From d7456fe4c1c2b882d50664c81570354c2c427f9d Mon Sep 17 00:00:00 2001
From: Nicholas openSUSE Software Engineer <nicholas.paolillo@suse.com>
Date: Mon, 11 Nov 2024 19:16:51 -0300
Subject: [PATCH] [dev-v2.9] forward-port after 2.8.10 to dev 2.9 (#4736)

---
 .../elemental-crd-103.4.1+up1.6.5.tgz         |  Bin 0 -> 19683 bytes
 .../elemental/elemental-103.4.1+up1.6.5.tgz   |  Bin 0 -> 3978 bytes
 .../fleet-agent-103.1.10+up0.9.11.tgz         |  Bin 0 -> 3203 bytes
 .../fleet-crd/fleet-crd-103.1.10+up0.9.11.tgz |  Bin 0 -> 50474 bytes
 assets/fleet/fleet-103.1.10+up0.9.11.tgz      |  Bin 0 -> 5340 bytes
 .../rancher-cis-benchmark-crd-5.6.0.tgz       |  Bin 0 -> 1463 bytes
 .../rancher-cis-benchmark-5.6.0.tgz           |  Bin 0 -> 7256 bytes
 .../rancher-webhook-103.0.12+up0.4.13.tgz     |  Bin 0 -> 2801 bytes
 ...ui-plugin-operator-crd-103.0.3+up0.2.2.tgz |  Bin 0 -> 822 bytes
 .../ui-plugin-operator-103.0.3+up0.2.2.tgz    |  Bin 0 -> 4351 bytes
 .../elemental-crd/103.4.1+up1.6.5/Chart.yaml  |   11 +
 .../103.4.1+up1.6.5/templates/crds.yaml       | 3747 ++++++++
 .../validate-no-pending-deletions.yaml        |   17 +
 charts/elemental/103.4.1+up1.6.5/Chart.yaml   |   20 +
 charts/elemental/103.4.1+up1.6.5/README.md    |    5 +
 .../elemental/103.4.1+up1.6.5/app-readme.md   |    5 +
 .../elemental/103.4.1+up1.6.5/questions.yaml  |   27 +
 .../103.4.1+up1.6.5/templates/_helpers.tpl    |   17 +
 .../103.4.1+up1.6.5/templates/apiservice.yaml |    9 +
 .../103.4.1+up1.6.5/templates/capi_rbac.yaml  |   10 +
 .../templates/channel-dev.yaml                |   13 +
 .../103.4.1+up1.6.5/templates/channels.yaml   |   30 +
 .../templates/cluster_role.yaml               |  268 +
 .../templates/cluster_role_binding.yaml       |   13 +
 .../103.4.1+up1.6.5/templates/deployment.yaml |   50 +
 .../103.4.1+up1.6.5/templates/globalrole.yaml |   16 +
 .../103.4.1+up1.6.5/templates/metadata.yaml   |   10 +
 .../templates/serviceaccount.yaml             |    4 +
 .../templates/validate-install-crd.yaml       |   26 +
 charts/elemental/103.4.1+up1.6.5/values.yaml  |   43 +
 .../fleet-agent/103.1.10+up0.9.11/Chart.yaml  |   15 +
 .../fleet-agent/103.1.10+up0.9.11/README.md   |    8 +
 .../103.1.10+up0.9.11/templates/_helpers.tpl  |   22 +
 .../templates/configmap.yaml                  |   13 +
 .../templates/deployment.yaml                 |   51 +
 .../templates/network_policy_allow_all.yaml   |   15 +
 .../patch_default_serviceaccount.yaml         |   28 +
 .../103.1.10+up0.9.11/templates/rbac.yaml     |   28 +
 .../103.1.10+up0.9.11/templates/secret.yaml   |   10 +
 .../templates/serviceaccount.yaml             |    4 +
 .../103.1.10+up0.9.11/templates/validate.yaml |   11 +
 .../fleet-agent/103.1.10+up0.9.11/values.yaml |   67 +
 charts/fleet-crd/103.1.10+up0.9.11/Chart.yaml |   13 +
 charts/fleet-crd/103.1.10+up0.9.11/README.md  |    5 +
 .../103.1.10+up0.9.11/templates/crds.yaml     | 6859 +++++++++++++++
 .../templates/gitjobs-crds.yaml               | 7690 +++++++++++++++++
 .../fleet-crd/103.1.10+up0.9.11/values.yaml   |    1 +
 charts/fleet/103.1.10+up0.9.11/Chart.yaml     |   22 +
 charts/fleet/103.1.10+up0.9.11/README.md      |   30 +
 .../charts/gitjob/.helmignore                 |   23 +
 .../charts/gitjob/Chart.yaml                  |    5 +
 .../charts/gitjob/templates/_helpers.tpl      |    7 +
 .../charts/gitjob/templates/clusterrole.yaml  |   38 +
 .../gitjob/templates/clusterrolebinding.yaml  |   12 +
 .../charts/gitjob/templates/deployment.yaml   |   52 +
 .../charts/gitjob/templates/leases.yaml       |   23 +
 .../charts/gitjob/templates/service.yaml      |   12 +
 .../gitjob/templates/serviceaccount.yaml      |    4 +
 .../charts/gitjob/values.yaml                 |   27 +
 .../103.1.10+up0.9.11/templates/_helpers.tpl  |   22 +
 .../templates/configmap.yaml                  |   26 +
 .../templates/deployment.yaml                 |  102 +
 .../job_cleanup_clusterregistrations.yaml     |   40 +
 .../103.1.10+up0.9.11/templates/rbac.yaml     |  114 +
 .../templates/serviceaccount.yaml             |   12 +
 charts/fleet/103.1.10+up0.9.11/values.yaml    |   87 +
 .../5.6.0/Chart.yaml                          |   10 +
 .../rancher-cis-benchmark-crd/5.6.0/README.md |    2 +
 .../5.6.0/templates/clusterscan.yaml          |  148 +
 .../5.6.0/templates/clusterscanbenchmark.yaml |   54 +
 .../5.6.0/templates/clusterscanprofile.yaml   |   36 +
 .../5.6.0/templates/clusterscanreport.yaml    |   39 +
 charts/rancher-cis-benchmark/5.6.0/Chart.yaml |   22 +
 charts/rancher-cis-benchmark/5.6.0/README.md  |    9 +
 .../rancher-cis-benchmark/5.6.0/app-readme.md |   55 +
 .../5.6.0/templates/_helpers.tpl              |   27 +
 .../5.6.0/templates/alertingrule.yaml         |   14 +
 .../5.6.0/templates/benchmark-aks-1.0.yaml    |    8 +
 .../5.6.0/templates/benchmark-cis-1.7.yaml    |    9 +
 .../5.6.0/templates/benchmark-cis-1.8.yaml    |    8 +
 .../5.6.0/templates/benchmark-eks-1.2.0.yaml  |    8 +
 .../5.6.0/templates/benchmark-gke-1.2.0.yaml  |    8 +
 .../benchmark-k3s-cis-1.7-hardened.yaml       |    9 +
 .../benchmark-k3s-cis-1.7-permissive.yaml     |    9 +
 .../benchmark-k3s-cis-1.8-hardened.yaml       |    8 +
 .../benchmark-k3s-cis-1.8-permissive.yaml     |    8 +
 .../benchmark-rke-cis-1.7-hardened.yaml       |    9 +
 .../benchmark-rke-cis-1.7-permissive.yaml     |    9 +
 .../benchmark-rke-cis-1.8-hardened.yaml       |    8 +
 .../benchmark-rke-cis-1.8-permissive.yaml     |    8 +
 .../benchmark-rke2-cis-1.7-hardened.yaml      |    9 +
 .../benchmark-rke2-cis-1.7-permissive.yaml    |    9 +
 .../benchmark-rke2-cis-1.8-hardened.yaml      |    8 +
 .../benchmark-rke2-cis-1.8-permissive.yaml    |    8 +
 .../5.6.0/templates/cis-roles.yaml            |   49 +
 .../5.6.0/templates/configmap.yaml            |   18 +
 .../5.6.0/templates/deployment.yaml           |   61 +
 .../templates/network_policy_allow_all.yaml   |   15 +
 .../patch_default_serviceaccount.yaml         |   29 +
 .../5.6.0/templates/psp.yaml                  |   59 +
 .../5.6.0/templates/rbac.yaml                 |  219 +
 .../5.6.0/templates/scanprofile-cis-1.7.yaml  |    9 +
 .../5.6.0/templates/scanprofile-cis-1.8.yaml  |    9 +
 .../scanprofile-k3s-cis-1.7-hardened.yml      |    9 +
 .../scanprofile-k3s-cis-1.7-permissive.yml    |    9 +
 .../scanprofile-k3s-cis-1.8-hardened.yml      |    9 +
 .../scanprofile-k3s-cis-1.8-permissive.yml    |    9 +
 .../scanprofile-rke-1.7-hardened.yaml         |    9 +
 .../scanprofile-rke-1.7-permissive.yaml       |    9 +
 .../scanprofile-rke-1.8-hardened.yaml         |    9 +
 .../scanprofile-rke-1.8-permissive.yaml       |    9 +
 .../scanprofile-rke2-cis-1.7-hardened.yml     |    9 +
 .../scanprofile-rke2-cis-1.7-permissive.yml   |    9 +
 .../scanprofile-rke2-cis-1.8-hardened.yml     |    9 +
 .../scanprofile-rke2-cis-1.8-permissive.yml   |    9 +
 .../5.6.0/templates/scanprofileaks.yml        |    9 +
 .../5.6.0/templates/scanprofileeks.yml        |    9 +
 .../5.6.0/templates/scanprofilegke.yml        |    9 +
 .../5.6.0/templates/serviceaccount.yaml       |   14 +
 .../5.6.0/templates/validate-install-crd.yaml |   17 +
 .../5.6.0/templates/validate-psp-install.yaml |    7 +
 .../rancher-cis-benchmark/5.6.0/values.yaml   |   55 +
 .../103.0.12+up0.4.13/Chart.yaml              |   14 +
 .../103.0.12+up0.4.13/templates/_helpers.tpl  |   22 +
 .../templates/deployment.yaml                 |   82 +
 .../103.0.12+up0.4.13/templates/rbac.yaml     |   12 +
 .../103.0.12+up0.4.13/templates/secret.yaml   |   11 +
 .../103.0.12+up0.4.13/templates/service.yaml  |   13 +
 .../templates/serviceaccount.yaml             |   11 +
 .../103.0.12+up0.4.13/templates/webhook.yaml  |    9 +
 .../103.0.12+up0.4.13/tests/README.md         |   16 +
 .../tests/deployment_test.yaml                |   73 +
 .../103.0.12+up0.4.13/tests/service_test.yaml |   18 +
 .../103.0.12+up0.4.13/values.yaml             |   30 +
 .../103.0.3+up0.2.2/Chart.yaml                |   10 +
 .../103.0.3+up0.2.2/README.md                 |    2 +
 .../103.0.3+up0.2.2/templates/crds.yaml       |   61 +
 .../103.0.3+up0.2.2/Chart.yaml                |   19 +
 .../103.0.3+up0.2.2/app-readme.md             |   21 +
 .../103.0.3+up0.2.2/templates/_helpers.tpl    |   89 +
 .../templates/dashboardrole.yaml              |   33 +
 .../103.0.3+up0.2.2/templates/deployment.yaml |   67 +
 .../103.0.3+up0.2.2/templates/hardened.yaml   |  123 +
 .../103.0.3+up0.2.2/templates/service.yaml    |   15 +
 .../templates/serviceaccount.yaml             |  101 +
 .../templates/validate-psp-install.yaml       |    7 +
 .../103.0.3+up0.2.2/values.yaml               |   69 +
 index.yaml                                    |  196 +
 release.yaml                                  |   72 +-
 149 files changed, 22233 insertions(+), 57 deletions(-)
 create mode 100644 assets/elemental-crd/elemental-crd-103.4.1+up1.6.5.tgz
 create mode 100644 assets/elemental/elemental-103.4.1+up1.6.5.tgz
 create mode 100644 assets/fleet-agent/fleet-agent-103.1.10+up0.9.11.tgz
 create mode 100644 assets/fleet-crd/fleet-crd-103.1.10+up0.9.11.tgz
 create mode 100644 assets/fleet/fleet-103.1.10+up0.9.11.tgz
 create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-5.6.0.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-5.6.0.tgz
 create mode 100644 assets/rancher-webhook/rancher-webhook-103.0.12+up0.4.13.tgz
 create mode 100644 assets/ui-plugin-operator-crd/ui-plugin-operator-crd-103.0.3+up0.2.2.tgz
 create mode 100644 assets/ui-plugin-operator/ui-plugin-operator-103.0.3+up0.2.2.tgz
 create mode 100644 charts/elemental-crd/103.4.1+up1.6.5/Chart.yaml
 create mode 100644 charts/elemental-crd/103.4.1+up1.6.5/templates/crds.yaml
 create mode 100644 charts/elemental-crd/103.4.1+up1.6.5/templates/validate-no-pending-deletions.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/Chart.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/README.md
 create mode 100644 charts/elemental/103.4.1+up1.6.5/app-readme.md
 create mode 100644 charts/elemental/103.4.1+up1.6.5/questions.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/_helpers.tpl
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/apiservice.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/capi_rbac.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/channel-dev.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/channels.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/cluster_role.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/cluster_role_binding.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/deployment.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/globalrole.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/metadata.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/serviceaccount.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/templates/validate-install-crd.yaml
 create mode 100644 charts/elemental/103.4.1+up1.6.5/values.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/Chart.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/README.md
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/_helpers.tpl
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/configmap.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/deployment.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/network_policy_allow_all.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/rbac.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/secret.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/serviceaccount.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/templates/validate.yaml
 create mode 100644 charts/fleet-agent/103.1.10+up0.9.11/values.yaml
 create mode 100644 charts/fleet-crd/103.1.10+up0.9.11/Chart.yaml
 create mode 100644 charts/fleet-crd/103.1.10+up0.9.11/README.md
 create mode 100644 charts/fleet-crd/103.1.10+up0.9.11/templates/crds.yaml
 create mode 100644 charts/fleet-crd/103.1.10+up0.9.11/templates/gitjobs-crds.yaml
 create mode 100644 charts/fleet-crd/103.1.10+up0.9.11/values.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/Chart.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/README.md
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/.helmignore
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/Chart.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/_helpers.tpl
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrole.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrolebinding.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/deployment.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/leases.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/service.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/charts/gitjob/values.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/templates/_helpers.tpl
 create mode 100644 charts/fleet/103.1.10+up0.9.11/templates/configmap.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/templates/deployment.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/templates/job_cleanup_clusterregistrations.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/templates/rbac.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/103.1.10+up0.9.11/values.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/5.6.0/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/5.6.0/README.md
 create mode 100644 charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/README.md
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-aks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.7.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.8.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-eks-1.2.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-gke-1.2.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/psp.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.7.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.8.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofileaks.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/templates/validate-psp-install.yaml
 create mode 100644 charts/rancher-cis-benchmark/5.6.0/values.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/Chart.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/templates/secret.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/templates/service.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/tests/README.md
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/tests/deployment_test.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/tests/service_test.yaml
 create mode 100644 charts/rancher-webhook/103.0.12+up0.4.13/values.yaml
 create mode 100644 charts/ui-plugin-operator-crd/103.0.3+up0.2.2/Chart.yaml
 create mode 100644 charts/ui-plugin-operator-crd/103.0.3+up0.2.2/README.md
 create mode 100644 charts/ui-plugin-operator-crd/103.0.3+up0.2.2/templates/crds.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/Chart.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/app-readme.md
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/templates/_helpers.tpl
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/templates/dashboardrole.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/templates/deployment.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/templates/hardened.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/templates/service.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/templates/serviceaccount.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/templates/validate-psp-install.yaml
 create mode 100644 charts/ui-plugin-operator/103.0.3+up0.2.2/values.yaml

diff --git a/assets/elemental-crd/elemental-crd-103.4.1+up1.6.5.tgz b/assets/elemental-crd/elemental-crd-103.4.1+up1.6.5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e52b652e89624184ad71672b0889d77ab3e64b75
GIT binary patch
literal 19683
zcmZs?V|Zmv*Dah*$F`jv+fF*RZFKC8ZQHifv2EM7ZTrh}-{(2!z0Ud8k6m-t7&Ygt
zb?qOus%qeeL!bct=lP-lqS6;rp#Lo<%_`-}!D7IqLT{+ZVy2<U!78hw!YZw5X|8W=
z=&B@d!y{&7X$5rN;pvP+c1xeu^+C~G=UQ24Xbf11s+(zP;m{eIG~YwVl^ogJ`u!rF
zVr?9x%yth<V-`2z+!YM`YE-0aY6jrKUbbglWJZzuC9gaWEiNXJ(mMh`y4k!VK{Idd
zHM?Cw8~glz=E!8XyWZa3&b~IjPES5fz-2o(zg|z~hGaWGPwPJXhjjUPpJ6U+>=CR;
zlA*$<9&I+3UiUu<K$!+nRT7w7pMi2As4}hxn0qBi3?*K4gaY#HC3Xb?^x;WD%qp6*
z?4;)ikqN^iB{fie6tS35!-R}{GNTh@stU37HK_!UJ#kVFcY;c+JD7-Se{$I>J$#s6
zkrCtUoI+^vdAikA-d*WEIX_PMr3?Y4Mcc(D$5#Mx`GO{{G<#ozI1&%x72po0cp*A1
z(c_8>2p(@|0Dd_<G1AS?hS6cdUiGAD2-}zK+GCHeoBNUb?J;hqzUSq$4xQ5@-B@PH
zY9c#XVn@w@oV$0vjW6@B?XrfuuZ1~L-QYWK{6aTtTal3lBB?KuVs!7s*Jo`!?&ch7
zUZE-bQkT~#v8?bAoLCMclt(uSl&G5CG_Uel<O2ACd!lT_o)99S7{*fiIi>9#o37jw
zF8lUk8(WF#t1doEvqb$|QV*|XTUt#G6j6j$2DbD}^BLLxR3vWkkQ8c&pFnjPqzs5G
z5Xo<I{$z6>;1DD(B1l{f<RgVd25vkxC8Ho+1q_J6A+;^t3ZdKzEhW<}hfc}hOnKKm
zgtcEj8jiI~L6mna12b`q0xKl?VbBu$^~bdZ1@ML<L_GI_+pa3P`iYcad6_xtPfK9W
zHK3h-vXF_V!Glv(B}#H6l6JoFMLj(x;wwb5)ypM0Trr4CC=Zcs47=bED+@j~(&znU
z5b-l{1<MgQgjtA>=ljpaL&Xi*h@%0W>?n@$%!PI^lwCwhZ7iQmrJjOf&U(&D<x@Xn
z#b`pYDMBw&5VDCI3XmY<Ac<HeS$=&m8HY@L3KOwt|MZjy0Q29EI}$HvJ0(Gcf<(Fj
z&F@01CQ-oQ1g)(=FbabRLUss^&xk-YzQNi@sfr<Jl})IF;x;8%8oEh?&TC@g6Ot@s
zbZu^G${GEBKgDK~B^nn!;(2vie+Zup?8M`E#L<zd^GK9IqI&Qqk3mR#eSS&JJ=68Z
zA*-J)t`{pnj-n;PSL1_IM{nkYNCeQ3GY#0G-pgV+Ug>0H5waoGDHzL-{>66rbCzEt
zzLEhkXHDw@MGqOyB$MjLmluFk6f<r@q3nkJ&PAqhQm6_3h66#KhL~W&paRgTvK^nc
z&xqS^Aq9DAQ*l$?7ozi9GFPq&d>94mNQ94KPAq)M0M-+v`;0oU`%v790-{cw(EpS4
zif=0bnOBo_m4W1ICvL#3nM$ce={b3Rr2JFK9ST>GQ`p3fOU`Utiw2U4a7T-VB}WWj
z-9dOE?g%O~vt375PWy8(5!0kFkra<YUJ~!@ZiC%!Kwb)@12BMttv3W9rWSD>oH(X7
z-;4!Klt}TqAC)4WJamw6Q4%T~Rf-<ZsF;APw}g96C}h*_tBYTXJacxs#p-zeVe~?s
zi`Ys~*5H_9U%$)I>&FZ<@sL=+&;7TYMVoN&H&HRf2mF*g2#BWsXxOK*^cw$ugqdlV
zS}KJIbRH?CB$-=t7eTl!tXtS7)Ld}TCP=uU77$@Buv-A;l!{X~HneEJkC7=?G*p?^
zYu0c`U5ZLd=i-2ej#7Qs)cEK824YjlqX)6Z9{XwG%dAicWgIJvffYu+0Z#W11E@Xu
z6jG!D{z-^lw>>JhB64&;`UM~iWpLTTL&%ulam7cLjHww+%l<*Q^P2KoGt{Itmt}|s
zQlMH>3h;t=5NZ(Z0?X^9_7ZUzMrt%O^W}5(T0Rs4becJF78%BnnAuFv*|U<-I(A-A
z^yklBbGi-}9X$7y%^wb3k@PQ8NPo;QytYlIGwy<CcgD7jHGE%w?x~iWt-CQtYU}aC
z&Ac41kQ6~?k?eagiyY-6_n`ZUc>>?Vr@>@JM-2;Xr}Q7?*A9uK=o+gDk1YvN55pTi
zR9v<(irhUY#k19_d8VJ5FHEJq@Ms$Cuc4T{J`K`NQYGr{S$3q4io1OA>n0|H&)KPd
z-qMY%?7WopPo)&Q*_fC+@|vGlu^#r_#bQ1{EEv1F@cQvb-0Q1&Bu&9jiPj|&*?G{T
z0kAC^U)O4v?q=w$n;fL$%1986btSZ)o{9(?<KY#Ns25VZr398tm`NrcJT8M-LtgJO
zjn#FJU%}beK{u7<HM3<V#>^D-Sj#$5=>1DsH|B~`;;mgCF)6M-G6sYIIeL`t;Ylep
zV%);VYRK>~{rq*_=&vymj)E$LxAdF9c|}Y?NNV)mCnAU=3A`j$f*JO)296=j_8c<^
znx~HIYefY@679_oSnBja(z=Hf#$pIKXA}urYA{;xnkY(GQ_N!^Y7|N3Cd$mkyu@i~
zy$rSX78VJ+XQ}}-^S1~*UiS}kU7IM<LBHaj-FrjyldZ#Rq(e{{K;;-6%by(N7kxjJ
zw=PuGh{RFS^e3>*XsdAp=~{lt*fTA9DE%g@&v_q#!sW)wPt`7z_WSyL?W@<PRLZj%
zwAh=!RfAKl*=(o~oR6qS+uPo3e0RCPqipuzitc0*NOgNHu=17@nd9aWdduVz)O~=S
z^}vVrJGf}__f@!MP(xk~>^2KSjr?oJe}G{|y&RObRhs*jTfaZEr<VzVcNClC|AGSm
z<t&y@%rcKfl*yWjCa|keEuLoW?#M(ccQrB#&MP#PUK*_EI2BQq1WtxK)}*HXQ5VBZ
z>emmEFB}DG92TRdI7WM`r>{iLMmunhC!s$Qo;%?7SH%aMa*tmJ?h)V7vNlgeG7*MK
z7=%mc>*%9y<ZCcqm+ySp`&_p3#nt0^Cww#;->K{Ey(pkuoQPb~s%iCYwr0|rEn<i9
zz}|t>j!}f}577w5$MANeg&>N)>+0eONaW<Xh2ogWasEf!#aj`%FH{qEXLrDzYvQUh
zGdDy@<zZ=Yl6$rY_lCs+kTNNo+0`A3F_luBfnEn2T&z->^{$vL1@u9R5M&2I$@T!O
zZ+0w%e>st{5+t<>sxJcIP@QXLk|gyAay2#}ha#j8n{A-71^zmMRH-7un0VJROO8sW
zP=j}{oFB*G0OokZPmB1k++Pj@U<u#Mlo5Y_(P-H_^>Ib1l`*A@3$LcTD;%=x;}@{v
zeWSllJk0_A#T}v!M;#m?_)eR$=Utt)eBUH{-i!Cnw?I6N0~c=>K8mTw`#$uxE#=OO
z&Fcc_+p7#HBsQya@t=|#Y7=(Wkz3;(bI&8xo_ob;H`T(P@*fbjcdJd*J+SCD7voug
z6!j6c7*}BKfw=M+R#@;GDwPr_?4ah{NmFGV2T8G+I3e`fNUX&L>PGXKqMQLgJ<qq(
zKWy1aSsR4nfDkv)L%e(-nATSa3uYvKH6f_Oaz-rZ7FRjXyx(tc(r4TC&xTuOICkgH
zoWo*Qkv=fkwtmX~8g+kga8-YX1k#hcv`_Dnjgp6oUF<+KtNZ<a%RhVsso5F~$~?uX
zrad4=Hf62pgfWfy{PX%avH7%K%c{|sFl#$Yp>G~xh)076rkquTQJixo&X8|Uv@kC~
zEYRtFpNm^8Qg7QzL8I=2x6#qnOd}Zi9tl;_ec7kSgtr!|)5DC?Nf5GTwhvNS{<!eV
zbYE%Rskw_GBW_F7^vGNsgrE51Xc(r@#cHlg83Tt4K>QoBRm~KxK3~#>aCTo0-TIls
zpdA>@=gg4_h9#6O==pOd7;&|9FE5{K)W9whk8oN;v6P|Ff@RNc0HqVG$7+N`Kco)i
za+#zPAa<LOLlp-=?&}&lhN?oycD_GIlCn{cV5C+$;xcK-=-_d4Hx(&qn)l=I9L`|O
zST2t8TUhj;nqZY*r{s@W7@M+B42QcM-XpN#WmO6P!VD4>vw^ys!Mg!70MFWL^2uaN
zw096ZpReFGz!Q&54>6RuypbfLrD$1g+uil69T37#2we%C#VEM=0R6PrG{op@q|pcQ
z@zkn6MjSRiXdzR{7^gqix$K`Poue=BSp?ZO7tb$bsw-K?qKKMk@KY~i-t_CW%HoQ2
zpB5G_3vJ*`(?gSmQl~O^JG>Qfl4%ks_u}S#T`p!QZpxL)y!D}7inj}hM=?RB0+46T
zmW1vsNJWCzL66H4Qq0dsc5eb(&=W(NKo1Gkk0w~$3fw`}Q;Cost0$4v2mVOSNlqc9
z!RNYJ3tJn6$L7OQz9Lj0VpB{GgKj5S(7jd9HM6y^b0fQ7yMiZ;AMw|#dfqarYK{}i
z#-hEPwY-^s{Gq%$fv(-a%QR>=ZhX|J!8BUCrMG}lj^(fXyV~4x-jKt<!@~jDzd1hd
zp_L`aeT!<?_~`B^y~%_QZe}b)xRnV8%DKaVc|yt^DPK80t<vA#7Ny!mC+ZgMAyRFs
zr5tWEZYeTztr!4O_!WKzV;O`6yTA%ozuAw&>FH>S1<q!{p;E>wn=X?`b%>f*4jxT2
zwTWYu1+J(OxxyN>+B460hEYmF4BE*Ot-%ez9_0|h(2hy0sh)M%;1E0+t;mD|4!~yJ
z1XbtXGnP1)=n6wO6VrBU#}aX<3ap9F>iW#B_9ZWZ;nl>Q<pZAEq{SQ-WETWoY!BX|
zC``Qmn}lC217FzFu~{XVhM8FksQ%rC-kp&B>*lOG9oKDq@EBJ0m5;8nwCLK6Bbq(d
zrrA%|Iuf6$-b#On*Jw8E1dzRCEy=+`s#@67Sm`;AfbR5ngDcP6A*ZLfCEzUb4=cmf
zr}Q<=V{-}NRgm_I^{-HiP7D?5nFx|FdwrDZSv3&W(MF>mzxjVtE;l4)f{a8hnY6TJ
z9crDp1q%@j>BKZP#sgo_pt>!9Z0z}`?<fn`YtXT?+AOhioD^DgVBD>}CNf~wX6;JZ
zylpW*1mWIujnbpqg=P6R$HlC&m2p)0m|c+1;T|8f^oMo|chk>q%(PBDq}xYSCcR=U
zF*nO?M$-<PGhfODC`C^mr>IkHMgEl6QoFWe@UzK3*&bWmBWXFv?~*X18hm7rV$n%w
zRr&~=TcDx~6=+iGZY~AwKux#8Kfp5O)h-Z0aL6FrV{lz=Pd{f*Qz?ihtd{Or&aVqo
z<rhshEfe9ZI>Qy{>jgQz(xRj}KciX*X&fTEK<{CoIz@Si-pn{n@Au?%vv=#GaK!dl
zo?-J^tCSv$urIVJI|uZfyOz}m!VY;`m@BSaflB2EI36PS_b0dgv5r-CRO$fPO4?pS
z^3eQC^4#e13#OB%r|H}JZ|~?g;%6f%2>HMImBzdyZ6sTbXJ(JfX9`OHHZD6XUWbm(
z=<TbJa|ZD)H)>+M#by&G4Ln&XTf%H)57Z>m(&W+$9M&5&GJ&1NFpQeLYX>j7mGt0Y
znL?BnCIuC%&KV543M>LIfrNMKAvU9icM}nu@Th@ht#sy?cLnB@U0PA7jSrlk>xA<w
zN0F()fsOU(abQq`W4Dlqey_N>MXRuI;v}KzHBHFt7LUBnhH5tmUu+L9heN3PhC`|F
z1IwFdiCG%l1zu^+wBs@#95)zW{uCy|w9E=eX}t{NW$~14NEMw%YQh$?jwDfiJZ5Tx
zO;<i^{;(b+SWU#n7HQkn$5^r^-(de*!;)&-{q1&U@oR&9nlNZSQ%-(k+^sq?nF`M-
zqK{f;W{9z#_J(nOdlj{7fvs=|Xe|*N!@&KQ@T6MX5WyO%tfZ2n2TVP7@lg%Kv^JJy
zTdilGl`7ay%~s4>V!GbVBy3wa$5ytlvrV!l%e~XU-1ZtOouAnegJIh<hF{yP3BsjB
zvc8LY@zAe!-gY>_8@GW@*L$p}HpYIRc3u$pad<AbCu21oCl^_;!^-ul+!iVw&9SoC
z=@hUJOOGM<W>M-&r=O0hjrt{*5_DFrr8{m%r<nPVycTxMK0T)lrZyQ9Kz&ZC?WID=
zpuhI?-eES~uL8pO-)UgCz-3mB{7x7{=+5d_-&BV79B<obQDpsHRju{ew-}P0;$L5d
zIBT|y47S+c35y<a{pmnzJC_anOe4A=y^aPe(vRHJcAW(*S?8V@My^2C%qq8jr(H2@
zI@Nu!B7ex_Xfkg(9}F75XUa{Lp}h%SymSy$VZRaUwtdPR`&)gkoxi=YZfvZ4RuPVl
zf#+bP9C=<{A#ab$#l8?fLp0xxyg@bZo-u8QvAxaj32u*0vvi<m1FKqZYsy8;O$~LU
z+SI?k;WRU%^x+SI_ayT9(D_km-ig}|46*ej>fnQ_zIvi+ojj`B8XY^mmhi$<df@1S
zsWx8BZI4=cVoR|5d*W!_+&Pk)KfQ4`*V1f(tF}X0Hqix8u|0+!Ye(Q^L#noVkZGOV
z<d!I%-4~LdIld`1+c{&Q!Q0uZ@}gHdyy!IFQoQIj+wpZ`RIVq=22tsBVpe(>@M2Y3
zDpMUDw8^X3JnfL5)xX*$C~J6fj#575L*3tg|C0wh@p13StssM6e42O3n4Lv4w^B6e
zT5zyD@jMeC?u#s^O!`r)e!7Ul%T@4_Jb0yhNVbbCzSg8>NX7ic`f?V)JRL;xQ2K21
zQ2JXsb=6H%nC5}oY3-7yWKqwNJr8EadeGVxTH=hNCFK_`Zp#2kOKJuAdE_vI|79tI
zj`qeKZAI0Gs51ljfg_1@cK1_BYgPno4HOn9gHZN~(+rzR!$e6hJ5-W!BvOr!p<U^K
zs4CenYHOYz>~g=LumvANiFy!F#IyJ}3pfchIh;40nU1(ye>7Uhza?e-HmRZf=jkpA
zZi(b-VxC#|F>Hx=R|oH{@EWd~{+sDA!gc5C<kMdl3Gate7n7u=Pesm4#o1JIJ*0Ex
zyEiXv5ABOY*#@rK5;&38HHO*9(*C*tDdUVXNPUTW95!8G5SVSiX-_0wJqPLuD%u*M
zsnTslx4wq~{!Js}P=qdG&k=5GIpH+O3{@+xTHKBlZHq!du<d|h)LlWb>XJ>btMO&h
z<mqQ};1skVhsf6FOc3TNC9xRN8@EnRq-#`nNGugTu<<joC0=y3JIF6?roUd)5N>Kw
zH@V<q;|BM(Mg3ZjOL)Vr_p{h7abX4VTGJI7G==TQ(-#k}$^+e2uF4tCMgk%W6UDU-
zROi%LLP9RMcRFf-3FK<%QMYBdE2?gw2$ud(fag;|7k@xi;?F(g)JgKE(cNi2{6Vs?
zyL~_F(DK7PK~4e9jlDRBh!ubHwY36iwQ@)19l%3*Dx&_Dh&vWc9O~CwU|ZYnN(xvT
zNz%pVN@`rQ(^UsyN9)JCJZB|NwELxZSyKymVC~0_@R8O>i4P!_z<l=0<J7gA>e}sA
z2Oj9}Gw4Z8=Usq<Y}4=r9swKvS$0L&p>lW?vFT9)r|vt|hAKW<?5>_H`cO`_)v2Ah
z93bS-gw?0fZ62muGClizBfsCREzJegkz2`RWBLf~=DO&nzES3{^cWv`)AYtZC*qlG
z+5^&UW`GA7;g)#AcY}u@*cl&l1=#0;e323Ok6A$d4GlZb%DKtUJ}995LvHji=w#+u
zdzFp7D)_6-Zm~$X2zTA~@Ct#wLA<UGhE>D=P!9H6u5<a+#mnQ#yxa8qcNCK4H9Nge
zfB#fOa5e)oa=4CsmqYObQeS52jJW*-#n9KBLwLztO|BRxqe5eW-x<qPD_nVzetl}J
z_=x?7rmf$aPW?w^=<hRKP)Vp6UM2}5g*qwl%B1b(&yp5i{`009{j%1dkmzXVY0*Mz
zx)97FU+kW5##ipvE7&x;5@yXO3G^%?jL}ID{vxu9k&4q#1t~KevF7Hvh=f~wuhSw~
zWk0;@4fXx*)%vWPd`n`x<bNP8dt#Ul{^shTO7ZJO2l>Mln9-fM;3OT*Jg0$qXaiHc
z|Ae^OqJhLeE%wF1*hen)tUmCw949Ka3PhWl`DsPOJsBicvUi?#{oKCa1r!8m@yrmz
z49N!O>LVYXxL$FHUs5$;U>}QzF&CwDUTw7jk^dl!!UMK<HBPcu%2r@t21yqQ;3_eV
zDjpZQv+~;kltEGR^^c@siF8olE!1BdtvNkIw=?RLInQy5zEIdAwdw`8>6R5Fgeoj1
zIcN+=(@MLUUdRWW$qJ#;F4xWyS#rNOZ<|Bv=uqc&(bp+F9}jMn<4vQw+P35!ruGlC
zxIY=3u-#Zvo~Bhv%o?0uf1#9R|5y(58duET;%4JUnoJ{qe=Iz3W$1zF5Q@NsrO_z3
zA*9b~A|~TUNAn(rj-E)9i<9wPUfs5#l4+pW^?ZcBTVm?Oq)4Xi4kR&k{n&3R9x9DD
zE!%8Zh=z@7Xpm3ERlg~%@PfUp@5y9so&$4URbfgGIJ&t*<6FRfE76d6k0OJdQr734
z&i9^epbNEK*dQ@D_MxxFxndks&p;>>vsQRcL1gYHxSBcL56jle-3H?=>}sUHPN~>z
z#F&!d-aID#r~=AzJw+Is!$j1$oC*nH=FswKuijV9Ssg|VCgaKgP{rg|#QF?G&!E*)
z*x>AG*UuGewLav|VmTh=@$~)D|9m|z`&v*7Jb)zs;DRx<c#C0V*)cGXTUsR_SmLYg
zwK<Az4H=+JWtP4^^u4vy5uQXf7T1!5*Ap;`icnr0fB4f{tD}&1k*Y6FJaGXT6?qAp
zpJE89%U=ZT{=Ui@wt=L0k2YT`sUTI#7@B}UV$sKTb!2=zN!RtzLYxf9$|J7JK7SA-
z;auMO(p7<p;D|lXW&F#@nC)MfDJXpfw&26N3P)oqGp2crZ(NmBpJ%hwcrSN;uv&Sc
z*>3C}+NR!8Zc^dFa56hN5I788wMOFdyEkwJih>$VC{dK+FlQlvZ3wQgns{nbCAfT>
zq_LWyvOJMxkC3{tzK7Als;u5imbFT*m`)Z}7PQ*$ZAdH*#-dk2>vLdX&UhC}&|Z9O
z)fGt5gBy)H;)=i7qN3q*RS^da0V)zq=Z}zj!af5<;*s?vu1^OJ$lrYK2MExajCMpP
z<YlBq5gVbq(Pu88e17}82Ryu_>zhjjUTdn8d}p74ozxRv^V6X<fHw}BOF!5B@J68z
zP8x`vZAm!cj+k{)|21A5|E3Y=a1X`<yq=w+$EK#naC98TZKt9joD3WX`R(}j1ry*k
z!uuVw3xfHl!8A;Wz#bp*l|w9>BnF2m4Hy|^%T;|WKH;DJAqm`*juq~*4S<(T&ll?(
zMN;7<n_A-^YG0<F9#C)(aH%VVAg}OtkL}$tq~>SdcM#gn1`t|a+Z*3-c&&FgNUd+=
zC%Vn(M6*jao2DYCPM_3`D{|S=eMtRzm#)oCo(0F1%=H1&XT*35fkiv#waDTQs3giA
zDSqbbd>GmEA-bHR^|g|*gl>It!%(~y5<@Dqgjz;<gj{1zasbB}HGVEg>h-0)r=UVA
ziA$i9)U`~;xs!h1Z?=0p;AoQ}+OUluTh`f3E^wAPLteh-8ctVR+ocQLA`GEO)FI{P
zYSys8%w-WeqyfunuZM0n`PN{k^7<0ji$QXrXO$3^x+hhv^Uy}s{laSLMS-Wt^d36r
zX(&IYf5{?=wI13*4c(pEtDP;TrdF&rHgP`&3>{+MPA_qe2#8mcino@o$!M5BxtJ#6
zw3D6^lfccOuSZtuVY>mtt2kkh-6J~wWLtoKJ_BjL|KXeujgbeA(S7(j_SI*!z?JlN
zC2@%F!=tP2&3<_)KG@~_^2uxT#&6frB*iC|^_1xGvH$FaxvA)d50G(;-c&Tkr>)xZ
zUALcNeB~KC!WU$HS{B1o4jS9TqciWs&VQX=9MI7OYfUOBLoI1p*5ui38nuEqsDDG;
z8S&DLs<U+x#FhAgeU&hv);}EN8E~g~Z{!!<qdf-@%z<-Lsn884rq>ab<7r59{IUt;
zngZ=#MIsGS9jTO`M94a$nPH!orYnD}LGpY})AH7WoRz2mF(VP9;@2omB=|N9Ex^9b
zB!UVD2lRr(wm6k$1b~95-=ro}LOBU6IW`JR1xWD<hF2W|3zc~uSpDQ{Sa|rF3x@0d
zLn-V>VCj{J>5$}6clRTmjILWM2l|G(lDWTYsYO1CxWe^J+Rkw=h*XvoP>gg6xF7$K
zwWEN4dT{PLfh_qC`F;=v{&xf!q<NfEy^iId=EPp>cx>nahI9<lpE8BJ8?Kq=YOlGQ
zaNA-90fT7S`5Z-V{J6j!halv-ST0SOYFDxKSA90Gap%uSTlp+5%5R!?{<|?nz5SUE
z{06?VtXa_)Za>(^r~)MQ=F9;`*l?2vpQPi~ioQsA+BwZU)>Zl{l(aKJ(vBJtwQXF=
z;{5=^Fm7+>duyK0Y2%4e0~{;nx)^}l=cSm;3}2020?lWY_1;hR?;VTv#-O_9-Ii+p
zh%gkA3LN(@uLv`DjoR0YV-FoQx#fofXybE22nkoqJls}-i;B8h!oTIn9PGnIr14NH
zV*64vn!IOj9BH@AeSR4!<h`FN=MBbzb`=oac~>6%3SKJ{)G2CsM*WGV;(5^QUSN^2
zv6GFZoF!515LxT&x4eQCG%#Kv^IPc84UU6}5TZ%ji8-Swmd3BValy(MkI+my>Gi<N
zx&<%E`{x0I83nm^S9~&Coqwb^S{6+3wPqN?LZ&@R!SR?0hBfbN3R<yqmxkW!d16c(
z=G9@biy#wp8rbt_iRQ?vEne%stj5bmq>th=l10&a2S*y{1-zwd^$cb4$+B6b+G(&f
zR-<iQJE5Vjd_jY&X=VcseX+c2PK{VaTE_px-DCToF*4rayp*s9zbqabT{q<Frl)TP
zJ0T4K@esnUD;2@8?o4S2X4@n+&=Z@V$f&o}{A!=CyLSw3$yWDcJQSIG9}yO{D_c%w
zHSSm+ItO!MTVH`a;{dzbe0#e<Z+OA3jHoHkMo?N5b%3iP4eMhc6498OwbpN3BV0XY
z`jOPdmc0Hefmgf6R8OTgIsIaMk%ciccDlh(4r+@=&r`wjfeVaUd^QcIg!Q^B9?*bA
zt8Um%3C_W4W)&gkC;WysxAcJl8TThzbhJV|LnQmuCK-O=0gh?jo{<4)n!5)&{ujda
z%u(B~0G&c2bKHW(_6B3P>ocCjEax8(W-w`>Au(3-_f+-U@u2cy5MrUdpl)yP%SH(5
zE0)e~XAZqVzUDw81J<7o#>fm^29QI4n&LbOI8JkiS+zfA(iLs)aZ#lg7w9H4vb$AW
zmOGFmh%^NmL`^MG=?Ck&&zYjUX5!yLCsbshUENtK(-}t~!Xd*|_ypQpdhT>BqN^cG
z$>~g!e9t_Oa@q7~AS4W(L56zjxDfY+u0zDUwP$DCB*7(#glDN|?8nEGJGrtLB?ov%
z-2=2C1`xXd0@Eo3X+<1{^fV768|w(i5yZ(&bc2@sAX8k}FVf$O3BfIR9dv0q0m9Q7
zSLgO3vn&-ND=0hhosDXHV<g=;wK@GK`aJk#-l`A#GyCE?An<{mW5U5JiI^Z#JxQam
znYLrMs4<FRO0e`0nd3Ar%DdfdPASnOD^i7cUdr8*h}z5TkRmy!5jux~t5P>nMqbby
zT{Q2<(sD}m?M}D$$hVxh`5Pz5y;Zwz!YxVBI?hdOA>uOehr6e`x_HI6$C5IK>L#E$
zoytU5M)Y?3Ih&`Vg(pAA9QY!M%=a5GBpGZh8!dLyFi$cxTB-{46vk4@=Vhc3m1n>9
z4g;ZKk_Y%SR~4&31rPoLbuFHbR-LZ5Ws1;e)H37o=8p(d371M4@qYDl@7%0~v=$yq
zqyT$|z*6ASohwhN-=#8bJfW9O^4J2I-i$>6%%r5B0q!8U{#GV~g$1vp%Iz-64TCAQ
zM8^(JJ|r5~aUb-e<;bu<;V<ZQ9|`%d#|#c%;z)lYd?~IJStD`>XQPPz8t0Z<7Cqob
z$;oQXq@k36DuCRi49`c)fXo86GhA35X~q`h-bXRvNsk&3ixZ2PP(oc`ydSvRiLG$}
z|7#qq9PlH=MPd<b#pIV+Pzb?PuDBAT@Dylh>EDBLwL>PcD=yjFGxE*34%v)9%bV0Y
zbsZn3GS|9YpXQIs@B1SW+cupqP*cN8(fB+sXFY7Pczmm0ZhTo&yQXw)YUeu<5<rYB
zK+<`cJYuFdb)OrlYt+xWIy|oL6Mfc>K1~v9IR`A0UIb->?YWuFd{lSZsY67TKm63Q
zCT`&N9;dZmu}I*RG&kjs%dt)E!B6czHt*#2(($rY@jogYkqrUlcs<;x(`s%;ESlJ_
z9Rx#n^4Gjz%)hRzkH;FL(hF5~N){y9&2bN8?dC7PaQ_Yi9ZhL2TqHzvm$(qBY^7sV
z3=}16z57o!k`BDrft=vYbgOjIcCJtd)Of1>yrD4(Bh`Sr3V`<^guabH(0iy2@ZlW^
zu#sQ@jDz%RT*UAi_-(rs2A0ZfAL!LnhmuIJYj#6cz<wn$+FqftplRt$84t-V4E!)}
z+^%Q!RF#~~6+eieq{TUGWg2*1(W`Bys*&u|%0ibuRnUNxkTn-MZ*Pr)WQ;bosC(5s
zDv!y=u#4C8+AO$4_7LtO0AL#vd<ZrSyk^aBQ`)rQmZ@Qt^=bIYi+g%I$&{YK=rlJq
ztZ8h0$#KuR@@Nk!v6JQURy+x_q%AoF&VkgUI)BFDDt<w%@Tm46qC(h7OHcvQnu0iF
z4S;p-4>*-{;=(e_TalXSH6k3dM{^+rH9Mu=ey&&%z6-|oZKx$<D50*bA$?c?LuSfZ
z{(LxTW7`P_H42{u&v+QZe*2~64xmRPG&OYF+S<Zj@I!GRD*EZ%kx@kFBvs!L_Tv~w
z{mAspl8{8ZI&BKMmf?2wM&Z|73Ny!aI5~C<EIX|);$E93-{-}6GTt1{+`e^(Rv0F?
zrmTC1deDXyUUA+Ea}y)d9+ARJTZr21>O}-WhS6YYzeo+WDn)G#rwP^Xw`$P!#|*RM
zrZvf@tZDNN8x|4mAU}!cWMH!kTyHHy2_jlEp)6s<snqPV6SIoY2G>$h8ToZ}amVbt
z+xE>1v-zi4tCRIFZugJT8|>fG@ph#xkiJ#pWDS70ZdRW{<~D)>^`$b}E&x#vRm)Sl
z^<A4gX6Yq<uq-wQ(C$rTi`WK-^KMWJ4cb9Ppej21scHP6t->8Kl6;T|Xr&v>MD&sA
zfW3q8L9O*PXflN~MB3$u2byAyDgnYXTH%W}j4~%z$|b6xxawo}1cE;7M(>ZG8^w(0
zdzlDs#)mnvsP3=_CdhPoI58`{*6bbHUUAVDJcbo__FVTNb>G)Js!RAaSFKXl9vpE0
zAhMm5wgQUO^j4?)2U@IC>TXOt2Z%Fp^aC|xEyrh8JFy7AAmS716!TWM0uMkZ$`?nP
z4>c5h1@9f0;;lBsWMwayi4lpYdsD}yWAb%rZ!tra42nLXN2|Lj7|fC>#?omK2Y=Tl
z-!wyT&F2_jtvGD#Pi@}|r<E#84a|tVx~aYzZap-#U?Th;ecp`|xd>wO{KXl8_?AWs
z5;Y8on9$UGuPigXCyJ|GkL_Z4-iZy%y!Xeso9pU+@S$7xu+eYpGZVSS&%FlbUJ1E~
zzi}}yBRq6>xqorm23vl9)P>|2lj)M~jF>VbD!%{4N0!jRn~Hb~*ykqC^LL*YZ4aN@
zx^{n5o9BM>riHcIV?Z<t)1@)up2rpvj}GD$kxGVl0lQ6Pl}$o(?w`p^W`XsM{@}a8
zR9(yFT#UBlX4@wm)XPtUUf2+bqZ1PDZO`Q?@fk8CEnOV;Dso$$D)x`xk6~Y|_Z*{B
zu_JHC>lW)x?vbxfUkqDrP0}`jxigy@!o}D(<A2L)=!)GFG^-XyI|^fEkTQIM!-_yA
zLRyIe2ptCyjTH2YRv%%(?BMbk4O0F<%05G&1X-tAiWY6nQk5kBL4_t#F5I9dOfyV-
zbdxkr-CklI2m?^vAE$fP6E%wigmk<bH(aikQ7DXE_;;I%7q<&ml1u!FOlumoeNJ>|
z-BGkIbxd1)yJsgRUm+>k&=gMd#Kw&AB#Jq&thX%o@*zn2K#}nE3q%oGd=Yj7BCL5#
zih*_=hu$FY1l5kYkl7pQEM0a?+9r9NX|>k#_5Sb)1Q!3Q=@9kx3Tl`2IYz>B0|l48
ztg`ax=<P+|?;&<5np*5)+u7a(@qa^w;>L^C;Dtj3Y37!>F~Inp0vWeMioD?HFB1ty
zv>iF1b<RA2^xF`nr7BQzR}Ks+TzCxavH+^1t?jKqm|OafCVfxac}n$|6FRT=;CbK=
zdvnXA#eQmw5s*vR!zk;*l&MT)^|jJ_W@Of1Ztn)H+y-HrJ;Z1(WVSDBes(KEbcQ8%
zH_|kdc~xaY7PJs~mXnfX{kK}O6kFl0fG46!qBsgj+3Vy4tqbix^nTe|@(mekCx-Cl
zSdX8;UndtY=NB_;g7?%>h{62=Er2`jnxg$ViRuN0fI*!6jKM7{Su$(dzx?60<{f!e
zNgyKS=IQ-4<P6P`PU%r^ZnazE7b{$W&ZNT`I&VV>2B4b=k&udMqXOL|(&dm$46T3a
z&nF!8t2TgL74KIK;Pa38@bNob?490kp9k7B>y`&2t&T_dSSD?DmV<w9*_~g&z4T?i
zXodj=Xm1AKYM8)z^*Ul^nRP4Kf|cKsprN2-H40Eck^8GvCJnVkMj6SCzMY0zU^xe-
zI9i8PAhm98=lAUfETfWV_>sJN92J{fd3oKPKZI)|P!2l=aanmH8a_B*GN%$GCmb=V
zxAe`1aGg{J#W`L{5QGrC_l;scvigHmfY3H6gA8uFd4j}pw*dZhG3MPzHSXn8k0s7k
zqCA#SYZx>V+@RpzXgxi=9Qjc5?{c5^B+6@GB0kuoYflZreBW6OiLgDKR@a7YF@Vy=
zC*r(dD8}*BF*D|&V(fXCwv>@bkrqHjWarN}zpx&ryI<~>&0VG=&7f!j0N=AZHATb{
zKvVAqh?P#sB^I@Uo}P!ItO5qzFFDeiKq4$eGm)?P^!<S|)Lw>OELf~2gH`s{dE$=-
zq8!zop`vj<+->UhbUzLCrlVK{UqEK<d;}H)SDenZ;d2N-Ke9GIu(@$fdvOJi_JH}Q
zOMQy-zpl0X*bc6zMGtPLasRlP9``=md6=eD4}s=Y!1q4nv2D`xBEoK?#yWrUXTt>e
z14pe(9SYHcj>`e>{n3!XGQ6*NoHpd<6=IxXq)iA27-LXzG2dlh`UEL1V0bNjo^j#m
z@P7V!zuxu!+zQ6`D)lORPEe-2hf^>Hq%q<N#*Ejz)Lo_+@{yO@acJ9>M#+ZpG2vBx
zEm%mi1+>G7C(q&9_Xe;9cz4d1{qb9vJ?oYWtprgHqt|N;5o0N%clrc6<n7|V9_^tI
zQ5oN$2baaYMPbKRS#~SD?52;<VWQjkot=r(mV&RDRm4}5;$FGh5d&k=baOi?F1llJ
zW>Cy7zCYdGkih@595-6r^WiE(EE-#Xh&fF}owpIFh(f$Y4b?l&Qe0ueSGHgmn2un%
z{fA8&s&{Ho!w<_w*4?z52l<gv#NNx215<((@|byaspUksk`93owg{yfabM@oeeo=$
zllYwG_N&O@ep;4dnl}H{RK^g6{`)wI?DjQ+tj>p!p+fi!U9ss2v`xfhEDRj;3uTwe
z`d=2f*At6R0_-i5&E?G{V=Mxm+woyV5svNlp9kKgZCe-T?OWL%cROR5cNFh?;Tu;@
zUwfa=cFxWwM<4K2U3^@wH@=sjM?7P5(05DTPMh)Q_}sqdmtIS#*ei)xGkH?d%_$fO
z?m>BWC752cn;Zt(&}4eFNi;U*U+z6jZ3`V*(1L!O520nO`<cquhTNAUAwGXEU$R32
z&RnXBz#}Mt2MU%-gOV{qcrWy{5vl@&_|4%I?C&%~5mR}D<P`mexy!@7#uz%luMX8i
zST&z=KCQ^a6QKX9r2POaH8Gy^Rrm`?X7$$|cb~FCBfmCOlR&b>lG%=oG$Mv8LVQ>P
zZ<<Z6f&%5iOf+j)M+n*<k#Xz1xrR;iCHFI%orwKR7K$tz)J?GJR(%ErLyS$SZUn;o
zc!F<d&VX<eN3JEHGYp8&$^idVdQpeA{MEP}N_`CKL}5WtvIeXeq(I9#XUJZSAmjfd
za-_QG5iWrReIek-fKrT@B){-fJ=FmONZAe_lifqzrReIpy3>}=!|bbl;@LgvaSjrO
zL_j=MdoBOT>9iTymu+>p&?G`qiO;4mJN`u;Nz(C4U3|9e*U|lviD*^ymV=UaAL^gM
zec_<TTL$UhKSf}$XlSK@Q7LCojTpL4yF=i2qHKdqm~(k@589gm1$TeD1HMmY-D|c}
zBf(ObAaYd+y6mOPqNPbWlS8eIE2b^9X+VrwkL5ib-D{Kc+q6LV;82HnRE;<E$fLxy
z(%nro>8d7LUy6TrP+mYzkF3q@eNA<#8an4J(Olu`)lDfXUDf?a@c@63`AMsJ=5Q-A
zfICy;`XN5lmZ40+Smq;25zQ4{CB0y5eJjxxH;l0dRazq}O}m^n(z4y&?2y#H23aT(
zf5;w-A6)$`=j>_Lc^NjsYUl~2M@|~S6-><oBOUsnn$T-9(BPolKJ|w9S_k!~cy{Nx
z;COD?YJb+LjelM8Le1G6z;6rldI(ciD9>1|rW3RLKFuR!8}`GsJ0cHbGj*^xLoX59
zAO#coD&?2ckWAt=u1$=Lc~0z25=ohJ29;QCU0j$0hQYH<k~f+kB>=%8yzqqxW<w@o
zRu{j`b*65pbWZWB9zJt;h3TbZ+jU5oIU@J<^BKZaX|lX09El2Is_iCew~zFzWNLb~
z)K@J)su4VF{(wb?FhlH8PE5TH$cfuIdkv(CR-*Gq4N-}*&aDQ3b%m-n)y{;gpX{Yp
zH;Hjs)P{X7*dCkfBxQiPHmZKnzG0m$2d!2B4s1%0J*~wOeK{5~!L-)W!jx~HDGq_^
zYYoMH5Eu>x6QayujUoynK25Dx%{1AM?680N_sY(Pi$}oYOcdT0?erB#5#+HUs^RYv
zXeWCiRG;Hiuye2eKtkHz{p@kB_2orS4!5PSlB?2-U+!?>Y!h$taZ$x>`hcsUinw;l
zp`s=SToz+z&NpO9DD6PLA*?S#h&(_Q`B;_JXoS^8{Tw<FDk};>WYr0+MO#I7STiVQ
z({(9nj%(aCM6D6Aulo30q<%LSS5#|+&?tXkMYFKBlmM;x6tuKeaL4R}<Cit$4<A^R
zA9L5C(7s?+EH>)8*9Auu)s^r&kPMfd){I!)WQ^z~hkWQUBj)x$)F0+jBsagWNQ?{X
zRy?$HvpiCa4+zQv#8GaTxe&F&-PVZK(adAJ2L9sydecPZEDkzepxVnCf{)*qs4M?P
zR&fCQ+C>F|8}-7O*mTXMhd%O*E48+-SQNtDI}#_k(B@}at=z+DDFn>`idV7CcC;#_
zZR=S4_cu4G7_Dno|72wT6vhrrdl8J*6Gr6~$y=28E|%rM3@SRh=PyY%O&<4NgHf~`
zIjl7Z&gA~g4rpQ$o`jOw!nG`Gy>46=jM7%G9hq!wU{MmR4m&km^{N&&n<*_Gv6w-X
zMK}Sr7mWE9=iezUDCs@NU$o>u@9rEuDtI`aawkAZDNTEJ{K0vop(64|aIMCjgZLfX
zD#e?!>M(k%WxNcl&+b#mGzK>Ub^`^fcxG&17*D(wuA4Qe1J`P$u4R8N)YQlFvW3+K
zmai}aLW`~2#OcXvqad@ev~R)ewa2z*es%?ye$A^t3EeR_brhkM_J413OdwC0iR4+$
z=3nV%^Ogw)V>^ilw2VGD2ka#XBoH|W8%s{ox%pf&8<JP0Fp9UvxI2Z*-rqYR8bKN*
ziXvR!Kh{zO{SX;|(Sx;wLwGaj<PffY^jBUV#jR-(_;9*tP&UWRjhs*wcXdM6!T__Q
zLT-SO7TS-Qf9`O<z9LaWK^7K*a`&Aq15-iO&>?rgKTWz!yw9ckf+uAe40#F|f;W2L
zKvg3fKGfKkCB5Sa^;sy5LME5mV#pcg*zoH}Agl($%}>xdV^Gpp$#ztSIXyj`YV$<q
zHWqea5gS$l-5U=gD2@KS4kDj`No!GUph;^$_S_uobV>-Mb=+P#-r&hmZLnp@b#7XJ
zye}{5F)#^#RoSny??}vo-pH=B&=hcz1wA{n_s1aCNfixMN_a?Naht54a@wHdmaozs
zX1(=uQlD{Po~#S(W}xt>6Cm$=J7*8rh0c8zkgAk`{BFoQZO{8^;B%jI0^~dhQFI{&
z&;@QPk`cnDk`Th^0(S54R3Ip?!J#P;1a6ci|3L%)5AoZyBKal(Aq(8JAPL<33oR-6
z&%cAmrwNjG=6y%C_-6bkBYEdP5x>n(p`E?|x>Vmmo8-Se7Q_Em@B}H61(o}J4)YzL
z@!zQ4czzfHHw*u}fC~HX;xCP8|EXA&>Yrvw?K{fkH=pI{f0yz<3a<Dke70&JLYNJE
zN*m<B(m0B&95sD~VjvpApm4)xyJsxXB#fhlTIZr;RczvnJ$Ua7aI-tTwA4Gyw@Txc
zI|0!5+|RNr6}`DRqvXeR$aVI}$YT;evY+9b7^p-Py)BcIHV_&)ra>(9+YRb3J`976
z9)FDI4l_<kQvb|6=Tj1SD$#u{C}qo_SyIdmhyNEvjEL_4CD1^NtU@Hs7AK;OG^uM*
zKFT=LT-g4f`iu&Ncr>H`KXr!qiojP+)%e{EqHjpd%}dF74dP)krpnAM3nKLGPj%0-
zx5|ha4<2P;s{g7pAQSa)@2tX@KHPt!A0>{GN{LjY8-PpPfBJW_(ZUxURK6eR#?|%R
z$%ke$$UbaN&Y!lgNLKzo>WmwO|684*@L;ua_HvBgq}fVpHcvY^t-bWoVHV=4#MYyb
z2{{gM@Dy1yE20aphMf7c@CwaX^%#U-?V>7d<;mHAQ6}!YQci%+lw$sNVIt$!Q;uf5
z!Vw-Srm`ruJcEb+1Huxn+w^;7{2xUIY`n^#Fr%y$+_xk{1&u}TS2CV3KoLRxuTjY5
z3FBax6m$P%dfpzRcxXaJCC;aXVNXi1k5QHZSdkKfXX&#svoRKYl*At96f6sM^0yvC
zp&eKofr;Pte0>$G@c9*0AG(2CC>r1M<GzYbIG!*D@R>zV#JK{g8(}4&1)t7IvnxYA
z%BlPlv+b+08YIdth$K`#%Q5$w1U=+iS{Du>h8meEr+$OS=fW())FzP*^7Zi$Y}Th#
zBD58;G$>9oTQ+f2ZJ`<LBD{bEX>e)vM5)vfyl!-PIO8nRn)ReOYMNFYY}#dS;?VK=
ze{>i*!`cuTMQSr8SRQqD5fR12%;hQdSPpy%N!)HY<;ciLQr#Q6rf5|64vC2Nw-G9s
zu@)Vi04Es<y)p^<pTY&0VRJPNTsLPT52kuxNj~agSjhYa0W(BH+r0XIh7Pg80$`NN
zgU1{);<q@Gvw{@Vt_<~RvI~@8T!L20!(%<4`BBm;^XBnJP|nX!Q>0(mvR)t6zrSku
zUJj3Lc7o|By}eAI46aBFrMcbI&D$0>lMCxF5)fbiqrLz;bfk-vUyX*bZetZfOlrcq
zl9?9sHxI|6=O_NJ_~OJ3@0O=?a<N_DLe1#x$HD^l!@S*9jtos_)78jGLC4fmN`;(w
znD4_TyO4reYbbF~VL2#c%l|99K!nY>Grka7d!@b-6F>;yTy3Xtn(*A_mO&9^;I<;2
z4^uQ74D8kBT{HQ0g|?3+AE+>ah&&y5(JzIE!|mpgHf4}yFsf5zZu8WZ>3y`^AL#9`
zc+05VhNsorGq*|Hdbf$w56^W)_Nc4dobA-L#*yvhwe?{D53G!G^wRex?%G(4-?{uz
zd296)MAmT@XffNZz@}1{p}EIqf5q&@D7p1qD$ISZWLi(bgoSPOZmJe9u?~j~D1MdX
zrIHEiOD>E*ZrZ{>W>SNU3;b8;>DTRkqZ)!>>w3NISNn{>GgY`-s)&no@`e=i-p!!V
z8Z1G;Fh@99YsRzhvu6!A)3@a%IOhx?OjGa)x_{cjZ>%4!mP6*{6QV<kLn^ZM+cZw2
zs2dHKKufmPn4b8L?)G%ot;MVS%u=A=kRJmm<$yUfw1mHTJsXcZ)m&y2M4m}8JWh*}
zsAvf}oYJC~h*^^beVLrvj-RwYvZZC?peKUd!#3ocFDHrKB{hXyz^a5%S8@E>uU~5w
z(IPZFR!Am1su)p)l2CCJU+hh+3CJ08UTFaAC&L_b+1IMW&EtIDb;}8`IY8+ze(U$f
z4XcW1(mpWR#ZT6@q*~!Dy%~**9|DZKuk7uA7$kSWhe0v@^<}Az|6;Jnudj1#W9m=I
zM0vY;XuP#Z!%w40RleaZ;4agcU`P=It;EJH3n$r+wg|{E_JU<w{F%;pc^KPM!uOVk
zxI;8a79t0T^`l38YIM`$fg+WMD0SaJ2O-<%Mq$t2rir5L>*nnIMs+y^)4>-N42cC*
zj&c*?mbMpJFo%!A$~*{zZb6Tij5`-^P0>T7DJ8O%d9)QFqenD$ur_;7_VZ$q8;;}x
zZanolm`PtW)?m2tgH6^h_d^!m>|p093!s^$GD0gPT4}6^9wargKT1|!#zR0$7scP^
zM}|_+<MpSvqy@%O@W8bs@v<%|oQNDs--B{@nz8_$o&Q&-c@_CEnoju)JLl)*sV#++
zH;nxmRtJhWbnY;amrdEP-@(eAg^NX(5H#f(aVszC3~?0ZUjPkPZEPrw10sXe{|xwn
zfjmlTH;@PGX8sXU8FJ_c+7tMFEIN!dBu!d(_Pr^Lc{AVJ){TdrY#4{_YiOWU8p+Ui
z-yF>n*<u;iqDb(jH#gepe`Aqk$cYuOE=l;LATMxP7!z=SEZd7@M;Ev*xwHIr66HDE
zQLpkJz}>9wU)pd7iXGhp5L8QYt3(KqHXY&9tj3E!XdGNi@;9&Y-?6ZL|GJ;wt|Khh
zzRovY103_8xRu{=zCYbtl6f&>IsQSu#|?fH6G{H-@%`$|iE*d+#~uAftP;NS!(x6H
z`A>FFzfuu_OA@ZW828eOf2x|z4kid%mwfm)`#0}Q>pQ4>s^mZX1&MzemZWd~e`Yb!
z@js^WJ=1^UDpCE@>?;%Q>tMkhTHDcWxQY}$uzS%~HobTr3MeSeQZ1L%9$%E+MOvm<
z+fOgVbW;Fqp&&B^fQwZ^2z?dBwo#DS13_f|F_n`3fz8SP3n-6yivyE^u(ksJb6QTp
zp5Fz0btC2Lvrydcva*22Z%SA8HT8Wb?a@{e=^#vpb%KA9zh~QSMvr@LK;bxW<~Pxw
zx_zZ4#4=?kf!HLlf?l&ja<=Lp7Wr#H>vVDsmh6!J$Geedf4~?2THukiRzrd_BIQC+
zX`~ABO=_Afi~~2)2@S)d+4*l!vMp<qg8Iu|taQ80`8*taL4|e+>{i7*Qvp8B=k8d4
ziZqFvBq}Uo4KoAEvFLlu17oTw0p+*Yvcp<;p~jVvkYxhBe{Ijd9ENxS<r-9k`pRNz
z4eH;0|L~w7%iMqh1C+H%0yZm?W2((7-h1+Ff&-Mld8+@84buPD_5OBSgK&{lzUdYI
zF#m~5srns<faM#{ju^)I2l*cN`<pn5^uN3Xe1Z`LF*VeGT%&J<RpL8;P{e<;^Y*+`
z6Y3{s>Wir@sQgpa>69RXVDDeIf3wF_|8=A#)L-ZrCjpdyS8M)ngC+UR|IaKAb^gax
z{%ihC{P!jNML<%41-EB|EDN*E``P;hD`tnf`xNxt(YO1=*>pw|bkRVtQ!LS}^LA&P
zvT6Py;jnpogpkN4bO0;wDyXz6!fUv<S>jng&LbnkiJ2<nm9xh<q|VCiWz#&>=jo;T
z)B*s2{jf;)eU^m`jaE!XC~Th%-(tJGx5Kb#a=RhaI@{5JUvg_+T(dsFOxkZ=`O(;j
z{|WXmj&#OKB3&0o8glXf)p6(VP$+sF$6F>MG8tnTG^Q+L>;}ntRE%vb$r8#wNf~R|
z$yl;B$Pyz%hOvx2`<6W=MAn$>TcSdiv0V3@d!BRex%dA5{RiI9^ZCBW@~51zlRMl8
z+nIa0<+&lUC*qo<wz#)Ef(q5(Us9*y+0|Y9Ogvq&;&S@H`-YFY_M-$QFfixTVf5+E
z5#^8V*C6u}$?zH63(+?wwUp-bBl43DaYvQ>^ad3H`&F%t`dMx3^>QcWFB;q3+xeX5
zp;+h4%kf&Z`}tg`kc?AgvXu1!{_A(FH0kjp>j$gWsna4RTL%!T3w;|@08pXiCue%2
zAy?ECz1Y?C5&DWu7&E5bZxvAxipp)rNq7j^Ez+HNEl!@I*Ric%TdU;MIJ@ggVC(DJ
z7&y9G#tTcB>hUq*s-fdga@62+E)#&SZ9!0CwNsWI?lMXrSWjVV?R#Mumv<7AFD;iT
z_e;S<BAEu4-QlbkN(s=+(RA>rTZ)?eF^dutnRw{JBcOyA>Qo><%~c&SM(@0n4sotj
z#tEIbGfJQ5HT=q>K0@iCYj%wWAaSC3w*-~0+es3~{qN2?YH|6Px&Xv2#0@GOZnRJ$
z+tFflUu2cbE_`Jp$4o79gy%kevk4H|^s`aSAgG<7F-(g~Yd@4`@7lXQjQRa5vgY@%
z$f8yMXK-~u<NGMdYk!WE(PFLuiIg}obEKNxY&$L|<1Cn8WymU57~`o&N=uf=S%(HV
z`jLIR&y<f@OvkeInDQ)Iwy!5Ya8u!XDa#}?TlR7atb6j(1J~n`@^9M1RRm8!@}+sn
zph1q-^~<mAm?Sjz`r^4XV3&=1P88%vy+Nq=ci<w1zcarXe1P@lm|5w$Fbf9un&<c*
zSU{;X6jZ~J{46B77#`g%>uV1`l?2hLmm`HoDxL3sn_|g|ImKVc;nr=0E7nZVP2U;=
z->oFm+;m9Qf*M@x1xA-1b+qf?;+Kmmtk;4A^(rUwcXOj6@fSU@RiQI-S<TTqvVE0#
zZrN?M!i;q@UgANe3pkaQ0+j@_`A7zRl{_%$dh6p!mrQYdWQhAxRRujCl;upFSFIO_
zNj@p;h<EJb`|dGhaSH%>@BMAuslsbRMm*f*_}dRib&4vAkUro&S#vZc?J<t4)J(8%
z`-6RSIyI_h-`jsvO8=Ig%QY>9SV(xNA*h|2li9LlBl2YkQEy?EY|hmnse~4;pU~7A
zd}t}KT*CY*Tj0q<tD4b_snVRe?YZu3A**je8}@^XWkG%~2ds3sFB7QxNA}f(vIXHp
zwVQ5+KPuLMq!Y9H&13@89vK9GY;9&1)`81=4iFLhzO~x+w3rHUX9gzLmWX>YM39RJ
zz(z^kA6ZgX)VBNko86clvjKxbyOSzMeMeVS4}SWu?{B_G&oSvSn6IJ`yUcQzcKVB^
z-_iN!J6>Fs!tw`o4z-4lwWTp>A3}pmeC3uSw41o5Uz9f3L<+?|CuHW{HNP;rN|C&s
zLL6zr)<`gUk2`ZjWeY@#+h-i^tQivzvnUMF*+=K_pqz|6?`)Aba>8h-kj%`mG<r97
zW4kK`V^!_E7Sc044NX@H-mWZToYiTx9tXYFf=u81k20T3NHz#(TXbP-m0W_MRN_q{
z2o!eT*7Iljh0v{FII}$(u+v#sBOQoPdo)e$`NK`9K#FWHUU014ENZg_Wj3bD2LBd4
zwG;ts<6er3k6pA0En_MaNE^S!J`d4VOK=HYA<;bOj*MJ8|DNN?epP?u_y<~Z8I0(0
zXrSQFHK8ja8Dza5B^z5mggSf9J)#%YCoYBlE(%-BmQsMeJlh1kq5Y11k6tYQSW7rN
zr~0f9<$#ZsZ0;$IN-l{si-W#hv6%F7h*|iWPYtjy+mjm_Dj<RoF!oQ?!o8d8v3Jr<
z5d@M!B^L2?`rv6I{GsQ{<Nvl2s63#izt_0To&T!ws*S&_gaLUj$N{OC<~InWJ&XbU
zDJ8s~yf!+*7YKT_0sCkbQ#DzD7yZLYK-<a+OA^2`R!q6$*ssodzSC)j@M#ZrP(0<K
zrY_3QvPm(b^fb&p=GU3cM!VSr1I$U8U;&;R=zEmKq?4yhX5*8^(v0VG<->epz^RTA
z&I;vCT}6qSV|!2Ln>E;De8&IjBLL-@s4~$movLgZaM7erWCpjBnfUF#0+RQc415pC
zzvBP%2-&;qk{R0_qk`>Q{L_Q26JCbH`Qahuv~@-uZ--PHh5<7UMl1K=bQlMm5u%t?
zo**(m^^x<#D#Dp{e|rR)%WRaz8i2gZEtI5LB1dd1cIJJROpNDSpgxuY7Hr4W_e?77
z^=g_*5)!4;7M5Y-{xoEc>ToQd88uLm6D|NfjeUPEc#us5Vr+yqeHL$c@3%JX6R422
zrvnKne8?kPR%^x@+Bwy6M&&yW?deL{9U61yCFg}5&ah`ETARGMp188`D^a%2P<h({
z=Jli;{x1jtW>%`jFr<Ew5l<XYtCRV#oW+*hz-dk)JH-YnfOJg$s_^`qQHkqB^x>6^
z{XLtmL%X1#ANpq7SgdXx?)PU@<fO#OGF)-U|7PN6m5fLBZs}R&`akRCdoiH{!hJ(+
z)QyGbVQl&n86fu!oUghIIsyV-2UQ1rVH3F10`$k1fL@DyDz*jFtsCvd{LG)Hw)oTx
zIZ>o*wfu-BQWjYWY^T3Ax<!x%JV7X&&TXB~kJJoWqPb70UcNwgTfHZb)r^9W&H^h~
zblD<3SC1Q<|JUc^1}~Du#g<UyqhN8UYen)&7)$s>Qr6tRvj-VOMXBfX^!SU!g^CyC
z7v(AW<DU<(i(jtlO?_Ku*6TiI5PV%3==J^ZOTB&`K-JX-;%HF7bl~{$k^lH^z;?89
ze--$DM7T&s8!0#kOTk>N?sQq8-ru)RZu(&q?LC^mjIC~VN5mlm)gaiZ@oD9PVRcU7
zosyX~r#s-`@SImYEl`rCTkIbA8p;9964qZgOxAkYdddCt5R0p^vfUXA0RLN_o5IdZ
zeh6<Q9#C}tt+P{$od&pr;h@q61Db3!h_%X4B;<s<9FL_TstwZx%rlaxIK}U4JEDoI
z7Q&QFq4<bxHZ7zp@2H2Hk5G)hG$_xB^?4|#@n=SIWDxWiz@q6Bm4c7f*4Impwx_zE
z3lVvhc72b&lJ%jgyL*Lwzo5!{$3hhHbx;b(>pvu{`RXr%OB<T)th|BeE-JDBA-BN_
zVIz;k9V?#q=Vh(D<8PR?^^Ue(->Re_e$^w84SZ55-|p&d`3{>)n%j12&V0#i#8l&x
zP7Y6-DEmt89&FS51_MU50?y}J+nI?snq$U1c|)zac2})RqtdPBxFD4~3$guqA0%8t
zRZ4tfxGXrAN>=G~m23wIhs`%*XO}`SE62Hku}FQaesk>Oh8Jr1iXdn%;in}eOgmxf
z(g39VM%Q>dBjJg|y$TjaMBb#ZZ>mr?V=AM@^>_ul8D2HP`YM)#BHex<zTfdyDz6Qu
gcqk}n6$#OXXN9_R%pb8FduB%fU;y$2&*>BY00(1k&j0`b

