(fw-0lHCasm%ibUX)
z+?b1Y6)iZ&Jy6=;AwdZE10T`t9>_@;4s2Znog`Z0w=%4-zIC;06sl|n!l*%@5nI8|
zFBDk33#)T}cAKE+49l3>D`~7$eU!>OI<bxA#9uT8Nk7RQH&Leb;cE}cmCC4QN|k<$
zGkaruYC&0BHrsZ>_;-u$vo3nitWOOj)?Kc~`SrTIZ-v!91n_g8ZN(+^y2#}HdIZ1|
zo2<n$Md+-sL(z+YzF4C(KlHwvYLfc-vl)QTL``j{_zC{X9=cxJT$ltjZnHS#epxtV
zbOL*KZf-7xHay2Kg=Q{0&$Y>Bx2NHnlDFM73L3gso%l^M(WV3jIjMKlO&S*z-O`Fu
z=_UB^fI(J17V_)LA1h*4hNVMi69uQa>eh`K6^P11(+!Wf0tz3BUSw;M%EDM|7`4ve
z)$0J~zrFqmy}%uzbE2#72|Y@rDT+={3y{NvP6wUS`1mEzANNWTW|jfHz;k!N^UV$5
z#J{7R$X1gd1^g*I==Ii6a_hV7W`cmJ+BTrP4nsU-j>glv*RG;t)Pkb1m_d^9(g;dF
zuZsOc_8HY4U@<lEvqsmmpE*h^^)Xb?0V68EXc5NoG-23)Jf_&me+o*-<8)%F2>XU5
zzvH-1W~?xji%&A#GWQdG8f+Fa-&CzIA$VYu(~=QTYJ5~fuwp&#qj@#y;1OHUE2Uyj
z@S^Ls=~;C~O07yCt|mx6Bv&0J`&;REky?{5>ndIV$H+b`>)-RjiZUlBxxz|mnf=Za
zI;~{%^T1a@L(0T*5i7sqdCW?CX<aTed4f!{?4d?NB$k^Dhf^XUFnlkOOS12qkriym
z#r`S6%|AqLxC6?zGiftm!@B|52JR(3PMg2#QVjE-bkM6;PI8fKQ7&ga?{P?w#i<Z)
zGrUJy$dXJ@?O@Jl^+QN5$@t52AKQm%-*tWJ;wKW%fZm!!^^W&+eZ8f}nl^*l*5#(T
zGhPZq=(^WbT9mQ%5_P5=!ZH|JJ8mVemI{lp5f*ExGL2-P%zgsa3^_`j_&{wBCnbdy
zolVy`tL~z)Hk6lq&Xo(c)te1kjLak}$g=pb=}6&PF3CfO&2NSZ-Ib0mDK|{$z$n~b
z^6CKD4s92F>^a$f`nfOBu(T!>7EjqRX0^WZ0djW|Vgf+S(60L2RH@deavv7Y#NILv
ztsVnMxyos~5x)hc0K^0fk7zdJl!Jt7(?s^yPg@8c8~nhV<ngx}#e847E%HV)Tp5fn
zX@e{uQSJVAc7tM+f~_XC2*k|hQ%o6aOqL-r$!4M;|7LHN;_d(s=F?b*)#zf_P{E?B
zlY$z?I@ign=^N8UDB!faBz-L%nvuQo&v%na#00xq1*|&qJ3l{sL!g_VukYRd=hYh1
ziAC>rmuDtTYRM4r74>!XprA&~L6EIM#H?WYn$R+v#}3<^pvm@g!<8T<Q3^P1O089<
zr_7*WF$@>#Ts*^Fa@OyMY7-dS_9_GGokfyvWNj{tH4A1=HMX1dyC=nWI)QSC#&m&x
z-AlfSVO@H^2=Hc6my%6M%yzNszmmQ}-Si-qz8CmIucovuty;U&$M}f1L}i4RA8~sC
zvQefao#85`J`<vn3H29Pj7<AMvFFVDD(q-UN0!|i6+Us*ZVtp9LN|t9{u*5;xcPpr
zo!nny&QJ_94cEl$@zZs>OB|Z5W$V89aJuYYShhnGKFOJwp|8TCae}w>=`k@j2~%;p
z3Tvse)%aFlyyJA_72v5k#5A?5I-!qQX>#J4RJ{xObpNd33RcNZ4^UX#B*tLOB%yqz
zFqs}QYS>?N46MR7?^;GIlogvAMtv}nz{2|BG5Qv-T~cz7Z3JJ7DSwoWiQm7hVApNu
z^>{d5ZF4t@nAdog|Ak58a(mxzeYn_&&VIlyl?RBARdbuOuKS|}j^D|%Amr|mk@_XE
zZp4npW7oAri$b1N9R|gqt}y;4^Y?u}zf6C)XyxLn+e%&{Y@(yfGfZ7<Y*XfRaF+vL
ziOVqjA;Gh`-EwS@3c<J#61}zelli@ag}bx6=bO0r`8qo~e>`74Rpm4K*|B1&Yw^iP
zBzUP3l;e|WL{3e;ojt8F+1Gt@<hJ(i9`4=>qQmn)8aUV9%HF~XPo6D7*NvL2PG$Dr
z{HEK()!Xmu{PF&3?d|DGXF-dSqmG6;7*5)ZPTU?|%-QlNVJbEa%j!6{sHw!QcE$Mb
zDCI<LF=JWNo)#;w@vj5M#X}#L<UFg}>j2vd3O>~1w5$|Z`t;wl*)Q{;J*YT*>6VC&
zC4+y^1KpgO8z9orc^_cpU=O+@&}P<xUS~6tjTlbz5H!z1>I4}UM8^_Lvn4h!%odaM
zs$^6(Y|Jvls$5Qgs*$0{`pTIO<w=?=2N<6g8jRs%G*wglggwmrDNwnQRM|;k-AMRL
zMDlaIgk1wUTC&olU4EQ53yr_S267NVS=mSZy;_`Kv~dY_Wh|R3v~8-IaEE61n7XJa
z#-J0Kc>~idO>(@Oi9aF%HVvN+yry-%!;Mt6u}?mC`p=2LMtW&_M<Wx*Z$Eh7Kz-;-
z^^PKyN&6<M*f@t;*gAneZ6~F3@7X)YZJj*r=rrjk3pfFnRE}r-$5@6q(qWP#1=YGF
z&Zuj)my#}*af~E5o?&Y?woTL`1hzO)K=$RJHi+Xi|3Rc?szo)}EA%8c5><oXYs#Ti
z6Kl+C!hl<UFDX+gQ`r!OSp#)Cgd-Dlp2nzZG5($zapt|Ju$h-h<UsTW^l%}kTO|h+
z$)AbRrno%Zc8{1^(w<aZjx0+<iPItnwl+-K-=NjhRg!0wsJE0l)`h8ZrSHe*eO6cX
zrtJTc#0G+_Pe{QRbTlL{)z0iwjaGx6hUx3jHFmZCR7<3M#_`8F9s7=Ch6nxG?Fvbp
z@X8U2AAf_&2p2a&4hZ~}t})kIdaywjP$$D_YYe&60zON>AB~-HtibRi2Vwoyl*Pj*
zOMZl5uhabBwqg!dcBZuUzo819A2%t#Q(U!{f7dH;;X^OK*hAkeM&wmJxjOeq%0p;c
z5IOy`XsB)w==U#><sa~YiF;>qbmV;Gm*e&b6T3dIjK_^VIwu+eK->usQ-mm#sk%m*
z`2Q``#Yjwvth!bvr;xc;(nAGG%!d=15#bsBxs{YPC(GKqb@}$fMq6S$?#bXd9aD|m
z&2CBZvp)Q}bCd>GeTV(=@SmXLKJ7a{{B=FgnQ}4FT`gMBC5VRpO`j@ecNAig0`g}0
z@D<>&yO=P3rpBn~Fp%1mdq;LonOXFh<8wO5Ugjl}t<01HxK4iL`Rg(or3k-4ROb}8
z>vw@6aizC=6f7{o*wRT~>&1ppuUBUlRTM|kA5~s#&w$Lr(#Rp72jDG2(yC6QQz%%b
zY9I-hA(BGV)=@<F+M5xs(M1ivirpJSbn~US5-m*MYwt~_!f&p#8-+ARF&9D-FveJr
ziH92zqdPD;F1WOgb2W~;UsxYpRQkLfx*m>07GIP@JT1RdKX&^(j*PCXEOoGrau?ZL
z+d9`xTNvs)_bR;q?QhoO5zl`B`!4sqyg!@@(l>AE0_z5AXi1hE|Bjzm-8O$ap<|bL
zPd<o9TCn~b`@=YISz_$zyilGMWHa^4N&Ie~)~cV@t=B?3uDuQ1hkCQx6_$Tn)G+?R
z-V3?ckGkylyvi9T^x*tdJzayMDE3;ti1-P4dhsv{HcF9cS_oLzYk=CPTr;&g;TocX
zN92zQAfMA3U~DvowHoQ*9PV&K*k!W-`7I;!mfD>HD*btRiKN%NTz34aSzpnt;Q#vp
z_=x<B{BY769=!E-qmdUsbgEFkf7<#9Wp{lzOcwIK9@<r~sTZYz*U><ZM2ps}3nvz~
zl!y4vx0BeMpY^0DJ$d8(MMRK~kFg9KyZcXAj@8_-Cu@|cya%IVfyI)>o2MnqzxkDO
z$}Xt0k77775UUXpM5DcHU5k*Rt<XSadP*HF)2^*(Q;>-}7riG+W6fF@SXP3{F3BLB
zK{!%`V?{Z#=`EWT|K!#^Vn|xZTbxj{Qw<S~XC&R;*6m@vrz-E(EK4@OfPT{wJL)(d
z(c6Z%rK&VYQ~0<{@0Ma4-k0pwprb5X8@B~9V!PmG`*VH7pN4nB`nwJ6!%WjfOi6y(
zT~%pH!yB_{X&GQGD^$<zgZO(VLr5@xC_g(7Q^OxNM4r)~t@@<_;QU%Q1VU@XFa=s^
zRMQ7`zpHTo+Wyq59IYP<um~+P?2g6zvImwM{srPABe}iraOQadfeOYVf<YTmV1@RB
zvdo{L{15dbFZ9Fpcbtv#=U5^inoZP*{We^SSi#D=^L9*U@_4FhO@vX`e{|LO;#VL-
zxu|h=cBLbHtkTe3MezeHK+W&#1a9fu#cPUCKmTW_D~S-2OYVo7%Do9}*wEewSq#Wp
zjk(T3Z&kGOTlo_70|(2^{<aj~n%;Y8)lffba}j@Ym-R51q;Ka$z^Y2emhVu^SZck%
zmrAO_ws;Qe$|Y#fD>-@d3zOjyQ<hI^=2st&Xd_w<1=C;7=1YdjpD&hIM}MOPyl|7I
zHZ{z&gQUF^0A7}aJ=3b4K-r2rgB#$}2lPnjhyO_DLw*ha)H5(CwS+yYvNUCho-pev
zyO><DRH3^KFG!PITxU!gpOVzo0pN@Geba=X$3uwC_6T&c&Kav)Y~bmHdn-$7SYz)Z
zXaurZLYz!RvvSwl_m3IO*Y+mrTiIdZ&mEyPL0Qoo+t?e~`F{2Yf|T2q&TrceugT}n
z*AK{RHnZWN8NP>WvD{5o;pJ3k)tH1N<5QUbY0V7-Z<D$GI(mLSH@AA%Tf*=o3h8VD
z^|AurKT()URaLHO;HiRwco+Hy5|+2SC#&sdR&^x{FRUxOpj{yAN)bMzlm3`gBW-MU
zr6x<90@}dKcp97(Y)^w9UvF_D<>aRWH=?q8q31w9wDM*(ri=9Ss^i1EHxE8giunWg
zw_<n7ubn*oW|`Ifq_0+OXY@D&c=CnjkE7Yh(no;SBkKvogsw*~HKl$=EJd4(iaR7{
zuC2SOPX|Kr(=}qvP{o$ga^JCmhpWJ2^R@mKcx!FA!9eZD%S<gg{>uJ}0(G{@Dqq=c
z-I3!uuzaVGTzLM&duyOq=VJ%Z-#@234RH5yVqIMWw%l=l_SRhXgc13Ob%`;5k~9L#
zYKx}58$PPMlC^9J)tYF;6wq!Q>>GRNi=L=<<*vq8$c2sMs69gWchs(}6+j{nX~4NV
z{fxDG201LKLRs?BqJT;Wor?s2260b5<arKa3Rb3ylDrO>4w8Q%N|&Ar{40zfkRFM~
zrD98dot0#b<)hsDl5T&$)`aeZ0m@0^pXCz#<nFF2_ud&di@pqC_0fh8;3*>0r;qa)
zP5gW#bh58JAKx6jKY?&Os>>`bB3dfHjHnQn^D-r*lTQR0`;7LoV_)H!rOl&kib}M?
z1=4wcnGQCU@=ff|-HaY2Ewa(pPg`y`Gzc=d-zJguWmNFLHBh7myOkqD6i!ze{HN%1
zUrcKc>SS6t`cX}B+y*nWNY1@ZR@xQt7!n-plFlj<*Lmxj*|KM%<XR%~J<42nKdGWG
z6iPOv{s%_{;ZP)H9oGr8YbN|!CH0X<TpxTtWio1r#0@`WEZZPHiM=lQmjm~$yP8t;
z3WNsaVk${K2=3TP^Gr7%{|dOtR1UoOwVV>T)-+4oCyEIi3hJL8r#GwLV2yP%CWY@0
zBDb4VeteoS<j=c45XSXBr_MV>c7-2|Fy?bBbrB_+N^;2FuP~s^h&3#Va`mDyX8pNM
zpCBzVjp<!aopX>b`IUySa&S<tKz<Wmc5P{CcHN<_;w1$*KRwm_XMEy_LRuN&T(3(k
zpJ`*hO30GWF!11~brqMfyw|evry|_6?YhTrn*Zg1k=b%c^$6JBb5iDY{wbsg2gsKk
z8KL3>&e-x}#jm{uT>A*S3l{JZ&5kg{UHJ&7--9;Wq1DSpHtjJ)S*EUDeu}&M74Zqp
zNy=z^kBD!Pes2h#C$b$66kBge*FMtjJtgsp9d11(Kb|PQOj;hcMAzT41r_`kn9L)u
zy5QXfEBNvka~02vpQOL;d9J2U98Ow09(1?fY6Q)DmzeV5Z#GfgdusT0mL>ZWzh4Y_
z4QrqM86JQ>@jq2XuQ`)I$|-?{z*p{cpl|Qa&Jl29`hf+zG2`9q*lhJAwiHB$=Dhw8
z#K}}m`k`VqQvo^0Q$r5tbns4KVZfx|$yBeVgmL2dupODnZRK6^f0>Lp<hhs-n=Oa}
zj<?=8f;S;Wq-XaF{~z&>4RO@Gyr;o?$VLdEea1(&1(rdAT_Ky<LC?T1&EAJrfBzRD
z;KJ0Gl&Y>1H_JzS;JcVe(0g6+wV(SeHfxG{U4j!Us8fanBK=$S5+*i%a7v>EG=%_N
zKb?GjiSWXIu39Z|{<vPgttJ{`X96zu#}@K*Qm!77#6|_+I)GvmpdG<_V~cY|7(1}N
z6)1xS;}}tH|8>c_zg5bUB%3e}UL$HF&W(&hu}!eAfWQVBRsOyYZl=orJ4~0Rjh4Iy
z)S=MQHx9$xS&G8#H-ZVFC50abI+yvr7$H?u<foz-KN^ZBLbcl>{h{u>y%`%v%_<1K
z%|D$V<_}IsOg%HzFaJ@V<un7K(<x}O!9uZUZ<3dd?5xL<v1j_jAW2gB3OZD-9ML#R
zR&_}#X^-Um3>)oR*bq0toGvYPbcB!je?7!BN5cb;(wePMD*Pf)Dg^XTYH<NHk1Y8t
z)MxhMKB3=gE){hYq5tKLHBv`+W7tX%H1RSoH>BKZqTOu@zY5vyehW9Jpo$wtO+mkE
z?K9n_i%-I=13?Zcw!w8;x}dR03r35HZ7jW#mdZ1;hp8VVfX4Xqe18bV0k2r5nluV_
z$j1>&c(|cS<uwI2)(d9oAgQxEy(x<Wt=wE*cbc?)hSQKPT<aH^W3!5GDKq@o@<~Be
zR%x{~+sJ3i*-?#x{#RNNta%P22D-~sEW~^%H7SC#C^k>9Tx||klq&w@-6bw8&wF1u
zgD!o{<mMYzChkvDZ5><2y`sL7zw6|(>B2gU+91JS^gYj;*d!c~Mv8?VO58Kgo0EHM
zN7>mM--6lS-}mnP>MR<2B~t}tQlj(dY`X(<!^rbj8IvDhZ%=m{kH7Nzp<>EpSUWOE
z3=5o()xxCz+)fBJ8$^s4AzObrQ!Op(+ui<>oANA#xMic<r37iK>;cO&u_W)E4=gUM
z@?@IgL}ObOU60Jp`UYL*zXh(=x}9&kNubxy)$8r~^7DOJp7~0oGmdh?T?=D6w&`qD
z;0NmG|51#tspg>Ae|jJ(6EtZH>~O)X=!oUG_63$Hlku`F)izc&8aX=KUvBip=p4Uk
zi*Zu_j(9PrEvrg06SFW`*OVt$K_31A`TADb)R$PE5Fxjub&Wi_C`7!@Xw{Hg*-B`V
z3a{r2tPHD-&+^lU%5mX1Ci>h$!xxAaV+dxt$hYNOWIfM}bez?_HEgp%asS?QiDLI7
z8)F@|9ew3~B&0QkuY%m`i)>z$LRl(jKOr!`S-c=IIBgl-NiDgJ>oUq+&+b#<V`!A&
zGOCu5omcbHJPAb3+Fa#{TR!&*{3m^n`1bo_Uy3K6Qxh3#Ls>5q=$DBX-U(fN<f>j_
zBwfP9DnbBqh2ga*Lxa5{gs{Gx5W!!5y=J`MoN4n=OyHXdh3>J*w2fN6*<}`~PJx$3
z(Y<%ap`aa&k=WPJr^093%t)L@A~s;zh4QO{WVfoWfZ3A{W9ZN{bEj7trS96uTIEWu
z)9ifcn;Pj%z@g?=BKDvm=>FZ#FbfT%%m%<=*dV6-upT;Xd$}CXYaa|yczf1^ov7cj
zw;H%!y#1w47Tx5fX}4s(_&Ds*-U!X(7h{fU*wx3rg8T{HF~~L<zFQ7N!>%~&K{{;x
zY?}r;MtF{p?cpezGk4s4_I?5O#)$m^J3{NZK>H&{o2&JxG_-)`WS;JTY16TE=1Tq+
zG_|MM5p}rMBG`pBTV-wzt80Ie=xr~VmEQfaAF!a>t$_GA__to<kFTxwonh4;00-zI
zgP*JA%Ubm(QUP-g@$D3W4nOqHq%laCkeZ7jE9hDP3c*bR|2b&B@VFRxjG~c?PlPCw
zf7aJ2B-G0L%KfjA|D)X7b-<l|Y5(3+U~4q6BbBNZ@K8B$a>$>o^qYc>b?_@9$AUTv
z>{8@=O)xhN8whkJJ}BU21gdy?ad_8rZlVX0hcrU+3xNTgWh~ag7T@+_)PQu5JV49Q
zp2-_v`FBb?mabQ~myNcJOJbWK+5#4PNv8ov=>J$TeG&KJZuWIeUd?rU0&d-qjlh`a
zhPP9}D#kStL8FHTj}oMFE(f*(5y|fTGHu18O^Zr=p^E9Q)-bES7JBtg+u?&~O;Mdf
zWM@k8nL2)$p6kj02`OkMy&Y*(f&Wj@VVXgb86!2761-m4whN;lXhd6<Eh$(nI~sc_
z72R-nFP9d}KKL4L=hh$vNa1Fm9X}I{XWj%puJ(L7vf_DS2UMTKNUU2m_61W@T#<Uf
z=c8)PYJHsqW>|xN#s1Q6(dw_8>{v*V^c(jC=n0-xb(}o<dQH&;p0r&<&<eEL)iLdC
z=lsWAzc^2hn@Cz~;)i@7D<*kwSg}%gyt?^)|I0x=ZDeQ5a+%n&61Kv}^2B}0mJ$Sl
z!kyT_N)|5Zg;qi&t0QmYsvh5kSzJ@FsxGx(|A{X}kIBxh>13|uQ8s)6d1rww$<F?Y
zVnyca$28N(5ldGrP{ko8Q*+9ok3Ty&mBAQulIaikpC-zpu<(6rHH&Fi`|a)|43fbm
zVM6cM-re2d*yof>Z}GdG7L$i;giYKe@0F2Tf|$pqgZvfZaT^9IwD_u;NSvoyPUMG)
z5OUH`UN}x?uFBva^4rwmT)|)8(Ie6eZ_g^PIRA0=`t_L)Cn%3N(ZSU?dO`1ozmf(H
z=v~<>Om+sjxpq#FWXjx?_C^@dws&B|_qC=IV>tvb*PS5~Qps+FRg=voH_>>1-gOo=
zxZE<-TmiuYuo5vfzEFD30B;8uy<6a_(CU!?+ITT`>u-|7tr4_?V9Mw)3-Mri0<^Oj
ze(oGCk%q;!nNZP+``!QY7^}07Xm?pTSv|Pm8C>NSaWwQAxedpk?Y9C%OsNj`3!q>2
z)5Mwn7p9Y?#Damq!I12!abI~M<dAGKQo>UdN7aAxAOe_E(N2hXQg1d+GRoaIZFC);
z%pkm4c_LkCMg2IIpmR1bqO@{uTMBc{T*y>62Xug*)Wq;wYP<vFv2fJKYo$|UHr+(_
z3G<gC(NjuwDTdtYzm(!jT^$57KO?L`-6E4Wx6lmiVQ<o=-(|~uLJuh#8#oGgbX!~`
z{rUU>Z?ixAt}Bv&)RAwLNy00m{=vn?$z8ymF~Bs?olep2tZXcmz_<)8RDC|w>~%9J
zJi)q=UEy~yO2rD8=+QIjh7{H_nFC@aJ}?C{&1uS}A7SB0d@m>VU{xGOs@0EArpS(U
zE0pzRo%U~|jCM&$>f1Z5ZIsgKoW$UUw|o_`f6#oJhQglk3f%plY!zH$?CF}2HzCRy
z#V55ppnQA4$}RA#U-=F&vNsL%rc-nV&WsotqL=%S83gSi?`Fme^jNUOBDSR2%C$nS
z_ZCTXwnVm^`ns}omX<(Q1Zp<@7{84lySF)E$tt*of;{-a51Ytj-yg|Kg4EXt!uGa8
z=#jPwr_Oo5V-(;!iG3bbZ))C!;_j@@1q_<H7jaj@40>^e0HPPCiL43sPkWf^{Qsif
z{5<*p6ZP;)cKrWo`tmZ{gV}FQZ$8+N)VT4j>6>`g1h@PgLde+ZM6_z%10Bm2JU`tD
z-4x%|Zh#jfen469uN!hApszziZ*SxG32yZlSV#CKP{vbjR{P8OhK+fNN3?f?fVqB$
z4gyP=o_H3B3dQ`0(%t4%$pPE+T&mty(;7=3pyJ|mbtpNGO1k5uFx!uc){TsT|5Mgd
zwh152Fl$_RI9snGiDGnJUC^A=0-SENH9;j?3#X6j05~q(8GN0gM3i2~-QLJPM#+fB
z995enq5{B`h>sC1RN1gHg9F`=Z?~axy8}kp?#}l<E#3kTf)75wdIyq=i~noTIM@|W
z4u~<DeIh;qJ%=-q5)D5Y*h233kgURcz1Ni`*H?Bb6V;rbll1za(@gzo6-$bB#0BkZ
zy_cxH$ngT*!5s1DuQzr)3L>iHy&NvocS!A%E|pNq>;zP?*S8}yhJ2{6Zdmy#3k86V
zlrW8&BJPkpN|`P?oe2$YYrg>EVt<LNOvS(j?DF(}-#;3ndt0e`(7j-~yE=b<f4tNK
zcsja1Ki@yC)uH7B2Qx^4kQB<O$7e@obO!>9bKqPQF}*5fFR<pU$FXZhyhdRIBub98
z=C=bV_(TK*_-7{Anigx;8W6{i<KcLx+``}8J~~|jh}eo0(OrYapM{^^_!6L5g$V=1
z^3KQfyymn5sUMxQzIaqGtej_IV>=iULgk|RX-En+x^HX(n+$(Kqa*B>bE^X%X!cCP
zs&#l7G$?oU%-J>Yugn^X1;RwQ-saO}<0#K6JAPTMH?BvUb9l~GGw;b$_>f)OP#t9D
z!q#*Y^JJ}GrkQTJu3wv*xJ56yC(A`{x`F-UhS6C2(M4{PAO|A79ezXdq*%v@!8B*w
zj`4uP_KzFx%^vNaHprcvU!eaWM&xw4QwmJc&z?^@7IE`uqJ?x*i+aP+8VcOHI&=H6
zq+`2mN2EzNx114n%$Mf3RbQJNKj$;Yu|_~H$@(4l6R^Ei{>$INL2D6+jO70QZTgS+
zT3^Vt6hJ(Jvc(NVZaQCq@A*Kn>r>ru=0R&(X!kf>KdEo3cKKTxSRFD_+v9hW3px#-
zjUtAr^I9}0)CGK4!l+m=Fby7quqsgJ5T8ZYFoY~;2Mw6ZUsY$DKOZNfyr4LrBJ*Sr
z#uTK(J{IX#hz`~s!l)R7AovYaq|FiZ+P{8>T_RQH0tI7U-?0O~Qz3JXz;D6n$&7>G
z_UZpa(eG|rS#!oKOcfieU7gXN==7ltN$uxhRi0|c&%?WXP0oyEOgk73u!Y041bC%~
z3#8h03Qa;ii64gE<#k=-OX0NNs1vXo)ZDxw_LjQ*N;<c5eMLHFcgLmo**WAU6m2{3
z5)069+L5~4%vC5mQdyg?B4ixwz2qZAN_&K98i_Jf@jfc<y3JY<#1}j20o|w8^2RKQ
za4o(dURsi=3t3dFYQx$uU;DI{TKngN!D~(SWj_^7?D`_~`~b-R_)7lT`iigNM||o<
z+ybrdPv4rPrfYoHPe5#5KU9!XS8ewuk=N<!?IfXua_!7JaNpR?jI1~1(%B??5!UUn
z_7a&CANn?VEpIriO1k&WQd8}#QkdH%9qdaW8fSLFq<>Aib4e3UESLffUzq=T0f};Q
z@Ci?D{P78|E_-!74_gXZPa@?dI(lFT;nRF3dt~Pzd_7>>xgf8AA9a2w_CUb3KcFo8
zBhfC1Hl!IoP2@bhXys1%rGW1gzH|Ys@no3SUA;hN<lV_R599S7JNdJu#NxM^2u)x`
z-qL*Gs_C<5iTGMciJg+HN^#04?38nfnpOD)h3wdr+CvBpCgzGlmdSttqhnO#F)a_b
zjc^sY5=~VvBV$!5B~9q9_8+RTgzZWi89cCx0kceY3JPekH&arIA$&iQcuG&{VS_d|
zuw*<-NYg9|mWs{eBtq?DRaMZYsk++cmt^f97@|lUiKVmjANpmoR=Nc8I<F5ic~3g(
z49s7~Ynjoh_@%jG<v4F0P_eP>=i}5$gC*xFa-#X7ocgW^(X*`5<^Xpy<t>MUemxpU
z1;j9UsGhmD6T>vB#&#cP=Wl28`KFG^pj+VEE9Z5W>rV9H{8MkJQ0MRCYwL8Pr{CM-
zdu3N^it{HSE&?Huu@3PhyP|+WztICkH)ub;j0@YsUU6p=aR2=6sXkRLq@OU#`4^d{
z39WL4ck~v8KGV$zh3Y%f$SslCy0D0;f&5-gu3E^>_V4QPyMysY6B+()*uy?<Bxg%R
z1E5#@n{GA4TI2CH*&-I{4GoF=&fBsp_STr0vOV3TqO6}~Z>-oe8EnDrcldaJ`}-FL
za991-XITw0KzudR-@Go*o?|xhx><4WKD<y`_L2OG&7+ItzO1gi*$PN0S8|OQO3k?y
zW6;f^(|xtz&oaJuyThF(b+7Y~{tOs~BTk0F1{dEhC5vstSGr9Qa)NNpzkl};$>piW
zUsC85Tj99BofmIYDb;=_iBT0lXq?PBVt>&)ov~YpT%0UetuOyF^!t6XOvCral(}^U
z>zJEW<2f{DxA;En=4L_V)Y;g+k$(XP0N3BgJr;9V^pA{wAQ8}BiTl}FbYoG9b+-mp
zHsM}GDy-jQDUrZSwP*&uwA7@DTg~XQkv>&n2V3d+L&kgDb8sEYQ?jD9*=vqECmShu
z1*qFwtx?tIdS8)F2j0yi-#(>ho&z8v7bdV8-I?UL?fBRU9|?c^ME>|Db65Ovp$d|-
zbbK=`J*Yb<Hz)}H)a^>UT`#S@3I*I-$08EhPGY3nd)wySob>i6k;2>2WazNPkJqA+
zOk*$E9X!gIQKs$i7>L2c%*bJT1BN-&(OBTcqp0}9ikoImBF2;|pBDiy3Em57Jxj&@
zLy5>d?<xc+6R$u@@PNfF;P%an^C!@9_8YdXjW_-}<}(LKv2v!|-Me*;jx|qoWJg11
ztX=XugEs&otR+bq(Gpdkv}gvu&8T-mL%djeNmewqI1~P;!EHPA`0eYdr(gnH)6rdb
z*7H%30dk+}MdtY;T|0n3Rq^}Ui*mr=C0EFqGMaVU8BsS2l5qe~n4QQ=DN%#g;5uSb
z+H~FoM-m<GYoyAUzMD?FF@K`~uRkuruz3s97zT3`l&T8cHQ+y>SAAyQ@o${EHh@Vj
z{T)A_^=oGPWrYKLc@xNshyP!$vUuPi7tk7OVFCO-`>xp{&4gb6TE7Y^U%nr2#jnby
zODE1WjX$#J`UN1xS?N>lJY$8<z(O2BP$u~50Cyqx@D+!9l8<0j600J63!s!&zpPVy
z)HhcbK(hS+T~0ZF4X!CyXOBm$ts2jkyr`Z(x-f?#JqfPYZOsq$JOoX%{{wvau?93~
zZ6HYX7ktiyCVsdCVJ~|K-_n=ye2=@$rsa!2$hjnOAy|5VMxRWZWYGY(<tc53TEzpD
zWbX{5)n+4H&T~u=GwRQsrJY4-(8bD4RDV%c>5ygL){;DQ8D}wE&Cy>UY20T<wWUjU
ztF0^yM|+M9m3=h@2Xp~LnE_y`siQ}<5memLl<7XLPJbzGoW|CZUNpQ~9&=qjn|Cxy
z{!aM4%*d65OuAbH@nyp#Lo~b*C>c5lJ?W!VBiN54Z<M(ImS6OQdtK>Wcnx(6h+sow
zRUkp~bk%Y`Uc;W%rHl!;>*f72^n4dg?P5wsU<&V52(}1q9L07x?w`O!qgO%{b+Q^(
zK+BLvwWNTdmqoUuf^Jd;r;G%R#)iXl!1gZXIAknEZ+a4wrP^CA9iSuD=YL8O7U1~G
zlc)}z^rl06gG1;B`(VoIPJi~MvwC(r>B!$wbp~{za_we4>;Ufm%k+=z&HYb_ti9c^
z@sSxlqj=c6!*#L6l*>cCvwcG1c3jym8)GSV+jb?}QG35}PN&hb-x5^Z*aTFqf%GE0
z?`Rhg20~hkl^ka6Z-pl0mW^Zat8)tXe;*II7ejyanFv=1yPbzud4AbU;2tC@`+@Hu
z=mxE2e2tg^7pOXOA1i0Q%=_>@c8nbK+JKG?jX>Lzx3&pj@z@vqH1HSJBbm&{K-+8`
zWvR66WJ!iodx4ePc7fg`v+4qd(oniQeF{NC^F6GYNX1DpT~<!Nk27x2d6wg!R>zX>
ztlQ^-%9srT+yqr4&7vMhU<_!JHR}(}uP4VyDPhX!|GGhS4Tw0+DJ0JC=!3f%m#fNl
z9YtSlRBy>ItaCB=5d#+Y8sy;e7SS8DNP$lWWQuLc%z#+(&58gG;Xm5{2v!9D`i)}*
zTLh=jtQCc((7-<Nf#U{4E2OHh><Qjoqoh{s!5Md8`f*v5)fwa(_WItvU#@&pP5WA=
zEtoU}Ep2c}QILxvcm>LGtNHNwcv^7DGl!HYVvaSgb1?g08|J%n`9C72H{PQM^^Ymr
z7KHIKrh={fgsHi2llLBK&t~Z(ziPBTbhVm)AZ_-jUHr%%_eR+4d4TtAieCU^v*^?j
zft6DNE&zAL*g)^zUjOg!Yj;$!L{N3lkinK(bma(v`%JjLtd-AP)CC@YGTz7At#$w1
zoOL-s7RlVCfSm@v_(0wHcb{QJaxGob)fCXzp!@~s1z;v*ef9c#G~^2b3Gj)opMkdg
zX~jSPUjS(*me{!rU<#o!J8fH=D%&dy3>$FA*v1n5;xrl8`q$f4N5^non*r3_|2pX(
z<=6lI;n8mWZ{u;8)%El@^@rFWY{(%(MiSnp&z@<}a;|XrVdzr(Fo>ouAB;0f!oQPI
zr2~dpQIE+1!<!;M4vN+%GySFj_yqnF6RxrPos4cX&JgxVf7VR`I9w%w!(9RtT_&>Q
zl|Gd{vkN*;9Zb)h{uQ9y%^`nGu*^w^)uz+g0=OM6mcYh=i#;bxoRx#h^K!84nYk0S
z3V!4EBLEG337k+$PI{KZtKujgG&<971gIXTvU7b<auT0vo$gY_62%k#GT04{>|G5u
zs#bNX>KazZ2|cJf^9PmZ{xwjY$hpq{fzt<|jIpin2Vn4S;0KT`TJQq^jeG$>le5=k
zFdb*F$3@3a(Cob52qp!rJu;iY&>!YrcR+81!ycO!-gmqLTfYad&ups|lq^Zsane^&
z#e<%{qgLp1%&6?Q7t;WA=AhHjg-ggG0R=k$2V9-rp8Wzkzkv3s?WRBc5kZP5_~w}h
zIq1zH?a?^w>BJYkyLg0Xh&YlrAF_6Y9w&Dw+-pmqa#4o7bGwMp5Ju8dQ^4<Oe^2an
zW{6HuM<z=7?srDQHt6`^>BqL%+}gvBZL>_oZzE=i-_~v_{uC&AJm_Xo)5nO&KjrOV
z`{_F|0^qy9{<HJfS?90*?O%Tx{`KYXuQz}F<K5HtpW=B6p2}>n!=Bwqy)t_+!mOtq
zdV7g@$9iSrUC+wG(Q|qTJq7#!{l5m_6PQpGiP=*F?;wmK!!Dcu-K>5_vzp&ymYnXp
z-F$!U^Sztx`=9ONC5!D%e5su4@^Q1BUS6Sj_LA5d_8+(XPaTbH$^ckn|35m}FWCPN
z2Rr-UR-TWJME|K@Zr(Sl+^uwHBwX7_m^qeQ%2Ze|AZ0<t*dMB#a`$Re%xftr83}X@
zHmO}v-OF;CA?vDICduqBnSyKgK_3jj0DLPt&SDlJF%i-cGQ(s&5_&PEDD)PF!Tv<(
z2#et#LmVLg?_|V&!Axk=+Rg1ig7iGZ*f<W{-zzPp(BpWHULfcPI7BzdBcab4jRD6q
zL}E+hiy(zTfC9{BLom=UJu-^|q$nbJIfC9D8ILuN$D20Vy6D&5!&WxkmW;&K%(&(4
z?@YQ5>qN<Ltzq760&#UyZ`t&&W%gYK=;lqpc~2L2*|Ktv*c|MXh_ef*!4z-Ma=cs%
zYg&=3IjwC=#-SI)es*V1QI+M|k`-A;d<96h9k@ZCb9Ktiv>^9BQEUU^!9c3F4%#&(
zlm7osMs9m)6L<Ima?&i^QG#!WY9`*)KvTFNx5Rc*a~JBc#2mDyUrMF^r#9((_y0O5
z=6~%U_ILW<HXg?YgX{yAyrfYTCC^rf94YzJ_=uM>c3NXyDDhd4*xgbXGOR`0{=Emt
z`NAL9`k%u9`;enf#G(!k8HYh|kM}?NM<;{A{g3|6|8pykUf&ZAo&_ib&jLd3;s~^>
z;+eHU+luzt25s^Gy*<#ktw4rjOad~3LDz$v2dEpd$iZDg!ojnwdFJ%$Lh};V{RJ}6
zj-)V=SZS|_Z<3@aF{8a_01BlYv~Q;fa7ZVJ15Y6fe1e#4YYOKG@F@ZXDB$$!B01LX
zf-A{!fRC9#8C>05F@QtBr<f`G2^gU<p$J5jcnHae`R!yBDnocZ^u+5YUH{!F3TAi`
z5{fq5M(z3^<o!PncJ|*bJx{<D<YG@}fD@pmAH1KU5R76R2!aL?^zPsUv2N=LxD}Mo
z;wU1NGr*=O2!L4ODxwk&C(i*z0pxg&Km_^JdJjXt^#p`yBDo287Ev_DACRx4<Nx1Y
z7rYLG1t6iUDNq6tq9DK_>bANsZr<K-LQ(4pI3u$e3Bhk?H^9e~wYn3`d-A^u{Z@DM
z2kpuKnitbaPyEOH$>w1%1vG-5V0mL4AlCY}%ic$=Z@VLS*ZQ{0XHo0h|F`u7{01o|
zF#{Jb&RMIga|yM&*hjFZ%2D$BV_DP7Jn8zsK0kf&^1M6qH{M3&`XBTU`zLw%fB)$4
zV7LCa@jL;qQ2d)Rq5Xn_88{Q$TB{|0t1WI!s8uMjQY2=Qrwn+4YiJV=>$X}?o`AC{
zAxyB3v;vJoj%TQKMKPg*-5hlfj9vJ-+>c|1D40UYi-gdR#|!!1Ba|YK7h%a9Vp7q^
zf*%p@4spqNy5J%d@VotN3+6^7zzoPeof9B*nHl8RgF&zWKH{P&)oi{w$Yn$N4B0do
z5OosX1w!gzh;tlH7$9SyBFFR+Kz`4onDp+xXT1>-5)oApM#v*G1bh@x<Ux-7F1Q$%
z;Gi4DN|u2NRfCa1<vECy>|%xya}dk<c&g!CK|Xy7#ux>@94rB4hM@fRJZV~4DpJu&
zr-_r_a|m$)Mo7hiKt6!s0?Y_Sni^ypw^#*AYqi8MjY$xY_W~m>CnCU%Gt;grEM7;D
z!WrU-%JCGREn1ZHDQ2Hf5vIu?%$4ZbYF(Mi;1hU(m`8CWHy`nrD*6e$A{?<+$2{N@
z=yV)^nP07UNr>Th;FFjo<qRM?f<y2+Lg9`0_*~F|k`y_S$4=lAcqij)z5}0H?~F62
z0ODF*=DVn+sHlsHtjXa-RFY;kz~MwLP;0Id64wzf1O%zraao<9nW+By{H0kLQu`LA
zLLA5<`2&EoxhM_-9lFA<Ahd;SN3MT7Jp(Uch{s4wE2Ic$O;YUmLcWkCFat&%_ypdG
zQ4(OTbuL2LvuhZ7Q$)dO%%>>i*etbAt#=WNvaMbbKgpd4v_vl(i&zAd29awrosg^r
zTENwp)_`_~QNxtyhO>x-NQKdRr|D0E%bMy1xHk+*3kC;i3IxM6lQuFajR@h4Qy5)A
z#@-X^E35>EQ-4crWLg@<It>&&1`$OJWdVwz^vNu(J<$dnUs_AwGcdwIAPG4cqt?5;
zrAGid&2UTu23T=Q0HKm!q_f(3R~3FmK$S)xL$sJ#1S7gBmcD^tx5Tnz=4?b!te8JZ
zFJc}wGtsoHcvsAtw3S+^Op$EEOAMH+jmnYBTCa<crNO!uZaP|;Vt<1H_JtCRC?;|)
zZmm6KuD=R-91}ksCK=r)w|%BG^~{G0wkO&<I6jiCWo-d54GcYt@iyyRtU5%&o9j#P
zsVOgbXZ*bWOP6^2=KAu#dv>GnJ+o;|?5;FM&kd1*(|_C~<nOTv=zH#&_4DnwVzc=6
z+hH;^*4o3&*a<X)6ANkvsgy_p=%EC>M&r4tXAz)`-j5W>4kdvWhd9xU++sUcWbRA{
z_4<Dm&qjz!>iEYEFlTD&ZOXR6PjUyAWmr5)cSkWKH1_0HZ9^A0z0zw)RJs;8CQQ-v
zZgu!eaNyhwd1@nAwn5iEcV+Ex`IgikxOxZkcQYi@E5NtzZrI$$ay0Z<Wa2Qaj)oQ^
zitP)L!WJ1;gzw{tu3v0IeOr4Zb0>}Nwxr0S_x?}d-NpD7;a6&NT)O2yVv4G{h$yjX
zJ|bamlat79ZfrG5^c#-trdH(AZL)5%yxw{&dK(eHYm4ZvWts};EM_POyfL8?q?#)^
zRjLh73-6o7Pkva6hjcXIbR^`?XweavcY?s%IC3j3|IH1{hPXlvLPb~E3|G+W(9+Fp
zq0XutQ9R2qmUMy2Pu4Qc%5QmRj{N45wp_ipqy^nzr;tsZ0L2G&BqCYC400h^vnkv^
zIv#%b@Zp0rWEf=xb3o>ZzNc8o(o)J!wj8OncZJNCY2SqL&$XUJ_ZQ-29%thPN{zIV
zy8kC0qO_p(S^!LR`COw((0Q3(9e_`u+Z7ly8B^UVDRq7ykH?6LZimDdszauU(s=Bm
z%}dPWI9j>XC0|$7g__GuqtK&-X}gI&=W_SS3RG`5A#ejcX+oDO8<^xGr<4JGKfMAf
zEkjDz4}B2e8P4D=jYt_H{`jYW!4LxI1Dr)-Kye8ErEND0I1B#$%!u_9%%}0F>ycT{
zB@azeFza!OP;bBcefO{@?Lw^Q5sG>iyuD0UZ0|vV$+=v85_@Aa%QzS+57-3r3@jfr
z8cY5#iv0=VIl8$b{)?o<kFrD;^c9WBoxTgMkw<1T6#B?F!Ik#~X}#+^ctzHQFxOb&
zdl$Tn83*VCR;CAKdlh45@BZKt!8uY9J~NoP2_bR5m4bm~s*Q-RhpOuytE}6stGeYp
zTLJ@xb8S(f9UqNxh<t#;Ii@6(<TZyB3+!3WHYUOS>)!>cR!Spd#L33hJHT)_k^f9W
zK*EeZnlZ98G+x<5GWV()ju2&-aTIzeZ|hSg-K*cuTqvX!xsHvi%;ner_&?7TopVA3
z`yKp@3;00k-TqQ=F1gm_pI|0AnK6;5{mmEctC4MABk2D_aQBxmT(k=VEjudc5Qmeq
z0OFbMu15VifFMNgWq;n|AONGJ4Y`d#z&O?Rsfdy}_J!;VLttR)ntZAZuad(XKrs_g
z%63nInH~<ga3o#o;gK(F6H(68mjmO$2zq++Fd)o3QFZV$E^Jr`Qg3>#BucDC{48di
z%z*l2q)n_x|J0vh#)Ld#_Jop+Ob9SP;Q-xCVTtOZiA){82wcfHGo*w9#uM|79Cpz#
z^0jm%gHucJrGuNpA`N|PEKOn2BBw3k@_b;5bX#N57L#om+RZ2<f~fD%qS;_bIAvHA
z+T%njStXDo%;sKKtS&iq=>okzzqyr8CC1PzS70R+vFltBW!<ZS^h%clVa~AQ0t&M%
zS8UzZtK3FiXv)ciHDpR+?xrlGhNg!iKo%CQp$`#Zit4KRSV~cL+Z@rEb~UuOliSN1
zV11J7CXb1DSJ8eKToJ~wI)`G6PbrBf)8_#B6Z9NVghG!lA}P*T-z$-w62^_$vuemi
zxhe@YGXMeW-l0Vkuvh0VjhrqPiX`xcEm*eXC0nws&`Y%l&z5WR>@?HX3@!xEre;SL
zbjLUx1(;0%%oO#e5GxYV-jC{-uo0R*5}Z<2IXhhsV@^!_NFP`G5y4@02;FEEgTyOQ
zKv|4jIM^_iAfb6L9-Cj10x{DPF;;tDP2)O|#4@ehq?i(OX$v~L!!j*IXqIUqlBb}V
z7RJce3Q~6lg(79M^p|nKamQ#_LMexIk!V~tbC;4zGG5R1>3pL3*y4y~kt1A)i5ecW
z_>R(Fl8YRM=|2aT1o}V10EV8>OheyfV86I3li8ge3@k7gSIxUB>Vc7IUo=|T?U_(P
zV8BwpjwT~7c4NDrOZCh%<B_aG^CExTm(*DXyuD4okUEHvUd^6d0#>PFBT-bY^K=t`
zcF^zl`<;XRljD=U`qt40b;5T`;dqR_)YK(9>ioEoPMd>8XS2?a8)>#)dZ{MbW&(|~
z>9xh1X3MEe(5b-5mL&2hh;MSZE81&1_!|+j8jZqc#I34MWCbOcFtk<&Rv1>dV3otH
zAV56?mM&pz!vfa>bgNEyTSY+IS~qYwp@_L18#H^;MP&Oa49$j3o6qh2S#ok!NwN_s
zfn@AUiOB#nAuF2F_Thl#z0<rKT$vM-E(qpgxohQYU&Y=SM3RwAQ5M1p;z}&x0qe+~
z$xR6><2ebX=cckAHO5%-;BNCC8lEl1fW$%28fI%avyN)Zl7#*@V<o;#w_-6n2>Qm{
zVQP8O)Rpe7>KZM$uz)4TH*E#_1m3mVOQDvv|I~Y9-Co{wH0#f3Wk4MgE80y>g@B<5
zQpi!T0M9NFe=5dN)_yLe?HC5ZqJe~Eu#F&}rV@^t8hN$h)4QHcS(t+vo=hbsA@UGo
zVsUe|pdg?~o_finBY?w<k-IrE^@5N=QT`kUv9ubG&=k%wQ8uCp4nHISvmv%d(7QvS
z--#&U#3R8Fw12t1y}D^X>`_f-NQAoNm#b#Fz&fg#0WnfX5-CI$bD@LWyKa_r@yk=r
zlCCYIota8YHPA#qD*|3yK}*`-god_K$2Xy)t<><cT3UXouArqQZEsjjE8`-K)U+H@
zjr25C%W?=`X5jBZLn|48d(hDGz1WnBRxyRk4s5NCwxWKvVH6*Yg0|UyJ)DNNiGHl3
zqN&y&R!1vzWDO-v_2>Szv;xj`YMQ&kz36F$rXG=^R>19XYib2_A5>K<VDokAYD@Av
ziUd!K@b<XdYJAM#c|Y8%f=}HGM|vE*=h1SRhvFw+H|J2-zGpCU^A3F}+`hb`?gOM3
z?v)b*)VIxF!YJh#B`x`o!*}@`*y&AmF#!KOeR*l*e5H`)T=xXct%<UZ#b1K1ZlVFM
zcW9x;7eo-#3am4?WQ$%SH<tHDZt;1_Ez#z*uFIxne8<tO<u6jD@ilL_#Dm1yxaCUH
zM5kL036B;WM4d=@(8eLB&!laqjcPQ?+V-HU>3p=wW**cfF4NAq-0$=y?j$y6a@(Q{
zO8m<O^h(%nclS&q+wpjJ$DUr={k<ZD^lHBFr6G~mz0}|iWSd8l#vy=A5)!z0VUL}O
zLs2CPCb25)i&05M*OjI;fJ^0tCR5A>&|GH9fx4foOi9}+&DM>|m9j`qFA^lwcc7E0
zEcAiJC-Cl?$UA#)<o9fUoQorYc#rEM#bCLGVAorX@-3=b<_?Idmf>d!tmW@UbpRTV
zk;jMN6}d6&@4rU$zu(=V#ZcCiH*a&ImpVZaZ77F74cvpFJah1U<O4Y7h}uDYEJT;T
zf0a<fBe;E)uETZ3k96tQ2p`o=E+=}_HfjqV)eWyEb~Hl3?EKXTG!r?J2Ac~Uj<_y)
zrf<b1N_f7h=3@CtNSI2FuS+?g8GfIIb3g3fwCv=}27!BI%t`yp@nx&pYHT^3_Ia1F
zKu^0=W}YYgmIv&CypaY-2!zrJ)IBrX)F5?HCvgbiD4a{YUQ7O2BC=-Vi={gOr1HWL
zinzWDrZ)l;QT^=A&F$-#Z!cf}eDO;B_w~D6Z1_*$=C_~K`aq#ad}$;BBgl|{e5fox
z0htgT#32gcLNIg&AUNpv!3XetA4K?r5V^1??*W2B<L7TKPv2g>zPvd5=evC4zudmO
z1cZXy^Z#?3N8tF-3GV9j=kvF}oS(ipzkYl6`ql0EtJ`-5+zfu`g28@Y22z6_N0dF+
zunhDDFfU(Uze`b!83G;&h`wL_Y=Oiy>;ZL-6eIBL$#^^-_xpRLkbipp`gYUUCNS5+
zHi;)?xt}n^69Ug%@)}F1G8F2s>HYIh;GJ<Pc=!Jo0s|fk=7O1Z9u)<U3zj6%DBAQS
znT1K{5X`{4GuxShDT`Ug2L+F{rNIkG?3>GzVgOm}O$CL@3vbWC=?wls!sp;;LM8#q
z_Sp8QaP_))A+5-l++Hns>>fhQGTnHt4ZbY7Jz)ol%s9O~W#Hn<#Tc78D&(<wD2d5n
zy|#OU0wnpQM?yvdWcRJWX_xj~D1)3I{*AaQlsCDCe?kt!)!h(Q8j#Jo7_8j<1G*2a
ziu1N_-faf|>YI9o^}JdCf}X2E$L+k57RxT>xu803<dr}zyNH*F?2XS4@A=3ukI?!D
zaCwLiaQc=<VGAc*;7n#$<TAE<ut=lFzw5m#BJ>p<edW8};6OUjU^jLM?WFQ<5xK{4
zMw{#aOPj&W$UOopnCXNaWXhmdj4+i~u(uO8Ds64mpiu_G+9wjpoG*U@ks4#j2xYbu
zv#4Yi!8m#j0z5|{Vv20U0Acx;stG=UfdigS#VX*LtgK@dEoF6>D#Wf%2rD3GUMvZ}
z?`S~R{t4nBrs#G`5u1`g4$4@)1Khl{n^R!HCvYI4dUMp(5%sFJ>Lf^_6&^ATfM>yQ
z+5HNYs||prxD^`J)rO9HS^``JKXq0#X2g=3_Y?`wLc?iOEMRk=r=d17OP+vctFCzJ
znIXDmj(<!o`!L%Ambd2=2KCD`?Bu)eG|E(u!v?K0d2H&%z*5v6EVQ82g(;*XB3Z7K
zG6goj$X6-aT229`4EUG8=#xb2-=Y)pS7C58<g7TBhph`gWncsu_5jR8pG)&M<X~^h
z$W&}|gNCLe@W*Iua$tGi1}AruTQxeBpz!DoPj0+FFXNNlhiU^<fwQh1C#s}rhbgME
z?b0YwCGZ_asY>`B<r(;i51lOvJ{I$o3#kqGh&!M@gp;@fjR!YXxsdvb%vG-LH!xWh
zwWZBnpeS1cT{pIm!-kdFOqRA|6^8Q>7_{sj*+#7buI1J(8^juc$}K4Cd&1iDw7l&p
zOMq*-yEzt7jn92u>&tn*HEzFbTi&1(+)}u>xA2wy;fmrzb4UC+(k{T&xgzFBdjc12
zWv04JyooZkjch5EJ{t+l63NmBx$p%RNDq2CpP1pnG1J0`2UY)V8MU-I(L!$yX^+NX
zPv2_kW%o4A_jTOnUda#{d!Utp#TuDh1{O|IW16{PW2I*)0i8*d;Q;QoGU`$#2)lDL
zX6Mw(#aIN8B-%*oY{9^2P;lS1u&}>p+oHi^`EAi4=ur~>PDT&96(*y(yoJ=Ny1Iol
zVH5VP96c`fWSZ}ydLQ(`x8i>VC>z;FlZjnzA7vg4!!o`(M?imPNdzZFdzqx7Sx9d7
zqQ9=jUh<&x>?IG}&0ch=5`<08wgR|(&Nf$No3&(X-ydf&7?g4rgUCH|mIROG*Q8Z-
z^);DN@G_?srdICM!o0RqBbk6w$$&Z%Bw1BeM&T>1Qp**HW`rZ1usX>xJqBkNy|Wim
zz?tZKrlAZ|<iSwQI|Cy$CMqTLLV8$7F`FtIodTTZNpnrf^32|J@xfJ}d{=Dc#~@j)
z^O%}j$_ABbaUCtoK-tLdkWj*UyTjUAR>Bk;C|8w@E~i}8HJjI|Dw|$Sr)q+NEu~kY
z&`gywO*Yq{ti1K_bjmAdV*Cj5>2qo7<WDPe<ad+H$2!5fF)?Z;sH}^YLZgd`cHYUT
zf+kzP;50|wgKl44pjD~<ZE@vBS(kLO(6Y?_n58c>*~wi^b-|U{73JU0<*?ozXm^mi
zgaa^@ivI2(v05h?>9y@PgS8oii?NMN_LLekIf#K>!W#W-k^_4L)AH8OssZh`-gy+0
z)y9(I4yheR-GJR~S+A_e@?*2kQcUE3YC34mOs;>)loBdtbiYAo1hCvnxfn|rYfho)
z(cJ-CX$nV#^8ir^zO1W>CxgtyZB=N{=?wg0?=#RgFbs+huqmF^^c$KqUGLFoO2}Q}
zWRiRU`b&}*%J%pWr0MGdESn=vZ?qou-AC+6J-gDGwlPs#$SSF3FcpQXaSRY-$kB{^
z56I|u<Z(w*`<B_^5%i`Yf)vgWPg2^6Mg6YRk&Fv1evnevzn&*Q|NRa?I*Fz1#|d~R
z^#Xl5_O1(lBGgEM&s(i`@80Qy(bhM>E(vCf4n+#jPDe-vEP@^ai6jWRd8rU6oO0J4
ze<0(rXr|RV4dgz?@f-z<=K$*PG17oGg*-VRRWh0mAZ+sK!4a9GbSRR0;U?D|ct6Df
zGT578lG5q@_IV5}u~&BVFT3Z9cvAHTMo~xT5Hr-B`5SGc-|zR24-e(P{eD0H@A2W_
z<S&E6lf%RPqruT&@R$DJ;CTP!FQC6sEJ~i3aY+BtU%Rb*=RT9?$&)AGIu1LxLT0+6
zgd>^S8vFzEDTz5aBeRH-8D^-}va`kqcrF+e1RfC_M;@q$9VLb%FQ!7{Wh96tFnL^?
zif9of9%8JgvMVkaM>FXLr<)ey>pTuZMBxYr5|Gdpq?03=jik*)=lDeGoL<TgmvDh7
zII-FpV~XCxAn2No0fs_`rQ@a#IaE-rE~HhHJ{XV9uHAiO4G~-%Po_LrC{QNbtLTB{
z87iIRI0}7<@hHXt@8B?PV~ik=sqs{eq}@jQ4~Q*8J3R^Y1%*sHE%+$n)2>iya}abW
z`eCc}9r!WEfe)go;PfTqDY5=L3h!{pKorE24i2?9xi;FEqOI>7IY&7G5k+%pxY7*-
zNNn|S2xC4a6#pUQA(itzG1i!%XVwV80%#-kw7!!hn4_=^{vqP;3B7x6=t||bwTWv+
zLd=QG94kJhwAT7gh6=!;AB)~TWs07HQc_Y5S29R&;<(ADLf!#BvI!W*oXoUWz(n*K
z>h@0kISf7I8?;T2&D;qjUtC_L;GQP}-V8}IZDNU&5#~bO=qMoGUD87+C0Gwek}O)^
z$u%y=u7na~l7fpHFhZd>ok4oXTCG#x#{xDCz$?NL8@9d!R}{@LiCJbo$CS(r@u!Z*
z@-2xexPp{R^SqQ)Y}2=vdrTUGbcOvQBo<lxdFp1N=^$80W93|l+JyRurbj@=>KLN;
z=`!`r0x`1E4MM<S3)Fd_lYcQ|F=D-glf%Q4uB61gmMPbY{w?(d8DS#kM9-hXG3}RB
z41i#r(*AIv-A^oq16P_X)VZvs;Rx`SY*zHT)~1fucTzx9vnJE}hF}V*j|4Zp{`Guc
zF|7k;Sq-#H+SSdKGUy@cj6(tT_1vnQg_$6PGKjVkj-P`YV*?F+@J63HS#;A?7Cr1I
z@sGlVi5;NBBTZol`nAX#oHHm(6w|#(2VCs7T2G#UH!`f56rhRChvtLs{?T`>)(wYL
zCO^hu;q!CwuPfrGyjP}Bz=);R<?MO4PduqKdnn?pXAtT|#P66tI+0An(Axu3I7eWF
zP?(Uo?1q?13y;&Qi*BoR%A`9Riv#`~eEY4o!pBuz`}SM#j8HLr5R9o}CrT?2e7`sn
zW?=Uu-BA@l1$~GVWefI?sJzbrLx97M^0Cx0<CJd|HmhE_Y^l?;t_Oue-i??Q>r>xu
zFsi<~Ju!t$4M(K;POwM{N=35U0^fcsxYO|4Z(HCZw42mw&T~mu1^^gi6!>aqeGeIc
zj1dn@CZWWEa3RSjRgjBwf<rKdb1{%IC%MWCuMY+#_+eE~yR9tFW3V7`GHMIKF^%os
zMV;ojMIs|}p5I(CFvk!;tp{sR@4z#$H;a)J4Hy?R-~|YVAdb>5?g{$AIsr}~Pt*j(
zNhWM`MM)qdO72i7^MNBdT>8*336L*XzZ}|eOyvreFi2#M8dMYiAA8r=6S)n<-}5P~
z(9;23vUk9>QlxvRD5yNpB9?=`q1<kEi5ikLcJ2;weD}&@kCQlY{w&#rE1L&|cJ1tM
zeq($5XJ*U?IIw-&5^#h|_mL*Ti1=*k>^Qr-7BZCz?NYMv8KEqj{v(bq11fNhNFosP
z^)DYgIY6A5@y-aNNBk9zP>>3EZ%JP1yy95arvzdqVEkxo!7RpvM`~Fv<Q46vrfI2j
z>Np|+qu>`B&htJmd3DI8jI1fz1cW4Z53tqe0|WF%*dgI1cq`F|E;XZj%GjmmZsQ$7
zZ{sYS<+tshw`c-pQ!&hKnHPj5)u`mTxz3ex)V2jouAwQZ6#=*W^-_w7S(1eJ<pLAt
zMKdp*QRnq-Yvk+yX*#3hn_E9j{FFK@2?zU)mi7PsyMqI5{eSr3;KOG9zmDhOVZ2Me
z1a~f&RlaCq_lf_J&$+$nt?!cE@#CY#OIgR?5>KvSqk`|W9Cc*5JtEv1h^<<d!%N#_
zFaI8fFXsp<f*ZDTC8n^v<X>O>G!14x`Oeq%(Ukmh0RIMelWaZ@z7cybe;Hp?^Zy0H
zBMei+-<W6I;QgC<p$JOxk_50j*0nF*4&@pD4K4>Cfu|myV$=ApH01(`!M2M@5O^b?
zlS4qsw!AFv_dh4RECk6U{&dH&PUodz3m26*NfD7V+P&bAF^+?mXdB4orOE^cbHyiq
zsW`<l#sZy44{83UpFjZjV|Tq4a4IguTbv6)l&Gw*mOkwbFiC@m&58Yn?!BS5_BQdm
zeOj97|56Jqs1|m!#Cngb71S%+iYNsx5sfN_a<);RBH!ZwEBSlhaTY-ApKW5_*u5lu
z?xAV(tl`P+Ke$?f@7le0H=OZrwg3Bv?|(hi?f?G!cN_b^jz?+TwYJ1YZD~J;T6@YT
z(JkHzs(ZOw1Py>&7`n!J4I4_(X&OK@m0OBz)LddM0!Pg*p)3ueg+;_5>B0t_taA!=
z&OLT(5wb|*EOCjQZ_vTl)NY2)yhRCj1*7K2uj+RPcnLqz4WB6ovVmJ!yaL*kF4+iL
z?$<3tsfM{Hp;)^kvOZiI?+`GMiRCMZjrR>0K_6p{CHT}}_v906cZJr6&?Xmm1E;ch
z1+>W%-Uu7_k(cT7bw2ccIF*$<V(ZJODJIFls4QL`OB=$M%wyHnvD%eilG#e|Qy*q!
zWh1^awl-$BD2vnX_AANVsfw6k|4xUkVol`fLc*ulltCo7b}^4Q**w2Ga`+$I50i1^
z<ihu6*J;4~GcUT|zPSE-M+yHqjziyza_M>X3G-M+3u5yRkBagc4IGzGG6EqL&5D^w
z?nGFA?j3Dz^`#1Y?a_>KtB}vYq#Z*B(C+H#n}5MfzOp;APDK&;g(fE98vlAjv(GrM
zx(Vhkz~kTLA5+&Nq)B*=(jr9HnkIU`L=RA3)2C77KM+8x$W3A-Vniv5F|LtA&*{($
z={Z(-64FBOjt2PQu?BJ9Ob===Jd?SS-X6~aMm!1*f^XFUwLDP4UGh(-{B_=JhNn#E
zevpJd34_R|a0aD-^djyzP2?8-OjGG$x@*tdK+S!(I0au@_cdJDxz-+BBlvQi*l-i(
z(EYdu?{Zza`3BAZYj3WhZ<r2Uy44t5L8{l7zocG%l3y`?26)LtI!rxF|8Jy^g<5+=
z@=WygxLuvrWY;OQpq#?xNaRQqk<0hcMtYue%xq`i$)jnb>?<B(+r@kG;M*vko<*!(
z&8x^UHXK{0b@Hr)xjb!EJ7;~9S`Ej?q>OSUOuR0u-p=_7>^)y0%zh+;4}f2g#jg;!
zN|P^yAH?R@^SBD5Ut#FQSp9kqhBf;Y>DOuZ>jfOv@K*%<fh~VMU#m0y74BY~?Kcd!
zD=_{QE?%+quV=ld`QO4gq7HlTcp*aR*Z{9Ls2(5mx&l+#ct6VSs(bDz<)!#}6be7C
zw52#v_L(=V5=!_$MXRe%inkW@+Xks{QsLqZg2T`uUarcOe|&))i2hOevPaUjTV*sV
z`2(s8j4<X##^@9>(92MA833s6;vAK)i-0gM<intd6Mv>pIA4@5)WFbR8KNIOK^yoA
z>A|PeOEYlOUzs+_1Hf~u!%KpG1H@57Dt!5tI@#;0t(}9dJWfEykd<gL#)FiYfjNJL
z7W*Xh7UGhAjGUDT?Brwzf?|Xbi09-S?tua<7<48YqKbHuwuyP^!e@E(hzv8tb{|lZ
zW+Lpf;Nc9xMI#X^#HZRAPkAd+$Y#EZZ*lBgMYc>tQiIK|XFy+><Qmjyu6K@7Ny1uA
zw2kS*6oepRRqLZ(FG_X<SDVFbSb*qfvOK^_63$@(qPs?SfY0swxOq0u=Gi>2`S~vZ
O0RR8aH$p1_i~|7bL|-8Q