literal 0
HcmV?d00001

diff --git a/assets/elemental/elemental-103.4.1+up1.6.5.tgz b/assets/elemental/elemental-103.4.1+up1.6.5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..609c5bcc1a246ea17c2510af996a89d2dedf9a97
GIT binary patch
literal 3978
zcmV;54|VV#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<$bK5wQ`OII@#pEjXUP$X<%UM;Dx@?l$P2G;;va?gSH8tge
z$QFe)L@)p-N9*x_zXHIwsD~esohxBJ!~%gvcLUw%ZZt5+aEh@a?BK(M2<6Yols$Xk
z(&=<MgTq7fZ>Q5~{@Xq3cb;_*k2}YMLI3c$|E$yPcaM&rLFb_nX)CEzL_F)<d#omL
zKS?2R%oS0T$8zWZ1Vj<WBR?QYG4v@vAgSUWjin-t4WU>rULeA^Q=)=NYp(!>qGO8T
z5Cn;X35wQcA(aUub1x=S9Kxp@cx&6sbcEgvg`_+l!pnDWq3iehe#h&)Y;CV$%7g?s
z1Y7Bq$jiA@IBo65<q#N+)9<Zc6BJXbq_?J(;4>Pc^rD%l@T}5e)*YcD-PYb2!|Js5
z{MVXPcmqBE&&!Dx$dE|P7+Mm{6BI=8_F0etPjCoR5|hYuXl<qDx>3MVsZe-|^Y&><
z6R8A}X^DQ<ANWTON$9V6&8+8;B>A=8AVe7mnkZ9MECtAU2_G0wLpULd&Jezw!!HH8
zFy;b2Sj6CjhbVoA1{%ynsYDJB4g|UKBdR9pD3vGz9xIHMAMk0;?1NGdP6>?<7?1dY
zhEXmWU(O<@!B?jwveWku{qBFJiKXVT<$BXn(mf+AMfoE(fOY!+xOddl|A)Q)PXBMC
z&?$*fYkr(2YF=pTgM_3KhkakGD1ix=RB<sMf}1y(QX#m&&|6e8t^=S*Gz8bkg8pfS
zIZYWm<%|aNA$%U6aCItBYIWmC#PD;D$)>~UP6n<wN+}ER4&w$B6358&s8+IF$-F5I
z1osAh#~TrWQ#8AsZCHTRm|;Yv5_4as65Dl2-t8cVT4GoO?>f$Nh|}o^1@JNCeAJv^
zG$0ZbhY%CS=T2TVgs$$S72I#~cdaGA&q1P?p>UqtpH}@14-VdFrKjn8_g`-kBIOkq
z;k)6RRIqo$HwhQ&ody-~>6C!Pgb1QA1V*LO*o0hbL<w8~O@M@<Kq*mznh*t7lrf08
zf>a`?3EGjJn4ek<y1iq+qyIa2{i@q3|2*#b-GTYh?Y-*$S^s)%e-2*xau&SuvyH}Q
zJRr<*BF0CAWhRPZW}yJsef%SiNy^k&HX%cB4MS6jA@G>ZfsWf-0+n{%JNab(L$JI%
z#$?10LL8+L@KhzK-Drxf)O;Djm@tWs6Y~(ykzt^?(8y_XMZ~C3)~yOhai#&}7MBN?
zIL}QK+tiSj4>JV!)3=nEr3YY?^blMF%U0odjDZ@$2|o`e7^Vzwv-y<zU*R-iM4>#m
zm>^3~NM9unvK6e+|DEIRprQYdj&}C{cFOg&2O*AWjNn=sxd^S0T;ww0f_HP{=!SF*
z{;$?du=1GOeeKefcS{6~)fn9WkO%Ia03efC{BTQrFb)^~cB&NRBwVC|-IENUalq1W
z6`Oph;#(P|qFq)qrLEy@h`;^(x5+<AsNP9vfDdC0u9N@%g8UD9hdcS-O1Y$QIE447
zpU>@#*Zj27BdofveMcKDAyK5Xo35|HKeN84e?q3HB|#<_=oS(Kf$C(rM_M+>{PiX@
zQ>{S)Bt%V41&--=%(l;p>-N)lT~DX9$$vl+dLc$6cpztRt^5zVP5JNiIy?E_MyZOs
znR1e<2^aL=#zOTkUrQUVa;&1rqAX{eVT%^1I6fqyp3toT7#Sgx)?m-A`tM!_nM9Gm
zh$!?F_pH9rCa)4Hx{gR$F6AVle-%7U<Pd&yTOw-i?*_g=$x{)aY4)eAa)x45R6I7r
zpIB*?f9th+A<iB|1FVbxbovYO-#b3s$^SOWbNELrmGN}5X*W);LaAsR0hP1inGI_U
z%b4t!znp7F|6dp=={yIjv?FaiZGmx!0z+;6stH2Xpf$d0ZbnNWa2fNfxC#sej!|G7
zpfR||K;jVgCPdmDzY=rd3C1Sw!bQ|-KJUX`z++`17cP~v#o)}6ZZ|hI6KGZN-l{|!
zhYr7-XMH|cHnyn8G~=|FaW@YSWeqapXUq_lmw6Y35yg`tVo-#jw3*c6INaQ{M52nZ
z^N^Pjb>#qLas5;(KGkg3zQmneiCy^#%L@JfU}phq^nb70Z^r+Rj=SBR{@+HqzJ?be
zjx(iYT({v{a9zlP9##kEY9`+z8ozy`kQQnci5BYO%sFfycUkKnrI9Ndv^nJcb#k3K
zH#ftUZ<<ABuq9g9c@F=Bm_Q=X!|&8?%DH@I{&@(aIs6UTG~0CN5ONcfH^=jEMb*UY
z#X%|r#tL#Wo`afD30Gupry0^D5+u}Hv=Tf_1G7oTcvV;iB%ZfovWSQ@2!zN`VW{a5
zB#sbX&^W~Jui!=AarhSY80VL10&P}(KCv#iOD5F?w>CL0xbD7B6;7pPY{ihkZ?I<&
zD8~2mCE;5q1zeIOem!)b(dLcj?moDhJa-@VVr&6o)=pzt8;ip8ydSxSmtb<QRb0T-
z?fk4!v6h=F*6=x7vpXB&Cn~M`zje|twEzAPHo%(we{gts*!2Gfy<PlwE9F7sKQCLt
zz%TPCPBn&OLOQPNR0B4qF5vN)MpKeVCy(3MdVxft`O|JH=FbR~`Ik{?|46cgG!N1w
z%sX6}%8iD{8OCb)(8=bI5*|Jd33}iI#-sY+dYH|-OGQ*F?+C$0^B;%!?AVF~0Z&&=
z<SHC)Kis3zdW+d=245FpPDwDKag(4;S=3_HEFFTzTGY6pTj1Uu@mk8**6|-?)Va(u
zNS-EBO7vFpW;s6h!Xk@t+0>aQ#h)5x+gUcoJK)mT<4=YeHKew@M6$87gxuUkeqx+y
zVE3pjdZN79E>nse(kH@=5}$jj5##Hx8flcqAzMNA0<G&QY)cnuBT*?DM|ZR_mij1*
z18MhlMB^|U%vNkP&kZCV+eiD6Wu5<jk#X=oae#ICABRVc^WR>lzl;BGr`+BD|BGE1
z8zzJ4wRDDK-6)sn6$3f|i}8k)xn}9eoJJ2FFYB4*v%R;j;L6UmAnEn>V(Qt=jr0Fi
z3AD+-y=q|e_%`xC``u3S{^y`K*v0?0QmXP#l0=rG{;^mEx6Jn}uc*`#6tb%<M&4xQ
zq6FA;s=rsV#I%k`mL!Yj%QWj+!AuucgR%+^K#s4;OS8EmD2l!wU_2`Uc^Tm+UoKA1
zzWnb$ix0(}j0&;Y^%qO4EsebMr1?FE|F^GSPd6B0W&iWL0LatGD^;sBrY#HCtK7;E
z=A++e0yj5qy}KD9pVel{z7IDy3n0r2VvSQ(`&p3){>V=`!MFF?-xv2ytN0TU$?6=}
z)<?^<*~>sRwtL>}?NRNwX|#&3x>2#?RBBhGJ(nGG6g@+1z4s$=QKMB}#=ARS#Vx?)
zxRp)rho6_Ej3s78HYQ+UpvD3&;L4hTak55M^fE9f@%aFiYhY!o#@(>8tK$D8QwBc#
z0Wpn3j1|1D1Fx;Ih0&_F)5>PeJ8O3s@3Hr<UAbRrv;XX+sE0cJ-N64FH1od(y~ADp
z?^ent*L_AQWs1i6RoB`>4Q`ng{63u0*v7%R0PV85PWHgZN&S6~deh9_{Hs}Y3n$C9
z+XLnMA_DE@*qDnciC4RxOU|D+3dp_u)606qNLM`eq&;A1lm8-%Xgm3zo&IruA^)?p
zyZ^J5a?7l=Y-QZiBdk95qT96_YmKLfw2_fz4PN5>6}+(b2ZnEp{$=~zG`YSujkVEe
z>`rUNWIeNVz@6z*Ep75&&!V`$7FZ|$-EOZT|Hs|lZvWp(sXfb-i+Lk<x|y&)HYK}q
zm(nKxGs0*{6z0#qd4ULj;Q3F#bJ%a5|8#fvf45U?dVHi{k6~Qq;;%Xia>1<}%edg0
zocn#~6bbh)NJ6FFsY4nlvoWtq?mzg&X3>1kvy5DD7qhY4+r!C28;kJDM5cRy{hA5P
z3h;$YZ9dFdC6}m#T+1-p2v~M~z{Ic&oLX|uZ9ptsxLB6XatEL-&^7^co=4|gaLbg5
zO~%i*GCgkorvs&Fm>HZTp|9XYAVR%}?P~T46VpV5W3FKDh5vyhWJDQN6s7<E^m9g*
z^#4Yr>9}8X%m%=3DHRxkdzSz8;q0RXA`qrjN*YH#oSK~#GWBaO?{FbdCfuC4>Mjsy
zBN#?F=Avk-znM!t=A-ZC@5NMucGcgSL_YeLrZSg&l2H7vFt%jWgx*~BILrLwk2t0=
z%~q)kd*(eG%QM$+yP&_{#=;zdI+H9c_k-~W3d~jj2mOVcBVZT)fH9$LE#28unVR<e
zQjo!=yhKxRNbGX)C&;G0oYbD#benYHw;KExbxUd4awvl%W<AIWPgw{fgejk42#T9!
z5aU(LahBeoWqm=|yIjS3$Xl*j5)b#N(60P6rL_OfKE40=%O`&tKKK~x{J+7%`_H|j
zUH;E@%JWK8_DlZmq`AXsf-H{nwb)Kz#JSQ&NFss6EounL#1Y^z5cn;7IwHHxD1P57
zALKP3%(Iyx4`lIT!G3;A0a9tT7s78EpR#YJg!dsK!6k_>i(3odaXw5ixCEXm+ixXl
z5b_{3pS6ZB!I#^MM$E5bT71eWHhl4lS1S(ofyQQNJ|5G65>~|_N@<82jkE7>P3e~M
zPm;tFNWv*Tv<_H%{<Dz((?1&YcJjZCQjvehDc9;q&^R*h&gLSlSG6^D=ejz#O-USP
z@@HCnIR`$5k+Eh`1Jd7TRH&3N`fm)28%Dn4{5KacwZ`k1i>VPqtv4q8s(kQPYnqB_
zWOc(U7<0ySGcDzXtleIq_x;D_|6`X@{=cOt?IrJregb@r{CAI!n)iPXyMtZ)XDg+c
z^`Yazj0j3b42Su{4t|zj^PzaCD61%*Xwx;-<KR>KTz_3`znnt`p-i;1$zN`M!aHnj
zUOY1};+&y5=amzFbs^JHj`#%~4?*MN07N#e*lh!)N2+woPIDJ2F4LDvQt$fIcau5i
z2?lgLH)^YfWBw?Ud3%dc;YB1#Fa#N3Oa$c;<~)TMts|KIFA;Q|0P}=a0l{(=_9P-~
zp#KOJ5lPIbAu2){hDNiCG%!rsw^Z0UkV<a~reejE!RLa3>!zcP{fa~l<~LqSU(VGw
zj%NH&Bw9^LD~|9r@3xwfDjj+9Ux~j-nphN+Pu1te8IL0K+*;gN8?`6(8<J3<ZXta%
kkp6BVxfN+BsvcX{?8>g}%F`<U7XSeN|0<vV0RU_O03g`fZvX%Q

literal 0
HcmV?d00001

diff --git a/assets/fleet-agent/fleet-agent-103.1.10+up0.9.11.tgz b/assets/fleet-agent/fleet-agent-103.1.10+up0.9.11.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..688608b46bb37d0ac5e5e0ea5c82d03e5b7a6cd4
GIT binary patch
literal 3203
zcmV-}41Dt+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI|CbKADE&S(CL9eO%xa!u;Rj?!}Oy)(X!)0-a0&Dc)QoJlh&
zM6M*%Aix5kTvgS7KZ6%aBqdu(>e_9O_Jb_}3t#~*9z0kA8Zks2kuh@JIi3)y;~B}>
zqdS#ux7!^Y9@_uiZnyov*Bu-_>K#7s^}B;XxBL82w|8*xy!!~ccWcIGDU~MjQTKPZ
z)$ZJ1L<r|X6HNtINdS-%O_&(RDbbo?OhqR}sp*JfmVhKYouJ&PHlbODJb_Tl62pxu
zSLG0+DN02JPvG(Y{txux{z2T0y71rT<Jacn<Bdf*$x#&~#RObp<os66l*W8x5up-b
zl$XD3%q>vnRI6yIwSP@{Ca%>+ZQt>x@%{KKZ+kz!#dL`biNeTqA%WU-3rIn~uPU7O
z15y;ruig0TxYr9ZRH>wewrMX-QFu)_8KZ<FQw2ou4b|Tj3W$b_lrRivYIG-B7b@v=
zQZu7f?Cm$^5T#J74ijUcI@X$4O~=8yb<4i?x(9JD?sfmGEWB9{?Xx?%JE`OUl&})j
z-7f%J@c&>i=(h2HaM0i3|9uF}$rugt8zc-p2<}@*G$<~y5Q=IcXG{3+)KLOJlW_u5
zj|{;cTuu;*a>!^3Z_iIbj6hEi{!tE5a@45c=*=roD5oevmYh>Qwi-=%%S)wUh@eoz
z1SJN0aPkYu3x+FjLzfVzB2NZ~hX)2wFKoqc&rcHw!^#{}eStY3Peq0qSU;~UJ3jhM
z8{=RPUX6g^NCW1Do&nWB6%eJ$95c`ps@ip4o?aLgMaLX77|wveH8KWQTwHTFK8ja;
zI6kVn@B+12tvD*Uo}iwfw8q#60BRyimVuULz>be#Sn`aaf{_%tRTBkDqD>FnV)<Bk
zWu=8gQzM5|aE_@}(gH}Z2f6KIZdyoLsWi$ME@g>8IsE7<ifjcxLM}4ghY?}Q=W0n)
z?b74GT6uYT@mge<Kv*xjd_KMfkT|AFOUp*wLkhIGvaG`Do{}LlWlhX7^H0|bmxbWX
z8U$yv*fcN$A`!UIrW|HKM%s_zh@?6W_L!|W3HAU+LL@LGa%CGegYfD_<t0^n#tNlG
zN{L3erg{=M)mJa-uD2vE?c&#HjdBK?@2&=$dA4FZn`%l0*Mu&e(ic+A&MQnMY8AKv
zKd)t--N2=)dMZ*C?7<sLT_6*7@X`t4V>g?I$i%gooYrSb&QK|si4r6d#%9)^;d(-}
zO*9?N1m)v^a*dJ`W&p=EbCWeoX6HOHJ9jkdY>lT>!y_`hK!&Ln5(qc$!O(SB!AR7n
zOojy$GvnKVt;kX-W6|CooQVv<xq~fLh|D}@I_9~9yS+U)$I%Leu9g$ru&Yd@s#7YI
z(YT};c8pb#vSv}iJGOiP4Pz6SFI>H+RB7WTCKt>T*4Ed3M-aZ0_;X1mHc-W~=)n^M
z#H$V`@a}zJEK4=}dvz=Th~NrmiLES7nJBYDiYd)d#!Zt;PC3<-F#0QI0RVU?G?s-Y
zKbM4sHq`=6ZQ}xfqY<V$firQDPB1GO2Emw#q4Qhkris;bUitz@q-5GpvYDN=0JZVo
zypDPWo9|Z9Ufl1+&w?PsVL475rn)buI7OB~_s+R@o&Raf3q~}m&W8!I0;P&|aR*fJ
z)A#?+o(~Ro{O>+wK93;75#?Ad&L1-8&L8}GG7BMEECQoQM-YGSHVJM%RQueG^I%!5
zkd*5YgkPvm_*oU8;TF}GaAgnjZ0&O}pLd=H|8zulwcJw1ENk$cb1-C)&~jZ1Cu%=1
zDsFLe$@Nu43%C~YiV2b_NG<I$4Anz~CnQ2)y~f~a$J<v8vdxSve%2~?ee%#2)}t5(
zN-Bt2((($S!WBfB<aK~+jm$<flm~2QLlZ<-QIuLu5ACx%xjWg6|Eb_3I?hRPC&7R%
z_}@M34O;j==<njc_aj%7X9*nJ=lz-#&7fp2$WfDwXku8*dW^8jaqg19Z;>T4bNd%y
zKCiDBo_sDAJ~wm;VKSd<@vRcPrMXz_uj(<#vnpBbw8A8u&#O{Z;$jh21;hI8GfbeS
zUC&u89PeBF2SzqG&;QjH=`H|Z%lz*@d)|)!4W9LO^Z#C?KHo`EsLr$(I81o4+9uzQ
z0;<5&Zs@CxpPfuO(dp#W2Ugs4Bt_9I2~fG5FH>vB2x}DISOGxQyb&K7LAfksNXv9p
zL*(s0J9>R`@#g6GWSQex)=Me!q?QOUqR29{HEyK(^fyFLlBM18GDx%3b@5erJfAQ7
zdJEBxVX;_Ylr0;twvLNM($3UmyjVP5wzmFos+?5hIpJA-B&=Fft3~qd)^mlsrce~w
z#PyVjnJsE9eLjbuOQEq@o88FPt6cK?TAISNlvK}-1=skCu8%xnOkBT_bV?bH@kFJB
z5%+$~?Uq-X5=r(QXR~u5^h?Un4SE7*pI=ies=BiEDpFFAA!SrkRL#eqNl`RYA~-rd
zZT70ZW+{|Yn&MHKijwQ~FqVIQ&G^Y2C{J0L-Ne^p_zgJa8FCF@!TKg`72b*)@iD6j
zTKtRTY^(Bb&~Bm8u}0YG28$aTolh{jzWdr{b6xjFlYLWM=$m}}M%R-iKT>Cc8+U3s
zk<EImP$tmpcDv2=Z=@&-pHZ{qp>e;G&Feo$ZMM1}3c+YP`(P)X`TKcnU>pBG81$R#
zf4_Iw-^G9KMWQHbaDM;fDIdpIU)d1Ak`SD^tT)ytHgE#JoJH1K%wM15!~663a?Vw+
z0piv>05dVF<-8DCE0Rq4SfcVVV4H&N1m~}pvjTnUD_6#TK5-u(dc^-+vU&a&hP*BL
ziC?>jTf06T1Ge%1?z8s%@Ar4}|9+%B|A*$uujc%>Vz^<ZTlc75)R6$7b&3oioFL0%
zHR()*xC#>}gwhe^N)yKR-M6wBOOoNbdXynUjggzoVFET$m1&BYVYUxL90`e$O-?1+
zc9*!(+)>mw2OmelBpQd%4&@B!P3?&{xM6qU2E-166HoZVPa*v6ptyfCRHOc2x&KXi
znivKXHf?xQGFJ6sy=Y6N&c3Uy0=x@-1K~b|_L-XxO*AkmzFX#FRG7c>A3{=UksF1J
z#;9M4E95_fo@y_`_p7~~94pgg#KZlMTr1xHF|4^7)$Npdqvn0{<)ssBBg>l<Z!vaA
z(kn3<ozk4@1a_zX{+_aV{g*?M-rYICt?z%I9kk#7_IKz1?nmltzkTYY)Dt1;uNENI
z_5jE3ed@VjczaaPAK;1VNz#;(B{Sqa0#Z=BH}*{Z@zcllyrB}MOtFzTMLDb`M8E|<
z_lj@NPkmPSG;Hdcgf_kTv@ZT1<r(GU&+BP4^rg)gA3v=6e2XCg!1_>s$^ff!_!Fku
zj<Kt$xdd;F;kI^au|IAVFPGatQOIH^cPN|j-<=-3s}*2d{O8$0zm5NcUT=s0_aUwK
zy%oycdTcbD&xeCU<mr-H-lFdIB^yq*u2s_3aV4u0z-#I@!|AjRey^$4^IIkCG3%QP
z93L6|3P#PO*s>T5h0taUioXb4-ZcMzU&N;=+vb0-+n)c=4|e?Texx=3Hxh>1U;jRI
z4|ei<Wb^!=5=Jwk@opHv*8Sf>`~2^q*W1N^??vWwIs%Tc&iFs-ZOwcRBSIN`S)K8{
zoKOY!+UfERmk;}529(=t7^|x+Unn5Trul2KHm?pZ;Z`%AI6IJM?u_e({;b!reyil6
zdb4iHrViC!Sl7u+-RQ89K^6F074~4VyGpljZ^q<8X<+mU*$fC%qE3dwdfN}}n>+dA
zrH=pSCr2+{pTv1~$8BuG|6acx|LZ^R4R-i{AF{XSZ?(D~6!?E+IoRI;34)U;%9+cJ
zJW4?(uDQ|@N#49#AxjQ~`wMn@LbQF0RC1acK4IS_R2Mc~bE)833dZckQiHOtC{^&2
z0b0U^z38gY-W;pl3tJUb%e%QAiPw#bgWy6Fo)IQ^)pDs!(Ndwiq3h6nB&4$-a+k(5
zW{vxlF}xHKav>2i)Pynx3K8DjR_6Ve)m=LGI}5d6VesZfb@jbgT~Fe`8B95xyP}W@
zRCY0Fn!gXjQiFXJifZFcM+JoxV@dLyXqpnnW^oW)E}upw($c88yQ8LB<XXC`bJgg+
p%R~y-I8;>QEnRyOKeS8lWG6e>$xc2({v7}S|No1L3OoQz005AaF){!E

literal 0
HcmV?d00001

diff --git a/assets/fleet-crd/fleet-crd-103.1.10+up0.9.11.tgz b/assets/fleet-crd/fleet-crd-103.1.10+up0.9.11.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7b70f0319ae462cef6e05e2d71e8f79572b932a2
GIT binary patch
literal 50474
zcmbT7Q*<Ux*sf#SwrzW2+nnf)ZQGpK6Wg|J+vdbh_I%&Zy$^RER99D5_d&1Kwbpah
zbrVKGp#lAKd{YC_8c8ZM8B5A>$a-+I|72BXGErf-&{pB*P*7LrkkhcXG_p1EP*t+y
zmo&Au0lMt6aocQeV)WI2SJ^G+ml@;ENXX`r+xPPHR2!38TCGntrL6eg-iG+`)68BJ
zgbqkL$Mvz}8<PV_03O=E0DDb7f-{1h49Xe^_x-jd6`R;HCH&#RJ0>K<&OYaJBWL4a
zB#!X=_)O*H=5Md#+vg**rst!DQlZE9Zs=g=<M{R$<@eLeSZZ9Z@2%bGZ8zlniga1+
zOUuafm%5u{uH-<pLkRkjtbkXrVj%kTi)D^s5erMn2OF`-969+JD;bl_vgm_AbFqc=
zDyws$s8p;cp%E8leJ`{}=p>=J+5K3ID%p)s$b>mnL8bT3yOpr0d~%kWLiVOo${p|8
zdm|BcU*hBgQ_gS89l?I^&jctbZm&?=9{1p={I`>X*Oq%q1%e_`ia-pQucvHZ<gP)u
znsA|$B2_-WA7qSTA`GL6EHH!KqNtw_+GQdFy!>(xdx=gm!u)u2<VtsJ2eb?dMr=+V
z9iEH$TUEFdzeWtEb0>58zGmuc2i7OvR!+V#%*hkN41s>%f4`h9zkcs?8YrB66R+3I
zZm=f<q*wz>MU$xeA0URcnuW<27tI9Utt|=7D`t8~JQ9q=4lPLLyY7H@Uj6P4EB=0I
zzd7!2g`ThdiL(zu(ab5cDqJMYq)v_CGrzIdDNf}bwH5_}EyWZ8+|Fx)BhfuH+DcO>
zrx1GS6f-h%v0+YbBkAcWat*!FI1^!%&kyN8^|fyL2j&aNlH^e7Gv5SnouzNVxsjD<
zTo<oIA2ifD$=DbhJ%S>oNTMhXGTU{y!#AsLNhW39p($Ly4v|Gz_P{+ttFtx}1w=--
zM_e^ogBOx;d|$Nz$JEmv>c`h^_mkg})B46uzM;p;Mrz|8(xwS}Q=8EcJg!rUH$UGY
zo92QNq!pVZ&-qTGX&5{`{nqYfoS&i1&BpI$dfqR;Cm+3fKCk9*0~e;|PW;kOM5Q}P
zbapyJTRsWd6t)HWwCaWxE(uNRDY&c8#$fxW^$osWj$BS4gS7+K9o$+@->Z_yLS*FA
zaBb`AK=93|6Rq^ksDJ9Rzlj2bC#|T_$&}X2zDghO6|DM^n!Qx~2Iy&&@r;s8id033
zCXq~)jZ%;XQ>!phvP`R*grHh_=Ca4}vTZ)$p+Vl$sUsFMh`MzDP&W;a3v8VyH9Sc$
z%~K{aSSZ84#g?<@OScP7o>Tgx&i3Fg8O3f_NBlPFm`D}?R0%3Ya7}PP?HB<MT%?B?
zG0sQp3Z_5>qD##s!lq^7%XgT6f_f|Zk*<L7m{z<x9Hfi<5vgDm6|h2VF!QhKadS)B
zc0J}!vfP${E238*D%+|EJyl(%1yMbBjxoe#8pQnmfwHuw+OB7{Ojfv&0&U(R3b-Tl
z9y;Brn33w5d*IrAQeS!!Cz{K(evHy;|E$Baizo6VD>aEx(5y0i4@uQU5?xDNk)DpE
zaWf|4n~@P;I%eCGg>I)p$Gl@BZz1DNc4i+S(NYmZQG;=egyji3V{XX2d(c>-;JWs1
zOI09t6LU|!fgD%v;;i-AlC9P!|D==~;hd@2QSY#~+OMrQo5PWqZt%@$Ornoqs$l@1
z*<%eZ0xywW!<T!UPCgQ;Xq1faNfxDP`*hj9FLIjQ4^Toc6QJUs(PeRtbxO=OmLl-w
zek>nL*Ux_ew;4y<U`#^?d>(>Dn&I-?wUg@tVtt8Em2JM)*Z5Cj!te{oP^w<>rT6Tb
zIj8U@Bd*SnfAccf9`pCqvP}FTA)SdwIeIF-R}kgwf4I=0%yVOynQE{dbp>&T-nqub
zFCXpR<s)^^Og(EpBq3G;eUTT8SSFiD*wt$89gAtRGGjdjb8tu6nxp#>CE%E5R_(-V
zTQJs7D{alDf;Om&2W75xp#58xu&qzN>NmiRXA?=;JIvw<k_H_!lPdCK))(?EUJ_ak
zyIWL7_A!wAr_DY1%H$@T#Y%CF9wm$W^yDsVzw)c)#qegvT8I}4bp7JT?6$f%LF%ck
z+%NWV8E80J0C&AxFKqoHAB=mc2PS#inOj!x5~otRq=5ZT5z6uLf}ld%DP>yd<83!q
zToSKAEl!(w=4H9WXtKztQDOa!5v5qQ`sI~u?DINNZ2frIZLdkA3=$*`)q3AA{he%h
zQyNQ{EsZIk9Hlb0M<Wb$wazY*R^u`vac*$n=2y&k-kEBKw-&W6K3r=<m=W`A2aX=A
zqhGDqM5M$Qyx1xfRkf~xOzp&(sIwN0{#r-@=#tZ#Haj01CcxY%u6OWjLX7G#m-<^<
z7%gwbTk*oftJd`6XM2hkrh0P1pO8erRD5-!KZx!y)4O|`_|ScM9G_R{_b->H=w|_*
zcp5Srv!8~yadAajl0M?gjp6ywrxl64QaDNP@9S|~1s3e^PR<N#(Cz!u-zTqLG>^TS
zkqlf38oGT3fg8~HS$AeB2WPh1K@H<b7$A0RQyJPJVaXgDMQzOGE``dl=enBnLkWb=
zimW887;fn-(`JSPxo(1JON`03XRUy$O`j3d5wN?A*AN65wkZn9guUQGD*AxMyfGs&
zb+!mxW%<F#JP`vDr47c&j!X{ElGx1(-dylJ`(2Bg%9aDH{cZ%zH`sWA4`*9#ZR47B
zCA2907!F2&Y_IM%Hv=2zOIUZ1(fc<ldRior1Q)2Wi@3I(wnz7E!mRj8ZV8G-!ajz%
zcHyjdHgO_0a1dilaH$QhQpZ+R8(V*GVj`S1l?11WlQW2?>h2MR9dEmdggC?6K72CL
zfELDjmBgRp1P#D_?)BUTmpxk`A~*q5?1)>MW$y5iSTv71|7CF51Z+t=SrJljnYA%^
zVdLDZycz7xZx(Ie8*1B_*JKX_b&a@sf?pT=g+{clDyMpoyj9(8!G$aFZ2+rPFBWX#
zxHYJu>m#f=K0}f9j2(G1GBi^WVPdEGWy9gLq|TGAHm~7~<PYt9qXXatWj-4cIawXm
z_0)9e7*_TndAd<?mHI)`VwzOzMQ*<C)6Sz8ee{H4jiw~951Bo1aP?n~_GkzKCe!Z_
zdvCN(m{!I&io?lkmXW0WmkjtAQ>;0gc}Y8UdvUI51xlw`6V(JGvs+k0Qh`5}rCIVv
zUo&AbDVatcc`#L;**AWPp4c%Q;(Z2#7g#^`^n!6sQa=h0r5`@oa24X}w`=mNy7Y7e
za28FNZf2c2o>eB<7M(>pc*Py@h0KnRYw&W>I+117sTw$OQPPo9_rpXaQfDAKCU<Qi
zLeId`jat$3znR`lv#)wjLFGbeoWKnV3p@H=qz>$^vTd4=Wsq^&|Afazy@-5rM)^Gj
zAG;Z?6IJ0uida_Th4q1Tzh3);m+2rhY~yaUotBam!Be~?b3fGD$aqw8%Qg5I4w()w
zYacnoI||3I)7Rxl-{nL-*QZPYUmO})+cY9C=o$)LQw)h@ecxVlVpaYE+1TRLX~C|g
zdG_b$lVQU0_s&{4;Sk6Dd!*+HxIjTD)!p3m1g)h91t*cUPlos4Ds%reO=DG8JLZ*X
zfc+FwIW2J@Ost`o3CSlYJFw-{#tm3<{h-z?i}89w`iW9Bym#~rR3FPAe+xS&>KEj%
zQV6WI1%%?QxnVu94Wp8_uI2a9oO(~=fc$cE?2`!hQmw!<+Y*Z}s5$KzH8$JeIDqS%
z`U5@$n%97MEb-gL-VH<#RL0d~DESVm8Mmx=lHz+8O{j*$0)6;_1uuy=AY40MC&3ro
zORk>JQqhk{>$);ljn9(bA2n$X_ot~hU1+M1K^UcEd>|+PWtjS2?LPMwOd@X9B{p9y
zSsn9GL;4vIJ!_|kn^iv?Kge}QU^qD@xBDd)O;mEPh5Jm1wV}|?X&K%RUs|dIq%f0C
z65Pi926UxJsE6w**g<el7vHn&Xd+sg<kdXzWn3jYydGGv;W97IFPM7;+%<@&tmp%_
z-8w7}T~IvQB4syM2N!&~?x^$RYW@MSK-5*3k*{n++2M9fr(pR?u>r8XOrPPo8P7z)
zf}!EH_iH<*CKX@$QL8>wl7lHs%q>nm1C+KTYM+M(#@{-DEMC)s;Wl{Y*gc?ccRD0s
za?tr6`ZWBh>*r@Z3Vr_RLVWGpooQ9!yG74Mt<Xm=pPD*P6X)njO5qtCIrGnKj822&
z-on8tCg5#FyT=dHvimxTmhwl@51#L5`1m=QH~PXZLT741Kdc)nI3Hz>bq&4d%Wnh5
zOWk|3iWrOEctkX(=Z@xQYO!jz)Tni9V-R_Un^@dfq}a1jau}&#ZNBpw(&}}53+y6p
z$~=F-2!t_ynLjGj=Dn<%#P0MESr;wO%xV~12W4Yu8o*y-zxnwMH}nYR_`IjieDO7W
zKNDUn<bGc_eDgkkeZBg9ymj;G$iU2XNT^iI)c*-<u`@8xp-lHBYxKH2T3i*>)_cqj
z|I}B#3&o(Af)$zU%s;?DuJ+P*l~r`pJ<T>#26U>n+H`jHCrK^kjpV$v^>ZFB;ggC~
zmud9bO#QLBr%yV-C7IekKWn<0{BkNG+joOw?<KkxB+Wq8FSkmxPZ{26w$rI;<FDjh
zz+AyEh6%QvO6yW7uVQ~b+1aD&<GA>m8*D<;)JBG`Ms|ko>jF<rJjc~=I3a~&mUI5W
zQU9C#C7mh-Fl041n8oCGc|H0ASCwIB#&#SWIhu;ZoMFsWJ%eszZN7NTv&Yoz4Sz};
z>1*UI+g0-g<*Sej#0-P4o@(@n<kG5uG&)c{l)wBE-3Od-(Q^*S1AHbRwjO%`TzxXQ
zfn4vX^$#khvW*l;_<BXdHP-x`4PPLB3Uu6vEG$(a>!{*vCU*WZ)R@;VMQ(|cz(Um~
z<-_HppE-X%oYRwUem$uA`5cRE%VT02WC_Tpfcf1&YDCq{mndL@`MqChxC?iG-9?q`
z@V!2rr5f;ky*ae&7LHjsH1G_8C(n*;Is@i!6o~z<Yu;`cf=!0}9{0~ucisjz_hTwT
z=@=buLDxEogSM}L*E6{~$&rJxTfm#~Mc7D!_f{PwH0ORElt|#r4r6DKE}#;SU2={$
z1c$OD;(S@+){#CkCi7CvqeT|EtoPD*vEL2P5(aZ6T$hDm%|gM}?lHde*rw>nNmOkW
z7aUuBlSo|c@sps-%63{WA=ELq7wsoQd>P`jEZ24)?8kXCi|oCY`9jZ;7sd-m`{|_8
zg7p+pOMM1nuBHmj(5C07tFL~(A$YsQ*g<O}fh6iDAlJ&I2k+rU;f7rr!b?HDldDRK
zEW>1ePdq9%Nk@{8bLsS**~o2D=3kLhEsIi!dDJlMDPbz?5T*l+m#&uwjjP$AL}IJI
zqEA{^MZ##<NUCSM=9iz&s~-w62B#<7LgQ~uUCbWeg$Ue|V()GX>92TCj*PNLIfKy-
zKqCDB-E&(P?H!>P%MHAin^3EyNGfyN&)d`<0VG)$bPUm-VdD!J2Yv)uiqaty&Gq+K
zW=@=PX_UQSV8-L0B%{VJ!qQ!5v-nfFFkp&2^XECkO7(|Y(qKqs`Of|~yp(A%i=6mE
z>*Yn7y-yq&hJYDP_dj^xMXekbJ3s44rY0lE>(h@p=Jlo9e^$w+8U147{QVw;xJVqR
z?VTrMKg&zUB6J{Q1)Z6;c=+^0c#SLGG04Vi|MY`BtbwE6(E!(t^AeGxP*Aaf+3=Uq
z><cH>d}o;oY@oeTS{7K;A7#dp0Xrvqujfdoh@Jhf#{IacH;y1p)NRAMMK-(nWxrMd
zyeV?z7B*sYseT!ZR05AJ&moAw*4K8g^-zRYC*Ke5a#G4OE#9f=gVp2QY5nd}CzUgl
zWaXVEkR9R|sj3LF+SOXafr|2Hp;*|$7bdHN7Eu#-Qibo|yzeDWZfq@aq$S{rLb_N;
z!F>W&D#Lp>o}6DVu;0l(1@teV)U=6GsHCNKe+&r@l*IZAfDXrwP;A^Iu1j@Wf^r}B
zK+&#V%jhtv(M!;QADeHZHXuY)d#=CVJ{oZV-F4p^@7xW4T$_IEgi3OJhY5$?3Obq<
z*I*LI;G7!3!%4*RFrm9Q<5+7Jzb*1R1BYIGw)MWXLN=Vo85pOY(m`uxK9nlJbrtP{
zha2d*FMl<FRX2gp9iDw|?J0vGz<Zlk>_loDX>P`&8AZ55pJ>~z0(HUyOvZ2;(3v&N
zrO~7og_w#Ah=0M<NP03u$n1GuB-@CBFI)*5p-ociiv?2S8E_KD^{bxt+)fRq=swiI
zOOhUTS;}|WsZp$kK)V_R>ZKWC{#W<Z0`;;VtmDsFk&HquY_nV~?B8qK`;7l*#_|E`
zrAW!&yZknRdRV@`fqJLS(5}Qx2hgs4tpD-SmsEefRmRM$cm#^VAm}qg5uUVogbW)I
z9;{2dfBS!j+vUzyRNfv(e);kf<Ez^6SY~tJH~rUK?HO4~NYr^@yUcima}Hwsf3Nz2
zoo5&ReNqzgw4mTC*qMnK{{hZIgoo+xtA$YK|4u-<z28;%OD1gR2Hk`lluX#NKK*+5
ze0q*=v__b$#%fjVz|BzJ{A7HFw=jY{0*dN|A+40-kjlzg6LH)~%)4DU$T;V+b*mz<
zI4CX^x@Q}FAxBY2%|2Y^cEvcY!YiE?x(Dj}%iaB<5C5WzNc>mAalD3fBCe2C;dhpN
zx)4$EW)W(oG|M&1KABwZfyo~2eaN&jBF(qTL4JM0Pm!W$4H;*;jsm~%kn<BN(19Kf
z^FFQCtx<&s<as|ISRksMJz138keBQT5|8k+KGFoM25LhTd9A8qw-*Np+epddO+U;c
zRSfKFmzj{(nuZE^WP3rBwx(5rH`aI*zflEu%sJCz14IJO8TvJhEQ98DONv@3W&7WF
zTygwmKLQe5luI$1%PK>;s7Uo`MiQW3!Yv1Zf7u|o!8J=?K=&gs1w{1;W8KynK*3Ew
zFl(K?FTOrnhxVWyK;BW(-rT+w#q-(s^u6()z2jO3t9bem2I0HCAmS$$uukJ4o@R#o
zSzw#nLCJGIn~Q2x<vfjqVQDlyV<@GVn8Gk&*H1d}1w%j7IYfo=ob`<Uu+;E;QE`})
z5{0^U5gvl*mpEmm;*j|wb$|;)@$1^3kKKWrE>QRBOvQ|xF@)mnlR4)uu^GF_4iFxk
zt=iMD$|*ugj{d3wvlc~-ar?QJ;@5n$t*1ZAEz&~?%|I^frVpw=zIIzDQd6z}0i8Fr
zdxctXd?Cyn%o^FJXmkq4|1M!@p13QL+@G5yluj}^2v#MfE-9%dT#uH5<jMA@qHY(5
zjkS?Pz?6T_I(?5=QD#9P1Qy%2;#Q+B=617(TmI!IUAtBQ0}DxoZXLH0*APsmuEcZ4
ztynzp<RlGP!LvpdnQkFcS+7;JU@F9E?bjQJa3#|`xSq?sqri7nIy^M=k}Sw66=7zl
zkzR;-4%m}a>nl`n=8rpK?BK!h%WlC;Tf<X+zfhC9#z$nI!6u-kH=VXqBei9ch_Blj
ziH5aHr30)pQn78?exi3z-}@N0GWIw_L2W*9w>#qGQLKQix|JP&deflpa?=@Rlf>~?
zl+H_NbsAEqal)}cpw^+k#LzvoU2r4Yc-R)g2ulea<<I;B93q+)wLQm+gS)uZm1*eE
ztV$e`<Cyz$<Xg7fkj_5b9XQc&F>+G8K)Fczm5_M~REvVWdgU!@3r@VaP7Np{6t9=h
z>p|*DHle4Mo!juRj}-;5NCbO@v?w-+ptR4q_8RPuXqU9?X1hj+eM6Wv6OOT|kC;N&
zoZ)b}B6W2+CbVl8EWlLq+SZmacE>U;abbwga?2DwvbLYxOXOUSM((fc<Au9eRr`Lh
zfplc7mYAcoN8KXsZ6e_ZNyRaoTzhIF9mdYXK%()K&gAQ31o{5^P7_rd`A2f<(|lFk
z(S@YV#7ourCAcUPIdrK;d-wlfUcVAEOM1!??4FMa4g<{ub$>;ZS?aJ~&=o@G3(pJK
zfP(MZ`O!wK3e5r^PL-yV*83RYwnWjfx+BH!=vK-LW~==}S8ianLX@-h^x~akr_%x=
z&Jn6b?k8CwtK0cwSq*zP2=Pv%Zp$keLb{?iDKni<Fwl@&!sjAaPNQ}I5;9dJ|E`<V
z%t_@%1$KZJ;;o%m16#L|xb9~@_!=?sICPYJ%)n`=wY*TxoNn)Na0Ua!m6rXW-n<)X
zw1oz53ui~U804pLrk&mC?{A<)UaSK=Xjw&nOd@~5V7F;xHg(_{jJ%)g^K^5!b!@>a
zyv}m4f;8eoED+e{TR?94IHhaVsh41S4n^Pho1(SnV%@u<`VQcJ9zY=+(H67C*>WY#
z#US*8BH%DD{-j`Nb$>)8)M<st+fBk@WuOS5ak-C=JCLHgh{7E>Skt_o2CA;%EqsiT
z=`(IPAl`k#(K&mt(uo%GQKcvRhhVH=eu}9(=f#Iva3j<1Kf3<Ldf)TC9~8eDH1gUb
zX3rQ_+mc9q`Lh$=1_4+Wkdwm(sZPbieB=B4v4dGV_Z0yn8<JJPigXUCESoX2;k_Wf
z@~I>37b#uH*s7Dot?L^qX;#fkxzEOMh3edLjKWa3%}{{?@-IAL$x@u>%acgG9Nmo3
zDXD0e<euO-h4RG}vU`LA^Pwbn<c)!?xM(nUzH_BBVY79Zd?RpN6Sd1R=)s@P2MQVR
z?r{k5ScIX!Re?ASjGx@!-G-JS)*2q%Gf`#ipu+^xE{>3T<0|Q1X!&wSpawxQxXd4D
z&S^6_#XBM64O1pXtTF|%9hPNO>dcv2d}%Q_T?0;L;5nnn<~XDHWy^9#(YGeoE>$7d
zK313sC+9XVCqCmcFZU(p@=IZ*ty$0<=i~Pk--TPs)d=@8U+Zo$_lZ_IXVF}G8F0wb
z8+Hb6<g`uNC*Dut>8hHFy7*8wohBo5B$2kJ-Rxi6&wV^6=l_evBRji2yc!&H7}{8Y
zQD`rG_jR>H#!Y2y1Yo&nM%>l}%$gUB0&@yUu_*@knH{=<6-+>Ybi?lY1DvTS6^)pw
z{Y6T>6YeGA*0(-P>bdZTk&-1T(wOrlOnza3D@+8ZMPmjyR=u~w+oiV9V;asGX<(7_
zO<1QdUm@Z0cU!_lwg{Mve5QYNPSwyw#5iw#t=F4SFN+RpH6#`+kJ@M{n>kI$F#{tw
z=$q;3_IR8;={R@a{s=*fa-2L(lq6SBgm?LAPbPz!VjoENRHKE?Enznb11r}uoxOh!
z*YRg}_%x5?E_5%8La|K@DFp?%0r(-l{rjnx^NLZ3zdbq1sz8<|%d{F(sA$(smPXiK
zzX*J(W4zCuqb6|7E5^5N`(jM?rN)-RnMAhX)tc-#%1#*74ZrF-FI9GEG=G5O_A}!V
ze(c#(3iVo>cT4x|TZd>z@^$n1ykSW|{T6bmvBOb2qH?*HX!`Z6Xy>_yti^Ru@)1JH
z;dUDyXVTVn3l3t+ezyen^}AT&Nb+{K#M+gSP<ghD?K`KQG|XR4T+YeY%!>S8D12LG
zLWH>h=#9;)l6QV+ZP$WRNxSMl7l9a^jd&&Pf;B4W6tr!}eCC1!ZeIbb0cPCjC92Wc
zrlc25{|#c&A811Gaxuz0LY_3lRSHqeG^}=Xh2Dg(MVhVd5+$v^v6O&*x_r0d)7qF}
zf_=7GzJXPHFIjqzuWNwZ#luH<<`TGcRm<Krz);_QbxIeNA0ajq=aRW(bA!;>j-PV3
z=O|ts<JKsqR6Rn8ap7ns>(O~nU%oRg%sCE^$y_ZErmGr<U!qrORc-4a-`*~UdFdNp
z4%(3&l6L+*hYt3XLxgYty>xXTjJUHThxO9!L~?z|RJp-WJs^~tY|OkJq1mFh84<vc
z-QZAZTxa_Z;g2ZbtO+PLwOh-QZ`(X_%o`Vm7ZOzl)y(6JfS0*wi3ym77#(fv;~xH(
z+dZH2KR2h7^D)*E)yOUCCS@OYK1QzHPt~(|VrGbZG*1rf?yI}*mIs@_)>!;8gk*^8
zn_CVD^(jdHy>~6Js|hVYLGEQ03ZELCymw)nb&NMC$0_IVgG5kbORyTkJ&xPmX85%7
zKS-UExqPlxnF9P@QkQYxXG{zZThUwSC$&ob_2AxUn${#ws;K+;?Z&YLxxulgti4fO
zm=iffIK)R%uKyU+Ziky77{h9yF@w*1p|K=$9oc8!xd*gzxrP|Cx9$$B^5}u;JKL!v
zuShNP=aDcy0Y2Dz$tGGU%nOzSF?vZTrwQ`0j~>+XxA@FalfGWZ%*7GJb4t!qSPNUg
zCZDIa;#G5-w7B1QZ^Nr1jn$x=L~kB~&%`_Wp8!2bCFy4Twkx*`&7k3`V({qz_qyZS
z(DL9Ksb!rXZScx}NnE+*FL=%cO!1yT7?*e4<Fg-B1e&*5wnH=z@|SP~Vu_j`C2NzN
z(J9#a>5*DYZZvw-h&vP`aLGf`yUx!U+Cn|0zX@|e%bGl)<avx)R`bwvtHPB<^W5z8
zi5O-p?q$eEBc;hh6-GfW<cc^4YHfNeuR1sxtvm5P8esSviwO8FKYV+mRcKr&F*R0{
zOxjBcZY<|rZehCyN9G}Hb#?U+m3#35P%C79T;^@@;(b<9KC)_CXFdBqBSG>Gtps*r
z@Da1fdvu?6AH5~GaDVoH>~9Pvy~<492r7gB!`pEFhqnO@-k`DLZf7A4mvEAp(UQ1x
zmokS@#veQz=ga7;#}!12_@^^}ca?agld2!XlE^k*(1UMm?UIpolb0Q{p$l#P1npQ5
zOeNlqJ$KKfjT2Z18LH4{^6H?GJQ)UqiQRt!!RmIVB?ur68B^hkSrIm%)&;~Maziw*
zxaCnpC;#yVe*E?}Ap9aSZNV!qUk99Ud!Gqb_ytZ23=TVfe1RL${@sS{e!CN>tnST_
zYcN0k{=}a7`f`7|G7xybpZwbKYZdhQ>X`Yu*?fOL`M$l-^C;_%DR2#eg}ym&@pFHF
zdTa_}qjOiC+VM016rI<S*Brvr%f<`5@Inq%S3w&*cb;M;U!&P~TMOOUJPy{H)c!-*
z(%$(!D*ubHo#lb7RNu~egA&OWX>svq#~vkkqI|sITP-hd_&`+A3^=F&G)$V`=aRhl
zT&Rs{t9V>|-L}u%*jv_)<A#})4K0RX4L5)e=#~143g0+XHpON<;zr=tMnjYMCP!;U
zY4r_mj>+I4eJ)Eh2}EwpIn}lYCXeu^q<^`y>8wu{^x36p`A9TK?tf_t?!@BP7wvP+
z!;QQad+U-Lrmm4z9)B*4Mal<0TLJ+7vVkW;h-=QP0iWY!1wcH+W&?2AiK6kudHxOz
ziN>QT4ag0yR1{y(KdPMOvD0QMEJBOeaqhMc4JYT?h^W=7O5a@C(kS@^^~{dm$@rHH
za=87D&qxlU7DmPrckQ~rEN|7`9?k-H?Rq|87)MtOd~Y8zDR%@u@1jNw1m#ns*tqF!
z)k|9QP<YZa5#-Evse?Da)xNjD*=k;D^!YyTHjD_(vXrLd_sJQ2i8470S0uQEtPV8w
zP=wQ%xr{fkTT_XFHe=Zhiz1*yv5oQ~IK{<>QezqwVru0>Y`y?g!Hs*54cmTYer0ec
z$YyMp^PooHkWC}Q_K4EqP$hlDkjNI)Y<xz95<`xu$IR&nfh}^7d&CfRxr!-1&}3gw
zfz5352&koZ@t|*ez7GObu-+p>gs&vZ-rr@uz;ooHiz1^cItNt$(zLK4v|4q43S|~C
z)+!bRnVUaN?A_!5VW`m`V&c91Mt2mBbhf(dg%cCQ^XgDImyax};@!$gwW8SOv|J8V
z5eU%C&(fAGN@&6c1LS;9<2<-;1-a3oMwj=^q1!~Kot$l?cmszO*X`_2_vg3GIm&JY
zlyyX|1Op`Q=4MP$J6<ZPAj+?+l9Px~7Wcwi&VNbTEwq6kTkiF>+LqdY(lS*AGg_WR
z+AU89y1^nAk&g-%PZ;NP9kM)bWdKZmrx*1VXVR*WBJZ{D(}6g+IJU}>S1sIAm!3a0
z{^aE8X^AS)C~B&@F-x(niaUO|lF~w$$!W$|ARFV4!_K1UkwDf+CZ$2)J>xTeQ2nwJ
zx$YJqnt3QJZIaBzpVc^Y<a%}Lq4t8Q$MIyV3dKAhP<b>dyT{IHXh2pfg!H1@8bjVV
z`nO-8B@(TFS(?xjfc>~(UG+^#*i`QkZdMeM^UDT?Pzw@{0VW)mK)=_lFpYjZ2m?2&
zuAVpI$HoIG7)gg^96XfOJo~!^4_NfeEE|1ocUR!a7rW~!khbEo72;Bjk-G9Ni2NzW
zuF4Hu-&YIK+qwN8963=^dJtSbQvE<Ga!xwz+_z2@ty<vK;&L1;sC}jY|3eRNzTUOo
z8302}`KmeSrNm52Yz33JY80OHcc774daXFY&y$T+$b=Ot18s1Lj5F;3-~z$yE^nni
zk}GYQ$ymzy-H&GepyTmuE?~I}tw6~$8Px4uO8?s6lI@IG{0F3au0v2IDhw0<m^L8^
zSh_L0oUfDfn;fXwFdAWwH0hn<maUbkg<YAT(%s|_qx)PDDVDwl*@{Jqjk=Y*l|8;I
zOhZE09IY>7-$l`8DmY5OoLv#{10DYXa1LqGoS0ESZQkGu4lD^uKbk&r0k~?ZK}(vM
zyD)3{8!Y;^pka;bM-%SyqyK)rTulQ_vp5?>4RzzO8_{%X<cTJBUSpq}GIF6(iB$v^
zVagiqN5Z*UIE4L$xGDJiF*UWp?@qoS2HuZ1&nQni*P7#t(NXDZ4>>D;7i0VetIVy;
zee^S$n;b;V(l6U&^vTOdL0N{@_)6*$<wn`VG*(u|+QJBoa<GxH_1z^8W8=R|_C&+3
ztHsGFdV{;Si>3zqV-^y*&aa@sP9v7yU|KAS8HlC%Wjw8DLfA@ia?iV$+nx>0!6Z~@
zF-P=n;&8fDGNn<}_@CYQ4cw0s0uR@fX+H|tIa?KQb!Q>@;%G9bmt!9R54N-|uGU~h
zgo1qOQFFmA6jP0Xec-*5?FHOKWB~A9qF97q%h|X(OxVgHp<^bd3pjEr-=@Z@%ZsIo
zQ)*2>q=Tp@hO1#KfRH!a65)x-w9)YL5tvI9QYn~9Y&n-T-tGhBwBFboBq2-tmER+z
zK}fQKJD}QiCvCQDJ}#X=C#^7OE-XauU}cr5V;hfO_x%|QI5e*N>DwG=DqijKea}l=
zLPQ4yX?VA>#}1|Pr~aez0J~Fp035`qWKu~ufl^1I6y3av>Wl+G@zgh55nuvB94Qeh
z0x23MQh=O4YYW9xz-&1DTkJO|src{rJn`Smqe^r9vEpeWh|P|-0F_hwa20?-sR{t?
zPSrVe<H*QWH1{sn4mN<Med21K`9P_37C}-KfQN&=?xJy1TXW;$`?HKN`?_PmeP044
zMm@w;v~u0(fmFkq%~Nd>eTN~)Ndb)384Hcp*?^3ejbMtVc*N{AYYVw*wt7QgUs6l}
zz>a0$nP+juRq|G4tBzHjl&^gYd;WtkM7vcZrgk1&kPV(f&wd`9Qje)zu6?%<_HDfo
zR=iOP^TFHepHX}Jk6#Q}*RJ#6xHdcOhPtBR7Q90tU}lR4RxOrF0MiSk9J8VHw;Jur
z#<~X0{3O;~!EL$PNIxt%KPH>O@~gvw76a^(-?_h)QJ8gLq%|{aqCLCwTY}pZuejtE
z)PZ%*c{h_h#B$SBk+XchYFl#%g<a#x_ERVh>7?A(2ou+t5!nb^5_lNu*NULEbh#T$
zFAR&k23-+n=YowpiQi64n2rmAuorxWq-wQ>Z-m<13;_(9b*ZO~2*DPMclq^^08S-1
zvtUvgkw>-7EgU!S%+r0D203&w!CJY8F2ksx^}9F(JD+$rU7BFjsrwc{;fhwg&i=X5
zxy8oeYAcfmDwW`a5v#$PEE1C+kKHkbu#JF<r)SXpS7mBx_+{y7{O1sH9P9>^rbD#a
zU(v56F&y4-8XJCfAU~ria*LdCqB6x;H%G$Yai!g6ZPfA%D4QAgbPKx{JmvWzvSE_=
z+X`DAb(=H%>kIinjdI|5OI6uAPmX-(oFf^{$%cmd?+Mn8CmAhMI`Z#mapKS7zbD^5
z@*xsXhNo&?Im-pt%*A3Un~eW#hRG<JER-`LHVQdjbF%&!Jh%F_-iY|J4mp>K01auJ
zm5B_bI-Rbe_6QR9JE{P{n}FYF@@@U%54PW(w~~3f1tkBYyk=U}%EdK|zHBxUxS}GJ
zhx5E^w?tb&J1LQDAaGQ?Fua1UkaE{$4g`I&=#X1l53(XCg*_Rv9YHxtwA4*19ZpK?
z{Vw5&T&<UueaIn(V_}@*IjcPc`q>>Sywt1JY{pC9=E9C0`O=)v2_nOtAwmk25bz5^
zzeNhv&1Sxr5}t4KtS~?U=jETK)#4Y#SJZNE0bXi0%u)=SL#~K1I>roJM&4RCI4cX9
z)Xh~SZ<f_#=cl&N(QOV-mrrz#Hca4$1qzW7&7?A&auRBYUGC(bkUFTAV}dcbhE1;a
z$yp}sPHJZM*_wK?uR=SS_0aHp_eedwGJ(H(a7q!-rHRow;_@B)qJ!SK9;ag>FrkZE
zO0u4*Bdmh-Sz*#sqZIXHvlMl9(%;`UBT0FIqR3fU`htVHsK>e}304@zh4_@ES!B}V
zAXyqSL6L<dq-RZ_Dc|r;ke{{fVE;HEOFsCl+S7^^e)6HsV?b_HK90eN?JEeC=HYBT
zF-p;4b2+|yVJ1^VJkWd%gp#xP@Xi`SZ;d554+`R`Lgu&YJu@dEAYK~qhy?xf&PeCz
zM8qxs2)?@fUBA@%hvY4O@fu;NsxFx5Llwxc7|!365lOSo2QpOp67!Ks2~MDQHF9z9
zX@-N`O#m2;J<sv%yXfra3_#E^V&sKQ9%sHeMfSd4@vi?$ESR@Zko_mQhSMOk)v#Lf
zfI`|<SGTYUUt55qJ~6A@U*Zcuoc>#c91&mYP>+R^{1sg~9~HM6V$?cTJ?Eat=l+^7
z+!BIDeN;N1j6qk-vT!OQEWb9p5g|PWWCCRMc|B39N3k11RN5a@<LqW)7*avSB7_TT
zk$?ln8RM~y79gxe5f|%5<(P#k<Ehf~y~6jxE1!GsL16FJ580xDL2SA-wcIPl?X_tF
z5}S#+=hU66X~xK{5;uY9f{87DHeUN=#$+7SDD!xZ5H1%zv4l805$Mhmev+?2n)^Pz
z&8q=g_?oUK)g7Z23FynRj@||`eZM3epE5w_N8DKl32O}W+ETa1mOp@L#toB@fFHdF
zx=2oG6i2FUziFhIML3hd3pE$k1CdP2HcH!rZ0q{$m(Ujk66tZoomgx-Mt?%uzM_^0
z3t?62__=J^IMn_~)I`0K5J4$e9tmJ{1KgE+F6nDRt-t|VC9jt4aR)b8H_i#G`{3-h
z2PjLEidudeci^YLdP?VWY-q9>cTwHOXJ>O~xLc&jvQM6N6Cix4*d^efylCGrc)?s;
zL5#QL*zgr!4NPHN>hj7zOK5n`Rh8GZ`#Cq@g*3lKu?3D`k-wm8P%sjyzgO&>GWt%p
zmjA-+wComO4YGHeqJB}+sO8nQ)4bz1N+}SZKI*vQq)p-*k{ii`5kpgCCtVV`w`7v`
z`&)uL0{+S{w)6qTXbu}RKQE$i@nK<in&$)ipiv5U<x<}VsFwbg<P^qCynEnX6>x&t
zQ?i(V^gZ-;9aJ+a)Q1Z#$+7b4Yw2Af;7Cmwidio>mdiF@U^ogj9#pgc?ZEV`$+l>m
zq)Nu4Crew;g2?E=2_BLM%$+l0m4v>UC-bPGFYmPIkdBu8t;WOtR^z0S9!gz{O@eKB
z6d)S|I{JE?2N<)TX{5(Ue8dam*8;J=%fCLc={crdI|x-;v)`<Q^<i_6xQADr=X_Qk
zDH8tmqaWrLdxCGI#_2d;{C$zECp4UdRFK)o!;d}6fZjBNZ8D1kw0MB?l)I{!b&&fe
zdadeECvM+w^`lakWT*<bn=a`_ZY=bVW5(A4H<kY+Lzq$B(g(afOw$*%6m4HHJ3Z`3
zkAj(>$xAE?@%XCrn90L8Q`X@WRr%qvN#c0?-dFrbd|?^fY%Em@QSKMpdMPz_q;+b+
zm0S%zfgSIcAnpH_U8C=rd!Be!?IH%x9nko0c%#(pBFLyZxAGkXIS+VBSNZz$bai2M
zQLq>nj5)ha7DK-H_B4=hOiE@4aLBHdiY0cYBZ9R}IA}j{8TswJ5~6PljR<z?u;K0(
zLj9{;IGvwGFT`%Nf>%6PcY)coe1~J_2X{B|JY7qU*@iPA4}>&{?+B7vG_A4E+RP+C
z-o30^s$YxeIMRE=bMDG^E4$nDnn{gF!D<^jP1`1N9r0I81dR3l3ZWdCOh8exlm9`1
z4AcpIYm%zLufByd-8PN~bq=%uq|^bFDtCIFG*qm})h#zPxbtOr|2$O(88h+@qmS6B
z=mY8(e%6y40EZ>EZ{?0<SP0{uLL{l75Aq0(nEeoy)4mbN>=Qw-`5Aqy#FZH6AqF30
z`?#5GDlpxywUh=ogUBGnhi4*G{?j!(e>amBdN146uIwzInf5r5!_%=P4W(;dIIQS4
zuKyP|4<=dBIkq;f+NgO+32piRt+4nVi|qY>D=b_k9}iDsW%~NB8lP^M;Enq|p0^JZ
zcF)-5b`;+zn1b<Bxckt8Sel@yMJ;53Ob6aW%`)L?oduTorc}<##@^nK0G&PH3rGRk
ztrksl{BxJp0KWpqxiuuZGX=MeukKr0BMW@C+H2tC&bhvz1nTwNXT<>=Qz%YdfFI<%
zBRiCRBP6|L%7W2@w<%9_LFg-U)pq#6%bp{ptuaXXI*Sgi<@kA9q=st%WHTs${)U&~
zYZS9!u`2g`CCd)h5oR67l=y{SP6}tzHc!j!Vd}4vNPG#Yu?*kcIotw94+YF!KMIvr
zEi2c82g}55fuqB#qUnbUR)Sl_7TT?kh-IlHmE_PI$huA9ZveKb)7c2k7v-F)*FS);
zTq(%41VOo76|u5Dfvu*?MUxq+HxNzF(VCP_R^Sj&bY0ZEtmRfr*#ecK7PeM0?6I7_
zbpzV)qpp3<)<wjP<_T-a(rq?QQ2P4=o_J_=^`0=}#(5_2x^_?I=_lMGHE69HQC5);
z1BlAKQvmKsL)298%WucKA+BM5RGBh+4<lCrfo1oFL5bjc2g4T+D#f5A2$WV{S7;i=
zK5ABm$#KGlzg`Q_Zho=Xu4dynhT>Vfzln}aSKgyN<o<6&RZb_c(x_hrHV=`+GgVPh
z;|~T6@UuMZ;6M0TXF<e=HE74xiBmOJwoJR`>1SeunS>?G0C9wZ0x;x>TE~Bo&e)Jq
zJO~l2NtazB=m-Mjq7xFUHEG+XPLy~1q}$<_LWTA5%`#yMBq%zGEUI{se+?4svb&td
zD;O>{X#M0-O+djn!=JV+nfj9$-L+AGXty|b73XOSw^<0!{-p;@{>sVE0Q1YzWH02R
z$Sw&f#6O<@_b9{~qBnn1{TFj}D6J7Goo}RdfSOto0{#?Y7sTHDFuy34%I>O!zx~+(
ze({B#oDcR0%l<$0_FiE%>J+9-898OZ4bn&9vM9<bP;Kyb#82=i4?%bI9&(ZaT#q-z
ztv$i)imJ9MJO_GrNHqNsnp^BotAUjtQg*fk#-gnnPub1ukik`>lmq$(q&31r2L+K?
z62hn16XffEP_~rXY$cYl`5vP4{>y=3epH8{*3u5?ofQUv-7i?Sz7Buc-B3=c*Ip2Q
z2?Wc93Lwl|oc?D00o6rjv1tEonP)_D3Z@cRQb9Z-IoX3(;}EYzSTE9tq|k}U$p&QM
zqjG!O=VdRnNSJeY<Re@k@}d{Ma5a2@hl#t%Ft=%=(G8JhrHKb?-?-(Tu2J&GsSfCy
z2kHc8ssUuvGA=`2R>8OW(1<fgP%1>Nja_&L`c5aD7aANibT1dotRgx*B?PNiVD}MN
zrcO*u4b*FV9la9Y+hp!nZFG`R**451S@bh~3`c)wuku=HH+z|RwCWPJlw2#4dAH0M
zU9!~puBF`IkMM2J<(o(}T9%)~cECCHIqbom9Tq!A5z?n~LA32X|E~#B>-&!h0xk;m
zA0`O8<6jd5e*3>o5OK<+bReit5z~z7lv7PtiEkv>rI`qbP(PdLK&Soogj^wDvTjj3
z;)xsHEUA4b-)>gnbVO!;cQQvC4sh9it^4vbeBZ3FB+aT2Zf`5yG)OBUKBiVS6eat1
z?ztO9VdWQ%8{KjoHGhyzKl4$RnYz_9t0ErgV;E+r`ss#Qx7=U`c&yA2q_`xG9X5kH
z#Zd^=rQsgBw$Zt{o|2O990GW|t7TJ~Pv3%!dKWdu&-P^)Lx@xLX<n<{oCg~~7teqJ
zcv$V@3nH`usR_wUPH0n1{ulct$Pee4VJ>0l=|q+Vjn&<cyh9G8m`qqxRC$z*5$`Ta
zu92IXQN0(i?%)%Dl(p<-pKeb+33JysDlOw?lHD3`d$+Pb<$jF@{MS1`#Rco(fLl)>
z(F!}(mwSwV@XA0-8qWUEWc6+5M91p1JMBf7r}-S#H=f?F08$F~lw0LB|DE|mi%qYT
znmWZg<(G*7PDt}@-Z%>OH?h-lV_2DWPKP8BwszqN8{cMwLc&rtMWh6z;ubyg?2I5R
zg`eWr^;2ziCt+irOYZH`aupnL{Ipa20svi$L8bI-h}|OKq1njk1M?Bg_=v=}KFIYv
zDxI3v2#UWRJ#}gWRxdGbtlS-9Tlmh=Qgd^@(J^0+yxqQxsC|9)`z5ZtwbtbI3gB5~
zRTz6ig{gP4D=30SkGmh(8NoNVDqDN&O}!r~8d~f)A*9W52I+YygWdswwE-Cz>j#w~
zGU-}@nW;&-=F+&d00DC;PM1PUxhWYbtP=UisK}hKg!n92n}_Oy(m@y2_0`on%qBzt
zkK!W~_Yl!8WyI7HnMjr}bsRHbVPvMF<%#|E4doYZ%8RJq0?nx$sOj%y{wZ2q@)#B0
zkwO%(lWVdtkaWx<x!rg^L<SJ#Kv-O6!0|eC(bmixSJE1D#r-_-!nKc0x#4)Pl_&gz
zLyLQhob0tWGaoaU0je<E(5DYh*KY_t_?SJfa-uQ=WuX#(DF8CyhpJP-l|?p|c`qDE
zpypgN9l*fW>Uw$;ep5yJG^Mu?xQS;XoLJCxuY$S4+M(JwZ34lfPy_#M@fdqtmM(W@
z@(d?UuEN45Zex;1cicqG?h(S@3VI(9XBq1X=5ez0XOaiZ>u_TDQFRX}OhKCUZPk&1
z<}&f7Nk55rt!XA>&iXSYW;|>jd<U*heZhaxq&uUafVSFD5YOUgQz_xxf>8o@5XX0W
zQ;~wz_07iGscl!p-~3)jhYOJ)pW0<;Hv-oB#WIEb#bc~5djCTW?x`XA-P@16R022g
z?cS+{mMF}`>a}(l{g^|m^t4PhlPM;!Q>@_zQKFa%h$031BieywDkL`{WKkW^F9BV`
z+mIYrVI6!(3)}Spqc9wv!8kgMKSgUlZ|mf|TH8+0?3WODUzyLk5V>FHUK<gkcQT`a
z{(P>0{^m#8eGBXH&kn6S0QX+<{Pe~A(@cCE&uMRd2-)E;0j)Et*DIx7TxfL3gU0qc
z;-lqTiMi%Ha>>-1H`KB*d}DS<2Qb!Om75egP;GCI+0}5_a7dQjFsi!#Tw><5+Uit7
zhQv7lv@aq93QV*b@5OPc!Ozs^k-ZzL(z-i3nL<TAwXDjHv}lyZPIttWUheW~d~6xm
z#??=^Iwt-WoTtxZeMMxa3;=O!_~eEI;}Ctlt`}6atDtRpS+)}T_beqmjiyz$p(_M`
z=JfL+rh72Vax|mx5wikWWHUvDWinbap&$}17#T@^?azyF207WDGR|=IVamEmh^{Np
z?2n1D3qpj?FfG(WE}5?NiW$33tD>h=XK$Li;djkA2*#y~qsPz~YAgGX@vaBq&p^H0
zyjwQ4>0G%HK`ckJDkxa=jW}{kVNIOQ=yft58~rs*;YW2Xp!dd?SEG#f%|i&WXHf*^
zrw<>rFuUH|Hp+}mqjFdKv2WF$X1BNC(Vwwq-)lj<uABy)#g)aO-HRdzA?}7P(Oy~+
z;ZbFH_`erXa~5$^&=3;Dz2IedOb)wwX#^h*WLy#5A8VVG)F`hCp?Tuxa1(7p75mC#
z{I?OnVRl86xhk?QA3cuY_GmmvN-CNH^Yh*?q#}-Xy7(PA@KS*OjQL}@{{(iXTjVmW
zKowPGA<T4KF0-peEN4Gme)rOxiepv=mtNTRCUxON$YkC|=;#UO>|wTQRWHN$FqoPT
z!+IhBfhF{8H5N+Trw#C3kB}$0(8*M5SDXkCEg9v_Wiejhv<0fVduo{AaqFUlaY}tC
zPMe(o1=kx6)p;9g|5Js7P|YW)c_cYxQKBeKp9lYhg)G|U^kR~B{yTnbD~LSIiAj+b
zk+f3&5{>9ggeZuX`(x`JLM*h55Fe_|397J$YQJ=M<fV4RpVlx;al{bf#U~I?B8;>7
zrG1714Rf_sMbbD6m6|8o!5WAZi6+l<o7UOk`*cT1ziN&+l6X{SVgK_8GVM8BaWFwR
z{0e9Q2!211&=o2LAq0=(Cw5@-ix(trEG%m!2-E;*6e1JefdK&~rNe4`_6t(K!`JXC
zAPQ6hYy=WIHdEhvb~xamYB(5x=Snpv>=%YN4C%ZWQ?cyXquBjvpkWO1EFOC4(tj&3
z>w^w6+wtw97KPIRzU5PnIXcpJO6j|4K?-s>96B5W6NyV$#KwYTYXY?iI;?Q5-%lg3
zXrmgxF|hcyPF-ko$$^cIhlbtDLE{Xsr!OjJ<0ovDuxGg;3{dL2K`X_;&BqWWv72@r
z*=;n)*Tq(;-2Eyo-(zan0-by^kL{LF)LJFMgCpY=g<4|}h)*yw4(P3AG6Lx{<P8gW
zeI6<Ws%8Fdum|lm(B%sEu>MSpg}aHK<02}wVkFY`GpN-SddCr1dtea`+*T~qI^^`i
z^dJDJDpqknY6_>}Ry*1WDP-E3^Ao*e8B=XXo9E|La8nX$0oVzGcW2LxI%cwg1_s$0
z@NLy5G~;X(Iu>HzlF&Xb_n!dxxqI^<`IYv~qJ5DIiK?Dt*t)C9M*o3R!f$W3%qar)
zN(iWbL(EcGUsIg(XqkRs>wG+rLcS+>!FO*E2i%k}C7MQ`@QQ6)Mmo^?7>?b+Z$kem
zC7zis&GgUAC_bB4FlQoDY9^p#!m~S@>HGVw1*F&b)N}+1V*Yg#m$4x}Nd8STU+oYO
zt2D`OqQJ&{;3tvz{0%Y(d9EsIRU(i75-5-SvmP*|9g_P16XleX?BR4WHT&QBWi$L^
z3<CFUkSQCw9^%q>qo-nHhKpp4pdDsYu@*t&@9uXEOT%};e_|@ED>t7{EfT{QFMmxb
z^{Ab<YnPSb<$K}#!z<J*bgPd+n_Ck(M_rXP%;4;<?vLAvi)lnX+1}w4W|(ZE24xV~
zWHQo-eGp51VISV$DSexM2o8nk_$rfCk`=Sv7(<aT)bjM$Ekm-V1-2(cngpWeQGLM|
zBm>K?8T)7g!L_FC6OneV{NM&161D|}|1==0PgB)f3PGyLv8JP++VLT`a08PM;88^5
zz>+I(p)~}2FaF8>{<#+TVO0e4dimfimTW8zJ#(L^)WjW<nZqDG6v8JrMn5J`t~XUH
zxvZKXdQtIrbDA}cfEA8g!B35O@Vbem^yM*~h1XQUhR!rZ%Lc@>Ld_9a<X;btAqa}r
z3Zu%mDNe-plg)x!2V|S2YHtY1h<Xu|-M<KXX}pyVlRM;e{cr5|DO^AD+4~Hy{7IM?
zSEJ4FB3&kQ+CjeFiSB(o1JC_`g1`D28;lR=uyxOB4X=|0u>oLWu~s7%vXe;q@s*yh
zg?D0UJujda@S^0&p$d;u1kVhFU?`jS&z{E82K?j8a2<?I1qJJ@p;J=e%%k%``z_Ra
zih|I}7i&vH_Ifc&!iwfON^3v#w-5!u{|{OJ7+%{CEpEeYce`sFyKZ-F+qP}nwr$(C
z&0X8JjaBpM`JMBBzr0_Pkz{1fTvul1T61LN9&k(b6w~XWbFgb!7+O9hwG{r9He8<&
zATX;zKOQb!wreNefeAKmjM%@;3VCgg^aY7N!DpBF)Lf1F^H4#NonHhy8UOT;5dT$<
zRB|+Gj4F{3Frmn(F-Odzw!&F`3{=(a{0w8vPzhw&_(;gkqpW%G&B<JE@nF=lBdl!;
z=;gB8GBF*;6;uR-G|E8xvyv(_^l*@%Xgno~+O}Ibmn}Xcpr^3uuZkJ)8uh}HG@_T7
z0gpj9&;2s<CY&Wow&DLds5)|OSbyL*zjTaF^lGf~dE4BCLOP>Gk&jB25fl=STu&%3
zFa0eL4D)Ox7AiTb%i^XrxBGe2&?IYOn0H(;L4V5iJ^PGiHSb#hqDXLZItkJZ@6+`f
z(+tVnfwvv=mZ(JNeYU+XrQ0F*3LQVG)$i3#qLh`_$(%YUIJdH>K>5&dP>9{Y&T$8x
z$@)4zN5aWbjs&Igx4C0CA7>Qt<2bzd5rW3E43x1g8n28iCthYI)b91Y=|)V?=ly1T
z4L+jN2YN5ez(=t81B>Kiy?(zKC(gSfz>r1Q(e6^QyT>K-{89Sxt;ECor*Qr2C*fYc
zXe{|gl(Bgq7F4~^T%GwH`AFT8g`=tXre^Udjf%`0q8wJ6=7vL+zKV1oGDf@dAycbP
z#2QQE9iEGDM({R4iJQQo6Em^SUS}`Sr#vHxYm850rr$*|i|MIGaQpY8!`T*P91n`+
z4sN~hmk^by9{qDb#4l(x`H(y5i`Tu4d10D4AA%<T$3ELJJ~OE4hI1b?%UG2S4}>mo
z-c3R7h2I&2yWzEJxzDQ}@?alpHdkDVfXk;m>%V(%#-1YV7{A$1<LYD3E^bhn8AM(G
zy!L<?Tp(12IoR2D=vM<T!e^d!*wZhN-a<9Pf*5b&<iCRsMHob@AKrI2z}qhLIXA}s
zLB-2vcOx!DBjQS!C$o?@te42PHB}6ubIgXDK&UI=jCHq4DrFsQbfh5Kr>gcc%?jbf
zlc{xMz)CA4Sy4ag{u|=}VY0FcLaFe8w+ipdEo~=+j57x+%G8he|0lY<r_B<RvK6TG
z{;0$VrtgOR6d+^F0*K!D3e#TfOMiNNS_cqi?1ueb|L+p7xY_@wG%A?#pXN_nh!0*O
z=>z1i1&D@%I4sD|E%4luU_L;}9QDUKaDllu8t&>qA>tJc4+d5ApP1|R`a^2E4E2){
zh`6)>;u_OT@YO5Niy8PJ&;_lI@%w!Q*#_yUzDM@!@HIy^%(vzwsDv^rM*e?J@7eeU
zq+w~HI@7U8gu}BR_k=i!E;hMLog?RuF3A3RAdmFs6{cOFa~-Ncby_Q`s!Ec3VRB(e
z)Wybh8okAp3UMgfI{2BJc8WBkk0KNaGdtQk4-q)=1joNJstIPWClzu=5=ObK`@1H;
zS;vY-tV`MmqaYv(PKyU+F9<N<LH*SQOEe*^fcP_7pCAjyJ?uMqVToPig%FGbx_8rB
z0B#S~t_Vo1HG4c*BZ5eqyaf3-A}ws78jfOa{Lw^3m<;OftT5}s->&_-%C&tmqhjzG
z{JzY)#HTi|=lb0Tz<zudXGY~=s~L}SMXI9S!jaOO!@PYiL4}L8tIeig-R^QT8nS9P
zkYWYJ)9jF~=w^gW1Q35AY1MlTBuN@vPk}@iU0ar;USajG(~$h!>)WU-wNQe_B=!Y=
zXalX7IN$u$)|T#4D}TjqCx<=GzBT3QlpaPrUajVOt-N7X4)`QCG`C#E92tK>RN9Wa
zJoP)VHCB5lw^_cB3j}gD)qtVYqSOoxZ_drLbw3&k;YVS#TVC1!osxo5DV2s=F4FTJ
zhf0y<!-C2ky?aLws%AQQpGxKKMOQl$1i*au^3L2|-o%>jd>!%na?9|nWp0-$p`qDt
z_jvDJF8xjqDU8})Za=cCPlLc6WPLA&i9yODDL%#-9D_OZ=C4L6=vCg^#!LtI0h_5?
zV(g#KiYM?r@iyw?j+l2@<(J@PooNn(O=r?XX$#$^!@pflbp(~F@@%5TnHeu;LD{-*
z_y3dsJT*wQ@t4Z#TE68HnFO48B=&dUm)`1ab*<K2(+T$N%DXTBe%EN&wUy>=aIQ)A
zPC>7p))HpQc}KS8br-tA6i4sJejOnD4wys>f)ILI;n#DB4;i`;T|rpYRrIi>!Dga$
zd@0DiJ>5I8b>2lQZgs;NN^84iwT*lXrZ!S}R-t=2Gd&%K{@QH^&$%Muq1J?KpE&Sb
zLj!GcLLR83!@St}B>f;IAr|A+l_KB_4BQj9eEaMfhzLBlN}WTie<V?5!8}og(VY25
zI0F#PTkNWEX$F{~0yo+%d*RG_fl5=GN{k_;rVFfoS|#V`_%Aoi9vGU3%+~HN67Z;W
z=A$LxF%X(9e`{B2T$LOL6)a)OhR5n?GIf?AtUpvfk}>m2Pr&54OL(Whje-#!1Y%&z
z%V*HrzXW&s(e}|hYDeEW47oj?oZN^jRPcF-iPA4W7o9~z6vk!P@^jUH^2^TQ4Og<s
z%>mQt3m-Z30pz<IY!I@U&ecx~4ea3YYvdgzsaxLd{~#2B0%b}sXHD?gF|$O%6?PYI
zDg^?8%KJM^fmM^PVx-;y-Z-i|i~RY{vm}*k%N6+_pQ|Sl@{;Xc&o}T_3fqaCnpNgQ
z%_9)9pX(n@ER9Us`;UXn$Z01i9$W1}uy)tCeRwNtByJ3!BslH=*j}A%Q}5+6$&Y;i
z_~iY9PK3+D#3$z8BPa;#x-Y?KRYOkE5Vbk>rer1hc)`Qwm>!3b&s~hrZb!$=J#d!$
ze@p&sOeqKXEr1BnpKEVEeP4~N^0}n?kn+~Lu4mLN+Z5_+hSYWQcl*B}hO=dNMx+bC
zME{yywT}qfL>$~G_b*{ot!8S>caNV7qVQCkJ&@xVG=1yCuh{JnjGA$~d&S8H-oeGy
z$y01ih*B+V+?gwtx_^`W`UrXXpkh=QFhH8su(UUM($V$_4f_DqCwCWUhJZAJbqQ}_
zt=9IJyFXYZZdwfx-zHxvBb+K1b?oS%W|;-|Gockb=FhThkq@`r5|9Wqd?J`}(k$Ih
zsI5@&%5{D$Zo?rwEa-Es7+SP3WW<!0$}Vxa;BUvHT45^CJe1%Bi)3xyh&hYmBw-p(
zakpr-nf}*p!R>rZ*K@DfDZJ!=5B+CrnF1rYN42D9EK=^S%!R1xGI|QzhS3Q#Ra>(c
zC=us1CVzA^HG>%Q_59gT*Ny%-IFy@<eyMBST2c$E?36h|Bzs@e@WQiMQ>(dlPMZb1
z)$poz)V_rxA^N<5efTCBcL&;e{$;iem_-C^O>R|vvYOPu{z&BUtZQ5kga(uin2s1~
zL#a4^v!Pc@LzlmazI#|z)Uq|+{ri;X#CrtU*A@;r_7@!kk<UndG&U;4+490${OCzu
zh3x$+ajxuryJeym&)CU-iD5_9AwZl5zFC~-#`EAHenvEEWc60G1I34-CN&1WpA3wq
zg><{uI3uN^w)*x7O$&u3UQw@w@O12Q>|jLS20KL1oENi5{y}1>Y9>zbp$E>#vsTGw
zNu~X;q;g9(ejHX;pY}+I;F3H$(2A?bF>7u!<P(*PnQJzLvYjjt#oi>VkpJ7*Pf%p0
zoxL_lPqyDusej;*n9jTkMk_h|qQOc{HluAxFc(<MQv*ped_%~}`x@PxKiD7Tj?d0N
zMHuu$R8cKF`U|R^L@F7mi{Hk)prY7MjtMIc*Z;J~690|r-+90mBQM<ZV>GukfZsD<
z-a8~cM1^Eee)YL_`$Ymh6U`miMjdXPYGJ}e>tMq$`XQVMKiiROrj@eDQI`5&M>+Et
z_RylC&YZ5t1a!{bQc1hrZ@swV;K=Geu@q==0~<l?IESS*Xhe{)L)93(H=|Z8v&1cm
z4r!OlF&pN!YSPXnqt=W|m3Zq0&Ht&Z#i4%?=lStf@xt9Aef3J1`TPG%h&KLbf?oMQ
z#tTJ|SVO{U!STr5It)SF`xRxs+U%c5yi)E!Ju7AcXcb(Ivp0Zr3&6gSA6%zLA&EQA
zkzu!m;qvCeWO);FeR+;@WnWJezh0Akug&v60L;ISiKsD@qFUWKFIxKrc97zILDo()
zzE`VZ<)j{Im{7#5`H;nRTTjs1TB3|0O#Bv-ipuZ}OrE$zCCBG;!h>t11u1S6i5!ME
z7BDgEW}|A&wtTi=?jhI<HQqu;@xcMnktC~AQ4qiLem;^g^0L=S<@=R~G7xqPN|EsA
zc5jEuT{y)Y4ycVggN5>Fx;wToPN^*;{t)0}S3GN2w+3p7JZyy7hkF}0k<K$8!_62c
z#Tf8Sf}m~5b8}qSE>u`XtVW-kz^7<86*{9wx84?9L!A+5hL>4i{#hfpzzlU|dMS86
ztLL<A=*0A$Tehifi8oUV5Jhenaq#lBq>E^Vh`m;}eM!-Gn`{x~#0;9F5z%id)W^88
zz!7<7MDQ&uq}xu4Y=H}47F~~+TCU^FaI+S)i?w%kitWS>l+WUK`v_~HUiPGi@*J^*
z9kdmcP}PlWh>y8;Ruv>)pHhps_UyQ}?|E{l8Nra9qxrq)8Rhr^!Eb|GL%h7Re-ZiE
z8tNR^{Ay@8Akr{ppI`grYnG1^bICh08j}W9o~(GGV*ao{Ss4u<!=B}#rbI~HxU(Nc
zXROFpbtVGeUI~c0Bis4G<|s7M-^hi>*o+>Z5?e`_x01ed{SP&#ZfD<D#t>tH@qf;K
zd9a_0)0Ht-xYan<8Zz%g#CrL+cK|)pVc<Ng!9?lk1;lUuHBilq;P5YsD^WmP^Pe#D
zS2U4y*UZ!#BQu@;V)if+Svbp>G7LR(`D-c^;O$p5<q&N`TrzQ5E+8Xa?N{HFX{_j)
zH8fGc-Y-=^bW$@HA-*&x|FBAdGHKzJ`+1O?tGXM{Hi0!5$t97fZ^i&49YU}}MLH<Q
z9Wq9DX#QVS@P-ivmc@UfvNZ$Dm2J@fY3B2J(hbhiq??VvHU>sAGd+&h6^vm>3N82;
zecceTz%yHOJTt&CUrA}Ab=bG$6G+NgQ?9@D=|l<HgX=9CcQ1%zPUXPo9F|iBOv2Z9
zc(7)z4$EzLghMNU>y(}{qL&=Q7gS=S1LZHC2at1AzLf{A1Q3inJF1!0Yc?~mwQ;Kn
zhpEPoKYm4bD_$=PHH8TlSDQkr6BQWAy`(joRcGBXy%93BrjuiuVn)!H19A7)DA)$k
z8#z-Uj9X~nkW5?2RenXjYFx5W>io*DZz_;v%5;ajET+dSiyJ{5`0+6;xEaWv(LP+`
zVWQZ*)5bufGf>$!J0PpB1!tq{0zr1z4Z?YmCj>vo>*mHPIo|~v%$nJSjtN3|cskt$
zGc5aF$mqL60ezCtF^NEPRw!cX#AhVUEuMM_2S;8~>>FF>4S`ei_vaHS4vO3bb<pbL
zHq`^J&K{Lj9u+NkrzvvPpO95uwrMNkS!m!ZVJ+)1pj01Rv5pNx+%F#9_mRx9sr&J-
zTrwCny$8%>)66G~f^5+QusYVVp`$Gdq+%&w?0(V<7%>EZi?RF5WW%7mxy6P(=)%_T
z_rCwj<x8dBBYW`PWmXPRG3;FunCltGjG3HclkypcYsVxCZUPT2d+6AN-4Y2O;&<&d
z$%*HVv1{Ie7BgKP`a&c)i*l;=4G`l9ta+GggL!r;^tJHg=(cgZ_>Cvr`q?r0d_&Wl
zTImI{_<Fc&<FU2d`F{AWwTpZ!{cFKksrB7SUlxdNaOXV<SkJ{ydS`_ClkO`<u)P5O
zAcQ9m+JpA`WUwvg`O;<kHBAV2h@MaU000k{;%P@aa?hVN-g$z3$+@EU?f(0DhJMx6
zr{8EZEebo)-mpx1IC`v&zThW2FCJ?{+&TNNML9DH`x$5BKe<GD7*>|E&EC+de$wv4
zOY8TRj^PQs!Tu_<iO<a4J$O`duWgps!w|d2NvuIBk!NhLhse+%9u=C;xBac5!S2XV
zZzf%Jn9aejc7xyS6b0Tw^gG_djXRVH-th95oY`?<3(vQREAqjhX$8;Zq_bRFzfi$`
zpZM9bOUuhsK-2ORRP^cPDmMF@Y&5U)St=V!z`1p5C0S6g-$s(L(>2kSbo}bJuHdBG
z{1Ftl{Pi-=;e=Wtb!<Fwkh?Z#sYu=0Jz$W#vPz|I9gw@U+I})Y>wwhE-J=SY{)wOE
z`J)9&%i2Eywyxy5YY39^(_hLNyz6J}I<FgHWWWgiw|<9O$LN@5Ne5^DtLkUL3^CaG
zX^Z|527XjOp|L{#_x{@~OMlFK4J$b1TFbBdlw9?GhPL$QMd%!^sbK%z|D~JBJn+F+
zU<jO$bo<Wv)g$;ER1qwo9Hd{#U$261cBKRgRMYxLSRjq#Ss{(<k;&wH`^g}SYS;eD
zY(dWcx8^<C`ae<Xr^xlw1HtUS>-f8NB-#(QjJ3^~|4cB0jnr_o$<K8DKY6UpzPJ9r
zS=V1T+PrQ0e>bk%*)E0p-;wycuIE~Tf!xfv38#5X+xY$~NVRM>T*HDNl$PD5^heZh
zRkHgnFhh-|BrBPLaIlStO>E(b-VY=v5fNqU1n+%J3@>XPJp)s1T&3S#DEQ<L9H8Jm
zJsqtjB-HCqX*IY&rI#k$^4ljEfMwTf+U58#Z;^tL{rz~q|GKm>aYK{ai`mjGY*QPi
z4U0qUfIGs=0rD%2P5({i>(P`qr~CC{X>H;pcSBlHF9oS~Q%)i?I$!lX<zB%gGlJ;p
zhIKH2+ndyezhCasT@FAm{*PMvO?5Dh)2=%cX%gf4&l8xx+RSB2kq+{&!yvZtcFEv|
z0wp+gU<EidjUdV8v}!R9QS>e?qn_~Zw-r8D{&|MG#4R<_=!Az0<dJ1&$>b8704cjY
zm6H0J9GasL@{cd|I=aERTI|n1?FKkn@M~JtCSRCJRHL)<0CU@sna4Eo_04!v+rUjE
z;9;yzJlQyWN~-xNv9r{bn`Ka_JPhq|E07(8A8@RJmOHp7e@fdViroxR?#~`0;4^y{
z7un__N>^}{!77x%#o0=mk!PikJqvSnTmhPE8Rh!=4v0nc@ZkW58q!p<!y`NrZ}b>e
zJ!aI6?mqVs(oe3a7Iq<hhn7L$E$kUh_%*EMTn0macHGbto&qnw`Gt0J`woxQR>pJS
z^Y3JHD$c!G%E$k6>0&(!fDl26cN~{h%o$w>Y79b=$hp__CWz}?_yIYRX-+kva5D-d
zbAg$EKd9d3l5Kq~4ON<+Qb}8r6e}bcr>|N3aSVcfBSK7Ya0##>gGTwHuP!>f;mMkf
zM4*kbwm$^X2^?-RuU|ZeFpm*0#9{M*=RD{{MTQfM1Utd(_YqYp`VCac9kYY80yBc~
z`)Zoj?G0wEfvimq=|9RU*UCG6ldA@N;IK!4Pt6wuR^bQW?#}n~_CxmD+v_7WH?tQ6
zn$>4&nJAwqZ|Sgo`Oo7SH~n`L$clQxZ36jw;6OzZfI0R2-r0=sX)mBOwN_T+8;boH
zejxIKk?US)wKb!-%mL>6JzM8~MXmZE;O{l4as(X$5dmWyt?a{I8CcZDUs1e-9oj7~
z5d{b_y)nZWerIoMOasDGr>8fhEvy1xHVdJ9m{j_wt!}r_iy_4N`KTO!cV4<m3QJgH
zrqVp4(wZvu+o$)*E=Jji`+q&WGvd=jC2xPpmx)&dzN9E<ZYf3wHe01jmwKgItLLnr
z|1hvv43U!uqfs_Q8`kr`&-1fMG)t&*j*2HU4~nTPxA2VKwQ^Ac+NgwFr?8#lwk*<h
zeZ<;{id&Up;DowsHko#l$&yv-Q?(9<Tg;*H959FY&Y7lJJiQ$rfY0`SGrJVFC0NW@
z(8$}b#BP^S{13w_6wB1ZVMV-up#<+#asILb)I3erTmFY1dIE77fvAZ?72As7V&d6B
zfH<3;Si^P}!EGJevERHFEh4{|$uPY1EKVNL9|{5wDthBc=kIzve%H+gF8}Cu!2(KZ
z)Tf1&ajbWA4oaCEzs5i$G&Skz4KE^Nqo+D>x!tzGY2&hVAcjOjO>6J#ATmcxSxjhv
zFUB@}gqo#xdM(Bv75WR2V}O9m(%z~fEsjM%_{ckd&=U*A{W;=n(GVI)v>~OoAL!D-
zBw_vP$?QcNf~0P)@`qm=P4Q2qAvuh$YZRw!MNbwTJH#=g&6s<l53CmTmZZM|1+==3
zaPQ}ptid!RX`JPf3PqBZ9#<Yb<}lA$l(Ao@PlzBqPad#=@3t`2kI5fIUO#6rX_;g3
z#cs=e)sGOKC_S)ZH-ifEfer#!F;()c;n)UDs(I_Q-MB_5Z>a-V6gVkc9zXMjh)g-a
zM)y`meSC6_w56XCu)zndF&0;(mRfrEvaK*$gvGHx5%Ok0NzqGs&F`kCL38$<u6eTY
z(!WGMj)ks-Iey`un!wr1N+pe0P?5&_u$lVSei*x@!628wT2UhRBg#Hb+e1xP-pO3b
zI&?Bak5-eKDY5&V6zj>ovnubRn$(c3y0|9JCF#*Fv=mw{#8oPxJ}7aJmWyAZ0TRFF
z71%8x?^T6A@Z$Yr@CX1NUt{KerYM7SUCjH?4>8k83o}|3VswqghPUQ^;6wQ3o{NyM
zF8@8x;>IR)PCXNbX;hT8>ee42Ly84SSYmardXVljhAW4qxu;<236sj<V`)#dhgAjs
zD<D~cO?~4gL-%*#FZvDqZi(?rHFOEKCKStnBp{5T?~46f*--~^q{p4;zFerp<_N=Y
z+GpQyZadQuV>Cees#(d&EmHwiv3N4T+{A)oe$n6lO^Se2W$qs;b~$(-7WUQ);2S8Y
zf#>Bqp}g?rhf9iPo1B%mf)Bjxd-qT^bVO-Gr#==4n(20>X1)I{_qQ5L<Ht6)m9yBn
zG(6;aT>i4z3B_u3pbL_@WdblGU^yz<PMyxta~S_>T`;@{Go}-e9WmjuLGO>-Y-m9F
zf;99DD~2?kXjwT){>$2ud2_Cbof^BZ?bj2fnmJGk`S@W=GJRZqN)GsItC!~POBs9;
zV`3f<>>Lf`Dv+S*%nU@EsdpS(%b3-)?Kz*82~C9}Jq`n1#6A@fITc9d;T`oq{=`_7
zj<~&7J*%6)^%(yCu)t(8JP$HAN?#d~olfPfxM}Z;4+c=-InAMXt*bZl<a}|vCMyWe
zmeLD%Y_n#Mqb>5r!D_?{w04U)H(jPIWm*nF0^oTiz5o6i*!?j$@Z=VL$3oyjX&M_D
zBiK=c+vgWZAdHgtA#sc3V&)lToDdhQ#ZPA10E=LnwgRlgDjB&2f8gV12P5xmtv*?R
zc=<7whB_S(WUJLR&pqNWzUw7D^SZ>08RiDvP2v5gs?wA1xf5U_ew9Ar$$TFmG<&fF
zhXnb7#Uo+4JRY7_*$l4Pgt^{iWg)s-<JAi$5~;Z(6FRuf4C8G58ebAfu#*80ftl(C
zr+_v-%7I<{z&nUV3Yw%u73~#oN(Ww|=H(nIp{zUSpz=q-6WCUO`rx;5x0^~YmX<g5
zLlU$>Q`2}?_B|&lv*uW(`}4v)CSP^$-^vDQL=n?k+S>3olKrhrbi44}+_R0;9V7xX
ziID0RxX!*dlju-BS4y`O#Qb7-#!Vb__&S`s>G*2r@;@ZeU<|%>=1SfRI~wipwev{H
zFxS)-6`H>!)sKm-t<feQXeD(TtlcX7KMjW-9T|Zp#NzN1O6-KonT^5Kia}Bniuy_1
zqqT3_nWpVOtC0nNmAe5~T-`{fm>d=;w7=hglTp^;dvHrR2kLl{^xD=TJfKnDhoF4?
z40La<6?f&*LVQP)I{DbmShkBt^I8d(t!S3w06NPYGlpmjeX>Mi#^JBUH!j<hKC^az
z)m^uK-7kW~Ke?heo;HyK6%;kG0s<AWFKsxJj&4ICL5RZlgo6<uY+)nwaN}m&Ivc^8
zz|Iyv0S;Px1yg*u5l8;Re8koJAXRof{qDs=>wEkvKVR1IlB{m8y}3&%-Ix&H`zezW
zE`u+BGSh*Aw|l_fndLjR8Qvy2>TK-M+AUAJMBoc2LB0H8_4_4{b|4526hewSNR8+=
zTMs<yWLMg>6#PpT#UiAZiQDfywNP6(hmXb1Fg>USCrYXm)Z4*_MiEPtV<E=8SP#*R
z15)=>-o4oNf81<v9)plzLbz|thqJl~*tWFR5T3<YKa>xeJu+K9?xGsgXJ^th7za&8
zT3cvf3vxbzcsK^h>jl_Tp}fs|nkx-Gd{e@^*$6VB5nCaqnB$hvr~tueI$FWG6b}6-
zbpFOz8hLdQlrF1$(ecl=x%HZ*^@1U;bF_{ZVfODP|4Q0dh9NvFwCc-v_0}@g=K4=B
zdkmB=o4<NVdzUPdf32LZRA<I?0c)lsPbd^Lq3JQCy|Yf@f^<ezINQt@5s}Y%h$a@~
zqnk13hqTe{KqMCABC)u?gBm{!Z*KiOn*?WB5D0zkd?%)kPSPl87-rm1)maa&6`<PH
zc|CFXjD|U<TCd$jPZz{=(uE&!PC-FF%ilSie=6T-`8_yz-LgaD*L`jXmf-%>lj4gk
zB63`G(K-1UCDY8&*1_P!3}!{AI)Rl`jT-LZhPE5Kx-IZvxRno$jpMWA87?ok`jb_Y
zOcR$!BRslH?*Wn;**%hrW&TRDbMmN|McabI2=4;Zxj<29iR{Mw%|ntDRj|3>#)I@U
zmEXX;1EMWI!;&7jX`-`&T-&h>?C>Nxys&49X}og9fv#Up2$>te=y_|!BZJ+@0yX%8