literal 0
HcmV?d00001

diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-103.7.0+up1.2.7.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-103.7.0+up1.2.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4a53e01db63736a90b35c5513bba58287c9b75e3
GIT binary patch
literal 1246
zcmV<41R?t$iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI;$ZyUE0^;w^S$o2P=yowFG&`p-xz(|@3QIZ0^jmYteT`oy*
zhO(8S-@Vvf$#JEXEZdZU2A+!{a`ruPIP>_&0j!*1=t4nV=P>}g(3L?Qk7f|Kw}8?d
zJ=d}<%g#<u>%Uo+t^du=PO_u^>G|o&+4<YruYZ<hXGbD?HuD}9i6I<i&*oa6+<(Nt
zTF1cJSsHYNkicME-jl#=u&3Rz#K8JmqZ){1uC%(%v{GmX;thw0Z(3a}lt>;V4n)(~
zr3EpTt<H`H!e|?BTYEi*QZse$y#9Zqt#UWi>K)J^5O%8p+|6Pm<2&H>R}7?`9f<kc
z4tRg}v)_B$JMSnY8MNoRY50C3ep`MnMv>T+pO9P(5-;&uTV2Pr^8n}kjv+hgo%gc;
zMc;6})cS9&f5y@qV5DOi6g^7_cGrLZ^dvi7tN-)!tp8g7FJbqS9=yg|MqB-&UhxxE
z#WU}B3T@S3YmRqHWKh6R>BpL!2r)xb_Goq-mfv-~Gg>YNqCoT=A)5Mtf~1MW7^Jh;
zI;S2K^u2;R<WW|5d2rF!?)N$ykR@L;*5UifsKFc6cy*UIF@R|yt9xnY0)PAt)UEww
z)2D474TQ~aJ3{z?gkg?fY+>Dv{Y9fuG!WNd2s=WMbRGxd<4XKgM~G$B*G%1I2<H8U
zO3tu^W(Yz!k9Ih|`g$_?S93*L6)Wr2Xd7FF>ASW2RR)n~7eM$WnDs6pY%~U@1_z>&
z^Nns^R8t}j+U6~=F6eKluKXvk`6jUtnz3wYevo!2@t%W*5MZ%B=5I0JD4;^i8q5S`
zKu#HyY5F)Xv#?65l(5RuIN-IuO$<80FxL{Vd{SH|3k(-Qs~ksKg_PJcW<T`aXj!Y-
zCl^`U{D}-x=L~{f>(!-qfl+OO?)s{TQw$avX{Fl<XI-DAhN{%|3t_N{lgl_z7hu3j
z43i?Jh0cc-%!0L~-(4tbseM=P7Kdg@U4kW8$WdL@YQ&4ADOWnH*@e`ZY>{tVD8?q{
zI%z(xfSWTzN?@mO?3{Vb?zDX`Z4Bn14NSGsy!gY}ZEial_L|imvwIZM_I<H2>7s4f
z4Ij;*En{Ba9ybkb1u~56CK60*dOn)3Jyjbk;db-_(<<S1?9|q!PRBBdA#V|(N7L-c
zrc&D%37Jy|o=E$ymXyIM`~XvIQ<ug-srv2&X8eGt>^-W~g5aiqqU5df`wZIh52A1`
z$QcsXZy#F^RgdP|F>Xhfnu>}3hVL#8Tu%+v=gRNEQ#w4yysScYU=E8siBpSwb$Ljp
zokjNKn`~8?s~4K&r(YL&>Y`Qc3;lFl?^NpBn-6*pjLSEmq-WhF^rfZhjF)oI;ZO^=
z0{-Bd%WO()YA*Jv7m#Q+j#H!MdrW%nr@FLLA~NJHJKeq;{0qEzwQ5Wx3_~KF+h^Z2
zTgNunfg_lY&He3g$OjU;Es-Mzj<oL!>osT-1OAFc&~`e1hP=&y(n`-1<j?gTtmQT8
z$zs_W#f`@L@m$>lCw8F<*u9oGU1``|l$UEE{`&jH{#W*Dul8!M_9NLp0RRC1|5RdC
I_5dUR05gei>i_@%

literal 0
HcmV?d00001

diff --git a/assets/rancher-aks-operator/rancher-aks-operator-103.7.0+up1.2.7.tgz b/assets/rancher-aks-operator/rancher-aks-operator-103.7.0+up1.2.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..5b77e47ba78fafe281ad5aff0b1b4f4a971084fc
GIT binary patch
literal 2049
zcmV+c2>$mUiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH$#Z{x<%_nE(9Am@Rfrbmi;IqORF3b?+YDU#TReNB4^4u{op
zByP3hGCNE8R7L;2*d;}gGHtnzYqzN8i>T%7ym9B1)GXx*YM;%>R~c$%l<uA-Oq*cI
z=JM53Kp2MM$#Cd?!!X?a?F|RvtKM)l9Gr~$C&T`$u=l1vc=HOvC*i&aaxzT63V$`P
zUFH5ufTgK2%m|fI<N<JIm{ik%Gh-wMLUmbglrK^;Ov(t_j*HKA{BF(+Pg)6Z)J9AM
z#?|gtv_!-)rV(_E&au;qGRw#4FHn<EX#~fAcn7_pKL|oUgx}lC-`UIK)~zX<BV~+Z
z1jV9HOENfbMOGAn6lwmY^=^iGE)4k<*6SOQ#_ERJv9(%=7|EY5bOdZhT;^m@bCpiS
zlma%R8up^sN@Qd8hVK2~ZK--cxJPr15*eXyEzth_TDK8b8AdQ?DVyRPQ{%Br{J7!2
z=zA>7s=vLUAB?;hiEEJ=w{!~MqMQS_kpw16gENFh7wHsEzq^Lg5acDwN|qRtQPk~D
zg-P;pz}0-CcDEtyJ$jJJHAjj(|H0HMi}u1nFbcxo=2@Z4OZ(+>L2LY9FqtDgSpwJ-
z|HDylup9q}qmx7Ye-4;RHD<C5{YIj_0w{vxdz`Rbnk$?NGI|+7r{j5SMi=EdvAAN+
zrsXD$nId77#cXvpi)7d|f<@tDp7qj8t-chbozHInrfPf5;#k<Y!sG{SqegsoN)b$$
zB=o$aBRE$vf@EWqR0JCp10xdC)P=62Be=rJHpbXQqEj?THq^z6Q#U8n{xlacc2gCj
zPbiUFmR;}Y$g@k=Zbj(`R%=V~dqD=&1nfO9Or(auC@@M|brJqw<IlO!Nbp_74qVPU
z`Hfd%xwH#EeR4`%YN50+%QMM{&e<GG6)?7RW6Y#lT6F?1+r@N7derl8^?!r&OfrMi
zJ-_(y&2?bDm|t_o_W6H*(BJX@lhNSd|IY#+RSpSTV0pgmSxXSEic{h8bmhKPx?imz
zC|ZQmstADf+IwFw06rvws=eFnPtDvv(Q0m2&WeRIR~5n86$Sq@8Te&kkN<y8P-dtp
zFxlfvfqng7Z}4Wv|3@c-{=xsB16Hf<*RT-t2nY>KghaE<@ZH>+g(n!n*WLBn^HwV#
zVw{K+p;HtGpW~uB_^iwFpacGT?GVKTf**?#vM4V$eMM_oQEkh#NX-N~|3}@<qX?iR
ztp0Si@?aX@y7sK%-d~H(Z4-~+Mo0-Pj-gbp$m_18aIKz8_Vn7;BQQp(Zp!6aI=8v{
zM(LSUEGFP8mlhR>Cm83l$mJ$cgmsFZvvS?Y?xycbks9$rCm&{L>!NzcYCC3Ewnyb&
zyMU7kauY%4TwRy^?efOYBj|kdbIxRE*D|eQP+9*JGBiu5ZO7c8^wNj>0DECi{4X6t
zD~XS92lv%~C!?MEuOGe{4iEAFIbbHzID)eLx>6Dwa~?frJYcy=lotPRAt;!=rE*d=
zN5f)fnC<?GsmxBdcjwSe=Mvqx(Fc}^KWUX`whcNy{!})Sn@JA*bWF%K8Y*usP><d6
z6wUE#IF^FkFW1Nn+N&F8cw#T|EVfIZZnJ63+}e2F8q@9JUb3pVKMBt+8D{cZtShyi
z=J`L||HmSYMLK;%7})3k!{Nz}|M$bg{O5V#!QOr=Q2ent4=rKf;c-Aoyuyjyxp9_z
zr0@W4N2}J*L;3jc$c>u>7hA4TF9gR^&Q+e8e>q^i^i%rx!5;swO`RS;4c_Db!(M;a
z|HHwX(ZT<p1M2?IvW&K_{=RzjcVzk^Pd&(gC_`>HYs{qJj3VfH0Gp1Y7$3Vgh~K*z
zZm|F`!}?pfs%v30@&Go6wA@`2(SmFc+CvIpBcO$yVebk=%4Htk)eQyk3#1~AF*WcO
zZnwa7a>Z>h>LZ)Wc8p(OmzHg(*6UKZ#^Cr4*%}SwKJn_UYpZm1ggwGhBg&q)g;)za
z65N_*Zwa;yx>u_^H?G&68jBs#c<yjjYVeEM9*hZ<d8ZeKqiR*>=_&n%P&d}ON(~b!
z>gr(m?TMs-;@t=wTbq`L^`7a;SFm2MR`AtEyV{GEz)=deFIZr`j_$`bYzpi3aZ{Gd
zT*^x&1z$$+=gGM;ml_FOJ}dy!#nv(#-M;<s;qvq4)y3aFR=28I!)jGM#_DCx*62+d
z*AFB@cTzdOcmRp=y-~|iZ+nYWXLHnej4-!{nA|*kyA$jlk%GBVkV(d|7GoAl=5zeP
zZHsC$TFP!59t-W9d<lX;-J}@9cv&#0GtLP$kOKZ$W5OtL^CW@<H3l`Zej(u{Gf4zp
zG`xDnO(eUV`CF-j%zf&xg~FajlHb7d3l$oul#dG*_fyo!;)_%+BQQG0z1nM~j9-|b
zu4$~0(qrQ^b_&1Vp)}5oGZ;s0EFFtup9g1zQ1nJtrShW_Zi^U;#+j5Dy9bvbOmdTJ
z1f@6Tzqr2Nu-Qy>jXg76Yhk77Kf}BQIlAq#58zz%)y-pC2BjZVj1h#xFl<WdcAU2}
z@ES4qrK_3)JQViS|7AvJMMi&Q53sNQ?+teA|6ae>JJkQr0gbP^Hl_bgx4c{a-|-<`
fOC|Ku+8y8k2ROh1?t*^?00960c-~dR05AXmA~+8g

literal 0
HcmV?d00001

diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-103.7.0+up1.3.7.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-103.7.0+up1.3.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..80c5097bee18554400ed5ee334998459205a8049
GIT binary patch
literal 1208
zcmV;p1V{THiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI;`bK5oy&$B)SudkaOxpw27-+E5B%XQ0ob=G&7LS)Vq$pNHO
zcen4p(;p{}EhSE@xJfT~$%TaQ10dihkR~v4hSb41cdSDKZ>b|GIUdh|e0K?%KH68}
zIF3&SgW_)-$D4oSlYV^E8w>~ili^^P>-A3J-n%0a?~S~J1ol8j@!nXQ!MzXxW2^_S
ztl?24gai-Trd<i%YwRj}ERnprRG5rJRV%e>GnFK0M&ga9fNyG53}na-B#uP6*x@C6
z%xaY_kAzkxe68JeNSX57xz_smN}0r7ajiC?MqupZ4qQjERq+ux^#zHQH6yWj8-a7z
z|Mt55?l4M_B`N2Nr4Jt`;?L@FF%Il)_8Hj*l6Z=j%BUiz(LI=pYlOJp9d_fNf-A8O
z_5K_C-(%)9c;sVA3GYP&clUqq-Jmzv=>Orc*MIH*L&$p3gH!m`qsjl{?)(?dn`hCB
z=E@|a#u|?@^pJpuoIf_`M2H#ctjn`ws-EjOtCd`i#2nE@LX`c1bCx==N0QcDs+7Ap
z=bH|W*rCkrrDTIE)YmpkBNblh>xYk%acOT{*ekZ24g|Uetk~t5C4YWns8i_4a!;8w
zXrS$9BOx3iBQ5YRGdK3i{HjnVJQA0n86zQBT8ATXz9PRQ5~Aw*0;yA_V9_g~<P0+?
zT@b=LH19v1ed$kbE$5(lvwF4iwv<(xZlqo>7s%k7HDkgAjaQ&2C<*<hmJlXr4O5LH
zku&?&wqNGau_tBHjm<={)3D4VZ__MJc|18gCAC0$q}{2t8o_Mrs?1sPm~0!p>#2Fh
zA92}cfb%d#GU$<4o!O#sZPQel^kV6@OF{_cF{@d=7w}HV9o+>YSZ?eYo8WJG&p*W1
z=9(`hK~{vxM18BN%N@hLaa$RWX)zSlASs?700!mT3D0V)@WD6@Z!nkCg%$wnyQmbE
zL5gQJ4cKNF%CH9`F>isVMba=u-B5%=K#~;SPtc$4DcGGo+QFv>#b&2}qx2221tVt{
z)sVPX9`EbdTvTIG><lAzOHVbD91LyI#PN>?yo)M!c(WONJpgBA${YYC|9*V7`ic8I
zM=2)L`cbD%D8hdNvY$BX&ng~k?3$KHc{RCTK>CAn8LwrtVK6GCapd@pan+4YRajwa
z(ElL8_#d|V0wbMP$LBp!?(p`W&rBO2IXC5lbsa|MHc2)fAR6-Y=mUf!wE&Orr9`f&
zi9Jq>E=;wOPi%NnFz*XEs1c?uA5^)xkKhkR(z3jAZ8OP?GLZ7i2OloKQ+^p~p=84>
zvqzGfJ`v9?{(Ab~mG}?fbPaJeY_JC(c-L#XOHeux{(;Ppw)*Z<G)UkvId2@2A8$MZ
z11ToI-#R6pojy6lm$jSK+w#0?MF@lb%F?{NJ}!B`&1|_DaJ$s;(irr`P~Ao;U)WRB
zSa-+r+&o_>@&WXDS;_4cTW!~DEfzn*Bx|<WTgo|eZ6!=sr`hYgRdg)={qJDExxUJ)
WyvnOQ2l+n$0RR8|WGVmvCIA31Do!i_

literal 0
HcmV?d00001

diff --git a/assets/rancher-eks-operator/rancher-eks-operator-103.7.0+up1.3.7.tgz b/assets/rancher-eks-operator/rancher-eks-operator-103.7.0+up1.3.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..26319e88e62cd483096660f47c41385c467b5dba
GIT binary patch
literal 2041
zcmV<V2L|{biwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PGs=ZrjK)zxfmc`3kq!kfLPSPKl;K>IA*w?rg(OuMG}Cuv(79
ztyWy#&Qgx5)4LbDq$rZ6E!UUYEl%@C)N*#dxbsPBmhuF(k2CUBhMF0r`)3K$CRnn$
zeDNh948!nbG;+UT7`A^0qoeS}V01b<IyoJkj)pJ7!SQf3dI8}V;l2ZMGEBb+e=)DN
za{nj5(o`8{gi0y$05~&Ds%gNPF%koz`Ybof7bzJgWdvQv#pgPHJ!gg|odh^)BPIgl
zYIi4EBH|d+2zo~6*y}`@<zw_0s7a_ag2O+(hCwhq3PL}GKibPb*vrGtttp!$WsGA4
z#iCD3GC1!<Ruq90Y5uwMZiad;4EYt-%Nvo#>V~?pwOWW6$)7HC1UMrub26y8N+)7U
z0nVs~y%=;7*;u`y`!IM_sy+<v(OjcMM(A4$bU(k&ZNycE5zJZ2rZ~sccq|h?Z1^vR
z9?P=o?;tn|PQ4h3YmphZ^aj2`IR|bd2~3m*X9$Zf(kZ<A_8Lk<ke4VcSz=5^QNKSG
zCdtPESM!b9{f4mj=s_yi94Yer2UDvoItY(~(;)nPo)yYGw_iRLbjJS$lR45CO8`6K
ze|S0=w&VYCxR3u&0#m8ROqQYFNVHb~MR0tJ6P8PJg;POBFC*ynJP&7dQJxcvE9Puk
zZqk@35=L3fPG_@7hD{?_6h7uzFTK?2b3xkq?DlV}w%06<g^eprzSlNt#Ak0Pf(es^
z-oXK!s~ADDF-j_8jf#O0iD~L0*TDf?;ba?PY#z}m8YCO(V#TSS6Ka2&ix~T<iqR*O
z$SuddcW~g@rE9mMbOfulrTCp718M^H9vCK4LtqpbC9Spyzt#9tE;JH+Td@O|vQB>I
zl~^w8!jB(4OYl+)rG;6ZNk(+e=2)tLv85YhCe_la6L?u0)7j{8&%e|E4bC&k3{wC6
z;{Chpz<f5p<c#g||KU;F|4&Xw$9w;O3izOMNZ10)17;6ff^b!w3YVuV_pQ?XY6U^j
zBD|@J09dcRxAg+xeIlsZyUqU8%>5Is=62<*SU7W45u9C7@T<wd&kH;J|5Ji8LrsCn
z9$yOV>i-5u$1VRqJsA!5{{IxPTJ^t%g_uV`Xka2Fnq`Ks=hiGd!3e(Yuh*WpTKN#;
zM5GA4qB!^z7uCThU6uzu@YidHC?*j6P?V5Gd9mp$I?IY`Tc$;7CeZs0^?Q#ZfReEK
z)7#2}X?*M2vx<9vFFLnPJc1h`C9pV#Qn@0ryPCqadM?}3OIwe?7^S)?muvalChHre
zXHv14fU8_uR3M&UoXaAan?w=TDSFPzbtAi*zN<xQ#0#B#n4ztU>K&`?m|fW(m3!?1
zPA14r1if>0UGlff8$XYr_wJ{h$zIzsonlZ~02MMcYp89<+@SQ_hkFk@VMqKg9YZUL
zk8cNe)qf`^t@+<DJU$Nh@&74cCek>9vi!PI5*u?KJ!U*$xk;23|8gNHn7yKMQZ+}z
zVrH1_{)(wgtJ}MC=%#atZrtbt%fw%_$}`&s9Ugux8_CTi2Yx&x<Qff?w-%_!Zh4C4
z@Fg5dLGG7pWCrck4KqA(*e&9XNn01ETf?~>Jo7C6@;v)wn8|OkE_r?Y;vx0n{y!FJ
zEYj&C!oV*7AB|30{y!Xq`~L4q;KAO0D^UEoI1e3R;NfvVNxZ^|-MMj_d!+CHZbz%m
z&_nt7pU91y1Q%PbQ7;6?H=L_HHUDwIdhVz6--8|gUmH6;ej2>P|3`yi+yBF(lasyw
zKLynNpJf?sUHxtK=<mq%MaFuN|4@e9Zq}Gd!5Kv`@BlU)MKL~hZxFw8L)>BkV21U#
za#h!YGx7j7hqT;X6VZZf5ZXZsU?ZS~*0gs8BIPoV@9KsE_!&}>#+Vv-1-Dz^I=SLD
z81;e8WjDsp(57YEsr9-Pt}!{jL$*f4xJ$fx>)I(@9bt!X)QGa@T_M&&OM+YD>@C5r
zN%v}X=f?HAS7Xr<jpq(mr3OEn?ZKE(nRf<Zcv`LMJbgodBh-y`u2RE9in=;jes>}%
zpm;X|ht{U$VZCR1@)fMts}+2;(XRHQC2*92?F$xIucP~M4V%Jxeb|)cGMDmFNx_#9
z{B?4!%%w&`mk$fTbg{L}Mz?R?zrXx+d3EuR57n(|*05StkFk20vo(5?#`Ob<(4ADy
zFCIXmd~eio)Vtmy)!7_09wW@{AtpBu-|hsvN2FkG6l9Wdti_mxlKC9JciW<xjFz$+
zhsQ!YCtrdfP&X;YFkU(a4aPa422#L3X-pU;Zk|MtpvIs^)-NQyWG0EAkA_#TxQS$+
zGk+^}khxDCwous9Nb(zaexX7GmGW`H;(m%6S$vVoWdug&xKn$rl<^A_)HRJ2QhI2d
z#!lgvElT6uID>K2#?rAk_IYqd2t}7<RVqI^;kJmeXq-ujv3qa{!X!7jMo@ZV{)_AT
z4V%qG-`F$Lw-#2K{x{59kfYl!`vA^GU)?;WWl;KF#TY?23d5$PZpV2y1FsQtpS!Br
z!$V<5{a<EuR%G-?_5i#3|G`na{vQm7`}yCKK;x^fP3hn2mfPk39UszlR6@_K-5&O^
Xhdu1!F8Fr<00960tBg&E05AXmu(j;`

literal 0
HcmV?d00001

diff --git a/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-103.7.0+up1.2.7.tgz b/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-103.7.0+up1.2.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..336c0a8f45810447f93505b337bf91c99e138466
GIT binary patch
literal 1413
zcmV;01$z1)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>#bK5o(_F2CIlk59RrenwI=;kPH#*^07L``~L0V@h62w(tE
zw$kZ;?|_hGMdp`9N}XoB7mo;VpT&MWTrO=u(gm7+oM2yRG~kr!Q^U^33ovf5f>fNf
zl_-j$>#M8$ZxluQf1~Tm=<MQZcy)O_d>0Mho<$e$hQq5f617HdAenVw&Z5>>`-l6F
z2uP_MIIg4}^$4NhK&W^?!8w5guFfeM$LAc`h^%v^aNB}2hH^ySIFsR<!YvX~v>GUm
zNVwRyE9)>V+^p<~2rje7!c~nX<<9oEyZ-;cB~uT!aJNB$V6pEF*q-89#`i$;uV^e+
zazvJId!Y69=f&XdVAx}5so~n?mp*>FCBLn2C*#aIm3~I6GDGnL&bj2dPkS|(%Pm55
zIT#M2|7AL0ohtsN_3tp%0vy_NYM5<B1l9F_F}%Lsum9ooaQIsPr;y#G2hH)(q4dA(
zAo<Dq;#pqw5-!=OG{<`>I$+?y^T!^Y5VAm#4(#IGtnce<B{*G;NP?()goOHt6Qm-u
z4h>au&SN`>6MU-Rp4CXbzSyWt=i7G{gOW8~u=V4o+i}o0&h_O>T4V-90a(6j7s|N%
zCq?~y9}R0<#+d-~{N5fR+Mq?V#4j?D>Oua@Q7}6qa}XALgjlLHj>!Fn{8*2Wb=Buc
z{k0307XgYcFoj?OAxfjXncRK7oPKxNgZg51d}D2pjhmjNc%PT`F>V;!#%fn&CIrj`
zj)*7pXUpY!^PnrkzbWZJOccAxoU#-ImvPZvLfpzbXr`1vkVV>@)4wQS??Hg12dk0j
z9+XKYdH#j8I7CrcRkJ^lx?-2!>E+d!GxK7n2G!OXF5_a=K8w0kyZc1zP%TP--=}Pb
zMxsM|BlH3e1SpO}tW+#;Y>=UJ9K;l<LD%IOc&e3g$e!!0vWx2*Ar#FSFl1WCrL~u1
z?}egCaT?da)Es{YYl>7!24?jcWQ@fr*b$&Xa5&9o>smdq&=tdz_{Y;er)W<KcDiWT
zZ5)n?l3BddH-dvLPWTploNNhb)8cf<4+3T=3M>Z3^0o-Xq_U7}Jy+?sMs^oEWy4Md
zMsbJfzhx^J1FL7I#xa-iG-Q64!ApTlhY}>kKk^sHZk6YaRp#<G2-$roqOO}Px?!A>
zvMG&bz3M%H@-2-BAV>`j1Yz820jqMp=^nJAR2qYor!d)eLj{clX+v(QlH4hCocbtz
z{<c;bnxfk>m$YaJ{bPTkR1qhamO@<_K;64b!(41qZk1^gq^|P`lEUM?VmMZrEa-^$
zwRs|p^PygeHZD8UR$FVd;<c<pS2J#tDgTBaXYKvtb^Y#lo{S`U3NfA*vaH#8lBR9X
z0Twp2@x^DZ$V0Mjl*H7suIdQrg3A-fO+n@sQ>t`zFe+Px7ut2KXq7!(gJ^@8YRA34
z)&%Mx{=wbleE-|_j7^v}2+rq7D{Cmo3%o{}d(KOO1%sH=!7o8%m5F&=0~+yNrzuv8
zn14I~QQKNHvZ<bdQ;-m2iY<Yfq`dDLKcfa-FaX{+xsHjvt}i+^z*^H<ZA4OdoG50;
zN?K<;KO8wEvf?H01rQbKzbu>jbO%!D)q@8g+VCYf{O%K0$J2xGwlN7nw~}d98u7a9
z`c9QE=!52Xo4LsehN%@n(?<ELcOSZZ^)(oGJbbhjBl5$wep9l;DME>ttpk_Yre7)N
zz(r>8SF{%5PDdPi0ruFZeReVbP|S98Tc?aa*v^$~w)s}R^~Ty~<gdR^_J1L-@+z<L
T<I6t*00960)ixV404e|gRTRGN

literal 0
HcmV?d00001

diff --git a/assets/rancher-gke-operator/rancher-gke-operator-103.7.0+up1.2.7.tgz b/assets/rancher-gke-operator/rancher-gke-operator-103.7.0+up1.2.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..5158cf6b6046846d81d1e8317dbf9ddd05127720
GIT binary patch
literal 2075
zcmV+$2;}!4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PGrTZ{xTzpY<yS&J}L2D_MRd-U{6UX?Af}++7kR>9vc)BA}_U
z#F`d$B;~B@^?xr&$+Dy<ahgk$w&(d0g&NLFoF^?wLSvL}G(%UUD2W!bcN!C^y(O9R
zgXaL>_x<D1$o}<xzxlU68u|zQ(RegG9v}H*|G@7b4F<yl@SlbI4#<=y^1%Payqe1W
zj{r#$p^0W9QGo+Mi6&e`9wl0H^qA<8ObeGKN)yflXge-0mEpTN(KK!)Kv8NoWf+#b
zThU?`hL{A<(K5qME6OaJpu0e+m`DQX{^=d`y}{7)T_65v9{*q-yRBOjGDnpXiUH({
zu39RM^HyY`0^lskKDWM2QO=oGZi)5gmL;LMRqfbPELe!jjTSP1Xoi$$N~5GAnX*WE
z(F`lti+(GSjn!+q54^X9>I3fq%_VXq3SDD?_V3raO;M3z0CSR%2<Mn+hotPs4gbZ!
zA!%Cv+xG_E*a=Zl$x>~XPT*VQbD$=Yz*I=EhA`+XiQt>>K0sjz<;22B7HgfVpx29-
zj<bnJ#eAc7uO{pRdMJ@eiYjp2M^h^;+V_Xv*z<p%rMWV%?UyeFt?_?Bc!uiP62Ol5
z?~jN5X8a!=kM{BZB_QHrLU<ASHAnLVkO#;2I3*d^ml!dn<uZUy$8n+=o)_oD;IcW1
zicJzzp_mp1v(?!Qk|t3Ai`>TmLY!n#08_#hI*xJL3n@P5oU99P|4qd9nS>!TVTSN)
zX@W?2dZIQ|4iDi>gb18WkgGiOh!BWUEJ|!3J3NF-oNgnINh>lzjmiYRP*By&lyQlS
zh1g3(h^|78)Nt%Mhlh??y0R-m2C!Niir+J(K}^BC15H?>6=(rkaHBlJZzcYmF^LMk
zE7^g~V8_363M`w1;ipfIA$TE~kW4R6IZ^72%&|}bLqj*jl#8WN$8*vqrnS){zkjR$
zYn-Q?XjHwk^Xm^+p8l+V$r;<_|AXP6;s3|u!QTI01U`xkVzR*EM48hSBV6XE!shAH
zeam#eT7j3h2q$F`0PD5$zFGiW$4r%bx7lCSbN^I|xmh{Q7fx+e1gDqE`_*LN*M%Ma
ze-k55Q7TWTPcH>_^?&{0QN#bo#{+-w|1SZnRqtz9uz3IqHB1>ty-e}l+?a*N7{J%P
z_1bY(D;GkXvIL=%7Y8?CULD-XqCDt;yIxyFHU;m;yoAili%nnAT2_?XQpplMh0bqO
zuk$1V$Q73Vbhh$f65e@sjN;DU^3H7&kKmSZ4kQerP%h8pwurE;o=xxSjVVB2f?V7d
z%asIfvh%HwGcHJ|fQpP8R8Ta=Fyndl*0E4nrRZ2ISB-36y0-YJ5YKgTVTPs<s&=fV
zW42{`Q0z4eIGrNZ0d&s9Rl(mZZ~Q!f&WE2f!aGgNw2GmMiYJ$$UNmhx<{G8fKHPiQ
z2|MC{;TTeIe0n>$tNuGaZp{A%{?TB(kN+<LGnRw_6y?{Y;8>gU$O)ky$#g6v`=<>-
z-t4U^CRKCPBqW-c?k}IpG`hWehi)?CXvd8%kd%ERMV6Yzr`!EhG?JT14*b+rNF{1j
zyjq}~*yRXy_YHJ8Q}!>FNHm(KTcT-fu^Yr|leRWacZPF2cxGw%{5*R~6P?{*UGVz!
z>>>5>{y$+!$dc#@VPKd4k4DE0{~!4K`OnM1qrLr3p!jos9$Lb{<Kuwfc!^W9bK^D-
zNZ|n7jaIFpM`e?LAk}sfoNu{8xnLAeC>2?v|LuVF+F$8E2Rr<~GG}`FG<b*qj|QW0
zGye~d`g{L>38?x%NmI3T_4nnczbDh@8S7F0qf(@1v&57$N>l)S2Vm1t<l|#|gZRCj
z+U5%YwY#xx*AmT)-)|0SvAZIo0bV1tgA~9<Km(2O?h05!c^2N+4SDbd5|)IRXm|^E
zTi`0W{55Ftk<58J#usSPGVRoQT?khj72hLUtzq0HUbS^?m9C1gLpW87vS)1})<8po
zJM-%;!M4%%YIX0%^}17G(GZPh7FQ%1KkMzmn5rW0^nHI^uF5PqQGZn^YwJ`bny>_A
zd9Yk~@Ln~C{Eh^=#<s<wePD|66|C2*6?|1rK(-eyo~7h%FIr%|4j#tUB!cz2TbJb`
z<NQK!MwbEnWqKy`g+zrmFXljGWXjHtYcFWttya*+!M=nq<*>wFz`%Ol`BW0ZWU)2%
z##rB8Utio@T%P~^WBIBaUQ}3>*FoE_Sf_FINFwT9Dre`9AW_^rwfIikJyey=VeRz8
z+<1ku1NQAsFnd@6`c^>73B^j#S_q!a@dvvtsK{t2+xdFPq>UO&U<$--f+0+nmO+hi
zrci<sKyM_*M8$SMr65L$UWKfiOL#$a96%2>E$_^g;yp^-t<+v>e><^-+@6{%w}$8D
zD%4O_Hpy8$Oi>~U&lA23K+6nwYA=P*Zf=6ArlCNUbhXvkD*UEFX_9GcFp5$eItIsl
z4@wk5-gX(4ieIr%QxzFBN;t>Rez+K6n(0g;2)Qx;`PIXQO=qm9&6(*L3k#|KJItGt
zQ+HkV5uEczy?#uK$nb**F#vz$`*lg}j<a?KPA!PPcA4~l3p?unBBPT$qd&0+*wz2{
zht2-K-yiSie=h>HUv+It|3<gmEdTHMAze#L{o2~?VGn!Q!yfK~e+2*l|NlJkb8i4J
F004)M3$p+K

literal 0
HcmV?d00001

diff --git a/assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15.tgz b/assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..d1201425662e424a5e0d0243316af3c8a4e1d7b9
GIT binary patch
literal 2800
zcmV<M3J>)kiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH($Z`(MN{j6UxaPH6#SIM$tC#`UMfY;6L6=>Wb3A%W&SY&Bw
zY;#MIDoHu(P4nL$kb1Es%W<~}obCh9msot68Ito#P9)*s0;PM4(}fV9y5j|r+FOyB
zy?8S4ecwMB4D4Uu_nUuvzJKzfH#i*(hW^kW9>4H=gZ}XN1^7?L!gffNCh~><Xj;w1
z{X>9oE;P|pa1}TJA<=}1xfc?x8G2N7LzJ4%C`JL~veG(iL8AzH039t;?6eN~luprI
zqEuAy0ABvz576`a$DZ%{@W1Bg8}svJ>r_r+R0#<&fUMC~E2S}R9V}D;jPmr)*4_kV
zOto^$QLk<(kHoEN9bKqLjqSeoI_J9YJ;1a?hD4!jm@hZ4P&9`m^kac^*>^~il%Kvg
z@OnchLKRAyXxsLYFd7j}`Fs?`RGERlWSC$kBwS|LL9Y^2PCLbN4L$$Z^S$2Sf6^o;
z_1sc;faijy{a+H6qIy~fu*?1rk9$q~KkN+-_J1EhV=_l$`6VVoQ7z=Ev>e^01p&}x
z9>6lU8US|oMatNPU^H9>@NPB{`a+^Yt{rF2#FVhyuV`lJ0A!~7EzU^F^d-)z(uQcq
zc#VZndV=~^$WH;x2vg`daTuG4$jOu$H)K4F;~aq&3}xoJtPRu)gq%}|Fkxa9Bi9~W
zA;LoIL<L>zgCs|d%2?<~gsK|~9%7<ZSA`3VQbzgQ#U%|5;;tr?YnSlIT~q5?YO#<A
zl+T1y;Uj=we{;Bq@Cq4*TF3zI?j7go2reWQlIqo%5v3+1Mj%SjImZaJsIu!M&5?F%
zoFhnt)cGt0w+k9BvL-DcRS35W<RDYdDW7lHelswDH-o{k!E`|+iBY4>Hjbovfn3wj
z`WL&8)>o5+DwIo<o@0iXLpXx*sBKPtJcNuQ*I;4?<-xldV4UdHtFm2ij$w9kx0Es9
zLc<iRNHOv(x${)nt|?J?GH{WHBFg$QT;owLIY%&JOx!Z6G>93DC)wJ*k}<+pwh{6(
znXc?Mj7N}2v7`}3KzT_rW7;qr8qvx4A%;9g<4Gn3&#l;B2~GR2F-{oKsJb@`WC=>;
z>Ew~FV2AzpPlx@6{XaPw4iEN!A8>c)LWDEQ5jvS+zKJr+d?Rzy+yVFg-Z2B|47`t7
zfRLH?BHC>=>E*OUQm$vv`ES+jd=mm>3d@hqnjhrR#&4&(qK0&Pj7*WK3;{`!%^11B
z)I?-61=m>iiX+Gox$p^%|Egvn#v<8JD#+)W2As_>)B$uR;wtksHd7Lb!DoC$=j?Mz
zSZDisDr~6S!(=?v{n|PMs$gnA|Lyu;@kx)226yQH;KV;|=>O@!?;rGkA7BLJzl`67
z;D=H-?e`bR4FN<n)L=DcowAZ7QQc+F`9ygXz}r$*oESBUh$bdlXwO4cf}!axBshx-
zW1_>wd#j&W13;^W0u&;e&#TZgz-lPAA^|AaFpwKJyAfXL<?rwF?xkR9j3rVxUsyKK
z4M|B%VJK0ri5D%C*6|f%Q)8oHA}cZRdT1?Bwh{3boQ-Jo4k!;<8f`Ns9((~#d1Rub
z*IPNOA_Z%JL5qKpn6;1i0__-UjMl>FEqvB&Z<W=Pt*lnFgjP<g14>3u9$+*S+@u94
zD*}OhxjywmKCZ4u=NA=OC>+AwT|rxE5-0cfosFqylhKdw&u-4g=MT=0!`RF7qBbn!
z(e?HFvzv<#m)DzU)>v#7u~v7JCBPT>oC=NQqSr_#qw}+?i_!S3iSj2Y;;QHa%qX(x
z5@+?+y#0dcMNq1*S6=azV{1yej;^7Fr_uZOAAUJ|do!L~Z7%fX-5vZPD2L9gP8+tD
zHHx*P&NJK$M`3p!2$VdyzrVXHMaxe1)|oZj-v=Arn#^lVv>VMDKh=!8vw^TN1ger@
zj#_O>s!fk8J6DSMh0Pl)B-&)9vR%fR>NL5KVv5yMHw1pJTSkDyN<gQ(K*IFmuTH(w
zQtnvJ>OCe;w^{N3UteEbRr_XyvQ*;rLZVs-76owPSGp6FR76)83LdEdhGiF{OXR53
zGqJsuuN`iwa7^bS<!z_B>7M{%Gd5Gbu8x!Lr`M{GF*nPRyKU1XlIR0xtD3KARhWkP
z4M{RV{Uhbk70M+Iu_i4TruM2saE*V~wmBpTnNmhIMOEK^5=Hd}7ba)dH$T3cyuG<P
zyZrdBVwpDhQyCMZFf{uxc|g?~>)5!JS>tTGu&Ef=X75@ZE8IO>{I@;+ms1ix%{}n0
z{C}`<|9jHw`-k{{A5e|y?TH&(BP9LHMnvAH*EXRn1N|{el}33f7#f|XeEt;yzZ4Af
zD1apNXDQO;0b&lo2CWixn6<eiiYa$gI{gDfWBS~D&Q(pnw{n!V=P!zPciv_8ROd~K
z)@|wXe;jPr|15KP3Jb7H|Bw5_rv4B8gZ}RY{!aeCH5{qEW%r!I8id3P^YC$VPNA<x
z$XaYjH3-@I`ma|B2Jj&vpHp<c2XFe%gNO9rn$jmQ06X>n#NWLCKivQA1!``ysmQxs
z`vb~Z+^>}>r<*57gTb*4fHjeG)PE<#Or+2v6fA)2adxp%Phaadimf+)&%NK@8|>77
zl7&)_F#|i}f4}km*Z2GVL;c5IprP@tQS@#z;JR+pc6=KqSEZ5302*b9MFEK|+NhSr
zb*@HvDMUy(Oc7|Dpj3hromEy$R|!$7Nd}gAIi290=RSewh3)!ZyqWI7{|^V7{{K+_
zyBDav=@pfw`Gt1-6~MX@H7`IN3qGUsG#kEM#n+Xw8|LEc2%o3=ab%x+ufIpw)PJQ_
z_wsD?_WaC?qbH%U)Bm3~^?z_WJU!_DKEOFT0wzMjAi^b>)2Dn6lq)UMtU}LmK3Hc9
zy#Rhn8G~>^q=xZ3kST{-suw`)3rcZ0=QzLr{`-`uh2wQISFO5sj_QUKOlOI*AHX##
zZ7?Yyb7JV)!n=%y;A{nJbVrsi!k8VhKo&#7(mCZYqf%*bYi-5YqV#i4^&*{mp@_R?
zn45B{&3fx!-kfU3P&51C7VOuDs71Dj=RUiqfOh>~*Z$nt6+bQp*rET&r-S2W{m+Si
zsQ=pwsFZ5VwXjmfQ-*<A;@+qQa~vxsSs&E_sD(&b1PXPf0z1p!Z91R*S3#DQD}|Le
zXczEvn$?Kc-&a+Fp;xfs*{^ls#jpNv_MX80s6AG1KL5Wd?i&oTe60EgddQcJ7joo{
zm*I!1F4pB6hM|trws&a~*}SFL!=zY{TE9VOcPRbi-kayy&XV%?vYm#Z&F$nu+bylW
zBg1r6h^5!Qc~nhO_AR^Dc*$-(UEXBJR_t#+kW*zJ*}dk;Z;Y%w#&4|T5hv4Fi&y2@
zBT>|HY@09e+s-2|r2`>r#S4|AdGyKTB))xW#!~AUjz?MXQhs>j5r`x!9U~IWh~}Zy
z-aUfGzcIKWmMYe$OR83L)c=Q}((#9Qiqo&}*A8uLD-LO^dxRaekB^ej+A%$X?QblG
z*-{R(A9L7V>Q<V=x~#l167rz`Z;$`-yWgh>{=Opr8y;`efBPqg`=7l)HU2AJff~VI
z^&xO?kzW~(tY3+?gmw=FQrYAukE6bdIg9$akM{rvIKTn6!oLFm0RR7QuAwymMgRZ{
C+JRgE