za~!S^+e2ivzxXqwtR+0^Md*6BfxbfPj-^k;ZONr=%2dgDjc+?QBN7}4%5x9EKYgC@
zU<-f4j0t8p{|qvFb`2m)lt>D9HeC1qRjNec<P(CX2bYu_Ue&620E`uc%$U0f4XJA#
zRgcB$7Nuqg;}G3w#m39H7qu3a1k9sf41JJERm_Z%@XY4#-Y$LcfgO%d7pO=_7i4W3
zy3Xz#wHW5O=sw|?phWbWa-WWSx1GG~E;cK7XpCSw*C1yn$3b1qmXF%vN#^Cl$}S}|
z(`ZuLZqosCO*3z5Jo>WB390!8N9pCcM{+3#d7DcoCI(#1(Xe8jf0^yZ_wE3h<+n}Y
zFEMOLQ&Q4)RsUxUq5=7!pKYw_J}H53TXUxAjmVVbRxAPqWm95ibZFBaGax|}<Q?d_
zU+}=7rKX>7QByx$ycWX^7EB(Obyu~wEaUeaKAEC_m8<dJ`IGhZEg-|0-fLii=R^re
z!RDmVfWAfzldmNt-aaX?{&{e&hGwDTU=H6Y>bd&Mm@fjfiXB)cI<Jf6@_eevQCa-l
zFxojyyE7l~uJJ~(o2ZR*f)empp_-`@Kk>GUvW)G$5%<y2+$1pyF({FRoAUVx?NxUV
zuQ|YSOS7|ZvY&3sFSnTxNc8}?m9PGQHhT@;O8QN>9U(!|;-qoH!EXPVYDk^56ONX5
z3xi=d+of1!L*;8cc1c8$A4nY)i(Q&W{ENUdj@Jw*Z`2*{Dr?k-xnYx56&yM{$J_J6
z!_GqCUL!<+I%S~g>a(2UNV%~!BWFi401opium@1OvYFV5wF+Zq>+>(3C+wgFc|g*;
z@s67bL-dmeT@?Om>>Y$IH`Eh!Wl_JJ!d}Pd(Bg+$(qf-jankAU^c3RHs|<>frFr!}
zH^2yRTTJ^z<EjR;l2gLQV<Fp3W{<Rg#D7Or6GxeQD3;=w4n;=SSi{d`j|vR(`$0YQ
zaJ@k)I`@!{O_6Yxy>ENoxEo@&C}wN=!(5M>_u<Jc89ebsOLB<q`)`cz9urW_{TXBU
z)ScY4mLHKAW%u~PeF8Lo`NUkFShWcaBWF!*?)1DonRmDaB$9l+U8uiVCs6gio=5I@
zeNNq*eOJ_BkYGo}L25jI`}rZ<FTUNpQ;=)dicPL&#&RkJE=k0p;t;A5FUiz?zR;k1
zD!xT<OiA}!X0|yuP$5hQwZh|`4RQb3g*Z}@7*~-e@-@%d!fm=L!u{YL9#kBijKq%f
zW)l;k3#Nj=R6*Zzb;V;ppzuM)(OoNj2f?}gL?-<!!0Z<hnTP4M_yCzcYZRyehu4tq
zU}bn07v;t2bQc`nCtN>F<?yPr7TRjQ+p#thgESY(@W1{ONZ6B@%xIPT?=CFH8LewF
zpRHflhCPEy+35kI@&{k#K0Iy|-Xt!Mt^_zcM%J0Q@JJ_y%AIvE4%W_mg|Mr>O+vLP
zX16YUpyhEu{KFWxi9iaZv}KKY0!g9muAlKGp1n0OpU=tZZbW`gYUoy4X4^(Wy|;h1
z8-&8>IiFtKA3r`zRkfMKY|>hJgqo{{^K?%(m5#bw6lG*)2Mn=;6@(H_aOaT-+Tw;u
z)PwI>S#G(@c+U5EaC_QY$*)yGEh9SFNM-Fv7~Mye$zw>@qmbqON73fR6c=7E0{+JZ
z^QJtY4@w*r9h=d}``sqY!Y0L2ZfEG&<8EbEFYcjTF;c^LDSN<d^vHiqXP&B(PooO$
zocFK1#}me8jRl3R#S=$T#xA{9=bmls{N!|MZAU??2RXlbsMx>4j7FSvCUMrHA5I%g
zN2wuA#lq3Mk0C8KoWUQTZH;sLQKJyD6`sgob8Z)C&jI6wu)Poq0hVs=j(@-Y(&71k
z7Kp3gT)c~XMA&&*&+QdIx;$Qwc0Q60yBTU+ta3ecU7>Zsy(G4j?s(J#N13&N>ggUB
zY2VoM!cyFgylW{Pjec>C#Vi=CnnNl9Z1OYI`M-SP=_!}fW>V4@B~0o9CrA}y<kv4R
z(B$sm1S_!n5VP>36cP~OAyk>^fPpaSQL7GslSfd^*qoYW1jEzp{{>E*y9lo3IW1U)
zW^4E9HE!8nKJ4@5!RuHsC+$4h3HmGE=Z7L{JGe6q!Y`Hn2^WFVE8<>-u)p;9UP(?2
z6V+8!tws;6t;86E{d3!M9t8keQKq&?yC54IPhyI~BN%;?eFS-B!}$Cc%Q<COcF{u5
z3D4dswpnOctBg{~ut?o;-fqsR^eJj+?i))xq$<cdb%DNf5GFF&1-BZR)HMsYLHt%C
zT5>8h$+iwP%^CVy#A|$&%q3Yo=-1H|mXR^`hrJ#h#F+Bodg~}Si|D~KVOIgk30=9d
z3rfky`Eg(N?VjN?Yc<U{QdE{c=vX6)<}-R#xe*{`moI^+iVNx=A5C7DSM`Iy^rIF1
zL15~61l?AWvm>!ewu!3_k9SVmwH+p#_X@S&=OZjUA4PK)v3KYjqJ8svey`)O#*jb^
zey;Tf$RlHKdk-dDUB%>tZ?CSZQm@fSuNha9c<#HKkQ&4tj!8A80YL*PDmXv*`UU`{
ztLoVGSxT_!R%8)||JvQ%w4(`qZmYKCcdO``w#`*DYX#Ab90BkB#oqNz_w^j@`Ehnj
zQ^dhPZljN+7jOM<@B$lP=h-pZvV_tk0SeDQ-r=0i{ij+Y5^_V=uNU_UL1}ZSDUJDQ
z|IPVosu_S;mea<Lb7aaVnHKTRn`sFsaodm{@4a|iuDgriP5!8I94X*t$z@I0{HD$h
zKd`LkswQ}O=hey1&hB2X$79q)!bPpS)V=@s(se5Sczjn~uYsmfEPttJBkcgu4heL4
zsyO|Z8Lj`uVS-&i3y`L#OO$hwd8JJEJFbN8UpS=g-^+Du9K+9ywcsiC72j8ib9;CH
zEG&{zCEEJ<pkOqV!mQ)MI5gA&l`4(sh62I7x00r1opW_RSn}F!^g_FM?x>u3H(+;$
z-@FpI2VEVSdW_}W#{I~zx-c%mM$HL{;s_!aYS&l8+&WhM;DkMUCL=BY5kR#p9pK5n
z4nDtm@E?~MJvNxuVz80uBqwY#P*zAN9EYfKVa6d5L%Rx$TzBZWu6l(nD9EgHahl7{
zm^yMEf8|m%n*t_l2cm0FYf$TsYh(_Sf`xbunA>3;w0`q7_9#-y)E<qr#Pe=#n!bzR
z0t0b+98J1{(N}s$x|G0@rz)eERvA^TOp<?mP-&#&ko<`|V-0E<wj<HOMntHk0H$9O
z)=L7(y|7@&k$>xj`nh1z2>&WyERu<r@b+gjUkzz82L&UzzHM&1uoYF`sV4I}#aasy
z&%TSnHM6tx7jR1Gja<sjihh`!j;1o+V_~fgtr!WdvY(T^2%!G*X5_W8S;Oh5A*H<s
z?z~0;?TSPwjbjpfpB6--$Gfe&(&nWIezL^JT>hf#Sj`AUat-G`>_GYfrjBf{MDzC{
za~z|8z9ypeIvHNHj*8oxLaWsrRpn>_m&b7iSgH}&9Z9@#(=32|%tboKSkuT?#wB?D
z4mw-xZ2O-r?k#DblKpJ1C2e?X{LYZ-bCAPW9{Bz13#6rdx42=LMA4(o#^0$WTKB9P
z7si^IfL`%wr^M%7uG%8s&XsdtQ_3l<V{M#i3Ovf<tZx5%H1c=dI8h?)w2|qGTuRIe
zP1qwhOW4x&-ZeI|0_~E*Q%Mv+{HLM~)VyWI=-~j1IN?o_tO_SH%T*I%qg4snyA1h-
z291~e-Mr6-N<W-*|CvK*vQGRIQyBe_lPJzmqceNgLHVsT>x-2Ijv|`F`RYXCK^lR#
zpi&9YQtiq`<N^BAibNj>ZeY=i=3LEeT;E+mG8>z;;7ON?ozH7}bZYC=tcFm}tmuG;
zLZyeDpEbnYZgL=<0APf$vSPs1u7b&}6gCdlu(fb-FqNf<G%%3&X#H!>%BgOT9?`}v
zcF{dvc`#ig$~NY=W^scMCi9j`sYKIu2B)_r&5AMHk@{7PPI7N!^>lCM$+HHUArAF$
zP7;?9vyF;UxrGU1`X_5fNrSincL5T>hc)qzG@lhxcFJC}h^&<X9k6ZBiS?fDzPFl2
z)re0yIV^8A)Ya`e5L?w^`_9Xv8R!mKALVdX-|p`I()b7t=%6{_3|1KL{Fmk*lf(Az
zf)E*+CLzCZx$`~a`~973dh>bn{h27v@`Cs6o&$b^qi^Slp~0Hu-l-@TWTe!bsi72f
z&3$@oIX6u2+n0Xrf^!Lu>VQ9aT=_n1n~36cH!!eLHsXnlg90iM#wKNQ2=J?5)fij@
z%uC*s_>xCttK#ak+#`Sn|Jw@gxSdSLuj0D&iM9Evz*~r-GW0*DUMQw$bnm3C!9pT(
zz@q;-p97Co(DQmr0)%!CQDEJD@bOiC3g>$0vx)yNTD9CvoH*(Y&&0A6*<T`XTywgy
z|2JpG%>@y36*08l%xFc%g-mUIHdOu4KgvwPjFPVo6qULKJzJCCz7qH^=Dp@$QDRs*
z@k-Rb6rZH%p|)b}Of%2&B`MIr`5j13+nb&j4kvrk*p8S~uYw3?JNLE5^K~UIlfTfP
zWr`M1)L^MRw`lf{1KnHr*mHrhFX}HOxfg|(&RLvQAiNe~uTl_dLHZBeL<T$)g?wF1
zJhm`peeGo^dD2yVX>Z}K8Qc?AZoL^;AxR}~@JGkAFqM3i_+SoKpUr#Wo`J?h1rBn}
zO)}TO{5~7LW4=OQl15cRW&+vs*FsPumH+%o)(t%^*3PhPmnmY=Q?gySLWV}{R;p1a
z(=*1xkW>HXX8nepARQ|B36pyhdWNGPM-G=;CfGV?Wq(f!v!e$bI~DbG637~G8Hzu7
zYaEfFb}gRdm*UE~X%$67n&4_qqjUhql>%6s7?i)4Sl#Gn(ckDmbQ~69eEf^(C0!UH
z*60$&m<cK%^V#+M(zBF!_atDG22|LECvv9op;eVb-_eoU|IYY6Dr{26vcmJ;{?NRh
zo-$o~3g$pJV|}hEu-NdfenC^&N}xX+u15gfI09FcxBTbfru|$FW3=N`{LD$bZ<pZa
zPQn;paDbsPzK+ZdL5W<?9}PCbmgiW3j7HO)hNlW5y4vk-=*iuCBhfW&_FJWkO|2wl
zB4TqT_#<(5RJ##+Yq60DP{|R2y09Q>&&gTMAY<>)j$CHOZmE7~@?C78!tty0#affN
z%LFd-juPq%oYX!TZxwa@B+f3|&LCj)9_u1lp$2+GDOS9|r!##y;t7_uZQ7)sv^dm6
zw+^pI9)qyyg*Er0%yJxUh@4hf3!a)42H$ft1i0zYM@k?Ks;#?pZ0lqL?*{_cPPX>=
zrD^$@Lg1$~a9r3w<Lb)Vn!!G-JcR(o3B6;^xqxH|4gcpXZKEMr^IG}@+`d=DGG?;a
z33Hec;+jC-eS}H-DgPD?)gSG&omeH|sX4xi-8((Z#9J}0{7Pt!87Crl9ui_2z@j1i
z_d6TP{XO_bVrQmqc5B$wJw{^t0J4BpL@o2YslWFdg(h6?{_6Xt^qc8l{!)(v3+_mN
z)(9d*`Nj5chHO;i#iQ$cS!I{rmGhm<-O^TG>*WzG)s*{$3@ue?w1qxBjpU`)pFfK0
zP2IkRM#<*xwT<}3@@!O%Aw2Sl^F^-B0%!Y>>Sh74FTW^HO%?0hQYf~hp~GC_s>0f6
zcLK7>j4-X{J8(RDh`D0OHPrw+nV%<(TQf`yJTpvXQIAvvT`S;(g;P=|3^8-K90bOH
zrwe}I*wKmC@2xW(pA#zTRBXj)AW6cvtKbQi8p^l3K=J@RyZR~5(d11jPy7yv67z)L
z{O+ugE@|WId?7?$@C6w6M)46DAsHAgzg?e4D?c$xkAHpoTQ7LW0_LI0i~b57vFulT
zFzM8lPDwouUAL56iO4dla=nW*1w|<Ipl4?8yqp0APJu(?JSMM3)bUi=Hdaj)%m=0Y
z2?9N){fW!e#{Ux;EZDOxiov321Q#i{jKK|qDFSxS0MN^Uuje_VUOby(ps#34h<B10
z!&#=({(QBOtqSLTeh6f*p{l>j#=wpY+c|F>Cc@oGX$M`eLWZMK;Kuxyj3JOMZpb#`
z<Xg89%M*IV=h&rKq^ale=jR3ASQ))JVhpdR!#CjxJ@2W~zo)Ng_|+T=<>s?sZDXib
z)%kM}q;=i{Jrui{(Z=W1k~L6IRy!qA1BJLPw3M|(9e%=?pw?2Xsh8?4K_@rN(`{aN
ztai1tD&7@drP=aHg+}l%@0$r&BVL3_<WnTtsawQkQd}~Z72X^5k)jnsPso^wWozq)
z2|$`?XO#(0d;Xt=bkqD_{@kMRya<Mu{J>9WqaWO)iEV&x`}h}NPhJ&v0^%$p@FSV>
zbK+E)H)5aq#d!vRbzec1-fu(!YAeWMp>{^2H3J~d@WLyHsZl2lpPK(6l)&B6V_<5j
zlrOUOL^U#6`{m%l89i!KL{=Xd*q*HKCm$5u{GQUa7$?68@FOPGH$f@!D0fbSk*~|k
z|06+(09{x0g1H+Z%Z{QekfP(j1<f*4GE7-j2KIImmC0HKu!$?JPUEjmd$hR(1Y|>E
z>~#~055s=tjOj^#eM2A#Tr5ibLg(OO3F&5al(aXEBNdnlDP<T{ieL^0pdAE(Aqd)s
zdX@<-G1tO4DI?KDGw3z6mcjURg#O(+udZ)fqOpBH%lLdSQJnXUWwlC58)rGxd=c+`
zRji&@@$Hy1+O%V$!X0P6>Y&Vb5bmXlFf+V^F{^A#C)ZXd+h)0I32&8_=-VJ|-nB-y
z&D6WSZwUvs&2-x^g5G9vUv3fic6N@O{$Ve?NtF9~7U^?P7vNMhx=3`AE}AD1P?#m!
zD6B_jUXsL5SYxS36+xjXeMZknqzV;rYdP8?^HV42u*_U<aD9`C4Kx3n9(nS-O}(+3
z(<%6PIll8yUNQ{um|L|1H>&h*Ew}d(t&SZ&vC2fz=EogOlXWlE^N`<bqBx)QBVZlG
zawb|Qi2ATv-f;$nG8lFRvp;SuaWGwn7qUtGe9PrC)b#&6y>$|n8cDEv*gq<mP%7y~
z-OHDjzMuSH)#UoIq#>xUU>=%9PC|3eHNT>Dr-ZJ;*UKMmHi3M0<w_zJYU+KJoId!L
z3QqDQsHGGk+7i&x(EWROAWHEBB>9m`o6zjBE^r!?cl<;eJuO}%6ZGkzaKGSPl)pNY
zhR`Dw{VH^_`L4gJ>|CgxC(ay??ok+xZKxV~(<<&_6Ff+&nRM*@VMk$ZK(bh!<k>pt
z1mqufMyH23Q)@l}U>g564-+UroN_TjK^^}M+*CZsF<t2kzTo7~2s^=84l0LL$qZ>Y
z(uHvuIC5Exs=#zg1d`WD`6aLXb-LAE^u1Y^;aFdh^(gyI?eV@tXnlNns@Sl7&Te(!
zvsk8yu09_~StHivoqwM=(%them0)HT<~Uo>)o@_p^R#ogrNk>=_$JpvHscQ`h1*o`
zf_E12Z^`mw#oAR(+e1Rg{lw*Sfpy?|M3P8d?y=TOWefD0PRb5&dre_8RIh?NX_yYH
zK;t)sq+22Yq{w>|4hz!cG1|7LwWUdmY0=tI+DD35B2mjdzbCm(d0hLrxwUq2ndTq>
zD-N%MnVasQ7>2U5q8qzSUV@yV4fzvxHEm4UuA57V^+a|E)kw!huT}8-vsdXQAR+?u
zMAIm$@*fIEK0}_ch{K#9XH4X#KNN^33<16VgK&)he!n}tf{R_`zQ~gPw{n9{UQ*hM
z=;t7F{w;W1g+wTM_Cm=?sLAM&WIFX^OVV4t!2yGMV}ELKu}rMVyY<ao;J7$vf=T9q
zZjUdq7TP6yBF|daJ$rkZK<9dCa@MLcSFC6D<srUtKubxKkX}Na#fChqtA+WgS!XR@
zx@m0uG;f1&4;YVostIS%eJFOS{RU#mM`gc^tC{L#r-etewZ~3d7XR&4owM=}Zmq}s
za8Gd#UAnXP*FX-))hqo;f%E}oJQZZ)W>4+w;E1K1R|#}P!%d%(J8?BjA!g#D8(5Xy
z7&nA-lC(OX+TGl^H7n<N6k|)GqBT)zprZMl<QX0Ef;CpNgoS@ni_%qboI6)*q0{=w
zFf8n`Y;%ecHM=w`ZDUc9*&xRi#Cdc?k#`n2<OnKDZpyOoH~ON)A1rit$AG|wNM|->
zxeXo3j0W%w?=KeE)MscGs|%{*()0b}4zfnGovTjHRztys?caC^o)kVz6`!zSgg&y$
zs6O;@zQrC9Q#^(EWfwagxqH6KE6Uw<C#>n(H#;>s(*o1SO~ZApB-19uU8Pp}SM8|!
zM!*6&C(d3o<lp9D+(lG}mBhb|H^EaZ@83MWo4rqTbPQ>qnU<*r5=M7FJFTcywEAQO
zpEF!t+JYfQpR%jV)4Y{^YabStbdOO*V*Lf!nFg9@US>kx&N;JgQY}X>9M6IN`NqF3
z(aUgNH(X3C_g8*KD2*C^pYNsP5yK*3yU`6OXg+xH4lEQU$M{(_^oFL8;az_44<bp!
zWICuampUB4cYyG(1XGH2!ZJVS<4dXu!Dcgyv?Wupku;8dYPO4(>tpd_;!Qj^4AaW{
zS?AgJXskq6PfQe?w>rd$Y*ZA$VgkP&dW3UY%JE8=I1~k4=Aa%xz))!nUHHSs_pCYc
z+q7OZZ)!Cuqq=W^p@d`A#WVcI!ff@A@N8JJQk>)bmJ3vFgbt0g*YR3?q4*j$H`%>N
z$SskPmQqzxPRsASee><c4Lx<LqOu^jZSpj(VUE`duG=;WWmf~O{@s7D*3xyYJ_ox;
z<w}$_1@M80HeA+;LbXHDl=tCXrfPtBXsq6_OTrR0JB!lUx$4mv(!zq|Fy(m<JLD>1
zPw5PRymHJ}pjkk9w4N}j3WG0pS`?OGMZirsgu<qIZv9k3Uji(|I9`;p_RHc0k$n|g
zb1XC)#O2{}CTzuil@}~cV)4EhD)J{HWtVm<$3z=ZT#Et9N*c7OFU%cr&sA843g=3a
zr4z?&VBS&1f3NQI927gW%xZ~KnBt+LTaReJQrm1g;cknpv?_UX^aglp`+~c2HJ(Rr
z>db>RW{6=pN}l-Cf?%r{vi4J3TJUyH9i`XoK$27|K&_7AFU0D&4)5B-7$lz9X$4$L
z(^ZDME}iEeR%R4WbzgOW<fSXhhcZ0Rb<}d4Gu%5rS{seYmv=?LH`!LH*#jiDGE6Bm
zA>9<cpW2KvO1Qd5*N`A*E7gT)n68Z;+j5^g@ywGjRr?dKzv>85&?;xx7QmZYI?Ux9
z8pmS>2;sJ%g^}Mfv^v?N4+x2gclyqU$T)bduWcwxw{{K5a>wtQhirVyO2Y1<6`vp^
z89O;p6<s-|++C$^^kvWH;@LRoN<^)?b@I?kC#DZF9T6xpvg=%E;@4R0;NqQZ3*}9q
zm+~~QAB!MB=*|zW$CuwD>o7H=MdFe(^LWx+QVH==WI18l^vR!Mre*=t;&mKC^%ifQ
zv=-w#B;nHaU$D_Dwf@<_mvXv$K(Z99(mqb;-p$CyYi4HWo->~|*Gku*(@Z|Q8mN%8
z8xae~k8xHCZeluo0BJrc<ujA_wTGxW38Ud8<GS{uErH&(R}&Je+q!4i-_fq}ny0QV
zu>58tJI&cTpWZXmj@>dd`x2&PN>y5E-i7o!A>NGKYQ%UOZ<L+rs=*>rXsW%}-D=b|
zR!psVqVCRqrttd~l@=KGD8uFEPzsw0T#CR9up&3FcfgA;`*6U5?*3P(XFT&Q2F!K6
z>Qq4T+@yAu_{h7JqinH8y3)gbOUCNp7z8FU9gpjHLpf3iD+&B@%fUz1`a6BEHUh{$
z;Zo?nBydF;#4tapgLmJ?Ei8oF*@zIxG(mTIb#=!8_%D>FA%y*chR&%t+|xR}D*Y?E
zyx+VX&~abWnbMZP10YC>3;FApDY%0!EBEdp#Pa2S!ys(G%WU$?xXC2LkTI)9xj{F0
zpfN+<YBT6HrWGXTgYWLAol`64BGaOaRo9ie>Sdd&a4Rce5_z`fIC)I$(=zAZ(1Orm
zoiA1N7JN-_IpYT3;SYRw+D3BWZUja_)SMCfj)TShgj>|LYHcS6ug(ZJmeq$l7`BK(
z$uE|TpPZT~s7bAI7Xcnkf^zog3kJ)pMp-M(Yi!e|c^>=6c1gLw)cO?H-&P9#7B;$0
zF>>|P(-)e9!<1i2_l@G-+lBylrSC7>vnt|bQd(u?k59bX>FH^mtJPS3b>hK||1;z|
ziwW9GJ2gX^yD1m78X1}$P~OyHAd$|Ttiff63YB9_llzh&&t@sJn!ZZfy_{^?F`R}7
z^$WOeQO@!*(w_QaR<V#@y|og{fQ7pv&hko*qnS(no5s@t<3~(Q2|e<fESx_kPFX`b
zH<972pP8%76AKx;W8a`mD9e=7xo6Y9N<rs@{vu`XB(Qi*-Q~*sc-8mlR&TJ)w45&N
z=AD&%>NQK~bB5G+7DW@?`K<a@_?8A7zHx^qlDO;2$+iWduE_-b?W3`&@%^}a+J#?I
zF>JQo&*KBI+=+>fAMWM78VDvGG>rY;QQ9FXUMhdlO4VQfTXHzO%d+7}5E&NnpJCVb
z{|vih1%kQiS_?)=@vEnIBlKE9$#xg0?&F=lVB{N^1r6Ib=rnvgj-MoI6v?B#UEZB}
z6>L!iy44CIOADG)fKw`Et<hG*DgqzMv;C+rJ8{&Y^y9A-;s+_&*z`C0%F|pHn7ufE
z<%&LIne5LiN+hvS9pUXO8q}W%D?FRq%HUMz+02<OiaPBk-wnmZRyCHLv(}S#KvWWJ
z#uV`QrRnN~3u_S+<&mlZREPo*sZmbiY9%sLdYXW%({xKTtpwD6sU6ARvm5DG8C(-B
zqdtPJYmax(#>Iq=Dc#Va;ei_WiJp2UcrM2sQl=*ay4~3$XNDNvOPe=ReVZuoyc^@!
zfr#f?^3WBa#G4hAUOCB_5NUxxXjrtKW14>+SZsxkJ(?36n=Y<cr^bZS5l$g^H%N19
z;WH^m`p_)O5sORQT}!CI80FxTJu=X`l^rkgRrLo9u~<a0dwS+(t{#YF!{nGIodRJy
zjx~P*mY&#8;#I7RsZQyr4%4n~M@Uj@JGJ^-k&l<`tZMQgPch0dQSA&Amg`)0$)Tj9
zn_EGR6(QYoFl~fVFzeC~&RTKn;t8W&NyM+Qr9b8^n=91zn#A5TWh|?*X`OP<<~Hze
z_x=47Z3Llvwp!EWC3mGcByrvoX+*FCDiqQVYlYx8yB<Oiz5BhSoNn2hCT;ip>+#^m
z`?FwK(&Q?wff`2rBsrl@L)G?>-<nbF6X^dd?H!{l`?_`Cif!9=Dz<G`Y}*yvwr#6o
zR#dTV+xA`cfA_ohzPH_b?%C~p$e44@xmvQ)GV>dK^yle)#1qIRbV;QZ?2v=#AU6BS
z=I&U=_5~=AFPL^%{l;DjIxRL=?-~!uVZD63f0vbaF(X?fynVqylZR7RHNNRN^^TN=
zOaa*bqx@DOB2|6zEYr=#k6^k<Pamu<KFK4uCAB2EJsd8?Sre4=hgSKeA;HS*812xB
zTLudSB{axM(Q#7hFHDTP)q`qO+tG!96icS!-D8=qA|}9+rFhaK3}4i70{S8^d%5af
zdM@X%f~Y5b>G+UtuJH$c+`N2wBw~Qje(g55cV%ANauK_@HACPZbs<7k&n9F21WP*J
zS{rYY0gH8~{C>e5Br?+C1!pL`vvUDRW+u^1HjwdrCnedkTpC#OWoE}r7T)ykdVNjZ
zCXTpu6fY0@iJhtRdFwSy=~HM^$u1~W`1M`$MI?O`bhP#YVRpJH9xYKck1)nWv7^<#
zlS<c%`g^mnsad__rvCA&d+4b84Ht<#qXR0bq+xYb{BjVAw5T%??w$WO^dV_<G9T}%
z)7~_MUVLyem4jK%8Yx)3s93;|!^k({beib!%YA|>$ih2nc#Ge%hR8y4Sa@dxI_RGi
zQH?U9^NW!SQeEA&o8{1U4UF!$<58XD`kdv{$qqbI%x6BL#E{!e;T94LU$Zw;b^%|^
zS@hgzOxaMxIhzR_`LLgr?~wt=%9SZWU|-4nD}jSbTM@k&Z(9(0=UW(WPlKP{^<VuE
zuade8!6}Lh$p})^c0VGJoUkZH?$OjvB`mejxEg=g90MCWIps`oBVhayJJf5>F6};6
zC=!+I(WI@d&MK<qw<FkeSV%{fZ?n)W@=t&3lp-)DuQNqE=pJo~V<#VUk~0DWCic#*
z>S9>=x<civ{Vce_f6QaFu6d?q|4~`$yri_$V_lL05r*l-J-k>`;<jP)a=o<Udwm@s
z2!WmzOzcsqpL~pRw|GyHxKexj9$vMZV$|vRbh(lHbx-lJ<#x4s@$vLQ@bw~p_4PdE
z>;6^h>+{9G_3<)wwb}F4-|^)8IoHAeN#wpXgKI@JL3_sEX~ny^vo8nw`T5l7HyL;*
zoe+l=ZDDGVZAXH#|1u?#g7N0w;q#?z{}}6gk0PBox83$)=R!I$v-KooF<w_v8~m9c
zmNdd&>$?^*VvT+GD=OY1B91dA=7)ky&d6St;87nFfo*qpMI6^bZW`2YHnf{@@z2+b
z-KDYI3qGR)OPRgjU9s9eAGZgu@OSY&Xdhya-FLNmUml)r4o@G8r^=b|D665FI1ftk
zstr#wk+RzHFWM?eZFIn1<Mda9S1KV7NpDy&MnDxGNKW)ZjO0JFu@y=|X-Bc;7Ci;V
zC!bW8xkyVe<m|SVZm17K@<-<u2RV`?A(eqzo><!6yxu@Sv(*RM*$#~C)$)^E{mqD<
zGt_j!TE2XSEMMOqGt?*!e|`8w17+1`C8TASBnk_OF4=>TMo<N6{i%9sM%%3<F)$<T
zJi2=^)0|Ohz7w<+&~Ajp_r#&C)sW?U`(60SF<_eX`DiMtA+@W;$fQXZT7HO2bNd`W
zjY-_akn9$Cag>NCxQl5>t^N_+S7^;#?w2{LPg?1pf%nc8Q@Sd;lm>2*d5{hey*qb(
zpiLbgcj7Cg@m<zk@Dq13^fm*_QU>T4q3W=bMa`aWn3!h9*xU(~95a=bANw34*r0wb
zO8R7NTpu?)QrltBs)M8kZ#d)C!@yhg{3+UcT?-^~5ZnjjuB#(w#%|EH>DPdY?M_z+
zL}Oe~;$pS-x32uoGS_WO@%T>y@+1FD260o^=piVlD35IH%FLOY&2D5qZWzyDUjF_5
z5cMN{oUrD{u#R{J+=45XMtGLhL^~^w0!s8^_@H9zqmHmug`*k3xaVAhxkv6<EeR%m
z=`oG-U0~_Ec~YnN<oIj2i{7aeMrUD`H?l~JMm|r)g9nGvY}Gt^SyVH+)2M`uZ|yN;
zCm4+_KN7U{?yV?Hw&`8X+k@`BZWMt}O}gJM_ze<|ld0kBn&=CdswXnv0=6}I+VkWr
zG!Aeo!IkI0K*PE6=7;?|858seDWwSozNr^rbH(vXMvW-d)sYfo0|Xbo3ushVenww?
z!fv#cWrlS1DMS2C--(nxYV|LVfsy9CO}0`q;6Kk11zL5qI?p_u#zf^+leSMh(n36d
z2FoAQdu*3KmxMLX?SF8_(P_N$p9{l5ANL)TJK?!4ZLf*KS~G-U#%}+%bSH)8U>ToF
zr$tB9DaNu`50MU=O=}o@2)LP;BETn-u@OaWKxJq?y+%Ki39R!Swki7Na-;zNXLJCp
zwZN)(cd-B$7lz~t_;&Fckx_kPn33=E5o3RNTY?6hE6w9<#H|(RaiKPL>z6a!xiHPR
zj>F>m;E<CGY)<`l?|1Ym4P9s>hu@Dt$A&+U;<VVKyw_7uEGPSfnj^`#TasL>K)DH{
z&BoKo6h%%q{d=?QS%j}o8{wiD$U2kmlrD=UIBWTg{`o#UMkfesYP^HzOd>lW?i@Su
zPg2}FnLUj<Ju(;sLM@B_dJp9u3)80>zv2UI=mPTagl#E$1KEUlj-{}j2@zJI@AZ|O
zEJ)S^n}PX`ZK=3^M8&WV$!<ej1o=!4(yngXC8sIE(cd&5Fm@lV&+u`~_}^7#VzM(3
zIBXvn!Rzwb_Kgi&YIl0w-`)fr>?y>|rBu!v#){p@(BxdFG35C4!Susli`FLgFyg=b
zZgu-gYHa+Ij{A{Z5BOzz-X~&uR(?{kb62A-*(NO}ss&BIox3J44*lFaNQQI&d2o=7
z@^?f7*G=jaqO0xyVOvie^R~@X0Mo_IC9Am`rkPm&lOzs_Pezg8U@yq-GbZ-79>h12
zGdh#sH?j@PH}XexWY6GzOB#h&<jDaEe5cnq-~-dSzi329rpD^><<xoIEApZ5y;9~f
zUn}xa?C0Jp^1*G}$;zYp`dXdZ$zJqrW#mj(m#3;PY#%Iy?_M1wr>Z{!PN7C<2o9VW
zb7F7PrIKO~0!dZ929--}1*<F|F$~f^&SJKNm*CJd-n^|nY!EgP#b~SK$af*R=lofJ
za<RSC6*k7zstwd!jgI|5)jx~D7|5TmG$F`%KVd8WqY$NJ)s`rFUbr2G$Sc0TPTLgM
z$f@H+G{SIw4|f<y1$p^clt{-}pc&4^l-VNIpGqMXP5@=L)~r2jSCDMCfpg1Zj=#ig
zOE5%2*44`{LMIPlA+AL25$Mf>m#}KyF;N{lrq5FmahxHA;k)imX_S$5*&m(_0+s*m
zKs6lux*`ZHD}~zM2kJ#=ORc#2=WL}(8<U7am63uLl<#NAQ(k*^+oHSSR7O9iH0b!r
z9;%HO$pg=Z<+bzLVX*EGUY+<s&~^zc7TZ~l?j0t$YL+@5q=*yT-=&O~W;S(ZfUWB`
zsEMnDb+Y08VJQ5E+ndMmhz=vP{W{o|!3d0O-_Vtqbg7fQfK|pHw^<tZk%RSVNCVm4
za;guf1PX>=MvXAZj>jgn;Yv_gT{8aUYW`8&-6q68`bNI4ONnvq?wUI(z^FhtMX7A2
zot2)CXP>%*d~J4W%<QF-wtjoP2@~bbq3Yq12Xs#p?x!_~QcLZr+7=q$RnZx{H)79M
zOHI;SIjXB#BYJ<Yf>2AH>W_h$e0{EJGQY>90|G*22bwF}PZcv$3ZZ<9=WL!Eto#Tb
zaD5asRPNVN{H<-j{$Y2|%AZz*nKz;TmMRsQQjk!VZL)DBLI_(u@Pb^855Dcsq*xM2
zq!W9N93AQ8j0RUd<Fw!$N4?lgT`1&O9k(*|4fu4?4-OL*MPxlenH*c9ecFaYG<U2t
zzdW8(Z_M-%A_-1E`am{}F35St*^@!>bbk#+G1P<eL_(tVR>ZowS*~ef9UyttsZy9<
zLCu;XJqG4j^)A^Em#CpOw*j^aO;?8I#%5oyrV&V8Sf(FSz7-?$;oA|RxJZ%QsJ6-x
zC1?V~r(MR;+g--Rdp{Y{H>5YE(cKwVf@DFj$SS{Gk)6TlT#?=BHaK4EHn5TWWLS~R
z*1aOL;)S<_0+V><UZ${lJT0M?s@Serf;|#OB1A(P_4ySdYOfiC+L)Yj;o*>kJQTD_
zvno;j-d3{5P1!`ZT+l^~Gl%xeDITI4MhRh<T9X#fFcS1VCE&iY<+~hzU!wWs)>U;v
z5F?rjua0BM_KcML*@nFAZW{kOWP1q{?RFrnq|AAy`ma?dnZDRKQe!cr2<kZQBuN3{
zD<ytRgd?QzAn#56ZS}fcIF%YxpY3WWw>+mDNPM3is<Wj_@vE|L$lfM5bL^7~;@E*+
z3D8w%5(rJM#3mTGiQ5)EoUQI4nk0`jW-F(%4inwdbu|WD(+QH#GCy9QRa18}at0y|
z;L2Y0`#t(VTWAPb;ay*gM+{Sm;rpkT^AECu822mp#jZJjQH1ZrAR$Orfn?c3a*<&1
zh-Zi@4}zE=`Nk=m)I=terUDb|M<hJ6VU>9Wqv+u7MN}K`*@yXYS`$fR<<{XPEYGIk
zR2z>*u9WVHb=b@fgx)O#ARN))O@-dAbnW-Q0255I?`VJ%OsWI%Wz{k`dvoLhZbJ}E
zE}4=NOu8wRE`{Fx!iTW96q`RC!aI_i&ixoYN3~clbz^&nk&r~!U(>GJLX1T2Bu9SF
zPeMa(wb8ia(CI@nUYvb?8I2zTSu%0#JuZ?ADV3vool{8c_94hkb7pugpG^>yyAGmN
zm{H2vY^g_G4)V!D(J5&xN0yIS4IKt`n0ZBhnfYfOR8zLV^+45Ktq$fNv>_!TqkHNa
z^&stsxs-!uhAR@Fp~bmf6)f0eiGF+bxc|q-F0vW}m<ELj);q0^BZ=JsGReL;<dql=
zN+d`+)5d!<bjXpNnA|3cg~iGyi>L0~v*obi<h#ieoR<Gk-VYOhV<;L#(r#KyUe;}W
zQ6|hup@9M`ldYX1lBu7ymJqv|9|yG1bq~knJ1TV8`^BrhVJpq3cEMR|aHl0R&kWZ=
zrz`8g%5K)*TOoorG<)5bx=LMnFBUzxj-k!0vvjw8M0raQ#Y+Y6Nb~sxB$6^K{ca>A
z85k$QRC>cjxltwG2;@VH*pg-Ifoi~q3M;~D%J<7ap+NTXwd00Qw$I(+NrQls)X6M+
zE0NLdH7h{*)Qp7iee|ug?uxFY)`k!T>th6MiceB29C)3oZw7K$L!D9})8>Y$R-eUA
zf3`1dpEOUvbTxRi6GuWhyH1<07dh}Gx7MXi5_v&iB=~wxIZ3ywv_ve6XTzhHovpQA
z^@W89WX9_t)8e8TZ4GsSW<71RIEV{G&Y?ZCUH0FgZ4Kc8bw|H3x%(?ZO?5|ixI(W}
zzl{d#s?r0vxVYz`+SYqx%#o{}jI^z4QcJx=?BP)ns-8U73lk;f{#e0$dXrYu_vB~;
zs`p;)%%k@{aY?54PIo=HMXvoagyCEH4R9UsT;8w)j<{YoEo>w&yLJ>V9^N-Ci+kIn
zh#HniA0hcB18hDsrLwxya1oC>u+it|dRsC~1?o?f$KIdHvL$k$>OA{l8tbVV*plDE
z%bpTg1D+C+V~)CvT^W8d`~ZLpg$=1QwF(&U#o*kPI_^0#+UGg48nxeL4ER}HsZ|dg
zWn_S!vsYn;pIz<c5ed|-r>w#$%ZqTR7wT3Tprr>AOj;|_gPV-x^SU!)mIqU;cw2(`
zHht(9Xe((oW!aHDAjqQgsA#PY%cVdapsfu5b6iE8?#viYF@f<5{ayM|RR~-vkOPHx
zN`L6{WQmg^KmH8#*XxU5S7^(4@oynt_n-Vp>|Ult59fzrC>}}AyTzeSU;%q8NnKY%
z!aKcs!uOI3D*raoH;6NhU9ZPEre+sm^{5lz0ypQMBJ<m9bauG5*+xy1@QC=vPy?ib
zZ@EsFvF`#}B04bJ$D(1mIIN$M#nqgXf(Z77x(&%o?n2VA)o4H%`Rp47Zos4j_*A^<
zjLMC`j{$;xmGm=1vXNpx$g~2|Zdq_@y&VyZ;Z{SdGz45?eRwTM<Rc2}P}1h612LNP
zTf@hb)*0JOmYW@~U)%jJQp0yUUakx;_T9aqcd{HQeW7=%eh5c^DTQG2sQ+aY@cI|l
zNa$Vm{K><PSM{)9MhDWbc8B3MlzX!tW^PgJCkxR5;CZrU2c4c9G;Wn=up&~Jx(jy>
z4qcRR3B^%pC|sK=fGctvni<9Ro%B><&)>?MQ~%FAsgY?ZYJz2%<S=NIyi6r*^nWso
zNE^T`ApFPHHupypu1xBi{W5QN8N`+zhIj&Adk6WI-3ZNU<=ovh4^>2o<!TXA7M+2l
zKjf1ZgHcS@95|eNL^_ec5K>}F4z(hZ)k57l3{1LP+KUW+bS;y7k2GcHac)n2nP-)k
ze2+S8ul+O9*6far=VA!!5}KLd!7c6eN7Lt~&<kZl+&_|Ls>Av3XHn{}Wqc42mp&NG
z6#c5jTcArV=Ls3!z{SR!7k<+0uiLt^!%h48Q>ZYUpr^GPW%ltB$}9m7b%gN!vT|xk
zSr%01FxrCvd8)kQ4Cdg1%b<Yz01_(T(E*DRm-6s;(9HvuqlGS{B)`6KmY^QcHNWV0
zS3#R$O~y@bHPGitg1P0u%fg%TpD(HW?`R4!7Lxl9G(m6w7n-L3S7`ds&944q=uGf6
zDLSko)NjZYdQH_NEp^HJMgKPtG$erI*7#O$$It^of(>jV<|_GauM*|$`GRb}>9(bd
z4@4)YzP&bvFs$z7`4jZ{@pgC{OpJ`@?eTV%%D(cPh8n=5Z?)7~v1h6Wz{80<Ub?Dc
ze(K3x721)<C*}A6YJo5?Qtzx(j+PA@wS#XNH6wW`w$I*pDROnB0?zdFBE-5Wvl*mX
zo>Ca3LVwO+6t4+hvW#lJ6gY<(0fuhMjq)sAy`-AIz{nE1>>z5sIph1!Fe=RvT{-G_
zp_tYq_e&+Q9HkEpfs+{hiA+r#`Ts12D#-DzwXG;9g0AtHh*NELF%o}Uz(()0;8Yq{
z)4bqKQTm;x;3<kzp3J}G>;)0r45rnjZfw+E;7WfBD}k!0tg=01kPB{&y4~#@Mu&W@
z1wC84Imz(>Dqq0q+tVV2{98rg!FdEwutLLI?Z(d<ZuDtSa-1<#=ZC;d%2W|89?3h5
z`VJ{6WXe)f2HYl`4oZ4U{}6a%j~_3wd;|yX14gqcaA0`|v6*2H!F3eAoqyTR@=Z4k
zj}H66Yfsy|i0KbSd2f5ny?|Be+mkOc&jmXKhMj=bfX@M~Ru@&xiW}4-s|<uDGgK~>
zG(pd)lJ;DpJ5v>qDuJ~IL)x}0SkX|QTo22SbEN?TOl<C^tVF~RujF+|zS2ihrgf%W
zqHq^K6nH^1(!e8$M)L~yJlb6Z$BJ>6`h<NY0Z<u5<SlZL<XZcJNF(if)^P}UB*suW
z(C|ByW?^KlRmZ|)nV(E=&g<qavKi0z-I~`sUd4Ma_I!Xxf<q6$D018}z(@@M)I)F$
z!Vv&i2Y}ar*`xnO?)3iEzI$<xaAG4&bE9={9qP4FFFl($`t5!)#21Ka1lT$g<`KtG
zF<?m~fIq202)G5#3cr-5HDFv5n_rJ})_uEO1|Bn;W#oFEO4JwIa(3xz4`q&8*r=k(
zI1Yt}2u7tTsr1Q)7K|;Q;7BC(#JXZ2u@I0164Y+$7V)|79pp8Mq_O-Z=N(~prYcBi
z(1IK#jvkJ7Y=C2y9qkFj6jV{(Q!DMvY*}0N1l0u{jWdd48h|;Y3%tr?OWLNzP;fC?
zB}nVf@(i2v-G&rczgQU3S|;jJ-kg{cqiLi<Aa>1q7ac@zNMw}BeXeAEjG`dpctlEk
z(7cq$ETrU$R@gA7RGXT4ke)7~oog%50u`#!jx_d{&m%ep3J9|b%RRh@Tb-0)fx=3z
za9+5Au{f`2Gn5o>-Aocyd%(<cD{LxaalLGkvR$BZGp2BujK6=h_(K^_tFFp<n@vto
zVv3EMbljeO8|nC_^hWAp>=^!ugQ|TSv0T_PX98k65idOi8v<xJv>cP5F`&lFy~wL&
z>gJdL<L&tQ)1iK9>lg<k2s~tB?l^TkyMb93IoZIKO*R2jtrs=?mvj9x@R=vsdT}R8
zX7i287zI{E>sYt}oY=U|6eAlk^|Za=qke2rfGqE6@=O~!_QTZaY7yE)EFM?*A1tyr
zZu!up{1FMLF^Ib=zeq-Fdc^6#eto-pMQ!vvpF<^+&QBqq_a5~g*C>JS^&@0Ramqf;
zz|2Il@Y8&C5@twx@g-qxm+X0>Nk#}uj1j|xVZpd3>z-hDoIxK+3_?t4o@oNwdd=2F
zHwj*lGR>g=VKy!zBWg#@Y9P6#rOG!!!(KPenUI7tWM)cGLOA_rT>SM+>4Mf6lLmQD
zL91wr`SAY0R7^jf1CxTAjA^wn`NYxtU55sgzkf5<%vRp|Qlqk*gtDy0Kuxtej6-0T
zU{&zW;5U;Q!uSR2Q4?LKbEdale#UX}8GWQnBBs87^N5e%{)AUU*)hvDjG9C}MADiz
zMOAoeL487pCFiF3D;-)a`0`;4wJIo-tnNw%S@a<5)IhgN&bmP+WYKRV@EsAQ-28bd
zE%d1+BGN)7C0%+=K#0N_7^6HDF`tsW7A!Y7d;+-d$PbgNqdQ}Ewg8m(g%{0U^x%W^
zn1ysFp<xgMUp7jEg!-x!-OIf0_4C3*Q$jX=X<hjZTCE@b4euL`r%%WcE&-h|hQ|@^
zN23QIhY`u0P6sP2`Pyx4X`W9>6=ckLHGC-O3Cmd+v9=T-<Pk6TyHNiszE6cLgIvqS
z1f<!E0W${9ytBKnQ@u%Bdt>?5B$0k5s9c+uS4{ecap-4clSHT?{%72ymxTN#H3Dbm
z+#rVGf^p$fBX(a_Q9bq_>R}Fdh11lY1=c#Db0cvML#w-87+v_DIOQ(#Y~3_A`Ek7S
zlUFVw$<n@XFdcd6udEXCVRumW6WS8TpJ%EyL@G6suis&0uZ5@t%`A+dAJM(G!}j)&
zeDx7TL@?OZmXLMbe!aaDwx4AQ;SzBa`=fiLdP;gFOcM~2R!|!PRR=t42HhOML{(yH
z^lC_Oo45J5Fj2>gTnQ+GAMKrFO~ic{rR--<VP@RCi2`JOtecz|sYk(nX2DO&!J1?=
zvq95nke!y-QWqXu$%UD7iC7togQ0)m@y(%StEii<qf<z0_}4i(-**oW-LKH(vT>rg
zgGGplAi=&lqR9j?)mSTGN$c8}z@andBpnmlfK>y53sMR&JmKm1s~88Lc5flA!jGW|
z!d`epIfwD<mT$;y4=j4iVTGSu{SmYFx1wGO&lT5}QU{08CyZld;TBmo$ajpwi}HHv
zM=87=gT4m-Eh<n2NdgnrWWhb3@5XKwm||O+_W=)a;mS#=tx$%O>76zT>(fbq<qP4#
zu3xs<H-;!<_#!L!43+yWeR92vypOabuPoAtF74YT-Q*;tRHF3RMtlV5a<Wtgbo;x%
z|1-D~VlVC5=tV&4r(Bc~`rY-XRr9@iTRg|DjQvNmE786T6#j6bw9*rme#7jeftQry
znIygp@KaLGaYJs#J?%ZMcnxQaaRTBLzp`mEA}?Pvd=n3Nfm{+zb>twneK*!L-e}LY
zIV10W5ihShA0m>dZ8mL<+Hv#Dql6IMn+mS571NBAM5`s*p5aA>d{p?aMvl!K2xpO4
ze&kOHmM(U#MLD0aZ54T^{DXp6mCSxj%_b3A2=Qbx^9w#G&GcwN_DA*UO)qP2kZGjk
zy@xtjLqIT){e+O8DLttV?CNZ$wJiY*>?1Ass)Ol-k)@X$2EEk5n6Y`N3Fe6*hK7Bd
zb*hsVF>YU7(gib@9w|L|p<^y656-0-A%|YL7wwRE))#(82EWkd))zTgcmshR83EH!
zXLIibyVp7;8^=S=?F{{#Gy2MfsGQq2;#9d7gz@8*TCUpe2wW=mvIjGj*bwM+>+?cg
z?_%aOIuyc^pyVwf6?!<y(EUBX?Ughwv6eBg++zPM98?%J@+KIa;>QET$dS7{fBbGC
zlA?%QeTrMm^3xTCc86nrBRN?zbXtatSvb{b91vF?>CAmtr`=_2p;|?^;BN}SLL{_T
zQ-d&K%d!ut)*|HrD_JIk;<>#f2Wqsi@Fu=*=wzL3Hr6mv!0hBNvmUT{=H?^C4b_y3
z+)%Q1wetf(e3o|QSyCG-_L2#aDs;7FurJu>WI&saG$HM*EejuTETYkI%oUW1xT;(>
zg!4X`NqH0U!>nVVl*Fs{j+f35**P$x=XR2M4HSzV89CvV<*n6iGfn)({V^F~7cqHA
z;zSdGPO~!dI=BH^Vc{FKd5|0{?vFm!V=!_7Y0d)g_kgW{u_8wjXeK+|7H3^Ne#<?}
zh<j}tO0kbAuN!R<cBUtQPUV19g0^F<PXeWbut^9*sNl5GMJcgvG7+zH#&z0g3PlzL
z$rTK04Oj1Ju~_H#W3{55(0<$MHGolG4pO^$&7P054_|N_+rh2f2W$RVN9XEWDdtNe
zF(Axju<3L1g0Z)XZ3>p-kbARke{?yAm7xKt6tya*ld+JZb874K%JuWITkE!fN!-Ds
z%jC8(kTR<lJu9V?u@btF!o^9OjnZuBSDtUeb6|Ul*ZtxKw!86+)<2i!5arva^RdEQ
z-%TZ4WC@C7+^14@d&iGs+n~(KEkXiwmC~UJ{DzNWiLJ-s3UUVdll}5!h<#YornG<i
zdUoE?-&gwOe56L!=!)G2My7n~$We<%U$8hsvmg>!Y`JK)09=r|6m3vty-6O5Vtxgq
z(PF($o=GOK=8vHv<wn2q<9Sn@rh^z-i(TGJgK$5}Bn6t}dEi2>Y~Aa85s4)*ApF(#
zeV8o+Mi=P=Nl%MOgRCJOAD^S?CU!P#)6A(~;p24}A~$*WH(CDiq-?(|r7Y=~hbcec
zaS*m4BWD*UujH?aJ!H?ZL!&AukEpp-)V1AemITKnG5`HFrzSXaZe}pNC)_HUWYaF{
z2@9bsZqE5-_bOMDFnB3mE|UxgX}mPPmrL|)pmMcYUS4}4rv&&{Bu2%=(!R!sCb=}?
z_IFY%1EaeE7OxC7>^&eyWnQYZy!&uG<TG(3_qAiC=sh-`Je4d63+-{Vu-GKUwkklw
zhi%<j!6ibHT#Yhm)atRMzSAi+FD2@NSrAjD31gvd%^BpoUk1Nf_mk+Ts>?ieELK?^
z`qCs^C?FGG$K0A;0nW%Ddlr9&-f~1l1iy@`1x7O}$85oo1dLs%<=Ksr6m^%3%CL8q
z1|fgR^q(puInZec|F8~uBhqs8@zwcVx!&{4&eu`B%>NW?I(*zu5>y^=+~6da=>72+
z9*mewp!CFWmrmb@;tdQ=o`cYz26I+QJUfe5t>Q$=UL*zeb}at=0&m>$!s02_*>!%L
zjsK-@>+9z9%9kI8Fa<H|V~?QLH31SNLBU<6*V(i0?#(y;D5*!MC)c0&O7G-wtj~lR
zP0xF*#|O+w=QOTSokoF_IKp_(;*Cy2;enkm@#wJUh)9t-#A#G-1k@QKcf%BV#UpG?
zW`<elg!Xx9t+vN9n}%ab_Ya>FJ>iZApJ|ZYUum6sCGIxWETGQ5?e0~tN9Wz+#pw>>
zel#10sq^mjV2MGm=E_=c3wJY{;r(o>XLD0$-Mh!;U827IDF2(%ANBG-)GIIRgTStQ
zNi#c@#Gectt3jRpjYJ5IExBc{>U?wjqz=>)oh!n^s!4RSX<@rd>gjUdGH`nuJ%<R=
zCSwwPq5j&!mYMgl$Z>GKd#H+KawnDJAkUf~?O*@9#y3P-BR(KwEGa&q3c5^5<4`;3
zx@#v(Eq8X1DYQyC8g?Ohq+jfZ1`UMp?NXAcLwS+S%Rw5ja?3BdAy*Owav~Y9_075c
z%exB%L}%U8;|e!R2Ul?^l9pA2RLJfU#h=^a9So5X&<{2}nmPcdX)4V_Ra7!w)~~!B
z)HsD1R&Ahg!_hqQ+fC#hY8+cYl^$QNZ%MI-OlfWpki!JA`?*0{Tx|j-bF+$z;__{f
zUH8^7eifv&q?gv5?uw&dg;Ni4ECEzB(d?O?ZESOvun=gtQCK-`SB%}83%&`8gy`k1
zBX+?EK8A(%MV)nP@2@-egu1p9sMW&x<FDQGeiGGG9!tkz;*jR2YvQ}Z_!xm8nCWg9
z7hjHL*Vtxwj9wiFZrQ4r$E8`V(G|E@dMh4_4*g%iX`Ue-;*<3ET7j*TE8kJk6J6{I
z-*r@t7Ge^vk8wzupbWrde#Mdh8lzkLb4y;a2-nZgV_H&F#VwH?RyCAXfWM!NR(R>7
zjdN%{n4%!Q^tzn0|D(y$F7^z`vJD>nEFw+sAzEuA*Mu5Hzj(=xj@1LKl9c=at1<fB
zX!u40oGr?qaR|*KY47>6c7wp`j6qX!ki^Y!!#PfvU4{(UD8L6<#4V$Ur{T{Z@!jbn
zDRhY_#xG72(vluw?~GiqQ2gwnQ_j2J&l)%+dF?tIq7!iAJEa+6q%|f_eT~MjG{64<
z7pxa<#RyznV9SV(eU5AD1kN&tRNB${bY4M0RQ3`HgB8AFM!oVdi=Jz1Mu&$~KslfI
zdP%pRsJOF;0=v<$q{%W`w+P=tfbZgr3x2aQ=e~yJyr4bY`B<`ss&N#pqOd;S-4&ip
z+ICpS8EzC7-WrN+rE%SP`iRb*MJnY7Po*)A91K5Cd6Nh`%B8Bb!C$xtgY#TF(2wT+
ziOJXiqoxb8CT%mk!n#6cTvJ$U$(yk#ycz)yScKGJVzP381KnAZGl7YyTZnyY*+DK~
zDY16w()YS+gtBU)jg6JC7%XMM@^UCf-bgUD={h;sR!MA;<<%Y5?4&~m^q?a3vFZCf
zeZU+VTz~xih?!N%>c)7Gl6Yx7qa$@$Fb4)>o*fuHsOA)7>N~~cUSa@}W0BYUJsL$H
z8{VDon+`3K4xBxbAiM-8c*!zdlHZonYI(-0=dEMO7Dj!h8zH$G%1~vC+BO*)a%Yjp
zX2NJ?%fxm%I5N+i`=(4k&=k;U0#RLq4+}uBKQZ)fUt=A+-|uGC!wXVLRZ)ebi;3>Q
zwJI%#=oZwD1b46ra$rpV(F${zmu(N<t{DK2o<BEXkF+R=<B!)gyoKi!sqkUhEAE`q
z-`Z|NVRcn^6~kb=Ticn{2*hyInRVw_1B$?KRMj`u#&ocbSo25CYOj+f@XZZP-hCWH
zzDK6Z%CCpT#_y6r*7E^`lgku$WKu6vEwBgZhMiE@@cP|OK$9|6hcbntq8)bndVNE2
z_dt%-y)6)o!A-2UcPtzG+Oc#vRT~%Mxbd_TUXJF913RZ88yB^@PPl5o`P^4!99nsP
zxca#@xyByu-8-je>h9_1Cm+N0-x0yTCRVG@FV#tR@+YTyKxnGd;`TvStX4S?LCb7Z
zd8}6bM|Z5&N<a^P6}Yc&7?`gw2Qc{OXC3(ahe0gEOKWlr66^K>JbLFk77z%7n<e1$
z;OpHw(7YJ|?$z(ARpFDA@6zNjyTBOA3b#V`pX&jFjdoi2t@&vExii<^W>iB1hr_Da
zl06?S<UC~<U>r^87fVrV4*{O1;BU>B_DIvkjMcCD`%~>0K0<Ze)j#DBi(><{AQCw9
z4-D~wvnEb<VI+P0OYIm5M3Oo*9pKT|B}VagWuhXf<fFKFfty`zd;o3$>fi0c>+@7N
zbLJH!DuHaqg%}SZWd~GwXCiE(E%~vf0(>}lP37L^rOV(pl#~Tl)HgoW4spNitT_0Z
z<>u*$Q1d#W?Ll?Hj#1VGRle=hlnuW%ot%#cZ=SbD8~Eu%1^%F0o@1?AnmG{pHGt@r
zFkMQC#8?_T*H9ikemnm%TkeDnn+b@4=6&k0{WDo&?A&F9Vd%>FRsPAyMs?^RtXs(Z
zRf-_TwxuA5hn*nYt87bGp`>ih!7xK#>7UCEUfmQbPL;~{Q3wtFA&O(kQX%Ix^DtVk
z9Ge69LBg?X_F@dK?MX2}n9{^lrpoiZx%`=+R*Sjbk)&Iz1?aYK&iS(a_45RB6iX&s
zIllK7)Titq*Bu>#Itu(tnQ#2uCOtv!+WUin4Ac@qp&R`RsCI}g>SSSg<c=9|7NBla
z-B(#}!r{TXct}<|)Q#JIt{yGQgFDB{7<Vgny|OH4>?!MpIEYid@d_LLO@7r$Xiueg
zL&;D3cG<D5J{b$0I33wyhXbJ-RuoYpvE1Pni<uI{EUv3xvN=CxVJ1$n5n$6gbPj0B
zf=x+;;>V?xMKDW)b(68LY9R?munLk%!crDPBfCKx*gruRnk1H{_e<7?f*dW>4UMzF
z3`pWV!;|=aAqrE6BuCEn2{jPGTtI1-3ktOZE?)va7GA>H4xCegFOOija=!253#5dl
z=#t)dhPY;RD{6~4AFck}_}$z4dv)0iY^jeKZ&%Q=i2b0jE#3_$sM=iEDk>nO%qv^G
z%`3}o^iy7$)m=XEiNz&M32@<sdvk97J>!W*b~EQ8hy2Ro7Ptzjv$Pz31m%GRD(>E`
zPIlyMVn-RZu6G^+YlxjlfSNez0vaxKRRtH-bgxR&+R&Uh3hI}tx1#2)lXRL`W%?xT
zq*_<hNyKVvY+wqQQ>ekW$uW~IvVT^PXlFzU2qRr@9g2X>a04nzr6*B&G>;X#JRBu)
z??Q0|msmo;yyA$$!)>@T(ci4}Oo>RL(r40$N4?<lGZO!FWX|M-NGzL%fcY#u=7{fa
z9f+?a@IY|%g>Ua*<TQNJTJ3*A5zeTi^LzhiD!F0v;@cUSk}DBERL*0nXgI41t5lC;
zO7(Kn;z<YS*k}|8ZDP<=QgN)F%Sr*2WF_XJUs(Z57KNmJ<}7#rUa?*}p>8>A8$vjS
zl9(i<aJQ5#Xs+_w1;Jt3b=&~gIe1_OiASGPfea}aj{^D)1ShXpn}(z#6(Mj5Ww>1;
zkQ4;RbT3m%tK}$&u1jV=YQVtr@@ifv&34NSQAwMhH>YqD4XLab<qFcXLPK`F7v&Gu
zX9Z>gsYN0we+06zt($z~iP{&1h7pLWf36>bX^;Tk$wey9k|a|RrnydN1nc@SQadiz
zHt6MQ=G5btWDMk5{reRLfwIs1J`SvyHe{IgEo1lux`wb(ZD^c6ngu-V(jH`RLWcI)
z0UIeK#PVMCHch0En^Qj46jn2U!q`7-`)4_7S2S>MvAWUv7<0C4tc+t39}oE=MmR%g
zKhJ+CTUD}pyNixwRiQ2E-UIu^wgqbJHfKmSSe8R5q+!2;??w~SpGtxAyRD_|*DpWk
z9B(-|O{e1C5dH|cZ@r3vD`ylVB*Y1bv|4ZeK5{3lTI4fqSRoW*9u9#58S8ejqF3ir
zcGc^+{!^cc3N4XR2Q0WdR)8#bag6S4Fhvoj;aqNBI7NTD|5$>mp$EnP7rOW}=NUO*
z{_QN-h-4kEopjTVZ3ycuClA#fvAr*=x6bq$xt?d2glWoQh2_d@lE(;$$UFF!(U#L8
z*7pU5S(HWvf2q29KdelcE6XaT-D)gt9ms}?`d8pWV&Nxm0AtDm22j<OE8i1s8?qC6
znxZ+d?Avl{fTVk;fAz(9Fdxl3cK^3NWbj7K679?Wi~k>{MqK~H)Ztj^e~eDk<cf_;
zxFtc-E|p<6q<e%wx!o5x?$m8>WzTV*6sij?yqkV|^l#0>(c4}=z*~=)+$DCNxX;bQ
zY_)(vi-Wga<cg!+19P2v4ckUH`oYrrB270sn}^}f(wfAbbrHK0TPvhc-N;7w*7AHT
zf6Qk=W1yc&C-ACV1G*b=aZ;ljQH}Lk=<gwv5)3eY#xMjeyk{^3vA#HRcO#}S1ReZ+
z{)9AKBy!A&Xt~?A^!!xBRE$zaSN0><3CnP5ug%O}UrjX?3)^o2O$Tyxg{+BNcZphJ
zp1nAOO+e$qJmi(B+~wycH8$r|-~bB*URk^XRCjsh&zL6`)}BLN*~AtzKuZSCjLvUX
zpjQ?Z!nY#4vcRMt8|^CYcJR3ceqbehe-sXU6hF2?g>9(ep&K2tm$2ZBgltsxl2YE+
zkxOPQOTI@osxkmHEw;<O-uwPia=_NGT?`<qgl;<YXLLyaXj&Qw{vHyS8(Yy4|K$u4
zialLOl>X}sLZ$oS{}VS5w)!>sKcY~+ZQJa3vBfv_`-|tHwpR(GzpHwat~H=VX}6?L
zQukFobh1T-1<H@nAI*kynx$9Bv^3x0>tvAmlvDWRYN@<otprpQu_qHrTV+qOcW!2D
zWe{uUGuA@~V5ka7gNXFV*aN1@FCGz`WZWeT@mvE1Cy=_fITgthfbl6Kp98b-3$?3A
z+fWgKl#>QpM!pq;;F@n^N^7$o0M)in7(fdedRf~{_oH2}9V5<Z_jYFyt)eB6^Cg`_
z0thsz!IxBp?M0c6Kz4>$+#8y3a0MXE;S%81K8V^s*Y5zc0{~HY2^82;<f<ZcwsB10
z9iRK^riJT<e3fAue(eLS#itBx`k{;6|9~ia41Cc19uoR5g%tY!MWOFGLo%)a3eBB8
z^Z(+Ru>j@4u9#t8GeVxA7S{J*F`7mOh*=^6Gt$M!HVOfBYVLL|GG=omiMZtmvEdJ0
zhhsa82-@q)&8-FKR&%MXzqFywc5F;@v1l-u$Qp7WTvyBaaK7(Bck6fy&;iHh;I!!g
zG<Dh4m^D*^S2Pt@>yDS@i3e47f>(MRo`FALzpxr5hloS133FtX>$Ntl?Kp;*Y=d){
zCSgpRt(Xy7rbTFZoSJ*`d@f;tta%F-Sb0H!U4mH&rCcZcwek)ex!WwT&T+yC{O`z4
zPqd%-p2T(q83EQF<x=Z^GVQ;)=dl;^;8u=B2cH#&M3%y>BS<g*#%)BGt0g4=#h2gz
zjW4ea|2Mu+hDvh$2Vc(MaQ>4oUIYINzG!)F3`c>jwtfsF{2MMdO-oS~|ALG50pU(*
zH`Lv~-~##$02g+Hf8ats{x7%$VFBRs8~2%f8~_*c@qfc51q%R|2#5a(T&@9dp<M#N
zg;t&Qxj`Fn0Kml-Vm<X>6+|zkQd-3O2fbd(Sn9#8Nn6g!$h}Eh){p@0T5I}fNZC+T
zQsW3lo1g-_?hg9_XbBo?MI_Wc*Vzf#0C@lnzT;WgRI0MN*k3CTOLD*y%SF@yuj~RK
zumOZMfEo0O<=_ecmpiM?IhLQEivX&Wj=<E3UFVblCeZmgQi0j6YMS7u!)q#N4gJ$V
zSk()Rg=im+`I6l{MjW&HDUJ-t|8KH5AN`vwX#e|U`A^Sb6y?WNXV0Sv`oBy(1>;AE
z6`bLn9at9@VL>*g8r$kNS3gBQb$pWOMx6XmvLNwKV`zAdjJteA*JA9lDq~r|Ur5n3
z7CZ3tyPSQ`<O51SOcV{_RHJ8WvrK5%s$E{``x=<{zKxOYd^b7SyVu+wt^*fAE8gLe
z3|LFr#KLFz7zMqNsvhx{=!|2Q62iPybtHMtTDARR91aR4T{K|FoX4Gk$w4t8rrP#z
z2;={A!ZbQ4l^_j-#3(B1l?kiB)$0!)Q$L`pjDKCRhFgM2IyAfp&Z`a76AjNa0d_uy
zRiHy;u`4_h13(Gj?;<=>(HEKk2xZ_Ep#co}j6oo?@|g%tkmb`K{Cl05p%)wQh6SRZ
z1^LEGqVv1pSVnbc@;)YPqjZOj+?j9x_;sw%7WLc(pu`G8X(>&ZcuZH8c;wXW!P0**
zo4Q&QF{SB-ew34$%8~q@R*3GF!cR0;!vdZw#0pH=hWbHB?5;~KYFGHp{$v63so}pt
zMRfQ79V%1q^O*LrxOE04D`72&!eyu2R=Y;pNN<L16o1m$t?_CHw>)UI%1!#+6^pFf
z%w4VO!RtYltU~$up(Q|jrS!bnD<3y<+C>!T&AZrQaqCCCXhS-q!jt-M(_}}Y<V6<d
zqJnG8YspN}TT7O?D;1)TNW~*?^TvjfvgOph&WR<P=~5k1hBggXhbdr@_&WlZ@v0Ki
zC`Gz;w;(ku6G*ZVJ6Mupei)3R>hwX%X#A~4XyyD}l4?Mu1v~aWY$9r;z(Sl`?sVX4
zi$QUfx3%g%csIk48nohJ@iyJWgayJ|4NA`63j~H!8tK9&ATR9~`5{i^uZUAc@-d@?
zNfv0c_xd*Yn@z1<kJj4g@onI@CdKc;!zb|}`1t3k+>~=SrhiN1+UDAhV{6Fc$@L(G
zHjgu-e<kwDlWkb$H}0rU8%B}dRpayO90}l5nOU4MM`^s1REsu>i2FzkX1W0+thEj<
zXXHPi?wt!pKY5--G1-ds+^oH>qPgpK5KhhLRfj4W_J_YbAFM)!*^!d8k%2gM%o<am
z%H3dGd40GdpCjgnbzM5vCubb+^uAN#2NFgD*5rB!fPX4iy<V_B+Dn7^);jBaiGDEK
zEe>n;O|HioC@k*mB_%pfxljH<6#TovIU8a>k<=_nGDsW9nbUjRA!G1*Sw??<-8n3E
zkzlS?@S>(Eo69ciY_!7V-*uc3kJiStun+ZOWc-}YEw=G;`)M-sjz|Dq{kXGu(+cG@
z@s-mEuX|nh3F~le;R7tEJ!<h{iSdH2!Cn;K?rJAr3t=syfu{N@w(_14zi-e>4og*j
zkAlW{dEElc*h?FF<2cpf;r_n_aw6TN5X)QekU8=Hhd^FmX+2)7!<Yd=45X_>CPHbM
zTj)0t+%NiQwD$_fs-q`s#Dqkg{+<KfT5#)QtO+aGT4a3_ES^a8Cv5cX1hfvztJ}9D
z2bybc7yoI#nQzLzSj2N^IECAwtxvqN@<F#vuxDITh%)a6+z{qNIjWl^4PFQ`0*dIz
zWJe22+$ZZ~*>3ZKt%7b^_}X!^58N9zt+G+9ZRlD|C|EzPZS)L#+EWPP=1U~aZ<ZNi
zmPZ%6(g8-QNb6}I!IUjT*ggXOHH@m*t&!DEA~UD<XCYdtlP3>olC(q?HIU`bM_c3|
z$NPpW3iZW~MJU(SjNIh{&wl#N`<jmu)PXS+r(AcB%|M0Odd`Zxv-0C0<+%nxp$>WW
zpbEWRm(+Z$6bsXoUVfntCD}2pjl|E500c_`9^4y<M*$IM2cw;gr&nW&*!Gh|Cuj%b
zi3eDYGtruZdPyN)zql|>n`%Y4^}xYf(Log!92A|VLo9dMuW!8j85kyld^x{YU^tb7
zn639xQvj)#7(J0CmE8j4Vc}-N5ar%Qe^r@@8qsZ#N)g@%#T~?-@eoL|Z?^3gz7E2^
zp;OMH6tjh>joBl}YJ}EVkX@IhO#F{hLb8AMwf%{a6bEwf+Mv*XW2#SBn3FLy*Y!hV
zhR(IfX$hQ~3nD^KOM8i{6Qcbf@{n>1VDyM54$GJQ@|$EFrq0rump83GN{UbWjIj(u
zZ6!O;IuGwBy)>@-1`e#cSNmOM2GCtGf~`UaK_co8A$9L}&$lJDpm;Em)iT^&i4N=}
zL7GsxX;<+;whnC6NxT8NAwC(PCxR>S0bJQ7a9Ec@n^*mNGIq`m3ds}Z>^2XIfSGu8
z)T<h3v7yzMAlRDYZ5*|jxF#EA4O8f_f2VjGE$^CObX`gG|0RyEtGBhW?c&<QEw>;#
zmVn0YDHi9`+&*$jzA@5owB8@Vi4AiVQ?$&Nk^sR>{0YZ^XD}iixSLA)QPdO@Ns(b1
zDmLRURBRG14HEO|yixlE6AL~=AU9tcz`KW}xWCx<Y2jbiVJe1fsk-ussmc6~e!eM-
zgNdNW&Z|%Bg%^C1avEPxm2+L)htdt!G_ch7h#+^>gziCkyWC39Qde*CgOh^_TTt3e
zbo#eDOnY5$K(m;(bk9$U`KX0V<}g5B!#S5Ph`#1MU`F;zE@i`F4D4^Q0S*8CD0eqy
zb>+?FZ%U68t-(zlOj%IEMpHKfXyo4N+ben*BlPFf-i~b<UT`izoA7^fvGL=5Bd4gx
zQUe{^gKL<(vJQgit`{n?2JTOdP?OD5=(sp@C$&@=_OGLo*;>!rdJ6ve9KSjnu?dNq
zw+zK2!obRW-&*v%={lv{-Se6S3mNQwGRlyL3=?F0kIjC%tn^U<Zn5$+?_Kh~9z6CC
zpgQilg^sYgx%RmSj`}N&SAsjl%mSowjTyWA@5iKnrEvk)H;WO!9BvxYnWR6h@}JT9
z5`U%fVbkv_=CPhzVC9G%iT0AE!7~}F5Ug_HM}y@mgklWc@U&9y%2wiL+Q1mDPt2Ct
zB<7+mi_MxTx{@YR+=b*Mc}Q;(2hXf*{bZ8#O20Y_nD?#f4)!&q%P|iZ*Lxqo|7p5s
z87(UiaS(Ya2a0>OAueDl{j^Gf;yp8Of#OV^@nFS>Sl;~X;*l?QTe$aAn(nA9X)SD>
zndglbj!N^}fG0!}BODW3dMYg%c$fehFup`XB+anqG2m}LSQ=8p{*GHxv?w#cD4nA1
zaOj=7&?-)G95cz%0zqHmz|B?tac|=;O@zeb2~CS!tg8+6Q)N>AN^~D-qOh6Koy@BA
z*<d(t&lTuwa_1CJ1idB7ZU{YOOUSHsPZ|Z?j}E6NxE`Zhl*bLC?fqH9HZ`l$Ap(9|
zQ{E+lu6rm31uHM(mv!IWm6W|jMME&WyX2Zzd9!LatPI88P#e)0dI@v7S~|BbUu+5H
zFN@cPV9DzcH9CW4#$=R(bw*QwsX{6<pc=e{IaMv{vgzJ{!g@j{YiZf>8l4@xQ{)NV
zZ7a+pvICSfj1_K&820DrJYEk(QZg$C0fmK#f3{d`JE7ljP)5R=Tvs5M;94+A`}J=o
zwPpYPnOYf&!n>BFsT^y~rUws*Uv&)j?x#=5!00L!C#1rZ`a!Zq8wQ9)j?^>kgA=zb
zb%I&uOgL|1KQ(tCoJG+S1rPCa8YoHwCL_LAwAw^=refM>+4IGRsS>=egGlv#>zkU3
zw}2clkuYriJS7`}rwt2$V8)uDL(&#Z!wOLM5<NC{bmhrB#VywV#zyv67<d1nW-D%&
zRi4Z)kd^P<;ubhN5oFv6sHq{JgD21mwvz%Lzx_NO99#r6b=)Meihoj?ycD2NCwx3C
zCv(-vrC!YC+TWF(Ad2X6aS(&39L^%QVl_;R%}(K<JL|3N$}U8O&3lxS9b6fNoY^%K
zIyaz8B!j$8w->LgXE(&=lO;2`_*Q+A4f@u5ID!j222p)uv*>~?R`t=S<bW?_&!kSs
zrzCdJunspJ=8#RV6&~bem`{J(z^67{!Kd-cR30Yvgei>H0SV9nV#oVePgE16nw^`P
z4sC;hRHyn4i5Id7WlrrjRoPx!@^ZjWC&ga>>f*VDRRW`<G_8-h7y`zs*y3-s1j;I@
zdg{r)%P(52;5)(M37oJs`W=$|)*OBSbaC$io%L>j`rJXcLDVv30<rray0|cWy!X>T
zx;P$7i`{KHy&CdgT^xTr#RYv)#KJfShq?Ta*j+{H&;53(OHK(|)t22?am(8{CgCB%
z&yy5$hzsrN5#N`$ttnuA#lPj_ov(qR7X3Wn3TF9Xn?7&$4i5(ack8KF6rgOq>+LT0
zv*_#Xa-*aFtNU&5jsI)sBlq*=<IC&mh`-14>l5K>^J|L#^JU5xa?>S75~@fE=_b^z
zdYCI~J-nA6jNm&oBz=z#7{72QG<~W_nR@MbtscOuh4>$$yK+E{eoZBnBl!fk!K0jj
ziGcHx1hqbx444x=@UI}Rpo^s`y{`7PcibDsiJZl8+BY#s87SnrEh1>jIfCb>u+Tn`
zaZ=Um+%NBP72>bk$7=EoCqa!?PzSk}wJ!(0M@x_E?Y{n#-Y<-A-@d+7k&{EdZ9{+i
FzW{y!3UdGe

literal 0
HcmV?d00001

diff --git a/assets/fleet/fleet-103.1.10+up0.9.11.tgz b/assets/fleet/fleet-103.1.10+up0.9.11.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..12d0e8d297e97de1e91bbafa6330f34b173f606a
GIT binary patch
literal 5340
zcmV<26eH^&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBxbK5wQ`25XJ(Lecjm6@DHJ^Y$w&CZ?IcCy)Z5})nN-qzNZ
z2O?V%Vi4c}pd5|Y_t~%TphQxX<=BpLvnxzh#>Au102<wm2D&w5h`Mt$CQ^q}lCp2U
zK<ak8-TmEN`~PmYTmOG=cjw@n-tIxK-`(HucK5&O_WJ#UgKwbwC6KA7TxlY|={~uy
z`rv*eiEu77(Nu611pqP8go#lY6RjDBRCGwLMVoS^31bmha%smh`F%=sJZ@|eqttXr
zF^NDD9*<ErR>MyjN}3|qghkNOGRIb9#W771<o8y&&Ij0@pj1@w2wwd7d+3Gzov_>P
z!Vl)p-<dyOG&bcVMU{~lBXF5*H%2v88q>xmLPfwR&p$PmW++ptReM%z`-bvF+^FW-
zQcP%qsy&*>2x68ijZ%dchf=jkkFab^dW|srELSI>AAax0-w*E@zC?yZVcSfDU*3RZ
z^rr&Uq#uwhn|*e}--W$ikYI*9K^{|7QP751@PukxV??#cREV4m7$yOLgFK@8qZkAL
z5;LKw7IGTFkTQ%qov;%d{-Zj+Qi3X$G;{D?8I<5H;bepo+VGm{_n88s;UXps0~(uJ
zW34k4bv&TZ&xoa8rBJI56C<HIZd%o36qLt1o3~zfC+vm2?!V`mAL!TKo?kpU{y!ls
zNA;xyzzY7q*I(rSdpjHczm`N(GQy~~Fa7p$+a&<dWE8=~ZwUa~<}7FIOfVWxBX~1>
zC-j*_g<J;#86nqiR>E!DdY=t_3tkCXFiMa(qDo6Ez(9`?vV6d33?I%<K@4rqpYs7q
zjv5slp1lEua)J`lTxl2}DAX`UiNO|}d?IPaaL!E7WrVRvqy6389m5zeZ1WH2rxCPT
ztFgfpkjEmy1neFwkUBd2Z1mm?f#FaCrkS1s)j$;xrScRL&||9VkS<RzOcg~(91|E!
zfxrzi2G?BNa5y>)=fgQVEJkyT+K4ZX3U0=z$0#k5cBw#(Ma~k?(ja$q2!os_3>6He
zNNqKdp&2|Mfs>vul&`F`kZ2%sBPuw?wvrY=f-OibZ#RlSF_9r$${c}m_}Kw!TL3>p
zDiYj=Az{jwYDr`5@<T^>m!}tRMS>Bu%1!Oy4k5|?;+Tef1VbTVEN(yyHF7sfRSeS*
zuGBzaj6~`I674!T8e@D-`5UfLPOR$E+e<C{zxWxOiX3hT*LHx6iJKXL<eA_#DiNSE
zjOlP{W{^r?WPnVC0UdE6@yIniFEu%}6(TnarrRTt8?@~zjHotv1Ca<K*M`W{l*e#G
z_1Lf1F=k9m?Q|<mG={+z{K+hmL@lRgS_$wx9iX(W(a3f~X$C)uhNQTFkwl{5hD^->
zw4@^=oCyb<7`S>&G$aBQf1x2Jxk4bogvdfi$6RPj*$ECw&MYPO_KL1d9Y0?u{FfYa
zJVr*Q5%l_9WyWi^=ik)dA(P_M)Nhzz%YC}d8+AHA<O-z`@<0CP4;fMFM#$vH=!aag
zAEO`4!v1JL#Uf1!D9nf?8WUht**Qx@N+?$#B+v{<l1Nkvl^fU%Wy}u2jLYtF({sSZ
znZuyhKM1?#zs~pDz3%+agMQfCw;#R!cJFuQ>wEXPza6Scyd4(g&qPdE5DbLSX4Nyp
zN4-K7nH_}zz!qGN5oX$J3AF)&QQBj(M3?~KiN(?aol#;@(-9*|On`E)t$B6WacPIk
zVt+T58Vq1t&$9@#q3-F7@NJ+&$HFX3%eZWDK?_<e(Zg*A@8;;WS{A~g-Kch}C5cfB
z{aFPxP0O>AShBa|TE{PhOM`~ps>%Wt98Jw(&e#-Y%iu=34OA<`#)foMuoE-KrcYCn
zh#Ri7M3T<bc?*+r3s#MV4!vCTgHRYt)c#{&g=7RNF--%2jOej){5cpgF(Awz)HJgK
z7Cf^(b`$7X#nf~3EqEsq^jyU*PbLy0H|U5P9$;#m<8UtYu4hujXwQj=RmW_l_9&+b
zcDP8et&kZGE_f%{+6qk8h0PH%g4;U-@zn1lQwEw)!=KE|3uXia!nYEC$*IJO(6Xnt
z{qF)_%N|MLZ-2LgIFnRJs;5VcC}oJi55dSj;n&s-Ck(QBO*awlShBd0f&>TosNkmd
z;}j>zBIpL06d4&2jmIYY0=1D^>QWq9IZ*)E+Jg7?tU?$Zoqd2TlVVt<j}XqJFozvw
z8FMU{nJ!FBElqhYa>b^Wh!mM%Vz{WBf;k?G#K1q~Q=>l61SW#zDb}bjCfw{Uf0RtN
zEromK1qNsYP;R)_SSWo)^f=gxv;54U83kM5`-z~n-&HM>;W{}g_hBo-41)i3#2G<H
zr&-62yU5qm3?n$E(vrpWy*#qqC<szIk|lG)qIf%ENO+$4+5Ot;@jrcX=Rb{U#)wAM
zxf&zOP^wU8&vq1CW&i8$@7B(LyZih5oAci~((P^Ah+fLEP?)d0B);-`>a+#zySu<t
zq(caQa;5?&i3&qfqXe2Y%OvG`2(5opoz|lOpwah>kJcO?<jKO{!R>A5W$+hga;s_}
zMnRaV8Ad2sd1!5PR#K_$z*KP@(`A=rkr6aELS8dL5+nc38Nr;;;xQ&UbAm{Zg~Bq#
z;AO|-S4^@kY+E^60`A7thHEr}yKHJSI)ObpM!v1dz~K;MqcOY_7ruX!?ap6D47W~x
z$q8%KXQmMi<%PGyp(_99rp^+iuT8U?^n9t#|D9%$lI$6cfh+ibzjx5B@&CQvL4U*l
z*O4l={$6lRc@lwB{oax+NKuo7XcEl~`Thn-a4n4*D}$ogQBDN^uxFCnz$t>QM$X=f
zpmlo-1=-yrdP2CnYi$?6=BCBZgK&FWh@ClvaBi8ryNeoYXfkT<eQuugcr-Mw*)gl*
zC>atRgc*QRNn?wnL)T!izl%JEg?2}W3n<qtR<#ZrYAitTMzw~PzNFk@h2^Rh!5qel
zx_5UosIybJY40-uTK05Y#cNhGw1p+q09t0zmsK}q)!Oc4zO240t+sH-_f`bWO<Zxc
z$;_s*te;thYP+gIWLe{CtrCR!)ZXA=EX4IW#z>oJa<RO;+#{;T`QXF(>6yeK{ZwsQ
zE4;gF*=Bc}gWdm;RG0rHQ_8a`0ITl*4tDnH@_)DA+sOZQq_X@cS*AKOC18F}@DMFP
zWf(`+mgy~lcAwivBL2d{^9zz?4b5RD$$i68k0!ASjO9=O3PemYMTBycvzF!zGns>F
z`{BGhe0y?nc6f9$EAfY}S5l-=DHC8wktOFitmgWBYa5#(KWE$v9lkm}Ik~(#JAZ$6
z`1<hj<m&k34<BA%U7TEAzIpfh;_CAK)#2-tcb6A+e2nabUvi;wCi(BTQo`Nc3`Xq;
z-*CxNu3bg-==8(I<;nTg$-DphaPq+*e0uoTM(iF4zBo@V$IspGG+^|{%gZw}cmI7q
z0{6DRcnW}b?;p_G-v@o(m<z+~JqvO6;p*({{Qaw|<2UDv2+U2foiEhw*~$5v_s0()
z%mQfW49uT55!MplgwE07<>jfNzn`w&zCT{ru%%~WOS^J!9^l32oF8V0(c0Mo?BStS
ztck(>#jM9AOtXSe`N>0T0b;{xV%FT=V)CTS)@)Y|J^5MYLPJSKD?Qk%PI<eXP-XJl
zuGRw<unc;xg|2`;tN1huX}4|WVosak1X(G6fmr7^KMQoq6qfT8#<{&<5?tdaU6up(
z2JuYN31v9K6BQHYZcqI6(!8cblDy|^dM<>1MHxEkn_cb}DJx(liy&f>kpX2?+c$Vn
zN{JL%HKz@Sr>FPLt-JDhYhMzSo3<e}d1te0o(fn;*5%v>@RbIj{_bcIbTxkgZ-=#7
zl;>4M?RE1pb+?lb#<N|<!4QlVe<dkfWN!`EW$+K+lqbkF^tyAPr2zy5G06#y@i30f
zjJ&&#P1NpLZ-Mfd<;gNzZdk(MdssB!m%+K>`T#36{sDDZm6fR6*)GAYV(wmrUfJ;8
zh+VnD3gi~_iuzshtY*{Y@%%8mP&#MA<&|w<gf(8Zl!eHgAF6kP8@5nm2Da#fLK#7?
z+wE5KUrUi^zMzE41N8s;`R}6`T*dAR_R4E;<@ZXDdLz2Z{@dT_SI>Wa^VjD5w~kcX
z8}sY=aQWT5A+2`1U3n)yFeknF;qgymu>92MptPIFD*&i@BmlI=$kI@aJ7XcPTM=YJ
z>B1vn+kNHPNRk8>tG5$msIi?D##)=H@;FAcPbCI86cXDu+rF5hg3k`Kk3N&Sr|#9m
z=x4BciH0b3p$)#n$*kzntfR~#?&m2@r)IZ)e&y<l^tuf3%k|}wy6o?j7xm@mRp1`4
zeJxl1>U}KN{+4O{b6S+6ids}%xu>cU4$9MIKEQy)*J3z4r76`B^gdH~ZPJrdUH;1f
ziJ#jKWQF|S+3WS|?|*t5|Bv;gvJAItPjWpLlK$!*E?$4HocmdEGwhWD!SEqgVVN`M
zAVxB31(0P*ZSM^>cSE!9VU@^bjK0Q;moEZ<3Cck!V*yUhP42N^?8Dny%bD#~*-tOM
ziId*ykwD#zp@TSkY4H$XOP6M`k3y{y%%fh)7*L*2K63f<8nvPtG7Gxi=h4X@9N-6$
zi(u$Y>&5u*=`8?QB+BI%6#3vI#@bS&Yj#ml$d<RPJc_@)4bPp+WLUaXebgL1brUra
z*k=({EQCxbzn`4!Sf7b1)<X_oiVo@~ibm_^)Aq^(W~F2+T}Bv=={<-Ou4!kNk^XXf
zywuC1SGi(}UcK*s^ZIIC|EtQm=g|aL=zravUj6;|et&oK{%<X*@%>+IuRMTNKZ-X#
zzQ58g{mt*dubbTdKR-D<etQz8$rtHkmHqc%r~dx8x8L8`f7g<>e1MHVB1^%B0SW?_
zLsco(hKdQp5N0I_&b{xP|2CvK(==l^4`O0{<Nh)xwuNo_A3^Z45aob;L^(!tpk!`(
zEIWl0o|HWNe6tD$VmL$zxk9NR71qPfatiQn_*HLI11}a_X~H$6f>SN5Gq@g0k&niH
z)Wu+jBDT(RTxbxSO$(UL`ez+V?c{93AlE=O5T*o-=meF=h`^YR#*pAhq7490U}q4S
zP(|mEJT`!zNUYfuZv5nVYd0oE?}g{8na`3#_k7lhX^jal7HB?)b7ygbjwCl_H_X2t
zzCGP`^x&eYY{Q>(rA11A#cdE~{-zL%bl^`8MIZw`mWUyo<A}(Fp;ASGQ$x3{gX~Nx
zwT_U<l#`Ukgs~~;TypD#tVOkRGfOsu+6hg(D|$f(GxyILd|I6-I5Z0(QRPf;`-L%c
zgZ!gux@3vAEum1Qk;hYq3ds|yi^X>%q_RfyZ%pGPw?48#V4aKYXgsEVGnlm`<(Z%1
z`o>dHQC*4DVrAWnOQCnnRH%I5gWi~)5E2pRHmH(a8`Cp#EeWH)+S#>}^0!39aDxLy
zHU9nE!t>V|Q%a$8z6-tYEn0V7Q(FbWYa5cntjEwsI!FY6p<zrW2vmn|sdh}qA9JOF
zz|rZOF!0mjJhScSgP`~{7?qfi8x4Hx!VMTQ(KiAH=;8?6;LKg$1~@o6KXz`-hWn%@
zcgXOQ-%{asQ4sw6^UuNmcNn|S2ub2y){B7`Lw1jq&B&d;VcN8PXrcl{n>V?q&z#QN
z?h?txQ*w^-?e-0!dLB8;{neR$KM&+GR5Rp<@_*N?5`XF0qrt7x|9c0$`upGR&dx^u
zuOqFB^>t8<#&tAP!ChztnRECk1_}m5Iq77Cij4xIf=cACNe%4R9{48N)U^MfI~v%E
z{om{E?br8z|6q5s|JRY+k}nI?HH+F;iqUoOm@p*&Izf9Xck2PbGJonym=kM|wZ7kF
z*Ka$ki$2`|4IbfhpYXX$xS6ac2TrNPNBP>+x=GKSn)v^7M*~@D|Lxc9KL@-0js15m
z>7OnB$Jd_E-&(qV|CgQ)JV6~?rT_K1wf*1k?({eM-&)eM-c@^b(ceoOou+a#?VcjG
z>{DT<vsCV=UGWQZoOGU3v&(8<VsEgUVJ-)kiDU^lqc^^oe~z&Hbz_ixOn?4~&oho-
z{-)!zf!5zyE$zhDRIP=aj?zTuzM$51>t*X})9)rdEj^h3`}bjA!2hGWTi5^kz5V@-
z{ckPlOT7MZWYqQ)^PDe!ynva%?y=|Q=J!1dzdTTT&jX7Odf;DAf4qPHKTkA}75l$`
zu)CoD_4YRU-&)cm<9`$z@w1|Sc$K2{IM1q5>(!1`rA^=D&}7)gW1N@DPV+{wS{eqx
zm%BIst&&gA0#9o4*O@<&uVl5`p0iriD@AJ_#VS|)CTILczjLU@V}TVhSzviw7Pu!i
z3p_YJ%jzH`uqqG<JS>(-9nNAvl1Bh)2u#upr6D-UlJ!}=)DMZx0ZZd^G<0h+><<<!
zaRzs_YWDMa)51}_*=uceZ*|XjSFLW>e^P(z^G09A|L>Ro?(zRqZvt28|NFiA@BbY1
z_crmr){>sbXXRmrp9X)E<pv2yddtiX&+mOw4B;7kPM&Z|S^N6mzyG~z^+X1+YXA55
z8}5HL{-0|}_r1qot@md_7V&}#9bl|=*8aYTC15H<F#nW7i&(G-E|1O%IZosV^_j0|
zt5%N_7483P&(}X&deHuVqBqd0{og&<tK0v&z3yiJuOmIqALnaHt4(_D)U^M@F|yP}
z=6;qwR_*`2ox1<uUVnFE|6fbmf-|BuO85IFZqeNjH4bvhjIInBiLc2B?GN)=Uj~(D
zR`7!wBV#aPV&H6kl#jMSA|skk(Ec`5DWC8p*aD6t=b7+rW+Q@Q;tt>c@4FD*JNFvf
z(x3zx+Mj2^FbIz?t}e8&KZJQC(o}Hx>F5FyDpe4UsP5Q*9r{5y_*Hi7zeUD))G_}Q
zpK8K8b3g+UU+0<qF=7?G4Ao5*ybK5AI(QlC)ch?Z9R)A{C)k3Yh@>J{@aFhL1z{$I
uQSgJ1CP+H2x)dLSaH3+7VCQSE?Ivx~CT-Gv>3;(N0RR6<3N{@8f&c(Ysh}4C

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-5.6.0.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-5.6.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..135ee14a45c140f982a7f23c285f83915851a5b2
GIT binary patch
literal 1463
zcmV;o1xWfIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V6CfSla@@6ZZ7-K0>GgS$H=v6xd8BoE
zOsD_7BijkKu`vciu5;`QgCu_|+24LEt*t@wCF(vGrawo?mm%oKKG*)+=@K+KD+q&&
z1I=|^cRU;>zpm?+f8Ei*z3_%t-f%c{FUOY`t~YkC+zaL&>UbB64S~LJ5B61F-2cQt
zN<~0INi*p&#(^ME3x@+yfR0daIcgFQ0{scgxKcT6DSRL0guNjh<D1GM5<)Z)aGWs9
zHWi@;Qo3(ehA^zWL}P$pux~GY@xRH{9z@~`Y9o}KuqUtQqv2Xal>GlF4M7kXMoVPV
z*?Yqtl&;2ddQFaK72$+I6a|7OcdhsI?04jh9k=(|&$F%7$3I~h1wd%t@*p;Z+HjD2
z>B08+_uPT!72|*4U5>nS{GY<|kpq#yZ-mnRGtT4B#)jaN*LxJwpRj3cNQE;rD%Kp|
z<AabQiGUCZd?2v;k;YGsFvj7+tRuQ-BII`9LaR7Rgdo?MUY`gNW0}_!>W+g<TB9J=
z5ENbX7&Bbiz|2PX7|X&k!Rlwzdh!wogZjzJnN_N^fs}>?=32n_leIx`tA!-gQx(La
z%x2bSUyYKtK+6ep3<1T)3Bb@SmUf=ET0MvWZy-#;p6^O-DcO*$I~5f}TF6DM0~3cK
z=#@i?ASmG8=UQ4pMPN(;>2}@F3g`huaZ10e8(IOGM-df(?$!;hfc^$83qXIZ8(INL
zMc1j?&x7LQyivq9x^}|OxN<K-Gz4LB#eY<HHULM+9mALC#{v45VN)d^#KPfP$-At*
zNXE^M4HqV!>nz+e=G$1YOPH{K{!NGQC5G_asUnouw;#V;-W8e|i?q%5B-S{|#hDhY
zt$JMQs1R7?ZpLIB1olDXqBw6Gi_1fA+_%>7^%J+2e+pIojqnXCu%?kvTFsiOSW>l@
z6v7JHA`!{5*_(VFpr+X&6Wx9<tbz6MSx!|L1xPiX))Ss96(Gp%U{-QseGpbULe0M-
zry2rPb{eiUT7eO=f;lMTaI>|~a_XCJ&S~k|_9b`Cq_ZI2G4yWm8`;pfu3**vQFr&u
zH6a(4Ze2$;S2E4v6)Y5lVI?`6sB4w`UV}6VveoE1zU>evjUk=-`!n)^@c6z$G{)|N
zj_O1s7$uMEql(>K`$z^H(Zg0L+9@bNYgm=~d|{#hRvl+I)LQ9n38!9jw{q_AoM@SF
zG;n&+flAqDjmzKijH^!*UCLv5585TRnx{vsUs0k?swA7}+qNRv-n(O(+Qhowwy1Ch
z*bl-c`#tw$kD}t?>~dvtQrz!SdwkmG%34ZSb`%<4yAbk&TFd(1x>VYt5ZF-vA6yN`
zrTX9HU^qC}|4w1YuK&Fdro%$uyJyU#yP_hvcKW)d!3epNP3u;xC*i+HW}zZj>f52z
z6AJlzJVz~&&}7fAfc&X`z%KCctpUD%zz*;{VbaS}OiM1GAlj&y?lAB`cgg#xoqgs<
zf7jKr66rcUS8usLr}C4&MeNX772!L@uL#HP@DJHswaoufdKzi>8n7Y%d!xZ+DgO_y
zhUfSHC$VGa|BNslX8-)Vvx?mR?6CXH|2+x(OQ;?}tn7*N9u2iAoHmwIwiZ+NENC_B
z9@}HXR=%}`-NC!+&cf<mJEU7#Oa0dvsn%bGHR=C&G%D-=cyRvy<0N)${Z9$gq5RJh
zz&iEM+`ay>??~_X4;Cl(10}L!*0@um{dV{H=7jtBBgB8b{?9&KzyI{X3H^h8G=2Z;
z4F{#~e@DZ?x&C(&`)SL^uGegq_A$N$O^lX6Ol*8k8yoc5d{y^J?Q5^_Y-c;$+0IsF
R{{;X5|NnDfFsuMH008-_>)HSS

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-5.6.0.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-5.6.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..b6628f5a8af70f58910803629bbcdf9cfc889c47
GIT binary patch
literal 7256
zcmXw8XE>Zuw;e6fdyOEXL>G||(R=TNAclzEdpDv)ix6Fu(V`?;7+nma_bz%1qlPic
zV9a}c-@W(zJp0*aJ^RmEYp=tWKu8Pv&jENr{MKp)Pi@q+#k2w?Uc3{1{q()z3r90U
z2{GN*uf?=YT%4@k-Uk}#yGyIty10T4LvOs6UQQijg3+{Zhw?RY$BW!LSZ15dw+GRO
zh!qP9KRfu>Asw!#3n{gwAaan#R_fokWA(XDBniSx0#bc{Dm{@r)aa!q!c9~GTA3e3
z(MJW+(7GlKT?jsNf5x?0jdD_m@;V-Tj<&u(bL7|dL{)Xiy=h4hd&C00fb6p5U3~uh
z`C7HVU)CqMKeB6(Vq!&k>jzItd@NgQlG~3zEyq!WHWpOM5~+&!J2~R<Lk@$KDnM_C
zBsmS*wX=;l2|wyp2)XK_A^FtX+I-F@dOWX+cFU4X=us7<cwTFE@8cB%d;{@hxyg(&
z;0bO&r4`wE?G*#CnX-!GM{I2?ehgSc2nKw;g&I=zrFq85N-pmo6~hy|StNM;t=n;%
z!-AZ>K;Zh<saxzjjdYi?Z{&!ys}P|dnj|vCGD8;u+@$vtf~y&n3<{H3t?NV&jAfvt
z3e~94OM!pEYoP@PxOkk@HoPX}_S@e3GBZ<k%MEl0dE1|{jnXn?5{ji6#<~jENl~ab
z<LuVW=%B;==C}Q-dqfZTypL}2y^HY&23*6bm3kO$ZHoCEj~-1X;2U3BDG}!4;8gKN
z6e@_aHd2tE`yA1HQ;<0Hk#a?rFnhbuf;EilXih{jSw_S4Urs0U+uI<>j}aDVuU*)*
zN?uIQSMtoGzlI!Z1`W5+FOL*j`0v+tV=t3*bP_Irk|oze2+J91ST|K1E`i^Ob&qlb
zwslN2K(>&&93K~+3lCgj^%UXKD5T(cP#|<d6NE!WDEhcuxnk2Jfzs*um0b3w$2bQL
zahbIot;W3PZrZ2G05(3Fw1XNDuA)%I=B5mR@e^kfEq3L;#pGt`rUN<RUgo6Q?R3s>
zi;EiXo%UMs%t`DqVw;!4&RGWR&2sQOT5Z|C-z8;yZ$5MAovH=!#GG9Hz&jzuGP9>p
z5k&-3?jrYSvnf9D3kow8sj6PC_j9DmkVRd!%7wrGSa4=VDb2`gKUFN1QtIU1T@hpV
zXjVx)vb%vp6?gE%GhGLUM_oCTI}30Hrr__RTy;!zx!PZNiM+paQ|h^{YOnC}$2{V2
zFUo-^GR>AwMh|~sH9wIUAsRmCM49%uxTjmY^+bk`^D^fw;tlywZ36r$J6I#}&Iv`{
zxMtbsw+t`0OD_p6IU|Cb>3Rn2O7uEW(dE!K&u@z_C`Ro;!k<1)9Qc(XFL`xFYcH<t
z-5r*D*B+-G$ZSXj-*azCqD(d?6$nxIhxaArb0Vd0oby9Li_vc8?An;%y5jzF>Cfd!
zEPbIanxqrc|7y0Rf_HW`#dnAqR6h8m*HjpFsus9MJT^+o*enPrDEx4ua2ZLQc5(@m
zekwmT_<<(#nLb+xde*b9{E8Vq8;TI6jkre3nENT=R=g-Q!eL6}Dc)Z_6(>gv5^aVX
z5I9)B|NZ07s>N28#y5fmr|h<$;4o(?hY-QE!cf|GHOIoH6YtK9Y9AJQe#lMSg|__a
z*h&UPvuqeNP}}opsqQE}{gG{G6cKb9Px2zF{@+5=X1l-KELOH*EH8<MRDpKNcw?@x
z^ZV6W0mSG8C@Z@y?gQrKp|bv#-2|y$<kZTP7kf2f^kyl%5q&+kArZJ6wul201Pal3
zp_9fAJHv2=))5@lEOzbT{%go{Zg!szf|tlt8H*t6C=OH`L}#GhWD5#xTMuO7|AY(V
z7jbw1)*L3z;VE(I-!|0QNC<45@T&k`$*L;8PPup2-;Dn$7pmrEjzN|dtly!mbRt2q
z$7P!$_f}rgh~_<iZOQtobwKc52rGCj%i0x#uvjL@MN><$614KDxkrT27Q`{nL}`x9
z?WU<rFS{^5Nvl}Cs37w%Kl1f^U3mnHdl-YPzsCKnvRlCpTRqKb4h@w^JSy--nkz-j
zo&FrFWw#l(4;+vj@2!+FpEk7F4=yskSPRe?>U&J=v2?Xge6uF~>S+520uK)ITK)sP
zDz_4Mwfftq|3x{pEzi6z+p82$aHy}kpTKJ`C}c7FJXdlE!*1aTBnob5=~F>@inc0G
zyVVA6{VYsEWGz!}FcNtz8SM!qVEC(`*CNjg%^uR^P>u`8b%^N)P>b$l%)KH(8D=Sb
zT!z?iw3F<_Sj0@VeiV!1UPqOG!t0zF!rU-s8>7Jjrzw&P|5{cAKXvk9E)$So_`Iy+
z9N=8|xD}PGu75jpk1r^w*)&~vOLFcDZJ}p~w=F|^G;aaIFinvAo8xp<{*t6$TNQ-C
zA(R0ogY}Ke4{oKvK+{fScP}1b=H=UZA(b4%NcTD4jBdF5dd=IbV@(pw>YtdmQ>AFx
zr3BzO69YKbV+~1;@Bn-BEuiP9G2iSlM8J#<aCp~-r56pKMa%MT0uB@FaQa0-tRc%A
zH=NpRoDj`BxPJd;aSU7L$(p3=3HbgIJy7vkpdUb!n`{CV(Wm!|&XExD<iQ7W!3t4H
zq_^i<U3?gd)?PHkBV^_f_#W+-0Px*CNBr*|#YfyxCpj`03wAWjo_Eis%0J=<5^MoT
z?z4y=01Xq^6ZpiJKHQKt7#Vil?-00AU8w_(#nCm97tugH3mUL{;Q`!r`ybqudeK0+
z|5VTawvhm9rs1K}*JuWR(=`lGvepjN{2%b=Fyx7W70vCu+|mZ*7zJPp-rUtLVgO$Z
z#0Dq-YhxFL3<acO3%VdIFkwuMC;*Pea$m2>y2b#%#_xc%F<_D-3ZU%-NF?|p?ivMP
z{YXGL{Xpcj8|nsb=72y89}GmE9E&4?)Ts>g8V|@c5!l4870c5A^NPVez*ii(JD`-t
zZs6npH`ZfKNRG$=XCaW(CoDI1P24pO$h!ux`i{4d3HMFF%pnQA76-TsbcQ+7Vb6WL
zB2`)Lwc!G{mX6r9qrB%xh@epqyqPOs^YM#~2rQd7Iy2ax`-e-{3kr`x-S9ZsZzELt
z;Yj&coFx!CDdOqWz{NmC8t6t=?s5wc>?N6`vCbP`aoP|iyvlZyKz*x$=(;959=B~u
z8JN@uCF=u9GyUCuXb9;<7;)Swch&DX#&qnfCU7C0UWFN4=*S-V=}-Z@p_mX=_?%9l
zI)?*w_DdtAFWRs}e2YiMyk2AZj_d+7x+^WF+Qz{$!Yub1XneEvb0IN{r}w8Lx6fr8
z$ebO5&GrBq<3CW~*thK)3b-D{!h?7kC+*VKl54Ya3teirXf&2)cYIQ9FeyO{suT8h
zOeUUrltpSu>WMV=gnF0kuL|rb6wy;+D*Lj*Zg7O(k>o&D@d$0niucW1!xLeM<(t!y
zxs{qqsqFQ$Hadz-^MR3=?;2Zq4;4s`-+P%eZ~y#f;@obf3+6249L#KI-c4w6o&WaQ
zrzK$K<HhodR*Rk2d4K60#q>X2zchTGq;|id8|(Z73<FgAM~~r7g_XbNk%-4`058iG
zmv!(C{;c+hOiu;1OLNN{RaKkJ$qVbJ)la4+wdJda8u$s+{yc~3kCewC^7}bTS2LpK
zK9f+IKiYtbD)T6QA?o8Na2w>-`GAnf7MA9Is|lbGXXRj2ZH{`&rceq`=X}lY`w4u{
zKGuMt2#J>Xi1qmUGi_|$+q;4$Cb(Rsd3fIWZYs6e9bESh6*MY%T;`%l#gR<C*(Ic}
zs|46{(#@M&0?twA+c#jD)%I7A8|3Ne6<GM0b}u4RRv~`jj44p0`u9-(B?40Q9`Qlt
z5R~Q&xx83Ol7-*cvW0${UaH&&e~$ER%b599VqPQUE|U-MXbyv*kfXgf2g4@fY&ENI
z;llHnko0^hNcq2<1c=4%&%orZ=0#530b)Pl)qDVby;<h#q(#0m#;N{PUES=2AS|J|
zd#KbB2ti>tueX*^;&i|B=u~Bj<++!J3@X~&TAO7cz`yG)T?SdKg~+FIw&zqbt15vU
z`Y)Z^lfC<@)Lzy<kb?wYZuMUtTRN)<ul@QJm^Jt=Vd0DjEQf@vj}`QIg{=E~RlqD$
z(hM;S&&a0w=-=dYfQm;{OAF?~Ge!gZC?+0M!~i%0(>ZG7eQ)~{!@~aI(PPCHYH)$6
zNp(&OMn*GWcss_lH-CuYPT?`8QUkdiR@8>yK=G**g7GDLvAL&cS_#3#GsFJ(zEj`P
z(890Yo|hue!)`f<aAoEJ_h-ze=U9Iai$y@fVGL3e6HjuD3@{WE68sBqXmW|V>>Ns-
zq`Cz%99b0pA?osQ^u*|SwwmyEi0Oq*Z$lt#+`?2sN1{8Z=v(wm9hUx%5=J#^o-2*$
zn$0!f{8$D2g3Gp1Y<Ehapp04DM_O88-7$^0dn&w(DKA0Mm`P9-(LF;GomVtt$7YIz
zEk^3tUBw$g;{FJ<snBYpu=x`GNELfl!n0E;CAM3|=3Xj>KVq4q!)8NooWxJ-ulsfT
zazL(2Ank&C=^AsmtNRsGLv-ZDIvJb3iF2>(X9MzS>>(B%<@!AK_W4!Y{13KONtEkS
z@so7Rl<;;H`Q0AXM}o`(L+h7FwVKZQ{mKCVGfp2z3*E;Rm$(fbKTf`_rz@+(Jb>ei
z>DMskT*6%EURmt9Lwp~Gn{TclCwE`u8N7(H+<FW+z@~uV{`RW|m=`d=r!E56U&4@g
z8W0&MdcOYThXEMAvx$FDBw4>I$d@vB>qjH}Qy`BkYsUSV*008FK?|Z+#W<gl3PGHY
z#E@`mDsF-ah_Zs0Cf;`k>J3@Q)iMsFdVLL-4&Fn8mr)0?dBfg*#~`g{qfC>UsiCvW
z0M^ttKi?}uY;c{y%17R-P{Jqu{gE~|jp23dKIfk}HWqZDw5=OZu6V9xwUDY`sJb?N
z#(OW7OVyHBei-t-+>(Djs$re*_6>zgKe4StV~E?!&;)T0y2b|$Hrk%?!C!L&%ro^r
zc7OjGHlRy?FoK#n6jBo}X<$!jc5Q-`jFh>w7hN`aR**$^;<fjE(LXdLr8wCJy;mvr
zB7N_3BYc)dRVkQ5anDOPz59>0DYzKBjXdQhyOlRt?9evb1`_|tJOi0-0J^&I2>6-K
z%?dZ5DF`bbZC~);;UrxN`MTqEI&U<aA!SWZnkDw6o14o0;MMm;eGK1l*08Nkd3tc%
z8lPnD-0<twu3eICr|<bQ9p7zb`}{<%TK}jrgP*E5p=@oK`4UEx^m_?Lg_fEX+T>Tl
z;x5aVg#C2gMv`wWcEa{RCcgYz_|sSc&R>|Zq5QO~R_!d|(-Yw^^Y3oiFS|eCe^;vi
zU3H*aa5TkHIr_e6JtykOHV|%6+83Sd%pMdV$7^$Cw|pJctiBb&=aVL%PN2c$g!?-@
z$c|BZENxvr{GGJk=&;8JcShl1oK)pc(f94S@C9p3)<k6Gd1ikcqw&jf)nRy6!rvr&
z=;t>*2hvmHc^)dudx@ahQev{>Xy;M#Lw&PS*`6Cg9kgDuyl)>~&?Tl>1{jOeG4OM6
z@KPq3>9nvqhOuT9e;X6dFQ0Y#!Yav83A^`3%6>B0*M(_9NUm;X$@Q=CYcU#t++}n%
zO$suWA6OI{Ws6kdV%2o8FxIvm!p5sNts5HAd@5mT3F)1imzhd<t^EuBWkMwT*j*xW
z{39`c@k}E3d0V#6aoF<EPjy$DmMswtbd6_~tv|nsE)ld0{ABp13-Y_SE_56)sRG`I
zt))LagrP9d$f;u>s5Riu^5MCLVO251?b{1LDm26Rh@2O2niy>gV4jrI7mLcErfQs;
zSE_KclbEfNZUDi(7as!l=j(6@pp1S|8awXP3oICtoJf{wpMdjl0`4OK@_Tn;{S^Z}
zpAbSqhp|itT0w;CVTtnTPBIM+aFRuOU;z)r7K%MCfC0f1cMdS-A`w`&X7GIzu3W4u
zxaywY_#0Tj-a@>w?t(Bj3{*M~kaflY+%Q4x<v)P=j>T^J02(w<-v`v_=B$I4H|Q52
z^PLcQEYPJ7?}7-zG%@z$)0#d?{3H2a!0A5dir(v$2{H7Vz|EQ%641Xa9|Z0^8wt>Y
zdVT-{B_6NEiuD7f3y>xh5P1)1&?CbFm11Y&-aw+`9o#06gMvF3nqeS$^aV(OdGaH=
zW(b7Y#jHhkdG2A#xB+`<m<{F<>Vzlv%}u7k1CF=&0AOwhnZ^Odn^<`9mV7<XM87DB
zbq>a<Rg#37b*{a<Gjxe!AeZg`&J)}XIbsI!`JyVKZ&)Vg&}&VA`vows5Zn(K-nm*j
zE7wI3@K>k0eyK+5$H|(k;5A@b(*=?K&!Aq@M@$E;-|}x(2(Oq+$xf1PenXJA;2Qs#
zN?=x@tw(n5Bjh>ySe$-+5{7f<)twK|tBPDt)((LmF@AA?R`;Ux7Q|&$NgNH4s_Fq=
zGl5TG#6Z7lFGly5eACq}SkP$T@@?REZK}Nk`=Ga>4|FE6hxsvOFDpgY`pa0iVjSqO
z_M8PW`dK9>j=}GaLLo#|oe*~qi)CQ?7%Fz>M9&0d)cq>gmBUFb@pIRdH}LGCes;g;
zVbAO<8VbGvEDz-v7Vj3QaV?=<*~EaJ5JoIh$bQ8LSsY)>0-p+Vo>uN;-IZ%&z-hly
zQd7-ia<9gk^#_VVMpuFIe;B()?dm<oYlLiWo``bo5ppYGS&maLEP29;@ojB9C^o%-
z;!cC=Sn{H0=j^D=uzHKzy)AYO5v0sOUE0kvPvW!Xy1OIQbi>0ZxR8W$IX1KT!7`J1
zS@lP_T>|}eKS@mb928u1<+LfKgz$%wb5j4Faja{{>Up--l$3XraT_h>RO`2;uMCF-
zI+cf}!WwTWY_rheEK9&Y^(J!|5NRn2{D{7=2E-+DrFci0BN#MCi*CS53j9#-a>F69
znOADg52+r=9o*u}Q;DdgYsqvWc(iS3o+;XdXv}tA&DsV%cXO%<;d?Rd;p@%yq3#ox
z#)uJ5b4<B**3u9&^uCPjIof0kxZcE+i8K835qF<3*#OGHBY>}u*Hru60+!#^Fbn!m
zoagu#zXoO}`B_EJ@A@8n>s>;Y<vEuro^Z~jMok!gMwr^kL}@ybZ$L@C^P4fd+CUO;
zWYm)`#<h;%CUR1s4T$Ozj2K4<toNv{`R3YtIKE9D#q5P#pABYPJ=HFb)9}65gy)(g
zJfkx=f={(r`Bd};5w~`pt~B4d{tK)+V<Q1IB)+W{hhhuvAF?Ps0tEG!-I-)rr$R1t
z=7Z~sNKH9tWYY&(wgr&PJ--sg5Ol$hAS7{i$Ma2Gq4OsniK$hCYipTK=NbMtxZ6Rs
z988u_WhQvq7p9PiPDyyMARyj2hLRGDo+2+U<d$-Xppl!D>IciJYDSzVl=z?Zb|s~#
zPr4A6r7MhhhTQ{<(LdZ<kuT=ArpKbjm*SiHsm}HNVr8fMhTK)DmAyoyRhGl%AKLw8
zFn{9sW>dZsVWzWq>iJP?uy6~up*Z(Iu$kHLMVuQMhlpXGOBbGl;-H2uA?iGwfb-pI
zR2>qyfw%5an8niXq@Sm*Jx+;**YgB};!&Muwp1cS`0thI_9y2RtMqj5ONg$Bs#~1p
z1q<%MGe5ye5FAwubBdpMioLuX(s`C5d!%>!G+5tNL^}LVtY{=dl;RXz2TB))AbCY4
z03R#o6Hg^3jV#?{#}&PZ&;25_1{4{y$L5bGb%hqoLe(toIs?1&Sp&9QLmrjZw+3`4
z?UC^fyS0y5Nqpuv>-MpL4YcLS)>E;lib>YX=XQKO+oar~+1K`IxIXO`97|D-VSKtM
zNaN>jU_VWDzWKrU;a?Uq*9py;B3y>=KDnKQ2ug(L$M3A+4C=jQ31>7<%bajW8fl8$
znRU=&UO76GWlGi_HT_akzY78?*AkFZkKgt@O;DzLDeNB{mo?r013xdxFD0IKzBV>-
z4OdK#b3}yj418Ogt-;X8#~GoeUzm)nl~(B>nbV}6i;$qu;~Cxb<-7EIcMBa>z^HaV
zhf?F0mwc?><5KUkqFsy%n93<&BM5LXQroW}n@sE-7*beCoZhr}fQRGVot6PTe>!Lw
z&unEQXU{Xy)Ij?{$BL6eTbZ;<<<VVW#y>!jF!oDbw1APGMn5eiTqJT4r=-zu&L498
z=s>`$9Hx$eb@(q!3=GC=5GuEtRg-~Gqq~r16$)QSNsG@YN3<;)O!-D4dS6OZ+{R?C
z@sfN5*TP_IXpodT$w=Vzz3EsebU#Rqav4Fuuiy2={LfC??RzrZh`gQO!U%Uu=bn2l
z1d>9Xr8mNrs}f`N_A1-YSl<<fJ|k{m_stddurZ?Rcu#U|#3%30!GRQh%|^ZThGP4V
z`q3@}LQ}HzOffEFZGppB{JQt*U0<h<nmKmAIxH4qjIz>7=^^7L-RJr6C!3mVUPrB6
z@>$<!@dy5!U&&t&`_Fmb^!NT?Mg}*EhK<ktz5FZ7x^A*;%#UC|>xG65lK-ixMnAGE
zn-?MsWDZMRGds*$Dp`yynOr#uZWO-C7fg3o;ceXT7e18^mg}H6Sptu_&*~og{q`~*
zy`Pb1d|gWqZ=>^QS&bx+lw9|}B(^a2e%+BY9rKp|?y@K(6B#U?Jbdyx)bEU(vHHJI
z<>cnbHbvxX<DA8qm6JA`^Q!8XPu41RS3j=(8ffaqR{v!<&Oqk;`&iu$XZUXSgbgaV
zEsj0!!?p-KH|zMi?cYAbR@SC{Ic{G)d1@@`d>tqP-E47;RY5>rjwL?!%h!FgcflUg
zycyO?PGaIIvlQ)z5O2$_DDTgXDNL#O>aXyx$uKVoJk0vX<a<*rDZb7XX(%I+%nR=x
zQZ|H1X7yIC=A%b?Dj!}&WeRVZlus(Y4Zfnb^sqL0sDiuA8G4|2{w;+w<vb!%F}5Vz
zp9CKxt)#oa>l*v6r<axxZ)nk4u00A5MzXZGneYaB4Lei5cp@tK`k_p=v<Ni(b2wiX
zrDHD@ajrh=;JS>UgWW{+7KXsGBV?G49Ngi9#m#KF971Bd6-8&&_rs}rJDW%zdO!Z4
zHYn{h_kb+3^>B97*v_*`N+7K(b_6D%Dko<kMo#H+>~j7)=9T%*V)Zs>kthj#&`di$
zo?Cc?Ofsl;RPvmOOKv?iFpt6HoXB#WG@HK6%}T>mDPo<q9Yhq#W8rfu$4@njM~6>o
zb?OGdeQbX+R%I*`hsBU;X*h8_{R-Yl|04dgn?+ecTkp@S!&X@K-yCj6lc$JHa?2jl
zdQ%2j7W!5X!g8t0&e;?VTdqSwO~zu}ipR%7D+X3CC8H)z4?RoS-<fJz&Nyh<S^AcA
zKRw?GdT9T^j|G897Oe{I6Ot+!h+hhQi%bcryp^Xs(1{LO5Lownlgn3yq@n&qKcPE+
zJNnM9oiI-T%q_6cJ3g|n=fXzHQ#O#sTX<gL&@~pibuJP7iHJj;D-SQ3hLs?!ZYcL3
zVET%>_^)<aQvAdt@#ljn=5`~~U2jU@^U8_Om_Rw1JTGJREf<xqpOXGV5xCJ>%TRUr
c0CK`L%ueNns*?c4-6tYYEBkW;M2iFZAARV*#sB~S