literal 0
HcmV?d00001

diff --git a/charts/fleet-agent/103.1.12+up0.9.13/Chart.yaml b/charts/fleet-agent/103.1.12+up0.9.13/Chart.yaml
new file mode 100644
index 0000000000..6f86bda95e
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/Chart.yaml
@@ -0,0 +1,15 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: fleet-agent
+apiVersion: v2
+appVersion: 0.9.13
+description: Fleet Manager Agent - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-agent
+version: 103.1.12+up0.9.13
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/README.md b/charts/fleet-agent/103.1.12+up0.9.13/README.md
new file mode 100644
index 0000000000..2c5724dcef
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/README.md
@@ -0,0 +1,8 @@
+## Fleet Agent Helm Chart
+
+Every Fleet-managed downstream cluster will run an agent that communicates back to the Fleet controller. This agent is just another set of Kubernetes controllers running in the downstream cluster.
+
+Standalone Fleet users use this chart for agent-initiated registration. For more details see [agent-initiated registration](https://fleet.rancher.io/cluster-registration#agent-initiated).
+Fleet in Rancher does not use this chart, but creates the agent deployments programmatically.
+
+The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/).
\ No newline at end of file
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/_helpers.tpl b/charts/fleet-agent/103.1.12+up0.9.13/templates/_helpers.tpl
new file mode 100644
index 0000000000..6cd96c3ace
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/configmap.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/configmap.yaml
new file mode 100644
index 0000000000..f3e83a89cc
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/configmap.yaml
@@ -0,0 +1,13 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: fleet-agent
+data:
+  config: |-
+    {
+      {{ if .Values.labels }}
+      "labels":{{toJson .Values.labels}},
+      {{ end }}
+      "clientID":"{{.Values.clientID}}",
+      "agentTLSMode": "{{.Values.agentTLSMode}}"
+    }
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/deployment.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/deployment.yaml
new file mode 100644
index 0000000000..582eed608d
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/deployment.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-agent
+spec:
+  selector:
+    matchLabels:
+      app: fleet-agent
+  template:
+    metadata:
+      labels:
+        app: fleet-agent
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}'
+        name: fleet-agent
+        command:
+        - fleetagent
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- else }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          privileged: false
+          capabilities:
+            drop:
+            - ALL
+        {{- end }}
+      serviceAccountName: fleet-agent
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.fleetAgent.nodeSelector }}
+{{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.fleetAgent.tolerations }}
+{{ toYaml .Values.fleetAgent.tolerations | indent 8 }}
+{{- end }}
+{{- if not .Values.debug }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+{{- end }}
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/network_policy_allow_all.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/network_policy_allow_all.yaml
new file mode 100644
index 0000000000..a72109a062
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Values.internal.systemNamespace }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/patch_default_serviceaccount.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 0000000000..aad4eea415
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-fleet-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: fleet-agent
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ .Values.internal.systemNamespace }}]
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.kubectl.nodeSelector }}
+{{ toYaml .Values.kubectl.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.kubectl.tolerations }}
+{{ toYaml .Values.kubectl.tolerations | indent 8 }}
+{{- end }}
+  backoffLimit: 1
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/rbac.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/rbac.yaml
new file mode 100644
index 0000000000..1a7e8d8841
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/rbac.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-agent-system-fleet-agent-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- nonResourceURLs:
+  - "*"
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-agent-system-fleet-agent-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-agent-system-fleet-agent-role
+subjects:
+- kind: ServiceAccount
+  name: fleet-agent
+  namespace: {{.Release.Namespace}}
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/secret.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/secret.yaml
new file mode 100644
index 0000000000..4715882047
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}"
+  clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
+  token: "{{b64enc .Values.token}}"
+  apiServerURL: "{{b64enc .Values.apiServerURL}}"
+  apiServerCA: "{{b64enc .Values.apiServerCA}}"
+kind: Secret
+metadata:
+  name: fleet-agent-bootstrap
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/serviceaccount.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..73e27f0be9
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-agent
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/templates/validate.yaml b/charts/fleet-agent/103.1.12+up0.9.13/templates/validate.yaml
new file mode 100644
index 0000000000..d53ff1c508
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/templates/validate.yaml
@@ -0,0 +1,11 @@
+{{if ne .Release.Namespace .Values.internal.systemNamespace }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }}
+{{end}}
+
+{{if ne .Release.Name .Values.internal.managedReleaseName }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }}
+{{end}}
+
+{{if not .Values.apiServerURL }}
+{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }}
+{{end}}
diff --git a/charts/fleet-agent/103.1.12+up0.9.13/values.yaml b/charts/fleet-agent/103.1.12+up0.9.13/values.yaml
new file mode 100644
index 0000000000..b49ccdeb7f
--- /dev/null
+++ b/charts/fleet-agent/103.1.12+up0.9.13/values.yaml
@@ -0,0 +1,67 @@
+image:
+  os: "windows,linux"
+  repository: rancher/fleet-agent
+  tag: v0.9.13
+
+# The public URL of the Kubernetes API server running the Fleet Manager must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# Determines whether the agent should trust CA bundles from the operating system's trust store when connecting to a
+# management cluster. True in `system-store` mode, false in `strict` mode.
+agentTLSMode: "system-store"
+
+# The cluster registration value
+token: ""
+
+# Labels to add to the cluster upon registration only. They are not added after the fact.
+#labels:
+#  foo: bar
+
+# The client ID of the cluster to associate with
+clientID: ""
+
+# The namespace of the cluster we are register with
+clusterNamespace: ""
+
+# The namespace containing the clusters registration secrets
+systemRegistrationNamespace: cattle-fleet-clusters-system
+
+# Please do not change the below setting unless you really know what you are doing
+internal:
+  systemNamespace: cattle-fleet-system
+  managedReleaseName: fleet-agent
+
+# The nodeSelector and tolerations for the agent deployment
+fleetAgent:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations: []
+kubectl:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations:
+  - key: node.cloudprovider.kubernetes.io/uninitialized
+    operator: "Equal"
+    value: "true"
+    effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.21.5
+
+debug: false
+debugLevel: 0
diff --git a/charts/fleet-crd/103.1.12+up0.9.13/Chart.yaml b/charts/fleet-crd/103.1.12+up0.9.13/Chart.yaml
new file mode 100644
index 0000000000..96b9a65996
--- /dev/null
+++ b/charts/fleet-crd/103.1.12+up0.9.13/Chart.yaml
@@ -0,0 +1,13 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: fleet-crd
+apiVersion: v2
+appVersion: 0.9.13
+description: Fleet Manager CustomResourceDefinitions
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-crd
+version: 103.1.12+up0.9.13
diff --git a/charts/fleet-crd/103.1.12+up0.9.13/README.md b/charts/fleet-crd/103.1.12+up0.9.13/README.md
new file mode 100644
index 0000000000..2452ab2f1f
--- /dev/null
+++ b/charts/fleet-crd/103.1.12+up0.9.13/README.md
@@ -0,0 +1,5 @@
+# Fleet CRD Helm Chart
+
+Fleet Manager CustomResourceDefinitions Helm chart is a requirement for the Fleet Helm Chart.
+
+The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/).
\ No newline at end of file
diff --git a/charts/fleet-crd/103.1.12+up0.9.13/templates/crds.yaml b/charts/fleet-crd/103.1.12+up0.9.13/templates/crds.yaml
new file mode 100644
index 0000000000..d42811945d
--- /dev/null
+++ b/charts/fleet-crd/103.1.12+up0.9.13/templates/crds.yaml
@@ -0,0 +1,6859 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundledeployments.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleDeployment
+    plural: bundledeployments
+    singular: bundledeployment
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.deployed
+          name: Deployed
+          type: string
+        - jsonPath: .status.display.monitored
+          name: Monitored
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'BundleDeployment is used internally by Fleet and should not
+            be used directly.
+
+            When a Bundle is deployed to a cluster an instance of a Bundle is called
+            a
+
+            BundleDeployment. A BundleDeployment represents the state of that Bundle
+            on
+
+            a specific cluster with its cluster-specific customizations. The Fleet
+            agent
+
+            is only aware of BundleDeployment resources that are created for the cluster
+
+            the agent is managing.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                correctDrift:
+                  description: CorrectDrift specifies how drift correction should
+                    work.
+                  nullable: true
+                  properties:
+                    enabled:
+                      description: Enabled correct drift if true.
+                      type: boolean
+                    force:
+                      description: Force helm rollback with --force option will be
+                        used if true. This will try to recreate all resources in the
+                        release.
+                      type: boolean
+                    keepFailHistory:
+                      description: KeepFailHistory keeps track of failed rollbacks
+                        in the helm history.
+                      type: boolean
+                  type: object
+                dependsOn:
+                  description: DependsOn refers to the bundles which must be ready
+                    before this bundle can be deployed.
+                  items:
+                    properties:
+                      name:
+                        description: Name of the bundle.
+                        nullable: true
+                        type: string
+                      selector:
+                        description: Selector matching bundle's labels.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                deploymentID:
+                  description: DeploymentID is the ID of the currently applied deployment.
+                  nullable: true
+                  type: string
+                options:
+                  description: Options are the deployment options, that are currently
+                    applied.
+                  properties:
+                    correctDrift:
+                      description: CorrectDrift specifies how drift correction should
+                        work.
+                      nullable: true
+                      properties:
+                        enabled:
+                          description: Enabled correct drift if true.
+                          type: boolean
+                        force:
+                          description: Force helm rollback with --force option will
+                            be used if true. This will try to recreate all resources
+                            in the release.
+                          type: boolean
+                        keepFailHistory:
+                          description: KeepFailHistory keeps track of failed rollbacks
+                            in the helm history.
+                          type: boolean
+                      type: object
+                    defaultNamespace:
+                      description: 'DefaultNamespace is the namespace to use for resources
+                        that do not
+
+                        specify a namespace. This field is not used to enforce or
+                        lock down
+
+                        the deployment to a specific namespace.'
+                      nullable: true
+                      type: string
+                    deleteCRDResources:
+                      description: DeleteCRDResources deletes CRDs. Warning! this
+                        will also delete all your Custom Resources.
+                      type: boolean
+                    diff:
+                      description: Diff can be used to ignore the modified state of
+                        objects which are amended at runtime.
+                      nullable: true
+                      properties:
+                        comparePatches:
+                          description: ComparePatches match a resource and remove
+                            fields from the check for modifications.
+                          items:
+                            description: ComparePatch matches a resource and removes
+                              fields from the check for modifications.
+                            properties:
+                              apiVersion:
+                                description: APIVersion is the apiVersion of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              jsonPointers:
+                                description: JSONPointers ignore diffs at a certain
+                                  JSON path.
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              kind:
+                                description: Kind is the kind of the resource to match.
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name is the name of the resource to match.
+                                nullable: true
+                                type: string
+                              namespace:
+                                description: Namespace is the namespace of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              operations:
+                                description: Operations remove a JSON path from the
+                                  resource.
+                                items:
+                                  description: Operation of a ComparePatch, usually
+                                    "remove".
+                                  properties:
+                                    op:
+                                      description: Op is usually "remove"
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      description: Path is the JSON path to remove.
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      description: Value is usually empty.
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    forceSyncGeneration:
+                      description: ForceSyncGeneration is used to force a redeployment
+                      type: integer
+                    helm:
+                      description: Helm options for the deployment, like the chart
+                        name, repo and values.
+                      nullable: true
+                      properties:
+                        atomic:
+                          description: Atomic sets the --atomic flag when Helm is
+                            performing an upgrade
+                          type: boolean
+                        chart:
+                          description: 'Chart can refer to any go-getter URL or OCI
+                            registry based helm
+
+                            chart URL. The chart will be downloaded.'
+                          nullable: true
+                          type: string
+                        disableDNS:
+                          description: DisableDNS can be used to customize Helm's
+                            EnableDNS option, which Fleet sets to `true` by default.
+                          type: boolean
+                        disablePreProcess:
+                          description: DisablePreProcess disables template processing
+                            in values
+                          type: boolean
+                        force:
+                          description: Force allows to override immutable resources.
+                            This could be dangerous.
+                          type: boolean
+                        maxHistory:
+                          description: MaxHistory limits the maximum number of revisions
+                            saved per release by Helm.
+                          type: integer
+                        releaseName:
+                          description: 'ReleaseName sets a custom release name to
+                            deploy the chart as. If
+
+                            not specified a release name will be generated by combining
+                            the
+
+                            invoking GitRepo.name + GitRepo.path.'
+                          maxLength: 53
+                          nullable: true
+                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                          type: string
+                        repo:
+                          description: Repo is the name of the HTTPS helm repo to
+                            download the chart from.
+                          nullable: true
+                          type: string
+                        skipSchemaValidation:
+                          description: SkipSchemaValidation allows skipping schema
+                            validation against the chart values
+                          type: boolean
+                        takeOwnership:
+                          description: TakeOwnership makes helm skip the check for
+                            its own annotations
+                          type: boolean
+                        timeoutSeconds:
+                          description: TimeoutSeconds is the time to wait for Helm
+                            operations.
+                          type: integer
+                        values:
+                          description: 'Values passed to Helm. It is possible to specify
+                            the keys and values
+
+                            as go template strings.'
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        valuesFiles:
+                          description: ValuesFiles is a list of files to load values
+                            from.
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        valuesFrom:
+                          description: ValuesFrom loads the values from configmaps
+                            and secrets.
+                          items:
+                            description: 'Define helm values that can come from configmap,
+                              secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                            properties:
+                              configMapKeyRef:
+                                description: The reference to a config map with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secretKeyRef:
+                                description: The reference to a secret with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        version:
+                          description: Version of the chart to download
+                          nullable: true
+                          type: string
+                        waitForJobs:
+                          description: 'WaitForJobs if set and timeoutSeconds provided,
+                            will wait until all
+
+                            Jobs have been completed before marking the GitRepo as
+                            ready. It
+
+                            will wait for as long as timeoutSeconds'
+                          type: boolean
+                      type: object
+                    ignore:
+                      description: IgnoreOptions can be used to ignore fields when
+                        monitoring the bundle.
+                      properties:
+                        conditions:
+                          description: Conditions is a list of conditions to be ignored
+                            when monitoring the Bundle.
+                          items:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    keepResources:
+                      description: KeepResources can be used to keep the deployed
+                        resources when removing the bundle
+                      type: boolean
+                    kustomize:
+                      description: 'Kustomize options for the deployment, like the
+                        dir containing the
+
+                        kustomization.yaml file.'
+                      nullable: true
+                      properties:
+                        dir:
+                          description: 'Dir points to a custom folder for kustomize
+                            resources. This folder must contain
+
+                            a kustomization.yaml file.'
+                          nullable: true
+                          type: string
+                      type: object
+                    namespace:
+                      description: 'TargetNamespace if present will assign all resource
+                        to this
+
+                        namespace and if any cluster scoped resource exists the deployment
+
+                        will fail.'
+                      nullable: true
+                      type: string
+                    namespaceAnnotations:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceAnnotations are annotations that will
+                        be appended to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    namespaceLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceLabels are labels that will be appended
+                        to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    serviceAccount:
+                      description: ServiceAccount which will be used to perform this
+                        deployment.
+                      nullable: true
+                      type: string
+                    yaml:
+                      description: 'YAML options, if using raw YAML these are names
+                        that map to
+
+                        overlays/{name} files that will be used to replace or patch
+                        a resource.'
+                      nullable: true
+                      properties:
+                        overlays:
+                          description: 'Overlays is a list of names that maps to folders
+                            in "overlays/".
+
+                            If you wish to customize the file ./subdir/resource.yaml
+                            then a file
+
+                            ./overlays/myoverlay/subdir/resource.yaml will replace
+                            the base
+
+                            file.
+
+                            A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                            will patch the base file.'
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                paused:
+                  description: 'Paused if set to true, will stop any BundleDeployments
+                    from being
+
+                    updated. If true, BundleDeployments will be marked as out of sync
+
+                    when changes are detected.'
+                  type: boolean
+                stagedDeploymentID:
+                  description: StagedDeploymentID is the ID of the staged deployment.
+                  nullable: true
+                  type: string
+                stagedOptions:
+                  description: 'StagedOptions are the deployment options, that are
+                    staged for
+
+                    the next deployment.'
+                  properties:
+                    correctDrift:
+                      description: CorrectDrift specifies how drift correction should
+                        work.
+                      nullable: true
+                      properties:
+                        enabled:
+                          description: Enabled correct drift if true.
+                          type: boolean
+                        force:
+                          description: Force helm rollback with --force option will
+                            be used if true. This will try to recreate all resources
+                            in the release.
+                          type: boolean
+                        keepFailHistory:
+                          description: KeepFailHistory keeps track of failed rollbacks
+                            in the helm history.
+                          type: boolean
+                      type: object
+                    defaultNamespace:
+                      description: 'DefaultNamespace is the namespace to use for resources
+                        that do not
+
+                        specify a namespace. This field is not used to enforce or
+                        lock down
+
+                        the deployment to a specific namespace.'
+                      nullable: true
+                      type: string
+                    deleteCRDResources:
+                      description: DeleteCRDResources deletes CRDs. Warning! this
+                        will also delete all your Custom Resources.
+                      type: boolean
+                    diff:
+                      description: Diff can be used to ignore the modified state of
+                        objects which are amended at runtime.
+                      nullable: true
+                      properties:
+                        comparePatches:
+                          description: ComparePatches match a resource and remove
+                            fields from the check for modifications.
+                          items:
+                            description: ComparePatch matches a resource and removes
+                              fields from the check for modifications.
+                            properties:
+                              apiVersion:
+                                description: APIVersion is the apiVersion of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              jsonPointers:
+                                description: JSONPointers ignore diffs at a certain
+                                  JSON path.
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              kind:
+                                description: Kind is the kind of the resource to match.
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name is the name of the resource to match.
+                                nullable: true
+                                type: string
+                              namespace:
+                                description: Namespace is the namespace of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              operations:
+                                description: Operations remove a JSON path from the
+                                  resource.
+                                items:
+                                  description: Operation of a ComparePatch, usually
+                                    "remove".
+                                  properties:
+                                    op:
+                                      description: Op is usually "remove"
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      description: Path is the JSON path to remove.
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      description: Value is usually empty.
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    forceSyncGeneration:
+                      description: ForceSyncGeneration is used to force a redeployment
+                      type: integer
+                    helm:
+                      description: Helm options for the deployment, like the chart
+                        name, repo and values.
+                      nullable: true
+                      properties:
+                        atomic:
+                          description: Atomic sets the --atomic flag when Helm is
+                            performing an upgrade
+                          type: boolean
+                        chart:
+                          description: 'Chart can refer to any go-getter URL or OCI
+                            registry based helm
+
+                            chart URL. The chart will be downloaded.'
+                          nullable: true
+                          type: string
+                        disableDNS:
+                          description: DisableDNS can be used to customize Helm's
+                            EnableDNS option, which Fleet sets to `true` by default.
+                          type: boolean
+                        disablePreProcess:
+                          description: DisablePreProcess disables template processing
+                            in values
+                          type: boolean
+                        force:
+                          description: Force allows to override immutable resources.
+                            This could be dangerous.
+                          type: boolean
+                        maxHistory:
+                          description: MaxHistory limits the maximum number of revisions
+                            saved per release by Helm.
+                          type: integer
+                        releaseName:
+                          description: 'ReleaseName sets a custom release name to
+                            deploy the chart as. If
+
+                            not specified a release name will be generated by combining
+                            the
+
+                            invoking GitRepo.name + GitRepo.path.'
+                          nullable: true
+                          type: string
+                        repo:
+                          description: Repo is the name of the HTTPS helm repo to
+                            download the chart from.
+                          nullable: true
+                          type: string
+                        skipSchemaValidation:
+                          description: SkipSchemaValidation allows skipping schema
+                            validation against the chart values
+                          type: boolean
+                        takeOwnership:
+                          description: TakeOwnership makes helm skip the check for
+                            its own annotations
+                          type: boolean
+                        timeoutSeconds:
+                          description: TimeoutSeconds is the time to wait for Helm
+                            operations.
+                          type: integer
+                        values:
+                          description: 'Values passed to Helm. It is possible to specify
+                            the keys and values
+
+                            as go template strings.'
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        valuesFiles:
+                          description: ValuesFiles is a list of files to load values
+                            from.
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        valuesFrom:
+                          description: ValuesFrom loads the values from configmaps
+                            and secrets.
+                          items:
+                            description: 'Define helm values that can come from configmap,
+                              secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                            properties:
+                              configMapKeyRef:
+                                description: The reference to a config map with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secretKeyRef:
+                                description: The reference to a secret with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        version:
+                          description: Version of the chart to download
+                          nullable: true
+                          type: string
+                        waitForJobs:
+                          description: 'WaitForJobs if set and timeoutSeconds provided,
+                            will wait until all
+
+                            Jobs have been completed before marking the GitRepo as
+                            ready. It
+
+                            will wait for as long as timeoutSeconds'
+                          type: boolean
+                      type: object
+                    ignore:
+                      description: IgnoreOptions can be used to ignore fields when
+                        monitoring the bundle.
+                      properties:
+                        conditions:
+                          description: Conditions is a list of conditions to be ignored
+                            when monitoring the Bundle.
+                          items:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    keepResources:
+                      description: KeepResources can be used to keep the deployed
+                        resources when removing the bundle
+                      type: boolean
+                    kustomize:
+                      description: 'Kustomize options for the deployment, like the
+                        dir containing the
+
+                        kustomization.yaml file.'
+                      nullable: true
+                      properties:
+                        dir:
+                          description: 'Dir points to a custom folder for kustomize
+                            resources. This folder must contain
+
+                            a kustomization.yaml file.'
+                          nullable: true
+                          type: string
+                      type: object
+                    namespace:
+                      description: 'TargetNamespace if present will assign all resource
+                        to this
+
+                        namespace and if any cluster scoped resource exists the deployment
+
+                        will fail.'
+                      nullable: true
+                      type: string
+                    namespaceAnnotations:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceAnnotations are annotations that will
+                        be appended to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    namespaceLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceLabels are labels that will be appended
+                        to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    serviceAccount:
+                      description: ServiceAccount which will be used to perform this
+                        deployment.
+                      nullable: true
+                      type: string
+                    yaml:
+                      description: 'YAML options, if using raw YAML these are names
+                        that map to
+
+                        overlays/{name} files that will be used to replace or patch
+                        a resource.'
+                      nullable: true
+                      properties:
+                        overlays:
+                          description: 'Overlays is a list of names that maps to folders
+                            in "overlays/".
+
+                            If you wish to customize the file ./subdir/resource.yaml
+                            then a file
+
+                            ./overlays/myoverlay/subdir/resource.yaml will replace
+                            the base
+
+                            file.
+
+                            A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                            will patch the base file.'
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+              type: object
+            status:
+              properties:
+                appliedDeploymentID:
+                  nullable: true
+                  type: string
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                display:
+                  properties:
+                    deployed:
+                      nullable: true
+                      type: string
+                    monitored:
+                      nullable: true
+                      type: string
+                    state:
+                      nullable: true
+                      type: string
+                  type: object
+                modifiedStatus:
+                  items:
+                    description: 'ModifiedStatus is used to report the status of a
+                      resource that is modified.
+
+                      It indicates if the modification was a create, a delete or a
+                      patch.'
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      delete:
+                        type: boolean
+                      kind:
+                        nullable: true
+                        type: string
+                      missing:
+                        type: boolean
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                      patch:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                nonModified:
+                  type: boolean
+                nonReadyStatus:
+                  items:
+                    description: NonReadyStatus is used to report the status of a
+                      resource that is not ready. It includes a summary.
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      kind:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                      summary:
+                        properties:
+                          error:
+                            type: boolean
+                          message:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          state:
+                            nullable: true
+                            type: string
+                          transitioning:
+                            type: boolean
+                        type: object
+                      uid:
+                        description: 'UID is a type that holds unique ID values, including
+                          UUIDs.  Because we
+
+                          don''t ONLY use UUIDs, this is an alias to string.  Being
+                          a type captures
+
+                          intent and helps make sure that UIDs and names do not get
+                          conflated.'
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                ready:
+                  type: boolean
+                release:
+                  nullable: true
+                  type: string
+                resources:
+                  description: 'Resources lists the metadata of resources that were
+                    deployed
+
+                    according to the helm release history.'
+                  items:
+                    description: BundleDeploymentResource contains the metadata of
+                      a deployed resource.
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      createdAt:
+                        nullable: true
+                        type: string
+                      kind:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                syncGeneration:
+                  nullable: true
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundlenamespacemappings.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleNamespaceMapping
+    plural: bundlenamespacemappings
+    singular: bundlenamespacemapping
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: BundleNamespaceMapping maps bundles to clusters in other namespaces.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            bundleSelector:
+              description: 'A label selector is a label query over a set of resources.
+                The result of matchLabels and
+
+                matchExpressions are ANDed. An empty label selector matches all objects.
+                A null
+
+                label selector matches no objects.'
+              nullable: true
+              properties:
+                matchExpressions:
+                  description: matchExpressions is a list of label selector requirements.
+                    The requirements are ANDed.
+                  items:
+                    description: 'A label selector requirement is a selector that
+                      contains values, a key, and an operator that
+
+                      relates the key and values.'
+                    properties:
+                      key:
+                        description: key is the label key that the selector applies
+                          to.
+                        nullable: true
+                        type: string
+                      operator:
+                        description: 'operator represents a key''s relationship to
+                          a set of values.
+
+                          Valid operators are In, NotIn, Exists and DoesNotExist.'
+                        nullable: true
+                        type: string
+                      values:
+                        description: 'values is an array of string values. If the
+                          operator is In or NotIn,
+
+                          the values array must be non-empty. If the operator is Exists
+                          or DoesNotExist,
+
+                          the values array must be empty. This array is replaced during
+                          a strategic
+
+                          merge patch.'
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                matchLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: 'matchLabels is a map of {key,value} pairs. A single
+                    {key,value} in the matchLabels
+
+                    map is equivalent to an element of matchExpressions, whose key
+                    field is "key", the
+
+                    operator is "In", and the values array contains only "value".
+                    The requirements are ANDed.'
+                  nullable: true
+                  type: object
+              type: object
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            namespaceSelector:
+              description: 'A label selector is a label query over a set of resources.
+                The result of matchLabels and
+
+                matchExpressions are ANDed. An empty label selector matches all objects.
+                A null
+
+                label selector matches no objects.'
+              nullable: true
+              properties:
+                matchExpressions:
+                  description: matchExpressions is a list of label selector requirements.
+                    The requirements are ANDed.
+                  items:
+                    description: 'A label selector requirement is a selector that
+                      contains values, a key, and an operator that
+
+                      relates the key and values.'
+                    properties:
+                      key:
+                        description: key is the label key that the selector applies
+                          to.
+                        nullable: true
+                        type: string
+                      operator:
+                        description: 'operator represents a key''s relationship to
+                          a set of values.
+
+                          Valid operators are In, NotIn, Exists and DoesNotExist.'
+                        nullable: true
+                        type: string
+                      values:
+                        description: 'values is an array of string values. If the
+                          operator is In or NotIn,
+
+                          the values array must be non-empty. If the operator is Exists
+                          or DoesNotExist,
+
+                          the values array must be empty. This array is replaced during
+                          a strategic
+
+                          merge patch.'
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                matchLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: 'matchLabels is a map of {key,value} pairs. A single
+                    {key,value} in the matchLabels
+
+                    map is equivalent to an element of matchExpressions, whose key
+                    field is "key", the
+
+                    operator is "In", and the values array contains only "value".
+                    The requirements are ANDed.'
+                  nullable: true
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundles.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Bundle
+    plural: bundles
+    singular: bundle
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.readyClusters
+          name: BundleDeployments-Ready
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'Bundle contains the resources of an application and its deployment
+            options.
+
+            It will be deployed as a Helm chart to target clusters.
+
+
+
+            When a GitRepo is scanned it will produce one or more bundles. Bundles
+            are
+
+            a collection of resources that get deployed to one or more cluster(s).
+            Bundle is the
+
+            fundamental deployment unit used in Fleet. The contents of a Bundle may
+            be
+
+            Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless
+
+            of the source the contents are dynamically rendered into a Helm chart
+            by
+
+            the agent and installed into the downstream cluster as a Helm release.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                correctDrift:
+                  description: CorrectDrift specifies how drift correction should
+                    work.
+                  nullable: true
+                  properties:
+                    enabled:
+                      description: Enabled correct drift if true.
+                      type: boolean
+                    force:
+                      description: Force helm rollback with --force option will be
+                        used if true. This will try to recreate all resources in the
+                        release.
+                      type: boolean
+                    keepFailHistory:
+                      description: KeepFailHistory keeps track of failed rollbacks
+                        in the helm history.
+                      type: boolean
+                  type: object
+                defaultNamespace:
+                  description: 'DefaultNamespace is the namespace to use for resources
+                    that do not
+
+                    specify a namespace. This field is not used to enforce or lock
+                    down
+
+                    the deployment to a specific namespace.'
+                  nullable: true
+                  type: string
+                deleteCRDResources:
+                  description: DeleteCRDResources deletes CRDs. Warning! this will
+                    also delete all your Custom Resources.
+                  type: boolean
+                dependsOn:
+                  description: DependsOn refers to the bundles which must be ready
+                    before this bundle can be deployed.
+                  items:
+                    properties:
+                      name:
+                        description: Name of the bundle.
+                        nullable: true
+                        type: string
+                      selector:
+                        description: Selector matching bundle's labels.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                diff:
+                  description: Diff can be used to ignore the modified state of objects
+                    which are amended at runtime.
+                  nullable: true
+                  properties:
+                    comparePatches:
+                      description: ComparePatches match a resource and remove fields
+                        from the check for modifications.
+                      items:
+                        description: ComparePatch matches a resource and removes fields
+                          from the check for modifications.
+                        properties:
+                          apiVersion:
+                            description: APIVersion is the apiVersion of the resource
+                              to match.
+                            nullable: true
+                            type: string
+                          jsonPointers:
+                            description: JSONPointers ignore diffs at a certain JSON
+                              path.
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          kind:
+                            description: Kind is the kind of the resource to match.
+                            nullable: true
+                            type: string
+                          name:
+                            description: Name is the name of the resource to match.
+                            nullable: true
+                            type: string
+                          namespace:
+                            description: Namespace is the namespace of the resource
+                              to match.
+                            nullable: true
+                            type: string
+                          operations:
+                            description: Operations remove a JSON path from the resource.
+                            items:
+                              description: Operation of a ComparePatch, usually "remove".
+                              properties:
+                                op:
+                                  description: Op is usually "remove"
+                                  nullable: true
+                                  type: string
+                                path:
+                                  description: Path is the JSON path to remove.
+                                  nullable: true
+                                  type: string
+                                value:
+                                  description: Value is usually empty.
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                forceSyncGeneration:
+                  description: ForceSyncGeneration is used to force a redeployment
+                  type: integer
+                helm:
+                  description: Helm options for the deployment, like the chart name,
+                    repo and values.
+                  nullable: true
+                  properties:
+                    atomic:
+                      description: Atomic sets the --atomic flag when Helm is performing
+                        an upgrade
+                      type: boolean
+                    chart:
+                      description: 'Chart can refer to any go-getter URL or OCI registry
+                        based helm
+
+                        chart URL. The chart will be downloaded.'
+                      nullable: true
+                      type: string
+                    disableDNS:
+                      description: DisableDNS can be used to customize Helm's EnableDNS
+                        option, which Fleet sets to `true` by default.
+                      type: boolean
+                    disablePreProcess:
+                      description: DisablePreProcess disables template processing
+                        in values
+                      type: boolean
+                    force:
+                      description: Force allows to override immutable resources. This
+                        could be dangerous.
+                      type: boolean
+                    maxHistory:
+                      description: MaxHistory limits the maximum number of revisions
+                        saved per release by Helm.
+                      type: integer
+                    releaseName:
+                      description: 'ReleaseName sets a custom release name to deploy
+                        the chart as. If
+
+                        not specified a release name will be generated by combining
+                        the
+
+                        invoking GitRepo.name + GitRepo.path.'
+                      maxLength: 53
+                      nullable: true
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                      type: string
+                    repo:
+                      description: Repo is the name of the HTTPS helm repo to download
+                        the chart from.
+                      nullable: true
+                      type: string
+                    skipSchemaValidation:
+                      description: SkipSchemaValidation allows skipping schema validation
+                        against the chart values
+                      type: boolean
+                    takeOwnership:
+                      description: TakeOwnership makes helm skip the check for its
+                        own annotations
+                      type: boolean
+                    timeoutSeconds:
+                      description: TimeoutSeconds is the time to wait for Helm operations.
+                      type: integer
+                    values:
+                      description: 'Values passed to Helm. It is possible to specify
+                        the keys and values
+
+                        as go template strings.'
+                      nullable: true
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    valuesFiles:
+                      description: ValuesFiles is a list of files to load values from.
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    valuesFrom:
+                      description: ValuesFrom loads the values from configmaps and
+                        secrets.
+                      items:
+                        description: 'Define helm values that can come from configmap,
+                          secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                        properties:
+                          configMapKeyRef:
+                            description: The reference to a config map with release
+                              values.
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name of a resource in the same namespace
+                                  as the referent.
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            description: The reference to a secret with release values.
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name of a resource in the same namespace
+                                  as the referent.
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                        type: object
+                      nullable: true
+                      type: array
+                    version:
+                      description: Version of the chart to download
+                      nullable: true
+                      type: string
+                    waitForJobs:
+                      description: 'WaitForJobs if set and timeoutSeconds provided,
+                        will wait until all
+
+                        Jobs have been completed before marking the GitRepo as ready.
+                        It
+
+                        will wait for as long as timeoutSeconds'
+                      type: boolean
+                  type: object
+                ignore:
+                  description: IgnoreOptions can be used to ignore fields when monitoring
+                    the bundle.
+                  properties:
+                    conditions:
+                      description: Conditions is a list of conditions to be ignored
+                        when monitoring the Bundle.
+                      items:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                keepResources:
+                  description: KeepResources can be used to keep the deployed resources
+                    when removing the bundle
+                  type: boolean
+                kustomize:
+                  description: 'Kustomize options for the deployment, like the dir
+                    containing the
+
+                    kustomization.yaml file.'
+                  nullable: true
+                  properties:
+                    dir:
+                      description: 'Dir points to a custom folder for kustomize resources.
+                        This folder must contain
+
+                        a kustomization.yaml file.'
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  description: 'TargetNamespace if present will assign all resource
+                    to this
+
+                    namespace and if any cluster scoped resource exists the deployment
+
+                    will fail.'
+                  nullable: true
+                  type: string
+                namespaceAnnotations:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: NamespaceAnnotations are annotations that will be appended
+                    to the namespace created by Fleet.
+                  nullable: true
+                  type: object
+                namespaceLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: NamespaceLabels are labels that will be appended to
+                    the namespace created by Fleet.
+                  nullable: true
+                  type: object
+                paused:
+                  description: Paused if set to true, will stop any BundleDeployments
+                    from being updated. It will be marked as out of sync.
+                  type: boolean
+                resources:
+                  description: 'Resources contains the resources that were read from
+                    the bundle''s
+
+                    path. This includes the content of downloaded helm charts.'
+                  items:
+                    description: BundleResource represents the content of a single
+                      resource from the bundle, like a YAML manifest.
+                    properties:
+                      content:
+                        description: The content of the resource, can be compressed.
+                        nullable: true
+                        type: string
+                      encoding:
+                        description: Encoding is either empty or "base64+gz".
+                        nullable: true
+                        type: string
+                      name:
+                        description: Name of the resource, can include the bundle's
+                          internal path.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                rolloutStrategy:
+                  description: 'RolloutStrategy controls the rollout of bundles, by
+                    defining
+
+                    partitions, canaries and percentages for cluster availability.'
+                  nullable: true
+                  properties:
+                    autoPartitionSize:
+                      description: 'A number or percentage of how to automatically
+                        partition clusters if no
+
+                        specific partitioning strategy is configured.
+
+                        default: 25%'
+                      nullable: true
+                      x-kubernetes-int-or-string: true
+                    maxUnavailable:
+                      description: 'A number or percentage of clusters that can be
+                        unavailable during an update
+
+                        of a bundle. This follows the same basic approach as a deployment
+                        rollout
+
+                        strategy. Once the number of clusters meets unavailable state
+                        update will be
+
+                        paused. Default value is 100% which doesn''t take effect on
+                        update.
+
+                        default: 100%'
+                      nullable: true
+                      x-kubernetes-int-or-string: true
+                    maxUnavailablePartitions:
+                      description: 'A number or percentage of cluster partitions that
+                        can be unavailable during
+
+                        an update of a bundle.
+
+                        default: 0'
+                      nullable: true
+                      x-kubernetes-int-or-string: true
+                    partitions:
+                      description: 'A list of definitions of partitions.  If any target
+                        clusters do not match
+
+                        the configuration they are added to partitions at the end
+                        following the
+
+                        autoPartitionSize.'
+                      items:
+                        description: Partition defines a separate rollout strategy
+                          for a set of clusters.
+                        properties:
+                          clusterGroup:
+                            description: A cluster group name to include in this partition
+                            nullable: true
+                            type: string
+                          clusterGroupSelector:
+                            description: Selector matching cluster group labels to
+                              include in this partition
+                            nullable: true
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector
+                                  requirements. The requirements are ANDed.
+                                items:
+                                  description: 'A label selector requirement is a
+                                    selector that contains values, a key, and an operator
+                                    that
+
+                                    relates the key and values.'
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector
+                                        applies to.
+                                      nullable: true
+                                      type: string
+                                    operator:
+                                      description: 'operator represents a key''s relationship
+                                        to a set of values.
+
+                                        Valid operators are In, NotIn, Exists and
+                                        DoesNotExist.'
+                                      nullable: true
+                                      type: string
+                                    values:
+                                      description: 'values is an array of string values.
+                                        If the operator is In or NotIn,
+
+                                        the values array must be non-empty. If the
+                                        operator is Exists or DoesNotExist,
+
+                                        the values array must be empty. This array
+                                        is replaced during a strategic
+
+                                        merge patch.'
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                nullable: true
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  nullable: true
+                                  type: string
+                                description: 'matchLabels is a map of {key,value}
+                                  pairs. A single {key,value} in the matchLabels
+
+                                  map is equivalent to an element of matchExpressions,
+                                  whose key field is "key", the
+
+                                  operator is "In", and the values array contains
+                                  only "value". The requirements are ANDed.'
+                                nullable: true
+                                type: object
+                            type: object
+                          clusterName:
+                            description: ClusterName is the name of a cluster to include
+                              in this partition
+                            nullable: true
+                            type: string
+                          clusterSelector:
+                            description: Selector matching cluster labels to include
+                              in this partition
+                            nullable: true
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector
+                                  requirements. The requirements are ANDed.
+                                items:
+                                  description: 'A label selector requirement is a
+                                    selector that contains values, a key, and an operator
+                                    that
+
+                                    relates the key and values.'
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector
+                                        applies to.
+                                      nullable: true
+                                      type: string
+                                    operator:
+                                      description: 'operator represents a key''s relationship
+                                        to a set of values.
+
+                                        Valid operators are In, NotIn, Exists and
+                                        DoesNotExist.'
+                                      nullable: true
+                                      type: string
+                                    values:
+                                      description: 'values is an array of string values.
+                                        If the operator is In or NotIn,
+
+                                        the values array must be non-empty. If the
+                                        operator is Exists or DoesNotExist,
+
+                                        the values array must be empty. This array
+                                        is replaced during a strategic
+
+                                        merge patch.'
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                nullable: true
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  nullable: true
+                                  type: string
+                                description: 'matchLabels is a map of {key,value}
+                                  pairs. A single {key,value} in the matchLabels
+
+                                  map is equivalent to an element of matchExpressions,
+                                  whose key field is "key", the
+
+                                  operator is "In", and the values array contains
+                                  only "value". The requirements are ANDed.'
+                                nullable: true
+                                type: object
+                            type: object
+                          maxUnavailable:
+                            description: 'A number or percentage of clusters that
+                              can be unavailable in this
+
+                              partition before this partition is treated as done.
+
+                              default: 10%'
+                            nullable: true
+                            x-kubernetes-int-or-string: true
+                          name:
+                            description: A user-friendly name given to the partition
+                              used for Display (optional).
+                            nullable: true
+                            type: string
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                serviceAccount:
+                  description: ServiceAccount which will be used to perform this deployment.
+                  nullable: true
+                  type: string
+                targetRestrictions:
+                  description: TargetRestrictions is an allow list, which controls
+                    if a bundledeployment is created for a target.
+                  items:
+                    description: 'BundleTargetRestriction is used internally by Fleet
+                      and should not be modified.
+
+                      It acts as an allow list, to prevent the creation of BundleDeployments
+                      from
+
+                      Targets created by TargetCustomizations in fleet.yaml.'
+                    properties:
+                      clusterGroup:
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        description: 'A label selector is a label query over a set
+                          of resources. The result of matchLabels and
+
+                          matchExpressions are ANDed. An empty label selector matches
+                          all objects. A null
+
+                          label selector matches no objects.'
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        description: 'A label selector is a label query over a set
+                          of resources. The result of matchLabels and
+
+                          matchExpressions are ANDed. An empty label selector matches
+                          all objects. A null
+
+                          label selector matches no objects.'
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      name:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                targets:
+                  description: 'Targets refer to the clusters which will be deployed
+                    to.
+
+                    Targets are evaluated in order and the first one to match is used.'
+                  items:
+                    description: 'BundleTarget declares clusters to deploy to. Fleet
+                      will merge the
+
+                      BundleDeploymentOptions from customizations into this struct.'
+                    properties:
+                      clusterGroup:
+                        description: ClusterGroup to match a specific cluster group
+                          by name.
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        description: ClusterGroupSelector is a selector to match cluster
+                          groups.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        description: 'ClusterName to match a specific cluster by name
+                          that will be
+
+                          selected'
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        description: 'ClusterSelector is a selector to match clusters.
+                          The structure is
+
+                          the standard metav1.LabelSelector format. If clusterGroupSelector
+                          or
+
+                          clusterGroup is specified, clusterSelector will be used
+                          only to
+
+                          further refine the selection after clusterGroupSelector
+                          and
+
+                          clusterGroup is evaluated.'
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      correctDrift:
+                        description: CorrectDrift specifies how drift correction should
+                          work.
+                        nullable: true
+                        properties:
+                          enabled:
+                            description: Enabled correct drift if true.
+                            type: boolean
+                          force:
+                            description: Force helm rollback with --force option will
+                              be used if true. This will try to recreate all resources
+                              in the release.
+                            type: boolean
+                          keepFailHistory:
+                            description: KeepFailHistory keeps track of failed rollbacks
+                              in the helm history.
+                            type: boolean
+                        type: object
+                      defaultNamespace:
+                        description: 'DefaultNamespace is the namespace to use for
+                          resources that do not
+
+                          specify a namespace. This field is not used to enforce or
+                          lock down
+
+                          the deployment to a specific namespace.'
+                        nullable: true
+                        type: string
+                      deleteCRDResources:
+                        description: DeleteCRDResources deletes CRDs. Warning! this
+                          will also delete all your Custom Resources.
+                        type: boolean
+                      diff:
+                        description: Diff can be used to ignore the modified state
+                          of objects which are amended at runtime.
+                        nullable: true
+                        properties:
+                          comparePatches:
+                            description: ComparePatches match a resource and remove
+                              fields from the check for modifications.
+                            items:
+                              description: ComparePatch matches a resource and removes
+                                fields from the check for modifications.
+                              properties:
+                                apiVersion:
+                                  description: APIVersion is the apiVersion of the
+                                    resource to match.
+                                  nullable: true
+                                  type: string
+                                jsonPointers:
+                                  description: JSONPointers ignore diffs at a certain
+                                    JSON path.
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                kind:
+                                  description: Kind is the kind of the resource to
+                                    match.
+                                  nullable: true
+                                  type: string
+                                name:
+                                  description: Name is the name of the resource to
+                                    match.
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  description: Namespace is the namespace of the resource
+                                    to match.
+                                  nullable: true
+                                  type: string
+                                operations:
+                                  description: Operations remove a JSON path from
+                                    the resource.
+                                  items:
+                                    description: Operation of a ComparePatch, usually
+                                      "remove".
+                                    properties:
+                                      op:
+                                        description: Op is usually "remove"
+                                        nullable: true
+                                        type: string
+                                      path:
+                                        description: Path is the JSON path to remove.
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        description: Value is usually empty.
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      doNotDeploy:
+                        description: DoNotDeploy if set to true, will not deploy to
+                          this target.
+                        type: boolean
+                      forceSyncGeneration:
+                        description: ForceSyncGeneration is used to force a redeployment
+                        type: integer
+                      helm:
+                        description: Helm options for the deployment, like the chart
+                          name, repo and values.
+                        nullable: true
+                        properties:
+                          atomic:
+                            description: Atomic sets the --atomic flag when Helm is
+                              performing an upgrade
+                            type: boolean
+                          chart:
+                            description: 'Chart can refer to any go-getter URL or
+                              OCI registry based helm
+
+                              chart URL. The chart will be downloaded.'
+                            nullable: true
+                            type: string
+                          disableDNS:
+                            description: DisableDNS can be used to customize Helm's
+                              EnableDNS option, which Fleet sets to `true` by default.
+                            type: boolean
+                          disablePreProcess:
+                            description: DisablePreProcess disables template processing
+                              in values
+                            type: boolean
+                          force:
+                            description: Force allows to override immutable resources.
+                              This could be dangerous.
+                            type: boolean
+                          maxHistory:
+                            description: MaxHistory limits the maximum number of revisions
+                              saved per release by Helm.
+                            type: integer
+                          releaseName:
+                            description: 'ReleaseName sets a custom release name to
+                              deploy the chart as. If
+
+                              not specified a release name will be generated by combining
+                              the
+
+                              invoking GitRepo.name + GitRepo.path.'
+                            nullable: true
+                            type: string
+                          repo:
+                            description: Repo is the name of the HTTPS helm repo to
+                              download the chart from.
+                            nullable: true
+                            type: string
+                          skipSchemaValidation:
+                            description: SkipSchemaValidation allows skipping schema
+                              validation against the chart values
+                            type: boolean
+                          takeOwnership:
+                            description: TakeOwnership makes helm skip the check for
+                              its own annotations
+                            type: boolean
+                          timeoutSeconds:
+                            description: TimeoutSeconds is the time to wait for Helm
+                              operations.
+                            type: integer
+                          values:
+                            description: 'Values passed to Helm. It is possible to
+                              specify the keys and values
+
+                              as go template strings.'
+                            nullable: true
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          valuesFiles:
+                            description: ValuesFiles is a list of files to load values
+                              from.
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          valuesFrom:
+                            description: ValuesFrom loads the values from configmaps
+                              and secrets.
+                            items:
+                              description: 'Define helm values that can come from
+                                configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                              properties:
+                                configMapKeyRef:
+                                  description: The reference to a config map with
+                                    release values.
+                                  nullable: true
+                                  properties:
+                                    key:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      description: Name of a resource in the same
+                                        namespace as the referent.
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                secretKeyRef:
+                                  description: The reference to a secret with release
+                                    values.
+                                  nullable: true
+                                  properties:
+                                    key:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      description: Name of a resource in the same
+                                        namespace as the referent.
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                          version:
+                            description: Version of the chart to download
+                            nullable: true
+                            type: string
+                          waitForJobs:
+                            description: 'WaitForJobs if set and timeoutSeconds provided,
+                              will wait until all
+
+                              Jobs have been completed before marking the GitRepo
+                              as ready. It
+
+                              will wait for as long as timeoutSeconds'
+                            type: boolean
+                        type: object
+                      ignore:
+                        description: IgnoreOptions can be used to ignore fields when
+                          monitoring the bundle.
+                        properties:
+                          conditions:
+                            description: Conditions is a list of conditions to be
+                              ignored when monitoring the Bundle.
+                            items:
+                              additionalProperties:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      keepResources:
+                        description: KeepResources can be used to keep the deployed
+                          resources when removing the bundle
+                        type: boolean
+                      kustomize:
+                        description: 'Kustomize options for the deployment, like the
+                          dir containing the
+
+                          kustomization.yaml file.'
+                        nullable: true
+                        properties:
+                          dir:
+                            description: 'Dir points to a custom folder for kustomize
+                              resources. This folder must contain
+
+                              a kustomization.yaml file.'
+                            nullable: true
+                            type: string
+                        type: object
+                      name:
+                        description: 'Name of target. This value is largely for display
+                          and logging. If
+
+                          not specified a default name of the format "target000" will
+                          be used'
+                        nullable: true
+                        type: string
+                      namespace:
+                        description: 'TargetNamespace if present will assign all resource
+                          to this
+
+                          namespace and if any cluster scoped resource exists the
+                          deployment
+
+                          will fail.'
+                        nullable: true
+                        type: string
+                      namespaceAnnotations:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        description: NamespaceAnnotations are annotations that will
+                          be appended to the namespace created by Fleet.
+                        nullable: true
+                        type: object
+                      namespaceLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        description: NamespaceLabels are labels that will be appended
+                          to the namespace created by Fleet.
+                        nullable: true
+                        type: object
+                      serviceAccount:
+                        description: ServiceAccount which will be used to perform
+                          this deployment.
+                        nullable: true
+                        type: string
+                      yaml:
+                        description: 'YAML options, if using raw YAML these are names
+                          that map to
+
+                          overlays/{name} files that will be used to replace or patch
+                          a resource.'
+                        nullable: true
+                        properties:
+                          overlays:
+                            description: 'Overlays is a list of names that maps to
+                              folders in "overlays/".
+
+                              If you wish to customize the file ./subdir/resource.yaml
+                              then a file
+
+                              ./overlays/myoverlay/subdir/resource.yaml will replace
+                              the base
+
+                              file.
+
+                              A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                              will patch the base file.'
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                yaml:
+                  description: 'YAML options, if using raw YAML these are names that
+                    map to
+
+                    overlays/{name} files that will be used to replace or patch a
+                    resource.'
+                  nullable: true
+                  properties:
+                    overlays:
+                      description: 'Overlays is a list of names that maps to folders
+                        in "overlays/".
+
+                        If you wish to customize the file ./subdir/resource.yaml then
+                        a file
+
+                        ./overlays/myoverlay/subdir/resource.yaml will replace the
+                        base
+
+                        file.
+
+                        A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                        will patch the base file.'
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+              type: object
+            status:
+              properties:
+                conditions:
+                  description: 'Conditions is a list of Wrangler conditions that describe
+                    the state
+
+                    of the bundle.'
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                display:
+                  description: 'Display contains the number of ready, desiredready
+                    clusters and a
+
+                    summary state for the bundle''s resources.'
+                  properties:
+                    readyClusters:
+                      description: 'ReadyClusters is a string in the form "%d/%d",
+                        that describes the
+
+                        number of clusters that are ready vs. the number of clusters
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: State is a summary state for the bundle, calculated
+                        over the non-ready resources.
+                      nullable: true
+                      type: string
+                  type: object
+                maxNew:
+                  description: 'MaxNew is always 50. A bundle change can only stage
+                    50
+
+                    bundledeployments at a time.'
+                  type: integer
+                maxUnavailable:
+                  description: 'MaxUnavailable is the maximum number of unavailable
+                    deployments. See
+
+                    rollout configuration.'
+                  type: integer
+                maxUnavailablePartitions:
+                  description: 'MaxUnavailablePartitions is the maximum number of
+                    unavailable
+
+                    partitions. The rollout configuration defines a maximum number
+                    or
+
+                    percentage of unavailable partitions.'
+                  type: integer
+                newlyCreated:
+                  description: 'NewlyCreated is the number of bundle deployments that
+                    have been created,
+
+                    not updated.'
+                  type: integer
+                observedGeneration:
+                  description: ObservedGeneration is the current generation of the
+                    bundle.
+                  type: integer
+                partitions:
+                  description: PartitionStatus lists the status of each partition.
+                  items:
+                    description: PartitionStatus is the status of a single rollout
+                      partition.
+                    properties:
+                      count:
+                        description: Count is the number of clusters in the partition.
+                        type: integer
+                      maxUnavailable:
+                        description: MaxUnavailable is the maximum number of unavailable
+                          clusters in the partition.
+                        type: integer
+                      name:
+                        description: Name is the name of the partition.
+                        nullable: true
+                        type: string
+                      summary:
+                        description: Summary is a summary state for the partition,
+                          calculated over its non-ready resources.
+                        properties:
+                          desiredReady:
+                            description: 'DesiredReady is the number of bundle deployments
+                              that should be
+
+                              ready.'
+                            type: integer
+                          errApplied:
+                            description: 'ErrApplied is the number of bundle deployments
+                              that have been synced
+
+                              from the Fleet controller and the downstream cluster,
+                              but with some
+
+                              errors when deploying the bundle.'
+                            type: integer
+                          modified:
+                            description: 'Modified is the number of bundle deployments
+                              that have been deployed
+
+                              and for which all resources are ready, but where some
+                              changes from the
+
+                              Git repository have not yet been synced.'
+                            type: integer
+                          nonReadyResources:
+                            description: 'NonReadyClusters is a list of states, which
+                              is filled for a bundle
+
+                              that is not ready.'
+                            items:
+                              description: 'NonReadyResource contains information
+                                about a bundle that is not ready for a
+
+                                given state like "ErrApplied". It contains a list
+                                of non-ready or modified
+
+                                resources and their states.'
+                              properties:
+                                bundleState:
+                                  description: State is the state of the resource,
+                                    like e.g. "NotReady" or "ErrApplied".
+                                  nullable: true
+                                  type: string
+                                message:
+                                  description: Message contains information why the
+                                    bundle is not ready.
+                                  nullable: true
+                                  type: string
+                                modifiedStatus:
+                                  description: ModifiedStatus lists the state for
+                                    each modified resource.
+                                  items:
+                                    description: 'ModifiedStatus is used to report
+                                      the status of a resource that is modified.
+
+                                      It indicates if the modification was a create,
+                                      a delete or a patch.'
+                                    properties:
+                                      apiVersion:
+                                        nullable: true
+                                        type: string
+                                      delete:
+                                        type: boolean
+                                      kind:
+                                        nullable: true
+                                        type: string
+                                      missing:
+                                        type: boolean
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      namespace:
+                                        nullable: true
+                                        type: string
+                                      patch:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                name:
+                                  description: Name is the name of the resource.
+                                  nullable: true
+                                  type: string
+                                nonReadyStatus:
+                                  description: NonReadyStatus lists the state for
+                                    each non-ready resource.
+                                  items:
+                                    description: NonReadyStatus is used to report
+                                      the status of a resource that is not ready.
+                                      It includes a summary.
+                                    properties:
+                                      apiVersion:
+                                        nullable: true
+                                        type: string
+                                      kind:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      namespace:
+                                        nullable: true
+                                        type: string
+                                      summary:
+                                        properties:
+                                          error:
+                                            type: boolean
+                                          message:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          state:
+                                            nullable: true
+                                            type: string
+                                          transitioning:
+                                            type: boolean
+                                        type: object
+                                      uid:
+                                        description: 'UID is a type that holds unique
+                                          ID values, including UUIDs.  Because we
+
+                                          don''t ONLY use UUIDs, this is an alias
+                                          to string.  Being a type captures
+
+                                          intent and helps make sure that UIDs and
+                                          names do not get conflated.'
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          notReady:
+                            description: 'NotReady is the number of bundle deployments
+                              that have been deployed
+
+                              where some resources are not ready.'
+                            type: integer
+                          outOfSync:
+                            description: 'OutOfSync is the number of bundle deployments
+                              that have been synced
+
+                              from Fleet controller, but not yet by the downstream
+                              agent.'
+                            type: integer
+                          pending:
+                            description: 'Pending is the number of bundle deployments
+                              that are being processed
+
+                              by Fleet controller.'
+                            type: integer
+                          ready:
+                            description: 'Ready is the number of bundle deployments
+                              that have been deployed
+
+                              where all resources are ready.'
+                            type: integer
+                          waitApplied:
+                            description: 'WaitApplied is the number of bundle deployments
+                              that have been
+
+                              synced from Fleet controller and downstream cluster,
+                              but are waiting
+
+                              to be deployed.'
+                            type: integer
+                        type: object
+                      unavailable:
+                        description: Unavailable is the number of unavailable clusters
+                          in the partition.
+                        type: integer
+                    type: object
+                  nullable: true
+                  type: array
+                resourceKey:
+                  description: 'ResourceKey lists resources, which will likely be
+                    deployed. The
+
+                    actual list of resources on a cluster might differ, depending
+                    on the
+
+                    helm chart, value templating, etc..'
+                  items:
+                    description: ResourceKey lists resources, which will likely be
+                      deployed.
+                    properties:
+                      apiVersion:
+                        description: APIVersion is the k8s api version of the resource.
+                        nullable: true
+                        type: string
+                      kind:
+                        description: Kind is the k8s api kind of the resource.
+                        nullable: true
+                        type: string
+                      name:
+                        description: Name is the name of the resource.
+                        nullable: true
+                        type: string
+                      namespace:
+                        description: Namespace is the namespace of the resource.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                summary:
+                  description: 'Summary contains the number of bundle deployments
+                    in each state and
+
+                    a list of non-ready resources.'
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+                unavailable:
+                  description: 'Unavailable is the number of bundle deployments that
+                    are not ready or
+
+                    where the AppliedDeploymentID in the status does not match the
+
+                    DeploymentID from the spec.'
+                  type: integer
+                unavailablePartitions:
+                  description: UnavailablePartitions is the number of unavailable
+                    partitions.
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clustergroups.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+      - fleet
+    kind: ClusterGroup
+    plural: clustergroups
+    singular: clustergroup
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.readyClusters
+          name: Clusters-Ready
+          type: string
+        - jsonPath: .status.display.readyBundles
+          name: Bundles-Ready
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ClusterGroup is a re-usable selector to target a group of clusters.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                selector:
+                  description: Selector is a label selector, used to select clusters
+                    for this group.
+                  nullable: true
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: 'A label selector requirement is a selector that
+                          contains values, a key, and an operator that
+
+                          relates the key and values.'
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            nullable: true
+                            type: string
+                          operator:
+                            description: 'operator represents a key''s relationship
+                              to a set of values.
+
+                              Valid operators are In, NotIn, Exists and DoesNotExist.'
+                            nullable: true
+                            type: string
+                          values:
+                            description: 'values is an array of string values. If
+                              the operator is In or NotIn,
+
+                              the values array must be non-empty. If the operator
+                              is Exists or DoesNotExist,
+
+                              the values array must be empty. This array is replaced
+                              during a strategic
+
+                              merge patch.'
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: 'matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels
+
+                        map is equivalent to an element of matchExpressions, whose
+                        key field is "key", the
+
+                        operator is "In", and the values array contains only "value".
+                        The requirements are ANDed.'
+                      nullable: true
+                      type: object
+                  type: object
+              type: object
+            status:
+              properties:
+                clusterCount:
+                  description: ClusterCount is the number of clusters in the cluster
+                    group.
+                  type: integer
+                conditions:
+                  description: Conditions is a list of conditions and their statuses
+                    for the cluster group.
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                display:
+                  description: 'Display contains the number of ready, desiredready
+                    clusters and a
+
+                    summary state for the bundle''s resources.'
+                  properties:
+                    readyBundles:
+                      description: 'ReadyBundles is a string in the form "%d/%d",
+                        that describes the
+
+                        number of bundles that are ready vs. the number of bundles
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    readyClusters:
+                      description: 'ReadyClusters is a string in the form "%d/%d",
+                        that describes the
+
+                        number of clusters that are ready vs. the number of clusters
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: 'State is a summary state for the cluster group,
+                        showing "NotReady" if
+
+                        there are non-ready resources.'
+                      nullable: true
+                      type: string
+                  type: object
+                nonReadyClusterCount:
+                  description: NonReadyClusterCount is the number of clusters that
+                    are not ready.
+                  type: integer
+                nonReadyClusters:
+                  description: NonReadyClusters is a list of cluster names that are
+                    not ready.
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                resourceCounts:
+                  description: 'ResourceCounts contains the number of resources in
+                    each state over
+
+                    all bundles in the cluster group.'
+                  properties:
+                    desiredReady:
+                      description: DesiredReady is the number of resources that should
+                        be ready.
+                      type: integer
+                    missing:
+                      description: Missing is the number of missing resources.
+                      type: integer
+                    modified:
+                      description: Modified is the number of resources that have been
+                        modified.
+                      type: integer
+                    notReady:
+                      description: 'NotReady is the number of not ready resources.
+                        Resources are not
+
+                        ready if they do not match any other state.'
+                      type: integer
+                    orphaned:
+                      description: Orphaned is the number of orphaned resources.
+                      type: integer
+                    ready:
+                      description: Ready is the number of ready resources.
+                      type: integer
+                    unknown:
+                      description: Unknown is the number of resources in an unknown
+                        state.
+                      type: integer
+                    waitApplied:
+                      description: WaitApplied is the number of resources that are
+                        waiting to be applied.
+                      type: integer
+                  type: object
+                summary:
+                  description: 'Summary is a summary of the bundle deployments and
+                    their resources
+
+                    in the cluster group.'
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrations.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistration
+    plural: clusterregistrations
+    singular: clusterregistration
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.clusterName
+          name: Cluster-Name
+          type: string
+        - jsonPath: .spec.clusterLabels
+          name: Labels
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ClusterRegistration is used internally by Fleet and should
+            not be used directly.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                clientID:
+                  description: 'ClientID is a unique string that will identify the
+                    cluster. The
+
+                    agent either uses the configured ID or the kubeSystem.UID.'
+                  nullable: true
+                  type: string
+                clientRandom:
+                  description: 'ClientRandom is a random string that the agent generates.
+                    When
+
+                    fleet-controller grants a registration, it creates a registration
+
+                    secret with this string in the name.'
+                  nullable: true
+                  type: string
+                clusterLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: ClusterLabels are copied to the cluster resource during
+                    the registration.
+                  nullable: true
+                  type: object
+              type: object
+            status:
+              properties:
+                clusterName:
+                  description: 'ClusterName is only set after the registration is
+                    being processed by
+
+                    fleet-controller.'
+                  nullable: true
+                  type: string
+                granted:
+                  description: 'Granted is set to true, if the request service account
+                    is present
+
+                    and its token secret exists. This happens directly before creating
+
+                    the registration secret, roles and rolebindings.'
+                  type: boolean
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrationtokens.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistrationToken
+    plural: clusterregistrationtokens
+    singular: clusterregistrationtoken
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.secretName
+          name: Secret-Name
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ClusterRegistrationToken is used by agents to register a new
+            cluster.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              properties:
+                name:
+                  maxLength: 63
+                  pattern: ^[-a-z0-9]+$
+                  type: string
+              type: object
+            spec:
+              properties:
+                ttl:
+                  description: 'TTL is the time to live for the token. It is used
+                    to calculate the
+
+                    expiration time. If the token expires, it will be deleted.'
+                  nullable: true
+                  type: string
+              type: object
+            status:
+              properties:
+                expires:
+                  description: Expires is the time when the token expires.
+                  nullable: true
+                  type: string
+                secretName:
+                  description: SecretName is the name of the secret containing the
+                    token.
+                  nullable: true
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusters.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Cluster
+    plural: clusters
+    singular: cluster
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.readyBundles
+          name: Bundles-Ready
+          type: string
+        - jsonPath: .status.display.readyNodes
+          name: Nodes-Ready
+          type: string
+        - jsonPath: .status.display.sampleNode
+          name: Sample-Node
+          type: string
+        - jsonPath: .status.agent.lastSeen
+          name: Last-Seen
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'Cluster corresponds to a Kubernetes cluster. Fleet deploys
+            bundles to targeted clusters.
+
+            Clusters to which Fleet deploys manifests are referred to as downstream
+
+            clusters. In the single cluster use case, the Fleet manager Kubernetes
+
+            cluster is both the manager and downstream cluster at the same time.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              properties:
+                name:
+                  maxLength: 63
+                  pattern: ^[-a-z0-9]+$
+                  type: string
+              type: object
+            spec:
+              properties:
+                agentAffinity:
+                  description: 'AgentAffinity overrides the default affinity for the
+                    cluster''s agent
+
+                    deployment. If this value is nil the default affinity is used.'
+                  nullable: true
+                  properties:
+                    nodeAffinity:
+                      description: Describes node affinity scheduling rules for the
+                        pod.
+                      nullable: true
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          description: 'The scheduler will prefer to schedule pods
+                            to nodes that satisfy
+
+                            the affinity expressions specified by this field, but
+                            it may choose
+
+                            a node that violates one or more of the expressions. The
+                            node that is
+
+                            most preferred is the one with the greatest sum of weights,
+                            i.e.
+
+                            for each node that meets all of the scheduling requirements
+                            (resource
+
+                            request, requiredDuringScheduling affinity expressions,
+                            etc.),
+
+                            compute a sum by iterating through the elements of this
+                            field and adding
+
+                            "weight" to the sum if the node matches the corresponding
+                            matchExpressions; the
+
+                            node(s) with the highest sum are the most preferred.'
+                          items:
+                            description: 'An empty preferred scheduling term matches
+                              all objects with implicit weight 0
+
+                              (i.e. it''s a no-op). A null preferred scheduling term
+                              matches no objects (i.e. is also a no-op).'
+                            properties:
+                              preference:
+                                description: A node selector term, associated with
+                                  the corresponding weight.
+                                properties:
+                                  matchExpressions:
+                                    description: A list of node selector requirements
+                                      by node's labels.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchFields:
+                                    description: A list of node selector requirements
+                                      by node's fields.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              weight:
+                                description: Weight associated with matching the corresponding
+                                  nodeSelectorTerm, in the range 1-100.
+                                type: integer
+                            type: object
+                          nullable: true
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          description: 'If the affinity requirements specified by
+                            this field are not met at
+
+                            scheduling time, the pod will not be scheduled onto the
+                            node.
+
+                            If the affinity requirements specified by this field cease
+                            to be met
+
+                            at some point during pod execution (e.g. due to an update),
+                            the system
+
+                            may or may not try to eventually evict the pod from its
+                            node.'
+                          nullable: true
+                          properties:
+                            nodeSelectorTerms:
+                              description: Required. A list of node selector terms.
+                                The terms are ORed.
+                              items:
+                                description: 'A null or empty node selector term matches
+                                  no objects. The requirements of
+
+                                  them are ANDed.
+
+                                  The TopologySelectorTerm type implements a subset
+                                  of the NodeSelectorTerm.'
+                                properties:
+                                  matchExpressions:
+                                    description: A list of node selector requirements
+                                      by node's labels.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchFields:
+                                    description: A list of node selector requirements
+                                      by node's fields.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                      type: object
+                    podAffinity:
+                      description: Describes pod affinity scheduling rules (e.g. co-locate
+                        this pod in the same node, zone, etc. as some other pod(s)).
+                      nullable: true
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          description: 'The scheduler will prefer to schedule pods
+                            to nodes that satisfy
+
+                            the affinity expressions specified by this field, but
+                            it may choose
+
+                            a node that violates one or more of the expressions. The
+                            node that is
+
+                            most preferred is the one with the greatest sum of weights,
+                            i.e.
+
+                            for each node that meets all of the scheduling requirements
+                            (resource
+
+                            request, requiredDuringScheduling affinity expressions,
+                            etc.),
+
+                            compute a sum by iterating through the elements of this
+                            field and adding
+
+                            "weight" to the sum if the node has pods which matches
+                            the corresponding podAffinityTerm; the
+
+                            node(s) with the highest sum are the most preferred.'
+                          items:
+                            description: The weights of all of the matched WeightedPodAffinityTerm
+                              fields are added per-node to find the most preferred
+                              node(s)
+                            properties:
+                              podAffinityTerm:
+                                description: Required. A pod affinity term, associated
+                                  with the corresponding weight.
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: 'A label query over the set of namespaces
+                                      that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      selected by this field
+
+                                      and the ones listed in the namespaces field.
+
+                                      null selector and null or empty namespaces list
+                                      means "this pod''s namespace".
+
+                                      An empty selector ({}) matches all namespaces.'
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: 'namespaces specifies a static list
+                                      of namespace names that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      listed in this field
+
+                                      and the ones selected by namespaceSelector.
+
+                                      null or empty namespaces list and null namespaceSelector
+                                      means "this pod''s namespace".'
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  topologyKey:
+                                    description: 'This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching
+
+                                      the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a
+                                      node
+
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the
+
+                                      selected pods is running.
+
+                                      Empty topologyKey is not allowed.'
+                                    nullable: true
+                                    type: string
+                                type: object
+                              weight:
+                                description: 'weight associated with matching the
+                                  corresponding podAffinityTerm,
+
+                                  in the range 1-100.'
+                                type: integer
+                            type: object
+                          nullable: true
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          description: 'If the affinity requirements specified by
+                            this field are not met at
+
+                            scheduling time, the pod will not be scheduled onto the
+                            node.
+
+                            If the affinity requirements specified by this field cease
+                            to be met
+
+                            at some point during pod execution (e.g. due to a pod
+                            label update), the
+
+                            system may or may not try to eventually evict the pod
+                            from its node.
+
+                            When there are multiple elements, the lists of nodes corresponding
+                            to each
+
+                            podAffinityTerm are intersected, i.e. all terms must be
+                            satisfied.'
+                          items:
+                            description: 'Defines a set of pods (namely those matching
+                              the labelSelector
+
+                              relative to the given namespace(s)) that this pod should
+                              be
+
+                              co-located (affinity) or not co-located (anti-affinity)
+                              with,
+
+                              where co-located is defined as running on a node whose
+                              value of
+
+                              the label with key <topologyKey> matches that of any
+                              node on which
+
+                              a pod of the set of pods is running'
+                            properties:
+                              labelSelector:
+                                description: A label query over a set of resources,
+                                  in this case pods.
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaceSelector:
+                                description: 'A label query over the set of namespaces
+                                  that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  selected by this field
+
+                                  and the ones listed in the namespaces field.
+
+                                  null selector and null or empty namespaces list
+                                  means "this pod''s namespace".
+
+                                  An empty selector ({}) matches all namespaces.'
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaces:
+                                description: 'namespaces specifies a static list of
+                                  namespace names that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  listed in this field
+
+                                  and the ones selected by namespaceSelector.
+
+                                  null or empty namespaces list and null namespaceSelector
+                                  means "this pod''s namespace".'
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              topologyKey:
+                                description: 'This pod should be co-located (affinity)
+                                  or not co-located (anti-affinity) with the pods
+                                  matching
+
+                                  the labelSelector in the specified namespaces, where
+                                  co-located is defined as running on a node
+
+                                  whose value of the label with key topologyKey matches
+                                  that of any node on which any of the
+
+                                  selected pods is running.
+
+                                  Empty topologyKey is not allowed.'
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    podAntiAffinity:
+                      description: Describes pod anti-affinity scheduling rules (e.g.
+                        avoid putting this pod in the same node, zone, etc. as some
+                        other pod(s)).
+                      nullable: true
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          description: 'The scheduler will prefer to schedule pods
+                            to nodes that satisfy
+
+                            the anti-affinity expressions specified by this field,
+                            but it may choose
+
+                            a node that violates one or more of the expressions. The
+                            node that is
+
+                            most preferred is the one with the greatest sum of weights,
+                            i.e.
+
+                            for each node that meets all of the scheduling requirements
+                            (resource
+
+                            request, requiredDuringScheduling anti-affinity expressions,
+                            etc.),
+
+                            compute a sum by iterating through the elements of this
+                            field and adding
+
+                            "weight" to the sum if the node has pods which matches
+                            the corresponding podAffinityTerm; the
+
+                            node(s) with the highest sum are the most preferred.'
+                          items:
+                            description: The weights of all of the matched WeightedPodAffinityTerm
+                              fields are added per-node to find the most preferred
+                              node(s)
+                            properties:
+                              podAffinityTerm:
+                                description: Required. A pod affinity term, associated
+                                  with the corresponding weight.
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: 'A label query over the set of namespaces
+                                      that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      selected by this field
+
+                                      and the ones listed in the namespaces field.
+
+                                      null selector and null or empty namespaces list
+                                      means "this pod''s namespace".
+
+                                      An empty selector ({}) matches all namespaces.'
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: 'namespaces specifies a static list
+                                      of namespace names that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      listed in this field
+
+                                      and the ones selected by namespaceSelector.
+
+                                      null or empty namespaces list and null namespaceSelector
+                                      means "this pod''s namespace".'
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  topologyKey:
+                                    description: 'This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching
+
+                                      the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a
+                                      node
+
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the
+
+                                      selected pods is running.
+
+                                      Empty topologyKey is not allowed.'
+                                    nullable: true
+                                    type: string
+                                type: object
+                              weight:
+                                description: 'weight associated with matching the
+                                  corresponding podAffinityTerm,
+
+                                  in the range 1-100.'
+                                type: integer
+                            type: object
+                          nullable: true
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          description: 'If the anti-affinity requirements specified
+                            by this field are not met at
+
+                            scheduling time, the pod will not be scheduled onto the
+                            node.
+
+                            If the anti-affinity requirements specified by this field
+                            cease to be met
+
+                            at some point during pod execution (e.g. due to a pod
+                            label update), the
+
+                            system may or may not try to eventually evict the pod
+                            from its node.
+
+                            When there are multiple elements, the lists of nodes corresponding
+                            to each
+
+                            podAffinityTerm are intersected, i.e. all terms must be
+                            satisfied.'
+                          items:
+                            description: 'Defines a set of pods (namely those matching
+                              the labelSelector
+
+                              relative to the given namespace(s)) that this pod should
+                              be
+
+                              co-located (affinity) or not co-located (anti-affinity)
+                              with,
+
+                              where co-located is defined as running on a node whose
+                              value of
+
+                              the label with key <topologyKey> matches that of any
+                              node on which
+
+                              a pod of the set of pods is running'
+                            properties:
+                              labelSelector:
+                                description: A label query over a set of resources,
+                                  in this case pods.
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaceSelector:
+                                description: 'A label query over the set of namespaces
+                                  that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  selected by this field
+
+                                  and the ones listed in the namespaces field.
+
+                                  null selector and null or empty namespaces list
+                                  means "this pod''s namespace".
+
+                                  An empty selector ({}) matches all namespaces.'
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaces:
+                                description: 'namespaces specifies a static list of
+                                  namespace names that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  listed in this field
+
+                                  and the ones selected by namespaceSelector.
+
+                                  null or empty namespaces list and null namespaceSelector
+                                  means "this pod''s namespace".'
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              topologyKey:
+                                description: 'This pod should be co-located (affinity)
+                                  or not co-located (anti-affinity) with the pods
+                                  matching
+
+                                  the labelSelector in the specified namespaces, where
+                                  co-located is defined as running on a node
+
+                                  whose value of the label with key topologyKey matches
+                                  that of any node on which any of the
+
+                                  selected pods is running.
+
+                                  Empty topologyKey is not allowed.'
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                agentEnvVars:
+                  description: AgentEnvVars are extra environment variables to be
+                    added to the agent deployment.
+                  items:
+                    description: EnvVar represents an environment variable present
+                      in a Container.
+                    properties:
+                      name:
+                        description: Name of the environment variable. Must be a C_IDENTIFIER.
+                        nullable: true
+                        type: string
+                      value:
+                        description: 'Variable references $(VAR_NAME) are expanded
+
+                          using the previously defined environment variables in the
+                          container and
+
+                          any service environment variables. If a variable cannot
+                          be resolved,
+
+                          the reference in the input string will be unchanged. Double
+                          $$ are reduced
+
+                          to a single $, which allows for escaping the $(VAR_NAME)
+                          syntax: i.e.
+
+                          "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+
+                          Escaped references will never be expanded, regardless of
+                          whether the variable
+
+                          exists or not.
+
+                          Defaults to "".'
+                        nullable: true
+                        type: string
+                      valueFrom:
+                        description: Source for the environment variable's value.
+                          Cannot be used if value is not empty.
+                        nullable: true
+                        properties:
+                          configMapKeyRef:
+                            description: Selects a key of a ConfigMap.
+                            nullable: true
+                            properties:
+                              key:
+                                description: The key to select.
+                                nullable: true
+                                type: string
+                              name:
+                                description: 'Name of the referent.
+
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+                                  TODO: Add other useful fields. apiVersion, kind,
+                                  uid?'
+                                nullable: true
+                                type: string
+                              optional:
+                                description: Specify whether the ConfigMap or its
+                                  key must be defined
+                                nullable: true
+                                type: boolean
+                            type: object
+                          fieldRef:
+                            description: 'Selects a field of the pod: supports metadata.name,
+                              metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
+
+                              spec.nodeName, spec.serviceAccountName, status.hostIP,
+                              status.podIP, status.podIPs.'
+                            nullable: true
+                            properties:
+                              apiVersion:
+                                description: Version of the schema the FieldPath is
+                                  written in terms of, defaults to "v1".
+                                nullable: true
+                                type: string
+                              fieldPath:
+                                description: Path of the field to select in the specified
+                                  API version.
+                                nullable: true
+                                type: string
+                            type: object
+                          resourceFieldRef:
+                            description: 'Selects a resource of the container: only
+                              resources limits and requests
+
+                              (limits.cpu, limits.memory, limits.ephemeral-storage,
+                              requests.cpu, requests.memory and requests.ephemeral-storage)
+                              are currently supported.'
+                            nullable: true
+                            properties:
+                              containerName:
+                                description: 'Container name: required for volumes,
+                                  optional for env vars'
+                                nullable: true
+                                type: string
+                              divisor:
+                                description: Specifies the output format of the exposed
+                                  resources, defaults to "1"
+                                nullable: true
+                                type: string
+                              resource:
+                                description: 'Required: resource to select'
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            nullable: true
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                nullable: true
+                                type: string
+                              name:
+                                description: 'Name of the referent.
+
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+                                  TODO: Add other useful fields. apiVersion, kind,
+                                  uid?'
+                                nullable: true
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                nullable: true
+                                type: boolean
+                            type: object
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                agentNamespace:
+                  description: AgentNamespace defaults to the system namespace, e.g.
+                    cattle-fleet-system.
+                  nullable: true
+                  type: string
+                agentResources:
+                  description: AgentResources sets the resources for the cluster's
+                    agent deployment.
+                  nullable: true
+                  properties:
+                    claims:
+                      description: 'Claims lists the names of resources, defined in
+                        spec.resourceClaims,
+
+                        that are used by this container.
+
+
+
+                        This is an alpha field and requires enabling the
+
+                        DynamicResourceAllocation feature gate.
+
+
+
+                        This field is immutable. It can only be set for containers.'
+                      items:
+                        description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                        properties:
+                          name:
+                            description: 'Name must match the name of one entry in
+                              pod.spec.resourceClaims of
+
+                              the Pod where this field is used. It makes that resource
+                              available
+
+                              inside a container.'
+                            nullable: true
+                            type: string
+                        type: object
+                      nullable: true
+                      type: array
+                    limits:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: 'Limits describes the maximum amount of compute
+                        resources allowed.
+
+                        More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                      nullable: true
+                      type: object
+                    requests:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: 'Requests describes the minimum amount of compute
+                        resources required.
+
+                        If Requests is omitted for a container, it defaults to Limits
+                        if that is explicitly specified,
+
+                        otherwise to an implementation-defined value. Requests cannot
+                        exceed Limits.
+
+                        More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                      nullable: true
+                      type: object
+                  type: object
+                agentTolerations:
+                  description: AgentTolerations defines an extra set of Tolerations
+                    to be added to the Agent deployment.
+                  items:
+                    description: 'The pod this Toleration is attached to tolerates
+                      any taint that matches
+
+                      the triple <key,value,effect> using the matching operator <operator>.'
+                    properties:
+                      effect:
+                        description: 'Effect indicates the taint effect to match.
+                          Empty means match all taint effects.
+
+                          When specified, allowed values are NoSchedule, PreferNoSchedule
+                          and NoExecute.'
+                        nullable: true
+                        type: string
+                      key:
+                        description: 'Key is the taint key that the toleration applies
+                          to. Empty means match all taint keys.
+
+                          If the key is empty, operator must be Exists; this combination
+                          means to match all values and all keys.'
+                        nullable: true
+                        type: string
+                      operator:
+                        description: 'Operator represents a key''s relationship to
+                          the value.
+
+                          Valid operators are Exists and Equal. Defaults to Equal.
+
+                          Exists is equivalent to wildcard for value, so that a pod
+                          can
+
+                          tolerate all taints of a particular category.'
+                        nullable: true
+                        type: string
+                      tolerationSeconds:
+                        description: 'TolerationSeconds represents the period of time
+                          the toleration (which must be
+
+                          of effect NoExecute, otherwise this field is ignored) tolerates
+                          the taint. By default,
+
+                          it is not set, which means tolerate the taint forever (do
+                          not evict). Zero and
+
+                          negative values will be treated as 0 (evict immediately)
+                          by the system.'
+                        maximum: 86400
+                        nullable: true
+                        type: integer
+                      value:
+                        description: 'Value is the taint value the toleration matches
+                          to.
+
+                          If the operator is Exists, the value should be empty, otherwise
+                          just a regular string.'
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                clientID:
+                  description: 'ClientID is a unique string that will identify the
+                    cluster. It can
+
+                    either be predefined, or generated when importing the cluster.'
+                  nullable: true
+                  type: string
+                kubeConfigSecret:
+                  description: 'KubeConfigSecret is the name of the secret containing
+                    the kubeconfig for the downstream cluster.
+
+                    It can optionally contain a APIServerURL and CA to override the
+
+                    values in the fleet-controller''s configmap.'
+                  nullable: true
+                  type: string
+                kubeConfigSecretNamespace:
+                  description: 'KubeConfigSecretNamespace is the namespace of the
+                    secret containing the kubeconfig for the downstream cluster.
+
+                    If unset, it will be assumed the secret can be found in the namespace
+                    that the Cluster object resides within.'
+                  nullable: true
+                  type: string
+                paused:
+                  description: Paused if set to true, will stop any BundleDeployments
+                    from being updated.
+                  type: boolean
+                privateRepoURL:
+                  description: PrivateRepoURL prefixes the image name and overrides
+                    a global repo URL from the agents config.
+                  nullable: true
+                  type: string
+                redeployAgentGeneration:
+                  description: RedeployAgentGeneration can be used to force redeploying
+                    the agent.
+                  type: integer
+                templateValues:
+                  description: TemplateValues defines a cluster specific mapping of
+                    values to be sent to fleet.yaml values templating.
+                  nullable: true
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+              type: object
+            status:
+              properties:
+                agent:
+                  description: AgentStatus contains information about the agent.
+                  properties:
+                    lastSeen:
+                      description: 'LastSeen is the last time the agent checked in
+                        to update the status
+
+                        of the cluster resource.'
+                      nullable: true
+                      type: string
+                    namespace:
+                      description: Namespace is the namespace of the agent deployment,
+                        e.g. "cattle-fleet-system".
+                      nullable: true
+                      type: string
+                    nonReadyNodeNames:
+                      description: 'NonReadyNode contains the names of non-ready nodes.
+                        The list is
+
+                        limited to at most 3 names.'
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    nonReadyNodes:
+                      description: NonReadyNodes is the number of nodes that are not
+                        ready.
+                      type: integer
+                    readyNodeNames:
+                      description: 'ReadyNodes contains the names of ready nodes.
+                        The list is limited to
+
+                        at most 3 names.'
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    readyNodes:
+                      description: ReadyNodes is the number of nodes that are ready.
+                      type: integer
+                  type: object
+                agentAffinityHash:
+                  description: 'AgentAffinityHash is a hash of the agent''s affinity
+                    configuration,
+
+                    used to detect changes.'
+                  nullable: true
+                  type: string
+                agentConfigChanged:
+                  description: 'AgentConfigChanged is set to true if any of the agent
+                    configuration
+
+                    changed, like the API server URL or CA. Setting it to true will
+
+                    trigger a re-import of the cluster.'
+                  type: boolean
+                agentDeployedGeneration:
+                  description: AgentDeployedGeneration is the generation of the agent
+                    that is currently deployed.
+                  nullable: true
+                  type: integer
+                agentEnvVarsHash:
+                  description: AgentEnvVarsHash is a hash of the agent's env vars,
+                    used to detect changes.
+                  nullable: true
+                  type: string
+                agentMigrated:
+                  description: 'AgentMigrated is always set to true after importing
+                    a cluster. If
+
+                    false, it will trigger a migration. Old agents don''t have
+
+                    this in their status.'
+                  type: boolean
+                agentNamespaceMigrated:
+                  description: 'AgentNamespaceMigrated is always set to true after
+                    importing a
+
+                    cluster. If false, it will trigger a migration. Old Fleet agents
+
+                    don''t have this in their status.'
+                  type: boolean
+                agentPrivateRepoURL:
+                  description: AgentPrivateRepoURL is the private repo URL for the
+                    agent that is currently used.
+                  nullable: true
+                  type: string
+                agentResourcesHash:
+                  description: 'AgentResourcesHash is a hash of the agent''s resources
+                    configuration,
+
+                    used to detect changes.'
+                  nullable: true
+                  type: string
+                agentTLSMode:
+                  description: 'AgentTLSMode supports two values: `system-store` and
+                    `strict`. If set to
+
+                    `system-store`, instructs the agent to trust CA bundles from the
+                    operating
+
+                    system''s store. If set to `strict`, then the agent shall only
+                    connect to a
+
+                    server which uses the exact CA configured when creating/updating
+                    the agent.'
+                  nullable: true
+                  type: string
+                agentTolerationsHash:
+                  description: 'AgentTolerationsHash is a hash of the agent''s tolerations
+
+                    configuration, used to detect changes.'
+                  nullable: true
+                  type: string
+                apiServerCAHash:
+                  description: APIServerCAHash is a hash of the upstream API server
+                    CA, used to detect changes.
+                  nullable: true
+                  type: string
+                apiServerURL:
+                  description: 'APIServerURL is the currently used URL of the API
+                    server that the
+
+                    cluster uses to connect to upstream.'
+                  nullable: true
+                  type: string
+                cattleNamespaceMigrated:
+                  description: 'CattleNamespaceMigrated is always set to true after
+                    importing a
+
+                    cluster. If false, it will trigger a migration. Old Fleet agents,
+
+                    don''t have this in their status.'
+                  type: boolean
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                desiredReadyGitRepos:
+                  description: 'DesiredReadyGitRepos is the number of gitrepos for
+                    this cluster that
+
+                    are desired to be ready.'
+                  type: integer
+                display:
+                  description: Display contains the number of ready bundles, nodes
+                    and a summary state.
+                  properties:
+                    readyBundles:
+                      description: 'ReadyBundles is a string in the form "%d/%d",
+                        that describes the
+
+                        number of bundles that are ready vs. the number of bundles
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    readyNodes:
+                      description: 'ReadyNodes is a string in the form "%d/%d", that
+                        describes the
+
+                        number of nodes that are ready vs. the number of expected
+                        nodes.'
+                      nullable: true
+                      type: string
+                    sampleNode:
+                      description: 'SampleNode is the name of one of the nodes that
+                        are ready. If no
+
+                        node is ready, it''s the name of a node that is not ready.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: State of the cluster, either one of the bundle
+                        states, or "WaitCheckIn".
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  description: 'Namespace is the cluster namespace, it contains the
+                    clusters service
+
+                    account as well as any bundledeployments. Example:
+
+                    "cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f"'
+                  nullable: true
+                  type: string
+                readyGitRepos:
+                  description: ReadyGitRepos is the number of gitrepos for this cluster
+                    that are ready.
+                  type: integer
+                resourceCounts:
+                  description: ResourceCounts is an aggregate over the GitRepoResourceCounts.
+                  properties:
+                    desiredReady:
+                      description: DesiredReady is the number of resources that should
+                        be ready.
+                      type: integer
+                    missing:
+                      description: Missing is the number of missing resources.
+                      type: integer
+                    modified:
+                      description: Modified is the number of resources that have been
+                        modified.
+                      type: integer
+                    notReady:
+                      description: 'NotReady is the number of not ready resources.
+                        Resources are not
+
+                        ready if they do not match any other state.'
+                      type: integer
+                    orphaned:
+                      description: Orphaned is the number of orphaned resources.
+                      type: integer
+                    ready:
+                      description: Ready is the number of ready resources.
+                      type: integer
+                    unknown:
+                      description: Unknown is the number of resources in an unknown
+                        state.
+                      type: integer
+                    waitApplied:
+                      description: WaitApplied is the number of resources that are
+                        waiting to be applied.
+                      type: integer
+                  type: object
+                summary:
+                  description: 'Summary is a summary of the bundledeployments. The
+                    resource counts
+
+                    are copied from the gitrepo resource.'
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: contents.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Content
+    plural: contents
+    singular: content
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'Content is used internally by Fleet and should not be used
+            directly. It
+
+            contains the resources from a bundle for a specific target cluster.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            content:
+              description: 'Content is a byte array, which contains the manifests
+                of a bundle.
+
+                The bundle resources are copied into the bundledeployment''s content
+
+                resource, so the downstream agent can deploy them.'
+              nullable: true
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+          type: object
+      served: true
+      storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitreporestrictions.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: GitRepoRestriction
+    plural: gitreporestrictions
+    singular: gitreporestriction
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .defaultServiceAccount
+          name: Default-ServiceAccount
+          type: string
+        - jsonPath: .allowedServiceAccounts
+          name: Allowed-ServiceAccounts
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'GitRepoRestriction is a resource that can optionally be used
+            to restrict
+
+            the options of GitRepos in the same namespace.'
+          properties:
+            allowedClientSecretNames:
+              description: AllowedClientSecretNames is a list of client secret names
+                that GitRepos are allowed to use.
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            allowedRepoPatterns:
+              description: 'AllowedRepoPatterns is a list of regex patterns that restrict
+                the
+
+                valid values of the Repo field of a GitRepo.'
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            allowedServiceAccounts:
+              description: AllowedServiceAccounts is a list of service accounts that
+                GitRepos are allowed to use.
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            allowedTargetNamespaces:
+              description: 'AllowedTargetNamespaces restricts TargetNamespace to the
+                given
+
+                namespaces. If AllowedTargetNamespaces is set, TargetNamespace must
+
+                be set.'
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            defaultClientSecretName:
+              description: DefaultClientSecretName overrides the GitRepo's default
+                client secret.
+              nullable: true
+              type: string
+            defaultServiceAccount:
+              description: DefaultServiceAccount overrides the GitRepo's default service
+                account.
+              nullable: true
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitrepos.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+      - fleet
+    kind: GitRepo
+    plural: gitrepos
+    singular: gitrepo
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.repo
+          name: Repo
+          type: string
+        - jsonPath: .status.commit
+          name: Commit
+          type: string
+        - jsonPath: .status.display.readyBundleDeployments
+          name: BundleDeployments-Ready
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'GitRepo describes a git repository that is watched by Fleet.
+
+            The resource contains the necessary information to deploy the repo, or
+            parts
+
+            of it, to target clusters.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                branch:
+                  description: Branch The git branch to follow.
+                  nullable: true
+                  type: string
+                caBundle:
+                  description: CABundle is a PEM encoded CA bundle which will be used
+                    to validate the repo's certificate.
+                  nullable: true
+                  type: string
+                clientSecretName:
+                  description: 'ClientSecretName is the name of the client secret
+                    to be used to connect to the repo
+
+                    It is expected the secret be of type "kubernetes.io/basic-auth"
+                    or "kubernetes.io/ssh-auth".'
+                  nullable: true
+                  type: string
+                correctDrift:
+                  description: CorrectDrift specifies how drift correction should
+                    work.
+                  nullable: true
+                  properties:
+                    enabled:
+                      description: Enabled correct drift if true.
+                      type: boolean
+                    force:
+                      description: Force helm rollback with --force option will be
+                        used if true. This will try to recreate all resources in the
+                        release.
+                      type: boolean
+                    keepFailHistory:
+                      description: KeepFailHistory keeps track of failed rollbacks
+                        in the helm history.
+                      type: boolean
+                  type: object
+                forceSyncGeneration:
+                  description: Increment this number to force a redeployment of contents
+                    from Git.
+                  type: integer
+                helmRepoURLRegex:
+                  description: 'HelmRepoURLRegex Helm credentials will be used if
+                    the helm repo matches this regex
+
+                    Credentials will always be used if this is empty or not provided.'
+                  nullable: true
+                  type: string
+                helmSecretName:
+                  description: HelmSecretName contains the auth secret for a private
+                    Helm repository.
+                  nullable: true
+                  type: string
+                helmSecretNameForPaths:
+                  description: HelmSecretNameForPaths contains the auth secret for
+                    private Helm repository for each path.
+                  nullable: true
+                  type: string
+                imageScanCommit:
+                  description: Commit specifies how to commit to the git repo when
+                    a new image is scanned and written back to git repo.
+                  properties:
+                    authorEmail:
+                      description: AuthorEmail gives the email to provide when making
+                        a commit
+                      nullable: true
+                      type: string
+                    authorName:
+                      description: AuthorName gives the name to provide when making
+                        a commit
+                      nullable: true
+                      type: string
+                    messageTemplate:
+                      description: 'MessageTemplate provides a template for the commit
+                        message,
+
+                        into which will be interpolated the details of the change
+                        made.'
+                      nullable: true
+                      type: string
+                  type: object
+                imageScanInterval:
+                  description: ImageScanInterval is the interval of syncing scanned
+                    images and writing back to git repo.
+                  nullable: true
+                  type: string
+                insecureSkipTLSVerify:
+                  description: InsecureSkipTLSverify will use insecure HTTPS to clone
+                    the repo.
+                  type: boolean
+                keepResources:
+                  description: KeepResources specifies if the resources created must
+                    be kept after deleting the GitRepo.
+                  type: boolean
+                paths:
+                  description: 'Paths is the directories relative to the git repo
+                    root that contain resources to be applied.
+
+                    Path globbing is supported, for example ["charts/*"] will match
+                    all folders as a subdirectory of charts/
+
+                    If empty, "/" is the default.'
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                paused:
+                  description: 'Paused, when true, causes changes in Git not to be
+                    propagated down to the clusters but instead to mark
+
+                    resources as OutOfSync.'
+                  type: boolean
+                pollingInterval:
+                  description: PollingInterval is how often to check git for new updates.
+                  nullable: true
+                  type: string
+                repo:
+                  description: Repo is a URL to a git repo to clone and index.
+                  nullable: true
+                  type: string
+                revision:
+                  description: Revision A specific commit or tag to operate on.
+                  nullable: true
+                  type: string
+                serviceAccount:
+                  description: ServiceAccount used in the downstream cluster for deployment.
+                  nullable: true
+                  type: string
+                targetNamespace:
+                  description: 'Ensure that all resources are created in this namespace
+
+                    Any cluster scoped resource will be rejected if this is set
+
+                    Additionally this namespace will be created on demand.'
+                  nullable: true
+                  type: string
+                targets:
+                  description: Targets is a list of targets this repo will deploy
+                    to.
+                  items:
+                    description: GitTarget is a cluster or cluster group to deploy
+                      to.
+                    properties:
+                      clusterGroup:
+                        description: ClusterGroup is the name of a cluster group in
+                          the same namespace as the clusters.
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        description: ClusterGroupSelector is a label selector to select
+                          cluster groups.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of a cluster.
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        description: ClusterSelector is a label selector to select
+                          clusters.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      name:
+                        description: Name is the name of this target.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+              type: object
+            status:
+              properties:
+                commit:
+                  description: Commit is the Git commit hash from the last gitjob
+                    run.
+                  nullable: true
+                  type: string
+                conditions:
+                  description: 'Conditions is a list of Wrangler conditions that describe
+                    the state
+
+                    of the GitRepo.'
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                desiredReadyClusters:
+                  description: "DesiredReadyClusters\tis the number of clusters that\
+                    \ should be ready for bundles of this GitRepo."
+                  type: integer
+                display:
+                  description: Display contains a human readable summary of the status.
+                  properties:
+                    error:
+                      description: Error is true if a message is present.
+                      type: boolean
+                    message:
+                      description: Message contains the relevant message from the
+                        deployment conditions.
+                      nullable: true
+                      type: string
+                    readyBundleDeployments:
+                      description: 'ReadyBundleDeployments is a string in the form
+                        "%d/%d", that describes the
+
+                        number of ready bundledeployments over the total number of
+                        bundledeployments.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: 'State is the state of the GitRepo, e.g. "GitUpdating"
+                        or the maximal
+
+                        BundleState according to StateRank.'
+                      nullable: true
+                      type: string
+                  type: object
+                gitJobStatus:
+                  description: GitJobStatus is the status of the last GitJob run,
+                    e.g. "Current" if there was no error.
+                  nullable: true
+                  type: string
+                lastSyncedImageScanTime:
+                  description: LastSyncedImageScanTime is the time of the last image
+                    scan.
+                  nullable: true
+                  type: string
+                observedGeneration:
+                  description: 'ObservedGeneration is the current generation of the
+                    resource in the cluster. It is copied from k8s
+
+                    metadata.Generation. The value is incremented for all changes,
+                    except for changes to .metadata or .status.'
+                  type: integer
+                readyClusters:
+                  description: 'ReadyClusters is the lowest number of clusters that
+                    are ready over
+
+                    all the bundles of this GitRepo.'
+                  type: integer
+                resourceCounts:
+                  description: ResourceCounts contains the number of resources in
+                    each state over all bundles.
+                  properties:
+                    desiredReady:
+                      description: DesiredReady is the number of resources that should
+                        be ready.
+                      type: integer
+                    missing:
+                      description: Missing is the number of missing resources.
+                      type: integer
+                    modified:
+                      description: Modified is the number of resources that have been
+                        modified.
+                      type: integer
+                    notReady:
+                      description: 'NotReady is the number of not ready resources.
+                        Resources are not
+
+                        ready if they do not match any other state.'
+                      type: integer
+                    orphaned:
+                      description: Orphaned is the number of orphaned resources.
+                      type: integer
+                    ready:
+                      description: Ready is the number of ready resources.
+                      type: integer
+                    unknown:
+                      description: Unknown is the number of resources in an unknown
+                        state.
+                      type: integer
+                    waitApplied:
+                      description: WaitApplied is the number of resources that are
+                        waiting to be applied.
+                      type: integer
+                  type: object
+                resourceErrors:
+                  description: ResourceErrors is a sorted list of errors from the
+                    resources.
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                resources:
+                  description: Resources contains metadata about the resources of
+                    each bundle.
+                  items:
+                    description: GitRepoResource contains metadata about the resources
+                      of a bundle.
+                    properties:
+                      apiVersion:
+                        description: APIVersion is the API version of the resource.
+                        nullable: true
+                        type: string
+                      error:
+                        description: Error is true if any Error in the PerClusterState
+                          is true.
+                        type: boolean
+                      id:
+                        description: ID is the name of the resource, e.g. "namespace1/my-config"
+                          or "backingimagemanagers.storage.io".
+                        nullable: true
+                        type: string
+                      incompleteState:
+                        description: 'IncompleteState is true if a bundle summary
+                          has 10 or more non-ready
+
+                          resources or a non-ready resource has more 10 or more non-ready
+                          or
+
+                          modified states.'
+                        type: boolean
+                      kind:
+                        description: Kind is the k8s kind of the resource.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Message is the first message from the PerClusterStates.
+                        nullable: true
+                        type: string
+                      name:
+                        description: Name of the resource.
+                        nullable: true
+                        type: string
+                      namespace:
+                        description: Namespace of the resource.
+                        nullable: true
+                        type: string
+                      perClusterState:
+                        description: PerClusterState is a list of states for each
+                          cluster. Derived from the summaries non-ready resources.
+                        items:
+                          description: ResourcePerClusterState is generated for each
+                            non-ready resource of the bundles.
+                          properties:
+                            clusterId:
+                              description: ClusterID is the id of the cluster.
+                              nullable: true
+                              type: string
+                            error:
+                              description: Error is true if the resource is in an
+                                error state, copied from the bundle's summary for
+                                non-ready resources.
+                              type: boolean
+                            message:
+                              description: Message combines the messages from the
+                                bundle's summary. Messages are joined with the delimiter
+                                ';'.
+                              nullable: true
+                              type: string
+                            patch:
+                              description: Patch for modified resources.
+                              nullable: true
+                              type: object
+                              x-kubernetes-preserve-unknown-fields: true
+                            state:
+                              description: State is the state of the resource.
+                              nullable: true
+                              type: string
+                            transitioning:
+                              description: 'Transitioning is true if the resource
+                                is in a transitioning state,
+
+                                copied from the bundle''s summary for non-ready resources.'
+                              type: boolean
+                          type: object
+                        nullable: true
+                        type: array
+                      state:
+                        description: State is the state of the resource, e.g. "Unknown",
+                          "WaitApplied", "ErrApplied" or "Ready".
+                        nullable: true
+                        type: string
+                      transitioning:
+                        description: Transitioning is true if any Transitioning in
+                          the PerClusterState is true.
+                        type: boolean
+                      type:
+                        description: Type is the type of the resource, e.g. "apiextensions.k8s.io.customresourcedefinition"
+                          or "configmap".
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                summary:
+                  description: Summary contains the number of bundle deployments in
+                    each state and a list of non-ready resources.
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: imagescans.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+      - fleet
+    kind: ImageScan
+    plural: imagescans
+    singular: imagescan
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.image
+          name: Repository
+          type: string
+        - jsonPath: .status.latestTag
+          name: Latest
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: API is taken from https://github.com/fluxcd/image-reflector-controller
+              properties:
+                gitrepoName:
+                  description: GitRepo reference name
+                  nullable: true
+                  type: string
+                image:
+                  description: Image is the name of the image repository
+                  nullable: true
+                  type: string
+                interval:
+                  description: 'Interval is the length of time to wait between
+
+                    scans of the image repository.'
+                  nullable: true
+                  type: string
+                policy:
+                  description: 'Policy gives the particulars of the policy to be followed
+                    in
+
+                    selecting the most recent image'
+                  properties:
+                    alphabetical:
+                      description: Alphabetical set of rules to use for alphabetical
+                        ordering of the tags.
+                      nullable: true
+                      properties:
+                        order:
+                          description: 'Order specifies the sorting order of the tags.
+                            Given the letters of the
+
+                            alphabet as tags, ascending order would select Z, and
+                            descending order
+
+                            would select A.'
+                          nullable: true
+                          type: string
+                      type: object
+                    semver:
+                      description: 'SemVer gives a semantic version range to check
+                        against the tags
+
+                        available.'
+                      nullable: true
+                      properties:
+                        range:
+                          description: 'Range gives a semver range for the image tag;
+                            the highest
+
+                            version within the range that''s a tag yields the latest
+                            image.'
+                          nullable: true
+                          type: string
+                      type: object
+                  type: object
+                secretRef:
+                  description: 'SecretRef can be given the name of a secret containing
+
+                    credentials to use for the image registry. The secret should be
+
+                    created with `kubectl create secret docker-registry`, or the
+
+                    equivalent.'
+                  nullable: true
+                  properties:
+                    name:
+                      description: 'Name of the referent.
+
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+                        TODO: Add other useful fields. apiVersion, kind, uid?'
+                      nullable: true
+                      type: string
+                  type: object
+                suspend:
+                  description: 'This flag tells the controller to suspend subsequent
+                    image scans.
+
+                    It does not apply to already started scans. Defaults to false.'
+                  type: boolean
+                tagName:
+                  description: TagName is the tag ref that needs to be put in manifest
+                    to replace fields
+                  nullable: true
+                  type: string
+              type: object
+            status:
+              properties:
+                canonicalImageName:
+                  description: 'CanonicalName is the name of the image repository
+                    with all the
+
+                    implied bits made explicit; e.g., `docker.io/library/alpine`
+
+                    rather than `alpine`.'
+                  nullable: true
+                  type: string
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                lastScanTime:
+                  description: LastScanTime is the last time image was scanned
+                  nullable: true
+                  type: string
+                latestDigest:
+                  description: LatestDigest is the digest of latest tag
+                  nullable: true
+                  type: string
+                latestImage:
+                  description: 'LatestImage gives the first in the list of images
+                    scanned by
+
+                    the image repository, when filtered and ordered according to
+
+                    the policy.'
+                  nullable: true
+                  type: string
+                latestTag:
+                  description: Latest tag is the latest tag filtered by the policy
+                  nullable: true
+                  type: string
+                observedGeneration:
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
diff --git a/charts/fleet-crd/103.1.12+up0.9.13/templates/gitjobs-crds.yaml b/charts/fleet-crd/103.1.12+up0.9.13/templates/gitjobs-crds.yaml
new file mode 100644
index 0000000000..b5296dbaf5
--- /dev/null
+++ b/charts/fleet-crd/103.1.12+up0.9.13/templates/gitjobs-crds.yaml
@@ -0,0 +1,7690 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.git.repo
+      name: REPO
+      type: string
+    - jsonPath: .spec.git.branch
+      name: BRANCH
+      type: string
+    - jsonPath: .status.commit
+      name: COMMIT
+      type: string
+    - jsonPath: .status.jobStatus
+      name: JOBSTATUS
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              forceUpdateGeneration:
+                type: integer
+              git:
+                properties:
+                  branch:
+                    nullable: true
+                    type: string
+                  caBundle:
+                    nullable: true
+                    type: string
+                  clientSecretName:
+                    nullable: true
+                    type: string
+                  insecureSkipTLSVerify:
+                    type: boolean
+                  onTag:
+                    nullable: true
+                    type: string
+                  provider:
+                    nullable: true
+                    type: string
+                  repo:
+                    nullable: true
+                    type: string
+                  revision:
+                    nullable: true
+                    type: string
+                type: object
+              jobSpec:
+                properties:
+                  activeDeadlineSeconds:
+                    nullable: true
+                    type: integer
+                  backoffLimit:
+                    nullable: true
+                    type: integer
+                  backoffLimitPerIndex:
+                    nullable: true
+                    type: integer
+                  completionMode:
+                    nullable: true
+                    type: string
+                  completions:
+                    nullable: true
+                    type: integer
+                  manualSelector:
+                    nullable: true
+                    type: boolean
+                  maxFailedIndexes:
+                    nullable: true
+                    type: integer
+                  parallelism:
+                    nullable: true
+                    type: integer
+                  podFailurePolicy:
+                    nullable: true
+                    properties:
+                      rules:
+                        items:
+                          properties:
+                            action:
+                              nullable: true
+                              type: string
+                            onExitCodes:
+                              nullable: true
+                              properties:
+                                containerName:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                values:
+                                  items:
+                                    type: integer
+                                  nullable: true
+                                  type: array
+                              type: object
+                            onPodConditions:
+                              items:
+                                properties:
+                                  status:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  podReplacementPolicy:
+                    nullable: true
+                    type: string
+                  selector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  suspend:
+                    nullable: true
+                    type: boolean
+                  template:
+                    properties:
+                      metadata:
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          creationTimestamp:
+                            nullable: true
+                            type: string
+                          deletionGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          deletionTimestamp:
+                            nullable: true
+                            type: string
+                          finalizers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          generateName:
+                            nullable: true
+                            type: string
+                          generation:
+                            type: integer
+                          labels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          managedFields:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                fieldsType:
+                                  nullable: true
+                                  type: string
+                                fieldsV1:
+                                  nullable: true
+                                  type: object
+                                manager:
+                                  nullable: true
+                                  type: string
+                                operation:
+                                  nullable: true
+                                  type: string
+                                subresource:
+                                  nullable: true
+                                  type: string
+                                time:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          ownerReferences:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                blockOwnerDeletion:
+                                  nullable: true
+                                  type: boolean
+                                controller:
+                                  nullable: true
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                uid:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          resourceVersion:
+                            nullable: true
+                            type: string
+                          selfLink:
+                            nullable: true
+                            type: string
+                          uid:
+                            nullable: true
+                            type: string
+                        type: object
+                      spec:
+                        properties:
+                          activeDeadlineSeconds:
+                            nullable: true
+                            type: integer
+                          affinity:
+                            nullable: true
+                            properties:
+                              nodeAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        preference:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    nullable: true
+                                    properties:
+                                      nodeSelectorTerms:
+                                        items:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                type: object
+                              podAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaceSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              podAntiAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaceSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                            type: object
+                          automountServiceAccountToken:
+                            nullable: true
+                            type: boolean
+                          containers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resizePolicy:
+                                  items:
+                                    properties:
+                                      resourceName:
+                                        nullable: true
+                                        type: string
+                                      restartPolicy:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                resources:
+                                  properties:
+                                    claims:
+                                      items:
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                restartPolicy:
+                                  nullable: true
+                                  type: string
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        hostProcess:
+                                          nullable: true
+                                          type: boolean
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          dnsConfig:
+                            nullable: true
+                            properties:
+                              nameservers:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              options:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              searches:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          dnsPolicy:
+                            nullable: true
+                            type: string
+                          enableServiceLinks:
+                            nullable: true
+                            type: boolean
+                          ephemeralContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resizePolicy:
+                                  items:
+                                    properties:
+                                      resourceName:
+                                        nullable: true
+                                        type: string
+                                      restartPolicy:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                resources:
+                                  properties:
+                                    claims:
+                                      items:
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                restartPolicy:
+                                  nullable: true
+                                  type: string
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        hostProcess:
+                                          nullable: true
+                                          type: boolean
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                targetContainerName:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostAliases:
+                            items:
+                              properties:
+                                hostnames:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                ip:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostIPC:
+                            type: boolean
+                          hostNetwork:
+                            type: boolean
+                          hostPID:
+                            type: boolean
+                          hostUsers:
+                            nullable: true
+                            type: boolean
+                          hostname:
+                            nullable: true
+                            type: string
+                          imagePullSecrets:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          initContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resizePolicy:
+                                  items:
+                                    properties:
+                                      resourceName:
+                                        nullable: true
+                                        type: string
+                                      restartPolicy:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                resources:
+                                  properties:
+                                    claims:
+                                      items:
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                restartPolicy:
+                                  nullable: true
+                                  type: string
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        hostProcess:
+                                          nullable: true
+                                          type: boolean
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          nodeName:
+                            nullable: true
+                            type: string
+                          nodeSelector:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          os:
+                            nullable: true
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          overhead:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          preemptionPolicy:
+                            nullable: true
+                            type: string
+                          priority:
+                            nullable: true
+                            type: integer
+                          priorityClassName:
+                            nullable: true
+                            type: string
+                          readinessGates:
+                            items:
+                              properties:
+                                conditionType:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          resourceClaims:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                                source:
+                                  properties:
+                                    resourceClaimName:
+                                      nullable: true
+                                      type: string
+                                    resourceClaimTemplateName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                          restartPolicy:
+                            nullable: true
+                            type: string
+                          runtimeClassName:
+                            nullable: true
+                            type: string
+                          schedulerName:
+                            nullable: true
+                            type: string
+                          schedulingGates:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          securityContext:
+                            nullable: true
+                            properties:
+                              fsGroup:
+                                nullable: true
+                                type: integer
+                              fsGroupChangePolicy:
+                                nullable: true
+                                type: string
+                              runAsGroup:
+                                nullable: true
+                                type: integer
+                              runAsNonRoot:
+                                nullable: true
+                                type: boolean
+                              runAsUser:
+                                nullable: true
+                                type: integer
+                              seLinuxOptions:
+                                nullable: true
+                                properties:
+                                  level:
+                                    nullable: true
+                                    type: string
+                                  role:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                nullable: true
+                                properties:
+                                  localhostProfile:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              supplementalGroups:
+                                items:
+                                  type: integer
+                                nullable: true
+                                type: array
+                              sysctls:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              windowsOptions:
+                                nullable: true
+                                properties:
+                                  gmsaCredentialSpec:
+                                    nullable: true
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    nullable: true
+                                    type: string
+                                  hostProcess:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUserName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          serviceAccount:
+                            nullable: true
+                            type: string
+                          serviceAccountName:
+                            nullable: true
+                            type: string
+                          setHostnameAsFQDN:
+                            nullable: true
+                            type: boolean
+                          shareProcessNamespace:
+                            nullable: true
+                            type: boolean
+                          subdomain:
+                            nullable: true
+                            type: string
+                          terminationGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          tolerations:
+                            items:
+                              properties:
+                                effect:
+                                  nullable: true
+                                  type: string
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                tolerationSeconds:
+                                  nullable: true
+                                  type: integer
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          topologySpreadConstraints:
+                            items:
+                              properties:
+                                labelSelector:
+                                  nullable: true
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          operator:
+                                            nullable: true
+                                            type: string
+                                          values:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                matchLabelKeys:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                maxSkew:
+                                  type: integer
+                                minDomains:
+                                  nullable: true
+                                  type: integer
+                                nodeAffinityPolicy:
+                                  nullable: true
+                                  type: string
+                                nodeTaintsPolicy:
+                                  nullable: true
+                                  type: string
+                                topologyKey:
+                                  nullable: true
+                                  type: string
+                                whenUnsatisfiable:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          volumes:
+                            items:
+                              properties:
+                                awsElasticBlockStore:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                azureDisk:
+                                  nullable: true
+                                  properties:
+                                    cachingMode:
+                                      nullable: true
+                                      type: string
+                                    diskName:
+                                      nullable: true
+                                      type: string
+                                    diskURI:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                azureFile:
+                                  nullable: true
+                                  properties:
+                                    readOnly:
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                    shareName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cephfs:
+                                  nullable: true
+                                  properties:
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretFile:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cinder:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                configMap:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                csi:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    nodePublishSecretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                    volumeAttributes:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                downwardAPI:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                emptyDir:
+                                  nullable: true
+                                  properties:
+                                    medium:
+                                      nullable: true
+                                      type: string
+                                    sizeLimit:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                ephemeral:
+                                  nullable: true
+                                  properties:
+                                    volumeClaimTemplate:
+                                      nullable: true
+                                      properties:
+                                        metadata:
+                                          properties:
+                                            annotations:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            creationTimestamp:
+                                              nullable: true
+                                              type: string
+                                            deletionGracePeriodSeconds:
+                                              nullable: true
+                                              type: integer
+                                            deletionTimestamp:
+                                              nullable: true
+                                              type: string
+                                            finalizers:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            generateName:
+                                              nullable: true
+                                              type: string
+                                            generation:
+                                              type: integer
+                                            labels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            managedFields:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsType:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsV1:
+                                                    nullable: true
+                                                    type: object
+                                                  manager:
+                                                    nullable: true
+                                                    type: string
+                                                  operation:
+                                                    nullable: true
+                                                    type: string
+                                                  subresource:
+                                                    nullable: true
+                                                    type: string
+                                                  time:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            namespace:
+                                              nullable: true
+                                              type: string
+                                            ownerReferences:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  blockOwnerDeletion:
+                                                    nullable: true
+                                                    type: boolean
+                                                  controller:
+                                                    nullable: true
+                                                    type: boolean
+                                                  kind:
+                                                    nullable: true
+                                                    type: string
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  uid:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            resourceVersion:
+                                              nullable: true
+                                              type: string
+                                            selfLink:
+                                              nullable: true
+                                              type: string
+                                            uid:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        spec:
+                                          properties:
+                                            accessModes:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            dataSource:
+                                              nullable: true
+                                              properties:
+                                                apiGroup:
+                                                  nullable: true
+                                                  type: string
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            dataSourceRef:
+                                              nullable: true
+                                              properties:
+                                                apiGroup:
+                                                  nullable: true
+                                                  type: string
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                namespace:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            resources:
+                                              properties:
+                                                claims:
+                                                  items:
+                                                    properties:
+                                                      name:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                limits:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                                requests:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            selector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            storageClassName:
+                                              nullable: true
+                                              type: string
+                                            volumeMode:
+                                              nullable: true
+                                              type: string
+                                            volumeName:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                fc:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      nullable: true
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    targetWWNs:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    wwids:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                flexVolume:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    options:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                flocker:
+                                  nullable: true
+                                  properties:
+                                    datasetName:
+                                      nullable: true
+                                      type: string
+                                    datasetUUID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                gcePersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    pdName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                gitRepo:
+                                  nullable: true
+                                  properties:
+                                    directory:
+                                      nullable: true
+                                      type: string
+                                    repository:
+                                      nullable: true
+                                      type: string
+                                    revision:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                glusterfs:
+                                  nullable: true
+                                  properties:
+                                    endpoints:
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                hostPath:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    type:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                iscsi:
+                                  nullable: true
+                                  properties:
+                                    chapAuthDiscovery:
+                                      type: boolean
+                                    chapAuthSession:
+                                      type: boolean
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    initiatorName:
+                                      nullable: true
+                                      type: string
+                                    iqn:
+                                      nullable: true
+                                      type: string
+                                    iscsiInterface:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      type: integer
+                                    portals:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    targetPortal:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                nfs:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    server:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                persistentVolumeClaim:
+                                  nullable: true
+                                  properties:
+                                    claimName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                photonPersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    pdID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                portworxVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                projected:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    sources:
+                                      items:
+                                        properties:
+                                          configMap:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          downwardAPI:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    fieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        apiVersion:
+                                                          nullable: true
+                                                          type: string
+                                                        fieldPath:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                    resourceFieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        containerName:
+                                                          nullable: true
+                                                          type: string
+                                                        divisor:
+                                                          nullable: true
+                                                          type: string
+                                                        resource:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                            type: object
+                                          secret:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          serviceAccountToken:
+                                            nullable: true
+                                            properties:
+                                              audience:
+                                                nullable: true
+                                                type: string
+                                              expirationSeconds:
+                                                nullable: true
+                                                type: integer
+                                              path:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                quobyte:
+                                  nullable: true
+                                  properties:
+                                    group:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    registry:
+                                      nullable: true
+                                      type: string
+                                    tenant:
+                                      nullable: true
+                                      type: string
+                                    user:
+                                      nullable: true
+                                      type: string
+                                    volume:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                rbd:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    image:
+                                      nullable: true
+                                      type: string
+                                    keyring:
+                                      nullable: true
+                                      type: string
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    pool:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                scaleIO:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    gateway:
+                                      nullable: true
+                                      type: string
+                                    protectionDomain:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    sslEnabled:
+                                      type: boolean
+                                    storageMode:
+                                      nullable: true
+                                      type: string
+                                    storagePool:
+                                      nullable: true
+                                      type: string
+                                    system:
+                                      nullable: true
+                                      type: string
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                secret:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                storageos:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                    volumeNamespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                vsphereVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyID:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyName:
+                                      nullable: true
+                                      type: string
+                                    volumePath:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                    type: object
+                  ttlSecondsAfterFinished:
+                    nullable: true
+                    type: integer
+                type: object
+              syncInterval:
+                type: integer
+            type: object
+          status:
+            properties:
+              commit:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              event:
+                nullable: true
+                type: string
+              hookId:
+                nullable: true
+                type: string
+              jobStatus:
+                nullable: true
+                type: string
+              lastExecutedCommit:
+                nullable: true
+                type: string
+              lastSyncedTime:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              secretToken:
+                nullable: true
+                type: string
+              updateGeneration:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- else -}}
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.git.repo
+    name: REPO
+    type: string
+  - JSONPath: .spec.git.branch
+    name: BRANCH
+    type: string
+  - JSONPath: .status.commit
+    name: COMMIT
+    type: string
+  - JSONPath: .status.jobStatus
+    name: JOBSTATUS
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            forceUpdateGeneration:
+              type: integer
+            git:
+              properties:
+                branch:
+                  nullable: true
+                  type: string
+                caBundle:
+                  nullable: true
+                  type: string
+                clientSecretName:
+                  nullable: true
+                  type: string
+                insecureSkipTLSVerify:
+                  type: boolean
+                onTag:
+                  nullable: true
+                  type: string
+                provider:
+                  nullable: true
+                  type: string
+                repo:
+                  nullable: true
+                  type: string
+                revision:
+                  nullable: true
+                  type: string
+              type: object
+            jobSpec:
+              properties:
+                activeDeadlineSeconds:
+                  nullable: true
+                  type: integer
+                backoffLimit:
+                  nullable: true
+                  type: integer
+                backoffLimitPerIndex:
+                  nullable: true
+                  type: integer
+                completionMode:
+                  nullable: true
+                  type: string
+                completions:
+                  nullable: true
+                  type: integer
+                manualSelector:
+                  nullable: true
+                  type: boolean
+                maxFailedIndexes:
+                  nullable: true
+                  type: integer
+                parallelism:
+                  nullable: true
+                  type: integer
+                podFailurePolicy:
+                  nullable: true
+                  properties:
+                    rules:
+                      items:
+                        properties:
+                          action:
+                            nullable: true
+                            type: string
+                          onExitCodes:
+                            nullable: true
+                            properties:
+                              containerName:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  type: integer
+                                nullable: true
+                                type: array
+                            type: object
+                          onPodConditions:
+                            items:
+                              properties:
+                                status:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                podReplacementPolicy:
+                  nullable: true
+                  type: string
+                selector:
+                  nullable: true
+                  properties:
+                    matchExpressions:
+                      items:
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          operator:
+                            nullable: true
+                            type: string
+                          values:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                  type: object
+                suspend:
+                  nullable: true
+                  type: boolean
+                template:
+                  properties:
+                    metadata:
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        creationTimestamp:
+                          nullable: true
+                          type: string
+                        deletionGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        deletionTimestamp:
+                          nullable: true
+                          type: string
+                        finalizers:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        generateName:
+                          nullable: true
+                          type: string
+                        generation:
+                          type: integer
+                        labels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        managedFields:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              fieldsType:
+                                nullable: true
+                                type: string
+                              fieldsV1:
+                                nullable: true
+                                type: object
+                              manager:
+                                nullable: true
+                                type: string
+                              operation:
+                                nullable: true
+                                type: string
+                              subresource:
+                                nullable: true
+                                type: string
+                              time:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        namespace:
+                          nullable: true
+                          type: string
+                        ownerReferences:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              blockOwnerDeletion:
+                                nullable: true
+                                type: boolean
+                              controller:
+                                nullable: true
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        resourceVersion:
+                          nullable: true
+                          type: string
+                        selfLink:
+                          nullable: true
+                          type: string
+                        uid:
+                          nullable: true
+                          type: string
+                      type: object
+                    spec:
+                      properties:
+                        activeDeadlineSeconds:
+                          nullable: true
+                          type: integer
+                        affinity:
+                          nullable: true
+                          properties:
+                            nodeAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      preference:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  nullable: true
+                                  properties:
+                                    nodeSelectorTerms:
+                                      items:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                              type: object
+                            podAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaceSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            podAntiAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaceSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                          type: object
+                        automountServiceAccountToken:
+                          nullable: true
+                          type: boolean
+                        containers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resizePolicy:
+                                items:
+                                  properties:
+                                    resourceName:
+                                      nullable: true
+                                      type: string
+                                    restartPolicy:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              resources:
+                                properties:
+                                  claims:
+                                    items:
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              restartPolicy:
+                                nullable: true
+                                type: string
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      hostProcess:
+                                        nullable: true
+                                        type: boolean
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        dnsConfig:
+                          nullable: true
+                          properties:
+                            nameservers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            options:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            searches:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        dnsPolicy:
+                          nullable: true
+                          type: string
+                        enableServiceLinks:
+                          nullable: true
+                          type: boolean
+                        ephemeralContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resizePolicy:
+                                items:
+                                  properties:
+                                    resourceName:
+                                      nullable: true
+                                      type: string
+                                    restartPolicy:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              resources:
+                                properties:
+                                  claims:
+                                    items:
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              restartPolicy:
+                                nullable: true
+                                type: string
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      hostProcess:
+                                        nullable: true
+                                        type: boolean
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              targetContainerName:
+                                nullable: true
+                                type: string
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostAliases:
+                          items:
+                            properties:
+                              hostnames:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              ip:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostIPC:
+                          type: boolean
+                        hostNetwork:
+                          type: boolean
+                        hostPID:
+                          type: boolean
+                        hostUsers:
+                          nullable: true
+                          type: boolean
+                        hostname:
+                          nullable: true
+                          type: string
+                        imagePullSecrets:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        initContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resizePolicy:
+                                items:
+                                  properties:
+                                    resourceName:
+                                      nullable: true
+                                      type: string
+                                    restartPolicy:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              resources:
+                                properties:
+                                  claims:
+                                    items:
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              restartPolicy:
+                                nullable: true
+                                type: string
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      hostProcess:
+                                        nullable: true
+                                        type: boolean
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        nodeName:
+                          nullable: true
+                          type: string
+                        nodeSelector:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        os:
+                          nullable: true
+                          properties:
+                            name:
+                              nullable: true
+                              type: string
+                          type: object
+                        overhead:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        preemptionPolicy:
+                          nullable: true
+                          type: string
+                        priority:
+                          nullable: true
+                          type: integer
+                        priorityClassName:
+                          nullable: true
+                          type: string
+                        readinessGates:
+                          items:
+                            properties:
+                              conditionType:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        resourceClaims:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                              source:
+                                properties:
+                                  resourceClaimName:
+                                    nullable: true
+                                    type: string
+                                  resourceClaimTemplateName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        restartPolicy:
+                          nullable: true
+                          type: string
+                        runtimeClassName:
+                          nullable: true
+                          type: string
+                        schedulerName:
+                          nullable: true
+                          type: string
+                        schedulingGates:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        securityContext:
+                          nullable: true
+                          properties:
+                            fsGroup:
+                              nullable: true
+                              type: integer
+                            fsGroupChangePolicy:
+                              nullable: true
+                              type: string
+                            runAsGroup:
+                              nullable: true
+                              type: integer
+                            runAsNonRoot:
+                              nullable: true
+                              type: boolean
+                            runAsUser:
+                              nullable: true
+                              type: integer
+                            seLinuxOptions:
+                              nullable: true
+                              properties:
+                                level:
+                                  nullable: true
+                                  type: string
+                                role:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                                user:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              nullable: true
+                              properties:
+                                localhostProfile:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            supplementalGroups:
+                              items:
+                                type: integer
+                              nullable: true
+                              type: array
+                            sysctls:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            windowsOptions:
+                              nullable: true
+                              properties:
+                                gmsaCredentialSpec:
+                                  nullable: true
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  nullable: true
+                                  type: string
+                                hostProcess:
+                                  nullable: true
+                                  type: boolean
+                                runAsUserName:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        serviceAccount:
+                          nullable: true
+                          type: string
+                        serviceAccountName:
+                          nullable: true
+                          type: string
+                        setHostnameAsFQDN:
+                          nullable: true
+                          type: boolean
+                        shareProcessNamespace:
+                          nullable: true
+                          type: boolean
+                        subdomain:
+                          nullable: true
+                          type: string
+                        terminationGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        tolerations:
+                          items:
+                            properties:
+                              effect:
+                                nullable: true
+                                type: string
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              tolerationSeconds:
+                                nullable: true
+                                type: integer
+                              value:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        topologySpreadConstraints:
+                          items:
+                            properties:
+                              labelSelector:
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              matchLabelKeys:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              maxSkew:
+                                type: integer
+                              minDomains:
+                                nullable: true
+                                type: integer
+                              nodeAffinityPolicy:
+                                nullable: true
+                                type: string
+                              nodeTaintsPolicy:
+                                nullable: true
+                                type: string
+                              topologyKey:
+                                nullable: true
+                                type: string
+                              whenUnsatisfiable:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        volumes:
+                          items:
+                            properties:
+                              awsElasticBlockStore:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              azureDisk:
+                                nullable: true
+                                properties:
+                                  cachingMode:
+                                    nullable: true
+                                    type: string
+                                  diskName:
+                                    nullable: true
+                                    type: string
+                                  diskURI:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              azureFile:
+                                nullable: true
+                                properties:
+                                  readOnly:
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                  shareName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cephfs:
+                                nullable: true
+                                properties:
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretFile:
+                                    nullable: true
+                                    type: string
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cinder:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              configMap:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              csi:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  nodePublishSecretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                  volumeAttributes:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              downwardAPI:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              emptyDir:
+                                nullable: true
+                                properties:
+                                  medium:
+                                    nullable: true
+                                    type: string
+                                  sizeLimit:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              ephemeral:
+                                nullable: true
+                                properties:
+                                  volumeClaimTemplate:
+                                    nullable: true
+                                    properties:
+                                      metadata:
+                                        properties:
+                                          annotations:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          creationTimestamp:
+                                            nullable: true
+                                            type: string
+                                          deletionGracePeriodSeconds:
+                                            nullable: true
+                                            type: integer
+                                          deletionTimestamp:
+                                            nullable: true
+                                            type: string
+                                          finalizers:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          generateName:
+                                            nullable: true
+                                            type: string
+                                          generation:
+                                            type: integer
+                                          labels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          managedFields:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsType:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsV1:
+                                                  nullable: true
+                                                  type: object
+                                                manager:
+                                                  nullable: true
+                                                  type: string
+                                                operation:
+                                                  nullable: true
+                                                  type: string
+                                                subresource:
+                                                  nullable: true
+                                                  type: string
+                                                time:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          namespace:
+                                            nullable: true
+                                            type: string
+                                          ownerReferences:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                blockOwnerDeletion:
+                                                  nullable: true
+                                                  type: boolean
+                                                controller:
+                                                  nullable: true
+                                                  type: boolean
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                uid:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          resourceVersion:
+                                            nullable: true
+                                            type: string
+                                          selfLink:
+                                            nullable: true
+                                            type: string
+                                          uid:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      spec:
+                                        properties:
+                                          accessModes:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          dataSource:
+                                            nullable: true
+                                            properties:
+                                              apiGroup:
+                                                nullable: true
+                                                type: string
+                                              kind:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          dataSourceRef:
+                                            nullable: true
+                                            properties:
+                                              apiGroup:
+                                                nullable: true
+                                                type: string
+                                              kind:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              namespace:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resources:
+                                            properties:
+                                              claims:
+                                                items:
+                                                  properties:
+                                                    name:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              limits:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                              requests:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          selector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          storageClassName:
+                                            nullable: true
+                                            type: string
+                                          volumeMode:
+                                            nullable: true
+                                            type: string
+                                          volumeName:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              fc:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    nullable: true
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  targetWWNs:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  wwids:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              flexVolume:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  options:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              flocker:
+                                nullable: true
+                                properties:
+                                  datasetName:
+                                    nullable: true
+                                    type: string
+                                  datasetUUID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              gcePersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  pdName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              gitRepo:
+                                nullable: true
+                                properties:
+                                  directory:
+                                    nullable: true
+                                    type: string
+                                  repository:
+                                    nullable: true
+                                    type: string
+                                  revision:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              glusterfs:
+                                nullable: true
+                                properties:
+                                  endpoints:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              hostPath:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              iscsi:
+                                nullable: true
+                                properties:
+                                  chapAuthDiscovery:
+                                    type: boolean
+                                  chapAuthSession:
+                                    type: boolean
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  initiatorName:
+                                    nullable: true
+                                    type: string
+                                  iqn:
+                                    nullable: true
+                                    type: string
+                                  iscsiInterface:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    type: integer
+                                  portals:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  targetPortal:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              nfs:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  server:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              persistentVolumeClaim:
+                                nullable: true
+                                properties:
+                                  claimName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              photonPersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  pdID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              portworxVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              projected:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  sources:
+                                    items:
+                                      properties:
+                                        configMap:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        downwardAPI:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  fieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      apiVersion:
+                                                        nullable: true
+                                                        type: string
+                                                      fieldPath:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                  resourceFieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      containerName:
+                                                        nullable: true
+                                                        type: string
+                                                      divisor:
+                                                        nullable: true
+                                                        type: string
+                                                      resource:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        secret:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        serviceAccountToken:
+                                          nullable: true
+                                          properties:
+                                            audience:
+                                              nullable: true
+                                              type: string
+                                            expirationSeconds:
+                                              nullable: true
+                                              type: integer
+                                            path:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              quobyte:
+                                nullable: true
+                                properties:
+                                  group:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  registry:
+                                    nullable: true
+                                    type: string
+                                  tenant:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                  volume:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              rbd:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  image:
+                                    nullable: true
+                                    type: string
+                                  keyring:
+                                    nullable: true
+                                    type: string
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  pool:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              scaleIO:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  gateway:
+                                    nullable: true
+                                    type: string
+                                  protectionDomain:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  sslEnabled:
+                                    type: boolean
+                                  storageMode:
+                                    nullable: true
+                                    type: string
+                                  storagePool:
+                                    nullable: true
+                                    type: string
+                                  system:
+                                    nullable: true
+                                    type: string
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secret:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              storageos:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                  volumeNamespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              vsphereVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyID:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyName:
+                                    nullable: true
+                                    type: string
+                                  volumePath:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                ttlSecondsAfterFinished:
+                  nullable: true
+                  type: integer
+              type: object
+            syncInterval:
+              type: integer
+          type: object
+        status:
+          properties:
+            commit:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            event:
+              nullable: true
+              type: string
+            hookId:
+              nullable: true
+              type: string
+            jobStatus:
+              nullable: true
+              type: string
+            lastExecutedCommit:
+              nullable: true
+              type: string
+            lastSyncedTime:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            secretToken:
+              nullable: true
+              type: string
+            updateGeneration:
+              type: integer
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- end -}}
diff --git a/charts/fleet-crd/103.1.12+up0.9.13/values.yaml b/charts/fleet-crd/103.1.12+up0.9.13/values.yaml
new file mode 100644
index 0000000000..d41d3a2444
--- /dev/null
+++ b/charts/fleet-crd/103.1.12+up0.9.13/values.yaml
@@ -0,0 +1 @@
+# This file is intentionally empty
diff --git a/charts/fleet/103.1.12+up0.9.13/Chart.yaml b/charts/fleet/103.1.12+up0.9.13/Chart.yaml
new file mode 100644
index 0000000000..4c051070bc
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: fleet-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: fleet
+apiVersion: v2
+appVersion: 0.9.13
+dependencies:
+- condition: gitops.enabled
+  name: gitjob
+  repository: file://./charts/gitjob
+description: Fleet Manager - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet
+version: 103.1.12+up0.9.13
diff --git a/charts/fleet/103.1.12+up0.9.13/README.md b/charts/fleet/103.1.12+up0.9.13/README.md
new file mode 100644
index 0000000000..2f2a4c302a
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/README.md
@@ -0,0 +1,30 @@
+# Fleet Helm Chart
+
+Fleet is GitOps at scale. Fleet is designed to manage multiple clusters.
+
+## What is Fleet?
+
+* Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.
+
+* Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters.
+
+## Introduction
+
+This chart deploys Fleet on a Kubernetes cluster. It also deploys some of its dependencies as subcharts.
+
+The documentation is centralized in the [doc website](https://fleet.rancher.io/).
+
+## Prerequisites
+
+Get helm if you don't have it. Helm 3 is just a CLI.
+
+
+## Install Fleet
+
+Install the Fleet Helm charts (there are two because we separate out CRDs for ultimate flexibility.):
+
+```
+$ helm repo add fleet https://rancher.github.io/fleet-helm-charts/
+$ helm -n cattle-fleet-system install --create-namespace --wait fleet-crd fleet/fleet-crd
+$ helm -n cattle-fleet-system install --create-namespace --wait fleet fleet/fleet
+```
\ No newline at end of file
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/.helmignore b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/.helmignore
new file mode 100644
index 0000000000..691fa13d6a
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
\ No newline at end of file
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/Chart.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/Chart.yaml
new file mode 100644
index 0000000000..0854a62779
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: 0.9.20
+description: Controller that run jobs based on git events
+name: gitjob
+version: 0.9.20
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/_helpers.tpl b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/_helpers.tpl
new file mode 100644
index 0000000000..f652b5643d
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrole.yaml
new file mode 100644
index 0000000000..bcad90164f
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrole.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "batch"
+    resources:
+      - 'jobs'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'pods'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - ""
+    resources:
+      - 'secrets'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'configmaps'
+    verbs:
+      - '*'
+  - apiGroups:
+      - "gitjob.cattle.io"
+    resources:
+      - "gitjobs"
+      - "gitjobs/status"
+    verbs:
+      - "*"
\ No newline at end of file
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..0bf07c4ef8
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitjob-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/deployment.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/deployment.yaml
new file mode 100644
index 0000000000..7771db512c
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitjob
+spec:
+  selector:
+    matchLabels:
+      app: "gitjob"
+  template:
+    metadata:
+      labels:
+        app: "gitjob"
+    spec:
+      serviceAccountName: gitjob
+      containers:
+        - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          name: gitjob
+          args:
+          - gitjob
+          - --gitjob-image
+          - "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          {{- if .Values.debug }}
+          - --debug
+          {{- end }}
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.proxy }}
+            - name: HTTP_PROXY
+              value: {{ .Values.proxy }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.proxy }}
+            - name: NO_PROXY
+              value: {{ .Values.noProxy }}
+          {{- end }}
+          {{- if .Values.debug }}
+            - name: CATTLE_DEV_MODE
+              value: "true"
+          {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/leases.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/leases.yaml
new file mode 100644
index 0000000000..51f9339509
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/leases.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - "leases"
+    verbs:
+      - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: gitjob
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/service.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/service.yaml
new file mode 100644
index 0000000000..bf57c1b55c
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitjob
+spec:
+  ports:
+    - name: http-80
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: "gitjob"
\ No newline at end of file
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..5f8aecb045
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitjob
diff --git a/charts/fleet/103.1.12+up0.9.13/charts/gitjob/values.yaml b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/values.yaml
new file mode 100644
index 0000000000..83e35c7206
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/charts/gitjob/values.yaml
@@ -0,0 +1,27 @@
+gitjob:
+  repository: rancher/gitjob
+  tag: v0.9.20
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - key: cattle.io/os
+    operator: "Equal"
+    value: "linux"
+    effect: NoSchedule
+
+# PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+debug: false
diff --git a/charts/fleet/103.1.12+up0.9.13/templates/_helpers.tpl b/charts/fleet/103.1.12+up0.9.13/templates/_helpers.tpl
new file mode 100644
index 0000000000..6cd96c3ace
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/103.1.12+up0.9.13/templates/configmap.yaml b/charts/fleet/103.1.12+up0.9.13/templates/configmap.yaml
new file mode 100644
index 0000000000..3fd0b15cf8
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/templates/configmap.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fleet-controller
+data:
+  config: |
+    {
+      "systemDefaultRegistry": "{{ template "system_default_registry" . }}",
+      "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
+      "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
+      "apiServerURL": "{{.Values.apiServerURL}}",
+      "apiServerCA": "{{b64enc .Values.apiServerCA}}",
+      "agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
+      "agentTLSMode": "{{.Values.agentTLSMode}}",
+      "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
+      "bootstrap": {
+        "paths": "{{.Values.bootstrap.paths}}",
+        "repo": "{{.Values.bootstrap.repo}}",
+        "secret": "{{.Values.bootstrap.secret}}",
+        "branch":  "{{.Values.bootstrap.branch}}",
+        "namespace": "{{.Values.bootstrap.namespace}}",
+        "agentNamespace": "{{.Values.bootstrap.agentNamespace}}",
+      },
+      "webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
+      "githubURLPrefix": "{{.Values.githubURLPrefix}}"
+    }
diff --git a/charts/fleet/103.1.12+up0.9.13/templates/deployment.yaml b/charts/fleet/103.1.12+up0.9.13/templates/deployment.yaml
new file mode 100644
index 0000000000..164340c444
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/templates/deployment.yaml
@@ -0,0 +1,102 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-controller
+spec:
+  selector:
+    matchLabels:
+      app: fleet-controller
+  template:
+    metadata:
+      labels:
+        app: fleet-controller
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: FLEET_PROPAGATE_DEBUG_SETTINGS_TO_AGENTS
+          value: {{ quote .Values.propagateDebugSettingsToAgents }}
+        {{- if .Values.clusterEnqueueDelay }}
+        - name: FLEET_CLUSTER_ENQUEUE_DELAY
+          value: {{ .Values.clusterEnqueueDelay }}
+        {{- end }}
+        {{- if .Values.proxy }}
+        - name: HTTP_PROXY
+          value: {{ .Values.proxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.proxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+        {{- end }}
+        {{- if .Values.cpuPprof }}
+        - name: FLEET_CPU_PPROF_DIR
+          value: /tmp/pprof/
+        {{- end }}
+        {{- if .Values.cpuPprof }}
+        - name: FLEET_CPU_PPROF_PERIOD
+          value: {{ quote .Values.cpuPprof.period }}
+        {{- end }}
+        {{- if .Values.debug }}
+        - name: CATTLE_DEV_MODE
+          value: "true"
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: fleet-controller
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        command:
+        - fleetcontroller
+        {{- if not .Values.gitops.enabled }}
+        - --disable-gitops
+        {{- end }}
+        {{- if not .Values.bootstrap.enabled }}
+        - --disable-bootstrap
+        {{- end }}
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- else }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          privileged: false
+          capabilities:
+            drop:
+            - ALL
+        {{- end }}
+        volumeMounts:
+          - mountPath: /tmp
+            name: tmp
+        {{- if .Values.cpuPprof }}
+          - mountPath: /tmp/pprof
+            name: pprof
+        {{- end }}
+      volumes:
+        - name: tmp
+          emptyDir: {}
+      {{- if .Values.cpuPprof }}
+        - name: pprof {{ toYaml .Values.cpuPprof.volumeConfiguration | nindent 10 }}
+      {{- end }}
+
+      serviceAccountName: fleet-controller
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
+
+{{- if not .Values.debug }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+{{- end }}
diff --git a/charts/fleet/103.1.12+up0.9.13/templates/job_cleanup_clusterregistrations.yaml b/charts/fleet/103.1.12+up0.9.13/templates/job_cleanup_clusterregistrations.yaml
new file mode 100644
index 0000000000..17d1ba7864
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/templates/job_cleanup_clusterregistrations.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.migrations.clusterRegistrationCleanup }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: fleet-cleanup-clusterregistrations
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        app: fleet-job
+    spec:
+      serviceAccountName: fleet-controller
+      restartPolicy: Never
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: 1000
+        runAsUser: 1000
+      containers:
+      - name: cleanup
+        image: "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          privileged: false
+        command:
+        - fleet
+        args:
+        - cleanup
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+  backoffLimit: 1
+{{- end }}
diff --git a/charts/fleet/103.1.12+up0.9.13/templates/rbac.yaml b/charts/fleet/103.1.12+up0.9.13/templates/rbac.yaml
new file mode 100644
index 0000000000..361d68c08b
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/templates/rbac.yaml
@@ -0,0 +1,114 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - gitjob.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - fleet.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+  namespace: {{.Release.Namespace}}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+
+{{- if .Values.bootstrap.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller-bootstrap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller-bootstrap
+  namespace: {{.Release.Namespace}}
+{{- end }}
diff --git a/charts/fleet/103.1.12+up0.9.13/templates/serviceaccount.yaml b/charts/fleet/103.1.12+up0.9.13/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..ba27c748d7
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller
+
+{{- if .Values.bootstrap.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller-bootstrap
+{{- end }}
diff --git a/charts/fleet/103.1.12+up0.9.13/values.yaml b/charts/fleet/103.1.12+up0.9.13/values.yaml
new file mode 100644
index 0000000000..1ae2843dd7
--- /dev/null
+++ b/charts/fleet/103.1.12+up0.9.13/values.yaml
@@ -0,0 +1,87 @@
+image:
+  repository: rancher/fleet
+  tag: v0.9.13
+  imagePullPolicy: IfNotPresent
+
+agentImage:
+  repository: rancher/fleet-agent
+  tag: v0.9.13
+  imagePullPolicy: IfNotPresent
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# Determines whether the agent should trust CA bundles from the operating system's trust store when connecting to a
+# management cluster. True in `system-store` mode, false in `strict` mode.
+agentTLSMode: "system-store"
+
+# A duration string for how often agents should report a heartbeat
+agentCheckinInterval: "15m"
+
+# Whether you want to allow cluster upon registration to specify their labels.
+ignoreClusterRegistrationLabels: false
+
+# Counts from gitrepo are out of sync with bundleDeployment state.
+# Just retry in a number of seconds as there is no great way to trigger an event that doesn't cause a loop.
+# If not set default is 15 seconds.
+# clusterEnqueueDelay: 120s
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+bootstrap:
+  enabled: true
+  # The namespace that will be autocreated and the local cluster will be registered in
+  namespace: fleet-local
+  # The namespace where the fleet agent for the local cluster will be ran, if empty
+  # this will default to cattle-fleet-system
+  agentNamespace: ""
+  # A repo to add at install time that will deploy to the local cluster. This allows
+  # one to fully bootstrap fleet, its configuration and all its downstream clusters
+  # in one shot.
+  repo: ""
+  secret: ""
+  branch: master
+  paths: ""
+
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+gitops:
+  enabled: true
+
+debug: false
+debugLevel: 0
+propagateDebugSettingsToAgents: true
+
+## Optional CPU pprof configuration. Profiles are collected continuously and saved every period
+## Any valid volume configuration can be provided, the example below uses hostPath
+#cpuPprof:
+#  period: "60s"
+#  volumeConfiguration:
+#    hostPath:
+#      path: /tmp/pprof
+#      type: DirectoryOrCreate
+
+migrations:
+  clusterRegistrationCleanup: true
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/.helmignore b/charts/harvester-cloud-provider/103.0.4+up0.2.7/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.lock b/charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.lock
new file mode 100644
index 0000000000..c6f7db6a91
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: kube-vip
+  repository: file://dependency_charts/kube-vip
+  version: 0.4.2
+digest: sha256:bbbff44d39375203f4880e5a76f0d9705f25edc53f89532e8ef39cd23d9ca92b
+generated: "2023-06-07T17:47:05.632456+08:00"
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.yaml
new file mode 100644
index 0000000000..ae9f34e4f7
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/Chart.yaml
@@ -0,0 +1,27 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Harvester Cloud Provider
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: kube-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: harvester-cloud-provider
+  catalog.cattle.io/ui-component: harvester-cloud-provider
+  catalog.cattle.io/upstream-version: 0.2.7
+apiVersion: v2
+appVersion: v0.2.3
+dependencies:
+- condition: kube-vip.enabled
+  name: kube-vip
+  repository: file://./charts/kube-vip
+  version: 0.6.4
+description: A Helm chart for Harvester Cloud Provider
+keywords:
+- infrastructure
+- harvester
+maintainers:
+- name: harvester
+name: harvester-cloud-provider
+type: application
+version: 103.0.4+up0.2.7
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/.helmignore b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/Chart.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/Chart.yaml
new file mode 100644
index 0000000000..77d865f6bc
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: v0.4.1
+description: A Helm chart for kube-vip
+name: kube-vip
+type: application
+version: 0.4.2
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/_helpers.tpl
new file mode 100644
index 0000000000..699c16299e
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/_helpers.tpl
@@ -0,0 +1,74 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-vip.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-vip.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-vip.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kube-vip.labels" -}}
+helm.sh/chart: {{ include "kube-vip.chart" . }}
+{{ include "kube-vip.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-vip.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kube-vip.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-vip.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/daemonset.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/daemonset.yaml
new file mode 100644
index 0000000000..cf8a845423
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/daemonset.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace | default "kube-system" }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kube-vip.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "kube-vip.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - args:
+          - manager
+        env:
+          {{- if eq .Values.env.cp_enable "true" }}
+          - name: vip_address
+            value: {{ required "A valid config.address required!" .Values.config.address}}
+          {{- end }}
+        {{- with .Values.env }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            value: {{ quote $value }}
+          {{- end }}
+        {{- end }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: kube-vip
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+      hostNetwork: true
+      serviceAccountName: {{ include "kube-vip.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/rbac.yaml
new file mode 100644
index 0000000000..0aee28c9bb
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/templates/rbac.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: {{ include "kube-vip.name" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kube-vip.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/values.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/values.yaml
new file mode 100644
index 0000000000..307bf8304b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/charts/kube-vip/values.yaml
@@ -0,0 +1,79 @@
+# Default values for kube-vip.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: rancher/mirrored-kube-vip-kube-vip-iptables
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "v0.6.0"
+
+config:
+  address: ""
+
+env:
+  vip_interface: ""
+  vip_arp: "true"
+  lb_enable: "true"
+  lb_port: "6443"
+  vip_cidr: "32"
+  cp_enable: "false"
+  svc_enable: "true"
+  vip_leaderelection: "false"
+
+imagePullSecrets: [ ]
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: { }
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: { }
+
+podSecurityContext: { }
+# fsGroup: 2000
+
+securityContext:
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+
+resources: { }
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+affinity: { }
+  # nodeAffinity:
+  #   requiredDuringSchedulingIgnoredDuringExecution:
+  #     nodeSelectorTerms:
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/master
+  #         operator: Exists
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/control-plane
+  #         operator: Exists
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/ci/kind-values.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/ci/kind-values.yaml
new file mode 100644
index 0000000000..2f3796b7a2
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/ci/kind-values.yaml
@@ -0,0 +1,3 @@
+replicasCount: 1
+# It's an existent but invalid kubeconfig, just for helm installation testing in kind
+cloudConfigPath: "/etc/kubernetes/admin.conf"
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/.helmignore b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/Chart.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/Chart.yaml
new file mode 100644
index 0000000000..05d8442a5b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+appVersion: v0.8.4
+description: A Helm chart for kube-vip
+icon: https://github.com/kube-vip/kube-vip/raw/main/kube-vip.png
+maintainers:
+- name: kube-vip
+name: kube-vip
+type: application
+version: 0.6.4
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/_helpers.tpl
new file mode 100644
index 0000000000..e1d1776d8b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/_helpers.tpl
@@ -0,0 +1,80 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-vip.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-vip.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-vip.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kube-vip.labels" -}}
+helm.sh/chart: {{ include "kube-vip.chart" . }}
+{{ include "kube-vip.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-vip.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kube-vip.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-vip.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Convert string to boolean
+*/}}
+{{- define "kube-vip.toBool" -}}
+{{- if eq (lower (toString .)) "true" -}}
+{{- true -}}
+{{- else if eq (lower (toString .)) "false" -}}
+{{- false -}}
+{{- else if eq (lower (toString .)) "1" -}}
+{{- true -}}
+{{- else if eq (lower (toString .)) "0" -}}
+{{- false -}}
+{{- else -}}
+{{- default . false -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/daemonset.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/daemonset.yaml
new file mode 100644
index 0000000000..77e3e59870
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/daemonset.yaml
@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace | default "kube-system" }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kube-vip.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "kube-vip.selectorLabels" . | nindent 8 }}
+      {{- with .Values.extraLabels }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+      - args:
+          - manager
+          {{- if kindIs "map" .Values.extraArgs }}
+          {{- range $key, $value := .Values.extraArgs }}
+          {{- if not (kindIs "invalid" $value) }}
+          - --{{ $key }}={{ tpl ($value | toString) $ }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+          {{- end }}
+          {{- end }}
+        env:
+          {{- if eq (include "kube-vip.toBool" .Values.env.cp_enable) "true" }}
+          - name: vip_address
+            value: {{ required "A valid config.address required!" .Values.config.address}}
+          {{- end }}
+        {{- with .Values.env }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            value: {{ quote $value }}
+          {{- end }}
+        {{- end }}
+        {{- with .Values.envValueFrom }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            valueFrom:
+              {{- toYaml $value | nindent 14 }}
+          {{- end }}
+        {{- end }}
+      {{- with .Values.envFrom }}
+        envFrom:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: kube-vip
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        {{- with .Values.volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with .Values.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      hostNetwork: true
+      serviceAccountName: {{ include "kube-vip.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/rbac.yaml
new file mode 100644
index 0000000000..152cc3ca31
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/templates/rbac.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: {{ include "kube-vip.name" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes", "endpoints"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kube-vip.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/values.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/values.yaml
new file mode 100644
index 0000000000..11c47edd0b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/dependency_charts/kube-vip/values.yaml
@@ -0,0 +1,126 @@
+# Default values for kube-vip.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+  repository: ghcr.io/kube-vip/kube-vip
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  # tag: "v0.7.0"
+
+config:
+  address: ""
+
+# Check https://kube-vip.io/docs/installation/flags/
+env:
+  vip_interface: ""
+  vip_arp: "true"
+  lb_enable: "true"
+  lb_port: "6443"
+  vip_cidr: "32"
+  cp_enable: "false"
+  svc_enable: "true"
+  svc_election: "false"
+  vip_leaderelection: "false"
+
+extraArgs: {}
+  # Specify additional arguments to kube-vip
+  # For example, to change the Prometheus HTTP server port, use the following:
+  # prometheusHTTPServer: "0.0.0.0:2112"
+
+envValueFrom: {}
+  # Specify environment variables using valueFrom references (EnvVarSource)
+  # For example we can use the IP address of the pod itself as a unique value for the routerID
+  # bgp_routerid:
+  #  fieldRef:
+  #    fieldPath: status.podIP
+
+envFrom: []
+  # Specify an externally created Secret(s) or ConfigMap(s) to inject environment variables
+  # For example an externally provisioned secret could contain the password for your upstream BGP router, such as
+  #
+  # apiVersion: v1
+  # data:
+  #   bgp_peers: "<address:AS:password:multihop>"
+  # kind: Secret
+  #   name: kube-vip
+  #   namespace: kube-system
+  # type: Opaque
+  #
+  # - secretKeyRef:
+  #    name: kube-vip
+
+extraLabels: {}
+  # Specify extra labels to be added to DaemonSet (and therefore to Pods)
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+securityContext:
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+volumes: []
+  # Specify additional volumes
+  #   - hostPath:
+  #       path: /etc/rancher/k3s/k3s.yaml
+  #       type: File
+  #     name: kubeconfig
+
+volumeMounts: []
+  # Specify additional volume mounts
+  # - mountPath: /etc/kubernetes/admin.conf
+  #   name: kubeconfig
+
+hostAliases: []
+  # Specify additional host aliases
+  # - hostnames:
+  #     - kubernetes
+  #   ip: 127.0.0.1
+
+nodeSelector: {}
+
+tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+affinity: {}
+  # nodeAffinity:
+  #   requiredDuringSchedulingIgnoredDuringExecution:
+  #     nodeSelectorTerms:
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/master
+  #         operator: Exists
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/control-plane
+  #         operator: Exists
+
+priorityClassName: ""
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/questions.yml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/questions.yml
new file mode 100644
index 0000000000..9a85c90295
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/questions.yml
@@ -0,0 +1,11 @@
+categories:
+- infrastructure
+- harvester
+namespace: kube-system
+questions:
+- variable: cloudConfigPath
+  label: Cloud config file path
+  description: "Specify the path of the cloud config."
+  group: "Default"
+  type: string
+  default: "/etc/kubernetes/cloud-config"
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/_helpers.tpl
new file mode 100644
index 0000000000..f637aa2397
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/_helpers.tpl
@@ -0,0 +1,69 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harvester-cloud-provider.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "harvester-cloud-provider.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harvester-cloud-provider.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "harvester-cloud-provider.labels" -}}
+helm.sh/chart: {{ include "harvester-cloud-provider.chart" . }}
+{{ include "harvester-cloud-provider.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "harvester-cloud-provider.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-cloud-provider.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "harvester-cloud-provider.serviceAccountName" -}}
+{{- default (include "harvester-cloud-provider.fullname" .) .Values.serviceAccount.name }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/deployment.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/deployment.yaml
new file mode 100644
index 0000000000..2145c4c575
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+  name: {{ include "harvester-cloud-provider.name" . }}
+spec:
+  replicas: {{ .Values.replicasCount}}
+  selector:
+    matchLabels:
+  {{- include "harvester-cloud-provider.selectorLabels" . | nindent 6 }}
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+    {{- include "harvester-cloud-provider.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "harvester-cloud-provider.name" . }}
+      hostNetwork: true
+      containers:
+        - name: {{ include "harvester-cloud-provider.name" . }}
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - --cloud-config=/etc/kubernetes/cloud-config
+            {{- if ne .Values.global.cattle.clusterName "" }}
+            - --cluster-name={{ .Values.global.cattle.clusterName }}
+          {{- end }}
+          command:
+            - harvester-cloud-provider
+          resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /etc/kubernetes/cloud-config
+              name: cloud-config
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: cloud-config
+          hostPath:
+            path: {{ required "A valid cloudConfigPath is required!" .Values.cloudConfigPath }}
+            type: File
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/rbac.yaml
new file mode 100644
index 0000000000..f695cfdc2c
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/templates/rbac.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "services", "nodes", "events" ]
+    verbs: [ "get", "watch", "list", "update", "create", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "nodes/status", "services/status" ]
+    verbs: [ "update", "patch" ]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "update", "create" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "harvester-cloud-provider.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "harvester-cloud-provider.name" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.4+up0.2.7/values.yaml b/charts/harvester-cloud-provider/103.0.4+up0.2.7/values.yaml
new file mode 100644
index 0000000000..038d6918ad
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.4+up0.2.7/values.yaml
@@ -0,0 +1,106 @@
+# Default values for harvester-cloud-provider.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicasCount: 1
+
+image:
+  repository: rancher/harvester-cloud-provider
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: v0.2.4
+
+cloudConfigPath: "/etc/kubernetes/cloud-config"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+- effect: NoSchedule
+  key: node.cloudprovider.kubernetes.io/uninitialized
+  operator: Equal
+  value: "true"
+- effect: NoSchedule
+  key: node-role.kubernetes.io/control-plane
+  operator: Equal
+- effect: NoExecute
+  key: node-role.kubernetes.io/etcd
+  operator: Equal
+- key: cattle.io/os
+  operator: Equal
+  value: "linux"
+  effect: NoSchedule
+
+affinity:
+  podAntiAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+            - key: app.kubernetes.io/name
+              operator: In
+              values:
+                - harvester-cloud-provider
+        topologyKey: kubernetes.io/hostname
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+
+kube-vip:
+  enabled: true
+  tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+  - effect: NoExecute
+    key: node-role.kubernetes.io/etcd
+    operator: Exists
+  image:
+    repository: rancher/mirrored-kube-vip-kube-vip-iptables
+    tag: v0.8.7
+  env:
+    vip_interface: ""
+    vip_arp: "true"
+    lb_enable: "true"
+    lb_port: "6443"
+    vip_cidr: "32"
+    cp_enable: "false"
+    svc_enable: "true"
+    vip_leaderelection: "false"
+    enable_service_security: "true"
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        # For RKE1
+        - matchExpressions:
+          - key: node-role.kubernetes.io/controlplane
+            operator: Exists
+        # For RKE2
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: Exists
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/.helmignore b/charts/harvester-cloud-provider/103.0.5+up0.2.8/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.lock b/charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.lock
new file mode 100644
index 0000000000..c6f7db6a91
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: kube-vip
+  repository: file://dependency_charts/kube-vip
+  version: 0.4.2
+digest: sha256:bbbff44d39375203f4880e5a76f0d9705f25edc53f89532e8ef39cd23d9ca92b
+generated: "2023-06-07T17:47:05.632456+08:00"
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.yaml
new file mode 100644
index 0000000000..ba6c8c1d7b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/Chart.yaml
@@ -0,0 +1,27 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Harvester Cloud Provider
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: kube-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: harvester-cloud-provider
+  catalog.cattle.io/ui-component: harvester-cloud-provider
+  catalog.cattle.io/upstream-version: 0.2.8
+apiVersion: v2
+appVersion: v0.2.4
+dependencies:
+- condition: kube-vip.enabled
+  name: kube-vip
+  repository: file://./charts/kube-vip
+  version: 0.6.4
+description: A Helm chart for Harvester Cloud Provider
+keywords:
+- infrastructure
+- harvester
+maintainers:
+- name: harvester
+name: harvester-cloud-provider
+type: application
+version: 103.0.5+up0.2.8
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/.helmignore b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/Chart.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/Chart.yaml
new file mode 100644
index 0000000000..77d865f6bc
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: v0.4.1
+description: A Helm chart for kube-vip
+name: kube-vip
+type: application
+version: 0.4.2
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/_helpers.tpl
new file mode 100644
index 0000000000..699c16299e
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/_helpers.tpl
@@ -0,0 +1,74 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-vip.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-vip.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-vip.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kube-vip.labels" -}}
+helm.sh/chart: {{ include "kube-vip.chart" . }}
+{{ include "kube-vip.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-vip.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kube-vip.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-vip.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/daemonset.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/daemonset.yaml
new file mode 100644
index 0000000000..cf8a845423
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/daemonset.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace | default "kube-system" }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kube-vip.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "kube-vip.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - args:
+          - manager
+        env:
+          {{- if eq .Values.env.cp_enable "true" }}
+          - name: vip_address
+            value: {{ required "A valid config.address required!" .Values.config.address}}
+          {{- end }}
+        {{- with .Values.env }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            value: {{ quote $value }}
+          {{- end }}
+        {{- end }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: kube-vip
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+      hostNetwork: true
+      serviceAccountName: {{ include "kube-vip.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/rbac.yaml
new file mode 100644
index 0000000000..0aee28c9bb
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/templates/rbac.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: {{ include "kube-vip.name" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kube-vip.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/values.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/values.yaml
new file mode 100644
index 0000000000..307bf8304b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/charts/kube-vip/values.yaml
@@ -0,0 +1,79 @@
+# Default values for kube-vip.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: rancher/mirrored-kube-vip-kube-vip-iptables
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "v0.6.0"
+
+config:
+  address: ""
+
+env:
+  vip_interface: ""
+  vip_arp: "true"
+  lb_enable: "true"
+  lb_port: "6443"
+  vip_cidr: "32"
+  cp_enable: "false"
+  svc_enable: "true"
+  vip_leaderelection: "false"
+
+imagePullSecrets: [ ]
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: { }
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: { }
+
+podSecurityContext: { }
+# fsGroup: 2000
+
+securityContext:
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+
+resources: { }
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+affinity: { }
+  # nodeAffinity:
+  #   requiredDuringSchedulingIgnoredDuringExecution:
+  #     nodeSelectorTerms:
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/master
+  #         operator: Exists
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/control-plane
+  #         operator: Exists
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/ci/kind-values.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/ci/kind-values.yaml
new file mode 100644
index 0000000000..2f3796b7a2
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/ci/kind-values.yaml
@@ -0,0 +1,3 @@
+replicasCount: 1
+# It's an existent but invalid kubeconfig, just for helm installation testing in kind
+cloudConfigPath: "/etc/kubernetes/admin.conf"
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/.helmignore b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/Chart.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/Chart.yaml
new file mode 100644
index 0000000000..05d8442a5b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+appVersion: v0.8.4
+description: A Helm chart for kube-vip
+icon: https://github.com/kube-vip/kube-vip/raw/main/kube-vip.png
+maintainers:
+- name: kube-vip
+name: kube-vip
+type: application
+version: 0.6.4
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/_helpers.tpl
new file mode 100644
index 0000000000..e1d1776d8b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/_helpers.tpl
@@ -0,0 +1,80 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-vip.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-vip.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-vip.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kube-vip.labels" -}}
+helm.sh/chart: {{ include "kube-vip.chart" . }}
+{{ include "kube-vip.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-vip.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kube-vip.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-vip.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Convert string to boolean
+*/}}
+{{- define "kube-vip.toBool" -}}
+{{- if eq (lower (toString .)) "true" -}}
+{{- true -}}
+{{- else if eq (lower (toString .)) "false" -}}
+{{- false -}}
+{{- else if eq (lower (toString .)) "1" -}}
+{{- true -}}
+{{- else if eq (lower (toString .)) "0" -}}
+{{- false -}}
+{{- else -}}
+{{- default . false -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/daemonset.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/daemonset.yaml
new file mode 100644
index 0000000000..77e3e59870
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/daemonset.yaml
@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace | default "kube-system" }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kube-vip.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "kube-vip.selectorLabels" . | nindent 8 }}
+      {{- with .Values.extraLabels }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+      - args:
+          - manager
+          {{- if kindIs "map" .Values.extraArgs }}
+          {{- range $key, $value := .Values.extraArgs }}
+          {{- if not (kindIs "invalid" $value) }}
+          - --{{ $key }}={{ tpl ($value | toString) $ }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+          {{- end }}
+          {{- end }}
+        env:
+          {{- if eq (include "kube-vip.toBool" .Values.env.cp_enable) "true" }}
+          - name: vip_address
+            value: {{ required "A valid config.address required!" .Values.config.address}}
+          {{- end }}
+        {{- with .Values.env }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            value: {{ quote $value }}