literal 0
HcmV?d00001

diff --git a/assets/rancher-webhook/rancher-webhook-103.0.12+up0.4.13.tgz b/assets/rancher-webhook/rancher-webhook-103.0.12+up0.4.13.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7e800d01d4280cbea21a028957d5955956ab9900
GIT binary patch
literal 2801
zcmV<N3J&!jiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH*KZ`(NX{j9%Y;QW5*hpS}y5vMh75AeF#y#kFJBtaL4#Ue{f
zW19^{swCyCH_iWkAoZ{$%W<~}obJK%B^DnuLvo(vL=qk>P`bA`T?ld09xsU0-ik!*
z#gl>W`~INcw|{-#umA1%{@_KYf70podxQR<|HAL|y956P_)o{ec1V;a@`e9sTJ^>K
zO@MGNG|^OWHFN+1q6rgoFCbbo^r&bDC^el?42O`(O5?Bv4MXHZXla>Xt8vIpGDUZZ
zQc=N&@bX_jK*#I$Jm2-<pXTQq^YdlnR8AsPF$r)8X``!FN@LVGSg0W|%9B4Ddt;Ol
z)ygeKy}G456t}8zbgmv1w!7ZzjO(uV0Mil~5{0f|zSz86(Hs)fk2%t1*CBCSeEMGB
z>-3xuRUm1sZQDn}Xh<~W^HCU4Wd{C|VuG2FaFJpMy^2ve%@m6@bo`#@d!6n-k~kyv
z+){Xe=YqQZUlNv}dRhmt%l;qtI(7Sh-0d9f|2}|5WRAx2ON@o0TF6ylIofp#0-(u!
z2+PcB0NB~*31jDi(O@-%ce9Dm=Moii?KpELri5jFMKenWAT`}@aYhoRFK|wkHbh&-
zYb=D)6V$gt-V9+zm_o;ig2+rnPNvMbA>&~j=Loc5C{x#EZJ=HtWSl~XF%zo@x%S`^
z5f)m<YS^|uNOIJujD-$GpxS}p0mfRjRj|M?VU*8ZT++ZGZfiohb_oyNHMO>-772+!
z`Aj$^K8En?Zw?nBULwOl3ps?ld&fCCf^$iQq<S@GM5zgh5QtKA&M^cn%IrFEeWcwQ
z=LljUbv8@E?Scl2v`Gs{6vFKSImm=_%I6!l-wYhWn|{A%Fr5=gBGf3;jU$O(AlEdo
z{>AR2_0=S%3gr@|=a?bp5RPCxYMN6W4*{ddHJI2zdGKxq7{z+^s%RISW00QQEoBV2
z&@ja^QVcyy?krKZYf2Oj`Y!T7glS)jYdp#%=LklOiCadM1~G&2BwgEAGDi5yHbQnL
z)0N$Z@d#ommNdi=C@)B+OdEy+BRVNR#E{2uJV~YCxfS~>p>F>*MlmBARr`8@EJmq3
z9Y4|)?6Cj-$#J)4{|AFX_hA3`0e5#UggB!dp_Llu>oB#<*D^EBEpYGe9W#*5!26g6
z2&rk$quoZ6UQCN6<$4CK|5xqSHz7c#u=r@L`9U6T{C3JKs!6xU$P}4M5s*0EjFEFp
zbwoB(aE)azIf4w43pZ%|S2+VQ7RiQE!)&f;z}XA~J%rXoT&BLpW=bM9_>8Y;oqkRT
zYi(aoi4B!`n3RXAUt4EDB}~odzg_=JKIxIs;12!o5B!sw{-5;ylY{>61B`(DpYgje
z{GrfI`~3wnLjWNSG+2#Ur>rE7ReRZSZYU3j@V1Z@Cqhj^qKSzXn)6T<V_<r72~MNJ
zi0EMP-s)%C0MMwR0J(@}^Gfs#unLN;NC0v+3}nX5ZiH8O`TP5<dns5FVS&`m7M2cl
z15yxE7)aD>;(5!YaeT?xRM@DQ$Wlza9$E>MZA82UXDu4N1Ih!IgxidX2Va0w9-1iW
z^;XWxNWmIl(BeNNV$CDIKr_Y)qm?jv3!fF+TV{2zmDO^V(8y_dK*8wX0Y(GCO<I7m
zBoN4#>r>C=<ML{Bc3zT&+#%fE<+PP1QG9>j+L(Ge8U6VF^!jXk_Tc;|h`cN>YQi!e
zU0uCDy*~eNakYtNjm2gWYjrnS0(^nbiO^UqdX024Iy=2QAB|7zD1VY7DvLhAj3Ns!
za8_;2+Ruqz3=8%3iYvZiY(**8(KR&iG<yI3!!M_Aug8<i&4s?ayMs@Ha%jD3HDP;M
zp;$TUEW=H4<aXzQK*@vq`@6eBwCrSWoms>E{cxjOlX-=SW}{i*r<`%OHW1c^Kv^=(
zQL9Z!wdrwb=L!)&w|QfUM3bzPw#ztEoy6x-OtF0GhQQBN%Lou#323z!NSI#y*{XJ0
z$}P)Twa4V?HY@)3)z$fBxo<`&OC(+`B&vmA;SdIXsXInVMR<vU;Gr7AanZ%-5;-dM
zOl)uEYlmCP9n+aec+;tF`X_+Mj7?Rqt)sYo^IGLH=B7DvyJ?z45`N%pRq-{A3R5$`
z0f{H5f22ITM7g8^R-^@k#9nm>uJMn`HU}goQ_85OsH)pf!m!%l!sPVo`p0*Zx7U}a
z7a!l1EYk*mDrI661ZE#552#vg9UHeYYn)9NHYMX)?_H~7iMwZu|F*~fa!P`yxd+~r
z|MxfUe+QlJ@ge@-2b5!ad*a5{2uc665s`QE+9s4mpg(4b(kL$kL!;A_&%Ywzmx5sy
z1(2BjEJYGOK+FNypjDs_(l(cb5#^3brk^k{rq9jhTvqgZD@SR2_M&)q=Ut>vb>1Xz
z-Igx@&%t*6PcxUNumHRCzt=sk>;JKT(Eq)_U&;Tsh9i}??2eOLgMfHJ7Cvsy$@SF;
zS%VEJ2O(Qu|Me=yA$*9*=LDVa!JGd5;356Drt}F6z)t-i_#5~C$A|mBy+Fln))jfT
zYkxpF^ZT_T<#e;;sNe6|09X?_NBvha%vcI70>OrGHBK*9s_AR>MzQhc@45H;dxM?&
zPts88F=k+A{O{M^|GIv+cc}l^3)D2eF^b-823*&z+m3I;<f<ez89=QpF)tvoMH}U^
zxYp$;D}@LMhbaP$Vw6g7qSMNX=_)2l)ycpzE2k5@_1q`$ys%yW^EcBy`2XYn=KKGl
z{&z1>dDF`)OS22@<|}}8C2CfHIu?9J=SezzyNa(XV>isj*AYHT^yA1r_g;UGu&Mt_
ztM<j|=<V657lltkW2gT=sq26LWY9n8|31JuIszsF!XU&YnA4|x4wNe`le9w5aXwgQ
z3!NeSlrRRtf=CVHcOVlEw^T2H*cX)ia?Wvn|NZwVQ47awr><JH?Htt(D45OyWp@Zy
zsI<YPfXs=ZYYXpE8iKPGtkE4=z6fJ>$O2geF-zu@!;DI$!L79AWAoC_In|3~>IEWd
zn_+IksW$7aetC1M9Yf9Rhnurs9ikTLBA)x~o&uWne_i`?ZCCub7+{C~_fGn~di~F!
zbEyB@3#f!@%(Spn#Z!cVY2se11#=uLCTSnlLr@Emun-jLQU!LJzuR;^{jY*FD_06j
zZ_qB_=OnEWufDIU7y~b7!?R!O!i!)1-|Rhs{ZV<W-hBRllixQOV%b>r4fK#NYcJ%;
zYcInORb8yhHw;59r)lq!IJ9|7zK3zXAhmvjPVZ2<z0RBG+0KIU_p+Uaq0Q~&Lfb7Z
zzaztRm5Zg<ym?ej680^-S9{5BJY8OA$5!lbK9EyoAKAV7$#0A-J;raW<Pj%RTZ>ob
z*&|`taBQ0|@Y~KKE2RS=E5!??qj~hnWF)?QYRXdM8IDJ3@ltkp;}M8BEgd5g&4~J;
zRo*>@wSQx911wamR+m(+=BWM;L#gAFc#6}n?$-`&Y$^_Es(XYTwU3XI(8@7Ag6(fC
zhS^dMvmbNVT<TVs!>X*jG7|Ej|8I`}vb*1>2>!kz|2yt&)PMUYhx?zsKso-)Ux8}D
zU-=<$Z;@XSj;vpawuE*M1ybqcCy%4PiaCq=xsUe%2ROh1w!(h{009603?L5Q07d`+
DDn@;<

literal 0
HcmV?d00001

diff --git a/assets/ui-plugin-operator-crd/ui-plugin-operator-crd-103.0.3+up0.2.2.tgz b/assets/ui-plugin-operator-crd/ui-plugin-operator-crd-103.0.3+up0.2.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..101a3f93d3f26b5d6dbd064d4ab0b26d044559ba
GIT binary patch
literal 822
zcmV-61Ihd!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI&yZ{s!)^;y4Suss%5sMt;l-2!I|<j^9>Vsjsp6N?*)B*>B5
zpy+=u^x?)IQk+GyyI4T)B4{+6c|-Dz$VyMWsn*&~ou`28!c+!zwk$Ak`h=yKyd6Ra
zaWS7aPa(wNQ!LIGlWcx*DdySY@<L2Rwpe6~35a*deG*k<3={F@T!+Q|BtUB&BWq`4
zo&ZQ>G;W<rWHyv)cP1&Ye$b?H2xw(Nq1Ua@N|DXs1BZ$}^txCqDSDKYLu;HqZ@%~x
znabW_fec}!X+1oL{{5Pu*Y^~nb~cAimMDrcXwS|2jg5@PMBsv8d3PP*!G)ecY4TzU
ze)5z9dT+FBCM?-(GiG9zigfmC<wbg)o+m$gQNIEM`e!P=L8f>ngNko#1Sj-A6XN_p
z|Ch7Ni&6jI1G~aOujy|lTffEh@wZsZZ<8gD+NvCuRb*G*QFK+1bWIQ1>P7}7F)C!N
z`^Q#6?VgJ1k(`t0N!Fh0;3}UV>%9xobR&Q^_2--0CSGImrV40wk~G$+?Yc4;p6v;M
z4-_eE=(Bya?l1ehCZl2w4`?DK08zSH(tmFIl1czNO*iSMfJ!wrqPY#)GKHlxRcSkN
zQ}_~{y+tl^Nb9=Nu2-dX1&zygMq2(&s?OfFlgL5abx$-#u43A;*$Z{QXM0tc`mxXF
z(~jjRMC-E2+KH6~m6&(F&Xc{my}6%#+B4TvUH1>x+l6bfUF>J{`*rKO*7nf)(uf*l
zm3P{5-!}kT8G|cBIn=+UUYDcl_p!UVkFmQyUSj!5E+^T1MMZA)g(UYlG^_iKX3M%I
z%3>gVJ9g!qA+$Xn+u!Lo;Wjua10P!Dyms%(y6Q$#$LvoqA7tH2?8w;kH?<QxvJ1H0
z%@(Uw=(_g*#Jlp~pMQU*!^((v$H4jT?&H<<A0N|Fy+@8y_rGj5KfM2m`D{G@eGmLH
zbltgvyY{*VvcSN=1v2QPt5g+9!Ro2^I`yM#8!=+Uh!Mm1F8~1l|1V%ueE=2!0Fs)U
AYXATM

literal 0
HcmV?d00001

diff --git a/assets/ui-plugin-operator/ui-plugin-operator-103.0.3+up0.2.2.tgz b/assets/ui-plugin-operator/ui-plugin-operator-103.0.3+up0.2.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..2e56810c9ae934da603724cf5c5093e1e83a27f0
GIT binary patch
literal 4351
zcmV<b5CHEViwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH;Na@#nP^P5l6MbDNKk4Z`XN=~&iRbJ2BtnX$rDm&S&t!yfR
z$d-gN2yg*Vw$5?Y{lB-oC%M80DUzaP$M)E{Tcc7j1p<vmqtTxr3L53Cm{J~z93|00
z_Ks#m>Ucpi_RYhTe!t&8*xR#z`~80V?_lSk|IJ|U;8lO`VDQSc8|=N>d-V<UA87ow
zrBIs4Z~FHht3A2@BZY7-G|^OWH4Fd}q6rhzI3ZdyjH&36LW_uUr3qt0SY?+ek?Hpt
z(aEf{dxBEa3B_~>lJI1Pva?xARnEvF;v~Z%ygP=G9R+^#qjYvUE5;bjQ7S6<5H^4K
z9tQE?Anr$f_#+JBoqsWpo1I<FI4UOz4#8DM%bBT#(wKF26KV*I^5UZNZH_XdT18c>
zZ8)bq73Zq6xu-{S20QU<KY^Wi4gL}t5`~^#tE&=_oc^VRJ0Aoj&#RyPco6RfDXK)$
zT-&O{4w8eF127R19B{}8CsWLjYoHuX{BoY*;#|m74TA_so->*_b_yb(d?Ja`vPg6x
zF}N04y~uG`?;KP#8T5DKe!Tl#k@w@Bcqe%3{qp~<bjbfXVFjuOQ~)=~|DC=5PD}pp
z@AUVc<^N-p4fqi!q+lA{vfKTxNR~5<gAI5)qY9`30)IRF^_OTOWJa{c6eiR)_z@FE
zB*L6XO2!NoXaQq{oG67UP_6|mL?J<AmNTMJ#X%s^?(`#3a6N=U5YUWF(dZwExlmLK
zxv2C-uR~w}<OO3R!DzA=!XY~+3nODSnGPYGTLBk(sH1|hQ%odkHH7yctPuKbj#APT
zhY*Irq+o2NGEgYzG_g22>2$;jrBNP_%-}-mA-wL}A>|bH$XC4X2Z2$TDj|&Wsp*Z}
zkR=_$gfN8xKt}nAo4+!12gt}pt)jn#dNg|XPE$tz)5^pV$^^MKgfc^yM6^HxiAoeQ
zK{bTSD}#MfNU9e{f@{3cma+vuRBr@75ke0^%L2>FcM7E)xE};uq<D%96D_0zr3EuY
zw+4ctUqB`k%Bfzs*SSa!YbJzik*3uAB<xU5echCaF=5`s(99ARz^Pi#fhRbnN}H7r
zL;E&Yxog&@B5c6ubmS|oK2kGLuoP0y%UV?AHbz3CnFG|tUcP~SZy9Jlh<Ez&jzgiw
zX2+8^LXRXW<l4|~OcDomV*`#P5{+>3r^6$t*23<kQ^!b$Nn*HN0pTeW3Z?R0gVpJ|
zH;`DE)moV<)A2+wRDR&b;N|2^qmo^1V?z$Ym^gO>o1c_xlqAt`PW22%Qe>!SSSUC;
zQQL4N_=HY>CAr$R`1<`*joE>jMdWZgl{j6Gi<JoF>$BIY@wNg+N=R=-$sKmuZb;uO
zSNTsR;cBSlDsQl)Vbc`H#k3@^{qYOVkqx2$Pi|3k=>JMm_dd>$<tSCG^ZS?rH|YQU
z{_dcq|6lFy?L6!M$0(PVy{+J<i`;B;Jwq^>5X8hjCpHieZ1t|Lg3HUu>{`kZ!d0G$
zO}7xDWkb8YV;4$zV_?RAab{&*)xu}9Z+QX-yY`W0r^RGKFCdIU@UW1l<}t8{dPzsB
z5sdO)z&{GYtdnVc2s?#1_$xZtw!JnZnCU1OV?qjrphSl7@5LA;M~%u&d_s|>3XDO+
zXhw~pqXlSV1ict9EKz=Zb86aBJ_VIy@-hyNC*a*N2P6?(6UvpNpR1!r(lTZ&qr%ul
z#F$hDd5`UFXj~d9OFGj@Mb@?zQ<Cr6_qQRvQMLa0TRV;6_qSi$C5{zA9FX|LQOor$
z@oZFnA#%B-Tu&hUgNpv3!WJwy=<PYJ`?0})wS_hN#yhKKQSIV-PI0Xm86&&h0^1JD
z)ostJPH^|^U3&Oz3>!uggz&o%!jIvXZ!D2zf;(i@t&nw19kw%MS*&I~JAolwUIOI_
zE7G;oj2$9tn<{UL{^AFVYh2}Na9Bk)%sZ0j@maO0V=8)8B;oS1qswRbM<Fz}XtD~$
zg+9_~yl{X@4)fMsCrwK``b((Vo^aHOjSHmQKszTY;_ms_fF4h<Ih*>1?Be^jg78if
z5NF&PSy?E&<wWad@tf<!TC-W~3{PmOnHTHGu#}qd%j>}M`n+p$r5qsi58<r<bjgk-
zEu72q(L?+wz0=b<d*?KjVZTmisY6=y!aD)56EA;+OMJ{E+Ru(F{_298kT?t8X*iPB
z+%Q79iy+!?C>ZZjZG&+TVT{HharHGH)9}!_kY`MgR6%0Bx-o)EW|$VN)W<?$9poy<
z*_V-d8P$NhNkwpm#>uRQb&bPm10X}+*HqwSf{7kN_(q)i@lAEfT0;nbGL}c!CQT<A
z<<4#_w8CtT@<?R4F*(9N4&uRH)Hkx8<YY`4)f821tQ0S>;-9H5WtV|7Mon5<dl{o{
ztm@iE9ZUSwhUs&8l(N?UONp9|1(B%~4DTKgzA68=yMNI1|91NOJG;;R-(!?|o=A>K
z5|cvDg!D1T`0TYaq6Wbk<>?Sk1j8UhO;V!CFaW4bk-B+$brn^t<J<UTTie>O)ka5x
zw~}07i{yC+&_EV8^c4Zg>CaLWxosY~c;PYxYU{j)R=r$`i$(3d9oF}oX`K&O#<4X`
zMIYxvYPh-zm;KZicbuaf`;j-dHiIaNf;*7^Pn4&WPoHoV1j7@Ym^S4)tU*2isIks%
zP*uhFKQPgDp<P!yM%CAuF+(#La!rkgpWYIer`~N}Us*5zF=t|tA-~^okQ?OxUjJaf
zE&uzkp5uRyQtAST<hfePnjfphzm2GAi4JSuuJOuP<<NfyPI-!4!=3@7a<o|$Zy<A_
zD~Vc5ti?WI;s#!3!fNujtaMFk-WWh>iaS*8*_B^vxZjNZYFJ`9ivu@CxrzK3H3F6c
z*vw0bZ8MGLKv)snJf5@ct;OF+#u_8PUUq9t*A&*6-~DD-jZ>~w=ZxCP*Cj41Y1#Ws
ztd+2=g+w}iuNAN@kGl@e$EQk!x>|gOHmnA6joj%qxHa6<o6xH}%AMHN8{B~0Y6PZx
zTbtq|xF~Cj6|E5kW$DO6FH3#3E2F8=zDA9~P7|^_F#w?<f!}ItVk<FRUDafR?Hn(Y
z!7bCxz1Cz3pWET?Mzk?(<1?ydi&x++Q_0Pl7z0r?DN~Zxn3;_iwUrnx&mh!GE`=6}
zU_*F&G^)KLa@rUqf(GT*#}8XvX!EDdNkkAuwz{h>VmL?keT^c^3~Wc#tTs~fBthAr
z#Wbx(HJ<5rGCtTWF{5+jsMJV`F%BEAz!Lsv)a`13oaosQdaLzzHCpSn0TM|{f9Fve
zeh+ks;_}2sO|6t?IPNBTpW0}7E)Q1L+W#{mQ{<T5^DN*^`Tv96-FE(e@8ICs{(p>8
z<#ufhK-mm0O*Dib`(am*z$K)XKEv2p&r7G_-^BP<fr;F7ixhdlxI`W1irE~NDax4;
zXW<ZXp>%nwecSyi@~I>#t~QTSWT-L9t?~|sU@KLTB#0@d+c3t7kQmu&o1vnDSB}hj
zN8lFpfe!QiW(qW|^IO?^?Ln_K-a3yG)?U>P6jmxq6RAtn=nc;8X8_P?SsIR%gijH^
z{kRR^a?6u-7OgZ=X(p9;N0*njeNEGQGx2s-;<wI9{I-=n^9KZ1?ZxXF8q2YbL(4S0
zu4}iEn20PRW_!I4eZz1YLOX5q;8)jYVNFe$uiS<(%FX|me-DlOoS6pA6Nzud8S=k}
z{%qV;_+iOp?(k+9aSNfOZPlV?5Zob@Sv&Ukr4r*yWWgOm#-5I<irB*Y%_-{5ZP>J6
zH$SY;)8;C#$0zDT!~0DqMK(V)hPU-;x#4URipn<fD46novryRRS&L<_p}~VK)R%;w
z@48-h3oh5W=@vMxhM1e1;^8z`o8T2$TLV71(lm%xCu{22=flyl$6m#MCJI8w!M*ul
zjG7F3BaxnZ#vOUa4WVTvG`n~Tv^y@Io(QGR%q5*uhSU0y?3qyd4eE0t&zhCTqoZcU
z==jHF#Zn`>6X*rQA#DCyD1A~>qnkD?`3vR6MWdZ<bI2F=eUazxxI1A>QML+l)72Uk
zS}D~CGRocO2Cih}Vh9KO`@8!Az(l!?_CVl_*ZUi13p25Qr3`(-rXtB)up%pgMX;%C
z9B{K82e`=yXm2g<7KifbiVXAXb}gHEeHqzP^5*{)?(%j;#UO@vYoAE~P(GEYN?~kj
zuwCJH!P`Y%%Iss;$3Fk$9v|DwUhDsrIm~;03U-74*FPAvzyEr*yZ8M4*Q1nmy6GwM
zKJH_yjy$?~;l`^4Od}r>yFTw;M&fIqX>|dwUN5_JMN%7K*=8E)J{gt0rwgjxX8(JG
z_|9VB#{BQjUOWH$YUers`zYmiI{))KpZbCKVc7Pd!o+^HmXTbAHOJ|FxD|eQgtInZ
z{Rx|UI6Zgtbsjzn@cXmX%2f+3KC`x3L7mK0&0jsGi7wO%@3lq{LZ+10>CrWYoz^O>
z$MWC50(QQYPyhH_eGd=*A&FY|*KZSs`hDE-hn&%~^Zk`L-%o9mJeS8SYwiCzVKgNg
zqg>@>w(JgGz>WTYzjgoD&fwMVbN=^H%7)h=Qw=W|a(KanI4g1p*I5=Jgf-<HLTLWI
zd<lJ<9^Uv8wX{(?==tJ)f#*f|vVu4vltK7*hTik9zEMjBDm&PW%-si#D`4PobX-|u
zF^t@&-6>TDX&9Z36j1Iy3U{CQy8JKXQY47Rz>32qA-qhz?)j<LzhnQCJdcbP$uQ2+
zhZy6A{lB}r*S`N@fA?VUy#F7gY?Sx7bzQm_yj?Q6F})OMF-1MI-+Jnq-9EMMc%hNo
z{R$H#x{wH3_`7XvTer6t?gARCO<LV3cb7%^-5LkM#s<8z2Qw(2ntrt#8|H&}Xa75E
z$NbNK{daJxiPWYQ<tweW;r&S1du;4JhcZ$1;f4E>r`KzK9+`?n^%B7o%(d#3dD&hr
z(y095kAw7HI!Q7{<RCE<b4+0(MP?^l!{cyt99Os=Dj-J06ijc!)|M9_#kz@ZZNUp6
zL2w{2k*H=B38|@Cp-V}_m)ri<A0iR(BFDtvYLTOy2$=!lKzZb@5AbJT-1ptfr8jH+
z=~^-V2^89Izdu<U^OF(h)CgGRsFF*ZQ&A|ks2XZn;HNk+r1$~0w%!Ph!>z602RLpB
zR)4L=HW0q3z_?2~K+lMVbE1GKB@#-^tSq9Y?dWt=yM}3XfhdOwnHzFWfPkWW$`ITH
z9r)q8`7YP7h5W>DZ$-p9CwH=LsW>cFX4$Q7nNtD;KFyG2C8$sE0_VsLVa)&;;RRuA
z0SQCGp~#nWeQDUKyljMFspI}^fR&e&SbiBxafTd}CK@f>tV+WQUsWVCN8?E$?T)uF
zoRYA6)ed1asgVru!XwN*SAN=VO<@~QC-KYJP^zMpbPKJ(sA#2&<g8My7PD>09nOj1
z%6?H^lQ?FRn*A^n=Z3r$F)ZB1jGd389K*fK1viXnWyLzKE-w+=uHEKgC+)bXgVEgg
zQkWX7s5b0BBW$u12c=l6uGKS@<q7i=rHPQWJ>YQm^1^OXd*7L9WVod**bdW-DkDqp
zBiTp^r1!GCSk2#CQ&~gTu7^P^GfbVLCX_W6$i`=lR#>il<K`Tn+VwX8EL9B0bLgI>
ty?%w{Ia@RvoNB^TB2yJVxq<aup38H2E?;T+-v9sr|NsBIZrA``005PCjqd;e