+          {{- end }}
+        {{- end }}
+        {{- with .Values.envValueFrom }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            valueFrom:
+              {{- toYaml $value | nindent 14 }}
+          {{- end }}
+        {{- end }}
+      {{- with .Values.envFrom }}
+        envFrom:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: kube-vip
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        {{- with .Values.volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with .Values.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      hostNetwork: true
+      serviceAccountName: {{ include "kube-vip.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/rbac.yaml
new file mode 100644
index 0000000000..152cc3ca31
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/templates/rbac.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: {{ include "kube-vip.name" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes", "endpoints"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kube-vip.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/values.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/values.yaml
new file mode 100644
index 0000000000..11c47edd0b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/dependency_charts/kube-vip/values.yaml
@@ -0,0 +1,126 @@
+# Default values for kube-vip.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+  repository: ghcr.io/kube-vip/kube-vip
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  # tag: "v0.7.0"
+
+config:
+  address: ""
+
+# Check https://kube-vip.io/docs/installation/flags/
+env:
+  vip_interface: ""
+  vip_arp: "true"
+  lb_enable: "true"
+  lb_port: "6443"
+  vip_cidr: "32"
+  cp_enable: "false"
+  svc_enable: "true"
+  svc_election: "false"
+  vip_leaderelection: "false"
+
+extraArgs: {}
+  # Specify additional arguments to kube-vip
+  # For example, to change the Prometheus HTTP server port, use the following:
+  # prometheusHTTPServer: "0.0.0.0:2112"
+
+envValueFrom: {}
+  # Specify environment variables using valueFrom references (EnvVarSource)
+  # For example we can use the IP address of the pod itself as a unique value for the routerID
+  # bgp_routerid:
+  #  fieldRef:
+  #    fieldPath: status.podIP
+
+envFrom: []
+  # Specify an externally created Secret(s) or ConfigMap(s) to inject environment variables
+  # For example an externally provisioned secret could contain the password for your upstream BGP router, such as
+  #
+  # apiVersion: v1
+  # data:
+  #   bgp_peers: "<address:AS:password:multihop>"
+  # kind: Secret
+  #   name: kube-vip
+  #   namespace: kube-system
+  # type: Opaque
+  #
+  # - secretKeyRef:
+  #    name: kube-vip
+
+extraLabels: {}
+  # Specify extra labels to be added to DaemonSet (and therefore to Pods)
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+securityContext:
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+volumes: []
+  # Specify additional volumes
+  #   - hostPath:
+  #       path: /etc/rancher/k3s/k3s.yaml
+  #       type: File
+  #     name: kubeconfig
+
+volumeMounts: []
+  # Specify additional volume mounts
+  # - mountPath: /etc/kubernetes/admin.conf
+  #   name: kubeconfig
+
+hostAliases: []
+  # Specify additional host aliases
+  # - hostnames:
+  #     - kubernetes
+  #   ip: 127.0.0.1
+
+nodeSelector: {}
+
+tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+affinity: {}
+  # nodeAffinity:
+  #   requiredDuringSchedulingIgnoredDuringExecution:
+  #     nodeSelectorTerms:
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/master
+  #         operator: Exists
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/control-plane
+  #         operator: Exists
+
+priorityClassName: ""
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/questions.yml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/questions.yml
new file mode 100644
index 0000000000..9a85c90295
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/questions.yml
@@ -0,0 +1,11 @@
+categories:
+- infrastructure
+- harvester
+namespace: kube-system
+questions:
+- variable: cloudConfigPath
+  label: Cloud config file path
+  description: "Specify the path of the cloud config."
+  group: "Default"
+  type: string
+  default: "/etc/kubernetes/cloud-config"
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/_helpers.tpl
new file mode 100644
index 0000000000..f637aa2397
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/_helpers.tpl
@@ -0,0 +1,69 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harvester-cloud-provider.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "harvester-cloud-provider.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harvester-cloud-provider.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "harvester-cloud-provider.labels" -}}
+helm.sh/chart: {{ include "harvester-cloud-provider.chart" . }}
+{{ include "harvester-cloud-provider.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "harvester-cloud-provider.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-cloud-provider.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "harvester-cloud-provider.serviceAccountName" -}}
+{{- default (include "harvester-cloud-provider.fullname" .) .Values.serviceAccount.name }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/deployment.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/deployment.yaml
new file mode 100644
index 0000000000..2145c4c575
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+  name: {{ include "harvester-cloud-provider.name" . }}
+spec:
+  replicas: {{ .Values.replicasCount}}
+  selector:
+    matchLabels:
+  {{- include "harvester-cloud-provider.selectorLabels" . | nindent 6 }}
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+    {{- include "harvester-cloud-provider.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "harvester-cloud-provider.name" . }}
+      hostNetwork: true
+      containers:
+        - name: {{ include "harvester-cloud-provider.name" . }}
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - --cloud-config=/etc/kubernetes/cloud-config
+            {{- if ne .Values.global.cattle.clusterName "" }}
+            - --cluster-name={{ .Values.global.cattle.clusterName }}
+          {{- end }}
+          command:
+            - harvester-cloud-provider
+          resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /etc/kubernetes/cloud-config
+              name: cloud-config
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: cloud-config
+          hostPath:
+            path: {{ required "A valid cloudConfigPath is required!" .Values.cloudConfigPath }}
+            type: File
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/rbac.yaml
new file mode 100644
index 0000000000..f695cfdc2c
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/templates/rbac.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "services", "nodes", "events" ]
+    verbs: [ "get", "watch", "list", "update", "create", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "nodes/status", "services/status" ]
+    verbs: [ "update", "patch" ]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "update", "create" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "harvester-cloud-provider.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "harvester-cloud-provider.name" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.5+up0.2.8/values.yaml b/charts/harvester-cloud-provider/103.0.5+up0.2.8/values.yaml
new file mode 100644
index 0000000000..038d6918ad
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.5+up0.2.8/values.yaml
@@ -0,0 +1,106 @@
+# Default values for harvester-cloud-provider.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicasCount: 1
+
+image:
+  repository: rancher/harvester-cloud-provider
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: v0.2.4
+
+cloudConfigPath: "/etc/kubernetes/cloud-config"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+- effect: NoSchedule
+  key: node.cloudprovider.kubernetes.io/uninitialized
+  operator: Equal
+  value: "true"
+- effect: NoSchedule
+  key: node-role.kubernetes.io/control-plane
+  operator: Equal
+- effect: NoExecute
+  key: node-role.kubernetes.io/etcd
+  operator: Equal
+- key: cattle.io/os
+  operator: Equal
+  value: "linux"
+  effect: NoSchedule
+
+affinity:
+  podAntiAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+            - key: app.kubernetes.io/name
+              operator: In
+              values:
+                - harvester-cloud-provider
+        topologyKey: kubernetes.io/hostname
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+
+kube-vip:
+  enabled: true
+  tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+  - effect: NoExecute
+    key: node-role.kubernetes.io/etcd
+    operator: Exists
+  image:
+    repository: rancher/mirrored-kube-vip-kube-vip-iptables
+    tag: v0.8.7
+  env:
+    vip_interface: ""
+    vip_arp: "true"
+    lb_enable: "true"
+    lb_port: "6443"
+    vip_cidr: "32"
+    cp_enable: "false"
+    svc_enable: "true"
+    vip_leaderelection: "false"
+    enable_service_security: "true"
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        # For RKE1
+        - matchExpressions:
+          - key: node-role.kubernetes.io/controlplane
+            operator: Exists
+        # For RKE2
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: Exists
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/.helmignore b/charts/harvester-cloud-provider/103.0.6+up0.2.9/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.lock b/charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.lock
new file mode 100644
index 0000000000..b493ac6ddc
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: kube-vip
+  repository: file://dependency_charts/kube-vip
+  version: 0.6.4
+digest: sha256:857edf047d3e5011242eb3c05a940f966ce0d3d1100f00f6bf095177119842a0
+generated: "2024-12-19T17:51:27.827525+08:00"
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.yaml
new file mode 100644
index 0000000000..00685279aa
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/Chart.yaml
@@ -0,0 +1,27 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Harvester Cloud Provider
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: kube-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: harvester-cloud-provider
+  catalog.cattle.io/ui-component: harvester-cloud-provider
+  catalog.cattle.io/upstream-version: 0.2.9
+apiVersion: v2
+appVersion: v0.2.4
+dependencies:
+- condition: kube-vip.enabled
+  name: kube-vip
+  repository: file://dependency_charts/kube-vip
+  version: 0.6.4
+description: A Helm chart for Harvester Cloud Provider
+keywords:
+- infrastructure
+- harvester
+maintainers:
+- name: harvester
+name: harvester-cloud-provider
+type: application
+version: 103.0.6+up0.2.9
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/.helmignore b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/Chart.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/Chart.yaml
new file mode 100644
index 0000000000..77d865f6bc
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: v0.4.1
+description: A Helm chart for kube-vip
+name: kube-vip
+type: application
+version: 0.4.2
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/_helpers.tpl
new file mode 100644
index 0000000000..699c16299e
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/_helpers.tpl
@@ -0,0 +1,74 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-vip.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-vip.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-vip.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kube-vip.labels" -}}
+helm.sh/chart: {{ include "kube-vip.chart" . }}
+{{ include "kube-vip.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-vip.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kube-vip.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-vip.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/daemonset.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/daemonset.yaml
new file mode 100644
index 0000000000..cf8a845423
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/daemonset.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace | default "kube-system" }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kube-vip.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "kube-vip.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - args:
+          - manager
+        env:
+          {{- if eq .Values.env.cp_enable "true" }}
+          - name: vip_address
+            value: {{ required "A valid config.address required!" .Values.config.address}}
+          {{- end }}
+        {{- with .Values.env }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            value: {{ quote $value }}
+          {{- end }}
+        {{- end }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: kube-vip
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+      hostNetwork: true
+      serviceAccountName: {{ include "kube-vip.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/rbac.yaml
new file mode 100644
index 0000000000..0aee28c9bb
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/templates/rbac.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: {{ include "kube-vip.name" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kube-vip.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/values.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/values.yaml
new file mode 100644
index 0000000000..307bf8304b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/charts/kube-vip/values.yaml
@@ -0,0 +1,79 @@
+# Default values for kube-vip.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: rancher/mirrored-kube-vip-kube-vip-iptables
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "v0.6.0"
+
+config:
+  address: ""
+
+env:
+  vip_interface: ""
+  vip_arp: "true"
+  lb_enable: "true"
+  lb_port: "6443"
+  vip_cidr: "32"
+  cp_enable: "false"
+  svc_enable: "true"
+  vip_leaderelection: "false"
+
+imagePullSecrets: [ ]
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: { }
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: { }
+
+podSecurityContext: { }
+# fsGroup: 2000
+
+securityContext:
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+
+resources: { }
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+affinity: { }
+  # nodeAffinity:
+  #   requiredDuringSchedulingIgnoredDuringExecution:
+  #     nodeSelectorTerms:
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/master
+  #         operator: Exists
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/control-plane
+  #         operator: Exists
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/ci/kind-values.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/ci/kind-values.yaml
new file mode 100644
index 0000000000..2f3796b7a2
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/ci/kind-values.yaml
@@ -0,0 +1,3 @@
+replicasCount: 1
+# It's an existent but invalid kubeconfig, just for helm installation testing in kind
+cloudConfigPath: "/etc/kubernetes/admin.conf"
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/.helmignore b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/Chart.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/Chart.yaml
new file mode 100644
index 0000000000..05d8442a5b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+appVersion: v0.8.4
+description: A Helm chart for kube-vip
+icon: https://github.com/kube-vip/kube-vip/raw/main/kube-vip.png
+maintainers:
+- name: kube-vip
+name: kube-vip
+type: application
+version: 0.6.4
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/_helpers.tpl
new file mode 100644
index 0000000000..22eac91004
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/_helpers.tpl
@@ -0,0 +1,91 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-vip.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-vip.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-vip.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kube-vip.labels" -}}
+helm.sh/chart: {{ include "kube-vip.chart" . }}
+{{ include "kube-vip.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-vip.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kube-vip.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-vip.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Convert string to boolean
+*/}}
+{{- define "kube-vip.toBool" -}}
+{{- if eq (lower (toString .)) "true" -}}
+{{- true -}}
+{{- else if eq (lower (toString .)) "false" -}}
+{{- false -}}
+{{- else if eq (lower (toString .)) "1" -}}
+{{- true -}}
+{{- else if eq (lower (toString .)) "0" -}}
+{{- false -}}
+{{- else -}}
+{{- default . false -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/daemonset.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/daemonset.yaml
new file mode 100644
index 0000000000..f8e698e494
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/daemonset.yaml
@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace | default "kube-system" }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kube-vip.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "kube-vip.selectorLabels" . | nindent 8 }}
+      {{- with .Values.extraLabels }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+      - args:
+          - manager
+          {{- if kindIs "map" .Values.extraArgs }}
+          {{- range $key, $value := .Values.extraArgs }}
+          {{- if not (kindIs "invalid" $value) }}
+          - --{{ $key }}={{ tpl ($value | toString) $ }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+          {{- end }}
+          {{- end }}
+        env:
+          {{- if eq (include "kube-vip.toBool" .Values.env.cp_enable) "true" }}
+          - name: vip_address
+            value: {{ required "A valid config.address required!" .Values.config.address}}
+          {{- end }}
+        {{- with .Values.env }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            value: {{ quote $value }}
+          {{- end }}
+        {{- end }}
+        {{- with .Values.envValueFrom }}
+          {{- range $k, $v := . }}
+            {{- $name := $k }}
+            {{- $value := $v }}
+          - name: {{ quote $name }}
+            valueFrom:
+              {{- toYaml $value | nindent 14 }}
+          {{- end }}
+        {{- end }}
+      {{- with .Values.envFrom }}
+        envFrom:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: kube-vip
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        {{- with .Values.volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with .Values.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      hostNetwork: true
+      serviceAccountName: {{ include "kube-vip.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/rbac.yaml
new file mode 100644
index 0000000000..152cc3ca31
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/templates/rbac.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: {{ include "kube-vip.name" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes", "endpoints"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kube-vip.name" . }}
+  labels:
+  {{- include "kube-vip.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kube-vip.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kube-vip.name" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/values.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/values.yaml
new file mode 100644
index 0000000000..11c47edd0b
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/dependency_charts/kube-vip/values.yaml
@@ -0,0 +1,126 @@
+# Default values for kube-vip.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+  repository: ghcr.io/kube-vip/kube-vip
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  # tag: "v0.7.0"
+
+config:
+  address: ""
+
+# Check https://kube-vip.io/docs/installation/flags/
+env:
+  vip_interface: ""
+  vip_arp: "true"
+  lb_enable: "true"
+  lb_port: "6443"
+  vip_cidr: "32"
+  cp_enable: "false"
+  svc_enable: "true"
+  svc_election: "false"
+  vip_leaderelection: "false"
+
+extraArgs: {}
+  # Specify additional arguments to kube-vip
+  # For example, to change the Prometheus HTTP server port, use the following:
+  # prometheusHTTPServer: "0.0.0.0:2112"
+
+envValueFrom: {}
+  # Specify environment variables using valueFrom references (EnvVarSource)
+  # For example we can use the IP address of the pod itself as a unique value for the routerID
+  # bgp_routerid:
+  #  fieldRef:
+  #    fieldPath: status.podIP
+
+envFrom: []
+  # Specify an externally created Secret(s) or ConfigMap(s) to inject environment variables
+  # For example an externally provisioned secret could contain the password for your upstream BGP router, such as
+  #
+  # apiVersion: v1
+  # data:
+  #   bgp_peers: "<address:AS:password:multihop>"
+  # kind: Secret
+  #   name: kube-vip
+  #   namespace: kube-system
+  # type: Opaque
+  #
+  # - secretKeyRef:
+  #    name: kube-vip
+
+extraLabels: {}
+  # Specify extra labels to be added to DaemonSet (and therefore to Pods)
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+securityContext:
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+volumes: []
+  # Specify additional volumes
+  #   - hostPath:
+  #       path: /etc/rancher/k3s/k3s.yaml
+  #       type: File
+  #     name: kubeconfig
+
+volumeMounts: []
+  # Specify additional volume mounts
+  # - mountPath: /etc/kubernetes/admin.conf
+  #   name: kubeconfig
+
+hostAliases: []
+  # Specify additional host aliases
+  # - hostnames:
+  #     - kubernetes
+  #   ip: 127.0.0.1
+
+nodeSelector: {}
+
+tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+affinity: {}
+  # nodeAffinity:
+  #   requiredDuringSchedulingIgnoredDuringExecution:
+  #     nodeSelectorTerms:
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/master
+  #         operator: Exists
+  #     - matchExpressions:
+  #       - key: node-role.kubernetes.io/control-plane
+  #         operator: Exists
+
+priorityClassName: ""
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/questions.yml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/questions.yml
new file mode 100644
index 0000000000..9a85c90295
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/questions.yml
@@ -0,0 +1,11 @@
+categories:
+- infrastructure
+- harvester
+namespace: kube-system
+questions:
+- variable: cloudConfigPath
+  label: Cloud config file path
+  description: "Specify the path of the cloud config."
+  group: "Default"
+  type: string
+  default: "/etc/kubernetes/cloud-config"
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/_helpers.tpl b/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/_helpers.tpl
new file mode 100644
index 0000000000..f637aa2397
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/_helpers.tpl
@@ -0,0 +1,69 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harvester-cloud-provider.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "harvester-cloud-provider.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harvester-cloud-provider.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "harvester-cloud-provider.labels" -}}
+helm.sh/chart: {{ include "harvester-cloud-provider.chart" . }}
+{{ include "harvester-cloud-provider.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "harvester-cloud-provider.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-cloud-provider.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "harvester-cloud-provider.serviceAccountName" -}}
+{{- default (include "harvester-cloud-provider.fullname" .) .Values.serviceAccount.name }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/deployment.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/deployment.yaml
new file mode 100644
index 0000000000..2145c4c575
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+  name: {{ include "harvester-cloud-provider.name" . }}
+spec:
+  replicas: {{ .Values.replicasCount}}
+  selector:
+    matchLabels:
+  {{- include "harvester-cloud-provider.selectorLabels" . | nindent 6 }}
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+    {{- include "harvester-cloud-provider.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "harvester-cloud-provider.name" . }}
+      hostNetwork: true
+      containers:
+        - name: {{ include "harvester-cloud-provider.name" . }}
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - --cloud-config=/etc/kubernetes/cloud-config
+            {{- if ne .Values.global.cattle.clusterName "" }}
+            - --cluster-name={{ .Values.global.cattle.clusterName }}
+          {{- end }}
+          command:
+            - harvester-cloud-provider
+          resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /etc/kubernetes/cloud-config
+              name: cloud-config
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: cloud-config
+          hostPath:
+            path: {{ required "A valid cloudConfigPath is required!" .Values.cloudConfigPath }}
+            type: File
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/rbac.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/rbac.yaml
new file mode 100644
index 0000000000..f695cfdc2c
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/templates/rbac.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "services", "nodes", "events" ]
+    verbs: [ "get", "watch", "list", "update", "create", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "nodes/status", "services/status" ]
+    verbs: [ "update", "patch" ]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "update", "create" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "harvester-cloud-provider.name" . }}
+  labels:
+  {{- include "harvester-cloud-provider.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "harvester-cloud-provider.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "harvester-cloud-provider.name" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/harvester-cloud-provider/103.0.6+up0.2.9/values.yaml b/charts/harvester-cloud-provider/103.0.6+up0.2.9/values.yaml
new file mode 100644
index 0000000000..038d6918ad
--- /dev/null
+++ b/charts/harvester-cloud-provider/103.0.6+up0.2.9/values.yaml
@@ -0,0 +1,106 @@
+# Default values for harvester-cloud-provider.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicasCount: 1
+
+image:
+  repository: rancher/harvester-cloud-provider
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: v0.2.4
+
+cloudConfigPath: "/etc/kubernetes/cloud-config"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+- effect: NoSchedule
+  key: node.cloudprovider.kubernetes.io/uninitialized
+  operator: Equal
+  value: "true"
+- effect: NoSchedule
+  key: node-role.kubernetes.io/control-plane
+  operator: Equal
+- effect: NoExecute
+  key: node-role.kubernetes.io/etcd
+  operator: Equal
+- key: cattle.io/os
+  operator: Equal
+  value: "linux"
+  effect: NoSchedule
+
+affinity:
+  podAntiAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+            - key: app.kubernetes.io/name
+              operator: In
+              values:
+                - harvester-cloud-provider
+        topologyKey: kubernetes.io/hostname
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+
+kube-vip:
+  enabled: true
+  tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+  - effect: NoExecute
+    key: node-role.kubernetes.io/etcd
+    operator: Exists
+  image:
+    repository: rancher/mirrored-kube-vip-kube-vip-iptables
+    tag: v0.8.7
+  env:
+    vip_interface: ""
+    vip_arp: "true"
+    lb_enable: "true"
+    lb_port: "6443"
+    vip_cidr: "32"
+    cp_enable: "false"
+    svc_enable: "true"
+    vip_leaderelection: "false"
+    enable_service_security: "true"
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        # For RKE1
+        - matchExpressions:
+          - key: node-role.kubernetes.io/controlplane
+            operator: Exists
+        # For RKE2
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: Exists
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/.helmignore b/charts/harvester-csi-driver/103.0.5+up0.1.22/.helmignore
new file mode 100644
index 0000000000..0e8a0eb36f
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/Chart.yaml b/charts/harvester-csi-driver/103.0.5+up0.1.22/Chart.yaml
new file mode 100644
index 0000000000..9cd83c1d75
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Harvester CSI Driver
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: kube-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: harvester-csi-driver
+  catalog.cattle.io/ui-component: harvester-csi-driver
+  catalog.cattle.io/upstream-version: 0.1.21
+apiVersion: v2
+appVersion: v0.2.2
+description: A Helm chart for Harvester CSI driver
+keywords:
+- infrastructure
+- harvester
+maintainers:
+- name: harvester
+name: harvester-csi-driver
+type: application
+version: 103.0.5+up0.1.22
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/questions.yml b/charts/harvester-csi-driver/103.0.5+up0.1.22/questions.yml
new file mode 100644
index 0000000000..0c703a0f29
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/questions.yml
@@ -0,0 +1,11 @@
+categories:
+- infrastructure
+- harvester
+namespace: kube-system
+questions:
+- variable: cloudConfig.hostPath
+  label: Cloud config file path
+  description: "Specify the path of the cloud config."
+  group: "Default"
+  type: string
+  default: "/etc/kubernetes/cloud-config"
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/NOTES.txt b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/NOTES.txt
new file mode 100644
index 0000000000..ba09c6d518
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/NOTES.txt
@@ -0,0 +1 @@
+Successfully deployed Harvester CSI driver to the {{ .Release.Namespace }} namespace.
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/_helpers.tpl b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/_helpers.tpl
new file mode 100644
index 0000000000..def471b21d
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harvester-csi-driver.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "harvester-csi-driver.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harvester-csi-driver.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "harvester-csi-driver.labels" -}}
+helm.sh/chart: {{ include "harvester-csi-driver.chart" . }}
+{{ include "harvester-csi-driver.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "harvester-csi-driver.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-csi-driver.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/csidriver.yaml b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/csidriver.yaml
new file mode 100644
index 0000000000..5fc6ec84a2
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/csidriver.yaml
@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: driver.harvesterhci.io
+spec:
+  attachRequired: true
+  fsGroupPolicy: ReadWriteOnceWithFSType
+  podInfoOnMount: true
+  volumeLifecycleModes:
+    - Persistent
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/daemonset.yaml b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/daemonset.yaml
new file mode 100644
index 0000000000..6ccb3203a0
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/daemonset.yaml
@@ -0,0 +1,152 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      component: csi-driver
+      {{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        component: csi-driver
+        {{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path={{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io/csi.sock
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - rm -rf /registration/driver.harvesterhci.io-reg.sock
+                    /csi//*
+          name: node-driver-registrar
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+            - mountPath: /registration
+              name: registration-dir
+        - args:
+            - --nodeid=$(NODE_ID)
+            - --endpoint=$(CSI_ENDPOINT)
+            - --kubeconfig=/var/lib/harvester/cloud-provider-config
+            {{- if .Values.hostStorageClass }}
+            - --host-storage-class={{ .Values.hostStorageClass }}
+            {{- end }}
+          env:
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          image: {{ template "system_default_registry" . }}{{ .Values.image.harvester.csiDriver.repository }}:{{ .Values.image.harvester.csiDriver.tag | default .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - rm -f /csi//*
+          name: harvester-csi-driver
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              add:
+                - SYS_ADMIN
+            privileged: true
+          volumeMounts:
+            - name: cloud-config
+              readOnly: true
+              mountPath: /var/lib/harvester
+            - name: kubernetes
+              readOnly: true
+              mountPath: /etc/kubernetes
+            - mountPath: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
+              mountPropagation: Bidirectional
+              name: kubernetes-csi-dir
+            - mountPath: /csi/
+              name: socket-dir
+            - mountPath: {{ .Values.kubeletRootDir }}/pods
+              mountPropagation: Bidirectional
+              name: pods-mount-dir
+            - mountPath: /dev
+              name: host-dev
+            - mountPath: /sys
+              name: host-sys
+            - mountPath: /rootfs
+              mountPropagation: Bidirectional
+              name: host
+            - mountPath: /lib/modules
+              name: lib-modules
+              readOnly: true
+      hostPID: true
+      serviceAccountName: {{ include "harvester-csi-driver.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: cloud-config
+        {{- if .Values.cloudConfig.secretName }}
+          secret:
+            secretName: {{ .Values.cloudConfig.secretName }}
+        {{- else }}
+          hostPath:
+            path: {{ .Values.cloudConfig.hostPath }}
+            type: DirectoryOrCreate
+        {{- end }}
+        - hostPath:
+            path: /etc/kubernetes
+            type: DirectoryOrCreate
+          name: kubernetes
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
+            type: DirectoryOrCreate
+          name: kubernetes-csi-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/plugins_registry
+            type: Directory
+          name: registration-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/pods
+            type: DirectoryOrCreate
+          name: pods-mount-dir
+        - hostPath:
+            path: /dev
+          name: host-dev
+        - hostPath:
+            path: /sys
+          name: host-sys
+        - hostPath:
+            path: /
+          name: host
+        - hostPath:
+            path: /lib/modules
+          name: lib-modules
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/deployment.yaml b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/deployment.yaml
new file mode 100644
index 0000000000..bb511dfa7b
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/deployment.yaml
@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}-controllers
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicasCount }}
+  selector:
+    matchLabels:
+      component: csi-controllers
+      {{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        component: csi-controllers
+        {{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-resizer
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+            - --default-fstype=ext4
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-provisioner
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-attacher
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+      serviceAccountName: {{ include "harvester-csi-driver.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
+            type: DirectoryOrCreate
+          name: socket-dir
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/rbac.yaml b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/rbac.yaml
new file mode 100644
index 0000000000..2ba042a26b
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/rbac.yaml
@@ -0,0 +1,75 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "harvester-csi-driver.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "harvester-csi-driver.name" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "watch", "list", "delete", "update", "create" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "csistoragecapacities" ]
+    verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: [ "get", "list", "watch", "create","update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "create","update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "csinodes" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "list", "watch", "create", "update", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "replicasets" ]
+    verbs: [ "get" ]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "volumeattachments/status" ]
+    verbs: [ "patch" ]
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/storageclass.yaml b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/storageclass.yaml
new file mode 100644
index 0000000000..a29c9c7da0
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/templates/storageclass.yaml
@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: harvester
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+allowVolumeExpansion: true
+provisioner: driver.harvesterhci.io
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
diff --git a/charts/harvester-csi-driver/103.0.5+up0.1.22/values.yaml b/charts/harvester-csi-driver/103.0.5+up0.1.22/values.yaml
new file mode 100644
index 0000000000..fe6b120cbd
--- /dev/null
+++ b/charts/harvester-csi-driver/103.0.5+up0.1.22/values.yaml
@@ -0,0 +1,56 @@
+# Default values for harvester-csi-driver.
+
+replicasCount: 3
+
+image:
+  harvester:
+    csiDriver:
+      repository: rancher/harvester-csi-driver
+      # Overrides the image tag whose default is the chart appVersion.
+      tag: "v0.2.2"
+  csi:
+    nodeDriverRegistrar:
+      repository: rancher/mirrored-longhornio-csi-node-driver-registrar
+      tag: v2.3.0
+    resizer:
+      repository: rancher/mirrored-longhornio-csi-resizer
+      tag: v1.2.0
+    provisioner:
+      repository: rancher/mirrored-longhornio-csi-provisioner
+      tag: v2.1.2
+    attacher:
+      repository: rancher/mirrored-longhornio-csi-attacher
+      tag: v3.2.1
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+# This field can be used to specify the corresponding StorageClass on the host cluster.
+hostStorageClass: ""
+kubeletRootDir: /var/lib/kubelet
+cloudConfig:
+  secretName: ""
+  hostPath: "/var/lib/rancher/rke2/etc/config-files/"
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - effect: NoSchedule
+    key: kubevirt.io/drain
+    operator: Exists
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Equal
+  - effect: NoExecute
+    key: node-role.kubernetes.io/etcd
+    operator: Equal
+  - key: cattle.io/os
+    operator: Equal
+    value: "linux"
+    effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
diff --git a/charts/neuvector-crd/103.0.8+up2.8.4/Chart.yaml b/charts/neuvector-crd/103.0.8+up2.8.4/Chart.yaml
new file mode 100644
index 0000000000..d7ebe8258a
--- /dev/null
+++ b/charts/neuvector-crd/103.0.8+up2.8.4/Chart.yaml
@@ -0,0 +1,16 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-neuvector-system
+  catalog.cattle.io/release-name: neuvector-crd
+apiVersion: v1
+appVersion: 5.4.2
+description: Helm chart for NeuVector's CRD services
+home: https://neuvector.com
+icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+maintainers:
+- email: support@neuvector.com
+  name: becitsthere
+name: neuvector-crd
+type: application
+version: 103.0.8+up2.8.4
diff --git a/charts/neuvector-crd/103.0.8+up2.8.4/README.md b/charts/neuvector-crd/103.0.8+up2.8.4/README.md
new file mode 100644
index 0000000000..a5379e6ba6
--- /dev/null
+++ b/charts/neuvector-crd/103.0.8+up2.8.4/README.md
@@ -0,0 +1,14 @@
+# NeuVector Helm Chart
+
+Helm chart for NeuVector container security's CRD services. NeuVector's CRD (Custom Resource Definition) capture and declare application security policies early in the pipeline, then defined policies can be deployed together with the container applications.
+
+Because the CRD policies can be deployed before NeuVector's core product, this separate helm chart is created. For the backward compatibility reason, crd.yaml is not removed in the 'core' chart. If you use this 'crd' chart, please set `crdwebhook.enabled` to false in the 'core' chart.
+ 
+## Configuration
+
+The following table lists the configurable parameters of the NeuVector chart and their default values.
+
+Parameter | Description | Default | Notes
+--------- | ----------- | ------- | -----
+`openshift` | If deploying in OpenShift, set this to true | `false` |
+`crdwebhook.type` | crd webhook type | `ClusterIP` |
diff --git a/charts/neuvector-crd/103.0.8+up2.8.4/templates/_helpers.tpl b/charts/neuvector-crd/103.0.8+up2.8.4/templates/_helpers.tpl
new file mode 100644
index 0000000000..c0cc49294e
--- /dev/null
+++ b/charts/neuvector-crd/103.0.8+up2.8.4/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/neuvector-crd/103.0.8+up2.8.4/templates/crd.yaml b/charts/neuvector-crd/103.0.8+up2.8.4/templates/crd.yaml
new file mode 100644
index 0000000000..15834c9dfe
--- /dev/null
+++ b/charts/neuvector-crd/103.0.8+up2.8.4/templates/crd.yaml
@@ -0,0 +1,977 @@
+{{- if .Values.crdwebhook.enabled -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvSecurityRule
+    listKind: NvSecurityRuleList
+    plural: nvsecurityrules
+    singular: nvsecurityrule
+  scope: Namespaced
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              egress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              file:
+                items:
+                  properties:
+                    app:
+                      items:
+                        type: string
+                      type: array
+                    behavior:
+                      enum:
+                      - monitor_change
+                      - block_access
+                      type: string
+                    filter:
+                      type: string
+                    recursive:
+                      type: boolean
+                  required:
+                  - behavior
+                  - filter
+                  type: object
+                type: array
+              ingress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              process:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    allow_update:
+                      type: boolean
+                    name:
+                      type: string
+                    path:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+              process_profile:
+                properties:
+                  baseline:
+                    enum:
+                    - default
+                    - shield
+                    - basic
+                    - zero-drift
+                    type: string
+                  mode:
+                    enum:
+                    - Discover
+                    - Monitor
+                    - Protect
+                    type: string
+                type: object
+              target:
+                properties:
+                  policymode:
+                    enum:
+                    - Discover
+                    - Monitor
+                    - Protect
+                    - N/A
+                    type: string
+                  selector:
+                    properties:
+                      comment:
+                        type: string
+                      criteria:
+                        items:
+                          properties:
+                            key:
+                              type: string
+                            op:
+                              type: string
+                            value:
+                              type: string
+                          required:
+                          - key
+                          - op
+                          - value
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      original_name:
+                        type: string
+                      mon_metric:
+                        type: boolean
+                      grp_sess_cur:
+                        type: integer
+                      grp_sess_rate:
+                        type: integer
+                      grp_band_width:
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                required:
+                - selector
+                type: object
+              dlp:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+              waf:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+            required:
+            - target
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvclustersecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvClusterSecurityRule
+    listKind: NvClusterSecurityRuleList
+    plural: nvclustersecurityrules
+    singular: nvclustersecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              egress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              file:
+                items:
+                  properties:
+                    app:
+                      items:
+                        type: string
+                      type: array
+                    behavior:
+                      enum:
+                      - monitor_change
+                      - block_access
+                      type: string
+                    filter:
+                      type: string
+                    recursive:
+                      type: boolean
+                  required:
+                  - behavior
+                  - filter
+                  type: object
+                type: array
+              ingress:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    applications:
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      type: string
+                    ports:
+                      type: string
+                    priority:
+                      type: integer
+                    selector:
+                      properties:
+                        comment:
+                          type: string
+                        criteria:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              op:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        original_name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  required:
+                  - action
+                  - name
+                  - selector
+                  type: object
+                type: array
+              process:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    allow_update:
+                      type: boolean
+                    name:
+                      type: string
+                    path:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+              process_profile:
+                properties:
+                  baseline:
+                    enum:
+                    - default
+                    - shield
+                    - basic
+                    - zero-drift
+                    type: string
+                  mode:
+                    enum:
+                    - Discover
+                    - Monitor
+                    - Protect
+                    type: string
+                type: object
+              target:
+                properties:
+                  policymode:
+                    enum:
+                    - Discover
+                    - Monitor
+                    - Protect
+                    - N/A
+                    type: string
+                  selector:
+                    properties:
+                      comment:
+                        type: string
+                      criteria:
+                        items:
+                          properties:
+                            key:
+                              type: string
+                            op:
+                              type: string
+                            value:
+                              type: string
+                          required:
+                          - key
+                          - op
+                          - value
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      original_name:
+                        type: string
+                      mon_metric:
+                        type: boolean
+                      grp_sess_cur:
+                        type: integer
+                      grp_sess_rate:
+                        type: integer
+                      grp_band_width:
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                required:
+                - selector
+                type: object
+              dlp:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+              waf:
+                properties:
+                  settings:
+                    items:
+                      properties:
+                        action:
+                          enum:
+                          - allow
+                          - deny
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - name
+                      - action
+                      type: object
+                    type: array
+                  status:
+                    type: boolean
+                type: object
+            required:
+            - target
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvdlpsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvDlpSecurityRule
+    listKind: NvDlpSecurityRuleList
+    plural: nvdlpsecurityrules
+    singular: nvdlpsecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              sensor:
+                properties:
+                  comment:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        patterns:
+                          items:
+                            properties:
+                              context:
+                                enum:
+                                - url
+                                - header
+                                - body
+                                - packet
+                                type: string
+                              key:
+                                enum:
+                                - pattern
+                                type: string
+                              op:
+                                enum:
+                                - regex
+                                - '!regex'
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            - context
+                            type: object
+                          type: array
+                      required:
+                      - name
+                      - patterns
+                      type: object
+                    type: array
+                required:
+                - name
+                type: object
+            required:
+            - sensor
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvadmissioncontrolsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvAdmissionControlSecurityRule
+    listKind: NvAdmissionControlSecurityRuleList
+    plural: nvadmissioncontrolsecurityrules
+    singular: nvadmissioncontrolsecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              config:
+                properties:
+                  client_mode:
+                    enum:
+                    - service
+                    - url
+                    type: string
+                  enable:
+                    type: boolean
+                  mode:
+                    enum:
+                    - monitor
+                    - protect
+                    type: string
+                required:
+                - enable
+                - mode
+                - client_mode
+                type: object
+              rules:
+                items:
+                  properties:
+                    action:
+                      enum:
+                      - allow
+                      - deny
+                      type: string
+                    comment:
+                      type: string
+                    criteria:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          sub_criteria:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                op:
+                                  type: string
+                                value:
+                                  type: string
+                              required:
+                              - name
+                              - op
+                              - value
+                              type: object
+                            type: array
+                          template_kind:
+                            type: string
+                          type:
+                            type: string
+                          value:
+                            type: string
+                          value_type:
+                            type: string
+                        required:
+                        - name
+                        - op
+                        - value
+                        type: object
+                      type: array
+                    disabled:
+                      type: boolean
+                    id:
+                      type: integer
+                    rule_mode:
+                      enum:
+                      - ""
+                      - monitor
+                      - protect
+                      type: string
+                    containers:
+                      items:
+                        enum:
+                        - containers
+                        - init_containers
+                        - ephemeral_containers
+                        type: string
+                      type: array
+                  required:
+                  - action
+                  - criteria
+                  type: object
+                type: array
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvwafsecurityrules.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvWafSecurityRule
+    listKind: NvWafSecurityRuleList
+    plural: nvwafsecurityrules
+    singular: nvwafsecurityrule
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              sensor:
+                properties:
+                  comment:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        patterns:
+                          items:
+                            properties:
+                              context:
+                                enum:
+                                - url
+                                - header
+                                - body
+                                - packet
+                                type: string
+                              key:
+                                enum:
+                                - pattern
+                                type: string
+                              op:
+                                enum:
+                                - regex
+                                - '!regex'
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - key
+                            - op
+                            - value
+                            - context
+                            type: object
+                          type: array
+                      required:
+                      - name
+                      - patterns
+                      type: object
+                    type: array
+                required:
+                - name
+                type: object
+            required:
+            - sensor
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvcomplianceprofiles.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvComplianceProfile
+    listKind: NvComplianceProfileList
+    plural: nvcomplianceprofiles
+    singular: nvcomplianceprofile
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              templates:
+                properties:
+                  disable_system:
+                    type: boolean
+                  entries:
+                    items:
+                      properties:
+                        tags:
+                          items:
+                            type: string
+                          type: array
+                        test_number:
+                          type: string
+                      required:
+                      - test_number
+                      type: object
+                    type: array
+                required:
+                - entries
+                type: object
+            type: object
+        type: object
+{{- end }}
+---
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apiextensions.k8s.io/v1
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+{{- end }}
+kind: CustomResourceDefinition
+metadata:
+  name: nvvulnerabilityprofiles.neuvector.com
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  group: neuvector.com
+  names:
+    kind: NvVulnerabilityProfile
+    listKind: NvVulnerabilityProfileList
+    plural: nvvulnerabilityprofiles
+    singular: nvvulnerabilityprofile
+  scope: Cluster
+{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+  version: v1
+{{- end }}
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              profile:
+                properties:
+                  entries:
+                    items:
+                      properties:
+                        comment:
+                          type: string
+                        days:
+                          type: integer
+                        domains:
+                          items:
+                            type: string
+                          type: array
+                        images:
+                          items:
+                            type: string
+                          type: array
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                required:
+                - entries
+                type: object
+            required:
+            - profile
+            type: object
+        type: object
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector-crd/103.0.8+up2.8.4/values.yaml b/charts/neuvector-crd/103.0.8+up2.8.4/values.yaml
new file mode 100644
index 0000000000..e899decf01
--- /dev/null
+++ b/charts/neuvector-crd/103.0.8+up2.8.4/values.yaml
@@ -0,0 +1,9 @@
+# Default values for neuvector.
+# This is a YAML-formatted file.
+# Declare variables to be passed into the templates.
+
+openshift: false
+
+crdwebhook:
+  type: ClusterIP
+  enabled: true
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/Chart.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/Chart.yaml
new file mode 100644
index 0000000000..e247533674
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/Chart.yaml
@@ -0,0 +1,27 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: NeuVector Monitor
+  catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.33.0-0'
+  catalog.cattle.io/namespace: cattle-neuvector-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/provides-gvr: neuvector.com/v1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: neuvector-monitor
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/upstream-version: 2.8.4
+apiVersion: v1
+appVersion: 1.0.1
+description: Helm feature chart (optional) add-on to NeuVector for monitoring with
+  Prometheus/Grafana.
+home: https://neuvector.com
+icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+keywords:
+- security
+maintainers:
+- email: support@neuvector.com
+  name: becitsthere
+name: neuvector-monitor
+sources:
+- https://github.com/neuvector/neuvector
+version: 103.0.8+up2.8.4
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/README.md b/charts/neuvector-monitor/103.0.8+up2.8.4/README.md
new file mode 100644
index 0000000000..897f52ed5a
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/README.md
@@ -0,0 +1,22 @@
+# NeuVector Helm Chart
+
+Helm chart for NeuVector's monitoring services.
+
+## Configuration
+
+The following table lists the configurable parameters of the NeuVector chart and their default values.
+
+Parameter | Description | Default | Notes
+--------- | ----------- | ------- | -----
+`registry` | NeuVector container registry | `registry.neuvector.com` |
+`oem` | OEM release name | `nil` |
+`leastPrivilege` | Assume monitor chart is always installed after the core chart, so service accounts created by the core chart will be used. Keep this value as same as in the core chart. | `false` |
+`exporter.enabled` | If true, create Prometheus exporter | `false` |
+`exporter.image.repository` | exporter image name | `neuvector/prometheus-exporter` |
+`exporter.image.tag` | exporter image tag | `latest` |
+`exporter.ctrlSecretName` | existing secret that have CTRL_USERNAME and CTRL_PASSWORD fields to login to the controller.  | `nil` | if parameter exists then `exporter.CTRL_USERNAME` & `exporter.CTRL_PASSWORD` will be skipped
+`exporter.CTRL_USERNAME` | Username to login to the controller. Suggest to replace the default admin user to a read-only user | `admin` |
+`exporter.CTRL_PASSWORD` | Password to login to the controller. | `admin` |
+`exporter.enforcerStats.enabled` | If true, enable the Enforcers stats | `false` | For the performance reason, by default the exporter does NOT pull CPU/memory usage from enforcers.
+---
+
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/app-readme.md b/charts/neuvector-monitor/103.0.8+up2.8.4/app-readme.md
new file mode 100644
index 0000000000..e0faed5b50
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/app-readme.md
@@ -0,0 +1,5 @@
+### Run-Time Protection Without Compromise
+
+NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform.
+
+Helm chart for NeuVector's monitoring services. Please make sure REST API service for controller in core chart is enabled.
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/dashboards/nv_dashboard.json b/charts/neuvector-monitor/103.0.8+up2.8.4/dashboards/nv_dashboard.json
new file mode 100644
index 0000000000..1da8b12e94
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/dashboards/nv_dashboard.json
@@ -0,0 +1,2036 @@
+{
+  "__inputs": [
+    {
+      "name": "datasource",
+      "label": "Prometheus",
+      "description": "",
+      "type": "datasource",
+      "pluginId": "prometheus",
+      "pluginName": "Prometheus"
+    }
+  ],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "10.2.3"
+    },
+    {
+      "type": "panel",
+      "id": "piechart",
+      "name": "Pie chart",
+      "version": ""
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "stat",
+      "name": "Stat",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "table",
+      "name": "Table",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "text",
+      "name": "Text",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "datasource",
+          "uid": "grafana"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "id": null,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "datasource": {
+        "type": "datasource",
+        "uid": "grafana"
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 3,
+        "x": 0,
+        "y": 0
+      },
+      "id": 38,
+      "options": {
+        "code": {
+          "language": "plaintext",
+          "showLineNumbers": false,
+          "showMiniMap": false
+        },
+        "content": "<div style=\"text-align:center\">\n  \n  ![NeuVector Logo](https://avatars.githubusercontent.com/u/19367275?s=200&v=4)<br>\n  <br>\n  [Documentation](https://open-docs.neuvector.com)<br>\n  </br>\n  [Users Slack Channel](https://rancher-users.slack.com/archives/C036F6JDZ8C)<br>\n  </br>\n  [GitHub](https://github.com/neuvector)\n\n</div>",
+        "mode": "markdown"
+      },
+      "pluginVersion": "10.2.3",
+      "title": "NeuVector Product Links",
+      "type": "text"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 3,
+        "y": 0
+      },
+      "id": 25,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "mean"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_enforcers",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Enforcer Replica Count",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 3,
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 0
+      },
+      "id": 8,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_cvedbVersion",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "CVE Database Version",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 0,
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "blue",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 0
+      },
+      "id": 20,
+      "links": [],
+      "maxDataPoints": 1000,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_pods",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Discovered Pod Count",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "percentunit"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 0
+      },
+      "id": 34,
+      "links": [],
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": true,
+          "expr": "max(nv_controller_cpu) by (display)\n",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Controller CPU Usage",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 1
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 3,
+        "y": 3
+      },
+      "id": 32,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "center",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "exemplar": true,
+          "expr": "nv_admission_denied",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "refId": "A"
+        }
+      ],
+      "title": "Denied Admissions",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "continuous-RdYlGr"
+          },
+          "mappings": [
+            {
+              "options": {
+                "1": {
+                  "color": "light-orange",
+                  "index": 1
+                },
+                "2": {
+                  "color": "yellow",
+                  "index": 2
+                },
+                "3": {
+                  "color": "green",
+                  "index": 3
+                }
+              },
+              "type": "value"
+            },
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "index": 0,
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "red",
+                "value": null
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 6,
+        "y": 3
+      },
+      "id": 2,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "value",
+        "graphMode": "none",
+        "justifyMode": "auto",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "mean"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "auto",
+        "wideLayout": true
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_controllers",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Controller Replicas",
+      "type": "stat"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "decimals": 0,
+          "mappings": [
+            {
+              "options": {
+                "match": "null",
+                "result": {
+                  "text": "N/A"
+                }
+              },
+              "type": "special"
+            }
+          ],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 1
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 3,
+        "x": 9,
+        "y": 3
+      },
+      "id": 19,
+      "links": [],
+      "maxDataPoints": 100,
+      "options": {
+        "colorMode": "background",
+        "graphMode": "none",
+        "justifyMode": "center",
+        "orientation": "horizontal",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "text": {},
+        "textMode": "value",
+        "wideLayout": true
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "exemplar": true,
+          "expr": "nv_summary_disconnectedEnforcers",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{target}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Disconnected Enforcers",
+      "type": "stat"
+    },
+    {
+      "columns": [
+        {
+          "text": "Current",
+          "value": "current"
+        }
+      ],
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "center",
+            "cellOptions": {
+              "type": "auto"
+            },
+            "filterable": false,
+            "inspect": false,
+            "width": 300
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "string"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "log"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 101
+              },
+              {
+                "id": "custom.cellOptions",
+                "value": {
+                  "type": "color-text"
+                }
+              },
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "light-orange",
+                  "mode": "fixed"
+                }
+              },
+              {
+                "id": "displayName",
+                "value": "Event Type"
+              },
+              {
+                "id": "custom.filterable",
+                "value": true
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "name"
+            },
+            "properties": [
+              {
+                "id": "custom.filterable",
+                "value": true
+              },
+              {
+                "id": "displayName",
+                "value": "Violation Type"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Last seen"
+            },
+            "properties": [
+              {
+                "id": "unit",
+                "value": "dateTimeAsIso"
+              },
+              {
+                "id": "custom.width",
+                "value": 200
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "fromname"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Source Pod"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "toname"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Destination Pod"
+              }
+            ]
+          }
+        ]
+      },
+      "fontSize": "90%",
+      "gridPos": {
+        "h": 8,
+        "w": 9,
+        "x": 3,
+        "y": 6
+      },
+      "id": 29,
+      "links": [],
+      "options": {
+        "cellHeight": "sm",
+        "footer": {
+          "countRows": false,
+          "enablePagination": true,
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "showHeader": true,
+        "sortBy": [
+          {
+            "desc": true,
+            "displayName": "Last seen"
+          }
+        ]
+      },
+      "pluginVersion": "10.2.3",
+      "scroll": true,
+      "showHeader": true,
+      "sort": {
+        "col": 1,
+        "desc": true
+      },
+      "styles": [
+        {
+          "alias": "Event",
+          "colors": [
+            "rgba(245, 54, 54, 0.9)",
+            "rgba(237, 129, 40, 0.89)",
+            "rgba(50, 172, 45, 0.97)"
+          ],
+          "dateFormat": "YYYY-MM-DD HH:mm",
+          "decimals": 2,
+          "link": false,
+          "mappingType": 1,
+          "pattern": "Metric",
+          "preserveFormat": false,
+          "sanitize": true,
+          "thresholds": [],
+          "type": "string",
+          "unit": "short"
+        },
+        {
+          "alias": "Time",
+          "colorMode": "value",
+          "colors": [
+            "#E0B400",
+            "rgba(237, 129, 40, 0.89)",
+            "rgba(50, 172, 45, 0.97)"
+          ],
+          "decimals": 0,
+          "pattern": "Current",
+          "thresholds": [],
+          "type": "number",
+          "unit": "dateTimeAsIso"
+        }
+      ],
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": false,
+          "expr": "nv_log_events",
+          "format": "time_series",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "range": false,
+          "refId": "A"
+        }
+      ],
+      "title": "Security Event Log",
+      "transform": "timeseries_aggregations",
+      "transformations": [
+        {
+          "id": "labelsToFields",
+          "options": {}
+        },
+        {
+          "id": "merge",
+          "options": {}
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true,
+              "endpoint": true,
+              "fromns": true,
+              "id": true,
+              "instance": true,
+              "job": true,
+              "namespace": true,
+              "pod": true,
+              "service": true,
+              "target": true,
+              "tons": true
+            },
+            "indexByName": {
+              "Time": 0,
+              "Value": 14,
+              "endpoint": 1,
+              "fromname": 7,
+              "fromns": 15,
+              "id": 2,
+              "instance": 3,
+              "job": 4,
+              "log": 5,
+              "name": 6,
+              "namespace": 8,
+              "pod": 9,
+              "service": 10,
+              "target": 11,
+              "toname": 12,
+              "tons": 13
+            },
+            "renameByName": {}
+          }
+        },
+        {
+          "id": "groupBy",
+          "options": {
+            "fields": {
+              "Value": {
+                "aggregations": [
+                  "max"
+                ],
+                "operation": "aggregate"
+              },
+              "fromname": {
+                "aggregations": [],
+                "operation": "groupby"
+              },
+              "log": {
+                "aggregations": [],
+                "operation": "groupby"
+              },
+              "name": {
+                "aggregations": [],
+                "operation": "groupby"
+              },
+              "toname": {
+                "aggregations": [],
+                "operation": "groupby"
+              }
+            }
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {},
+            "indexByName": {},
+            "renameByName": {
+              "Value (lastNotNull)": "Last seen",
+              "Value (max)": "Last seen"
+            }
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "left",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "bytes"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 6
+      },
+      "id": 12,
+      "links": [],
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": true,
+          "expr": "max(nv_controller_memory) by (display)",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Controller Memory Usage",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            }
+          },
+          "mappings": [],
+          "unit": "none"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #A"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "High"
+              },
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "red",
+                  "mode": "fixed"
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #B"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Medium"
+              },
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "light-orange",
+                  "mode": "fixed"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 3,
+        "x": 0,
+        "y": 10
+      },
+      "id": 24,
+      "links": [],
+      "options": {
+        "displayLabels": [
+          "value"
+        ],
+        "legend": {
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true,
+          "values": []
+        },
+        "pieType": "pie",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "tooltip": {
+          "mode": "none",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "9.1.5",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "expr": "sum(nv_container_vulnerabilityHigh) by (service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "expr": "sum(nv_container_vulnerabilityMedium) by (service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "B"
+        }
+      ],
+      "title": "Cluster CVE Count",
+      "transformations": [
+        {
+          "id": "merge",
+          "options": {
+            "reducers": []
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {}
+          }
+        }
+      ],
+      "type": "piechart"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "percentunit"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byValue",
+              "options": {
+                "op": "gte",
+                "reducer": "allIsZero",
+                "value": 0
+              }
+            },
+            "properties": [
+              {
+                "id": "custom.hideFrom",
+                "value": {
+                  "legend": true,
+                  "tooltip": true,
+                  "viz": false
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byValue",
+              "options": {
+                "op": "gte",
+                "reducer": "allIsNull",
+                "value": 0
+              }
+            },
+            "properties": [
+              {
+                "id": "custom.hideFrom",
+                "value": {
+                  "legend": true,
+                  "tooltip": true,
+                  "viz": false
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 12
+      },
+      "id": 10,
+      "links": [],
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "exemplar": true,
+          "expr": "max(nv_enforcer_cpu) by (display)\n",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Enforcer CPU Usage",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "center",
+            "cellOptions": {
+              "type": "auto"
+            },
+            "inspect": false,
+            "width": 101
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          }
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "exported_service"
+            },
+            "properties": [
+              {
+                "id": "custom.filterable",
+                "value": true
+              },
+              {
+                "id": "displayName",
+                "value": "Cluster Service Name"
+              },
+              {
+                "id": "custom.inspect",
+                "value": true
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #A"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "High"
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "red",
+                      "value": 1
+                    }
+                  ]
+                }
+              },
+              {
+                "id": "custom.cellOptions",
+                "value": {
+                  "type": "color-text"
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #B"
+            },
+            "properties": [
+              {
+                "id": "custom.cellOptions",
+                "value": {
+                  "type": "color-text"
+                }
+              },
+              {
+                "id": "displayName",
+                "value": "Medium"
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "light-orange",
+                      "value": 1
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "exported_service"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 300
+              },
+              {
+                "id": "custom.align",
+                "value": "right"
+              },
+              {
+                "id": "displayName",
+                "value": "Cluster Service Name"
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 4,
+        "x": 3,
+        "y": 14
+      },
+      "id": 36,
+      "links": [],
+      "options": {
+        "cellHeight": "sm",
+        "footer": {
+          "countRows": false,
+          "enablePagination": true,
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "showHeader": true,
+        "sortBy": []
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(nv_container_vulnerabilityHigh) by (exported_service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "editorMode": "code",
+          "expr": "sum(nv_container_vulnerabilityMedium) by (exported_service)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "",
+          "refId": "B"
+        }
+      ],
+      "title": "Vulnerabilities by Service",
+      "transformations": [
+        {
+          "id": "merge",
+          "options": {
+            "reducers": []
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {}
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "center",
+            "cellOptions": {
+              "type": "auto"
+            },
+            "filterable": false,
+            "inspect": false,
+            "minWidth": 50
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          }
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "name"
+            },
+            "properties": [
+              {
+                "id": "unit",
+                "value": "string"
+              },
+              {
+                "id": "custom.align",
+                "value": "right"
+              },
+              {
+                "id": "custom.inspect",
+                "value": true
+              },
+              {
+                "id": "custom.filterable",
+                "value": true
+              },
+              {
+                "id": "displayName",
+                "value": "Repository/Image: Tag"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #A"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "High"
+              },
+              {
+                "id": "unit",
+                "value": "none"
+              },
+              {
+                "id": "custom.cellOptions",
+                "value": {
+                  "type": "color-text"
+                }
+              },
+              {
+                "id": "color"
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "red",
+                      "value": 1
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #B"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Medium"
+              },
+              {
+                "id": "unit",
+                "value": "none"
+              },
+              {
+                "id": "custom.cellOptions",
+                "value": {
+                  "type": "color-text"
+                }
+              },
+              {
+                "id": "thresholds",
+                "value": {
+                  "mode": "absolute",
+                  "steps": [
+                    {
+                      "color": "green",
+                      "value": null
+                    },
+                    {
+                      "color": "light-orange",
+                      "value": 1
+                    }
+                  ]
+                }
+              },
+              {
+                "id": "color"
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 5,
+        "x": 7,
+        "y": 14
+      },
+      "id": 33,
+      "links": [],
+      "options": {
+        "cellHeight": "sm",
+        "footer": {
+          "countRows": false,
+          "enablePagination": true,
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "showHeader": true
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "expr": "sum(nv_image_vulnerabilityHigh) by (name)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "expr": "sum(nv_image_vulnerabilityMedium) by (name)",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "intervalFactor": 2,
+          "legendFormat": "",
+          "refId": "B"
+        }
+      ],
+      "title": "Registry Images Vulnerabilities",
+      "transformations": [
+        {
+          "id": "merge",
+          "options": {
+            "reducers": []
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {
+              "Time": true
+            },
+            "indexByName": {},
+            "renameByName": {}
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "bytes"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byValue",
+              "options": {
+                "op": "gte",
+                "reducer": "allIsZero",
+                "value": 0
+              }
+            },
+            "properties": [
+              {
+                "id": "custom.hideFrom",
+                "value": {
+                  "legend": true,
+                  "tooltip": true,
+                  "viz": false
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byValue",
+              "options": {
+                "op": "gte",
+                "reducer": "allIsNull",
+                "value": 0
+              }
+            },
+            "properties": [
+              {
+                "id": "custom.hideFrom",
+                "value": {
+                  "legend": true,
+                  "tooltip": true,
+                  "viz": false
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 18
+      },
+      "id": 35,
+      "links": [],
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "multi",
+          "sort": "desc"
+        }
+      },
+      "pluginVersion": "10.2.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${datasource}"
+          },
+          "exemplar": true,
+          "expr": "max(nv_enforcer_memory) by (display)",
+          "format": "time_series",
+          "interval": "",
+          "intervalFactor": 1,
+          "legendFormat": "{{display}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Enforcer Memory Usage",
+      "type": "timeseries"
+    }
+  ],
+  "refresh": "15s",
+  "schemaVersion": 39,
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "current": {
+          "selected": false,
+          "text": "Prometheus",
+          "value": "prometheus"
+        },
+        "hide": 0,
+        "includeAll": false,
+        "label": "Data Source",
+        "multi": false,
+        "name": "datasource",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-5m",
+    "to": "now"
+  },
+  "timepicker": {
+    "hidden": false,
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "15s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h"
+    ],
+    "time_options": [
+      "5m",
+      "15m",
+      "1h",
+      "6h",
+      "12h",
+      "24h",
+      "2d",
+      "7d",
+      "30d"
+    ]
+  },
+  "timezone": "UTC",
+  "title": "NeuVector",
+  "uid": "nv_dashboard0001",
+  "version": 1,
+  "weekStart": ""
+}
\ No newline at end of file
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/questions.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/questions.yaml
new file mode 100644
index 0000000000..b8d51b3791
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/questions.yaml
@@ -0,0 +1,27 @@
+questions:
+#monitor configurations
+- variable: exporter.image.repository
+  default: "neuvector/prometheus-exporter"
+  description: exporter image repository
+  type: string
+  label: Exporter Image Path
+  group: "Container Images"
+- variable: exporter.image.tag
+  default: ""
+  description: image tag for exporter
+  type: string
+  label: exporter Image Tag
+  group: "Container Images"
+#controller crendential configuration
+- variable: exporter.CTRL_USERNAME
+  default: "admin"
+  description: Controller Username
+  type: string
+  label: Controller Username
+  group: "Controller Crendential"
+- variable: exporter.CTRL_PASSWORD
+  default: "admin"
+  description: Controller Password
+  type: string
+  label: Controller Password
+  group: "Controller Crendential"
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/templates/_helpers.tpl b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/_helpers.tpl
new file mode 100644
index 0000000000..5d21a18241
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/_helpers.tpl
@@ -0,0 +1,40 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/templates/dashboard.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/dashboard.yaml
new file mode 100644
index 0000000000..9a6840a4d8
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/dashboard.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.exporter.grafanaDashboard.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nv-grafana-dashboard
+  namespace: {{ .Values.exporter.grafanaDashboard.namespace | default .Release.Namespace }}
+  labels:
+    grafana_dashboard: "1"
+{{- if .Values.exporter.grafanaDashboard.labels }}
+    {{- toYaml .Values.exporter.grafanaDashboard.labels | nindent 4}}
+{{- end }}
+{{- if .Values.exporter.grafanaDashboard.annotations }}
+  annotations:
+    {{- toYaml .Values.exporter.grafanaDashboard.annotations | nindent 4}}
+{{- end }}
+data:
+  nv_dashboard.json: |
+{{ .Files.Get "dashboards/nv_dashboard.json" | indent 4 }}
+{{- end }}
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-deployment.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-deployment.yaml
new file mode 100644
index 0000000000..8309f8a412
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-deployment.yaml
@@ -0,0 +1,75 @@
+{{- if .Values.exporter.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: neuvector-prometheus-exporter-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neuvector-prometheus-exporter-pod
+  template:
+    metadata:
+      annotations:
+        prometheus.io/path: /metrics
+        prometheus.io/port: "8068"
+        prometheus.io/scrape: "true"
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      labels:
+        app: neuvector-prometheus-exporter-pod
+        release: {{ .Release.Name }}
+      {{- with .Values.exporter.podLabels }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+    {{- end }}
+    {{- if .Values.leastPrivilege }}
+      serviceAccountName: basic
+      serviceAccount: basic
+    {{- end }}
+      {{- with .Values.exporter.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: neuvector-prometheus-exporter-pod
+          {{ if eq .Values.registry "registry.neuvector.com" }}
+          {{ if .Values.oem }}
+          image: "{{ .Values.registry }}/{{ .Values.oem }}/prometheus-exporter:{{ .Values.exporter.image.tag }}"
+          {{- else }}
+          image: "{{ .Values.registry }}/prometheus-exporter:{{ .Values.exporter.image.tag }}"
+          {{- end }}
+          {{- else }}
+          image: {{ template "system_default_registry" . }}{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
+          {{- end }}
+          imagePullPolicy: Always
+          {{- with .Values.exporter.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          env:
+            - name: CTRL_API_SERVICE
+              value: {{ .Values.exporter.apiSvc }}
+            - name: EXPORTER_PORT
+              value: "8068"
+            {{- if .Values.exporter.enforcerStats.enabled }}
+            - name: ENFORCER_STATS
+              value: "{{.Values.exporter.enforcerStats.enabled | default "false"}}"
+            {{- end }}
+          envFrom:
+            - secretRef:
+            {{- if .Values.exporter.ctrlSecretName }}
+                name: {{ .Values.exporter.ctrlSecretName }}
+            {{ else }}
+                name: neuvector-prometheus-exporter-pod-secret
+            {{- end }}
+      restartPolicy: Always
+{{- end }}
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-service.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-service.yaml
new file mode 100644
index 0000000000..9d15b115e1
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-service.yaml
@@ -0,0 +1,29 @@
+{{- if and .Values.exporter.enabled .Values.exporter.svc.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-prometheus-exporter
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.exporter.svc.annotations }}
+  annotations:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    app: neuvector-prometheus-exporter
+spec:
+  type: {{ .Values.exporter.svc.type }}
+  {{- if and .Values.exporter.svc.loadBalancerIP (eq .Values.exporter.svc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.exporter.svc.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: 8068
+      name: metrics
+      targetPort: 8068
+      protocol: TCP
+      appProtocol: http
+  selector:
+    app: neuvector-prometheus-exporter-pod
+{{- end }}
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-servicemonitor.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-servicemonitor.yaml
new file mode 100644
index 0000000000..25ca23d121
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/exporter-servicemonitor.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.exporter.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: neuvector-prometheus-exporter
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.exporter.serviceMonitor.annotations }}
+  annotations:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.exporter.serviceMonitor.labels }}
+    {{- toYaml .Values.exporter.serviceMonitor.labels | nindent 4}}
+{{- end }}
+spec:
+  selector:
+    matchLabels:
+      app: neuvector-prometheus-exporter
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  endpoints:
+    - port: metrics
+      {{- if .Values.exporter.serviceMonitor.interval }}
+      interval: {{ .Values.exporter.serviceMonitor.interval }}
+      {{- end }}
+      path: "/metrics"
+      {{- if .Values.exporter.serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+        {{- toYaml .Values.exporter.serviceMonitor.metricRelabelings | nindent 6 }}
+      {{- end }}
+      {{- if .Values.exporter.serviceMonitor.relabelings }}
+      relabelings:
+        {{- toYaml .Values.exporter.serviceMonitor.relabelings | nindent 6 }}
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/templates/secret.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/secret.yaml
new file mode 100644
index 0000000000..a751795995
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/templates/secret.yaml
@@ -0,0 +1,15 @@
+{{- if and (.Values.exporter.enabled) (not .Values.exporter.ctrlSecretName)  -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-prometheus-exporter-pod-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+  CTRL_USERNAME: {{ .Values.exporter.CTRL_USERNAME | b64enc | quote }}
+  CTRL_PASSWORD: {{ .Values.exporter.CTRL_PASSWORD | b64enc | quote }}
+{{- end }}
diff --git a/charts/neuvector-monitor/103.0.8+up2.8.4/values.yaml b/charts/neuvector-monitor/103.0.8+up2.8.4/values.yaml
new file mode 100644
index 0000000000..debfcc73bf
--- /dev/null
+++ b/charts/neuvector-monitor/103.0.8+up2.8.4/values.yaml
@@ -0,0 +1,59 @@
+# Default values for neuvector.
+# This is a YAML-formatted file.
+# Declare variables to be passed into the templates.
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+registry: docker.io
+oem: ''
+leastPrivilege: false
+
+exporter:
+  # If false, exporter will not be installed
+  enabled: true
+  image:
+    repository: rancher/neuvector-prometheus-exporter
+    tag: 1.0.1
+  # changes this to a readonly user !
+  CTRL_USERNAME: admin
+  CTRL_PASSWORD: admin
+  ctrlSercretName: ''
+  enforcerStats:
+    enabled: false
+  ctrlSecretName: ''
+  apiSvc: neuvector-svc-controller-api:10443
+  podLabels: {}
+  securityContext: {}
+  containerSecurityContext: {}
+
+  svc:
+    enabled: true
+    type: ClusterIP
+    loadBalancerIP: ''
+    annotations: {}
+      # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+      # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
+
+  grafanaDashboard:
+    enabled: false
+    namespace: "" # Release namespace, if empty
+    labels: {}
+    # annotations: {}
+      # k8s-sidecar-target-directory: /tmp/dashboards/neuvector
+
+  serviceMonitor:
+    enabled: false
+    # labels for the ServiceMonitor.
+    labels: {}
+    # annotations for the ServiceMonitor.
+    annotations: {}
+    # Scrape interval. If not set, the Prometheus default scrape interval is used.
+    interval: ""
+    # MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+    # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+    metricRelabelings: []
+    # RelabelConfigs to apply to samples before scraping
+    # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+    relabelings: []
diff --git a/charts/neuvector/103.0.8+up2.8.4/.helmignore b/charts/neuvector/103.0.8+up2.8.4/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/neuvector/103.0.8+up2.8.4/Chart.yaml b/charts/neuvector/103.0.8+up2.8.4/Chart.yaml
new file mode 100644
index 0000000000..ff2b4248c6
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/Chart.yaml
@@ -0,0 +1,27 @@
+annotations:
+  catalog.cattle.io/auto-install: neuvector-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: NeuVector
+  catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.33.0-0'
+  catalog.cattle.io/namespace: cattle-neuvector-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/provides-gvr: neuvector.com/v1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: neuvector
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/upstream-version: 2.8.4
+apiVersion: v1
+appVersion: 5.4.2
+description: Helm feature chart for NeuVector container security platform.
+home: https://neuvector.com
+icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+keywords:
+- security
+maintainers:
+- email: support@neuvector.com
+  name: becitsthere
+name: neuvector
+sources:
+- https://github.com/neuvector/neuvector
+version: 103.0.8+up2.8.4
diff --git a/charts/neuvector/103.0.8+up2.8.4/README.md b/charts/neuvector/103.0.8+up2.8.4/README.md
new file mode 100644
index 0000000000..6c823fee85
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/README.md
@@ -0,0 +1,309 @@
+# NeuVector Helm Chart
+
+Helm chart for NeuVector container security's core services.
+
+## Choosing container runtime
+Prior to 5.3 release, the user has to specify the correct container runtime type and its socket path. In 5.3.0 release, the enforcer is able to automatically detect the container runtime at its default socket location. The settings of docker/containerd/crio/k8s/bottlerocket become deprecated. If the container runtime socket is not at the default location, please specify it using 'runtimePath' field. In the meantime, the controller does not require the runtime socket to be mounted any more.