literal 0
HcmV?d00001

diff --git a/charts/elemental-crd/103.4.1+up1.6.5/Chart.yaml b/charts/elemental-crd/103.4.1+up1.6.5/Chart.yaml
new file mode 100644
index 0000000000..dd6c05d04e
--- /dev/null
+++ b/charts/elemental-crd/103.4.1+up1.6.5/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-elemental-system
+  catalog.cattle.io/release-name: elemental-operator-crds
+apiVersion: v2
+appVersion: 1.6.5
+description: A Helm chart for deploying Rancher Elemental Operator CRDs
+name: elemental-crd
+type: application
+version: 103.4.1+up1.6.5
diff --git a/charts/elemental-crd/103.4.1+up1.6.5/templates/crds.yaml b/charts/elemental-crd/103.4.1+up1.6.5/templates/crds.yaml
new file mode 100644
index 0000000000..8746409480
--- /dev/null
+++ b/charts/elemental-crd/103.4.1+up1.6.5/templates/crds.yaml
@@ -0,0 +1,3747 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: machineinventories.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: MachineInventory
+    listKind: MachineInventoryList
+    plural: machineinventories
+    singular: machineinventory
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              machineHash:
+                description: |-
+                  MachineHash the hash of the identifier used by the host to identify
+                  to the operator. This is used when the host authenticates without TPM.
+                  Both the authentication method and the identifier used to derive the hash
+                  depend upon the MachineRegistration spec.config.elemental.registration.auth value.
+                type: string
+              tpmHash:
+                description: |-
+                  TPMHash the hash of the TPM EK public key. This is used if you are
+                  using TPM2 to identifiy nodes.  You can obtain the TPM by
+                  running `rancherd get-tpm-hash` on the node. Or nodes can
+                  report their TPM hash by using the MachineRegister.
+                type: string
+            type: object
+          status:
+            properties:
+              conditions:
+                description: Conditions describe the state of the machine inventory
+                  object.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              plan:
+                description: PlanStatus reflect the status of the plan owned by the
+                  machine inventory object.
+                properties:
+                  checksum:
+                    description: Checksum checksum of the created plan.
+                    type: string
+                  secretRef:
+                    description: PlanSecretRef a reference to the created plan secret.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: |-
+                          If referring to a piece of an object instead of an entire object, this string
+                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within a pod, this would take on a value like:
+                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]" (container with
+                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                          referencing a part of an object.
+                          TODO: this design is not final and this field is subject to change in the future.
+                        type: string
+                      kind:
+                        description: |-
+                          Kind of the referent.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                        type: string
+                      name:
+                        description: |-
+                          Name of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        type: string
+                      namespace:
+                        description: |-
+                          Namespace of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                        type: string
+                      resourceVersion:
+                        description: |-
+                          Specific resourceVersion to which this reference is made, if any.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                        type: string
+                      uid:
+                        description: |-
+                          UID of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  state:
+                    description: State reflect state of the plan that belongs to the
+                      machine inventory.
+                    enum:
+                    - Applied
+                    - Failed
+                    type: string
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: machineinventoryselectors.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: MachineInventorySelector
+    listKind: MachineInventorySelectorList
+    plural: machineinventoryselectors
+    singular: machineinventoryselector
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              providerID:
+                description: |-
+                  ProviderID the identifier for the elemental instance.
+                  NOTE: Functionality not implemented yet.
+                type: string
+              selector:
+                description: Selector selector to choose elemental machines.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: |-
+                        A label selector requirement is a selector that contains values, a key, and an operator that
+                        relates the key and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: |-
+                            operator represents a key's relationship to a set of values.
+                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                          type: string
+                        values:
+                          description: |-
+                            values is an array of string values. If the operator is In or NotIn,
+                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                            the values array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+            type: object
+          status:
+            properties:
+              addresses:
+                description: Addresses represent machine addresses.
+                items:
+                  description: MachineAddress contains information for the node's
+                    address.
+                  properties:
+                    address:
+                      description: The machine address.
+                      type: string
+                    type:
+                      description: Machine address type, one of Hostname, ExternalIP,
+                        InternalIP, ExternalDNS or InternalDNS.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              bootstrapPlanChecksum:
+                description: BootstrapPlanChecksum represent bootstrap plan checksum.
+                type: string
+              conditions:
+                description: Conditions describe the state of the machine selector
+                  object.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              machineInventoryRef:
+                description: MachineInventoryRef reference to the machine inventory
+                  that belongs to the selector.
+                properties:
+                  name:
+                    description: |-
+                      Name of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              ready:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: machineinventoryselectortemplates.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: MachineInventorySelectorTemplate
+    listKind: MachineInventorySelectorTemplateList
+    plural: machineinventoryselectortemplates
+    singular: machineinventoryselectortemplate
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              template:
+                description: Template machine inventory selector template.
+                properties:
+                  apiVersion:
+                    description: |-
+                      APIVersion defines the versioned schema of this representation of an object.
+                      Servers should convert recognized schemas to the latest internal value, and
+                      may reject unrecognized values.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                    type: string
+                  kind:
+                    description: |-
+                      Kind is a string value representing the REST resource this object represents.
+                      Servers may infer this from the endpoint the client submits requests to.
+                      Cannot be updated.
+                      In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                    type: string
+                  metadata:
+                    type: object
+                  spec:
+                    properties:
+                      providerID:
+                        description: |-
+                          ProviderID the identifier for the elemental instance.
+                          NOTE: Functionality not implemented yet.
+                        type: string
+                      selector:
+                        description: Selector selector to choose elemental machines.
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: |-
+                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                relates the key and values.
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  type: string
+                                operator:
+                                  description: |-
+                                    operator represents a key's relationship to a set of values.
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  type: string
+                                values:
+                                  description: |-
+                                    values is an array of string values. If the operator is In or NotIn,
+                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                    the values array must be empty. This array is replaced during a strategic
+                                    merge patch.
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - key
+                              - operator
+                              type: object
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              type: string
+                            description: |-
+                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                              operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            type: object
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
+                  status:
+                    properties:
+                      addresses:
+                        description: Addresses represent machine addresses.
+                        items:
+                          description: MachineAddress contains information for the
+                            node's address.
+                          properties:
+                            address:
+                              description: The machine address.
+                              type: string
+                            type:
+                              description: Machine address type, one of Hostname,
+                                ExternalIP, InternalIP, ExternalDNS or InternalDNS.
+                              type: string
+                          required:
+                          - address
+                          - type
+                          type: object
+                        type: array
+                      bootstrapPlanChecksum:
+                        description: BootstrapPlanChecksum represent bootstrap plan
+                          checksum.
+                        type: string
+                      conditions:
+                        description: Conditions describe the state of the machine
+                          selector object.
+                        items:
+                          description: "Condition contains details for one aspect
+                            of the current state of this API Resource.\n---\nThis
+                            struct is intended for direct use as an array at the field
+                            path .status.conditions.  For example,\n\n\n\ttype FooStatus
+                            struct{\n\t    // Represents the observations of a foo's
+                            current state.\n\t    // Known .status.conditions.type
+                            are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
+                            \   // +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t
+                            \   // +listType=map\n\t    // +listMapKey=type\n\t    Conditions
+                            []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+                            patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                            \   // other fields\n\t}"
+                          properties:
+                            lastTransitionTime:
+                              description: |-
+                                lastTransitionTime is the last time the condition transitioned from one status to another.
+                                This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                              format: date-time
+                              type: string
+                            message:
+                              description: |-
+                                message is a human readable message indicating details about the transition.
+                                This may be an empty string.
+                              maxLength: 32768
+                              type: string
+                            observedGeneration:
+                              description: |-
+                                observedGeneration represents the .metadata.generation that the condition was set based upon.
+                                For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                                with respect to the current state of the instance.
+                              format: int64
+                              minimum: 0
+                              type: integer
+                            reason:
+                              description: |-
+                                reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                                Producers of specific condition types may define expected values and meanings for this field,
+                                and whether the values are considered a guaranteed API.
+                                The value should be a CamelCase string.
+                                This field may not be empty.
+                              maxLength: 1024
+                              minLength: 1
+                              pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                              type: string
+                            status:
+                              description: status of the condition, one of True, False,
+                                Unknown.
+                              enum:
+                              - "True"
+                              - "False"
+                              - Unknown
+                              type: string
+                            type:
+                              description: |-
+                                type of condition in CamelCase or in foo.example.com/CamelCase.
+                                ---
+                                Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                                useful (see .node.status.conditions), the ability to deconflict is important.
+                                The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                              maxLength: 316
+                              pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                              type: string
+                          required:
+                          - lastTransitionTime
+                          - message
+                          - reason
+                          - status
+                          - type
+                          type: object
+                        type: array
+                      machineInventoryRef:
+                        description: MachineInventoryRef reference to the machine
+                          inventory that belongs to the selector.
+                        properties:
+                          name:
+                            description: |-
+                              Name of the referent.
+                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                              TODO: Add other useful fields. apiVersion, kind, uid?
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      ready:
+                        type: boolean
+                    type: object
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: machineregistrations.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: MachineRegistration
+    listKind: MachineRegistrationList
+    plural: machineregistrations
+    singular: machineregistration
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              config:
+                description: Config the cloud config that will be used to provision
+                  the node.
+                properties:
+                  cloud-config:
+                    x-kubernetes-preserve-unknown-fields: true
+                  elemental:
+                    properties:
+                      install:
+                        properties:
+                          config-dir:
+                            type: string
+                          config-urls:
+                            items:
+                              type: string
+                            type: array
+                          debug:
+                            type: boolean
+                          device:
+                            type: string
+                          device-selector:
+                            items:
+                              properties:
+                                key:
+                                  enum:
+                                  - Name
+                                  - Size
+                                  type: string
+                                operator:
+                                  enum:
+                                  - In
+                                  - NotIn
+                                  - Gt
+                                  - Lt
+                                  type: string
+                                values:
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - key
+                              - operator
+                              type: object
+                            type: array
+                          disable-boot-entry:
+                            type: boolean
+                          eject-cd:
+                            type: boolean
+                          firmware:
+                            type: string
+                          iso:
+                            type: string
+                          no-format:
+                            type: boolean
+                          poweroff:
+                            type: boolean
+                          reboot:
+                            type: boolean
+                          snapshotter:
+                            default:
+                              type: loopdevice
+                            properties:
+                              type:
+                                default: loopdevice
+                                description: Type sets the snapshotter type a new
+                                  installation, available options are 'loopdevice'
+                                  and 'btrfs'
+                                type: string
+                            type: object
+                          system-uri:
+                            type: string
+                          tty:
+                            type: string
+                        type: object
+                      registration:
+                        properties:
+                          auth:
+                            default: tpm
+                            type: string
+                          ca-cert:
+                            type: string
+                          emulate-tpm:
+                            type: boolean
+                          emulated-tpm-seed:
+                            format: int64
+                            type: integer
+                          no-smbios:
+                            type: boolean
+                          no-toolkit:
+                            type: boolean
+                          url:
+                            type: string
+                        type: object
+                      reset:
+                        default:
+                          reboot: true
+                          reset-oem: true
+                          reset-persistent: true
+                        properties:
+                          config-urls:
+                            items:
+                              type: string
+                            type: array
+                          debug:
+                            type: boolean
+                          disable-boot-entry:
+                            type: boolean
+                          enabled:
+                            type: boolean
+                          poweroff:
+                            type: boolean
+                          reboot:
+                            default: true
+                            type: boolean
+                          reset-oem:
+                            default: true
+                            type: boolean
+                          reset-persistent:
+                            default: true
+                            type: boolean
+                          system-uri:
+                            type: string
+                        type: object
+                      system-agent:
+                        properties:
+                          secret-name:
+                            type: string
+                          secret-namespace:
+                            type: string
+                          token:
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                type: object
+              machineInventoryAnnotations:
+                additionalProperties:
+                  type: string
+                description: MachineInventoryAnnotations annotations to be added to
+                  the created MachineInventory object.
+                type: object
+              machineInventoryLabels:
+                additionalProperties:
+                  type: string
+                description: MachineInventoryLabels label to be added to the created
+                  MachineInventory object.
+                type: object
+              machineName:
+                type: string
+            type: object
+          status:
+            properties:
+              conditions:
+                description: Conditions describe the state of the machine registration
+                  object.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              registrationToken:
+                description: RegistrationToken a token for registering a machine.
+                type: string
+              registrationURL:
+                description: RegistrationURL is the URL for registering a new machine.
+                type: string
+              serviceAccountRef:
+                description: ServiceAccountRef a reference to the service account
+                  created by the machine registration.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: |-
+                      If referring to a piece of an object instead of an entire object, this string
+                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within a pod, this would take on a value like:
+                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]" (container with
+                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                      referencing a part of an object.
+                      TODO: this design is not final and this field is subject to change in the future.
+                    type: string
+                  kind:
+                    description: |-
+                      Kind of the referent.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                    type: string
+                  name:
+                    description: |-
+                      Name of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                  namespace:
+                    description: |-
+                      Namespace of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                    type: string
+                  resourceVersion:
+                    description: |-
+                      Specific resourceVersion to which this reference is made, if any.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                    type: string
+                  uid:
+                    description: |-
+                      UID of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: managedosimages.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: ManagedOSImage
+    listKind: ManagedOSImageList
+    plural: managedosimages
+    singular: managedosimage
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              cloudConfig:
+                x-kubernetes-preserve-unknown-fields: true
+              clusterRolloutStrategy:
+                description: RolloverStrategy controls the rollout of the bundle across
+                  clusters.
+                properties:
+                  autoPartitionSize:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: |-
+                      A number or percentage of how to automatically partition clusters if no
+                      specific partitioning strategy is configured.
+                      default: 25%
+                    nullable: true
+                    x-kubernetes-int-or-string: true
+                  maxUnavailable:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: |-
+                      A number or percentage of clusters that can be unavailable during an update
+                      of a bundle. This follows the same basic approach as a deployment rollout
+                      strategy. Once the number of clusters meets unavailable state update will be
+                      paused. Default value is 100% which doesn't take effect on update.
+                      default: 100%
+                    nullable: true
+                    x-kubernetes-int-or-string: true
+                  maxUnavailablePartitions:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: |-
+                      A number or percentage of cluster partitions that can be unavailable during
+                      an update of a bundle.
+                      default: 0
+                    nullable: true
+                    x-kubernetes-int-or-string: true
+                  partitions:
+                    description: |-
+                      A list of definitions of partitions.  If any target clusters do not match
+                      the configuration they are added to partitions at the end following the
+                      autoPartitionSize.
+                    items:
+                      description: Partition defines a separate rollout strategy for
+                        a set of clusters.
+                      properties:
+                        clusterGroup:
+                          description: A cluster group name to include in this partition
+                          type: string
+                        clusterGroupSelector:
+                          description: Selector matching cluster group labels to include
+                            in this partition
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions is a list of label selector
+                                requirements. The requirements are ANDed.
+                              items:
+                                description: |-
+                                  A label selector requirement is a selector that contains values, a key, and an operator that
+                                  relates the key and values.
+                                properties:
+                                  key:
+                                    description: key is the label key that the selector
+                                      applies to.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      operator represents a key's relationship to a set of values.
+                                      Valid operators are In, NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: |-
+                                      values is an array of string values. If the operator is In or NotIn,
+                                      the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                      the values array must be empty. This array is replaced during a strategic
+                                      merge patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                operator is "In", and the values array contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        clusterName:
+                          description: ClusterName is the name of a cluster to include
+                            in this partition
+                          type: string
+                        clusterSelector:
+                          description: Selector matching cluster labels to include
+                            in this partition
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions is a list of label selector
+                                requirements. The requirements are ANDed.
+                              items:
+                                description: |-
+                                  A label selector requirement is a selector that contains values, a key, and an operator that
+                                  relates the key and values.
+                                properties:
+                                  key:
+                                    description: key is the label key that the selector
+                                      applies to.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      operator represents a key's relationship to a set of values.
+                                      Valid operators are In, NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: |-
+                                      values is an array of string values. If the operator is In or NotIn,
+                                      the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                      the values array must be empty. This array is replaced during a strategic
+                                      merge patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                operator is "In", and the values array contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        maxUnavailable:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: |-
+                            A number or percentage of clusters that can be unavailable in this
+                            partition before this partition is treated as done.
+                            default: 10%
+                          x-kubernetes-int-or-string: true
+                        name:
+                          description: A user-friendly name given to the partition
+                            used for Display (optional).
+                          type: string
+                      type: object
+                    nullable: true
+                    type: array
+                type: object
+              clusterTargets:
+                items:
+                  description: |-
+                    BundleTarget declares clusters to deploy to. Fleet will merge the
+                    BundleDeploymentOptions from customizations into this struct.
+                  properties:
+                    clusterGroup:
+                      description: ClusterGroup to match a specific cluster group
+                        by name.
+                      nullable: true
+                      type: string
+                    clusterGroupSelector:
+                      description: ClusterGroupSelector is a selector to match cluster
+                        groups.
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    clusterName:
+                      description: |-
+                        ClusterName to match a specific cluster by name that will be
+                        selected
+                      nullable: true
+                      type: string
+                    clusterSelector:
+                      description: |-
+                        ClusterSelector is a selector to match clusters. The structure is
+                        the standard metav1.LabelSelector format. If clusterGroupSelector or
+                        clusterGroup is specified, clusterSelector will be used only to
+                        further refine the selection after clusterGroupSelector and
+                        clusterGroup is evaluated.
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    correctDrift:
+                      description: CorrectDrift specifies how drift correction should
+                        work.
+                      properties:
+                        enabled:
+                          description: Enabled correct drift if true.
+                          type: boolean
+                        force:
+                          description: Force helm rollback with --force option will
+                            be used if true. This will try to recreate all resources
+                            in the release.
+                          type: boolean
+                        keepFailHistory:
+                          description: KeepFailHistory keeps track of failed rollbacks
+                            in the helm history.
+                          type: boolean
+                      type: object
+                    defaultNamespace:
+                      description: |-
+                        DefaultNamespace is the namespace to use for resources that do not
+                        specify a namespace. This field is not used to enforce or lock down
+                        the deployment to a specific namespace.
+                      nullable: true
+                      type: string
+                    deleteCRDResources:
+                      description: DeleteCRDResources deletes CRDs. Warning! this
+                        will also delete all your Custom Resources.
+                      type: boolean
+                    diff:
+                      description: Diff can be used to ignore the modified state of
+                        objects which are amended at runtime.
+                      nullable: true
+                      properties:
+                        comparePatches:
+                          description: ComparePatches match a resource and remove
+                            fields from the check for modifications.
+                          items:
+                            description: ComparePatch matches a resource and removes
+                              fields from the check for modifications.
+                            properties:
+                              apiVersion:
+                                description: APIVersion is the apiVersion of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              jsonPointers:
+                                description: JSONPointers ignore diffs at a certain
+                                  JSON path.
+                                items:
+                                  type: string
+                                nullable: true
+                                type: array
+                              kind:
+                                description: Kind is the kind of the resource to match.
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name is the name of the resource to match.
+                                nullable: true
+                                type: string
+                              namespace:
+                                description: Namespace is the namespace of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              operations:
+                                description: Operations remove a JSON path from the
+                                  resource.
+                                items:
+                                  description: Operation of a ComparePatch, usually
+                                    "remove".
+                                  properties:
+                                    op:
+                                      description: Op is usually "remove"
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      description: Path is the JSON path to remove.
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      description: Value is usually empty.
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    doNotDeploy:
+                      description: DoNotDeploy if set to true, will not deploy to
+                        this target.
+                      type: boolean
+                    forceSyncGeneration:
+                      description: ForceSyncGeneration is used to force a redeployment
+                      format: int64
+                      type: integer
+                    helm:
+                      description: Helm options for the deployment, like the chart
+                        name, repo and values.
+                      nullable: true
+                      properties:
+                        atomic:
+                          description: Atomic sets the --atomic flag when Helm is
+                            performing an upgrade
+                          type: boolean
+                        chart:
+                          description: |-
+                            Chart can refer to any go-getter URL or OCI registry based helm
+                            chart URL. The chart will be downloaded.
+                          nullable: true
+                          type: string
+                        disableDNS:
+                          description: DisableDNS can be used to customize Helm's
+                            EnableDNS option, which Fleet sets to `true` by default.
+                          type: boolean
+                        disableDependencyUpdate:
+                          description: DisableDependencyUpdate allows skipping chart
+                            dependencies update
+                          type: boolean
+                        disablePreProcess:
+                          description: DisablePreProcess disables template processing
+                            in values
+                          type: boolean
+                        force:
+                          description: Force allows to override immutable resources.
+                            This could be dangerous.
+                          type: boolean
+                        maxHistory:
+                          description: MaxHistory limits the maximum number of revisions
+                            saved per release by Helm.
+                          type: integer
+                        releaseName:
+                          description: |-
+                            ReleaseName sets a custom release name to deploy the chart as. If
+                            not specified a release name will be generated by combining the
+                            invoking GitRepo.name + GitRepo.path.
+                          maxLength: 53
+                          nullable: true
+                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                          type: string
+                        repo:
+                          description: Repo is the name of the HTTPS helm repo to
+                            download the chart from.
+                          nullable: true
+                          type: string
+                        skipSchemaValidation:
+                          description: SkipSchemaValidation allows skipping schema
+                            validation against the chart values
+                          type: boolean
+                        takeOwnership:
+                          description: TakeOwnership makes helm skip the check for
+                            its own annotations
+                          type: boolean
+                        timeoutSeconds:
+                          description: TimeoutSeconds is the time to wait for Helm
+                            operations.
+                          type: integer
+                        values:
+                          description: |-
+                            Values passed to Helm. It is possible to specify the keys and values
+                            as go template strings.
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        valuesFiles:
+                          description: ValuesFiles is a list of files to load values
+                            from.
+                          items:
+                            type: string
+                          nullable: true
+                          type: array
+                        valuesFrom:
+                          description: ValuesFrom loads the values from configmaps
+                            and secrets.
+                          items:
+                            description: 'Define helm values that can come from configmap,
+                              secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                            properties:
+                              configMapKeyRef:
+                                description: The reference to a config map with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secretKeyRef:
+                                description: The reference to a secret with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        version:
+                          description: Version of the chart to download
+                          nullable: true
+                          type: string
+                        waitForJobs:
+                          description: |-
+                            WaitForJobs if set and timeoutSeconds provided, will wait until all
+                            Jobs have been completed before marking the GitRepo as ready. It
+                            will wait for as long as timeoutSeconds
+                          type: boolean
+                      type: object
+                    ignore:
+                      description: IgnoreOptions can be used to ignore fields when
+                        monitoring the bundle.
+                      properties:
+                        conditions:
+                          description: Conditions is a list of conditions to be ignored
+                            when monitoring the Bundle.
+                          items:
+                            additionalProperties:
+                              type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    keepResources:
+                      description: KeepResources can be used to keep the deployed
+                        resources when removing the bundle
+                      type: boolean
+                    kustomize:
+                      description: |-
+                        Kustomize options for the deployment, like the dir containing the
+                        kustomization.yaml file.
+                      nullable: true
+                      properties:
+                        dir:
+                          description: |-
+                            Dir points to a custom folder for kustomize resources. This folder must contain
+                            a kustomization.yaml file.
+                          nullable: true
+                          type: string
+                      type: object
+                    name:
+                      description: |-
+                        Name of target. This value is largely for display and logging. If
+                        not specified a default name of the format "target000" will be used
+                      type: string
+                    namespace:
+                      description: |-
+                        TargetNamespace if present will assign all resource to this
+                        namespace and if any cluster scoped resource exists the deployment
+                        will fail.
+                      nullable: true
+                      type: string
+                    namespaceAnnotations:
+                      additionalProperties:
+                        type: string
+                      description: NamespaceAnnotations are annotations that will
+                        be appended to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    namespaceLabels:
+                      additionalProperties:
+                        type: string
+                      description: NamespaceLabels are labels that will be appended
+                        to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    serviceAccount:
+                      description: ServiceAccount which will be used to perform this
+                        deployment.
+                      nullable: true
+                      type: string
+                    yaml:
+                      description: |-
+                        YAML options, if using raw YAML these are names that map to
+                        overlays/{name} files that will be used to replace or patch a resource.
+                      nullable: true
+                      properties:
+                        overlays:
+                          description: |-
+                            Overlays is a list of names that maps to folders in "overlays/".
+                            If you wish to customize the file ./subdir/resource.yaml then a file
+                            ./overlays/myoverlay/subdir/resource.yaml will replace the base
+                            file.
+                            A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
+                          items:
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                type: array
+              concurrency:
+                format: int64
+                type: integer
+              cordon:
+                type: boolean
+              drain:
+                default:
+                  deleteLocalData: true
+                  force: true
+                  ignoreDaemonSets: true
+                  skipWaitForDeleteTimeout: 60
+                description: DrainSpec encapsulates `kubectl drain` parameters minus
+                  node/pod selectors.
+                nullable: true
+                properties:
+                  deleteEmptydirData:
+                    type: boolean
+                  deleteLocalData:
+                    type: boolean
+                  disableEviction:
+                    type: boolean
+                  force:
+                    type: boolean
+                  gracePeriod:
+                    format: int32
+                    type: integer
+                  ignoreDaemonSets:
+                    type: boolean
+                  podSelector:
+                    description: |-
+                      A label selector is a label query over a set of resources. The result of matchLabels and
+                      matchExpressions are ANDed. An empty label selector matches all objects. A null
+                      label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector
+                          requirements. The requirements are ANDed.
+                        items:
+                          description: |-
+                            A label selector requirement is a selector that contains values, a key, and an operator that
+                            relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: |-
+                                operator represents a key's relationship to a set of values.
+                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: |-
+                                values is an array of string values. If the operator is In or NotIn,
+                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced during a strategic
+                                merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  skipWaitForDeleteTimeout:
+                    type: integer
+                  timeout:
+                    description: |-
+                      A Duration represents the elapsed time between two instants
+                      as an int64 nanosecond count. The representation limits the
+                      largest representable duration to approximately 290 years.
+                    format: int64
+                    type: integer
+                type: object
+              managedOSVersionName:
+                type: string
+              nodeSelector:
+                description: |-
+                  A label selector is a label query over a set of resources. The result of matchLabels and
+                  matchExpressions are ANDed. An empty label selector matches all objects. A null
+                  label selector matches no objects.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: |-
+                        A label selector requirement is a selector that contains values, a key, and an operator that
+                        relates the key and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: |-
+                            operator represents a key's relationship to a set of values.
+                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                          type: string
+                        values:
+                          description: |-
+                            values is an array of string values. If the operator is In or NotIn,
+                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                            the values array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              osImage:
+                type: string
+              prepare:
+                description: ContainerSpec is a simplified container template.
+                properties:
+                  args:
+                    items:
+                      type: string
+                    type: array
+                  command:
+                    items:
+                      type: string
+                    type: array
+                  envFrom:
+                    items:
+                      description: EnvFromSource represents the source of a set of
+                        ConfigMaps
+                      properties:
+                        configMapRef:
+                          description: The ConfigMap to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the ConfigMap must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        prefix:
+                          description: An optional identifier to prepend to each key
+                            in the ConfigMap. Must be a C_IDENTIFIER.
+                          type: string
+                        secretRef:
+                          description: The Secret to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the Secret must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                      type: object
+                    type: array
+                  envs:
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: |-
+                            Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in the container and
+                            any service environment variables. If a variable cannot be resolved,
+                            the reference in the input string will be unchanged. Double $$ are reduced
+                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless of whether the variable
+                            exists or not.
+                            Defaults to "".
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: |-
+                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: |-
+                                Selects a resource of the container: only resources limits and requests
+                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  image:
+                    type: string
+                  securityContext:
+                    description: |-
+                      SecurityContext holds security configuration that will be applied to a container.
+                      Some fields are present in both SecurityContext and PodSecurityContext.  When both
+                      are set, the values in SecurityContext take precedence.
+                    properties:
+                      allowPrivilegeEscalation:
+                        description: |-
+                          AllowPrivilegeEscalation controls whether a process can gain more
+                          privileges than its parent process. This bool directly controls if
+                          the no_new_privs flag will be set on the container process.
+                          AllowPrivilegeEscalation is true always when the container is:
+                          1) run as Privileged
+                          2) has CAP_SYS_ADMIN
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      capabilities:
+                        description: |-
+                          The capabilities to add/drop when running containers.
+                          Defaults to the default set of capabilities granted by the container runtime.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          add:
+                            description: Added capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                          drop:
+                            description: Removed capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                        type: object
+                      privileged:
+                        description: |-
+                          Run container in privileged mode.
+                          Processes in privileged containers are essentially equivalent to root on the host.
+                          Defaults to false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      procMount:
+                        description: |-
+                          procMount denotes the type of proc mount to use for the containers.
+                          The default is DefaultProcMount which uses the container runtime defaults for
+                          readonly paths and masked paths.
+                          This requires the ProcMountType feature flag to be enabled.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: string
+                      readOnlyRootFilesystem:
+                        description: |-
+                          Whether this container has a read-only root filesystem.
+                          Default is false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      runAsGroup:
+                        description: |-
+                          The GID to run the entrypoint of the container process.
+                          Uses runtime default if unset.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        description: |-
+                          Indicates that the container must run as a non-root user.
+                          If true, the Kubelet will validate the image at runtime to ensure that it
+                          does not run as UID 0 (root) and fail to start the container if it does.
+                          If unset or false, no such validation will be performed.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                        type: boolean
+                      runAsUser:
+                        description: |-
+                          The UID to run the entrypoint of the container process.
+                          Defaults to user specified in image metadata if unspecified.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        description: |-
+                          The SELinux context to be applied to the container.
+                          If unspecified, the container runtime will allocate a random SELinux context for each
+                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          level:
+                            description: Level is SELinux level label that applies
+                              to the container.
+                            type: string
+                          role:
+                            description: Role is a SELinux role label that applies
+                              to the container.
+                            type: string
+                          type:
+                            description: Type is a SELinux type label that applies
+                              to the container.
+                            type: string
+                          user:
+                            description: User is a SELinux user label that applies
+                              to the container.
+                            type: string
+                        type: object
+                      seccompProfile:
+                        description: |-
+                          The seccomp options to use by this container. If seccomp options are
+                          provided at both the pod & container level, the container options
+                          override the pod options.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          localhostProfile:
+                            description: |-
+                              localhostProfile indicates a profile defined in a file on the node should be used.
+                              The profile must be preconfigured on the node to work.
+                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                            type: string
+                          type:
+                            description: |-
+                              type indicates which kind of seccomp profile will be applied.
+                              Valid options are:
+
+
+                              Localhost - a profile defined in a file on the node should be used.
+                              RuntimeDefault - the container runtime default profile should be used.
+                              Unconfined - no profile should be applied.
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        description: |-
+                          The Windows specific settings applied to all containers.
+                          If unspecified, the options from the PodSecurityContext will be used.
+                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is linux.
+                        properties:
+                          gmsaCredentialSpec:
+                            description: |-
+                              GMSACredentialSpec is where the GMSA admission webhook
+                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                              GMSA credential spec named by the GMSACredentialSpecName field.
+                            type: string
+                          gmsaCredentialSpecName:
+                            description: GMSACredentialSpecName is the name of the
+                              GMSA credential spec to use.
+                            type: string
+                          hostProcess:
+                            description: |-
+                              HostProcess determines if a container should be run as a 'Host Process' container.
+                              All of a Pod's containers must have the same effective HostProcess value
+                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                            type: boolean
+                          runAsUserName:
+                            description: |-
+                              The UserName in Windows to run the entrypoint of the container process.
+                              Defaults to the user specified in image metadata if unspecified.
+                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                            type: string
+                        type: object
+                    type: object
+                  volumes:
+                    items:
+                      properties:
+                        destination:
+                          type: string
+                        name:
+                          type: string
+                        source:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              upgradeContainer:
+                description: ContainerSpec is a simplified container template.
+                properties:
+                  args:
+                    items:
+                      type: string
+                    type: array
+                  command:
+                    items:
+                      type: string
+                    type: array
+                  envFrom:
+                    items:
+                      description: EnvFromSource represents the source of a set of
+                        ConfigMaps
+                      properties:
+                        configMapRef:
+                          description: The ConfigMap to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the ConfigMap must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        prefix:
+                          description: An optional identifier to prepend to each key
+                            in the ConfigMap. Must be a C_IDENTIFIER.
+                          type: string
+                        secretRef:
+                          description: The Secret to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the Secret must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                      type: object
+                    type: array
+                  envs:
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: |-
+                            Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in the container and
+                            any service environment variables. If a variable cannot be resolved,
+                            the reference in the input string will be unchanged. Double $$ are reduced
+                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless of whether the variable
+                            exists or not.
+                            Defaults to "".
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: |-
+                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: |-
+                                Selects a resource of the container: only resources limits and requests
+                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  image:
+                    type: string
+                  securityContext:
+                    description: |-
+                      SecurityContext holds security configuration that will be applied to a container.
+                      Some fields are present in both SecurityContext and PodSecurityContext.  When both
+                      are set, the values in SecurityContext take precedence.
+                    properties:
+                      allowPrivilegeEscalation:
+                        description: |-
+                          AllowPrivilegeEscalation controls whether a process can gain more
+                          privileges than its parent process. This bool directly controls if
+                          the no_new_privs flag will be set on the container process.
+                          AllowPrivilegeEscalation is true always when the container is:
+                          1) run as Privileged
+                          2) has CAP_SYS_ADMIN
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      capabilities:
+                        description: |-
+                          The capabilities to add/drop when running containers.
+                          Defaults to the default set of capabilities granted by the container runtime.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          add:
+                            description: Added capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                          drop:
+                            description: Removed capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                        type: object
+                      privileged:
+                        description: |-
+                          Run container in privileged mode.
+                          Processes in privileged containers are essentially equivalent to root on the host.
+                          Defaults to false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      procMount:
+                        description: |-
+                          procMount denotes the type of proc mount to use for the containers.
+                          The default is DefaultProcMount which uses the container runtime defaults for
+                          readonly paths and masked paths.
+                          This requires the ProcMountType feature flag to be enabled.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: string
+                      readOnlyRootFilesystem:
+                        description: |-
+                          Whether this container has a read-only root filesystem.
+                          Default is false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      runAsGroup:
+                        description: |-
+                          The GID to run the entrypoint of the container process.
+                          Uses runtime default if unset.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        description: |-
+                          Indicates that the container must run as a non-root user.
+                          If true, the Kubelet will validate the image at runtime to ensure that it
+                          does not run as UID 0 (root) and fail to start the container if it does.
+                          If unset or false, no such validation will be performed.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                        type: boolean
+                      runAsUser:
+                        description: |-
+                          The UID to run the entrypoint of the container process.
+                          Defaults to user specified in image metadata if unspecified.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        description: |-
+                          The SELinux context to be applied to the container.
+                          If unspecified, the container runtime will allocate a random SELinux context for each
+                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          level:
+                            description: Level is SELinux level label that applies
+                              to the container.
+                            type: string
+                          role:
+                            description: Role is a SELinux role label that applies
+                              to the container.
+                            type: string
+                          type:
+                            description: Type is a SELinux type label that applies
+                              to the container.
+                            type: string
+                          user:
+                            description: User is a SELinux user label that applies
+                              to the container.
+                            type: string
+                        type: object
+                      seccompProfile:
+                        description: |-
+                          The seccomp options to use by this container. If seccomp options are
+                          provided at both the pod & container level, the container options
+                          override the pod options.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          localhostProfile:
+                            description: |-
+                              localhostProfile indicates a profile defined in a file on the node should be used.
+                              The profile must be preconfigured on the node to work.
+                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                            type: string
+                          type:
+                            description: |-
+                              type indicates which kind of seccomp profile will be applied.
+                              Valid options are:
+
+
+                              Localhost - a profile defined in a file on the node should be used.
+                              RuntimeDefault - the container runtime default profile should be used.
+                              Unconfined - no profile should be applied.
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        description: |-
+                          The Windows specific settings applied to all containers.
+                          If unspecified, the options from the PodSecurityContext will be used.
+                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is linux.
+                        properties:
+                          gmsaCredentialSpec:
+                            description: |-
+                              GMSACredentialSpec is where the GMSA admission webhook
+                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                              GMSA credential spec named by the GMSACredentialSpecName field.
+                            type: string
+                          gmsaCredentialSpecName:
+                            description: GMSACredentialSpecName is the name of the
+                              GMSA credential spec to use.
+                            type: string
+                          hostProcess:
+                            description: |-
+                              HostProcess determines if a container should be run as a 'Host Process' container.
+                              All of a Pod's containers must have the same effective HostProcess value
+                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                            type: boolean
+                          runAsUserName:
+                            description: |-
+                              The UserName in Windows to run the entrypoint of the container process.
+                              Defaults to the user specified in image metadata if unspecified.
+                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                            type: string
+                        type: object
+                    type: object
+                  volumes:
+                    items:
+                      properties:
+                        destination:
+                          type: string
+                        name:
+                          type: string
+                        source:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            required:
+            - drain
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: managedosversionchannels.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: ManagedOSVersionChannel
+    listKind: ManagedOSVersionChannelList
+    plural: managedosversionchannels
+    singular: managedosversionchannel
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              deleteNoLongerInSyncVersions:
+                default: false
+                description: |-
+                  DeleteNoLongerInSyncVersions automatically deletes
+                  all no-longer-in-sync ManagedOSVersions that were created by this channel.
+                type: boolean
+              options:
+                x-kubernetes-preserve-unknown-fields: true
+              syncInterval:
+                default: 1h
+                type: string
+              type:
+                type: string
+              upgradeContainer:
+                description: ContainerSpec is a simplified container template.
+                properties:
+                  args:
+                    items:
+                      type: string
+                    type: array
+                  command:
+                    items:
+                      type: string
+                    type: array
+                  envFrom:
+                    items:
+                      description: EnvFromSource represents the source of a set of
+                        ConfigMaps
+                      properties:
+                        configMapRef:
+                          description: The ConfigMap to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the ConfigMap must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        prefix:
+                          description: An optional identifier to prepend to each key
+                            in the ConfigMap. Must be a C_IDENTIFIER.
+                          type: string
+                        secretRef:
+                          description: The Secret to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the Secret must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                      type: object
+                    type: array
+                  envs:
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: |-
+                            Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in the container and
+                            any service environment variables. If a variable cannot be resolved,
+                            the reference in the input string will be unchanged. Double $$ are reduced
+                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless of whether the variable
+                            exists or not.
+                            Defaults to "".
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: |-
+                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: |-
+                                Selects a resource of the container: only resources limits and requests
+                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  image:
+                    type: string
+                  securityContext:
+                    description: |-
+                      SecurityContext holds security configuration that will be applied to a container.
+                      Some fields are present in both SecurityContext and PodSecurityContext.  When both
+                      are set, the values in SecurityContext take precedence.
+                    properties:
+                      allowPrivilegeEscalation:
+                        description: |-
+                          AllowPrivilegeEscalation controls whether a process can gain more
+                          privileges than its parent process. This bool directly controls if
+                          the no_new_privs flag will be set on the container process.
+                          AllowPrivilegeEscalation is true always when the container is:
+                          1) run as Privileged
+                          2) has CAP_SYS_ADMIN
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      capabilities:
+                        description: |-
+                          The capabilities to add/drop when running containers.
+                          Defaults to the default set of capabilities granted by the container runtime.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          add:
+                            description: Added capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                          drop:
+                            description: Removed capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                        type: object
+                      privileged:
+                        description: |-
+                          Run container in privileged mode.
+                          Processes in privileged containers are essentially equivalent to root on the host.
+                          Defaults to false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      procMount:
+                        description: |-
+                          procMount denotes the type of proc mount to use for the containers.
+                          The default is DefaultProcMount which uses the container runtime defaults for
+                          readonly paths and masked paths.
+                          This requires the ProcMountType feature flag to be enabled.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: string
+                      readOnlyRootFilesystem:
+                        description: |-
+                          Whether this container has a read-only root filesystem.
+                          Default is false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      runAsGroup:
+                        description: |-
+                          The GID to run the entrypoint of the container process.
+                          Uses runtime default if unset.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        description: |-
+                          Indicates that the container must run as a non-root user.
+                          If true, the Kubelet will validate the image at runtime to ensure that it
+                          does not run as UID 0 (root) and fail to start the container if it does.
+                          If unset or false, no such validation will be performed.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                        type: boolean
+                      runAsUser:
+                        description: |-
+                          The UID to run the entrypoint of the container process.
+                          Defaults to user specified in image metadata if unspecified.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        description: |-
+                          The SELinux context to be applied to the container.
+                          If unspecified, the container runtime will allocate a random SELinux context for each
+                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          level:
+                            description: Level is SELinux level label that applies
+                              to the container.
+                            type: string
+                          role:
+                            description: Role is a SELinux role label that applies
+                              to the container.
+                            type: string
+                          type:
+                            description: Type is a SELinux type label that applies
+                              to the container.
+                            type: string
+                          user:
+                            description: User is a SELinux user label that applies
+                              to the container.
+                            type: string
+                        type: object
+                      seccompProfile:
+                        description: |-
+                          The seccomp options to use by this container. If seccomp options are
+                          provided at both the pod & container level, the container options
+                          override the pod options.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          localhostProfile:
+                            description: |-
+                              localhostProfile indicates a profile defined in a file on the node should be used.
+                              The profile must be preconfigured on the node to work.
+                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                            type: string
+                          type:
+                            description: |-
+                              type indicates which kind of seccomp profile will be applied.
+                              Valid options are:
+
+
+                              Localhost - a profile defined in a file on the node should be used.
+                              RuntimeDefault - the container runtime default profile should be used.
+                              Unconfined - no profile should be applied.
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        description: |-
+                          The Windows specific settings applied to all containers.
+                          If unspecified, the options from the PodSecurityContext will be used.
+                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is linux.
+                        properties:
+                          gmsaCredentialSpec:
+                            description: |-
+                              GMSACredentialSpec is where the GMSA admission webhook
+                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                              GMSA credential spec named by the GMSACredentialSpecName field.
+                            type: string
+                          gmsaCredentialSpecName:
+                            description: GMSACredentialSpecName is the name of the
+                              GMSA credential spec to use.
+                            type: string
+                          hostProcess:
+                            description: |-
+                              HostProcess determines if a container should be run as a 'Host Process' container.
+                              All of a Pod's containers must have the same effective HostProcess value
+                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                            type: boolean
+                          runAsUserName:
+                            description: |-
+                              The UserName in Windows to run the entrypoint of the container process.
+                              Defaults to the user specified in image metadata if unspecified.
+                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                            type: string
+                        type: object
+                    type: object
+                  volumes:
+                    items:
+                      properties:
+                        destination:
+                          type: string
+                        name:
+                          type: string
+                        source:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+          status:
+            properties:
+              conditions:
+                description: Conditions describe the state of the managed OS version
+                  object.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              failedSynchronizationAttempts:
+                description: FailedSynchronizationAttempts counts the number of consecutive
+                  synchronization failures
+                type: integer
+              lastSyncedTime:
+                description: LastSyncedTime is the timestamp of the last synchronization
+                format: date-time
+                type: string
+              syncedGeneration:
+                description: SyncedGeneration tracks the spec generation of the last
+                  synchronization
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: managedosversions.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: ManagedOSVersion
+    listKind: ManagedOSVersionList
+    plural: managedosversions
+    singular: managedosversion
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              metadata:
+                x-kubernetes-preserve-unknown-fields: true
+              minVersion:
+                type: string
+              type:
+                type: string
+              upgradeContainer:
+                description: ContainerSpec is a simplified container template.
+                properties:
+                  args:
+                    items:
+                      type: string
+                    type: array
+                  command:
+                    items:
+                      type: string
+                    type: array
+                  envFrom:
+                    items:
+                      description: EnvFromSource represents the source of a set of
+                        ConfigMaps
+                      properties:
+                        configMapRef:
+                          description: The ConfigMap to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the ConfigMap must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        prefix:
+                          description: An optional identifier to prepend to each key
+                            in the ConfigMap. Must be a C_IDENTIFIER.
+                          type: string
+                        secretRef:
+                          description: The Secret to select from
+                          properties:
+                            name:
+                              description: |-
+                                Name of the referent.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
+                              type: string
+                            optional:
+                              description: Specify whether the Secret must be defined
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                      type: object
+                    type: array
+                  envs:
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: |-
+                            Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in the container and
+                            any service environment variables. If a variable cannot be resolved,
+                            the reference in the input string will be unchanged. Double $$ are reduced
+                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless of whether the variable
+                            exists or not.
+                            Defaults to "".
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: |-
+                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: |-
+                                Selects a resource of the container: only resources limits and requests
+                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: |-
+                                    Name of the referent.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  image:
+                    type: string
+                  securityContext:
+                    description: |-
+                      SecurityContext holds security configuration that will be applied to a container.
+                      Some fields are present in both SecurityContext and PodSecurityContext.  When both
+                      are set, the values in SecurityContext take precedence.
+                    properties:
+                      allowPrivilegeEscalation:
+                        description: |-
+                          AllowPrivilegeEscalation controls whether a process can gain more
+                          privileges than its parent process. This bool directly controls if
+                          the no_new_privs flag will be set on the container process.
+                          AllowPrivilegeEscalation is true always when the container is:
+                          1) run as Privileged
+                          2) has CAP_SYS_ADMIN
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      capabilities:
+                        description: |-
+                          The capabilities to add/drop when running containers.
+                          Defaults to the default set of capabilities granted by the container runtime.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          add:
+                            description: Added capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                          drop:
+                            description: Removed capabilities
+                            items:
+                              description: Capability represent POSIX capabilities
+                                type
+                              type: string
+                            type: array
+                        type: object
+                      privileged:
+                        description: |-
+                          Run container in privileged mode.
+                          Processes in privileged containers are essentially equivalent to root on the host.
+                          Defaults to false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      procMount:
+                        description: |-
+                          procMount denotes the type of proc mount to use for the containers.
+                          The default is DefaultProcMount which uses the container runtime defaults for
+                          readonly paths and masked paths.
+                          This requires the ProcMountType feature flag to be enabled.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: string
+                      readOnlyRootFilesystem:
+                        description: |-
+                          Whether this container has a read-only root filesystem.
+                          Default is false.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        type: boolean
+                      runAsGroup:
+                        description: |-
+                          The GID to run the entrypoint of the container process.
+                          Uses runtime default if unset.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        description: |-
+                          Indicates that the container must run as a non-root user.
+                          If true, the Kubelet will validate the image at runtime to ensure that it
+                          does not run as UID 0 (root) and fail to start the container if it does.
+                          If unset or false, no such validation will be performed.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                        type: boolean
+                      runAsUser:
+                        description: |-
+                          The UID to run the entrypoint of the container process.
+                          Defaults to user specified in image metadata if unspecified.
+                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        description: |-
+                          The SELinux context to be applied to the container.
+                          If unspecified, the container runtime will allocate a random SELinux context for each
+                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          level:
+                            description: Level is SELinux level label that applies
+                              to the container.
+                            type: string
+                          role:
+                            description: Role is a SELinux role label that applies
+                              to the container.
+                            type: string
+                          type:
+                            description: Type is a SELinux type label that applies
+                              to the container.
+                            type: string
+                          user:
+                            description: User is a SELinux user label that applies
+                              to the container.
+                            type: string
+                        type: object
+                      seccompProfile:
+                        description: |-
+                          The seccomp options to use by this container. If seccomp options are
+                          provided at both the pod & container level, the container options
+                          override the pod options.
+                          Note that this field cannot be set when spec.os.name is windows.
+                        properties:
+                          localhostProfile:
+                            description: |-
+                              localhostProfile indicates a profile defined in a file on the node should be used.
+                              The profile must be preconfigured on the node to work.
+                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                            type: string
+                          type:
+                            description: |-
+                              type indicates which kind of seccomp profile will be applied.
+                              Valid options are:
+
+
+                              Localhost - a profile defined in a file on the node should be used.
+                              RuntimeDefault - the container runtime default profile should be used.
+                              Unconfined - no profile should be applied.
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        description: |-
+                          The Windows specific settings applied to all containers.
+                          If unspecified, the options from the PodSecurityContext will be used.
+                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                          Note that this field cannot be set when spec.os.name is linux.
+                        properties:
+                          gmsaCredentialSpec:
+                            description: |-
+                              GMSACredentialSpec is where the GMSA admission webhook
+                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                              GMSA credential spec named by the GMSACredentialSpecName field.
+                            type: string
+                          gmsaCredentialSpecName:
+                            description: GMSACredentialSpecName is the name of the
+                              GMSA credential spec to use.
+                            type: string
+                          hostProcess:
+                            description: |-
+                              HostProcess determines if a container should be run as a 'Host Process' container.
+                              All of a Pod's containers must have the same effective HostProcess value
+                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                            type: boolean
+                          runAsUserName:
+                            description: |-
+                              The UserName in Windows to run the entrypoint of the container process.
+                              Defaults to the user specified in image metadata if unspecified.
+                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                            type: string
+                        type: object
+                    type: object
+                  volumes:
+                    items:
+                      properties:
+                        destination:
+                          type: string
+                        name:
+                          type: string
+                        source:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              version:
+                type: string
+            type: object
+          status:
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: metadata.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: Metadata
+    listKind: MetadataList
+    plural: metadata
+    singular: metadata
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              annotations:
+                additionalProperties:
+                  type: string
+                type: object
+              appVersion:
+                type: string
+            type: object
+          status:
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/part-of: Elemental Operator
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-elemental
+    cluster.x-k8s.io/v1beta1: v1beta1
+    release-name: '{{ .Release.Name }}'
+  name: seedimages.elemental.cattle.io
+spec:
+  group: elemental.cattle.io
+  names:
+    kind: SeedImage
+    listKind: SeedImageList
+    plural: seedimages
+    singular: seedimage
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              baseImage:
+                description: BaseImg the base elemental image used to build the seed
+                  image.
+                type: string
+              buildContainer:
+                description: |-
+                  BuildContainer settings for a custom container used to generate the
+                  downloadable image.
+                properties:
+                  args:
+                    description: Args same as corev1.Container.Args
+                    items:
+                      type: string
+                    type: array
+                  command:
+                    description: Command same as corev1.Container.Command
+                    items:
+                      type: string
+                    type: array
+                  image:
+                    description: Image container image to run
+                    type: string
+                  imagePullPolicy:
+                    description: Args same as corev1.Container.ImagePullPolicy
+                    type: string
+                  name:
+                    description: Name of the spawned container
+                    type: string
+                type: object
+              cleanupAfterMinutes:
+                default: 60
+                description: |-
+                  LifetimeMinutes the time at which the built seed image will be cleaned up.
+                  If when the lifetime elapses the built image is being downloaded, the active
+                  download will be completed before removing the built image.
+                  Default is 60 minutes, set to 0 to disable.
+                format: int32
+                type: integer
+              cloud-config:
+                description: CloudConfig contains cloud-config data to be put in the
+                  generated iso.
+                x-kubernetes-preserve-unknown-fields: true
+              registrationRef:
+                description: MachineRegistrationRef a reference to the related MachineRegistration.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: |-
+                      If referring to a piece of an object instead of an entire object, this string
+                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within a pod, this would take on a value like:
+                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]" (container with
+                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                      referencing a part of an object.
+                      TODO: this design is not final and this field is subject to change in the future.
+                    type: string
+                  kind:
+                    description: |-
+                      Kind of the referent.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                    type: string
+                  name:
+                    description: |-
+                      Name of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                  namespace:
+                    description: |-
+                      Namespace of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                    type: string
+                  resourceVersion:
+                    description: |-
+                      Specific resourceVersion to which this reference is made, if any.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                    type: string
+                  uid:
+                    description: |-
+                      UID of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              retriggerBuild:
+                description: RetriggerBuild triggers to build again a cleaned up seed
+                  image.
+                type: boolean
+              size:
+                anyOf:
+                - type: integer
+                - type: string
+                default: 6442450944
+                description: |-
+                  Size specifies the size of the volume used to store the image.
+                  Defaults to 6Gi
+                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                x-kubernetes-int-or-string: true
+              targetPlatform:
+                description: 'Platform specifies the target platform for the built
+                  image. Example: linux/amd64'
+                example: linux/amd64
+                pattern: ^$|^\S+\/\S+$
+                type: string
+              type:
+                default: iso
+                description: |-
+                  Type specifies the type of seed image to built.
+                  Valid values are iso|raw
+                  Defaults to "iso"
+                enum:
+                - iso
+                - raw
+                type: string
+            required:
+            - registrationRef
+            - type
+            type: object
+          status:
+            properties:
+              checksumURL:
+                description: ChecksumURL the URL from which the SeedImage checksum
+                  can be downloaded once the image is built.
+                type: string
+              conditions:
+                description: Conditions describe the state of the machine registration
+                  object.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              downloadToken:
+                description: DownloadToken a token to identify the seed image to download.
+                type: string
+              downloadURL:
+                description: DownloadURL the URL from which the SeedImage can be downloaded
+                  once built.
+                type: string
+              state:
+                description: State reflect the state of the seed image build process.
+                enum:
+                - Initialized
+                - Started
+                - Completed
+                - Failed
+                - NotStarted
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/elemental-crd/103.4.1+up1.6.5/templates/validate-no-pending-deletions.yaml b/charts/elemental-crd/103.4.1+up1.6.5/templates/validate-no-pending-deletions.yaml
new file mode 100644
index 0000000000..6e16863118
--- /dev/null
+++ b/charts/elemental-crd/103.4.1+up1.6.5/templates/validate-no-pending-deletions.yaml
@@ -0,0 +1,17 @@
+{{- $crds := list
+  "machineinventories.elemental.cattle.io"
+  "machineinventoryselectors.elemental.cattle.io"
+  "machineinventoryselectortemplates.elemental.cattle.io"
+  "machineregistrations.elemental.cattle.io"
+  "managedosimages.elemental.cattle.io"
+  "managedosversionchannels.elemental.cattle.io"
+  "managedosversions.elemental.cattle.io"
+  "seedimages.elemental.cattle.io"
+  "metadata.elemental.cattle.io"
+-}}
+{{- range $index, $crd := $crds -}}
+  {{- $obj := lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" $.Release.Namespace $crd -}}
+  {{- if and $obj $obj.metadata.deletionTimestamp -}}
+    {{- required "CRDs from previous installations are pending to be removed (deletionTimestamp is set). Fully deleting them before (re-)installing is required" "" -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/elemental/103.4.1+up1.6.5/Chart.yaml b/charts/elemental/103.4.1+up1.6.5/Chart.yaml
new file mode 100644
index 0000000000..e4ed82b675
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: elemental-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Elemental
+  catalog.cattle.io/kube-version: '>= 1.23.0-0'
+  catalog.cattle.io/namespace: cattle-elemental-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/provides-gvr: elemental.cattle.io/v1beta1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: elemental-operator
+  catalog.cattle.io/scope: management
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/upstream-version: 1.6.5
+apiVersion: v2
+appVersion: 1.6.5
+description: Elemental provides Cloud Native OS Management for Cluster Nodes.
+icon: https://raw.githubusercontent.com/rancher/elemental/main/logo/icon-elemental.svg
+name: elemental
+version: 103.4.1+up1.6.5
diff --git a/charts/elemental/103.4.1+up1.6.5/README.md b/charts/elemental/103.4.1+up1.6.5/README.md
new file mode 100644
index 0000000000..bf7b83ea6c
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/README.md
@@ -0,0 +1,5 @@
+# Elemental Operator Helm Chart
+
+This chart bootstraps an elemental-operator deployment on a [Rancher Manager](https://rancher.com/docs/rancher/) cluster using the [Helm](https://helm.sh) package manager.
+
+Check out the [Elemental Operator Helm Chart documentation](https://elemental.docs.rancher.com/elementaloperatorchart-reference/) in the official [Elemental guide](https://elemental.docs.rancher.com/).
diff --git a/charts/elemental/103.4.1+up1.6.5/app-readme.md b/charts/elemental/103.4.1+up1.6.5/app-readme.md
new file mode 100644
index 0000000000..3d694ac5f6
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/app-readme.md
@@ -0,0 +1,5 @@
+# Elemental
+
+Elemental brings to Rancher the ability to install and manage the OS of bare metal and virtualized machines.
+
+For more information on how to deploy an Elemental Cluster, follow the [official documentation](https://elemental.docs.rancher.com/).
\ No newline at end of file
diff --git a/charts/elemental/103.4.1+up1.6.5/questions.yaml b/charts/elemental/103.4.1+up1.6.5/questions.yaml
new file mode 100644
index 0000000000..53a85c6e32
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/questions.yaml
@@ -0,0 +1,27 @@
+questions:
+- variable: channel.defaultChannel
+  default: "true"
+  description: "Provide an Elemental OS Channel container image"
+  label: Elemental OS Channel
+  type: boolean
+  show_subquestion_if: true
+  group: "Elemental OS Channel"
+  subquestions:
+  - variable: channel.image
+    default: "registry.suse.com/rancher/elemental-channel/sl-micro"
+    description: "Specify the Elemental OS channel: for air-gapped scenarios you need to provide your own OS channel image (see https://elemental.docs.rancher.com/airgap for detailed instructions)"
+    type: string
+    label: Elemental OS Channel Image
+    group: "Elemental OS Channel"
+  - variable: channel.tag
+    default: "6.0-baremetal"
+    description: "Specify Elemental OS channel image tag"
+    type: string
+    label: "Elemental OS Channel Tag"
+    group: "Elemental OS Channel"
+- variable: debug
+  default: "false"
+  description: "Enable debug logging in the Elemental operator"
+  type: boolean
+  label: "Enable Debug Logging"
+  group: "Logging"
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/_helpers.tpl b/charts/elemental/103.4.1+up1.6.5/templates/_helpers.tpl
new file mode 100644
index 0000000000..ee1e6fe7d8
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/_helpers.tpl
@@ -0,0 +1,17 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "registry_url" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{ include "system_default_registry" . }}
+{{- else if .Values.registryUrl -}}
+{{- printf "%s/" .Values.registryUrl -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/apiservice.yaml b/charts/elemental/103.4.1+up1.6.5/templates/apiservice.yaml
new file mode 100644
index 0000000000..73ae2e505f
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/apiservice.yaml
@@ -0,0 +1,9 @@
+kind: APIService
+apiVersion: management.cattle.io/v3
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  secretName: elemental-operator
+  secretNamespace: {{ .Release.Namespace }}
+  pathPrefixes:
+  - /elemental/
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/capi_rbac.yaml b/charts/elemental/103.4.1+up1.6.5/templates/capi_rbac.yaml
new file mode 100644
index 0000000000..8692f75269
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/capi_rbac.yaml
@@ -0,0 +1,10 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: elemental-capi-role
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+rules:
+  - apiGroups: ["elemental.cattle.io"]
+    resources: ["*"]
+    verbs: ["*"]
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/channel-dev.yaml b/charts/elemental/103.4.1+up1.6.5/templates/channel-dev.yaml
new file mode 100644
index 0000000000..da66784034
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/channel-dev.yaml
@@ -0,0 +1,13 @@
+# Unstable channel for testing isv:Rancher:Elemental OBS projects
+# it is only rendered if the registryUrl value includes a known OBS project reference
+{{ if and (hasPrefix "registry.opensuse.org" .Values.registryUrl) (contains "isv/rancher/elemental" .Values.registryUrl) }}
+apiVersion: elemental.cattle.io/v1beta1
+kind: ManagedOSVersionChannel
+metadata:
+  name: unstable-testing-channel
+  namespace: fleet-default
+spec:
+  options:
+    image: {{ .Values.registryUrl }}/rancher/elemental-unstable-channel:latest
+  type: custom
+{{ end }}
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/channels.yaml b/charts/elemental/103.4.1+up1.6.5/templates/channels.yaml
new file mode 100644
index 0000000000..c180d36d05
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/channels.yaml
@@ -0,0 +1,30 @@
+{{ $defChannelName := "" }}
+{{ if and .Values.channel .Values.channel.image .Values.channel.tag .Values.channel.name }}
+{{ $defChannelName := .Values.channel.name }}
+apiVersion: elemental.cattle.io/v1beta1
+kind: ManagedOSVersionChannel
+metadata:
+  name: {{ .Values.channel.name }}
+  namespace: fleet-default
+spec:
+  options:
+    image: {{ .Values.channel.image }}:{{ .Values.channel.tag }}
+  type: custom
+{{ end }}
+
+# Keep pre-existing channels managed by Helm if they do not match with the current default
+# this way if an upgrade introduces a new channel any pre-existing channel managed by Helm is not deleted
+{{ range $index, $channel := (lookup "elemental.cattle.io/v1beta1" "ManagedOSVersionChannel" "fleet-default" "").items }}
+  {{ if and (eq (index $channel.metadata.labels "app.kubernetes.io/managed-by") "Helm") (ne $channel.metadata.name $defChannelName) }}
+---
+apiVersion: elemental.cattle.io/v1beta1
+kind: ManagedOSVersionChannel
+metadata:
+  name: {{ $channel.metadata.name }}
+  namespace: fleet-default
+spec:
+  options:
+    image: {{ $channel.spec.options.image }}
+  type: custom
+  {{ end }}
+{{ end }}
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/cluster_role.yaml b/charts/elemental/103.4.1+up1.6.5/templates/cluster_role.yaml
new file mode 100644
index 0000000000..aaa3a0f2ec
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/cluster_role.yaml
@@ -0,0 +1,268 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: '{{ .Release.Name }}'
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/log
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - get
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - machineinventories
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - machineinventories/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - machineinventoryselectors
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - machineinventoryselectors/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - machineregistrations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - machineregistrations/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - managedosimages
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - managedosimages/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - managedosversionchannels
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - managedosversionchannels/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - managedosversions
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - managedosversions/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - seedimages
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - seedimages/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - fleet.cattle.io
+  resources:
+  - bundles
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - settings
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - create
+  - delete
+  - list
+  - watch
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/cluster_role_binding.yaml b/charts/elemental/103.4.1+up1.6.5/templates/cluster_role_binding.yaml
new file mode 100644
index 0000000000..e68c7bc96b
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/cluster_role_binding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}
+  namespace: {{.Release.Namespace}}
+
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/deployment.yaml b/charts/elemental/103.4.1+up1.6.5/templates/deployment.yaml
new file mode 100644
index 0000000000..576d58d596
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: elemental-operator
+  template:
+    metadata:
+      labels:
+        app: elemental-operator
+    spec:
+      containers:
+      - env:
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+        {{- if .Values.proxy }}
+        - name: HTTP_PROXY
+          value: {{ .Values.proxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.proxy }}
+        {{- end }}
+        name: {{ .Release.Name }}
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        image: {{ template "registry_url" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        args:
+        - operator
+        {{- if .Values.debug }}
+        - --v=5
+        - --debug
+        {{- end }}
+        - --namespace
+        - {{ .Release.Namespace }}
+        - --operator-image
+        - {{ template "registry_url" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        - --seedimage-image
+        - {{ template "registry_url" . }}{{ .Values.seedImage.repository }}:{{ .Values.seedImage.tag | default .Chart.AppVersion }}
+        - --seedimage-image-pullpolicy
+        - {{ .Values.seedImage.imagePullPolicy}}
+      serviceAccountName: {{ .Release.Name }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/globalrole.yaml b/charts/elemental/103.4.1+up1.6.5/templates/globalrole.yaml
new file mode 100644
index 0000000000..323cf2ead8
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/globalrole.yaml
@@ -0,0 +1,16 @@
+apiVersion: management.cattle.io/v3
+builtin: false
+description: "Elemental Administrator Role"
+displayName: Elemental Administrator
+kind: GlobalRole
+metadata:
+  labels:
+    cattle.io/creator: norman
+  name: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - elemental.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/metadata.yaml b/charts/elemental/103.4.1+up1.6.5/templates/metadata.yaml
new file mode 100644
index 0000000000..d102d9f2ea
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/metadata.yaml
@@ -0,0 +1,10 @@
+apiVersion: elemental.cattle.io/v1beta1
+kind: Metadata
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  appVersion: {{ .Chart.AppVersion }}
+  annotations:
+  {{- range $key, $value := .Chart.Annotations }}
+    {{ $key }}: {{ toYaml $value }}
+  {{- end }}
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/serviceaccount.yaml b/charts/elemental/103.4.1+up1.6.5/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..cb203d6f6c
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}
diff --git a/charts/elemental/103.4.1+up1.6.5/templates/validate-install-crd.yaml b/charts/elemental/103.4.1+up1.6.5/templates/validate-install-crd.yaml
new file mode 100644
index 0000000000..45008251ae
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/templates/validate-install-crd.yaml
@@ -0,0 +1,26 @@
+{{ if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 }}
+  {{ $apis := dict
+    "elemental.cattle.io/v1beta1/MachineInventory" "machineinventories"
+    "elemental.cattle.io/v1beta1/MachineInventorySelector" "machineinventoryselectors"
+    "elemental.cattle.io/v1beta1/MachineInventorySelectorTemplate" "machineinventoryselectortemplates"
+    "elemental.cattle.io/v1beta1/MachineRegistration" "machineregistrations"
+    "elemental.cattle.io/v1beta1/ManagedOSImage" "managedosimages"
+    "elemental.cattle.io/v1beta1/ManagedOSVersionChannel" "managedosversionchannels"
+    "elemental.cattle.io/v1beta1/ManagedOSVersion" "managedosversions"
+    "elemental.cattle.io/v1beta1/SeedImage" "seedimages"
+    "elemental.cattle.io/v1beta1/Metadata" "metadata"
+  }}
+  {{- range $api, $crd := $apis -}}
+    {{- if not ($.Capabilities.APIVersions.Has $api) -}}
+      {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+    {{- end -}}
+    {{- $crdobj := lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" (print $crd ".elemental.cattle.io") -}}
+    {{- if not $crdobj -}}
+      {{- print "Cannot lookup " $crd ".elemental.cattle.io crd object" | fail -}}
+    {{- end -}}
+    {{- $crdrelease := index $crdobj.metadata.annotations "meta.helm.sh/release-name" -}}
+    {{- if eq $crdrelease $.Release.Name -}}
+      {{- required "Elemental CRDs should be moved to the new elemental-operator-crds chart before upgrading this operator." "" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/elemental/103.4.1+up1.6.5/values.yaml b/charts/elemental/103.4.1+up1.6.5/values.yaml
new file mode 100644
index 0000000000..812abf75a2
--- /dev/null
+++ b/charts/elemental/103.4.1+up1.6.5/values.yaml
@@ -0,0 +1,43 @@
+image:
+  empty: rancher/pause:3.1
+  repository: "rancher/mirrored-elemental-operator"
+  tag: "1.6.5"
+  imagePullPolicy: IfNotPresent
+
+seedImage:
+  repository: "rancher/mirrored-elemental-seedimage-builder"
+  tag: "1.6.5"
+  imagePullPolicy: IfNotPresent
+
+channel:
+  name: "sl-micro-6.0-baremetal-channel"
+  image: "registry.suse.com/rancher/elemental-channel/sl-micro"
+  tag: "6.0-baremetal"
+
+# number of operator replicas to deploy
+replicas: 1
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+# used only if systemDefaultRegistry is empty
+registryUrl: ""
+
+# enable debug output for operator
+debug: false
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - key: cattle.io/os
+    operator: "Equal"
+    value: "linux"
+    effect: NoSchedule
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/Chart.yaml b/charts/fleet-agent/103.1.10+up0.9.11/Chart.yaml
new file mode 100644
index 0000000000..e0bafd42a4
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/Chart.yaml
@@ -0,0 +1,15 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: fleet-agent
+apiVersion: v2
+appVersion: 0.9.11
+description: Fleet Manager Agent - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-agent
+version: 103.1.10+up0.9.11
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/README.md b/charts/fleet-agent/103.1.10+up0.9.11/README.md
new file mode 100644
index 0000000000..2c5724dcef
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/README.md
@@ -0,0 +1,8 @@
+## Fleet Agent Helm Chart
+
+Every Fleet-managed downstream cluster will run an agent that communicates back to the Fleet controller. This agent is just another set of Kubernetes controllers running in the downstream cluster.
+
+Standalone Fleet users use this chart for agent-initiated registration. For more details see [agent-initiated registration](https://fleet.rancher.io/cluster-registration#agent-initiated).
+Fleet in Rancher does not use this chart, but creates the agent deployments programmatically.
+
+The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/).
\ No newline at end of file
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/_helpers.tpl b/charts/fleet-agent/103.1.10+up0.9.11/templates/_helpers.tpl
new file mode 100644
index 0000000000..6cd96c3ace
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/configmap.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/configmap.yaml
new file mode 100644
index 0000000000..f3e83a89cc
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/configmap.yaml
@@ -0,0 +1,13 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: fleet-agent
+data:
+  config: |-
+    {
+      {{ if .Values.labels }}
+      "labels":{{toJson .Values.labels}},
+      {{ end }}
+      "clientID":"{{.Values.clientID}}",
+      "agentTLSMode": "{{.Values.agentTLSMode}}"
+    }
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/deployment.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/deployment.yaml
new file mode 100644
index 0000000000..582eed608d
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/deployment.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-agent
+spec:
+  selector:
+    matchLabels:
+      app: fleet-agent
+  template:
+    metadata:
+      labels:
+        app: fleet-agent
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}'
+        name: fleet-agent
+        command:
+        - fleetagent
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- else }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          privileged: false
+          capabilities:
+            drop:
+            - ALL
+        {{- end }}
+      serviceAccountName: fleet-agent
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.fleetAgent.nodeSelector }}
+{{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.fleetAgent.tolerations }}
+{{ toYaml .Values.fleetAgent.tolerations | indent 8 }}
+{{- end }}
+{{- if not .Values.debug }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+{{- end }}
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/network_policy_allow_all.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/network_policy_allow_all.yaml
new file mode 100644
index 0000000000..a72109a062
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Values.internal.systemNamespace }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/patch_default_serviceaccount.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 0000000000..aad4eea415
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-fleet-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: fleet-agent
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ .Values.internal.systemNamespace }}]
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.kubectl.nodeSelector }}
+{{ toYaml .Values.kubectl.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.kubectl.tolerations }}
+{{ toYaml .Values.kubectl.tolerations | indent 8 }}
+{{- end }}
+  backoffLimit: 1
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/rbac.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/rbac.yaml
new file mode 100644
index 0000000000..1a7e8d8841
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/rbac.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-agent-system-fleet-agent-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- nonResourceURLs:
+  - "*"
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-agent-system-fleet-agent-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-agent-system-fleet-agent-role
+subjects:
+- kind: ServiceAccount
+  name: fleet-agent
+  namespace: {{.Release.Namespace}}
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/secret.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/secret.yaml
new file mode 100644
index 0000000000..4715882047
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}"
+  clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
+  token: "{{b64enc .Values.token}}"
+  apiServerURL: "{{b64enc .Values.apiServerURL}}"
+  apiServerCA: "{{b64enc .Values.apiServerCA}}"
+kind: Secret
+metadata:
+  name: fleet-agent-bootstrap
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/serviceaccount.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..73e27f0be9
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-agent
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/templates/validate.yaml b/charts/fleet-agent/103.1.10+up0.9.11/templates/validate.yaml
new file mode 100644
index 0000000000..d53ff1c508
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/templates/validate.yaml
@@ -0,0 +1,11 @@
+{{if ne .Release.Namespace .Values.internal.systemNamespace }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }}
+{{end}}
+
+{{if ne .Release.Name .Values.internal.managedReleaseName }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }}
+{{end}}
+
+{{if not .Values.apiServerURL }}
+{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }}
+{{end}}
diff --git a/charts/fleet-agent/103.1.10+up0.9.11/values.yaml b/charts/fleet-agent/103.1.10+up0.9.11/values.yaml
new file mode 100644
index 0000000000..92be5a40f0
--- /dev/null
+++ b/charts/fleet-agent/103.1.10+up0.9.11/values.yaml
@@ -0,0 +1,67 @@
+image:
+  os: "windows,linux"
+  repository: rancher/fleet-agent
+  tag: v0.9.11
+
+# The public URL of the Kubernetes API server running the Fleet Manager must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# Determines whether the agent should trust CA bundles from the operating system's trust store when connecting to a
+# management cluster. True in `system-store` mode, false in `strict` mode.
+agentTLSMode: "system-store"
+
+# The cluster registration value
+token: ""
+
+# Labels to add to the cluster upon registration only. They are not added after the fact.
+#labels:
+#  foo: bar
+
+# The client ID of the cluster to associate with
+clientID: ""
+
+# The namespace of the cluster we are register with
+clusterNamespace: ""
+
+# The namespace containing the clusters registration secrets
+systemRegistrationNamespace: cattle-fleet-clusters-system
+
+# Please do not change the below setting unless you really know what you are doing