+
+## Configuration
+
+The following table lists the configurable parameters of the NeuVector chart and their default values.
+
+Parameter | Description | Default | Notes
+--------- | ----------- | ------- | -----
+`openshift` | If deploying in OpenShift, set this to true | `false` |
+`registry` | NeuVector container registry | `docker.io` |
+`tag` | image tag for controller enforcer manager | `latest` |
+`oem` | OEM release name | `nil` |
+`imagePullSecrets` | image pull secret | `nil` |
+`rbac` | NeuVector RBAC Manifests are installed when RBAC is enabled | `true` | Required for Rancher Authentication. |
+`psp` | NeuVector Pod Security Policy when psp policy is enabled | `false` |
+`serviceAccount` | Service account name for NeuVector components | `default` |
+`leastPrivilege` | Use least privileged service account | `false` |
+`bootstrapPassword` | Set password for admin user account if present | `false` | Random password generated if aws billing is enabled
+`autoGenerateCert` | Automatically generate certificate or not | `true` |
+`internal.certmanager.enabled` | cert-manager is installed for the internal certificates | `false` |
+`internal.certmanager.secretname` | Name of the secret to be used for the internal certificates | `neuvector-internal` |
+`internal.autoGenerateCert` | Automatically generate internal certificate or not | `true` |
+`internal.autoRotateCert` | Automatically rotate internal certificate or not | `false` |
+`defaultValidityPeriod` | The default validity period used for certs automatically generated (days) | `365` |
+`global.cattle.url` | Set the Rancher Server URL | | Required for Rancher Authentication. `https://<Rancher_URL>/` |
+`global.aws.enabled` | If true, install AWS billing csp adapter | `false` | **Note**: default admin user is disabled when aws market place billing enabled, use secret to create admin-role user to manage NeuVector deployment.
+`global.aws.accountNumber` | AWS Account Number | `nil` | Follow AWS subscription instruction
+`global.aws.roleName` | AWS Role name for billing | `nil` | Follow AWS subscription instruction
+`global.aws.serviceAccount` | Service account name for csp adapter | `csp` | Follow AWS subscription instruction
+`global.aws.imagePullSecrets` | Pull secret for csp adapter image | `nil` | Follow AWS subscription instruction
+`global.aws.image.repository` | csp adapter image repository | `neuvector/neuvector-csp-adapter` | Follow AWS subscription instruction
+`global.aws.image.tag` | csp adapter image tag | `latest` | Follow AWS subscription instruction
+`global.aws.image.digest` | csp adapter image digest | `nil` | Follow AWS subscription instruction
+`global.aws.image.imagePullPolicy` | csp adapter image pull policy | `IfNotPresent` | Follow AWS subscription instruction
+`global.azure.enabled` | If true, install Azure billing csp adapter | `false` | **Note**: default admin user is disabled when azure market place billing enabled, use secret to create admin-role user to manage NeuVector deployment.
+`global.azure.serviceAccount` | Service account name for csp adapter | `csp` | Follow Azure subscription instruction
+`global.azure.imagePullSecrets` | Pull secret for csp adapter image | `nil` | Follow Azure subscription instruction
+`global.azure.images.neuvector_csp_pod.registry` | csp adapter image registry | `susellcforazuremarketplace.azurecr.io` | Follow Azure subscription instruction
+`global.azure.images.neuvector_csp_pod.image` | csp adapter image repository | `neuvector-billing-azure-by-suse-llc` | Follow Azure subscription instruction
+`global.azure.images.neuvector_csp_pod.digest` | csp adapter image digest | `nil` | Follow Azure subscription instruction
+`global.azure.images.neuvector_csp_pod.imagePullPolicy` | csp adapter image pull policy | `IfNotPresent` | Follow Azure subscription instruction
+`controller.enabled` | If true, create controller | `true` |
+`controller.prime.enabled` | NeuVector prime deployment | `false` |
+`controller.image.repository` | controller image repository | `neuvector/controller` |
+`controller.image.hash` | controller image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`controller.replicas` | controller replicas | `3` |
+`controller.schedulerName` | kubernetes scheduler name | `nil` |
+`controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
+`controller.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
+`controller.tolerations` | List of node taints to tolerate | `nil` |
+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
+`controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`controller.podLabels` | Specify the pod labels. | `{}` |
+`controller.podAnnotations` | Specify the pod annotations. | `{}` |
+`controller.env` | User-defined environment variables for controller. | `[]` |
+`controller.ranchersso.enabled` | If true, enable single sign on for Rancher | `false` | Required for Rancher Authentication. |
+`controller.pvc.enabled` | If true, enable persistence for controller using PVC | `false` | Require persistent volume type RWX, and storage 1Gi
+`controller.pvc.accessModes` | Access modes for the created PVC. | `["ReadWriteMany"]` |
+`controller.pvc.existingClaim` | If `false`, a new PVC will be created. If a string is provided, an existing PVC with this name will be used. | `false` |
+`controller.pvc.storageClass` | Storage Class to be used | `default` |
+`controller.pvc.capacity` | Storage capacity | `1Gi` |
+`controller.searchRegistries` | Custom search registries for Admission control | `nil` |
+`controller.azureFileShare.enabled` | If true, enable the usage of an existing or statically provisioned Azure File Share | `false` |
+`controller.azureFileShare.secretName` | The name of the secret containing the Azure file share storage account name and key | `nil` |
+`controller.azureFileShare.shareName` | The name of the Azure file share to use | `nil` |
+`controller.apisvc.type` | Controller REST API service type | `nil` |
+`controller.apisvc.nodePort` | Controller REST API service NodePort number | `nil` |
+`controller.apisvc.annotations` | Add annotations to controller REST API service | `{}` |
+`controller.apisvc.route.enabled` | If true, create a OpenShift route to expose the Controller REST API service | `false` |
+`controller.apisvc.route.termination` | Specify TLS termination for OpenShift route for Controller REST API service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.apisvc.route.host` | Set controller REST API service hostname | `nil` |
+`controller.apisvc.route.tls.key` | Set controller REST API service PEM format key file | `nil` |
+`controller.apisvc.route.tls.certificate` | Set controller REST API service PEM format certificate file | `nil` |
+`controller.apisvc.route.tls.caCertificate` | Set controller REST API service CA certificate may be required to establish a certificate chain for validation | `nil` |
+`controller.apisvc.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate | `nil` |
+`controller.certificate.secret` | Replace controller REST API certificate using secret if secret name is specified | `nil` |
+`controller.certificate.keyFile` | Replace controller REST API certificate key file | `tls.key` |
+`controller.certificate.pemFile` | Replace controller REST API certificate pem file | `tls.pem` |
+`controller.federation.mastersvc.type` | Multi-cluster primary cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
+`controller.federation.mastersvc.loadBalancerIP` | Multi-cluster primary cluster service load balancer IP. If specified, the deployment must also specify controller.federation.mastersvc.type of LoadBalancer. | `nil` |
+`controller.federation.mastersvc.clusterIP` | Set clusterIP to be used for mastersvc | `nil` |
+`controller.federation.mastersvc.nodePort` | Define a nodePort for mastersvc | `nil` | Must be a valid NodePort (30000-32767)
+`controller.federation.mastersvc.externalTrafficPolicy` | Set externalTrafficPolicy to be used for mastersvc | `nil` |
+`controller.federation.mastersvc.internalTrafficPolicy` | Set internalTrafficPolicy to be used for mastersvc | `nil` |
+`controller.federation.mastersvc.annotations` | Add annotations to Multi-cluster primary cluster REST API service | `{}` |
+`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster primary cluster service | `false` |
+`controller.federation.mastersvc.route.host` | Set OpenShift route host for primary cluster service | `nil` |
+`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster primary cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.federation.mastersvc.route.tls.key` | Set PEM format key file for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.route.tls.certificate` | Set PEM format key certificate file for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.route.tls.destinationCACertificate` | Set CA certificate to validate the endpoint certificate for OpenShift route for Multi-cluster primary cluster service | `nil` |
+`controller.federation.mastersvc.ingress.enabled` | If true, create ingress for federation master service, must also set ingress host value | `false` | enable this if ingress controller is installed
+`controller.federation.mastersvc.ingress.tls` | If true, TLS is enabled for controller federation master ingress service |`false` | If set, the tls-host used is the one set with `controller.federation.mastersvc.ingress.host`.
+`controller.federation.mastersvc.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
+`controller.federation.managedsvc.loadBalancerIP` | Multi-cluster primary cluster service load balancer IP. If specified, the deployment must also specify controller.federation.mastersvc.type of LoadBalancer. | `nil` |
+`controller.federation.managedsvc.clusterIP` | Set clusterIP to be used for managedsvc | `nil` |
+`controller.federation.managedsvc.nodePort` | Define a nodePort for managedsvc | `nil` | Must be a valid NodePort (30000-32767)
+`controller.federation.managedsvc.externalTrafficPolicy` | Set externalTrafficPolicy to be used for managedsvc | `nil` |
+`controller.federation.managedsvc.internalTrafficPolicy` | Set internalTrafficPolicy to be used for managedsvc | `nil` |
+`controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
+`controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
+`controller.federation.managedsvc.route.host` | Set OpenShift route host for manageed service | `nil` |
+`controller.federation.managedsvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster managed cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.federation.managedsvc.route.tls.key` | Set PEM format key file for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.route.tls.certificate` | Set PEM format certificate file for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.route.tls.destinationCACertificate` | Set CA certificate to validate the endpoint certificate for OpenShift route for Multi-cluster managed cluster service | `nil` |
+`controller.federation.managedsvc.ingress.enabled` | If true, create ingress for federation managed service, must also set ingress host value | `false` | enable this if ingress controller is installed
+`controller.federation.managedsvc.ingress.tls` | If true, TLS is enabled for controller federation managed ingress service |`false` | If set, the tls-host used is the one set with `controller.federation.managedsvc.ingress.host`.
+`controller.federation.managedsvc.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
+`controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
+`controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`controller.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
+`controller.configmap.data` | NeuVector configuration in YAML format | `{}`
+`controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
+`controller.secret.data` | NeuVector configuration in key/value pair format | `{}`
+`controller.internal.certificate.secret` | Secret name to be used for custom controller internal certificate | `nil` |
+`controller.internal.certificate.keyFile` | Set PEM format key file for custom controller internal certificate | `tls.key` |
+`controller.internal.certificate.pemFile` | Set PEM format certificate file for custom controller internal certificate | `tls.crt` |
+`controller.internal.certificate.caFile` | Set CA certificate file for controller custom internal certificate | `ca.crt` |
+`controller.certupgrader.env` | User-defined environment variables. | `[]` |
+`controller.certupgrader.schedule` | cert upgrader schedule.  Leave empty to disable | `` |
+`controller.certupgrader.priorityClassName` | cert upgrader priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`controller.certupgrader.podLabels` | Specify the pod labels. | `{}` |
+`controller.certupgrader.podAnnotations` | Specify the pod annotations. | `{}` |
+`controller.certupgrader.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`controller.certupgrader.runAsUser` | Specify the run as User ID | `nil` |
+`enforcer.enabled` | If true, create enforcer | `true` |
+`enforcer.image.repository` | enforcer image repository | `neuvector/enforcer` |
+`enforcer.image.hash` | enforcer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`enforcer.updateStrategy.type` | enforcer update strategy type. | `RollingUpdate` |
+`enforcer.priorityClassName` | enforcer priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`enforcer.podLabels` | Specify the pod labels. | `{}` |
+`enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
+`enforcer.env` | User-defined environment variables for enforcers. | `[]` |
+`enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`enforcer.internal.certificate.secret` | Secret name to be used for custom enforcer internal certificate | `nil` |
+`enforcer.internal.certificate.keyFile` | Set PEM format key file for custom enforcer internal certificate | `tls.key` |
+`enforcer.internal.certificate.pemFile` | Set PEM format certificate file for custom enforcer internal certificate | `tls.crt` |
+`enforcer.internal.certificate.caFile` | Set CA certificate file for enforcer custom internal certificate | `ca.crt` |
+`manager.enabled` | If true, create manager | `true` |
+`manager.image.repository` | manager image repository | `neuvector/manager` |
+`manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`manager.priorityClassName` | manager priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`manager.podLabels` | Specify the pod labels. | `{}` |
+`manager.podAnnotations` | Specify the pod annotations. | `{}` |
+`manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` |
+`manager.env.envs` | Other environment variables. The following variables are accepted. | `[]` |
+`        CUSTOM_LOGIN_LOGO`               | SVG file encoded in based64, the logo is displayed as a 300 x 80 pixels icon. | 
+`        CUSTOM_EULA_POLICY`              | HTML or TEXT encoded in base64. | 
+`        CUSTOM_PAGE_HEADER_CONTENT`      | max. 120 characters, base64 encoded. | 
+`        CUSTOM_PAGE_HEADER_COLOR`        | use color name (yellow) or value (#ffff00) | 
+`        CUSTOM_PAGE_FOOTER_CONTENT`      | max. 120 characters, base64 encoded. | 
+`        CUSTOM_PAGE_FOOTER_COLOR`        | use color name (yellow) or value (#ffff00) | 
+`manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
+`manager.svc.nodePort` | set manager service NodePort number |  `nil` |
+`manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
+`manager.route.host` | Set OpenShift route host for management console service | `nil` |
+`manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
+`manager.route.tls.key` | Set PEM format key file for OpenShift route for management console service | `nil` |
+`manager.route.tls.certificate` | Set PEM format certificate file for OpenShift route for management console service | `nil` |
+`manager.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for management console service | `nil` |
+`manager.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate for OpenShift route for management console service | `nil` |
+`manager.certificate.secret` | Replace manager UI certificate using secret if secret name is specified | `nil` |
+`manager.certificate.keyFile` | Replace manager UI certificate key file | `tls.key` |
+`manager.certificate.pemFile` | Replace manager UI certificate pem file | `tls.pem` |
+`manager.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed
+`manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
+`manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`manager.affinity` | manager affinity rules  | `{}` |
+`manager.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
+`manager.tolerations` | List of node taints to tolerate | `nil` |
+`manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`manager.runAsUser` | Specify the run as User ID | `nil` |
+`manager.probes.enabled` | enabled startup, liveness and readiness probes | 1 |
+`manager.probes.timeout` | timeout for startup, liveness and readiness probes | 1 |
+`manager.probes.periodSeconds` | periodSeconds for startup, liveness and readiness probes | 10 |
+`manager.probes.startupFailureThreshold` | failure threshold for startup probe | 30 |
+`cve.adapter.enabled` | If true, create registry adapter | `true` |
+`cve.adapter.image.repository` | registry adapter image repository | `neuvector/registry-adapter` |
+`cve.adapter.image.tag` | registry adapter image tag | |
+`cve.adapter.image.hash` | registry adapter image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`cve.adapter.priorityClassName` | registry adapter priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`cve.adapter.podLabels` | Specify the pod labels. | `{}` |
+`cve.adapter.podAnnotations` | Specify the pod annotations. | `{}` |
+`cve.adapter.env` | User-defined environment variables for adapter. | `[]` |
+`cve.adapter.svc.type` | set registry adapter service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
+`cve.adapter.svc.loadBalancerIP` | if registry adapter service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
+`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`cve.adapter.harbor.protocol` | Harbor registry request protocol [http|https] | `https` |
+`cve.adapter.harbor.secretName` | Harbor registry adapter's basic authentication secret | |
+`cve.adapter.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
+`cve.adapter.route.host` | Set OpenShift route host for management console service | `nil` |
+`cve.adapter.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
+`cve.adapter.route.tls.key` | Set PEM format key file for OpenShift route for management console service | `nil` |
+`cve.adapter.route.tls.certificate` | Set PEM format certificate file for OpenShift route for management console service | `nil` |
+`cve.adapter.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for management console service | `nil` |
+`cve.adapter.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate for OpenShift route for management console service | `nil` |
+`cve.adapter.certificate.secret` | Replace registry adapter certificate using secret if secret name is specified | `nil` |
+`cve.adapter.certificate.keyFile` | Replace registry adapter certificate key file | `tls.key` |
+`cve.adapter.certificate.pemFile` | Replace registry adapter certificate crt file | `tls.crt` |
+`cve.adapter.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed
+`cve.adapter.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+`cve.adapter.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
+`cve.adapter.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
+`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`cve.adapter.ingress.tls` | If true, TLS is enabled for registry adapter ingress service |`false` | If set, the tls-host used is the one set with `cve.adapter.ingress.host`.
+`cve.adapter.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`cve.adapter.affinity` | registry adapter affinity rules  | `{}` |
+`cve.adapter.tolerations` | List of node taints to tolerate | `nil` |
+`cve.adapter.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`cve.adapter.runAsUser` | Specify the run as User ID | `nil` |
+`cve.adapter.internal.certificate.secret` | Secret name to be used for custom registry adapter internal certificate | `nil` |
+`cve.adapter.internal.certificate.keyFile` | Set PEM format key file for custom registry adapter internal certificate | `tls.key` |
+`cve.adapter.internal.certificate.pemFile` | Set PEM format certificate file for custom registry adapter internal certificate | `tls.crt` |
+`cve.adapter.internal.certificate.caFile` | Set CA certificate file for registry adapter custom internal certificate | `ca.crt` |
+`cve.updater.enabled` | If true, create cve updater | `true` |
+`cve.updater.secure` | If true, API server's certificate is validated  | `false` |
+`cve.updater.cacert` | If set, use this ca file to validate API server's certificate  | `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` |
+`cve.updater.image.registry` | cve updater image registry to overwrite global registry | |
+`cve.updater.image.repository` | cve updater image repository | `neuvector/updater` |
+`cve.updater.image.tag` | image tag for cve updater | `latest` |
+`cve.updater.image.hash` | cve updateer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`cve.updater.priorityClassName` | cve updater priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`cve.updater.resources` | Add resources requests and limits to updater cronjob | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml)
+`cve.updater.podLabels` | Specify the pod labels. | `{}` |
+`cve.updater.podAnnotations` | Specify the pod annotations. | `{}` |
+`cve.updater.schedule` | cronjob cve updater schedule | `0 0 * * *` |
+`cve.updater.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`cve.updater.runAsUser` | Specify the run as User ID | `nil` |
+`cve.scanner.enabled` | If true, cve scanners will be deployed | `true` |
+`cve.scanner.image.registry` | cve scanner image registry to overwrite global registry | |
+`cve.scanner.image.repository` | cve scanner image repository | `neuvector/scanner` |
+`cve.scanner.image.tag` | cve scanner image tag | `latest` |
+`cve.scanner.image.hash` | cve scanner image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+`cve.scanner.priorityClassName` | cve scanner priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+`cve.scanner.podLabels` | Specify the pod labels. | `{}` |
+`cve.scanner.podAnnotations` | Specify the pod annotations. | `{}` |
+`cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
+`cve.scanner.replicas` | external scanner replicas | `3` |
+`cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.8.4/charts/core/values.yaml) |
+`cve.scanner.affinity` | scanner affinity rules  | `{}` |
+`cve.scanner.topologySpreadConstraints` | List of constraints to control Pods spread across the cluster | `nil` |
+`cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
+`cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+`cve.scanner.runAsUser` | Specify the run as User ID | `nil` |
+`cve.scanner.internal.certificate.secret` | Secret name to be used for custom scanner internal certificate | `nil` |
+`cve.scanner.internal.certificate.keyFile` | Set PEM format key file for custom scanner internal certificate | `tls.key` |
+`cve.scanner.internal.certificate.pemFile` | Set PEM format certificate file for custom scanner internal certificate | `tls.crt` |
+`cve.scanner.internal.certificate.caFile` | Set CA certificate file for scanner custom internal certificate | `ca.crt` |
+`runtimePath` | container runtime socket path, if it's not at the default location. | `` |
+`docker.path` | docker path | `/var/run/docker.sock` | Deprecated in 5.3.0
+`containerd.enabled` | Set to true, if the container runtime is containerd | `false` | Deprecated in 5.3.0. Prior to 5.3.0, for k3s and rke clusters, set k3s.enabled to true instead
+`containerd.path` | If containerd is enabled, this local containerd socket path will be used | `/var/run/containerd/containerd.sock` | Deprecated in 5.3.0.
+`crio.enabled` | Set to true, if the container runtime is cri-o | `false` | Deprecated in 5.3.0.
+`crio.path` | If cri-o is enabled, this local cri-o socket path will be used | `/var/run/crio/crio.sock` | Deprecated in 5.3.0.
+`k3s.enabled` | Set to true for k3s or rke2 | `false` | Deprecated in 5.3.0.
+`k3s.runtimePath` | If k3s is enabled, this local containerd socket path will be used | `/run/k3s/containerd/containerd.sock` | Deprecated in 5.3.0.
+`bottlerocket.enabled` | Set to true if using AWS bottlerocket | `false` | Deprecated in 5.3.0.
+`bottlerocket.runtimePath` | If bottlerocket is enabled, this local containerd socket path will be used | `/run/dockershim.sock` | Deprecated in 5.3.0.
+`admissionwebhook.type` | admission webhook type | `ClusterIP` |
+`crdwebhooksvc.enabled` | Enable crd service | `true` |
+`crdwebhook.enabled` | Create crd resources | `true` |
+`crdwebhook.type` | crd webhook type | `ClusterIP` |
+`lease.enabled` | Create lease object or not | `true` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install my-release --namespace neuvector ./neuvector-helm/ --set manager.env.ssl=off
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install my-release --namespace neuvector ./neuvector-helm/ -f values.yaml
+```
diff --git a/charts/neuvector/103.0.8+up2.8.4/app-readme.md b/charts/neuvector/103.0.8+up2.8.4/app-readme.md
new file mode 100644
index 0000000000..caddee8a85
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/app-readme.md
@@ -0,0 +1,35 @@
+### Run-Time Protection Without Compromise
+
+NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform.
+
+NeuVector integrates tightly with Rancher and Kubernetes to extend the built-in security features for applications that require defense in depth. Security features include:
+
++ Build phase vulnerability scanning with Jenkins plug-in and registry scanning
++ Admission control to prevent vulnerable or unauthorized image deployments using Kubernetes admission control webhooks
++ Complete run-time scanning with network, process, and file system monitoring and protection
++ The industry's only layer 7 container firewall for multi-protocol threat detection and automated segmentation
++ Advanced network controls including DLP detection, service mesh integration, connection blocking and packet captures
++ Run-time vulnerability scanning and CIS benchmarks
+
+Additional Notes:
++ Previous deployments from Rancher, such as from our Partners chart repository or the primary NeuVector Helm chart, must be completely removed in order to update to the new integrated feature chart. See https://github.com/rancher/rancher/issues/37447.
++ Container runtime and runtime path are auto detected in NeuVector 5.3.0 version. If the socket path is not at the default location, use runtimePath in values.yaml to specify the location.
++ For deploying on hardened RKE2 and K3s clusters, enable PSP and set user id from other configuration for Manager, Scanner and Updater deployments. User id can be any number other than 0.
++ For deploying on hardened RKE cluster, enable PSP from security settings.
+
+## Upgrading to Kubernetes v1.25+
+
+Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API.
+
+As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`.
+ **Note:**
+ In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`.
+
+ **Note:**
+ If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).**
+
+ If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets.
+
+Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart.
+
+As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.
diff --git a/charts/neuvector/103.0.8+up2.8.4/crds/_helpers.tpl b/charts/neuvector/103.0.8+up2.8.4/crds/_helpers.tpl
new file mode 100644
index 0000000000..c0cc49294e
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/crds/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/neuvector/103.0.8+up2.8.4/questions.yaml b/charts/neuvector/103.0.8+up2.8.4/questions.yaml
new file mode 100644
index 0000000000..29668b2bf1
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/questions.yaml
@@ -0,0 +1,283 @@
+questions:
+#image configurations
+- variable: controller.image.repository
+  default: "neuvector/controller"
+  description: controller image repository
+  type: string
+  label: Controller Image Path
+  group: "Container Images"
+- variable: controller.image.tag
+  default: ""
+  description: image tag for controller
+  type: string
+  label: Controller Image Tag
+  group: "Container Images"
+- variable: manager.image.repository
+  default: "neuvector/manager"
+  description: manager image repository
+  type: string
+  label: Manager Image Path
+  group: "Container Images"
+- variable:  manager.image.tag
+  default: ""
+  description: image tag for  manager
+  type: string
+  label: Manager Image Tag
+  group: "Container Images"
+- variable: enforcer.image.repository
+  default: "neuvector/enforcer"
+  description: enforcer image repository
+  type: string
+  label: Enforcer Image Path
+  group: "Container Images"
+- variable: enforcer.image.tag
+  default: ""
+  description: image tag for enforcer
+  type: string
+  label: Enforcer Image Tag
+  group: "Container Images"
+- variable: cve.scanner.image.repository
+  default: "neuvector/scanner"
+  description: scanner image repository
+  type: string
+  label: Scanner Image Path
+  group: "Container Images"
+- variable: cve.scanner.image.tag
+  default: ""
+  description: image tag for scanner
+  type: string
+  label: Scanner Image Tag
+  group: "Container Images"
+- variable: cve.updater.image.repository
+  default: "neuvector/updater"
+  description: cve updater image repository
+  type: string
+  label: CVE Updater Image Path
+  group: "Container Images"
+- variable: cve.updater.image.tag
+  default: ""
+  description: image tag for updater
+  type: string
+  label: Updater Image Tag
+  group: "Container Images"
+#storage configurations
+- variable: controller.pvc.enabled
+  default: false
+  description: If true, enable persistence for controller using PVC. PVC should support ReadWriteMany(RWX)
+  type: boolean
+  label: PVC Status
+  group: "PVC Configuration"
+- variable: controller.pvc.storageClass
+  default: ""
+  description: Storage Class to be used
+  type: string
+  label: Storage Class Name
+  group: "PVC Configuration"
+#ingress configurations
+- variable: manager.ingress.enabled
+  default: false
+  description: If true, create ingress, must also set ingress host value
+  type: boolean
+  label: Manager Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: manager.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Manager Ingress Host
+    group: "Ingress Configuration"
+  - variable: manager.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Manager Ingress Path
+    group: "Ingress Configuration"
+  - variable: manager.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Manager Ingress Annotations
+    group: "Ingress Configuration"
+- variable: controller.ingress.enabled
+  default: false
+  description: If true, create ingress for rest api, must also set ingress host value
+  type: boolean
+  label: Controller Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: controller.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Controller Ingress Host
+    group: "Ingress Configuration"
+  - variable: controller.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Controller Ingress Path
+    group: "Ingress Configuration"
+  - variable: controller.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Controller Ingress Annotations
+    group: "Ingress Configuration"
+- variable: controller.federation.mastersvc.ingress.enabled
+  default: false
+  description: If true, create ingress for rest api, must also set ingress host value
+  type: boolean
+  label: Controller Federation Master Service Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: controller.federation.mastersvc.ingress.tls
+    default: false
+    description: If true, TLS is enabled for controller federation master ingress service
+    type: boolean
+    label: Controller Federation Master Service Ingress TLS Status
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Controller Federation Master Service Ingress Host
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Controller Federation Master Service Ingress Path
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.ingressClassName
+    default: ""
+    description: To be used instead of the ingress.class annotation if an IngressClass is provisioned
+    type: string
+    label: Controller Federation Master Service Ingress IngressClassName
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.secretName
+    default: ""
+    description: Name of the secret to be used for TLS-encryption
+    type: string
+    label: Controller Federation Master Service Ingress SecretName
+    group: "Ingress Configuration"
+  - variable: controller.federation.mastersvc.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Controller Federation Master Service Ingress Annotations
+    group: "Ingress Configuration"
+- variable: controller.federation.managedsvc.ingress.enabled
+  default: false
+  description: If true, create ingress for rest api, must also set ingress host value
+  type: boolean
+  label: Controller Federation Managed Service Ingress Status
+  group: "Ingress Configuration"
+  show_subquestion_if: true
+  subquestions:
+  - variable: controller.federation.managedsvc.ingress.tls
+    default: false
+    description: If true, TLS is enabled for controller federation managed ingress service
+    type: boolean
+    label: Controller Federation Managed Service Ingress TLS Status
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.host
+    default: ""
+    description: Must set this host value if ingress is enabled
+    type: string
+    label: Controller Federation Managed Service Ingress Host
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.path
+    default: "/"
+    description: Set ingress path
+    type: string
+    label: Controller Federation Managed Service Ingress Path
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.ingressClassName
+    default: ""
+    description: To be used instead of the ingress.class annotation if an IngressClass is provisioned
+    type: string
+    label: Controller Federation Managed Service Ingress IngressClassName
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.secretName
+    default: ""
+    description: Name of the secret to be used for TLS-encryption
+    type: string
+    label: Controller Federation Managed Service Ingress SecretName
+    group: "Ingress Configuration"
+  - variable: controller.federation.managedsvc.ingress.annotations
+    default: "{}"
+    description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation
+    type: string
+    label: Controller Federation Managed Service Ingress Annotations
+    group: "Ingress Configuration"
+#service configurations
+- variable: manager.svc.type
+  default: "NodePort"
+  description: Set manager service type for native Kubernetes
+  type: enum
+  label: Manager Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+- variable: controller.federation.mastersvc.type
+  default: ""
+  description: Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP
+  type: enum
+  label: Fed Master Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+- variable: controller.federation.managedsvc.type
+  default: ""
+  description: Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and ClusterIP
+  type: enum
+  label: Fed Managed Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+- variable: controller.apisvc.type
+  default: "NodePort"
+  description: Controller REST API service type
+  type: enum
+  label: Controller REST API Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+#Security Settings
+- variable: global.cattle.psp.enabled
+  default: "false"
+  description: "Flag to enable or disable the installation of PodSecurityPolicies by this chart in the target cluster. If the cluster is running Kubernetes 1.25+, you must update this value to false."
+  label: "Enable PodSecurityPolicies"
+  default: "false"
+  type: boolean
+  group: "Security Settings"
+- variable: manager.runAsUser
+  default: ""
+  description: Specify the run as User ID
+  type: int
+  label: Manager runAsUser ID
+  group: "Security Settings"
+- variable: cve.scanner.runAsUser
+  default: ""
+  description: Specify the run as User ID
+  type: int
+  label: Scanner runAsUser ID
+  group: "Security Settings"
+- variable: cve.updater.runAsUser
+  default: ""
+  description: Specify the run as User ID
+  type: int
+  label: Updater runAsUser ID
+  group: "Security Settings"
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/NOTES.txt b/charts/neuvector/103.0.8+up2.8.4/templates/NOTES.txt
new file mode 100644
index 0000000000..72068f7071
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/NOTES.txt
@@ -0,0 +1,25 @@
+{{- if and .Values.manager.enabled .Values.manager.ingress.enabled }}
+From outside the cluster, the NeuVector URL is:
+http://{{ .Values.manager.ingress.host }}
+{{- else if and .Values.manager.enabled .Values.manager.ingress.enabled .Values.manager.ingress.tls}}
+From outside the cluster, the NeuVector URL is:
+https://{{ .Values.manager.ingress.host }}
+{{- else if not .Values.openshift }}
+Get the NeuVector URL by running these commands:
+{{- if contains "NodePort" .Values.manager.svc.type }}
+  NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services neuvector-service-webui)
+  NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo https://$NODE_IP:$NODE_PORT
+{{- else if contains "ClusterIP" .Values.manager.svc.type }}
+  CLUSTER_IP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.clusterIP}" services neuvector-service-webui)
+  echo https://$CLUSTER_IP:8443
+{{- else if contains "LoadBalancer" .Values.manager.svc.type }}
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w neuvector-service-webui'
+
+  SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} neuvector-service-webui -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
+  echo https://$SERVICE_IP:8443
+{{- end }}
+{{- end }}
+
+
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/_helpers.tpl b/charts/neuvector/103.0.8+up2.8.4/templates/_helpers.tpl
new file mode 100644
index 0000000000..4a5e4f17ae
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/_helpers.tpl
@@ -0,0 +1,61 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "neuvector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "neuvector.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "neuvector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Lookup secret.
+*/}}
+{{- define "neuvector.secrets.lookup" -}}
+{{- $value := "" -}}
+{{- $secretData := (lookup "v1" "Secret" .namespace .secret).data  -}}
+{{- if and $secretData (hasKey $secretData .key) -}}
+  {{- $value = index $secretData .key -}}
+{{- else if .defaultValue -}}
+  {{- $value = .defaultValue | toString | b64enc -}}
+{{- end -}}
+{{- if $value -}}
+{{- printf "%s" $value -}}
+{{- end -}}
+{{- end -}}
+
+
+{{- define "neuvector.controller.image" -}}
+{{- printf "%s/%s:%s" .Values.registry .Values.controller.image.repository .Values.tag }}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/admission-webhook-service.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/admission-webhook-service.yaml
new file mode 100644
index 0000000000..6a1bfa63f0
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/admission-webhook-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-admission-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  ports:
+    - port: 443
+      targetPort: 20443
+      protocol: TCP
+      name: admission-webhook
+  type: {{ .Values.admissionwebhook.type }}
+  selector:
+    app: neuvector-controller-pod
\ No newline at end of file
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/bootstrap-secret.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/bootstrap-secret.yaml
new file mode 100644
index 0000000000..7e275eaa6b
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/bootstrap-secret.yaml
@@ -0,0 +1,16 @@
+{{/* Use the bootstrap password from values.yaml or random value*/}}
+{{- $bootstrapPassword := .Values.bootstrapPassword -}}
+{{/* If a bootstrap password was found in the values or AWS is enabled */}}
+{{- if $bootstrapPassword }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "neuvector-bootstrap-secret"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  bootstrapPassword: {{ $bootstrapPassword | b64enc |quote }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/cert-manager-secret.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/cert-manager-secret.yaml
new file mode 100644
index 0000000000..3692886b4c
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/cert-manager-secret.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.internal.certmanager.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ .Values.internal.certmanager.secretname }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.internal.certmanager.secretname }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  duration: 17520h # 2 years
+  subject:
+    organizations:
+      - NeuVector
+  isCA: true
+  commonName: neuvector.internal
+  dnsNames:
+  - neuvector.internal
+  - NeuVector
+  secretName: {{ .Values.internal.certmanager.secretname }}
+  usages:
+  - digital signature
+  - key encipherment
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: {{ .Values.internal.certmanager.secretname }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/clusterrole.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/clusterrole.yaml
new file mode 100644
index 0000000000..49228b70c3
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/clusterrole.yaml
@@ -0,0 +1,117 @@
+{{- if .Values.rbac -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-app
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - pods
+  - services
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-rbac
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+{{- if .Values.openshift }}
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  verbs:
+  - get
+  - list
+  - watch
+{{- end }}
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  - clusterrolebindings
+  - clusterroles
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-admission
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-co
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusteroperators
+  verbs:
+  - get
+  - list
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding-least.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding-least.yaml
new file mode 100644
index 0000000000..edb1007fd5
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding-least.yaml
@@ -0,0 +1,145 @@
+{{- if and .Values.rbac .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-app
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-app
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-rbac
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-rbac
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-admission
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-admission
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-view
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: view
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-co
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: neuvector-binding-co
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..4ea258c099
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/clusterrolebinding.yaml
@@ -0,0 +1,142 @@
+{{- if and .Values.rbac (not .Values.leastPrivilege) -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-app
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-app
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-rbac
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-rbac
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-admission
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-admission
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-view
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: view
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-co
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: neuvector-binding-co
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/controller-deployment.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/controller-deployment.yaml
new file mode 100644
index 0000000000..dbc0c12b65
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/controller-deployment.yaml
@@ -0,0 +1,334 @@
+{{- $pre530 := false -}}
+{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+" .Values.tag }}
+{{- $pre530 = (semverCompare "<5.2.10-0" .Values.tag) -}}
+{{- end }}
+{{- $pre540 := false -}}                                                
+{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+" .Values.tag }}               
+{{- $pre540 = (semverCompare "<5.3.10-0" .Values.tag) -}}                  
+{{- end }}    
+{{- if .Values.controller.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-controller-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+{{- with .Values.controller.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  minReadySeconds: 60
+  strategy:
+{{ toYaml .Values.controller.strategy | indent 4 }}
+  selector:
+    matchLabels:
+      app: neuvector-controller-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-controller-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.controller.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- if .Values.controller.secret.enabled }}
+        checksum/init-secret: {{ include (print $.Template.BasePath "/init-secret.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.controller.configmap.enabled }}
+        checksum/init-configmap: {{ include (print $.Template.BasePath "/init-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.controller.certificate.key .Values.controller.certificate.certificate) }}
+        checksum/controller-secret: {{ include (print $.Template.BasePath "/controller-secret.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.controller.podAnnotations }}
+        {{- toYaml .Values.controller.podAnnotations | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- if .Values.controller.affinity }}
+      affinity:
+{{ toYaml .Values.controller.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml .Values.controller.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.controller.topologySpreadConstraints | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.controller.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.controller.schedulerName }}
+      schedulerName: {{ .Values.controller.schedulerName }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: controller
+      serviceAccount: controller
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      initContainers:
+      {{- if or .Values.internal.certmanager.enabled .Values.controller.internal.certificate.secret }}
+      {{- else if and .Values.internal.autoGenerateCert (not $pre540) }}
+        - name: init
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+          command: ["/usr/local/bin/upgrader", "create-upgrader-job" ]
+          imagePullPolicy: {{ .Values.controller.certupgrader.imagePullPolicy }}
+          env:
+            - name: OVERRIDE_CHECKSUM
+              value: {{ dict "image" (include "neuvector.controller.image" .) "internal" .Values.internal "certupgrader" .Values.controller.certupgrader | toJson | sha256sum }}
+          {{- with .Values.controller.certupgrader.env }}
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- end }}
+      {{- if  .Values.controller.prime.enabled }}
+        - name: prime-config-container
+          {{- if .Values.controller.prime.image.hash }}
+          image: "{{ .Values.registry }}/{{ .Values.controller.prime.image.repository }}@{{ .Values.controller.prime.image.hash }}"
+          {{- else }}
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.prime.image.repository }}:{{ .Values.controller.prime.image.tag }}
+          {{- end }}
+          imagePullPolicy: Always
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+          - mountPath: /usr/share
+            name: prime-config
+      {{- end }}
+      containers:
+        - name: neuvector-controller-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+          {{- if $pre530 }}
+          securityContext:
+            privileged: true
+          {{- else }}
+          securityContext:
+            runAsUser: 0
+          {{- end }}
+          resources:
+          {{- if .Values.controller.resources }}
+{{ toYaml .Values.controller.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+          readinessProbe:
+            exec:
+              command:
+                - cat
+                - /tmp/ready
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            - name: CLUSTER_ADVERTISED_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: CLUSTER_BIND_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          {{- if .Values.controller.ranchersso.enabled }}
+            - name: RANCHER_SSO
+              value: "1"
+            - name: RANCHER_EP
+              value: "{{ .Values.global.cattle.url }}"
+          {{- end }}
+          {{- if or .Values.controller.pvc.enabled .Values.controller.azureFileShare.enabled }}
+            - name: CTRL_PERSIST_CONFIG
+              value: "1"
+          {{- end }}
+          {{- if .Values.controller.searchRegistries }}
+            - name: CTRL_SEARCH_REGISTRIES
+              value: "{{ .Values.controller.searchRegistries }}"
+          {{- end }}
+          {{- if or .Values.internal.certmanager.enabled .Values.controller.internal.certificate.secret }}
+          {{- else if (and .Values.internal.autoGenerateCert (not $pre540))}}
+            - name: AUTO_INTERNAL_CERT
+              value: "1"
+          {{- end }}
+          {{- with .Values.controller.env }}
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+           {{- if or .Values.controller.pvc.enabled .Values.controller.azureFileShare.enabled }}
+            - mountPath: /var/neuvector
+              name: nv-share
+              readOnly: false
+          {{- end }}
+          {{- if $pre530 }}
+          {{- if .Values.containerd.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.k3s.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.bottlerocket.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.crio.enabled }}
+            - mountPath: /var/run/crio/crio.sock
+          {{- else }}
+            - mountPath: /var/run/docker.sock
+          {{- end }}
+              name: runtime-sock
+              readOnly: true
+            - mountPath: /host/proc
+              name: proc-vol
+              readOnly: true
+            - mountPath: /host/cgroup
+              name: cgroup-vol
+              readOnly: true
+          {{- end }}
+            - mountPath: /etc/config
+              name: config-volume
+              readOnly: true
+          {{- if .Values.controller.prime.enabled }}
+            - mountPath: /etc/neuvector/prime/compliance/
+              name: prime-config
+              readOnly: true
+          {{- end }}                
+          {{- if .Values.controller.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: {{ .Values.controller.certificate.keyFile }}
+              name: usercert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: {{ .Values.controller.certificate.pemFile }}
+              name: usercert
+              readOnly: true
+          {{- else if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.controller.certificate.key .Values.controller.certificate.certificate) }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: ssl-cert.key
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: ssl-cert.pem
+              name: cert
+              readOnly: true
+          {{- else }}
+          {{- end }}
+          {{- if or .Values.internal.certmanager.enabled .Values.controller.internal.certificate.secret }} 
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.controller.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.controller.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.controller.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+            - mountPath: /etc/neuvector/certs/internal/
+              name: internal-cert-dir
+          {{- end }}
+      terminationGracePeriodSeconds: 300
+      restartPolicy: Always
+      volumes:
+        {{- if or .Values.controller.pvc.enabled .Values.controller.azureFileShare.enabled }}
+        - name: nv-share
+        {{- if .Values.controller.pvc.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.controller.pvc.existingClaim | default "neuvector-data" }}
+        {{- else if .Values.controller.azureFileShare.enabled }}
+          azureFile:
+            secretName: {{ .Values.controller.azureFileShare.secretName }}
+            shareName: {{ .Values.controller.azureFileShare.shareName }}
+            readOnly: false
+        {{- end }}
+        {{- end }}
+        {{- if $pre530 }}
+        - name: runtime-sock
+          hostPath:
+          {{- if .Values.containerd.enabled }}
+            path: {{ .Values.containerd.path }}
+          {{- else if .Values.crio.enabled }}
+            path: {{ .Values.crio.path }}
+          {{- else if .Values.k3s.enabled }}
+            path: {{ .Values.k3s.runtimePath }}
+          {{- else if .Values.bottlerocket.enabled }}
+            path: {{ .Values.bottlerocket.runtimePath }}
+          {{- else }}
+            path: {{ .Values.docker.path }}
+          {{- end }}
+        - name: proc-vol
+          hostPath:
+            path: /proc
+        - name: cgroup-vol
+          hostPath:
+            path: /sys/fs/cgroup
+        {{- end }}
+        - name: config-volume
+          projected:
+            sources:
+              - configMap:
+                  name: neuvector-init
+                  optional: true
+              - secret:
+                  name: neuvector-init
+                  optional: true
+              - secret:
+                  name: neuvector-secret
+                  optional: true
+      {{- if .Values.controller.prime.enabled }}
+        - emptyDir: {}
+          name: prime-config
+      {{- end }}            
+      {{- if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.controller.certificate.key .Values.controller.certificate.certificate) }}
+        - name: cert
+          secret:
+            secretName: neuvector-controller-secret
+      {{- end }}
+      {{- if .Values.controller.certificate.secret }}
+        - name: usercert
+          secret:
+            secretName: {{ .Values.controller.certificate.secret }}
+      {{- end }}
+      {{- if or .Values.internal.certmanager.enabled .Values.controller.internal.certificate.secret }}
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.controller.internal.certificate.secret }}
+      {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+        - name: internal-cert-dir
+          emptyDir:
+            sizeLimit: 50Mi
+      {{- end }}
+{{- if gt (int .Values.controller.disruptionbudget) 0 }}
+---
+{{- if (semverCompare ">=1.21-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: policy/v1
+{{- else }}
+apiVersion: policy/v1beta1
+{{- end }}
+kind: PodDisruptionBudget
+metadata:
+  name: neuvector-controller-pdb
+  namespace: {{ .Release.Namespace }}
+spec:
+  minAvailable: {{ .Values.controller.disruptionbudget }}
+  selector:
+    matchLabels:
+      app: neuvector-controller-pod
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/controller-ingress.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/controller-ingress.yaml
new file mode 100644
index 0000000000..d8bcb32a14
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/controller-ingress.yaml
@@ -0,0 +1,213 @@
+{{- if .Values.controller.enabled }}
+{{- if .Values.controller.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-restapi-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.controller.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.controller.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.ingress.host }}
+{{- if .Values.controller.ingress.secretName }}
+    secretName: {{ .Values.controller.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-svc-controller-api
+            port:
+              number: 10443
+{{- else }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-restapi-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.ingress.host }}
+{{- if .Values.controller.ingress.secretName }}
+    secretName: {{ .Values.controller.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.ingress.path }}
+        backend:
+          serviceName: neuvector-svc-controller-api
+          servicePort: 10443
+{{- end }}
+{{- end }}
+{{- if .Values.controller.federation.mastersvc.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-mastersvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.mastersvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.federation.mastersvc.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.controller.federation.mastersvc.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.controller.federation.mastersvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.mastersvc.ingress.host }}
+{{- if .Values.controller.federation.mastersvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.mastersvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.mastersvc.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-svc-controller-fed-master
+            port:
+              number: 11443
+{{- else }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-mastersvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.mastersvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.federation.mastersvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.mastersvc.ingress.host }}
+{{- if .Values.controller.federation.mastersvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.mastersvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.mastersvc.ingress.path }}
+        backend:
+          serviceName: neuvector-svc-controller-fed-master
+          servicePort: 11443
+{{- end }}
+{{- end }}
+{{- if .Values.controller.federation.managedsvc.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-managedsvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.managedsvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.federation.managedsvc.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.controller.federation.managedsvc.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.controller.federation.managedsvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.managedsvc.ingress.host }}
+{{- if .Values.controller.federation.managedsvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.managedsvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.managedsvc.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-svc-controller-fed-managed
+            port:
+              number: 10443
+{{- else }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-managedsvc-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.managedsvc.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.federation.managedsvc.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.controller.federation.managedsvc.ingress.host }}
+{{- if .Values.controller.federation.managedsvc.ingress.secretName }}
+    secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.controller.federation.managedsvc.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.controller.federation.managedsvc.ingress.path }}
+        backend:
+          serviceName: neuvector-svc-controller-fed-managed
+          servicePort: 10443
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/controller-lease.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/controller-lease.yaml
new file mode 100644
index 0000000000..0c8fdb7154
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/controller-lease.yaml
@@ -0,0 +1,10 @@
+{{- if .Values.lease.enabled }}
+{{- if .Values.internal.autoGenerateCert }}
+apiVersion: coordination.k8s.io/v1
+kind: Lease
+metadata:
+  name: neuvector-controller
+spec:
+  leaseTransitions: 0
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/controller-route.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/controller-route.yaml
new file mode 100644
index 0000000000..b80816f139
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/controller-route.yaml
@@ -0,0 +1,95 @@
+{{- if .Values.openshift -}}
+{{- if .Values.controller.apisvc.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.apisvc.route.host }}
+  host: {{ .Values.controller.apisvc.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-svc-controller-api
+  port:
+    targetPort: controller-api
+  tls:
+    termination: {{ .Values.controller.apisvc.route.termination }}
+{{- if or (eq .Values.controller.apisvc.route.termination "reencrypt") (eq .Values.controller.apisvc.route.termination "edge") }}
+{{- with .Values.controller.apisvc.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+
+---
+{{ end -}}
+{{- if .Values.controller.federation.mastersvc.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-fed-master
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.federation.mastersvc.route.host }}
+  host: {{ .Values.controller.federation.mastersvc.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-svc-controller-fed-master
+  port:
+    targetPort: fed
+  tls:
+    termination: {{ .Values.controller.federation.mastersvc.route.termination }}
+{{- if or (eq .Values.controller.federation.mastersvc.route.termination "reencrypt") (eq .Values.controller.federation.mastersvc.route.termination "edge") }}
+{{- with .Values.controller.federation.mastersvc.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+---
+{{ end -}}
+{{- if .Values.controller.federation.managedsvc.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-fed-managed
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.federation.managedsvc.route.host }}
+  host: {{ .Values.controller.federation.managedsvc.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-svc-controller-fed-managed
+  port:
+    targetPort: fed
+  tls:
+    termination: {{ .Values.controller.federation.managedsvc.route.termination }}
+{{- if or (eq .Values.controller.federation.managedsvc.route.termination "reencrypt") (eq .Values.controller.federation.managedsvc.route.termination "edge") }}
+{{- with .Values.controller.federation.managedsvc.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+{{ end -}}
+{{- end -}}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/controller-secret.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/controller-secret.yaml
new file mode 100644
index 0000000000..fb743c249c
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/controller-secret.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.controller.enabled -}}
+{{- if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.controller.certificate.key .Values.controller.certificate.certificate) }}
+{{- $cert := (dict) }}
+{{- if and .Values.controller.certificate.key .Values.controller.certificate.certificate }}
+{{- $cert = (dict "Key" .Values.controller.certificate.key "Cert" .Values.controller.certificate.certificate ) }}
+{{- else }}
+{{- $cn := "neuvector" }}
+{{- $cert = genSelfSignedCert $cn nil (list $cn) (.Values.defaultValidityPeriod | int) -}}
+{{- end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-controller-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  ssl-cert.key: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-controller-secret" "key" "ssl-cert.key" "defaultValue" $cert.Key) }}
+  ssl-cert.pem: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-controller-secret" "key" "ssl-cert.pem" "defaultValue" $cert.Cert) }}
+{{- end}}
+---
+{{- if .Values.internal.certmanager.enabled }}
+{{- else if .Values.internal.autoGenerateCert }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-internal-certs
+type: Opaque
+{{- end}}
+{{- end}}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/controller-service.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/controller-service.yaml
new file mode 100644
index 0000000000..0dc6ab91ae
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/controller-service.yaml
@@ -0,0 +1,129 @@
+{{- if .Values.controller.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  clusterIP: None
+  ports:
+    - port: 18300
+      protocol: "TCP"
+      name: "cluster-tcp-18300"
+    - port: 18301
+      protocol: "TCP"
+      name: "cluster-tcp-18301"
+    - port: 18301
+      protocol: "UDP"
+      name: "cluster-udp-18301"
+  selector:
+    app: neuvector-controller-pod
+{{- if .Values.controller.apisvc.type }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller-api
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.apisvc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.controller.apisvc.type }}
+  ports:
+    - port: 10443
+      protocol: "TCP"
+{{- if .Values.controller.apisvc.nodePort }} 
+      nodePort: {{ .Values.controller.apisvc.nodePort }}
+{{- end }}        
+      name: "controller-api"
+      appProtocol: HTTPS
+  selector:
+    app: neuvector-controller-pod
+{{ end -}}
+{{- if .Values.controller.federation.mastersvc.type }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller-fed-master
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.mastersvc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.controller.federation.mastersvc.type }}
+{{- if and .Values.controller.federation.mastersvc.loadBalancerIP (eq .Values.controller.federation.mastersvc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.controller.federation.mastersvc.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.federation.mastersvc.clusterIP }}
+  clusterIP: {{ .Values.controller.federation.mastersvc.clusterIP }}
+{{- end }}
+{{- if .Values.controller.federation.mastersvc.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.controller.federation.mastersvc.externalTrafficPolicy }}
+{{- end }}
+{{- if .Values.controller.federation.mastersvc.internalTrafficPolicy }}
+  internalTrafficPolicy: {{ .Values.controller.federation.mastersvc.internalTrafficPolicy }}
+{{- end }}
+  ports:
+  - port: 11443
+    name: fed
+    protocol: TCP
+    appProtocol: HTTPS
+{{- if .Values.controller.federation.mastersvc.nodePort }}
+    nodePort: {{ .Values.controller.federation.mastersvc.nodePort }}
+{{- end }}
+  selector:
+    app: neuvector-controller-pod
+{{ end -}}
+{{- if .Values.controller.federation.managedsvc.type }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-controller-fed-managed
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller.federation.managedsvc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.controller.federation.managedsvc.type }}
+{{- if and .Values.controller.federation.managedsvc.loadBalancerIP (eq .Values.controller.federation.managedsvc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.controller.federation.managedsvc.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.federation.managedsvc.clusterIP }}
+  clusterIP: {{ .Values.controller.federation.managedsvc.clusterIP }}
+{{- end }}
+{{- if .Values.controller.federation.managedsvc.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.controller.federation.managedsvc.externalTrafficPolicy }}
+{{- end }}
+{{- if .Values.controller.federation.managedsvc.internalTrafficPolicy }}
+  internalTrafficPolicy: {{ .Values.controller.federation.managedsvc.internalTrafficPolicy }}
+{{- end }}
+  ports:
+  - port: 10443
+    name: fed
+    protocol: TCP
+    appProtocol: HTTPS
+{{- if .Values.controller.federation.managedsvc.nodePort }}
+    nodePort: {{ .Values.controller.federation.managedsvc.nodePort }}
+{{- end }}
+  selector:
+    app: neuvector-controller-pod
+{{ end -}}
+{{- end -}}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/crd-role-least.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/crd-role-least.yaml
new file mode 100644
index 0000000000..45222a48ea
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/crd-role-least.yaml
@@ -0,0 +1,403 @@
+{{- if .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+# ClusterRole for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - update
+  - watch
+  - create
+  - get
+
+---
+
+# ClusterRoleBinding for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-customresourcedefinition
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvsecurityrules
+  - nvclustersecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage dlp CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvdlpsecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRole for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvadmissioncontrolsecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvdlpsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvwafsecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvwafsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage compliance CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvcomplianceprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvcomplianceprofiles
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage compliance CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvcomplianceprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvcomplianceprofiles
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage vulnerability CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvvulnerabilityprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvvulnerabilityprofiles
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage vulnerability CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvvulnerabilityprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvvulnerabilityprofiles
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/crd-role.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/crd-role.yaml
new file mode 100644
index 0000000000..ffa029c469
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/crd-role.yaml
@@ -0,0 +1,403 @@
+{{- if not .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+# ClusterRole for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - update
+  - watch
+  - create
+  - get
+
+---
+
+# ClusterRoleBinding for NeuVector to operate CRD
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-customresourcedefinition
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-customresourcedefinition
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvsecurityrules
+  - nvclustersecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage network/process CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage dlp CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvdlpsecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRole for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvadmissioncontrolsecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvdlpsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvdlpsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRoleBinding for NeuVector to manage admission control CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvadmissioncontrolsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvwafsecurityrules
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage waf CRD rules
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvwafsecurityrules
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvwafsecurityrules
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage compliance CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvcomplianceprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvcomplianceprofiles
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage compliance CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvcomplianceprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvcomplianceprofiles
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+# ClusterRole for NeuVector to manage vulnerability CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRole
+metadata:
+  name: neuvector-binding-nvvulnerabilityprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - neuvector.com
+  resources:
+  - nvvulnerabilityprofiles
+  verbs:
+  - get
+  - list
+  - delete
+
+---
+
+# ClusterRoleBinding for NeuVector to manage vulnerability CRD profiles
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: neuvector-binding-nvvulnerabilityprofiles
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: neuvector-binding-nvvulnerabilityprofiles
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/crd-webhook-service.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/crd-webhook-service.yaml
new file mode 100644
index 0000000000..bcfcecdb8a
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/crd-webhook-service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.crdwebhooksvc.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-svc-crd-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  ports:
+    - port: 443
+      targetPort: 30443
+      protocol: TCP
+      name: crd-webhook
+  type: {{ .Values.crdwebhook.type }}
+  selector:
+    app: neuvector-controller-pod
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/enforcer-daemonset.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/enforcer-daemonset.yaml
new file mode 100644
index 0000000000..b5fae3c62a
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/enforcer-daemonset.yaml
@@ -0,0 +1,195 @@
+{{- $pre530 := false -}}
+{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+" .Values.tag }}
+{{- $pre530 = (semverCompare "<5.2.10-0" .Values.tag) -}}
+{{- end }}
+{{- $pre540 := false -}}                                                
+{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+" .Values.tag }}               
+{{- $pre540 = (semverCompare "<5.3.10-0" .Values.tag) -}}                  
+{{- end }}    
+{{- $runtimePath := "" -}}
+{{- if .Values.runtimePath }}
+{{- $runtimePath = .Values.runtimePath -}}
+{{- else if and .Values.k3s.enabled (ne .Values.k3s.runtimePath "/run/k3s/containerd/containerd.sock") }}
+{{- $runtimePath = .Values.k3s.runtimePath -}}
+{{- else if and .Values.bottlerocket.enabled (ne .Values.bottlerocket.runtimePath "/run/dockershim.sock") }}
+{{- $runtimePath = .Values.bottlerocket.runtimePath -}}
+{{- else if and .Values.containerd.enabled (ne .Values.containerd.path "/var/run/containerd/containerd.sock") }}
+{{- $runtimePath = .Values.containerd.path -}}
+{{- else if and .Values.crio.enabled (ne .Values.crio.path "/var/run/crio/crio.sock") }}
+{{- $runtimePath = .Values.crio.path -}}
+{{- else if ne .Values.docker.path "/var/run/docker.sock" }}
+{{- $runtimePath = .Values.docker.path -}}
+{{- end }}
+{{- if .Values.enforcer.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: DaemonSet
+metadata:
+  name: neuvector-enforcer-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  updateStrategy: {{- toYaml .Values.enforcer.updateStrategy | nindent 4 }}
+  selector:
+    matchLabels:
+      app: neuvector-enforcer-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-enforcer-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.enforcer.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.enforcer.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+    {{- end }}
+    {{- if .Values.enforcer.tolerations }}
+      tolerations:
+{{ toYaml .Values.enforcer.tolerations | indent 8 }}
+    {{- end }}
+      hostPID: true
+    {{- if .Values.enforcer.priorityClassName }}
+      priorityClassName: {{ .Values.enforcer.priorityClassName }}
+    {{- end }}
+    {{- if .Values.leastPrivilege }}
+      serviceAccountName: enforcer
+      serviceAccount: enforcer
+    {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+    {{- end }}
+      containers:
+        - name: neuvector-enforcer-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.enforcer.image.repository }}:{{ .Values.enforcer.image.tag }}
+          securityContext:
+            privileged: true
+          resources:
+          {{- if .Values.enforcer.resources }}
+{{ toYaml .Values.enforcer.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            - name: CLUSTER_ADVERTISED_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: CLUSTER_BIND_ADDR
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          {{- if or .Values.internal.certmanager.enabled .Values.enforcer.internal.certificate.secret }}
+          {{- else if (and .Values.internal.autoGenerateCert (not $pre540))}}
+            - name: AUTO_INTERNAL_CERT
+              value: "1"
+          {{- end }}
+          {{- with .Values.enforcer.env }}
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+          {{- if $pre530 }}
+          {{- if .Values.containerd.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.k3s.enabled }}
+            - mountPath: /run/containerd/containerd.sock
+          {{- else if .Values.bottlerocket.enabled }}
+            - mountPath: /var/run/containerd/containerd.sock
+          {{- else if .Values.crio.enabled }}
+            - mountPath: /var/run/crio/crio.sock
+          {{- else }}
+            - mountPath: /var/run/docker.sock
+          {{- end }}
+              name: runtime-sock
+              readOnly: true
+            - mountPath: /host/proc
+              name: proc-vol
+              readOnly: true
+            - mountPath: /host/cgroup
+              name: cgroup-vol
+              readOnly: true
+          {{- else if $runtimePath }}
+            - mountPath: /run/runtime.sock
+              name: runtime-sock
+              readOnly: true
+          {{- end }}
+            - mountPath: /lib/modules
+              name: modules-vol
+              readOnly: true
+            - mountPath: /var/nv_debug
+              name: nv-debug
+              readOnly: false
+          {{- if or .Values.internal.certmanager.enabled .Values.enforcer.internal.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.enforcer.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.enforcer.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.enforcer.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+            - mountPath: /etc/neuvector/certs/internal/
+              name: internal-cert-dir
+          {{- end }}
+      terminationGracePeriodSeconds: 1200
+      restartPolicy: Always
+      volumes:
+      {{- if $pre530 }}
+        - name: runtime-sock
+          hostPath:
+          {{- if .Values.containerd.enabled }}
+            path: {{ .Values.containerd.path }}
+          {{- else if .Values.crio.enabled }}
+            path: {{ .Values.crio.path }}
+          {{- else if .Values.k3s.enabled }}
+            path: {{ .Values.k3s.runtimePath }}
+          {{- else if .Values.bottlerocket.enabled }}
+            path: {{ .Values.bottlerocket.runtimePath }}
+          {{- else }}
+            path: {{ .Values.docker.path }}
+          {{- end }}
+        - name: proc-vol
+          hostPath:
+            path: /proc
+        - name: cgroup-vol
+          hostPath:
+            path: /sys/fs/cgroup
+      {{- else if $runtimePath }}
+        - name: runtime-sock
+          hostPath:
+            path: {{ $runtimePath }}
+      {{- end }}
+        - name: modules-vol
+          hostPath:
+            path: /lib/modules
+        - name: nv-debug
+          hostPath:
+            path: /var/nv_debug
+      {{- if or .Values.internal.certmanager.enabled .Values.enforcer.internal.certificate.secret }}
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.enforcer.internal.certificate.secret }}
+      {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+        - name: internal-cert-dir
+          emptyDir:
+            sizeLimit: 50Mi
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/init-configmap.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/init-configmap.yaml
new file mode 100644
index 0000000000..5c29ca2570
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/init-configmap.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.controller.configmap.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: neuvector-init
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+data:
+{{ toYaml .Values.controller.configmap.data | indent 2 }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/init-secret.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/init-secret.yaml
new file mode 100644
index 0000000000..d9b4676c5c
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/init-secret.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.controller.secret.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-init
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+data:
+{{- range $key, $val := .Values.controller.secret.data }}
+  {{ $key }}: | {{ toYaml $val | b64enc | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/manager-deployment.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/manager-deployment.yaml
new file mode 100644
index 0000000000..09d88fa1f0
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/manager-deployment.yaml
@@ -0,0 +1,164 @@
+{{- if .Values.manager.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-manager-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neuvector-manager-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-manager-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.manager.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.manager.certificate.key .Values.manager.certificate.certificate) }}
+        checksum/manager-secret: {{ include (print $.Template.BasePath "/manager-secret.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.manager.podAnnotations }}
+        {{- toYaml .Values.manager.podAnnotations | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- if .Values.manager.affinity }}
+      affinity:
+{{ toYaml .Values.manager.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.manager.tolerations }}
+      tolerations:
+{{ toYaml .Values.manager.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.manager.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.manager.topologySpreadConstraints | indent 8 }}
+      {{- end }}
+      {{- if .Values.manager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.manager.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.manager.priorityClassName }}
+      priorityClassName: {{ .Values.manager.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: basic
+      serviceAccount: basic
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      {{- if .Values.manager.runAsUser }}
+      securityContext:
+        runAsUser: {{ .Values.manager.runAsUser }}
+      {{- end }}
+      containers:
+        - name: neuvector-manager-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
+          ports:
+            - name: http
+              containerPort: 8443
+              protocol: TCP
+          env:
+            - name: CTRL_SERVER_IP
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            {{- if not .Values.manager.env.ssl }}
+            - name: MANAGER_SSL
+              value: "off"
+            {{- end }}
+            {{- with .Values.manager.env.envs }}
+{{- toYaml . | nindent 12 }}
+            {{- end }}
+          volumeMounts:
+          {{- if .Values.manager.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: {{ .Values.manager.certificate.keyFile }}
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: {{ .Values.manager.certificate.pemFile }}
+              name: cert
+              readOnly: true
+          {{- else if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.manager.certificate.key .Values.manager.certificate.certificate) }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: ssl-cert.key
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: ssl-cert.pem
+              name: cert
+              readOnly: true
+          {{- end }}
+          {{- if .Values.manager.probes.enabled }}
+          startupProbe:
+            httpGet:
+              path: /
+              port: 8443
+              {{- if .Values.manager.env.ssl }}
+              scheme: HTTPS
+              {{- else }}
+              scheme: HTTP
+              {{- end }}
+            timeoutSeconds: {{ .Values.manager.probes.timeout | default 1 }}
+            periodSeconds: {{ .Values.manager.probes.periodSeconds | default 10 }}
+            successThreshold: 1
+            failureThreshold: {{ .Values.manager.probes.startupFailureThreshold | default 30 }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 8443
+              {{- if .Values.manager.env.ssl }}
+              scheme: HTTPS
+              {{- else }}
+              scheme: HTTP
+              {{- end }}
+            timeoutSeconds: {{ .Values.manager.probes.timeout | default 1 }}
+            periodSeconds: {{ .Values.manager.probes.periodSeconds | default 10 }}
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 8443
+              {{- if .Values.manager.env.ssl }}
+              scheme: HTTPS
+              {{- else }}
+              scheme: HTTP
+              {{- end }}
+            timeoutSeconds: {{ .Values.manager.probes.timeout | default 1 }}
+            periodSeconds: {{ .Values.manager.probes.periodSeconds | default 10 }}
+            successThreshold: 1
+            failureThreshold: 3
+          {{- end }}
+          resources:
+          {{- if .Values.manager.resources }}
+{{ toYaml .Values.manager.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+      restartPolicy: Always
+      volumes:
+      {{- if .Values.manager.certificate.secret }}
+        - name: cert
+          secret:
+            secretName: {{ .Values.manager.certificate.secret }}
+      {{- else if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.manager.certificate.key .Values.manager.certificate.certificate) }}
+        - name: cert
+          secret:
+            secretName: neuvector-manager-secret
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/manager-ingress.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/manager-ingress.yaml
new file mode 100644
index 0000000000..9dc4bb539f
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/manager-ingress.yaml
@@ -0,0 +1,69 @@
+{{- if and .Values.manager.enabled .Values.manager.ingress.enabled -}}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-webui-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.manager.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.manager.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.manager.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.manager.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.manager.ingress.host }}
+{{- if .Values.manager.ingress.secretName }}
+    secretName: {{ .Values.manager.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.manager.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.manager.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-service-webui
+            port:
+              number: 8443
+{{- else }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-webui-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.manager.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.manager.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.manager.ingress.host }}
+{{- if .Values.manager.ingress.secretName }}
+    secretName: {{ .Values.manager.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.manager.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.manager.ingress.path }}
+        backend:
+          serviceName: neuvector-service-webui
+          servicePort: 8443
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/manager-route.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/manager-route.yaml
new file mode 100644
index 0000000000..f79a7332e5
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/manager-route.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.openshift -}}
+{{- if .Values.manager.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-webui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.manager.route.host }}
+  host: {{ .Values.manager.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-service-webui
+  port:
+    targetPort: manager
+  tls:
+    termination: {{ .Values.manager.route.termination }}
+{{- if or (eq .Values.manager.route.termination "reencrypt") (eq .Values.manager.route.termination "edge") }}
+{{- with .Values.manager.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}  
+{{- end }}  
+{{- end }}
+{{- end -}}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/manager-secret.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/manager-secret.yaml
new file mode 100644
index 0000000000..46563bcbd5
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/manager-secret.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.manager.enabled -}}
+{{- if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.manager.certificate.key .Values.manager.certificate.certificate) }}
+{{- $cert := (dict) }}
+{{- if and .Values.manager.certificate.key .Values.manager.certificate.certificate }}
+{{- $cert = (dict "Key" .Values.manager.certificate.key "Cert" .Values.manager.certificate.certificate ) }}
+{{- else }}
+{{- $cn := "neuvector" }}
+{{- $cert = genSelfSignedCert $cn nil (list $cn) (.Values.defaultValidityPeriod | int) -}}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-manager-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  ssl-cert.key: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-manager-secret" "key" "ssl-cert.key" "defaultValue" $cert.Key) }}
+  ssl-cert.pem: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-manager-secret" "key" "ssl-cert.pem" "defaultValue" $cert.Cert) }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/manager-service.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/manager-service.yaml
new file mode 100644
index 0000000000..b9476748a8
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/manager-service.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.manager.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-service-webui
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.manager.svc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.manager.svc.type }}
+{{- if and .Values.manager.svc.loadBalancerIP (eq .Values.manager.svc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.manager.svc.loadBalancerIP }}
+{{- end }}
+  ports:
+    - port: 8443
+      name: manager
+      protocol: TCP
+{{- if .Values.manager.svc.nodePort }}
+      nodePort: {{ .Values.manager.svc.nodePort }}
+{{- end }}        
+{{- if or (.Capabilities.KubeVersion.GitVersion | contains "-eks") (.Capabilities.KubeVersion.GitVersion | contains "-gke") }}
+{{- if .Values.manager.env.ssl }}
+      appProtocol: HTTPS
+{{- else }}
+      appProtocol: HTTP
+{{- end }}
+{{- end }}
+  selector:
+    app: neuvector-manager-pod
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/psp.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/psp.yaml
new file mode 100644
index 0000000000..6c72e2bf1e
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/psp.yaml
@@ -0,0 +1,154 @@
+{{- if and .Values.global.cattle.psp.enabled (semverCompare "<1.25-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: neuvector-binding-psp
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  privileged: true
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - SYS_ADMIN
+  - NET_ADMIN
+  - SYS_PTRACE
+  - IPC_LOCK
+  requiredDropCapabilities:
+  - ALL
+  volumes:
+  - '*'
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: neuvector-binding-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - policy
+  - extensions
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - neuvector-binding-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: neuvector-binding-psp
+subjects:
+{{- if .Values.leastPrivilege }}
+- kind: ServiceAccount
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+{{- else }}
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+
+{{- if .Values.leastPrivilege }}
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: neuvector-binding-psp-controller
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  privileged: false
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: false
+  allowedCapabilities: null
+  requiredDropCapabilities:
+  - ALL
+  volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - azureFile
+  - projected
+  - secret
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: neuvector-binding-psp-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - policy
+  - extensions
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - neuvector-binding-psp-controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-psp-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: neuvector-binding-psp-controller
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/pvc.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/pvc.yaml
new file mode 100644
index 0000000000..d0c5196270
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/pvc.yaml
@@ -0,0 +1,26 @@
+{{- if not .Values.controller.pvc.existingClaim -}}
+{{- if and .Values.controller.enabled .Values.controller.pvc.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: neuvector-data
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  accessModes:
+{{ toYaml .Values.controller.pvc.accessModes | indent 4 }}
+  volumeMode: Filesystem
+{{- if .Values.controller.pvc.storageClass }}
+  storageClassName: {{ .Values.controller.pvc.storageClass }}
+{{- end }}
+  resources:
+    requests:
+{{- if .Values.controller.pvc.capacity }}
+      storage: {{ .Values.controller.pvc.capacity }}
+{{- else }}
+      storage: 1Gi
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-ingress.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-ingress.yaml
new file mode 100644
index 0000000000..ab05054fe9
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-ingress.yaml
@@ -0,0 +1,106 @@
+{{- if .Values.cve.adapter.enabled -}}
+
+{{- if .Values.cve.adapter.ingress.enabled }}
+{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neuvector-registry-adapter-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.cve.adapter.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.cve.adapter.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.cve.adapter.ingress.ingressClassName | quote }}
+{{ end }}
+{{- if .Values.cve.adapter.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.cve.adapter.ingress.host }}
+{{- if .Values.cve.adapter.ingress.secretName }}
+    secretName: {{ .Values.cve.adapter.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.cve.adapter.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.cve.adapter.ingress.path }}
+        pathType: Prefix
+        backend:
+          service:
+            name: neuvector-service-registry-adapter
+            port:
+              number: 9443
+{{- else }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: neuvector-registry-adapter-ingress
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.cve.adapter.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.cve.adapter.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.cve.adapter.ingress.host }}
+{{- if .Values.cve.adapter.ingress.secretName }}
+    secretName: {{ .Values.cve.adapter.ingress.secretName }}
+{{- end }}
+{{- end }}
+  rules:
+  - host: {{ .Values.cve.adapter.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.cve.adapter.ingress.path }}
+        backend:
+          serviceName: neuvector-service-webui
+          servicePort: 9443
+{{- end }}
+{{- end }}
+
+---
+
+{{- if and .Values.openshift .Values.cve.adapter.route.enabled }}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: route.openshift.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Route
+metadata:
+  name: neuvector-route-registry-adapter
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.cve.adapter.route.host }}
+  host: {{ .Values.cve.adapter.route.host }}
+{{- end }}
+  to:
+    kind: Service
+    name: neuvector-service-registry-adapter
+  port:
+    targetPort: registry-adapter
+  tls:
+    termination: {{ .Values.cve.adapter.route.termination }}
+{{- if or (eq .Values.cve.adapter.route.termination "reencrypt") (eq .Values.cve.adapter.route.termination "edge") }}
+{{- with .Values.cve.adapter.route.tls }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-secret.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-secret.yaml
new file mode 100644
index 0000000000..3317e93415
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter-secret.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.cve.adapter.enabled -}}
+{{- if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.cve.adapter.certificate.key .Values.cve.adapter.certificate.certificate) }}
+{{- $cert := (dict) }}
+{{- if and .Values.cve.adapter.certificate.key .Values.cve.adapter.certificate.certificate }}
+{{- $cert = (dict "Key" .Values.cve.adapter.certificate.key "Cert" .Values.cve.adapter.certificate.certificate ) }}
+{{- else }}
+{{- $cn := "neuvector" }}
+{{- $cert = genSelfSignedCert $cn nil (list $cn (print "neuvector-service-registry-adapter." (default "neuvector" .Release.Namespace) ".svc.cluster.local") "neuvector-service-registry-adapter") (.Values.defaultValidityPeriod | int) -}}
+{{- end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: neuvector-registry-adapter-secret
+type: Opaque
+data:
+  ssl-cert.key: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-registry-adapter-secret" "key" "ssl-cert.key" "defaultValue" $cert.Key) }}
+  ssl-cert.pem: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-registry-adapter-secret" "key" "ssl-cert.pem" "defaultValue" $cert.Cert) }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter.yaml
new file mode 100644
index 0000000000..4009a3d2c7
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/registry-adapter.yaml
@@ -0,0 +1,204 @@
+{{- $pre540 := false -}}                                                
+{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+" .Values.tag }}               
+{{- $pre540 = (semverCompare "<5.3.10-0" .Values.tag) -}}                  
+{{- end }}    
+{{- if .Values.cve.adapter.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-registry-adapter-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neuvector-registry-adapter-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-registry-adapter-pod
+        release: {{ .Release.Name }}
+        {{- with .Values.cve.adapter.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.cve.adapter.certificate.key .Values.cve.adapter.certificate.certificate) }}
+        checksum/registry-adapter-secret: {{ include (print $.Template.BasePath "/registry-adapter-secret.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.cve.adapter.podAnnotations }}
+        {{- toYaml .Values.cve.adapter.podAnnotations | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- if .Values.cve.adapter.affinity }}
+      affinity:
+{{ toYaml .Values.cve.adapter.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.adapter.tolerations }}
+      tolerations:
+{{ toYaml .Values.cve.adapter.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.adapter.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.cve.adapter.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.cve.adapter.priorityClassName }}
+      priorityClassName: {{ .Values.cve.adapter.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: registry-adapter
+      serviceAccount: registry-adapter
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      {{- if .Values.cve.adapter.runAsUser }}
+      securityContext:
+        runAsUser: {{ .Values.cve.adapter.runAsUser }}
+      {{- end }}
+      containers:
+        - name: neuvector-registry-adapter-pod
+          {{- if eq .Values.registry "registry.neuvector.com" }}
+          {{- if .Values.oem }}
+          image: "{{ .Values.registry }}/{{ .Values.oem }}/registry-adapter:{{ .Values.cve.adapter.image.tag }}"
+          {{- else }}
+          image: "{{ .Values.registry }}/registry-adapter:{{ .Values.cve.adapter.image.tag }}"
+          {{- end }}
+          {{- else }}
+          {{- if .Values.cve.adapter.image.hash }}
+          image: "{{ .Values.registry }}/{{ .Values.cve.adapter.image.repository }}@{{ .Values.cve.adapter.image.hash }}"
+          {{- else }}
+          image: {{ template "system_default_registry" . }}{{ .Values.cve.adapter.image.repository }}:{{ .Values.cve.adapter.image.tag }}
+          {{- end }}
+          {{- end }}
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+            - name: HARBOR_SERVER_PROTO
+              value: {{ .Values.cve.adapter.harbor.protocol }}
+            {{- if .Values.cve.adapter.harbor.secretName }}
+            - name: HARBOR_BASIC_AUTH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.cve.adapter.harbor.secretName }}
+                  key: username
+            - name: HARBOR_BASIC_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.cve.adapter.harbor.secretName }}
+                  key: password
+            {{- end }}
+            {{- if or .Values.internal.certmanager.enabled .Values.cve.adapter.internal.certificate.secret }}
+            {{- else if (and .Values.internal.autoGenerateCert (not $pre540))}}
+            - name: AUTO_INTERNAL_CERT
+              value: "1"
+            {{- end }}
+            {{- with .Values.cve.adapter.env }}
+{{- toYaml . | nindent 14 }}
+            {{- end }}
+          volumeMounts:
+          {{- if or .Values.internal.certmanager.enabled .Values.cve.adapter.internal.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.cve.adapter.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.cve.adapter.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.cve.adapter.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+            - mountPath: /etc/neuvector/certs/internal/
+              name: internal-cert-dir
+          {{- end }}
+          {{- if .Values.cve.adapter.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: {{ .Values.cve.adapter.certificate.keyFile }}
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: {{ .Values.cve.adapter.certificate.pemFile }}
+              name: cert
+              readOnly: true
+          {{- else if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.cve.adapter.certificate.key .Values.cve.adapter.certificate.certificate) }}
+            - mountPath: /etc/neuvector/certs/ssl-cert.key
+              subPath: ssl-cert.key
+              name: cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/ssl-cert.pem
+              subPath: ssl-cert.pem
+              name: cert
+              readOnly: true
+          {{- end }}
+          resources:
+          {{- if .Values.cve.adapter.resources }}
+{{ toYaml .Values.cve.adapter.resources | indent 12 }}
+          {{- else }}
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+      restartPolicy: Always
+      volumes:
+      {{- if .Values.cve.adapter.certificate.secret }}
+        - name: cert
+          secret:
+            secretName: {{ .Values.cve.adapter.certificate.secret }}
+      {{- else if or (eq "true" (toString .Values.autoGenerateCert)) (and .Values.cve.adapter.certificate.key .Values.cve.adapter.certificate.certificate) }}
+        - name: cert
+          secret:
+            secretName: neuvector-registry-adapter-secret
+      {{- end }}
+      {{- if or .Values.internal.certmanager.enabled .Values.cve.adapter.internal.certificate.secret }}
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.cve.adapter.internal.certificate.secret }}
+      {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+        - name: internal-cert-dir
+          emptyDir:
+            sizeLimit: 50Mi
+      {{- end }}
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: neuvector-service-registry-adapter
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.cve.adapter.svc.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.cve.adapter.svc.type }}
+{{- if and .Values.cve.adapter.svc.loadBalancerIP (eq .Values.cve.adapter.svc.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.cve.adapter.svc.loadBalancerIP }}
+{{- end }}
+  ports:
+    - name: registry-adapter
+{{- if (eq .Values.cve.adapter.harbor.protocol "https") }}
+      port: 9443
+      appProtocol: HTTPS
+{{- else }}
+      port: 8090
+      appProtocol: HTTP
+{{- end }}
+      protocol: TCP
+  selector:
+    app: neuvector-registry-adapter-pod
+
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/role-least.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/role-least.yaml
new file mode 100644
index 0000000000..7520d7c942
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/role-least.yaml
@@ -0,0 +1,28 @@
+{{- if and .Values.rbac .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Role
+metadata:
+  name: neuvector-binding-scanner
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - watch
+  - patch
+  - update
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/role.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/role.yaml
new file mode 100644
index 0000000000..19aac0a613
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/role.yaml
@@ -0,0 +1,132 @@
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Role
+metadata:
+  name: neuvector-binding-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+
+{{- if .Values.internal.autoGenerateCert }}
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Role
+metadata:
+  name: neuvector-binding-lease
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - update
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Role
+metadata:
+  name: neuvector-binding-job-creation
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - get
+  - delete
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - cronjobs/finalizers
+  verbs:
+  - update
+  - patch
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: Role
+metadata:
+  name: neuvector-binding-cert-upgrader
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - update
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - "apps"
+  resources:
+  - deployments
+  - daemonsets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  verbs:
+  - update
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/rolebinding-least.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/rolebinding-least.yaml
new file mode 100644
index 0000000000..d400853519
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/rolebinding-least.yaml
@@ -0,0 +1,269 @@
+{{- if and .Values.rbac .Values.leastPrivilege -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-scanner
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-scanner
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: updater
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+
+{{- if .Values.internal.autoGenerateCert }}
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-lease
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-lease
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: cert-upgrader
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+- system:serviceaccount:{{ .Release.Namespace }}:cert-upgrader
+{{- end }}
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-job-creation
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-job-creation
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-cert-upgrader
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-cert-upgrader
+subjects:
+- kind: ServiceAccount
+  name: cert-upgrader
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:cert-upgrader
+{{- end }}
+{{- end }}
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-secret
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: scanner
+  namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+  name: registry-adapter
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+- system:serviceaccount:{{ .Release.Namespace }}:enforcer
+- system:serviceaccount:{{ .Release.Namespace }}:scanner
+- system:serviceaccount:{{ .Release.Namespace }}:registry-adapter
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:privileged
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+- kind: ServiceAccount
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+
+---
+
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: false
+allowPrivilegedContainer: false
+allowedCapabilities: null
+apiVersion: security.openshift.io/v1
+defaultAddCapabilities: null
+fsGroup:
+  type: RunAsAny
+groups: []
+kind: SecurityContextConstraints
+metadata:
+  name: neuvector-scc-controller
+priority: null
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+- ALL
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+users: []
+volumes:
+- configMap
+- downwardAPI
+- emptyDir
+- persistentVolumeClaim
+- azureFile
+- projected
+- secret
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:openshift:scc:neuvector-scc-controller
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - neuvector-scc-controller
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:neuvector-scc-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:neuvector-scc-controller
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/rolebinding.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/rolebinding.yaml
new file mode 100644
index 0000000000..ee2e9f6c39
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/rolebinding.yaml
@@ -0,0 +1,173 @@
+{{- if and .Values.rbac (not .Values.leastPrivilege) -}}
+{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-admin
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+{{- end }}
+  name: admin
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-secret
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
+{{- end }}
+
+---
+
+{{- if $oc4 }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:privileged
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+
+---
+
+{{- if .Values.internal.autoGenerateCert }}
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-lease
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-lease
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-job-creation
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-job-creation
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:controller
+{{- end }}
+---
+{{- if $oc3 }}
+apiVersion: authorization.openshift.io/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: v1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: neuvector-binding-cert-upgrader
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+roleRef:
+{{- if not $oc3 }}
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+{{- end }}
+  name: neuvector-binding-cert-upgrader
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+{{- if $oc3 }}
+userNames:
+- system:serviceaccount:{{ .Release.Namespace }}:cert-upgrader
+{{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/scanner-deployment.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/scanner-deployment.yaml
new file mode 100644
index 0000000000..714fee88bc
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/scanner-deployment.yaml
@@ -0,0 +1,121 @@
+{{- $pre540 := false -}}                                                
+{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+" .Values.tag }}               
+{{- $pre540 = (semverCompare "<5.3.10-0" .Values.tag) -}}                  
+{{- end }}    
+{{- if .Values.cve.scanner.enabled -}}
+{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: apps/v1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: neuvector-scanner-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  strategy:
+{{ toYaml .Values.cve.scanner.strategy | indent 4 }}
+  replicas: {{ .Values.cve.scanner.replicas }}
+  selector:
+    matchLabels:
+      app: neuvector-scanner-pod
+  template:
+    metadata:
+      labels:
+        app: neuvector-scanner-pod
+        {{- with .Values.cve.scanner.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.cve.scanner.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- if .Values.cve.scanner.affinity }}
+      affinity:
+{{ toYaml .Values.cve.scanner.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.scanner.tolerations }}
+      tolerations:
+{{ toYaml .Values.cve.scanner.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.scanner.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.cve.scanner.topologySpreadConstraints | indent 8 }}
+      {{- end }}
+      {{- if .Values.cve.scanner.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.cve.scanner.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.cve.scanner.priorityClassName }}
+      priorityClassName: {{ .Values.cve.scanner.priorityClassName }}
+      {{- end }}
+      {{- if .Values.leastPrivilege }}
+      serviceAccountName: scanner
+      serviceAccount: scanner
+      {{- else }}
+      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccount: {{ .Values.serviceAccount }}
+      {{- end }}
+      {{- if .Values.cve.scanner.runAsUser }}
+      securityContext:
+        runAsUser: {{ .Values.cve.scanner.runAsUser }}
+      {{- end }}
+      containers:
+        - name: neuvector-scanner-pod
+          image: {{ template "system_default_registry" . }}{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}
+          imagePullPolicy: Always
+          env:
+            - name: CLUSTER_JOIN_ADDR
+              value: neuvector-svc-controller.{{ .Release.Namespace }}
+          {{- if .Values.cve.scanner.dockerPath }}
+            - name: SCANNER_DOCKER_URL
+              value: {{ .Values.cve.scanner.dockerPath }}
+          {{- end }}
+          {{- if or .Values.internal.certmanager.enabled .Values.cve.scanner.internal.certificate.secret }}
+          {{- else if (and .Values.internal.autoGenerateCert (not $pre540))}}
+            - name: AUTO_INTERNAL_CERT
+              value: "1"
+          {{- end }}
+          {{- with .Values.cve.scanner.env }}
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+          resources:
+{{ toYaml .Values.cve.scanner.resources | indent 12 }}
+          volumeMounts:
+          {{- if or .Values.internal.certmanager.enabled .Values.cve.scanner.internal.certificate.secret }}
+            - mountPath: /etc/neuvector/certs/internal/cert.key
+              subPath: {{ .Values.cve.scanner.internal.certificate.keyFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/cert.pem
+              subPath: {{ .Values.cve.scanner.internal.certificate.pemFile }}
+              name: internal-cert
+              readOnly: true
+            - mountPath: /etc/neuvector/certs/internal/ca.cert
+              subPath: {{ .Values.cve.scanner.internal.certificate.caFile }}
+              name: internal-cert
+              readOnly: true
+          {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+            - mountPath: /etc/neuvector/certs/internal/
+              name: internal-cert-dir
+          {{- end }}
+      restartPolicy: Always
+      volumes:
+      {{- if or .Values.internal.certmanager.enabled .Values.cve.scanner.internal.certificate.secret }}
+        - name: internal-cert
+          secret:
+            secretName: {{ .Values.cve.scanner.internal.certificate.secret }}
+      {{- else if and .Values.internal.autoRotateCert (not $pre540) }}
+        - name: internal-cert-dir
+          emptyDir:
+            sizeLimit: 50Mi
+      {{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount-least.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount-least.yaml
new file mode 100644
index 0000000000..f018447a48
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount-least.yaml
@@ -0,0 +1,76 @@
+{{- if .Values.leastPrivilege }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: basic
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: enforcer
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: scanner
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: updater
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: registry-adapter
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cert-upgrader
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..dc625cde57
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if not .Values.leastPrivilege }}
+{{- if ne .Values.serviceAccount "default"}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/updater-cronjob.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/updater-cronjob.yaml
new file mode 100644
index 0000000000..0ce1abe359
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/updater-cronjob.yaml
@@ -0,0 +1,80 @@
+{{- if .Values.cve.updater.enabled -}}
+{{- if (semverCompare ">=1.21-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: batch/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: batch/v1beta1
+{{- else }}
+apiVersion: batch/v2alpha1
+{{- end }}
+kind: CronJob
+metadata:
+  name: neuvector-updater-pod
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+  schedule: {{ .Values.cve.updater.schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app: neuvector-updater-pod
+            release: {{ .Release.Name }}
+            {{- with .Values.cve.updater.podLabels }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.cve.updater.podAnnotations }}
+          annotations:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+        spec:
+        {{- if .Values.imagePullSecrets }}
+          imagePullSecrets:
+            - name: {{ .Values.imagePullSecrets }}
+        {{- end }}
+        {{- if .Values.cve.updater.nodeSelector }}
+          nodeSelector:
+{{ toYaml .Values.cve.updater.nodeSelector | indent 12 }}
+        {{- end }}
+        {{- if .Values.cve.updater.priorityClassName }}
+          priorityClassName: {{ .Values.cve.updater.priorityClassName }}
+        {{- end }}
+        {{- if .Values.leastPrivilege }}
+          serviceAccountName: updater
+          serviceAccount: updater
+        {{- else }}
+          serviceAccountName: {{ .Values.serviceAccount }}
+          serviceAccount: {{ .Values.serviceAccount }}
+        {{- end }}
+          {{- if .Values.cve.updater.runAsUser }}
+          securityContext:
+            runAsUser: {{ .Values.cve.updater.runAsUser }}
+          {{- end }}
+          containers:
+            - name: neuvector-updater-pod
+              image: {{ template "system_default_registry" . }}{{ .Values.cve.updater.image.repository }}:{{ .Values.cve.updater.image.tag }}
+              imagePullPolicy: Always
+              resources:
+{{ toYaml .Values.cve.updater.resources | indent 16 }}                
+          {{- if .Values.cve.scanner.enabled }}
+              command:
+              - /bin/sh
+              - -c
+            {{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+              {{- if .Values.cve.updater.secure }}
+              {{- if .Values.cve.updater.cacert }}
+              - /usr/bin/curl -v --cacert {{ .Values.cve.updater.cacert }} -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' 2>&1 | grep -v Bearer
+              {{- else }}
+              - /usr/bin/curl -v -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' 2>&1 | grep -v Bearer
+              {{- end }}
+              {{- else }}
+              - /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' 2>&1 | grep -v Bearer
+              {{- end }}
+            {{- else }}
+              - /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/extensions/v1beta1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' 2>&1 | grep -v Bearer
+            {{- end }}
+          {{- end }}
+          restartPolicy: Never
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/upgrader-cronjob.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/upgrader-cronjob.yaml
new file mode 100644
index 0000000000..aecdd1ffce
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/upgrader-cronjob.yaml
@@ -0,0 +1,84 @@
+{{- if and .Values.controller.enabled .Values.internal.autoGenerateCert -}}
+{{- if (semverCompare ">=1.21-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: batch/v1
+{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
+apiVersion: batch/v1beta1
+{{- else }}
+apiVersion: batch/v2alpha1
+{{- end }}
+kind: CronJob
+metadata:
+  name: neuvector-cert-upgrader-pod
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    cert-upgrader-uid: ""
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+spec:
+{{- if .Values.controller.certupgrader.schedule }}
+  schedule: {{ .Values.controller.certupgrader.schedule | quote }}
+{{- else }}
+  schedule: "0 0 1 1 *"
+  suspend: true
+{{- end }}
+  concurrencyPolicy: Forbid
+  failedJobsHistoryLimit: 3
+  successfulJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      activeDeadlineSeconds: {{ .Values.controller.certupgrader.timeout }}
+      parallelism: 1
+      completions: 1
+      backoffLimit: 6
+      template:
+        metadata:
+          labels:
+            app: neuvector-cert-upgrader-pod
+            release: {{ .Release.Name }}
+            {{- with .Values.controller.certupgrader.podLabels }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.controller.certupgrader.podAnnotations }}
+          annotations:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+        spec:
+        {{- if .Values.imagePullSecrets }}
+          imagePullSecrets:
+            - name: {{ .Values.imagePullSecrets }}
+        {{- end }}
+        {{- if .Values.controller.certupgrader.nodeSelector }}
+          nodeSelector:
+{{ toYaml .Values.controller.certupgrader.nodeSelector | indent 12 }}
+        {{- end }}
+        {{- if .Values.controller.certupgrader.priorityClassName }}
+          priorityClassName: {{ .Values.controller.certupgrader.priorityClassName }}
+        {{- end }}
+        {{- if .Values.leastPrivilege }}
+          serviceAccountName: cert-upgrader
+          serviceAccount: cert-upgrader
+        {{- else }}
+          serviceAccountName: {{ .Values.serviceAccount }}
+          serviceAccount: {{ .Values.serviceAccount }}
+        {{- end }}
+          restartPolicy: Never
+          {{- if .Values.controller.certupgrader.runAsUser }}
+          securityContext:
+            runAsUser: {{ .Values.controller.certupgrader.runAsUser }}
+          {{- end }}
+          containers:
+            - name: neuvector-cert-upgrader-pod
+              image: {{ include "neuvector.controller.image" . | quote }}
+              imagePullPolicy: {{ .Values.controller.certupgrader.imagePullPolicy }}
+              command: 
+                - /usr/local/bin/upgrader
+                - upgrader-job
+              {{- if and .Values.internal.autoRotateCert }}
+                - --enable-rotation
+              {{- end }}
+              env:
+              {{- with .Values.controller.certupgrader.env }}
+{{- toYaml . | nindent 14 }}
+              {{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/upgrader-lease.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/upgrader-lease.yaml
new file mode 100644
index 0000000000..724ed79287
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/upgrader-lease.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.lease.enabled }}
+{{- if .Values.internal.autoGenerateCert }}
+apiVersion: coordination.k8s.io/v1
+kind: Lease
+metadata:
+  name: neuvector-cert-upgrader
+spec:
+  leaseTransitions: 0
+{{- end }}
+{{- end }}
+
diff --git a/charts/neuvector/103.0.8+up2.8.4/templates/validate-psp-install.yaml b/charts/neuvector/103.0.8+up2.8.4/templates/validate-psp-install.yaml
new file mode 100644
index 0000000000..da62c4d183
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/templates/validate-psp-install.yaml
@@ -0,0 +1,7 @@
+{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+{{- if .Values.global.cattle.psp.enabled }}
+{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/neuvector/103.0.8+up2.8.4/values.yaml b/charts/neuvector/103.0.8+up2.8.4/values.yaml
new file mode 100644
index 0000000000..1c211befbc
--- /dev/null
+++ b/charts/neuvector/103.0.8+up2.8.4/values.yaml
@@ -0,0 +1,606 @@
+# Default values for neuvector.
+# This is a YAML-formatted file.
+# Declare variables to be passed into the templates.
+
+openshift: false
+
+registry: docker.io
+tag: 5.4.2
+oem:
+rbac: true # required for rancher authentication
+serviceAccount: neuvector
+leastPrivilege: false
+
+global: # required for rancher authentication (https://<Rancher_URL>/)
+  cattle:
+    url:
+    systemDefaultRegistry: ""
+    psp:
+      enabled: false # PSP enablement should default to false
+# Set a bootstrap password. If leave empty, default admin password used.
+bootstrapPassword: ""
+
+autoGenerateCert: true
+
+defaultValidityPeriod: 365
+
+internal: 
+  certmanager: # enable when cert-manager is installed for the internal certificates
+    enabled: false
+    secretname: neuvector-internal
+  autoGenerateCert: true
+  autoRotateCert: true
+
+controller:
+  # If false, controller will not be installed
+  enabled: true
+  annotations: {}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  image:
+    repository: rancher/neuvector-controller
+    tag: 5.4.2
+    hash:
+  replicas: 3
+  disruptionbudget: 0
+  schedulerName:
+  priorityClassName:
+  podLabels: {}
+  podAnnotations: {}
+  searchRegistries:
+  env: []
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+        - weight: 100
+          podAffinityTerm:
+            labelSelector:
+              matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                    - neuvector-controller-pod
+            topologyKey: "kubernetes.io/hostname"
+  tolerations: []
+  topologySpreadConstraints: []
+  nodeSelector:
+    {}
+    # key1: value1
+    # key2: value2
+  apisvc:
+    type:
+    annotations: {}
+    nodePort:  
+    # OpenShift Route configuration
+    # Controller supports HTTPS only, so edge termination not supported
+    route:
+      enabled: false
+      termination: passthrough
+      host:
+      tls:
+        #certificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #caCertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #destinationCACertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #key: |
+        #  -----BEGIN PRIVATE KEY-----
+        #  -----END PRIVATE KEY-----
+  ranchersso: # required for rancher authentication
+    enabled: true
+  pvc:
+    enabled: false
+    existingClaim: false
+    accessModes:
+      - ReadWriteMany
+    storageClass:
+    capacity:
+  azureFileShare:
+    enabled: false
+    secretName:
+    shareName:
+  certificate:
+    secret: ""
+    keyFile: tls.key
+    pemFile: tls.pem
+    #key: |
+    #  -----BEGIN PRIVATE KEY-----
+    #  -----END PRIVATE KEY-----
+    #certificate: |
+    #  -----BEGIN CERTIFICATE-----
+    #  -----END CERTIFICATE-----
+  internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+    certificate:
+      secret: ""
+      keyFile: tls.key
+      pemFile: tls.crt
+      caFile: ca.crt # must be the same CA for all internal.
+  federation:
+    mastersvc:
+      type:
+      loadBalancerIP:
+      clusterIP:
+      nodePort: # Must be a valid NodePort: 30000-32767
+      externalTrafficPolicy:
+      internalTrafficPolicy:
+      # Federation Master Ingress
+      ingress:
+        enabled: false
+        host: # MUST be set, if ingress is enabled
+        ingressClassName: ""
+        path: "/" # or this could be "/api", but might need "rewrite-target" annotation
+        annotations:
+          nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+          # ingress.kubernetes.io/rewrite-target: /
+        tls: false
+        secretName:
+      annotations: {}
+      # OpenShift Route configuration
+      # Controller supports HTTPS only, so edge termination not supported
+      route:
+        enabled: false
+        termination: passthrough
+        host:
+        tls:
+          #certificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #caCertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #destinationCACertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #key: |
+          #  -----BEGIN PRIVATE KEY-----
+          #  -----END PRIVATE KEY-----
+    managedsvc:
+      type:
+      loadBalancerIP:
+      clusterIP:
+      nodePort: # Must be a valid NodePort: 30000-32767
+      externalTrafficPolicy:
+      internalTrafficPolicy:
+      # Federation Managed Ingress
+      ingress:
+        enabled: false
+        host: # MUST be set, if ingress is enabled
+        ingressClassName: ""
+        path: "/" # or this could be "/api", but might need "rewrite-target" annotation
+        annotations:
+          nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+          # ingress.kubernetes.io/rewrite-target: /
+        tls: false
+        secretName:
+      annotations: {}
+      # OpenShift Route configuration
+      # Controller supports HTTPS only, so edge termination not supported
+      route:
+        enabled: false
+        termination: passthrough
+        host:
+        tls:
+          #certificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #caCertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #destinationCACertificate: |
+          #  -----BEGIN CERTIFICATE-----
+          #  -----END CERTIFICATE-----
+          #key: |
+          #  -----BEGIN PRIVATE KEY-----
+          #  -----END PRIVATE KEY-----
+  ingress:
+    enabled: false
+    host: # MUST be set, if ingress is enabled
+    ingressClassName: ""
+    path: "/" # or this could be "/api", but might need "rewrite-target" annotation
+    annotations:
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      # ingress.kubernetes.io/rewrite-target: /
+    tls: false
+    secretName:
+  resources:
+    {}
+    # limits:
+    #   cpu: 400m
+    #   memory: 2792Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 2280Mi
+  configmap:
+    enabled: false
+    data:
+      # passwordprofileinitcfg.yaml: |
+      #  ...
+      # roleinitcfg.yaml: |
+      #  ...
+      # ldapinitcfg.yaml: |
+      #  ...
+      # oidcinitcfg.yaml: |
+      # ...
+      # samlinitcfg.yaml: |
+      # ...
+      # sysinitcfg.yaml: |
+      # ...
+      # userinitcfg.yaml: |
+      # ...
+      # fedinitcfg.yaml: |
+      # ...
+  secret:
+    # NOTE: files defined here have preferrence over the ones defined in the configmap section
+    enabled: false
+    data:
+      # passwordprofileinitcfg.yaml:
+      #  ...
+      # roleinitcfg.yaml:
+      #  ...
+      # ldapinitcfg.yaml:
+      #   directory: OpenLDAP
+      #   ...
+      # oidcinitcfg.yaml:
+      #   Issuer: https://...
+      #   ...
+      # samlinitcfg.yaml:
+      #   ...
+      # sysinitcfg.yaml:
+      #   ...
+      userinitcfg.yaml:
+        users:
+        - Fullname: admin
+          Password:
+          Role: admin
+  certupgrader:
+    env: []
+    # The cronjob schedule that cert-upgrader will run to check and rotate internal certificate.
+    # default: "" (off)
+    schedule: ""
+    imagePullPolicy: IfNotPresent
+    timeout: 3600 
+    priorityClassName:
+    podLabels: {}
+    podAnnotations: {}
+    nodeSelector:
+      {}
+      # key1: value1
+      # key2: value2
+    runAsUser: # MUST be set for Rancher hardened cluster
+  prime:
+    enabled: true
+    image:
+      repository: rancher/neuvector-compliance-config
+      tag: 1.0.3
+      hash:
+enforcer:
+  # If false, enforcer will not be installed
+  enabled: true
+  image:
+    repository: rancher/neuvector-enforcer
+    tag: 5.4.2
+    hash:
+  updateStrategy:
+    type: RollingUpdate
+  priorityClassName:
+  podLabels: {}
+  podAnnotations: {}
+  env: []
+  tolerations:
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/master
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/control-plane
+  resources:
+    {}
+    # limits:
+    #   cpu: 400m
+    #   memory: 2792Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 2280Mi
+  internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+    certificate:
+      secret: "" 
+      keyFile: tls.key
+      pemFile: tls.crt
+      caFile: ca.crt # must be the same CA for all internal.
+
+manager:
+  # If false, manager will not be installed
+  enabled: true
+  image:
+    repository: rancher/neuvector-manager
+    tag: 5.4.2
+    hash:
+  priorityClassName:
+  env:
+    ssl: true
+    envs: []
+  #      - name: CUSTOM_PAGE_HEADER_COLOR
+  #        value: "#FFFFFF"
+  #      - name: CUSTOM_PAGE_FOOTER_COLOR
+  #        value: "#FFFFFF"
+  svc:
+    type: ClusterIP
+    nodePort:  
+    loadBalancerIP:
+    annotations:
+      {}
+      # azure
+      # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+      # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
+  # OpenShift Route configuration
+  # Make sure manager env ssl is false for edge termination
+  route:
+    enabled: true
+    termination: passthrough
+    host:
+    tls:
+      #certificate: |
+      #  -----BEGIN CERTIFICATE-----
+      #  -----END CERTIFICATE-----
+      #caCertificate: |
+      #  -----BEGIN CERTIFICATE-----
+      #  -----END CERTIFICATE-----
+      #destinationCACertificate: |
+      #  -----BEGIN CERTIFICATE-----
+      #  -----END CERTIFICATE-----
+      #key: |
+      #  -----BEGIN PRIVATE KEY-----
+      #  -----END PRIVATE KEY-----
+  certificate:
+    secret: ""
+    keyFile: tls.key
+    pemFile: tls.pem
+    #key: |
+    #  -----BEGIN PRIVATE KEY-----
+    #  -----END PRIVATE KEY-----
+    #certificate: |
+    #  -----BEGIN CERTIFICATE-----
+    #  -----END CERTIFICATE-----
+  ingress:
+    enabled: false
+    host: # MUST be set, if ingress is enabled
+    ingressClassName: ""
+    path: "/"
+    annotations:
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      # kubernetes.io/ingress.class: my-nginx
+      # nginx.ingress.kubernetes.io/whitelist-source-range: "1.1.1.1"
+      # nginx.ingress.kubernetes.io/rewrite-target: /
+      # nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
+      # only for end-to-end tls conf - ingress-nginx accepts backend self-signed cert
+    tls: false
+    secretName: # my-tls-secret
+  resources:
+    {}
+    # limits:
+    #   cpu: 400m
+    #   memory: 2792Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 2280Mi
+  topologySpreadConstraints: []
+  affinity: {}
+  podLabels: {}
+  podAnnotations: {}
+  tolerations: []
+  nodeSelector:
+    {}
+    # key1: value1
+    # key2: value2
+  runAsUser: # MUST be set for Rancher hardened cluster
+  probes:
+    enabled: false
+    timeout: 1
+    periodSeconds: 10
+    startupFailureThreshold: 30
+
+cve:
+  adapter:
+    enabled: false
+    image:
+      repository: rancher/neuvector-registry-adapter
+      tag: 0.1.5
+      hash:
+    priorityClassName:
+    resources:
+      {}
+      # limits:
+      #   cpu: 400m
+      #   memory: 512Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 1024Mi
+    affinity: {}
+    podLabels: {}
+    podAnnotations: {}
+    env: []
+    tolerations: []
+    nodeSelector:
+      {}
+      # key1: value1
+      # key2: value2
+    runAsUser: # MUST be set for Rancher hardened cluster
+    ## TLS cert/key.  If absent, TLS cert/key automatically generated will be used.
+    ##
+    ## default: (none)
+    certificate:
+      secret: ""
+      keyFile: tls.key
+      pemFile: tls.crt
+    #key: |
+    #  -----BEGIN PRIVATE KEY-----
+    #  -----END PRIVATE KEY-----
+    #certificate: |
+    #  -----BEGIN CERTIFICATE-----
+    #  -----END CERTIFICATE-----
+    harbor:
+      protocol: https
+      secretName:
+    svc:
+      type: ClusterIP
+      loadBalancerIP:
+      annotations:
+        {}
+        # azure
+        # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+        # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
+    # OpenShift Route configuration
+    route:
+      enabled: true
+      termination: passthrough
+      host:
+      tls:
+        #certificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #caCertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #destinationCACertificate: |
+        #  -----BEGIN CERTIFICATE-----
+        #  -----END CERTIFICATE-----
+        #key: |
+        #  -----BEGIN PRIVATE KEY-----
+        #  -----END PRIVATE KEY-----
+    ingress:
+      enabled: false
+      host: # MUST be set, if ingress is enabled
+      ingressClassName: ""
+      path: "/"
+      annotations:
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+        # kubernetes.io/ingress.class: my-nginx
+        # nginx.ingress.kubernetes.io/whitelist-source-range: "1.1.1.1"
+        # nginx.ingress.kubernetes.io/rewrite-target: /
+        # nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
+        # only for end-to-end tls conf - ingress-nginx accepts backend self-signed cert
+      tls: false
+      secretName: # my-tls-secret
+    internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+      certificate:
+        secret: "" 
+        keyFile: tls.key
+        pemFile: tls.crt
+        caFile: ca.crt # must be the same CA for all internal.
+  updater:
+    # If false, cve updater will not be installed
+    enabled: true
+    secure: false
+    cacert: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    image:
+      registry: ""
+      repository: rancher/neuvector-updater
+      tag: 0.0.1
+      hash:
+    schedule: "0 0 * * *"
+    priorityClassName:
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 256Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 256Mi
+    podLabels: {}
+    podAnnotations: {}
+    nodeSelector:
+      {}
+      # key1: value1
+      # key2: value2
+    runAsUser: # MUST be set for Rancher hardened cluster
+  scanner:
+    enabled: true
+    replicas: 3
+    dockerPath: ""
+    strategy:
+      type: RollingUpdate
+      rollingUpdate:
+        maxSurge: 1
+        maxUnavailable: 0
+    image:
+      registry: ""
+      repository: rancher/neuvector-scanner
+      tag: "6"
+      hash:
+    priorityClassName:
+    resources:
+      {}
+      # limits:
+      #   cpu: 400m
+      #   memory: 2792Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 2280Mi
+    topologySpreadConstraints: []
+    affinity: {}
+    podLabels: {}
+    podAnnotations: {}
+    env: []
+    tolerations: []
+    nodeSelector:
+      {}
+      # key1: value1
+      # key2: value2
+    runAsUser: # MUST be set for Rancher hardened cluster
+    internal: # this is used for internal communication. Please use the SAME CA for all the components (controller, scanner, adapter and enforcer)
+      certificate:
+        secret: "" 
+        keyFile: tls.key
+        pemFile: tls.crt
+        caFile: ca.crt # must be the same CA for all internal.
+
+resources:
+  {}
+  # limits:
+  #   cpu: 400m
+  #   memory: 2792Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 2280Mi
+
+runtimePath:
+
+# The following runtime type and socket location are deprecated after 5.3.0.
+# If the socket path is not at the default location, use above 'runtimePath' to specify the location.
+docker:
+  path: /var/run/docker.sock
+
+k3s:
+  enabled: false
+  runtimePath: /run/k3s/containerd/containerd.sock
+
+bottlerocket:
+  enabled: false
+  runtimePath: /run/dockershim.sock
+
+containerd:
+  enabled: false
+  path: /var/run/containerd/containerd.sock
+
+crio:
+  enabled: false
+  path: /var/run/crio/crio.sock
+
+admissionwebhook:
+  type: ClusterIP
+
+crdwebhooksvc:
+  enabled: true
+
+crdwebhook:
+  enabled: true
+  type: ClusterIP
+
+lease:
+  enabled: true
diff --git a/charts/rancher-aks-operator-crd/103.7.0+up1.2.7/Chart.yaml b/charts/rancher-aks-operator-crd/103.7.0+up1.2.7/Chart.yaml
new file mode 100644
index 0000000000..5854b664e6
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/103.7.0+up1.2.7/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: rancher-aks-operator-crd
+apiVersion: v2
+appVersion: 1.2.7
+description: AKS Operator CustomResourceDefinitions
+name: rancher-aks-operator-crd
+version: 103.7.0+up1.2.7
diff --git a/charts/rancher-aks-operator-crd/103.7.0+up1.2.7/templates/crds.yaml b/charts/rancher-aks-operator-crd/103.7.0+up1.2.7/templates/crds.yaml
new file mode 100644
index 0000000000..c4fcdfac05
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/103.7.0+up1.2.7/templates/crds.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+  name: aksclusterconfigs.aks.cattle.io
+spec:
+  group: aks.cattle.io
+  names:
+    kind: AKSClusterConfig
+    plural: aksclusterconfigs
+    shortNames:
+    - akscc
+    singular: aksclusterconfig
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              authBaseUrl:
+                nullable: true
+                type: string
+              authorizedIpRanges:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              azureCredentialSecret:
+                nullable: true
+                type: string
+              baseUrl:
+                nullable: true
+                type: string
+              clusterName:
+                nullable: true
+                type: string
+              dnsPrefix:
+                nullable: true
+                type: string
+              dnsServiceIp:
+                nullable: true
+                type: string
+              dockerBridgeCidr:
+                nullable: true
+                type: string
+              httpApplicationRouting:
+                nullable: true
+                type: boolean
+              imported:
+                type: boolean
+              kubernetesVersion:
+                nullable: true
+                type: string
+              linuxAdminUsername:
+                nullable: true
+                type: string
+              loadBalancerSku:
+                nullable: true
+                type: string
+              logAnalyticsWorkspaceGroup:
+                nullable: true
+                type: string
+              logAnalyticsWorkspaceName:
+                nullable: true
+                type: string
+              managedIdentity:
+                nullable: true
+                type: boolean
+              monitoring:
+                nullable: true
+                type: boolean
+              networkPlugin:
+                nullable: true
+                type: string
+              networkPolicy:
+                nullable: true
+                type: string
+              nodePools:
+                items:
+                  properties:
+                    availabilityZones:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    count:
+                      nullable: true
+                      type: integer
+                    enableAutoScaling:
+                      nullable: true
+                      type: boolean
+                    maxCount:
+                      nullable: true
+                      type: integer
+                    maxPods:
+                      nullable: true
+                      type: integer
+                    maxSurge:
+                      nullable: true
+                      type: string
+                    minCount:
+                      nullable: true
+                      type: integer
+                    mode:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    nodeLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                    nodeTaints:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    orchestratorVersion:
+                      nullable: true
+                      type: string
+                    osDiskSizeGB:
+                      nullable: true
+                      type: integer
+                    osDiskType:
+                      nullable: true
+                      type: string
+                    osType:
+                      nullable: true
+                      type: string
+                    vmSize:
+                      nullable: true
+                      type: string
+                    vnetSubnetID:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              nodeResourceGroup:
+                nullable: true
+                type: string
+              outboundType:
+                nullable: true
+                type: string
+              podCidr:
+                nullable: true
+                type: string
+              privateCluster:
+                nullable: true
+                type: boolean
+              privateDnsZone:
+                nullable: true
+                type: string
+              resourceGroup:
+                nullable: true
+                type: string
+              resourceLocation:
+                nullable: true
+                type: string
+              serviceCidr:
+                nullable: true
+                type: string
+              sshPublicKey:
+                nullable: true
+                type: string
+              subnet:
+                nullable: true
+                type: string
+              tags:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+              userAssignedIdentity:
+                nullable: true
+                type: string
+              virtualNetwork:
+                nullable: true
+                type: string
+              virtualNetworkResourceGroup:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              failureMessage:
+                nullable: true
+                type: string
+              phase:
+                nullable: true
+                type: string
+              rbacEnabled:
+                nullable: true
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/Chart.yaml b/charts/rancher-aks-operator/103.7.0+up1.2.7/Chart.yaml
new file mode 100644
index 0000000000..f555eb88ac
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-aks-operator
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.2.7
+description: A Helm chart for provisioning AKS clusters
+home: https://github.com/rancher/aks-operator
+name: rancher-aks-operator
+sources:
+- https://github.com/rancher/aks-operator
+version: 103.7.0+up1.2.7
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/NOTES.txt b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/NOTES.txt
new file mode 100644
index 0000000000..5ba05b482c
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher AKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions AKS clusters
+from AKSClusterConfig CRs.
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/_helpers.tpl b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/_helpers.tpl
new file mode 100644
index 0000000000..de3b332f6a
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrole.yaml b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrole.yaml
new file mode 100644
index 0000000000..5e2ce97567
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: aks-operator
+  namespace: cattle-system
+rules:
+  - apiGroups: ['']
+    resources: ['secrets']
+    verbs: ['get', 'list', 'create', 'watch', 'update']
+  - apiGroups: ['aks.cattle.io']
+    resources: ['aksclusterconfigs']
+    verbs: ['get', 'list', 'update', 'watch']
+  - apiGroups: ['aks.cattle.io']
+    resources: ['aksclusterconfigs/status']
+    verbs: ['update']
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..7aa7e785a4
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  aks-operator
+  namespace: cattle-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: aks-operator
+subjects:
+- kind: ServiceAccount
+  name: aks-operator
+  namespace: cattle-system
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/deployment.yaml b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/deployment.yaml
new file mode 100644
index 0000000000..3a443f354f
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aks-config-operator
+  namespace: cattle-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ke.cattle.io/operator: aks
+  template:
+    metadata:
+      labels:
+        ke.cattle.io/operator: aks
+    spec:
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      serviceAccountName: aks-operator
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
+      securityContext:
+        fsGroup: 1007
+        runAsUser: 1007
+      containers:
+      - name: aks-operator
+        image: '{{ template "system_default_registry" $ }}{{ $.Values.aksOperator.image.repository }}:{{ $.Values.aksOperator.image.tag }}'
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: HTTP_PROXY
+          value: {{ .Values.httpProxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.httpsProxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+        # aks-operator mounts the additional CAs in two places:
+        volumeMounts:
+            # This directory is owned by the aks-operator user so c_rehash works here.
+          - mountPath: /etc/rancher/ssl/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+            # This directory is root-owned so c_rehash doesn't work here,
+            # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+          - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+      volumes:
+        - name: tls-ca-additional-volume
+          secret:
+            defaultMode: 0400
+            secretName: tls-ca-additional
+  {{- end }}
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..9c40a152f5
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: cattle-system
+  name: aks-operator
diff --git a/charts/rancher-aks-operator/103.7.0+up1.2.7/values.yaml b/charts/rancher-aks-operator/103.7.0+up1.2.7/values.yaml
new file mode 100644
index 0000000000..6177ad5eaf
--- /dev/null
+++ b/charts/rancher-aks-operator/103.7.0+up1.2.7/values.yaml
@@ -0,0 +1,23 @@
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+aksOperator:
+  image:
+    repository: rancher/aks-operator
+    tag: v1.2.7
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
diff --git a/charts/rancher-eks-operator-crd/103.7.0+up1.3.7/Chart.yaml b/charts/rancher-eks-operator-crd/103.7.0+up1.3.7/Chart.yaml
new file mode 100644
index 0000000000..e8c54b77f4
--- /dev/null
+++ b/charts/rancher-eks-operator-crd/103.7.0+up1.3.7/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: rancher-eks-operator-crd
+apiVersion: v2
+appVersion: 1.3.7
+description: EKS Operator CustomResourceDefinitions
+name: rancher-eks-operator-crd
+version: 103.7.0+up1.3.7
diff --git a/charts/rancher-eks-operator-crd/103.7.0+up1.3.7/templates/crds.yaml b/charts/rancher-eks-operator-crd/103.7.0+up1.3.7/templates/crds.yaml
new file mode 100644
index 0000000000..f1c4534210
--- /dev/null
+++ b/charts/rancher-eks-operator-crd/103.7.0+up1.3.7/templates/crds.yaml
@@ -0,0 +1,226 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+  name: eksclusterconfigs.eks.cattle.io
+spec:
+  group: eks.cattle.io
+  names:
+    kind: EKSClusterConfig
+    plural: eksclusterconfigs
+    shortNames:
+    - ekscc
+    singular: eksclusterconfig
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              amazonCredentialSecret:
+                nullable: true
+                type: string
+              displayName:
+                nullable: true
+                type: string
+              ebsCSIDriver:
+                nullable: true
+                type: boolean
+              imported:
+                type: boolean
+              kmsKey:
+                nullable: true
+                type: string
+              kubernetesVersion:
+                nullable: true
+                type: string
+              loggingTypes:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              nodeGroups:
+                items:
+                  properties:
+                    desiredSize:
+                      nullable: true
+                      type: integer
+                    diskSize:
+                      nullable: true
+                      type: integer
+                    ec2SshKey:
+                      nullable: true
+                      type: string
+                    gpu:
+                      nullable: true
+                      type: boolean
+                    imageId:
+                      nullable: true
+                      type: string
+                    instanceType:
+                      nullable: true
+                      type: string
+                    labels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                    launchTemplate:
+                      nullable: true
+                      properties:
+                        id:
+                          nullable: true
+                          type: string
+                        name:
+                          nullable: true
+                          type: string
+                        version:
+                          nullable: true
+                          type: integer
+                      type: object
+                    maxSize:
+                      nullable: true
+                      type: integer
+                    minSize:
+                      nullable: true
+                      type: integer
+                    nodeRole:
+                      nullable: true
+                      type: string
+                    nodegroupName:
+                      nullable: true
+                      type: string
+                    requestSpotInstances:
+                      nullable: true
+                      type: boolean
+                    resourceTags:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                    spotInstanceTypes:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    subnets:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    tags:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                    userData:
+                      nullable: true
+                      type: string
+                    version:
+                      nullable: true
+                      type: string
+                  required:
+                  - nodegroupName
+                  type: object
+                nullable: true
+                type: array
+              privateAccess:
+                nullable: true
+                type: boolean
+              publicAccess:
+                nullable: true
+                type: boolean
+              publicAccessSources:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              region:
+                nullable: true
+                type: string
+              secretsEncryption:
+                nullable: true
+                type: boolean
+              securityGroups:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              serviceRole:
+                nullable: true
+                type: string
+              subnets:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              tags:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+            type: object
+          status:
+            properties:
+              failureMessage:
+                nullable: true
+                type: string
+              generatedNodeRole:
+                nullable: true
+                type: string
+              managedLaunchTemplateID:
+                nullable: true
+                type: string
+              managedLaunchTemplateVersions:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+              networkFieldsSource:
+                nullable: true
+                type: string
+              phase:
+                nullable: true
+                type: string
+              securityGroups:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              subnets:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              templateVersionsToDelete:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              virtualNetwork:
+                nullable: true
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/Chart.yaml b/charts/rancher-eks-operator/103.7.0+up1.3.7/Chart.yaml
new file mode 100644
index 0000000000..a89cf4c5e6
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-eks-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-eks-operator
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.3.7
+description: A Helm chart for provisioning EKS clusters
+home: https://github.com/rancher/eks-operator
+name: rancher-eks-operator
+sources:
+- https://github.com/rancher/eks-operator
+version: 103.7.0+up1.3.7
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/NOTES.txt b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/NOTES.txt
new file mode 100644
index 0000000000..23a1b4a8bf
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher EKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions EKS clusters
+from EKSClusterConfig CRs.
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/_helpers.tpl b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/_helpers.tpl
new file mode 100644
index 0000000000..de3b332f6a
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrole.yaml b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrole.yaml
new file mode 100644
index 0000000000..d0d561b6ea
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: eks-operator
+  namespace: cattle-system
+rules:
+  - apiGroups: ['']
+    resources: ['secrets']
+    verbs: ['get', 'list', 'create', 'watch']
+  - apiGroups: ['eks.cattle.io']
+    resources: ['eksclusterconfigs']
+    verbs: ['get', 'list', 'update', 'watch']
+  - apiGroups: ['eks.cattle.io']
+    resources: ['eksclusterconfigs/status']
+    verbs: ['update']
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..2b1846353e
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  eks-operator
+  namespace: cattle-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: eks-operator
+subjects:
+- kind: ServiceAccount
+  name: eks-operator
+  namespace: cattle-system
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/deployment.yaml b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/deployment.yaml
new file mode 100644
index 0000000000..898383907a
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: eks-config-operator
+  namespace: cattle-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ke.cattle.io/operator: eks
+  template:
+    metadata:
+      labels:
+        ke.cattle.io/operator: eks
+    spec:
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      serviceAccountName: eks-operator
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
+      securityContext:
+        fsGroup: 1007
+        runAsUser: 1007
+      containers:
+      - name: eks-operator
+        image: '{{ template "system_default_registry" $ }}{{ $.Values.eksOperator.image.repository }}:{{ $.Values.eksOperator.image.tag }}'
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: HTTP_PROXY
+          value: {{ .Values.httpProxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.httpsProxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+        # eks-operator mounts the additional CAs in two places:
+        volumeMounts:
+            # This directory is owned by the eks-operator user so c_rehash works here.
+          - mountPath: /etc/rancher/ssl/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+            # This directory is root-owned so c_rehash doesn't work here,
+            # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+          - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+      volumes:
+        - name: tls-ca-additional-volume
+          secret:
+            defaultMode: 0400
+            secretName: tls-ca-additional
+  {{- end }}
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/serviceaccount.yaml b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..934de07e0d
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: cattle-system
+  name: eks-operator
diff --git a/charts/rancher-eks-operator/103.7.0+up1.3.7/values.yaml b/charts/rancher-eks-operator/103.7.0+up1.3.7/values.yaml
new file mode 100644
index 0000000000..e3ea0abcad
--- /dev/null
+++ b/charts/rancher-eks-operator/103.7.0+up1.3.7/values.yaml
@@ -0,0 +1,22 @@
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+eksOperator:
+  image:
+    repository: rancher/eks-operator
+    tag: v1.3.7
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
diff --git a/charts/rancher-gke-operator-crd/103.7.0+up1.2.7/Chart.yaml b/charts/rancher-gke-operator-crd/103.7.0+up1.2.7/Chart.yaml
new file mode 100644
index 0000000000..9c90a9c4f2
--- /dev/null
+++ b/charts/rancher-gke-operator-crd/103.7.0+up1.2.7/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: rancher-gke-operator-crd
+apiVersion: v2
+appVersion: 1.2.7
+description: GKE Operator CustomResourceDefinitions
+name: rancher-gke-operator-crd
+version: 103.7.0+up1.2.7
diff --git a/charts/rancher-gke-operator-crd/103.7.0+up1.2.7/templates/crds.yaml b/charts/rancher-gke-operator-crd/103.7.0+up1.2.7/templates/crds.yaml
new file mode 100644
index 0000000000..aaa323f363
--- /dev/null
+++ b/charts/rancher-gke-operator-crd/103.7.0+up1.2.7/templates/crds.yaml
@@ -0,0 +1,250 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+  name: gkeclusterconfigs.gke.cattle.io
+spec:
+  group: gke.cattle.io
+  names:
+    kind: GKEClusterConfig
+    plural: gkeclusterconfigs
+    shortNames:
+    - gkecc
+    singular: gkeclusterconfig
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterAddons:
+                nullable: true
+                properties:
+                  horizontalPodAutoscaling:
+                    type: boolean
+                  httpLoadBalancing:
+                    type: boolean
+                  networkPolicyConfig:
+                    type: boolean
+                type: object
+              clusterIpv4Cidr:
+                nullable: true
+                type: string
+              clusterName:
+                nullable: true
+                type: string
+              description:
+                nullable: true
+                type: string
+              enableKubernetesAlpha:
+                nullable: true
+                type: boolean
+              googleCredentialSecret:
+                nullable: true
+                type: string
+              imported:
+                type: boolean
+              ipAllocationPolicy:
+                nullable: true
+                properties:
+                  clusterIpv4CidrBlock:
+                    nullable: true
+                    type: string
+                  clusterSecondaryRangeName:
+                    nullable: true
+                    type: string
+                  createSubnetwork:
+                    type: boolean
+                  nodeIpv4CidrBlock:
+                    nullable: true
+                    type: string
+                  servicesIpv4CidrBlock:
+                    nullable: true
+                    type: string
+                  servicesSecondaryRangeName:
+                    nullable: true
+                    type: string
+                  subnetworkName:
+                    nullable: true
+                    type: string
+                  useIpAliases:
+                    type: boolean
+                type: object
+              kubernetesVersion:
+                nullable: true
+                type: string
+              labels:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+              locations:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              loggingService:
+                nullable: true
+                type: string
+              maintenanceWindow:
+                nullable: true
+                type: string
+              masterAuthorizedNetworks:
+                nullable: true
+                properties:
+                  cidrBlocks:
+                    items:
+                      properties:
+                        cidrBlock:
+                          nullable: true
+                          type: string
+                        displayName:
+                          nullable: true
+                          type: string
+                      type: object
+                    nullable: true
+                    type: array
+                  enabled:
+                    type: boolean
+                type: object
+              monitoringService:
+                nullable: true
+                type: string
+              network:
+                nullable: true
+                type: string
+              networkPolicyEnabled:
+                nullable: true
+                type: boolean
+              nodePools:
+                items:
+                  properties:
+                    autoscaling:
+                      nullable: true
+                      properties:
+                        enabled:
+                          type: boolean
+                        maxNodeCount:
+                          type: integer
+                        minNodeCount:
+                          type: integer
+                      type: object
+                    config:
+                      nullable: true
+                      properties:
+                        diskSizeGb:
+                          type: integer
+                        diskType:
+                          nullable: true
+                          type: string
+                        imageType:
+                          nullable: true
+                          type: string
+                        labels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        localSsdCount:
+                          type: integer
+                        machineType:
+                          nullable: true
+                          type: string
+                        oauthScopes:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        preemptible:
+                          type: boolean
+                        tags:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        taints:
+                          items:
+                            properties:
+                              effect:
+                                nullable: true
+                                type: string
+                              key:
+                                nullable: true
+                                type: string
+                              value:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    initialNodeCount:
+                      nullable: true
+                      type: integer
+                    management:
+                      nullable: true
+                      properties:
+                        autoRepair:
+                          type: boolean
+                        autoUpgrade:
+                          type: boolean
+                      type: object
+                    maxPodsConstraint:
+                      nullable: true
+                      type: integer
+                    name:
+                      nullable: true
+                      type: string
+                    version:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              privateClusterConfig:
+                nullable: true
+                properties:
+                  enablePrivateEndpoint:
+                    type: boolean
+                  enablePrivateNodes:
+                    type: boolean
+                  masterIpv4CidrBlock:
+                    nullable: true
+                    type: string
+                type: object
+              projectID:
+                nullable: true
+                type: string
+              region:
+                nullable: true
+                type: string
+              subnetwork:
+                nullable: true
+                type: string
+              zone:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              failureMessage:
+                nullable: true
+                type: string
+              phase:
+                nullable: true
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/Chart.yaml b/charts/rancher-gke-operator/103.7.0+up1.2.7/Chart.yaml
new file mode 100644
index 0000000000..d9620835c1
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-gke-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-gke-operator
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.2.7
+description: A Helm chart for provisioning GKE clusters
+home: https://github.com/rancher/gke-operator
+name: rancher-gke-operator
+sources:
+- https://github.com/rancher/gke-operator
+version: 103.7.0+up1.2.7
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/NOTES.txt b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/NOTES.txt
new file mode 100644
index 0000000000..238173d1bd
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher GKE operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions GKE clusters
+from GKEClusterConfig CRs.
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/_helpers.tpl b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/_helpers.tpl
new file mode 100644
index 0000000000..de3b332f6a
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrole.yaml b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrole.yaml
new file mode 100644
index 0000000000..7c352696ee
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gke-operator
+  namespace: cattle-system
+rules:
+  - apiGroups: ['']
+    resources: ['secrets']
+    verbs: ['get', 'list', 'create', 'watch']
+  - apiGroups: ['gke.cattle.io']
+    resources: ['gkeclusterconfigs']
+    verbs: ['get', 'list', 'update', 'watch']
+  - apiGroups: ['gke.cattle.io']
+    resources: ['gkeclusterconfigs/status']
+    verbs: ['update']
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..e2af390c71
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  gke-operator
+  namespace: cattle-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gke-operator
+subjects:
+- kind: ServiceAccount
+  name: gke-operator
+  namespace: cattle-system
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/deployment.yaml b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/deployment.yaml
new file mode 100644
index 0000000000..3af5a6c0f7
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/deployment.yaml
@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gke-config-operator
+  namespace: cattle-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ke.cattle.io/operator: gke
+  template:
+    metadata:
+      labels:
+        ke.cattle.io/operator: gke
+    spec:
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      serviceAccountName: gke-operator
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
+      securityContext:
+        fsGroup: 1007
+        runAsUser: 1007
+      containers:
+      - name: rancher-gke-operator
+        image: '{{ template "system_default_registry" $ }}{{ $.Values.gkeOperator.image.repository }}:{{ $.Values.gkeOperator.image.tag }}'
+        imagePullPolicy: IfNotPresent
+        args: ["-debug={{ .Values.gkeOperator.debug | default false }}"]
+        env:
+        - name: HTTP_PROXY
+          value: {{ .Values.httpProxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.httpsProxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+        # gke-operator mounts the additional CAs in two places:
+        volumeMounts:
+            # This directory is owned by the gke-operator user so c_rehash works here.
+          - mountPath: /etc/rancher/ssl/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+            # This directory is root-owned so c_rehash doesn't work here,
+            # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+          - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+      volumes:
+        - name: tls-ca-additional-volume
+          secret:
+            defaultMode: 0400
+            secretName: tls-ca-additional
+  {{- end }}
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..ba52af6280
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: cattle-system
+  name: gke-operator
diff --git a/charts/rancher-gke-operator/103.7.0+up1.2.7/values.yaml b/charts/rancher-gke-operator/103.7.0+up1.2.7/values.yaml
new file mode 100644
index 0000000000..305c343483
--- /dev/null
+++ b/charts/rancher-gke-operator/103.7.0+up1.2.7/values.yaml
@@ -0,0 +1,23 @@
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+gkeOperator:
+  image:
+    repository: rancher/gke-operator
+    tag: v1.2.7
+  debug: false
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/Chart.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/Chart.yaml
new file mode 100644
index 0000000000..a194819210
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/Chart.yaml
@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.4.15
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 103.0.14+up0.4.15
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/templates/_helpers.tpl b/charts/rancher-webhook/103.0.14+up0.4.15/templates/_helpers.tpl
new file mode 100644
index 0000000000..c37a65c6f3
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/templates/deployment.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/templates/deployment.yaml
new file mode 100644
index 0000000000..b8a7201dac
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/templates/deployment.yaml
@@ -0,0 +1,82 @@
+{{- $auth := .Values.auth | default dict }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      {{- if $auth.clientCA }}
+      volumes:
+      - name: client-ca
+        secret:
+          secretName: client-ca
+      {{- end }}
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: CATTLE_PORT
+          value: {{.Values.port | default 9443 | quote}}
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if $auth.allowedCNs }}
+        - name: ALLOWED_CNS
+          value: '{{ join "," $auth.allowedCNs }}'
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: {{ .Values.port | default 9443 }}
+        startupProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          failureThreshold: 60
+          periodSeconds: 5
+        livenessProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          periodSeconds: 5
+        {{- if $auth.clientCA }}
+        volumeMounts:
+        - name: client-ca
+          mountPath: /tmp/k8s-webhook-server/client-ca
+          readOnly: true
+        {{- end }}
+        {{- if .Values.capNetBindService }}
+        securityContext:
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+        {{- end }}
+      serviceAccountName: rancher-webhook
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/templates/rbac.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/templates/rbac.yaml
new file mode 100644
index 0000000000..f4364995c0
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/templates/secret.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/templates/secret.yaml
new file mode 100644
index 0000000000..9fd331dc1e
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/templates/secret.yaml
@@ -0,0 +1,11 @@
+{{- $auth := .Values.auth | default dict }}
+{{- if $auth.clientCA }}
+apiVersion: v1
+data:
+  ca.crt: {{ $auth.clientCA }}
+kind: Secret
+metadata:
+  name: client-ca
+  namespace: cattle-system
+type: Opaque
+{{- end }}
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/templates/service.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/templates/service.yaml
new file mode 100644
index 0000000000..220afebeae
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: {{ .Values.port | default 9443 }}
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/templates/serviceaccount.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..9e7ad7e1fe
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-sudo
+  annotations:
+    cattle.io/description: "SA which can be impersonated to bypass rancher-webhook validation"
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/templates/webhook.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/templates/webhook.yaml
new file mode 100644
index 0000000000..53a0687b6f
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/templates/webhook.yaml
@@ -0,0 +1,9 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/tests/README.md b/charts/rancher-webhook/103.0.14+up0.4.15/tests/README.md
new file mode 100644
index 0000000000..6d3059a005
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/tests/README.md
@@ -0,0 +1,16 @@
+
+## local dev testing instructions
+
+Option 1: Full chart CI run with a live cluster
+
+```bash
+./scripts/charts/ci 
+```
+
+Option 2: Test runs against the chart only 
+
+```bash
+# install the helm plugin first - helm plugin install https://github.com/helm-unittest/helm-unittest.git
+bash dev-scripts/helm-unittest.sh
+```
+
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/tests/deployment_test.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/tests/deployment_test.yaml
new file mode 100644
index 0000000000..bbd6e30444
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/tests/deployment_test.yaml
@@ -0,0 +1,73 @@
+suite: Test Deployment
+templates:
+  - deployment.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 9443
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "9443"
+
+  - it: should set updated webhook port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 2319
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "2319"
+
+  - it: should not set capabilities by default.
+    asserts:
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext
+
+  - it: should set net capabilities when capNetBindService is true.
+    set:
+      capNetBindService: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].securityContext.capabilities.add
+          content: NET_BIND_SERVICE
+
+  - it: should not set volumes or volumeMounts by default
+    asserts:
+      - isNull:
+          path: spec.template.spec.volumes
+      - isNull:
+          path: spec.template.spec.volumeMounts
+
+  - it: should set CA fields when CA options are set
+    set:
+      auth.clientCA: base64-encoded-cert
+      auth.allowedCNs:
+        - kube-apiserver
+        - joe
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: client-ca
+            secret:
+              secretName: client-ca
+      - contains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: client-ca
+            mountPath: /tmp/k8s-webhook-server/client-ca
+            readOnly: true
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ALLOWED_CNS
+            value: kube-apiserver,joe
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/tests/service_test.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/tests/service_test.yaml
new file mode 100644
index 0000000000..03172ad033
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/tests/service_test.yaml
@@ -0,0 +1,18 @@
+suite: Test Service
+templates:
+  - service.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 9443
+
+  - it: should set updated target port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 2319
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15/values.yaml b/charts/rancher-webhook/103.0.14+up0.4.15/values.yaml
new file mode 100644
index 0000000000..e83fedf500
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15/values.yaml
@@ -0,0 +1,30 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.4.15
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+mcm:
+  enabled: true
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+# port assigns which port to use when running rancher-webhook
+port: 9443
+
+# Parameters for authenticating the kube-apiserver.
+auth:
+  # CA for authenticating kube-apiserver client certs. If empty, client connections will not be authenticated.
+  # Must be base64-encoded.
+  clientCA: ""
+  # Allowlist of CNs for kube-apiserver client certs. If empty, any cert signed by the CA provided in clientCA will be accepted.
+  allowedCNs: []
diff --git a/index.yaml b/index.yaml
index 2fa5baaf19..2c3aa40240 100755
--- a/index.yaml
+++ b/index.yaml
@@ -1082,6 +1082,32 @@ entries:
     urls:
     - assets/fleet/fleet-104.0.0+up0.10.0.tgz
     version: 104.0.0+up0.10.0
+  - annotations:
+      catalog.cattle.io/auto-install: fleet-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/experimental: "true"
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: fleet
+    apiVersion: v2
+    appVersion: 0.9.13
+    created: "2025-01-27T13:54:52.279162982-03:00"
+    dependencies:
+    - condition: gitops.enabled
+      name: gitjob
+      repository: file://./charts/gitjob
+    description: Fleet Manager - GitOps at Scale
+    digest: 17a74a7590746d374424f1faa418c4b4f9039a83566d8e425164e039da2ed21c
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet
+    urls:
+    - assets/fleet/fleet-103.1.12+up0.9.13.tgz
+    version: 103.1.12+up0.9.13
   - annotations:
       catalog.cattle.io/auto-install: fleet-crd=match
       catalog.cattle.io/certified: rancher
@@ -1854,6 +1880,25 @@ entries:
     urls:
     - assets/fleet-agent/fleet-agent-104.0.0+up0.10.0.tgz
     version: 104.0.0+up0.10.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: fleet-agent
+    apiVersion: v2
+    appVersion: 0.9.13
+    created: "2025-01-27T13:54:56.738893189-03:00"
+    description: Fleet Manager Agent - GitOps at Scale
+    digest: 342c0089eb8c41e33398325a81785b23cf3fc64af7996198dceca9ae208c303b
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-agent
+    urls:
+    - assets/fleet-agent/fleet-agent-103.1.12+up0.9.13.tgz
+    version: 103.1.12+up0.9.13
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -2445,6 +2490,23 @@ entries:
     urls:
     - assets/fleet-crd/fleet-crd-104.0.0+up0.10.0.tgz
     version: 104.0.0+up0.10.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/release-name: fleet-crd
+    apiVersion: v2
+    appVersion: 0.9.13
+    created: "2025-01-27T13:55:01.129337808-03:00"
+    description: Fleet Manager CustomResourceDefinitions
+    digest: deaacc7984320ef5aa03535c195761780417a3605f60d592b993b793d49f4a7a
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-crd
+    urls:
+    - assets/fleet-crd/fleet-crd-103.1.12+up0.9.13.tgz
+    version: 103.1.12+up0.9.13
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -3018,6 +3080,99 @@ entries:
     urls:
     - assets/harvester-cloud-provider/harvester-cloud-provider-104.0.0+up0.2.3.tgz
     version: 104.0.0+up0.2.3
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Harvester Cloud Provider
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: kube-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: harvester-cloud-provider
+      catalog.cattle.io/ui-component: harvester-cloud-provider
+      catalog.cattle.io/upstream-version: 0.2.9
+    apiVersion: v2
+    appVersion: v0.2.4
+    created: "2025-01-27T13:55:41.646105661-03:00"
+    dependencies:
+    - condition: kube-vip.enabled
+      name: kube-vip
+      repository: file://dependency_charts/kube-vip
+      version: 0.6.4
+    description: A Helm chart for Harvester Cloud Provider
+    digest: b7f67ba76bc8f3db624f18727fd8a581af1127a9a52d5b7bc4dccbca88128735
+    keywords:
+    - infrastructure
+    - harvester
+    maintainers:
+    - name: harvester
+    name: harvester-cloud-provider
+    type: application
+    urls:
+    - assets/harvester-cloud-provider/harvester-cloud-provider-103.0.6+up0.2.9.tgz
+    version: 103.0.6+up0.2.9
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Harvester Cloud Provider
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: kube-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: harvester-cloud-provider
+      catalog.cattle.io/ui-component: harvester-cloud-provider
+      catalog.cattle.io/upstream-version: 0.2.8
+    apiVersion: v2
+    appVersion: v0.2.4
+    created: "2025-01-27T13:55:36.797620604-03:00"
+    dependencies:
+    - condition: kube-vip.enabled
+      name: kube-vip
+      repository: file://./charts/kube-vip
+      version: 0.6.4
+    description: A Helm chart for Harvester Cloud Provider
+    digest: 7c2bd5f8a2257ca7a62fa6eb12f7f79069cd91ee4cf6bc28af581b665d7d17a3
+    keywords:
+    - infrastructure
+    - harvester
+    maintainers:
+    - name: harvester
+    name: harvester-cloud-provider
+    type: application
+    urls:
+    - assets/harvester-cloud-provider/harvester-cloud-provider-103.0.5+up0.2.8.tgz
+    version: 103.0.5+up0.2.8
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Harvester Cloud Provider
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: kube-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: harvester-cloud-provider
+      catalog.cattle.io/ui-component: harvester-cloud-provider
+      catalog.cattle.io/upstream-version: 0.2.7
+    apiVersion: v2
+    appVersion: v0.2.3
+    created: "2025-01-27T13:55:32.377545585-03:00"
+    dependencies:
+    - condition: kube-vip.enabled
+      name: kube-vip
+      repository: file://./charts/kube-vip
+      version: 0.6.4
+    description: A Helm chart for Harvester Cloud Provider
+    digest: 2aa3b419fd8588862ae1cfd231a16aed1277f1eeafb3870054dda41d413e4870
+    keywords:
+    - infrastructure
+    - harvester
+    maintainers:
+    - name: harvester
+    name: harvester-cloud-provider
+    type: application
+    urls:
+    - assets/harvester-cloud-provider/harvester-cloud-provider-103.0.4+up0.2.7.tgz
+    version: 103.0.4+up0.2.7
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Harvester Cloud Provider
@@ -3398,6 +3553,32 @@ entries:
     urls:
     - assets/harvester-csi-driver/harvester-csi-driver-104.0.0+up0.1.17.tgz
     version: 104.0.0+up0.1.17
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Harvester CSI Driver
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: kube-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: harvester-csi-driver
+      catalog.cattle.io/ui-component: harvester-csi-driver
+      catalog.cattle.io/upstream-version: 0.1.21
+    apiVersion: v2
+    appVersion: v0.2.2
+    created: "2025-01-27T13:55:45.924465485-03:00"
+    description: A Helm chart for Harvester CSI driver
+    digest: 5b4372c0bf8154def2a3f6f00b8e1e6b289e411622655a035723fdfca6b36e42
+    keywords:
+    - infrastructure
+    - harvester
+    maintainers:
+    - name: harvester
+    name: harvester-csi-driver
+    type: application
+    urls:
+    - assets/harvester-csi-driver/harvester-csi-driver-103.0.5+up0.1.22.tgz
+    version: 103.0.5+up0.1.22
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Harvester CSI Driver
@@ -5919,6 +6100,37 @@ entries:
     urls:
     - assets/neuvector/neuvector-104.0.0+up2.7.7.tgz
     version: 104.0.0+up2.7.7
+  - annotations:
+      catalog.cattle.io/auto-install: neuvector-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: NeuVector
+      catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.33.0-0'
+      catalog.cattle.io/namespace: cattle-neuvector-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/provides-gvr: neuvector.com/v1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: neuvector
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/upstream-version: 2.8.4
+    apiVersion: v1
+    appVersion: 5.4.2
+    created: "2025-01-27T13:55:50.516839752-03:00"
+    description: Helm feature chart for NeuVector container security platform.
+    digest: 0932b7f021ac91a895f09c1e6b332a3ea7f209672399fc1c7d0c17454842b3db
+    home: https://neuvector.com
+    icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+    keywords:
+    - security
+    maintainers:
+    - email: support@neuvector.com
+      name: becitsthere
+    name: neuvector
+    sources:
+    - https://github.com/neuvector/neuvector
+    urls:
+    - assets/neuvector/neuvector-103.0.8+up2.8.4.tgz
+    version: 103.0.8+up2.8.4
   - annotations:
       catalog.cattle.io/auto-install: neuvector-crd=match
       catalog.cattle.io/certified: rancher
@@ -6673,6 +6885,26 @@ entries:
     urls:
     - assets/neuvector-crd/neuvector-crd-104.0.0+up2.7.7.tgz
     version: 104.0.0+up2.7.7
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-neuvector-system
+      catalog.cattle.io/release-name: neuvector-crd
+    apiVersion: v1
+    appVersion: 5.4.2
+    created: "2025-01-27T13:55:54.733652051-03:00"
+    description: Helm chart for NeuVector's CRD services
+    digest: 7cbcd450a1b05b84f8b154801f28f8d22bfb56a2c551fe20d68a1a28913b2a01
+    home: https://neuvector.com
+    icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+    maintainers:
+    - email: support@neuvector.com
+      name: becitsthere
+    name: neuvector-crd
+    type: application
+    urls:
+    - assets/neuvector-crd/neuvector-crd-103.0.8+up2.8.4.tgz
+    version: 103.0.8+up2.8.4
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -7156,6 +7388,37 @@ entries:
     urls:
     - assets/neuvector-monitor/neuvector-monitor-104.0.0+up2.7.7.tgz
     version: 104.0.0+up2.7.7
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: NeuVector Monitor
+      catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.33.0-0'
+      catalog.cattle.io/namespace: cattle-neuvector-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/provides-gvr: neuvector.com/v1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: neuvector-monitor
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/upstream-version: 2.8.4
+    apiVersion: v1
+    appVersion: 1.0.1
+    created: "2025-01-27T13:55:58.984821465-03:00"
+    description: Helm feature chart (optional) add-on to NeuVector for monitoring
+      with Prometheus/Grafana.
+    digest: 2fd1eedf9be4b3615af36f4d631aa27de5e69f10e55376d71e9e121180c5c50b
+    home: https://neuvector.com
+    icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+    keywords:
+    - security
+    maintainers:
+    - email: support@neuvector.com
+      name: becitsthere
+    name: neuvector-monitor
+    sources:
+    - https://github.com/neuvector/neuvector
+    urls:
+    - assets/neuvector-monitor/neuvector-monitor-103.0.8+up2.8.4.tgz
+    version: 103.0.8+up2.8.4
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: NeuVector Monitor
@@ -8106,6 +8369,30 @@ entries:
     urls:
     - assets/rancher-aks-operator/rancher-aks-operator-104.0.0+up1.9.0.tgz
     version: 104.0.0+up1.9.0
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-aks-operator
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 1.2.7
+    created: "2025-01-27T13:55:05.678394768-03:00"
+    description: A Helm chart for provisioning AKS clusters
+    digest: 0a8e9a4305741201a5a0e582e62fa2fcd5262239d62cb9ac2a7d48499841561d
+    home: https://github.com/rancher/aks-operator
+    name: rancher-aks-operator
+    sources:
+    - https://github.com/rancher/aks-operator
+    urls:
+    - assets/rancher-aks-operator/rancher-aks-operator-103.7.0+up1.2.7.tgz
+    version: 103.7.0+up1.2.7
   - annotations:
       catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
       catalog.cattle.io/certified: rancher
@@ -8571,6 +8858,22 @@ entries:
     urls:
     - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-104.0.0+up1.9.0.tgz
     version: 104.0.0+up1.9.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/release-name: rancher-aks-operator-crd
+    apiVersion: v2
+    appVersion: 1.2.7
+    created: "2025-01-27T13:55:10.335644226-03:00"
+    description: AKS Operator CustomResourceDefinitions
+    digest: 5a978ba6c30a3b7adcfad4b4222dc21ae47072c3979d9ad1da2be4f5a53bc3df
+    name: rancher-aks-operator-crd
+    urls:
+    - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-103.7.0+up1.2.7.tgz
+    version: 103.7.0+up1.2.7
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -11917,6 +12220,30 @@ entries:
     urls:
     - assets/rancher-eks-operator/rancher-eks-operator-104.0.0+up1.9.0.tgz
     version: 104.0.0+up1.9.0
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-eks-operator-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-eks-operator
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 1.3.7
+    created: "2025-01-27T13:55:14.707355336-03:00"
+    description: A Helm chart for provisioning EKS clusters
+    digest: 1d389729c87f4cee8ef9e8f6720f4ad77acd408a09cbdeffbff30ea70c5a4be7
+    home: https://github.com/rancher/eks-operator
+    name: rancher-eks-operator
+    sources:
+    - https://github.com/rancher/eks-operator
+    urls:
+    - assets/rancher-eks-operator/rancher-eks-operator-103.7.0+up1.3.7.tgz
+    version: 103.7.0+up1.3.7
   - annotations:
       catalog.cattle.io/auto-install: rancher-eks-operator-crd=match
       catalog.cattle.io/certified: rancher
@@ -12430,6 +12757,22 @@ entries:
     urls:
     - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-104.0.0+up1.9.0.tgz
     version: 104.0.0+up1.9.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/release-name: rancher-eks-operator-crd
+    apiVersion: v2
+    appVersion: 1.3.7
+    created: "2025-01-27T13:55:18.913604789-03:00"
+    description: EKS Operator CustomResourceDefinitions
+    digest: 6ee59278250dc9cd80ff3062786403a6f07ff7ddb12f0533a9159342d91a452d
+    name: rancher-eks-operator-crd
+    urls:
+    - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-103.7.0+up1.3.7.tgz
+    version: 103.7.0+up1.3.7
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -13277,6 +13620,30 @@ entries:
     urls:
     - assets/rancher-gke-operator/rancher-gke-operator-104.0.0+up1.9.0.tgz
     version: 104.0.0+up1.9.0
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-gke-operator-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-gke-operator
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 1.2.7
+    created: "2025-01-27T13:55:23.619215012-03:00"
+    description: A Helm chart for provisioning GKE clusters
+    digest: ca5a5442adba656856f8e91b8956a48cd61e19439bc22f0829fe1cf47e39c8ad
+    home: https://github.com/rancher/gke-operator
+    name: rancher-gke-operator
+    sources:
+    - https://github.com/rancher/gke-operator
+    urls:
+    - assets/rancher-gke-operator/rancher-gke-operator-103.7.0+up1.2.7.tgz
+    version: 103.7.0+up1.2.7
   - annotations:
       catalog.cattle.io/auto-install: rancher-gke-operator-crd=match
       catalog.cattle.io/certified: rancher
@@ -13694,6 +14061,22 @@ entries:
     urls:
     - assets/rancher-gke-operator-crd/rancher-gke-operator-crd-104.0.0+up1.9.0.tgz
     version: 104.0.0+up1.9.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/release-name: rancher-gke-operator-crd
+    apiVersion: v2
+    appVersion: 1.2.7
+    created: "2025-01-27T13:55:28.242858702-03:00"
+    description: GKE Operator CustomResourceDefinitions
+    digest: a011fc6cc34aa94279bfb3ec6b909f9169ca5028401d8b77be52e53dc6f84fe7
+    name: rancher-gke-operator-crd
+    urls:
+    - assets/rancher-gke-operator-crd/rancher-gke-operator-crd-103.7.0+up1.2.7.tgz
+    version: 103.7.0+up1.2.7
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -19147,6 +19530,24 @@ entries:
     urls:
     - assets/rancher-webhook/rancher-webhook-104.0.0+up0.5.0.tgz
     version: 104.0.0+up0.5.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-webhook
+    apiVersion: v2
+    appVersion: 0.4.15
+    created: "2025-01-27T13:56:04.526573147-03:00"
+    description: ValidatingAdmissionWebhook for Rancher types
+    digest: 55f45c8a83ec7b0081a864f3930ba2b64f06dd54395f70edb74b63c08ed61052
+    name: rancher-webhook
+    urls:
+    - assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15.tgz
+    version: 103.0.14+up0.4.15
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
diff --git a/release.yaml b/release.yaml
index 586c1b7759..2b4f7996e2 100644
--- a/release.yaml
+++ b/release.yaml
@@ -1,2 +1,32 @@
+fleet:
+  - 103.1.12+up0.9.13
+fleet-agent:
+  - 103.1.12+up0.9.13
+fleet-crd:
+  - 103.1.12+up0.9.13
+rancher-aks-operator:
+  - 103.7.0+up1.2.7
+rancher-aks-operator-crd:
+  - 103.7.0+up1.2.7
+rancher-eks-operator:
+  - 103.7.0+up1.3.7
+rancher-eks-operator-crd:
+  - 103.7.0+up1.3.7
+rancher-gke-operator:
+  - 103.7.0+up1.2.7
+rancher-gke-operator-crd:
+  - 103.7.0+up1.2.7
+harvester-cloud-provider:
+  - 103.0.4+up0.2.7
+  - 103.0.5+up0.2.8
+  - 103.0.6+up0.2.9
+harvester-csi-driver:
+  - 103.0.5+up0.1.22
+neuvector:
+  - 103.0.8+up2.8.4
+neuvector-crd:
+  - 103.0.8+up2.8.4
+neuvector-monitor:
+  - 103.0.8+up2.8.4
 rancher-webhook:
-  - 104.0.6+up0.5.6
+  - 103.0.14+up0.4.15