+internal:
+  systemNamespace: cattle-fleet-system
+  managedReleaseName: fleet-agent
+
+# The nodeSelector and tolerations for the agent deployment
+fleetAgent:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations: []
+kubectl:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations:
+  - key: node.cloudprovider.kubernetes.io/uninitialized
+    operator: "Equal"
+    value: "true"
+    effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.21.5
+
+debug: false
+debugLevel: 0
diff --git a/charts/fleet-crd/103.1.10+up0.9.11/Chart.yaml b/charts/fleet-crd/103.1.10+up0.9.11/Chart.yaml
new file mode 100644
index 0000000000..c2957bf5c7
--- /dev/null
+++ b/charts/fleet-crd/103.1.10+up0.9.11/Chart.yaml
@@ -0,0 +1,13 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: fleet-crd
+apiVersion: v2
+appVersion: 0.9.11
+description: Fleet Manager CustomResourceDefinitions
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-crd
+version: 103.1.10+up0.9.11
diff --git a/charts/fleet-crd/103.1.10+up0.9.11/README.md b/charts/fleet-crd/103.1.10+up0.9.11/README.md
new file mode 100644
index 0000000000..2452ab2f1f
--- /dev/null
+++ b/charts/fleet-crd/103.1.10+up0.9.11/README.md
@@ -0,0 +1,5 @@
+# Fleet CRD Helm Chart
+
+Fleet Manager CustomResourceDefinitions Helm chart is a requirement for the Fleet Helm Chart.
+
+The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/).
\ No newline at end of file
diff --git a/charts/fleet-crd/103.1.10+up0.9.11/templates/crds.yaml b/charts/fleet-crd/103.1.10+up0.9.11/templates/crds.yaml
new file mode 100644
index 0000000000..d42811945d
--- /dev/null
+++ b/charts/fleet-crd/103.1.10+up0.9.11/templates/crds.yaml
@@ -0,0 +1,6859 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundledeployments.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleDeployment
+    plural: bundledeployments
+    singular: bundledeployment
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.deployed
+          name: Deployed
+          type: string
+        - jsonPath: .status.display.monitored
+          name: Monitored
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'BundleDeployment is used internally by Fleet and should not
+            be used directly.
+
+            When a Bundle is deployed to a cluster an instance of a Bundle is called
+            a
+
+            BundleDeployment. A BundleDeployment represents the state of that Bundle
+            on
+
+            a specific cluster with its cluster-specific customizations. The Fleet
+            agent
+
+            is only aware of BundleDeployment resources that are created for the cluster
+
+            the agent is managing.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                correctDrift:
+                  description: CorrectDrift specifies how drift correction should
+                    work.
+                  nullable: true
+                  properties:
+                    enabled:
+                      description: Enabled correct drift if true.
+                      type: boolean
+                    force:
+                      description: Force helm rollback with --force option will be
+                        used if true. This will try to recreate all resources in the
+                        release.
+                      type: boolean
+                    keepFailHistory:
+                      description: KeepFailHistory keeps track of failed rollbacks
+                        in the helm history.
+                      type: boolean
+                  type: object
+                dependsOn:
+                  description: DependsOn refers to the bundles which must be ready
+                    before this bundle can be deployed.
+                  items:
+                    properties:
+                      name:
+                        description: Name of the bundle.
+                        nullable: true
+                        type: string
+                      selector:
+                        description: Selector matching bundle's labels.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                deploymentID:
+                  description: DeploymentID is the ID of the currently applied deployment.
+                  nullable: true
+                  type: string
+                options:
+                  description: Options are the deployment options, that are currently
+                    applied.
+                  properties:
+                    correctDrift:
+                      description: CorrectDrift specifies how drift correction should
+                        work.
+                      nullable: true
+                      properties:
+                        enabled:
+                          description: Enabled correct drift if true.
+                          type: boolean
+                        force:
+                          description: Force helm rollback with --force option will
+                            be used if true. This will try to recreate all resources
+                            in the release.
+                          type: boolean
+                        keepFailHistory:
+                          description: KeepFailHistory keeps track of failed rollbacks
+                            in the helm history.
+                          type: boolean
+                      type: object
+                    defaultNamespace:
+                      description: 'DefaultNamespace is the namespace to use for resources
+                        that do not
+
+                        specify a namespace. This field is not used to enforce or
+                        lock down
+
+                        the deployment to a specific namespace.'
+                      nullable: true
+                      type: string
+                    deleteCRDResources:
+                      description: DeleteCRDResources deletes CRDs. Warning! this
+                        will also delete all your Custom Resources.
+                      type: boolean
+                    diff:
+                      description: Diff can be used to ignore the modified state of
+                        objects which are amended at runtime.
+                      nullable: true
+                      properties:
+                        comparePatches:
+                          description: ComparePatches match a resource and remove
+                            fields from the check for modifications.
+                          items:
+                            description: ComparePatch matches a resource and removes
+                              fields from the check for modifications.
+                            properties:
+                              apiVersion:
+                                description: APIVersion is the apiVersion of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              jsonPointers:
+                                description: JSONPointers ignore diffs at a certain
+                                  JSON path.
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              kind:
+                                description: Kind is the kind of the resource to match.
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name is the name of the resource to match.
+                                nullable: true
+                                type: string
+                              namespace:
+                                description: Namespace is the namespace of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              operations:
+                                description: Operations remove a JSON path from the
+                                  resource.
+                                items:
+                                  description: Operation of a ComparePatch, usually
+                                    "remove".
+                                  properties:
+                                    op:
+                                      description: Op is usually "remove"
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      description: Path is the JSON path to remove.
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      description: Value is usually empty.
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    forceSyncGeneration:
+                      description: ForceSyncGeneration is used to force a redeployment
+                      type: integer
+                    helm:
+                      description: Helm options for the deployment, like the chart
+                        name, repo and values.
+                      nullable: true
+                      properties:
+                        atomic:
+                          description: Atomic sets the --atomic flag when Helm is
+                            performing an upgrade
+                          type: boolean
+                        chart:
+                          description: 'Chart can refer to any go-getter URL or OCI
+                            registry based helm
+
+                            chart URL. The chart will be downloaded.'
+                          nullable: true
+                          type: string
+                        disableDNS:
+                          description: DisableDNS can be used to customize Helm's
+                            EnableDNS option, which Fleet sets to `true` by default.
+                          type: boolean
+                        disablePreProcess:
+                          description: DisablePreProcess disables template processing
+                            in values
+                          type: boolean
+                        force:
+                          description: Force allows to override immutable resources.
+                            This could be dangerous.
+                          type: boolean
+                        maxHistory:
+                          description: MaxHistory limits the maximum number of revisions
+                            saved per release by Helm.
+                          type: integer
+                        releaseName:
+                          description: 'ReleaseName sets a custom release name to
+                            deploy the chart as. If
+
+                            not specified a release name will be generated by combining
+                            the
+
+                            invoking GitRepo.name + GitRepo.path.'
+                          maxLength: 53
+                          nullable: true
+                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                          type: string
+                        repo:
+                          description: Repo is the name of the HTTPS helm repo to
+                            download the chart from.
+                          nullable: true
+                          type: string
+                        skipSchemaValidation:
+                          description: SkipSchemaValidation allows skipping schema
+                            validation against the chart values
+                          type: boolean
+                        takeOwnership:
+                          description: TakeOwnership makes helm skip the check for
+                            its own annotations
+                          type: boolean
+                        timeoutSeconds:
+                          description: TimeoutSeconds is the time to wait for Helm
+                            operations.
+                          type: integer
+                        values:
+                          description: 'Values passed to Helm. It is possible to specify
+                            the keys and values
+
+                            as go template strings.'
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        valuesFiles:
+                          description: ValuesFiles is a list of files to load values
+                            from.
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        valuesFrom:
+                          description: ValuesFrom loads the values from configmaps
+                            and secrets.
+                          items:
+                            description: 'Define helm values that can come from configmap,
+                              secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                            properties:
+                              configMapKeyRef:
+                                description: The reference to a config map with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secretKeyRef:
+                                description: The reference to a secret with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        version:
+                          description: Version of the chart to download
+                          nullable: true
+                          type: string
+                        waitForJobs:
+                          description: 'WaitForJobs if set and timeoutSeconds provided,
+                            will wait until all
+
+                            Jobs have been completed before marking the GitRepo as
+                            ready. It
+
+                            will wait for as long as timeoutSeconds'
+                          type: boolean
+                      type: object
+                    ignore:
+                      description: IgnoreOptions can be used to ignore fields when
+                        monitoring the bundle.
+                      properties:
+                        conditions:
+                          description: Conditions is a list of conditions to be ignored
+                            when monitoring the Bundle.
+                          items:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    keepResources:
+                      description: KeepResources can be used to keep the deployed
+                        resources when removing the bundle
+                      type: boolean
+                    kustomize:
+                      description: 'Kustomize options for the deployment, like the
+                        dir containing the
+
+                        kustomization.yaml file.'
+                      nullable: true
+                      properties:
+                        dir:
+                          description: 'Dir points to a custom folder for kustomize
+                            resources. This folder must contain
+
+                            a kustomization.yaml file.'
+                          nullable: true
+                          type: string
+                      type: object
+                    namespace:
+                      description: 'TargetNamespace if present will assign all resource
+                        to this
+
+                        namespace and if any cluster scoped resource exists the deployment
+
+                        will fail.'
+                      nullable: true
+                      type: string
+                    namespaceAnnotations:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceAnnotations are annotations that will
+                        be appended to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    namespaceLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceLabels are labels that will be appended
+                        to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    serviceAccount:
+                      description: ServiceAccount which will be used to perform this
+                        deployment.
+                      nullable: true
+                      type: string
+                    yaml:
+                      description: 'YAML options, if using raw YAML these are names
+                        that map to
+
+                        overlays/{name} files that will be used to replace or patch
+                        a resource.'
+                      nullable: true
+                      properties:
+                        overlays:
+                          description: 'Overlays is a list of names that maps to folders
+                            in "overlays/".
+
+                            If you wish to customize the file ./subdir/resource.yaml
+                            then a file
+
+                            ./overlays/myoverlay/subdir/resource.yaml will replace
+                            the base
+
+                            file.
+
+                            A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                            will patch the base file.'
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                paused:
+                  description: 'Paused if set to true, will stop any BundleDeployments
+                    from being
+
+                    updated. If true, BundleDeployments will be marked as out of sync
+
+                    when changes are detected.'
+                  type: boolean
+                stagedDeploymentID:
+                  description: StagedDeploymentID is the ID of the staged deployment.
+                  nullable: true
+                  type: string
+                stagedOptions:
+                  description: 'StagedOptions are the deployment options, that are
+                    staged for
+
+                    the next deployment.'
+                  properties:
+                    correctDrift:
+                      description: CorrectDrift specifies how drift correction should
+                        work.
+                      nullable: true
+                      properties:
+                        enabled:
+                          description: Enabled correct drift if true.
+                          type: boolean
+                        force:
+                          description: Force helm rollback with --force option will
+                            be used if true. This will try to recreate all resources
+                            in the release.
+                          type: boolean
+                        keepFailHistory:
+                          description: KeepFailHistory keeps track of failed rollbacks
+                            in the helm history.
+                          type: boolean
+                      type: object
+                    defaultNamespace:
+                      description: 'DefaultNamespace is the namespace to use for resources
+                        that do not
+
+                        specify a namespace. This field is not used to enforce or
+                        lock down
+
+                        the deployment to a specific namespace.'
+                      nullable: true
+                      type: string
+                    deleteCRDResources:
+                      description: DeleteCRDResources deletes CRDs. Warning! this
+                        will also delete all your Custom Resources.
+                      type: boolean
+                    diff:
+                      description: Diff can be used to ignore the modified state of
+                        objects which are amended at runtime.
+                      nullable: true
+                      properties:
+                        comparePatches:
+                          description: ComparePatches match a resource and remove
+                            fields from the check for modifications.
+                          items:
+                            description: ComparePatch matches a resource and removes
+                              fields from the check for modifications.
+                            properties:
+                              apiVersion:
+                                description: APIVersion is the apiVersion of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              jsonPointers:
+                                description: JSONPointers ignore diffs at a certain
+                                  JSON path.
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              kind:
+                                description: Kind is the kind of the resource to match.
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name is the name of the resource to match.
+                                nullable: true
+                                type: string
+                              namespace:
+                                description: Namespace is the namespace of the resource
+                                  to match.
+                                nullable: true
+                                type: string
+                              operations:
+                                description: Operations remove a JSON path from the
+                                  resource.
+                                items:
+                                  description: Operation of a ComparePatch, usually
+                                    "remove".
+                                  properties:
+                                    op:
+                                      description: Op is usually "remove"
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      description: Path is the JSON path to remove.
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      description: Value is usually empty.
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    forceSyncGeneration:
+                      description: ForceSyncGeneration is used to force a redeployment
+                      type: integer
+                    helm:
+                      description: Helm options for the deployment, like the chart
+                        name, repo and values.
+                      nullable: true
+                      properties:
+                        atomic:
+                          description: Atomic sets the --atomic flag when Helm is
+                            performing an upgrade
+                          type: boolean
+                        chart:
+                          description: 'Chart can refer to any go-getter URL or OCI
+                            registry based helm
+
+                            chart URL. The chart will be downloaded.'
+                          nullable: true
+                          type: string
+                        disableDNS:
+                          description: DisableDNS can be used to customize Helm's
+                            EnableDNS option, which Fleet sets to `true` by default.
+                          type: boolean
+                        disablePreProcess:
+                          description: DisablePreProcess disables template processing
+                            in values
+                          type: boolean
+                        force:
+                          description: Force allows to override immutable resources.
+                            This could be dangerous.
+                          type: boolean
+                        maxHistory:
+                          description: MaxHistory limits the maximum number of revisions
+                            saved per release by Helm.
+                          type: integer
+                        releaseName:
+                          description: 'ReleaseName sets a custom release name to
+                            deploy the chart as. If
+
+                            not specified a release name will be generated by combining
+                            the
+
+                            invoking GitRepo.name + GitRepo.path.'
+                          nullable: true
+                          type: string
+                        repo:
+                          description: Repo is the name of the HTTPS helm repo to
+                            download the chart from.
+                          nullable: true
+                          type: string
+                        skipSchemaValidation:
+                          description: SkipSchemaValidation allows skipping schema
+                            validation against the chart values
+                          type: boolean
+                        takeOwnership:
+                          description: TakeOwnership makes helm skip the check for
+                            its own annotations
+                          type: boolean
+                        timeoutSeconds:
+                          description: TimeoutSeconds is the time to wait for Helm
+                            operations.
+                          type: integer
+                        values:
+                          description: 'Values passed to Helm. It is possible to specify
+                            the keys and values
+
+                            as go template strings.'
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        valuesFiles:
+                          description: ValuesFiles is a list of files to load values
+                            from.
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        valuesFrom:
+                          description: ValuesFrom loads the values from configmaps
+                            and secrets.
+                          items:
+                            description: 'Define helm values that can come from configmap,
+                              secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                            properties:
+                              configMapKeyRef:
+                                description: The reference to a config map with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secretKeyRef:
+                                description: The reference to a secret with release
+                                  values.
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    description: Name of a resource in the same namespace
+                                      as the referent.
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        version:
+                          description: Version of the chart to download
+                          nullable: true
+                          type: string
+                        waitForJobs:
+                          description: 'WaitForJobs if set and timeoutSeconds provided,
+                            will wait until all
+
+                            Jobs have been completed before marking the GitRepo as
+                            ready. It
+
+                            will wait for as long as timeoutSeconds'
+                          type: boolean
+                      type: object
+                    ignore:
+                      description: IgnoreOptions can be used to ignore fields when
+                        monitoring the bundle.
+                      properties:
+                        conditions:
+                          description: Conditions is a list of conditions to be ignored
+                            when monitoring the Bundle.
+                          items:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    keepResources:
+                      description: KeepResources can be used to keep the deployed
+                        resources when removing the bundle
+                      type: boolean
+                    kustomize:
+                      description: 'Kustomize options for the deployment, like the
+                        dir containing the
+
+                        kustomization.yaml file.'
+                      nullable: true
+                      properties:
+                        dir:
+                          description: 'Dir points to a custom folder for kustomize
+                            resources. This folder must contain
+
+                            a kustomization.yaml file.'
+                          nullable: true
+                          type: string
+                      type: object
+                    namespace:
+                      description: 'TargetNamespace if present will assign all resource
+                        to this
+
+                        namespace and if any cluster scoped resource exists the deployment
+
+                        will fail.'
+                      nullable: true
+                      type: string
+                    namespaceAnnotations:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceAnnotations are annotations that will
+                        be appended to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    namespaceLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: NamespaceLabels are labels that will be appended
+                        to the namespace created by Fleet.
+                      nullable: true
+                      type: object
+                    serviceAccount:
+                      description: ServiceAccount which will be used to perform this
+                        deployment.
+                      nullable: true
+                      type: string
+                    yaml:
+                      description: 'YAML options, if using raw YAML these are names
+                        that map to
+
+                        overlays/{name} files that will be used to replace or patch
+                        a resource.'
+                      nullable: true
+                      properties:
+                        overlays:
+                          description: 'Overlays is a list of names that maps to folders
+                            in "overlays/".
+
+                            If you wish to customize the file ./subdir/resource.yaml
+                            then a file
+
+                            ./overlays/myoverlay/subdir/resource.yaml will replace
+                            the base
+
+                            file.
+
+                            A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                            will patch the base file.'
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+              type: object
+            status:
+              properties:
+                appliedDeploymentID:
+                  nullable: true
+                  type: string
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                display:
+                  properties:
+                    deployed:
+                      nullable: true
+                      type: string
+                    monitored:
+                      nullable: true
+                      type: string
+                    state:
+                      nullable: true
+                      type: string
+                  type: object
+                modifiedStatus:
+                  items:
+                    description: 'ModifiedStatus is used to report the status of a
+                      resource that is modified.
+
+                      It indicates if the modification was a create, a delete or a
+                      patch.'
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      delete:
+                        type: boolean
+                      kind:
+                        nullable: true
+                        type: string
+                      missing:
+                        type: boolean
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                      patch:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                nonModified:
+                  type: boolean
+                nonReadyStatus:
+                  items:
+                    description: NonReadyStatus is used to report the status of a
+                      resource that is not ready. It includes a summary.
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      kind:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                      summary:
+                        properties:
+                          error:
+                            type: boolean
+                          message:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          state:
+                            nullable: true
+                            type: string
+                          transitioning:
+                            type: boolean
+                        type: object
+                      uid:
+                        description: 'UID is a type that holds unique ID values, including
+                          UUIDs.  Because we
+
+                          don''t ONLY use UUIDs, this is an alias to string.  Being
+                          a type captures
+
+                          intent and helps make sure that UIDs and names do not get
+                          conflated.'
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                ready:
+                  type: boolean
+                release:
+                  nullable: true
+                  type: string
+                resources:
+                  description: 'Resources lists the metadata of resources that were
+                    deployed
+
+                    according to the helm release history.'
+                  items:
+                    description: BundleDeploymentResource contains the metadata of
+                      a deployed resource.
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      createdAt:
+                        nullable: true
+                        type: string
+                      kind:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                syncGeneration:
+                  nullable: true
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundlenamespacemappings.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleNamespaceMapping
+    plural: bundlenamespacemappings
+    singular: bundlenamespacemapping
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: BundleNamespaceMapping maps bundles to clusters in other namespaces.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            bundleSelector:
+              description: 'A label selector is a label query over a set of resources.
+                The result of matchLabels and
+
+                matchExpressions are ANDed. An empty label selector matches all objects.
+                A null
+
+                label selector matches no objects.'
+              nullable: true
+              properties:
+                matchExpressions:
+                  description: matchExpressions is a list of label selector requirements.
+                    The requirements are ANDed.
+                  items:
+                    description: 'A label selector requirement is a selector that
+                      contains values, a key, and an operator that
+
+                      relates the key and values.'
+                    properties:
+                      key:
+                        description: key is the label key that the selector applies
+                          to.
+                        nullable: true
+                        type: string
+                      operator:
+                        description: 'operator represents a key''s relationship to
+                          a set of values.
+
+                          Valid operators are In, NotIn, Exists and DoesNotExist.'
+                        nullable: true
+                        type: string
+                      values:
+                        description: 'values is an array of string values. If the
+                          operator is In or NotIn,
+
+                          the values array must be non-empty. If the operator is Exists
+                          or DoesNotExist,
+
+                          the values array must be empty. This array is replaced during
+                          a strategic
+
+                          merge patch.'
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                matchLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: 'matchLabels is a map of {key,value} pairs. A single
+                    {key,value} in the matchLabels
+
+                    map is equivalent to an element of matchExpressions, whose key
+                    field is "key", the
+
+                    operator is "In", and the values array contains only "value".
+                    The requirements are ANDed.'
+                  nullable: true
+                  type: object
+              type: object
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            namespaceSelector:
+              description: 'A label selector is a label query over a set of resources.
+                The result of matchLabels and
+
+                matchExpressions are ANDed. An empty label selector matches all objects.
+                A null
+
+                label selector matches no objects.'
+              nullable: true
+              properties:
+                matchExpressions:
+                  description: matchExpressions is a list of label selector requirements.
+                    The requirements are ANDed.
+                  items:
+                    description: 'A label selector requirement is a selector that
+                      contains values, a key, and an operator that
+
+                      relates the key and values.'
+                    properties:
+                      key:
+                        description: key is the label key that the selector applies
+                          to.
+                        nullable: true
+                        type: string
+                      operator:
+                        description: 'operator represents a key''s relationship to
+                          a set of values.
+
+                          Valid operators are In, NotIn, Exists and DoesNotExist.'
+                        nullable: true
+                        type: string
+                      values:
+                        description: 'values is an array of string values. If the
+                          operator is In or NotIn,
+
+                          the values array must be non-empty. If the operator is Exists
+                          or DoesNotExist,
+
+                          the values array must be empty. This array is replaced during
+                          a strategic
+
+                          merge patch.'
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                matchLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: 'matchLabels is a map of {key,value} pairs. A single
+                    {key,value} in the matchLabels
+
+                    map is equivalent to an element of matchExpressions, whose key
+                    field is "key", the
+
+                    operator is "In", and the values array contains only "value".
+                    The requirements are ANDed.'
+                  nullable: true
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundles.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Bundle
+    plural: bundles
+    singular: bundle
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.readyClusters
+          name: BundleDeployments-Ready
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'Bundle contains the resources of an application and its deployment
+            options.
+
+            It will be deployed as a Helm chart to target clusters.
+
+
+
+            When a GitRepo is scanned it will produce one or more bundles. Bundles
+            are
+
+            a collection of resources that get deployed to one or more cluster(s).
+            Bundle is the
+
+            fundamental deployment unit used in Fleet. The contents of a Bundle may
+            be
+
+            Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless
+
+            of the source the contents are dynamically rendered into a Helm chart
+            by
+
+            the agent and installed into the downstream cluster as a Helm release.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                correctDrift:
+                  description: CorrectDrift specifies how drift correction should
+                    work.
+                  nullable: true
+                  properties:
+                    enabled:
+                      description: Enabled correct drift if true.
+                      type: boolean
+                    force:
+                      description: Force helm rollback with --force option will be
+                        used if true. This will try to recreate all resources in the
+                        release.
+                      type: boolean
+                    keepFailHistory:
+                      description: KeepFailHistory keeps track of failed rollbacks
+                        in the helm history.
+                      type: boolean
+                  type: object
+                defaultNamespace:
+                  description: 'DefaultNamespace is the namespace to use for resources
+                    that do not
+
+                    specify a namespace. This field is not used to enforce or lock
+                    down
+
+                    the deployment to a specific namespace.'
+                  nullable: true
+                  type: string
+                deleteCRDResources:
+                  description: DeleteCRDResources deletes CRDs. Warning! this will
+                    also delete all your Custom Resources.
+                  type: boolean
+                dependsOn:
+                  description: DependsOn refers to the bundles which must be ready
+                    before this bundle can be deployed.
+                  items:
+                    properties:
+                      name:
+                        description: Name of the bundle.
+                        nullable: true
+                        type: string
+                      selector:
+                        description: Selector matching bundle's labels.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                diff:
+                  description: Diff can be used to ignore the modified state of objects
+                    which are amended at runtime.
+                  nullable: true
+                  properties:
+                    comparePatches:
+                      description: ComparePatches match a resource and remove fields
+                        from the check for modifications.
+                      items:
+                        description: ComparePatch matches a resource and removes fields
+                          from the check for modifications.
+                        properties:
+                          apiVersion:
+                            description: APIVersion is the apiVersion of the resource
+                              to match.
+                            nullable: true
+                            type: string
+                          jsonPointers:
+                            description: JSONPointers ignore diffs at a certain JSON
+                              path.
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          kind:
+                            description: Kind is the kind of the resource to match.
+                            nullable: true
+                            type: string
+                          name:
+                            description: Name is the name of the resource to match.
+                            nullable: true
+                            type: string
+                          namespace:
+                            description: Namespace is the namespace of the resource
+                              to match.
+                            nullable: true
+                            type: string
+                          operations:
+                            description: Operations remove a JSON path from the resource.
+                            items:
+                              description: Operation of a ComparePatch, usually "remove".
+                              properties:
+                                op:
+                                  description: Op is usually "remove"
+                                  nullable: true
+                                  type: string
+                                path:
+                                  description: Path is the JSON path to remove.
+                                  nullable: true
+                                  type: string
+                                value:
+                                  description: Value is usually empty.
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                forceSyncGeneration:
+                  description: ForceSyncGeneration is used to force a redeployment
+                  type: integer
+                helm:
+                  description: Helm options for the deployment, like the chart name,
+                    repo and values.
+                  nullable: true
+                  properties:
+                    atomic:
+                      description: Atomic sets the --atomic flag when Helm is performing
+                        an upgrade
+                      type: boolean
+                    chart:
+                      description: 'Chart can refer to any go-getter URL or OCI registry
+                        based helm
+
+                        chart URL. The chart will be downloaded.'
+                      nullable: true
+                      type: string
+                    disableDNS:
+                      description: DisableDNS can be used to customize Helm's EnableDNS
+                        option, which Fleet sets to `true` by default.
+                      type: boolean
+                    disablePreProcess:
+                      description: DisablePreProcess disables template processing
+                        in values
+                      type: boolean
+                    force:
+                      description: Force allows to override immutable resources. This
+                        could be dangerous.
+                      type: boolean
+                    maxHistory:
+                      description: MaxHistory limits the maximum number of revisions
+                        saved per release by Helm.
+                      type: integer
+                    releaseName:
+                      description: 'ReleaseName sets a custom release name to deploy
+                        the chart as. If
+
+                        not specified a release name will be generated by combining
+                        the
+
+                        invoking GitRepo.name + GitRepo.path.'
+                      maxLength: 53
+                      nullable: true
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                      type: string
+                    repo:
+                      description: Repo is the name of the HTTPS helm repo to download
+                        the chart from.
+                      nullable: true
+                      type: string
+                    skipSchemaValidation:
+                      description: SkipSchemaValidation allows skipping schema validation
+                        against the chart values
+                      type: boolean
+                    takeOwnership:
+                      description: TakeOwnership makes helm skip the check for its
+                        own annotations
+                      type: boolean
+                    timeoutSeconds:
+                      description: TimeoutSeconds is the time to wait for Helm operations.
+                      type: integer
+                    values:
+                      description: 'Values passed to Helm. It is possible to specify
+                        the keys and values
+
+                        as go template strings.'
+                      nullable: true
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    valuesFiles:
+                      description: ValuesFiles is a list of files to load values from.
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    valuesFrom:
+                      description: ValuesFrom loads the values from configmaps and
+                        secrets.
+                      items:
+                        description: 'Define helm values that can come from configmap,
+                          secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                        properties:
+                          configMapKeyRef:
+                            description: The reference to a config map with release
+                              values.
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name of a resource in the same namespace
+                                  as the referent.
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            description: The reference to a secret with release values.
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                description: Name of a resource in the same namespace
+                                  as the referent.
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                        type: object
+                      nullable: true
+                      type: array
+                    version:
+                      description: Version of the chart to download
+                      nullable: true
+                      type: string
+                    waitForJobs:
+                      description: 'WaitForJobs if set and timeoutSeconds provided,
+                        will wait until all
+
+                        Jobs have been completed before marking the GitRepo as ready.
+                        It
+
+                        will wait for as long as timeoutSeconds'
+                      type: boolean
+                  type: object
+                ignore:
+                  description: IgnoreOptions can be used to ignore fields when monitoring
+                    the bundle.
+                  properties:
+                    conditions:
+                      description: Conditions is a list of conditions to be ignored
+                        when monitoring the Bundle.
+                      items:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                keepResources:
+                  description: KeepResources can be used to keep the deployed resources
+                    when removing the bundle
+                  type: boolean
+                kustomize:
+                  description: 'Kustomize options for the deployment, like the dir
+                    containing the
+
+                    kustomization.yaml file.'
+                  nullable: true
+                  properties:
+                    dir:
+                      description: 'Dir points to a custom folder for kustomize resources.
+                        This folder must contain
+
+                        a kustomization.yaml file.'
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  description: 'TargetNamespace if present will assign all resource
+                    to this
+
+                    namespace and if any cluster scoped resource exists the deployment
+
+                    will fail.'
+                  nullable: true
+                  type: string
+                namespaceAnnotations:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: NamespaceAnnotations are annotations that will be appended
+                    to the namespace created by Fleet.
+                  nullable: true
+                  type: object
+                namespaceLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: NamespaceLabels are labels that will be appended to
+                    the namespace created by Fleet.
+                  nullable: true
+                  type: object
+                paused:
+                  description: Paused if set to true, will stop any BundleDeployments
+                    from being updated. It will be marked as out of sync.
+                  type: boolean
+                resources:
+                  description: 'Resources contains the resources that were read from
+                    the bundle''s
+
+                    path. This includes the content of downloaded helm charts.'
+                  items:
+                    description: BundleResource represents the content of a single
+                      resource from the bundle, like a YAML manifest.
+                    properties:
+                      content:
+                        description: The content of the resource, can be compressed.
+                        nullable: true
+                        type: string
+                      encoding:
+                        description: Encoding is either empty or "base64+gz".
+                        nullable: true
+                        type: string
+                      name:
+                        description: Name of the resource, can include the bundle's
+                          internal path.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                rolloutStrategy:
+                  description: 'RolloutStrategy controls the rollout of bundles, by
+                    defining
+
+                    partitions, canaries and percentages for cluster availability.'
+                  nullable: true
+                  properties:
+                    autoPartitionSize:
+                      description: 'A number or percentage of how to automatically
+                        partition clusters if no
+
+                        specific partitioning strategy is configured.
+
+                        default: 25%'
+                      nullable: true
+                      x-kubernetes-int-or-string: true
+                    maxUnavailable:
+                      description: 'A number or percentage of clusters that can be
+                        unavailable during an update
+
+                        of a bundle. This follows the same basic approach as a deployment
+                        rollout
+
+                        strategy. Once the number of clusters meets unavailable state
+                        update will be
+
+                        paused. Default value is 100% which doesn''t take effect on
+                        update.
+
+                        default: 100%'
+                      nullable: true
+                      x-kubernetes-int-or-string: true
+                    maxUnavailablePartitions:
+                      description: 'A number or percentage of cluster partitions that
+                        can be unavailable during
+
+                        an update of a bundle.
+
+                        default: 0'
+                      nullable: true
+                      x-kubernetes-int-or-string: true
+                    partitions:
+                      description: 'A list of definitions of partitions.  If any target
+                        clusters do not match
+
+                        the configuration they are added to partitions at the end
+                        following the
+
+                        autoPartitionSize.'
+                      items:
+                        description: Partition defines a separate rollout strategy
+                          for a set of clusters.
+                        properties:
+                          clusterGroup:
+                            description: A cluster group name to include in this partition
+                            nullable: true
+                            type: string
+                          clusterGroupSelector:
+                            description: Selector matching cluster group labels to
+                              include in this partition
+                            nullable: true
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector
+                                  requirements. The requirements are ANDed.
+                                items:
+                                  description: 'A label selector requirement is a
+                                    selector that contains values, a key, and an operator
+                                    that
+
+                                    relates the key and values.'
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector
+                                        applies to.
+                                      nullable: true
+                                      type: string
+                                    operator:
+                                      description: 'operator represents a key''s relationship
+                                        to a set of values.
+
+                                        Valid operators are In, NotIn, Exists and
+                                        DoesNotExist.'
+                                      nullable: true
+                                      type: string
+                                    values:
+                                      description: 'values is an array of string values.
+                                        If the operator is In or NotIn,
+
+                                        the values array must be non-empty. If the
+                                        operator is Exists or DoesNotExist,
+
+                                        the values array must be empty. This array
+                                        is replaced during a strategic
+
+                                        merge patch.'
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                nullable: true
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  nullable: true
+                                  type: string
+                                description: 'matchLabels is a map of {key,value}
+                                  pairs. A single {key,value} in the matchLabels
+
+                                  map is equivalent to an element of matchExpressions,
+                                  whose key field is "key", the
+
+                                  operator is "In", and the values array contains
+                                  only "value". The requirements are ANDed.'
+                                nullable: true
+                                type: object
+                            type: object
+                          clusterName:
+                            description: ClusterName is the name of a cluster to include
+                              in this partition
+                            nullable: true
+                            type: string
+                          clusterSelector:
+                            description: Selector matching cluster labels to include
+                              in this partition
+                            nullable: true
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector
+                                  requirements. The requirements are ANDed.
+                                items:
+                                  description: 'A label selector requirement is a
+                                    selector that contains values, a key, and an operator
+                                    that
+
+                                    relates the key and values.'
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector
+                                        applies to.
+                                      nullable: true
+                                      type: string
+                                    operator:
+                                      description: 'operator represents a key''s relationship
+                                        to a set of values.
+
+                                        Valid operators are In, NotIn, Exists and
+                                        DoesNotExist.'
+                                      nullable: true
+                                      type: string
+                                    values:
+                                      description: 'values is an array of string values.
+                                        If the operator is In or NotIn,
+
+                                        the values array must be non-empty. If the
+                                        operator is Exists or DoesNotExist,
+
+                                        the values array must be empty. This array
+                                        is replaced during a strategic
+
+                                        merge patch.'
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                nullable: true
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  nullable: true
+                                  type: string
+                                description: 'matchLabels is a map of {key,value}
+                                  pairs. A single {key,value} in the matchLabels
+
+                                  map is equivalent to an element of matchExpressions,
+                                  whose key field is "key", the
+
+                                  operator is "In", and the values array contains
+                                  only "value". The requirements are ANDed.'
+                                nullable: true
+                                type: object
+                            type: object
+                          maxUnavailable:
+                            description: 'A number or percentage of clusters that
+                              can be unavailable in this
+
+                              partition before this partition is treated as done.
+
+                              default: 10%'
+                            nullable: true
+                            x-kubernetes-int-or-string: true
+                          name:
+                            description: A user-friendly name given to the partition
+                              used for Display (optional).
+                            nullable: true
+                            type: string
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                serviceAccount:
+                  description: ServiceAccount which will be used to perform this deployment.
+                  nullable: true
+                  type: string
+                targetRestrictions:
+                  description: TargetRestrictions is an allow list, which controls
+                    if a bundledeployment is created for a target.
+                  items:
+                    description: 'BundleTargetRestriction is used internally by Fleet
+                      and should not be modified.
+
+                      It acts as an allow list, to prevent the creation of BundleDeployments
+                      from
+
+                      Targets created by TargetCustomizations in fleet.yaml.'
+                    properties:
+                      clusterGroup:
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        description: 'A label selector is a label query over a set
+                          of resources. The result of matchLabels and
+
+                          matchExpressions are ANDed. An empty label selector matches
+                          all objects. A null
+
+                          label selector matches no objects.'
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        description: 'A label selector is a label query over a set
+                          of resources. The result of matchLabels and
+
+                          matchExpressions are ANDed. An empty label selector matches
+                          all objects. A null
+
+                          label selector matches no objects.'
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      name:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                targets:
+                  description: 'Targets refer to the clusters which will be deployed
+                    to.
+
+                    Targets are evaluated in order and the first one to match is used.'
+                  items:
+                    description: 'BundleTarget declares clusters to deploy to. Fleet
+                      will merge the
+
+                      BundleDeploymentOptions from customizations into this struct.'
+                    properties:
+                      clusterGroup:
+                        description: ClusterGroup to match a specific cluster group
+                          by name.
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        description: ClusterGroupSelector is a selector to match cluster
+                          groups.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        description: 'ClusterName to match a specific cluster by name
+                          that will be
+
+                          selected'
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        description: 'ClusterSelector is a selector to match clusters.
+                          The structure is
+
+                          the standard metav1.LabelSelector format. If clusterGroupSelector
+                          or
+
+                          clusterGroup is specified, clusterSelector will be used
+                          only to
+
+                          further refine the selection after clusterGroupSelector
+                          and
+
+                          clusterGroup is evaluated.'
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      correctDrift:
+                        description: CorrectDrift specifies how drift correction should
+                          work.
+                        nullable: true
+                        properties:
+                          enabled:
+                            description: Enabled correct drift if true.
+                            type: boolean
+                          force:
+                            description: Force helm rollback with --force option will
+                              be used if true. This will try to recreate all resources
+                              in the release.
+                            type: boolean
+                          keepFailHistory:
+                            description: KeepFailHistory keeps track of failed rollbacks
+                              in the helm history.
+                            type: boolean
+                        type: object
+                      defaultNamespace:
+                        description: 'DefaultNamespace is the namespace to use for
+                          resources that do not
+
+                          specify a namespace. This field is not used to enforce or
+                          lock down
+
+                          the deployment to a specific namespace.'
+                        nullable: true
+                        type: string
+                      deleteCRDResources:
+                        description: DeleteCRDResources deletes CRDs. Warning! this
+                          will also delete all your Custom Resources.
+                        type: boolean
+                      diff:
+                        description: Diff can be used to ignore the modified state
+                          of objects which are amended at runtime.
+                        nullable: true
+                        properties:
+                          comparePatches:
+                            description: ComparePatches match a resource and remove
+                              fields from the check for modifications.
+                            items:
+                              description: ComparePatch matches a resource and removes
+                                fields from the check for modifications.
+                              properties:
+                                apiVersion:
+                                  description: APIVersion is the apiVersion of the
+                                    resource to match.
+                                  nullable: true
+                                  type: string
+                                jsonPointers:
+                                  description: JSONPointers ignore diffs at a certain
+                                    JSON path.
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                kind:
+                                  description: Kind is the kind of the resource to
+                                    match.
+                                  nullable: true
+                                  type: string
+                                name:
+                                  description: Name is the name of the resource to
+                                    match.
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  description: Namespace is the namespace of the resource
+                                    to match.
+                                  nullable: true
+                                  type: string
+                                operations:
+                                  description: Operations remove a JSON path from
+                                    the resource.
+                                  items:
+                                    description: Operation of a ComparePatch, usually
+                                      "remove".
+                                    properties:
+                                      op:
+                                        description: Op is usually "remove"
+                                        nullable: true
+                                        type: string
+                                      path:
+                                        description: Path is the JSON path to remove.
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        description: Value is usually empty.
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      doNotDeploy:
+                        description: DoNotDeploy if set to true, will not deploy to
+                          this target.
+                        type: boolean
+                      forceSyncGeneration:
+                        description: ForceSyncGeneration is used to force a redeployment
+                        type: integer
+                      helm:
+                        description: Helm options for the deployment, like the chart
+                          name, repo and values.
+                        nullable: true
+                        properties:
+                          atomic:
+                            description: Atomic sets the --atomic flag when Helm is
+                              performing an upgrade
+                            type: boolean
+                          chart:
+                            description: 'Chart can refer to any go-getter URL or
+                              OCI registry based helm
+
+                              chart URL. The chart will be downloaded.'
+                            nullable: true
+                            type: string
+                          disableDNS:
+                            description: DisableDNS can be used to customize Helm's
+                              EnableDNS option, which Fleet sets to `true` by default.
+                            type: boolean
+                          disablePreProcess:
+                            description: DisablePreProcess disables template processing
+                              in values
+                            type: boolean
+                          force:
+                            description: Force allows to override immutable resources.
+                              This could be dangerous.
+                            type: boolean
+                          maxHistory:
+                            description: MaxHistory limits the maximum number of revisions
+                              saved per release by Helm.
+                            type: integer
+                          releaseName:
+                            description: 'ReleaseName sets a custom release name to
+                              deploy the chart as. If
+
+                              not specified a release name will be generated by combining
+                              the
+
+                              invoking GitRepo.name + GitRepo.path.'
+                            nullable: true
+                            type: string
+                          repo:
+                            description: Repo is the name of the HTTPS helm repo to
+                              download the chart from.
+                            nullable: true
+                            type: string
+                          skipSchemaValidation:
+                            description: SkipSchemaValidation allows skipping schema
+                              validation against the chart values
+                            type: boolean
+                          takeOwnership:
+                            description: TakeOwnership makes helm skip the check for
+                              its own annotations
+                            type: boolean
+                          timeoutSeconds:
+                            description: TimeoutSeconds is the time to wait for Helm
+                              operations.
+                            type: integer
+                          values:
+                            description: 'Values passed to Helm. It is possible to
+                              specify the keys and values
+
+                              as go template strings.'
+                            nullable: true
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          valuesFiles:
+                            description: ValuesFiles is a list of files to load values
+                              from.
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          valuesFrom:
+                            description: ValuesFrom loads the values from configmaps
+                              and secrets.
+                            items:
+                              description: 'Define helm values that can come from
+                                configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439'
+                              properties:
+                                configMapKeyRef:
+                                  description: The reference to a config map with
+                                    release values.
+                                  nullable: true
+                                  properties:
+                                    key:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      description: Name of a resource in the same
+                                        namespace as the referent.
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                secretKeyRef:
+                                  description: The reference to a secret with release
+                                    values.
+                                  nullable: true
+                                  properties:
+                                    key:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      description: Name of a resource in the same
+                                        namespace as the referent.
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                          version:
+                            description: Version of the chart to download
+                            nullable: true
+                            type: string
+                          waitForJobs:
+                            description: 'WaitForJobs if set and timeoutSeconds provided,
+                              will wait until all
+
+                              Jobs have been completed before marking the GitRepo
+                              as ready. It
+
+                              will wait for as long as timeoutSeconds'
+                            type: boolean
+                        type: object
+                      ignore:
+                        description: IgnoreOptions can be used to ignore fields when
+                          monitoring the bundle.
+                        properties:
+                          conditions:
+                            description: Conditions is a list of conditions to be
+                              ignored when monitoring the Bundle.
+                            items:
+                              additionalProperties:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      keepResources:
+                        description: KeepResources can be used to keep the deployed
+                          resources when removing the bundle
+                        type: boolean
+                      kustomize:
+                        description: 'Kustomize options for the deployment, like the
+                          dir containing the
+
+                          kustomization.yaml file.'
+                        nullable: true
+                        properties:
+                          dir:
+                            description: 'Dir points to a custom folder for kustomize
+                              resources. This folder must contain
+
+                              a kustomization.yaml file.'
+                            nullable: true
+                            type: string
+                        type: object
+                      name:
+                        description: 'Name of target. This value is largely for display
+                          and logging. If
+
+                          not specified a default name of the format "target000" will
+                          be used'
+                        nullable: true
+                        type: string
+                      namespace:
+                        description: 'TargetNamespace if present will assign all resource
+                          to this
+
+                          namespace and if any cluster scoped resource exists the
+                          deployment
+
+                          will fail.'
+                        nullable: true
+                        type: string
+                      namespaceAnnotations:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        description: NamespaceAnnotations are annotations that will
+                          be appended to the namespace created by Fleet.
+                        nullable: true
+                        type: object
+                      namespaceLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        description: NamespaceLabels are labels that will be appended
+                          to the namespace created by Fleet.
+                        nullable: true
+                        type: object
+                      serviceAccount:
+                        description: ServiceAccount which will be used to perform
+                          this deployment.
+                        nullable: true
+                        type: string
+                      yaml:
+                        description: 'YAML options, if using raw YAML these are names
+                          that map to
+
+                          overlays/{name} files that will be used to replace or patch
+                          a resource.'
+                        nullable: true
+                        properties:
+                          overlays:
+                            description: 'Overlays is a list of names that maps to
+                              folders in "overlays/".
+
+                              If you wish to customize the file ./subdir/resource.yaml
+                              then a file
+
+                              ./overlays/myoverlay/subdir/resource.yaml will replace
+                              the base
+
+                              file.
+
+                              A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                              will patch the base file.'
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                yaml:
+                  description: 'YAML options, if using raw YAML these are names that
+                    map to
+
+                    overlays/{name} files that will be used to replace or patch a
+                    resource.'
+                  nullable: true
+                  properties:
+                    overlays:
+                      description: 'Overlays is a list of names that maps to folders
+                        in "overlays/".
+
+                        If you wish to customize the file ./subdir/resource.yaml then
+                        a file
+
+                        ./overlays/myoverlay/subdir/resource.yaml will replace the
+                        base
+
+                        file.
+
+                        A file named ./overlays/myoverlay/subdir/resource_patch.yaml
+                        will patch the base file.'
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+              type: object
+            status:
+              properties:
+                conditions:
+                  description: 'Conditions is a list of Wrangler conditions that describe
+                    the state
+
+                    of the bundle.'
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                display:
+                  description: 'Display contains the number of ready, desiredready
+                    clusters and a
+
+                    summary state for the bundle''s resources.'
+                  properties:
+                    readyClusters:
+                      description: 'ReadyClusters is a string in the form "%d/%d",
+                        that describes the
+
+                        number of clusters that are ready vs. the number of clusters
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: State is a summary state for the bundle, calculated
+                        over the non-ready resources.
+                      nullable: true
+                      type: string
+                  type: object
+                maxNew:
+                  description: 'MaxNew is always 50. A bundle change can only stage
+                    50
+
+                    bundledeployments at a time.'
+                  type: integer
+                maxUnavailable:
+                  description: 'MaxUnavailable is the maximum number of unavailable
+                    deployments. See
+
+                    rollout configuration.'
+                  type: integer
+                maxUnavailablePartitions:
+                  description: 'MaxUnavailablePartitions is the maximum number of
+                    unavailable
+
+                    partitions. The rollout configuration defines a maximum number
+                    or
+
+                    percentage of unavailable partitions.'
+                  type: integer
+                newlyCreated:
+                  description: 'NewlyCreated is the number of bundle deployments that
+                    have been created,
+
+                    not updated.'
+                  type: integer
+                observedGeneration:
+                  description: ObservedGeneration is the current generation of the
+                    bundle.
+                  type: integer
+                partitions:
+                  description: PartitionStatus lists the status of each partition.
+                  items:
+                    description: PartitionStatus is the status of a single rollout
+                      partition.
+                    properties:
+                      count:
+                        description: Count is the number of clusters in the partition.
+                        type: integer
+                      maxUnavailable:
+                        description: MaxUnavailable is the maximum number of unavailable
+                          clusters in the partition.
+                        type: integer
+                      name:
+                        description: Name is the name of the partition.
+                        nullable: true
+                        type: string
+                      summary:
+                        description: Summary is a summary state for the partition,
+                          calculated over its non-ready resources.
+                        properties:
+                          desiredReady:
+                            description: 'DesiredReady is the number of bundle deployments
+                              that should be
+
+                              ready.'
+                            type: integer
+                          errApplied:
+                            description: 'ErrApplied is the number of bundle deployments
+                              that have been synced
+
+                              from the Fleet controller and the downstream cluster,
+                              but with some
+
+                              errors when deploying the bundle.'
+                            type: integer
+                          modified:
+                            description: 'Modified is the number of bundle deployments
+                              that have been deployed
+
+                              and for which all resources are ready, but where some
+                              changes from the
+
+                              Git repository have not yet been synced.'
+                            type: integer
+                          nonReadyResources:
+                            description: 'NonReadyClusters is a list of states, which
+                              is filled for a bundle
+
+                              that is not ready.'
+                            items:
+                              description: 'NonReadyResource contains information
+                                about a bundle that is not ready for a
+
+                                given state like "ErrApplied". It contains a list
+                                of non-ready or modified
+
+                                resources and their states.'
+                              properties:
+                                bundleState:
+                                  description: State is the state of the resource,
+                                    like e.g. "NotReady" or "ErrApplied".
+                                  nullable: true
+                                  type: string
+                                message:
+                                  description: Message contains information why the
+                                    bundle is not ready.
+                                  nullable: true
+                                  type: string
+                                modifiedStatus:
+                                  description: ModifiedStatus lists the state for
+                                    each modified resource.
+                                  items:
+                                    description: 'ModifiedStatus is used to report
+                                      the status of a resource that is modified.
+
+                                      It indicates if the modification was a create,
+                                      a delete or a patch.'
+                                    properties:
+                                      apiVersion:
+                                        nullable: true
+                                        type: string
+                                      delete:
+                                        type: boolean
+                                      kind:
+                                        nullable: true
+                                        type: string
+                                      missing:
+                                        type: boolean
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      namespace:
+                                        nullable: true
+                                        type: string
+                                      patch:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                name:
+                                  description: Name is the name of the resource.
+                                  nullable: true
+                                  type: string
+                                nonReadyStatus:
+                                  description: NonReadyStatus lists the state for
+                                    each non-ready resource.
+                                  items:
+                                    description: NonReadyStatus is used to report
+                                      the status of a resource that is not ready.
+                                      It includes a summary.
+                                    properties:
+                                      apiVersion:
+                                        nullable: true
+                                        type: string
+                                      kind:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      namespace:
+                                        nullable: true
+                                        type: string
+                                      summary:
+                                        properties:
+                                          error:
+                                            type: boolean
+                                          message:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          state:
+                                            nullable: true
+                                            type: string
+                                          transitioning:
+                                            type: boolean
+                                        type: object
+                                      uid:
+                                        description: 'UID is a type that holds unique
+                                          ID values, including UUIDs.  Because we
+
+                                          don''t ONLY use UUIDs, this is an alias
+                                          to string.  Being a type captures
+
+                                          intent and helps make sure that UIDs and
+                                          names do not get conflated.'
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          notReady:
+                            description: 'NotReady is the number of bundle deployments
+                              that have been deployed
+
+                              where some resources are not ready.'
+                            type: integer
+                          outOfSync:
+                            description: 'OutOfSync is the number of bundle deployments
+                              that have been synced
+
+                              from Fleet controller, but not yet by the downstream
+                              agent.'
+                            type: integer
+                          pending:
+                            description: 'Pending is the number of bundle deployments
+                              that are being processed
+
+                              by Fleet controller.'
+                            type: integer
+                          ready:
+                            description: 'Ready is the number of bundle deployments
+                              that have been deployed
+
+                              where all resources are ready.'
+                            type: integer
+                          waitApplied:
+                            description: 'WaitApplied is the number of bundle deployments
+                              that have been
+
+                              synced from Fleet controller and downstream cluster,
+                              but are waiting
+
+                              to be deployed.'
+                            type: integer
+                        type: object
+                      unavailable:
+                        description: Unavailable is the number of unavailable clusters
+                          in the partition.
+                        type: integer
+                    type: object
+                  nullable: true
+                  type: array
+                resourceKey:
+                  description: 'ResourceKey lists resources, which will likely be
+                    deployed. The
+
+                    actual list of resources on a cluster might differ, depending
+                    on the
+
+                    helm chart, value templating, etc..'
+                  items:
+                    description: ResourceKey lists resources, which will likely be
+                      deployed.
+                    properties:
+                      apiVersion:
+                        description: APIVersion is the k8s api version of the resource.
+                        nullable: true
+                        type: string
+                      kind:
+                        description: Kind is the k8s api kind of the resource.
+                        nullable: true
+                        type: string
+                      name:
+                        description: Name is the name of the resource.
+                        nullable: true
+                        type: string
+                      namespace:
+                        description: Namespace is the namespace of the resource.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                summary:
+                  description: 'Summary contains the number of bundle deployments
+                    in each state and
+
+                    a list of non-ready resources.'
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+                unavailable:
+                  description: 'Unavailable is the number of bundle deployments that
+                    are not ready or
+
+                    where the AppliedDeploymentID in the status does not match the
+
+                    DeploymentID from the spec.'
+                  type: integer
+                unavailablePartitions:
+                  description: UnavailablePartitions is the number of unavailable
+                    partitions.
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clustergroups.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+      - fleet
+    kind: ClusterGroup
+    plural: clustergroups
+    singular: clustergroup
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.readyClusters
+          name: Clusters-Ready
+          type: string
+        - jsonPath: .status.display.readyBundles
+          name: Bundles-Ready
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ClusterGroup is a re-usable selector to target a group of clusters.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                selector:
+                  description: Selector is a label selector, used to select clusters
+                    for this group.
+                  nullable: true
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: 'A label selector requirement is a selector that
+                          contains values, a key, and an operator that
+
+                          relates the key and values.'
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            nullable: true
+                            type: string
+                          operator:
+                            description: 'operator represents a key''s relationship
+                              to a set of values.
+
+                              Valid operators are In, NotIn, Exists and DoesNotExist.'
+                            nullable: true
+                            type: string
+                          values:
+                            description: 'values is an array of string values. If
+                              the operator is In or NotIn,
+
+                              the values array must be non-empty. If the operator
+                              is Exists or DoesNotExist,
+
+                              the values array must be empty. This array is replaced
+                              during a strategic
+
+                              merge patch.'
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: 'matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels
+
+                        map is equivalent to an element of matchExpressions, whose
+                        key field is "key", the
+
+                        operator is "In", and the values array contains only "value".
+                        The requirements are ANDed.'
+                      nullable: true
+                      type: object
+                  type: object
+              type: object
+            status:
+              properties:
+                clusterCount:
+                  description: ClusterCount is the number of clusters in the cluster
+                    group.
+                  type: integer
+                conditions:
+                  description: Conditions is a list of conditions and their statuses
+                    for the cluster group.
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                display:
+                  description: 'Display contains the number of ready, desiredready
+                    clusters and a
+
+                    summary state for the bundle''s resources.'
+                  properties:
+                    readyBundles:
+                      description: 'ReadyBundles is a string in the form "%d/%d",
+                        that describes the
+
+                        number of bundles that are ready vs. the number of bundles
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    readyClusters:
+                      description: 'ReadyClusters is a string in the form "%d/%d",
+                        that describes the
+
+                        number of clusters that are ready vs. the number of clusters
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: 'State is a summary state for the cluster group,
+                        showing "NotReady" if
+
+                        there are non-ready resources.'
+                      nullable: true
+                      type: string
+                  type: object
+                nonReadyClusterCount:
+                  description: NonReadyClusterCount is the number of clusters that
+                    are not ready.
+                  type: integer
+                nonReadyClusters:
+                  description: NonReadyClusters is a list of cluster names that are
+                    not ready.
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                resourceCounts:
+                  description: 'ResourceCounts contains the number of resources in
+                    each state over
+
+                    all bundles in the cluster group.'
+                  properties:
+                    desiredReady:
+                      description: DesiredReady is the number of resources that should
+                        be ready.
+                      type: integer
+                    missing:
+                      description: Missing is the number of missing resources.
+                      type: integer
+                    modified:
+                      description: Modified is the number of resources that have been
+                        modified.
+                      type: integer
+                    notReady:
+                      description: 'NotReady is the number of not ready resources.
+                        Resources are not
+
+                        ready if they do not match any other state.'
+                      type: integer
+                    orphaned:
+                      description: Orphaned is the number of orphaned resources.
+                      type: integer
+                    ready:
+                      description: Ready is the number of ready resources.
+                      type: integer
+                    unknown:
+                      description: Unknown is the number of resources in an unknown
+                        state.
+                      type: integer
+                    waitApplied:
+                      description: WaitApplied is the number of resources that are
+                        waiting to be applied.
+                      type: integer
+                  type: object
+                summary:
+                  description: 'Summary is a summary of the bundle deployments and
+                    their resources
+
+                    in the cluster group.'
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrations.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistration
+    plural: clusterregistrations
+    singular: clusterregistration
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.clusterName
+          name: Cluster-Name
+          type: string
+        - jsonPath: .spec.clusterLabels
+          name: Labels
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ClusterRegistration is used internally by Fleet and should
+            not be used directly.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                clientID:
+                  description: 'ClientID is a unique string that will identify the
+                    cluster. The
+
+                    agent either uses the configured ID or the kubeSystem.UID.'
+                  nullable: true
+                  type: string
+                clientRandom:
+                  description: 'ClientRandom is a random string that the agent generates.
+                    When
+
+                    fleet-controller grants a registration, it creates a registration
+
+                    secret with this string in the name.'
+                  nullable: true
+                  type: string
+                clusterLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  description: ClusterLabels are copied to the cluster resource during
+                    the registration.
+                  nullable: true
+                  type: object
+              type: object
+            status:
+              properties:
+                clusterName:
+                  description: 'ClusterName is only set after the registration is
+                    being processed by
+
+                    fleet-controller.'
+                  nullable: true
+                  type: string
+                granted:
+                  description: 'Granted is set to true, if the request service account
+                    is present
+
+                    and its token secret exists. This happens directly before creating
+
+                    the registration secret, roles and rolebindings.'
+                  type: boolean
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrationtokens.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistrationToken
+    plural: clusterregistrationtokens
+    singular: clusterregistrationtoken
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.secretName
+          name: Secret-Name
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ClusterRegistrationToken is used by agents to register a new
+            cluster.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              properties:
+                name:
+                  maxLength: 63
+                  pattern: ^[-a-z0-9]+$
+                  type: string
+              type: object
+            spec:
+              properties:
+                ttl:
+                  description: 'TTL is the time to live for the token. It is used
+                    to calculate the
+
+                    expiration time. If the token expires, it will be deleted.'
+                  nullable: true
+                  type: string
+              type: object
+            status:
+              properties:
+                expires:
+                  description: Expires is the time when the token expires.
+                  nullable: true
+                  type: string
+                secretName:
+                  description: SecretName is the name of the secret containing the
+                    token.
+                  nullable: true
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusters.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Cluster
+    plural: clusters
+    singular: cluster
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.display.readyBundles
+          name: Bundles-Ready
+          type: string
+        - jsonPath: .status.display.readyNodes
+          name: Nodes-Ready
+          type: string
+        - jsonPath: .status.display.sampleNode
+          name: Sample-Node
+          type: string
+        - jsonPath: .status.agent.lastSeen
+          name: Last-Seen
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'Cluster corresponds to a Kubernetes cluster. Fleet deploys
+            bundles to targeted clusters.
+
+            Clusters to which Fleet deploys manifests are referred to as downstream
+
+            clusters. In the single cluster use case, the Fleet manager Kubernetes
+
+            cluster is both the manager and downstream cluster at the same time.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              properties:
+                name:
+                  maxLength: 63
+                  pattern: ^[-a-z0-9]+$
+                  type: string
+              type: object
+            spec:
+              properties:
+                agentAffinity:
+                  description: 'AgentAffinity overrides the default affinity for the
+                    cluster''s agent
+
+                    deployment. If this value is nil the default affinity is used.'
+                  nullable: true
+                  properties:
+                    nodeAffinity:
+                      description: Describes node affinity scheduling rules for the
+                        pod.
+                      nullable: true
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          description: 'The scheduler will prefer to schedule pods
+                            to nodes that satisfy
+
+                            the affinity expressions specified by this field, but
+                            it may choose
+
+                            a node that violates one or more of the expressions. The
+                            node that is
+
+                            most preferred is the one with the greatest sum of weights,
+                            i.e.
+
+                            for each node that meets all of the scheduling requirements
+                            (resource
+
+                            request, requiredDuringScheduling affinity expressions,
+                            etc.),
+
+                            compute a sum by iterating through the elements of this
+                            field and adding
+
+                            "weight" to the sum if the node matches the corresponding
+                            matchExpressions; the
+
+                            node(s) with the highest sum are the most preferred.'
+                          items:
+                            description: 'An empty preferred scheduling term matches
+                              all objects with implicit weight 0
+
+                              (i.e. it''s a no-op). A null preferred scheduling term
+                              matches no objects (i.e. is also a no-op).'
+                            properties:
+                              preference:
+                                description: A node selector term, associated with
+                                  the corresponding weight.
+                                properties:
+                                  matchExpressions:
+                                    description: A list of node selector requirements
+                                      by node's labels.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchFields:
+                                    description: A list of node selector requirements
+                                      by node's fields.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              weight:
+                                description: Weight associated with matching the corresponding
+                                  nodeSelectorTerm, in the range 1-100.
+                                type: integer
+                            type: object
+                          nullable: true
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          description: 'If the affinity requirements specified by
+                            this field are not met at
+
+                            scheduling time, the pod will not be scheduled onto the
+                            node.
+
+                            If the affinity requirements specified by this field cease
+                            to be met
+
+                            at some point during pod execution (e.g. due to an update),
+                            the system
+
+                            may or may not try to eventually evict the pod from its
+                            node.'
+                          nullable: true
+                          properties:
+                            nodeSelectorTerms:
+                              description: Required. A list of node selector terms.
+                                The terms are ORed.
+                              items:
+                                description: 'A null or empty node selector term matches
+                                  no objects. The requirements of
+
+                                  them are ANDed.
+
+                                  The TopologySelectorTerm type implements a subset
+                                  of the NodeSelectorTerm.'
+                                properties:
+                                  matchExpressions:
+                                    description: A list of node selector requirements
+                                      by node's labels.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchFields:
+                                    description: A list of node selector requirements
+                                      by node's fields.
+                                    items:
+                                      description: 'A node selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator
+
+                                        that relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: The label key that the selector
+                                            applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'Represents a key''s relationship
+                                            to a set of values.
+
+                                            Valid operators are In, NotIn, Exists,
+                                            DoesNotExist. Gt, and Lt.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                            - Gt
+                                            - Lt
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'An array of string values.
+                                            If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. If the
+                                            operator is Gt or Lt, the values
+
+                                            array must have a single element, which
+                                            will be interpreted as an integer.
+
+                                            This array is replaced during a strategic
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                      type: object
+                    podAffinity:
+                      description: Describes pod affinity scheduling rules (e.g. co-locate
+                        this pod in the same node, zone, etc. as some other pod(s)).
+                      nullable: true
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          description: 'The scheduler will prefer to schedule pods
+                            to nodes that satisfy
+
+                            the affinity expressions specified by this field, but
+                            it may choose
+
+                            a node that violates one or more of the expressions. The
+                            node that is
+
+                            most preferred is the one with the greatest sum of weights,
+                            i.e.
+
+                            for each node that meets all of the scheduling requirements
+                            (resource
+
+                            request, requiredDuringScheduling affinity expressions,
+                            etc.),
+
+                            compute a sum by iterating through the elements of this
+                            field and adding
+
+                            "weight" to the sum if the node has pods which matches
+                            the corresponding podAffinityTerm; the
+
+                            node(s) with the highest sum are the most preferred.'
+                          items:
+                            description: The weights of all of the matched WeightedPodAffinityTerm
+                              fields are added per-node to find the most preferred
+                              node(s)
+                            properties:
+                              podAffinityTerm:
+                                description: Required. A pod affinity term, associated
+                                  with the corresponding weight.
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: 'A label query over the set of namespaces
+                                      that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      selected by this field
+
+                                      and the ones listed in the namespaces field.
+
+                                      null selector and null or empty namespaces list
+                                      means "this pod''s namespace".
+
+                                      An empty selector ({}) matches all namespaces.'
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: 'namespaces specifies a static list
+                                      of namespace names that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      listed in this field
+
+                                      and the ones selected by namespaceSelector.
+
+                                      null or empty namespaces list and null namespaceSelector
+                                      means "this pod''s namespace".'
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  topologyKey:
+                                    description: 'This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching
+
+                                      the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a
+                                      node
+
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the
+
+                                      selected pods is running.
+
+                                      Empty topologyKey is not allowed.'
+                                    nullable: true
+                                    type: string
+                                type: object
+                              weight:
+                                description: 'weight associated with matching the
+                                  corresponding podAffinityTerm,
+
+                                  in the range 1-100.'
+                                type: integer
+                            type: object
+                          nullable: true
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          description: 'If the affinity requirements specified by
+                            this field are not met at
+
+                            scheduling time, the pod will not be scheduled onto the
+                            node.
+
+                            If the affinity requirements specified by this field cease
+                            to be met
+
+                            at some point during pod execution (e.g. due to a pod
+                            label update), the
+
+                            system may or may not try to eventually evict the pod
+                            from its node.
+
+                            When there are multiple elements, the lists of nodes corresponding
+                            to each
+
+                            podAffinityTerm are intersected, i.e. all terms must be
+                            satisfied.'
+                          items:
+                            description: 'Defines a set of pods (namely those matching
+                              the labelSelector
+
+                              relative to the given namespace(s)) that this pod should
+                              be
+
+                              co-located (affinity) or not co-located (anti-affinity)
+                              with,
+
+                              where co-located is defined as running on a node whose
+                              value of
+
+                              the label with key <topologyKey> matches that of any
+                              node on which
+
+                              a pod of the set of pods is running'
+                            properties:
+                              labelSelector:
+                                description: A label query over a set of resources,
+                                  in this case pods.
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaceSelector:
+                                description: 'A label query over the set of namespaces
+                                  that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  selected by this field
+
+                                  and the ones listed in the namespaces field.
+
+                                  null selector and null or empty namespaces list
+                                  means "this pod''s namespace".
+
+                                  An empty selector ({}) matches all namespaces.'
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaces:
+                                description: 'namespaces specifies a static list of
+                                  namespace names that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  listed in this field
+
+                                  and the ones selected by namespaceSelector.
+
+                                  null or empty namespaces list and null namespaceSelector
+                                  means "this pod''s namespace".'
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              topologyKey:
+                                description: 'This pod should be co-located (affinity)
+                                  or not co-located (anti-affinity) with the pods
+                                  matching
+
+                                  the labelSelector in the specified namespaces, where
+                                  co-located is defined as running on a node
+
+                                  whose value of the label with key topologyKey matches
+                                  that of any node on which any of the
+
+                                  selected pods is running.
+
+                                  Empty topologyKey is not allowed.'
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    podAntiAffinity:
+                      description: Describes pod anti-affinity scheduling rules (e.g.
+                        avoid putting this pod in the same node, zone, etc. as some
+                        other pod(s)).
+                      nullable: true
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          description: 'The scheduler will prefer to schedule pods
+                            to nodes that satisfy
+
+                            the anti-affinity expressions specified by this field,
+                            but it may choose
+
+                            a node that violates one or more of the expressions. The
+                            node that is
+
+                            most preferred is the one with the greatest sum of weights,
+                            i.e.
+
+                            for each node that meets all of the scheduling requirements
+                            (resource
+
+                            request, requiredDuringScheduling anti-affinity expressions,
+                            etc.),
+
+                            compute a sum by iterating through the elements of this
+                            field and adding
+
+                            "weight" to the sum if the node has pods which matches
+                            the corresponding podAffinityTerm; the
+
+                            node(s) with the highest sum are the most preferred.'
+                          items:
+                            description: The weights of all of the matched WeightedPodAffinityTerm
+                              fields are added per-node to find the most preferred
+                              node(s)
+                            properties:
+                              podAffinityTerm:
+                                description: Required. A pod affinity term, associated
+                                  with the corresponding weight.
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: 'A label query over the set of namespaces
+                                      that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      selected by this field
+
+                                      and the ones listed in the namespaces field.
+
+                                      null selector and null or empty namespaces list
+                                      means "this pod''s namespace".
+
+                                      An empty selector ({}) matches all namespaces.'
+                                    nullable: true
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: 'A label selector requirement
+                                            is a selector that contains values, a
+                                            key, and an operator that
+
+                                            relates the key and values.'
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              nullable: true
+                                              type: string
+                                            operator:
+                                              description: 'operator represents a
+                                                key''s relationship to a set of values.
+
+                                                Valid operators are In, NotIn, Exists
+                                                and DoesNotExist.'
+                                              enum:
+                                                - In
+                                                - NotIn
+                                                - Exists
+                                                - DoesNotExist
+                                              nullable: true
+                                              type: string
+                                            values:
+                                              description: 'values is an array of
+                                                string values. If the operator is
+                                                In or NotIn,
+
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+
+                                                merge patch.'
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          nullable: true
+                                          type: string
+                                        description: 'matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the
+
+                                          operator is "In", and the values array contains
+                                          only "value". The requirements are ANDed.'
+                                        nullable: true
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: 'namespaces specifies a static list
+                                      of namespace names that the term applies to.
+
+                                      The term is applied to the union of the namespaces
+                                      listed in this field
+
+                                      and the ones selected by namespaceSelector.
+
+                                      null or empty namespaces list and null namespaceSelector
+                                      means "this pod''s namespace".'
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  topologyKey:
+                                    description: 'This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching
+
+                                      the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a
+                                      node
+
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the
+
+                                      selected pods is running.
+
+                                      Empty topologyKey is not allowed.'
+                                    nullable: true
+                                    type: string
+                                type: object
+                              weight:
+                                description: 'weight associated with matching the
+                                  corresponding podAffinityTerm,
+
+                                  in the range 1-100.'
+                                type: integer
+                            type: object
+                          nullable: true
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          description: 'If the anti-affinity requirements specified
+                            by this field are not met at
+
+                            scheduling time, the pod will not be scheduled onto the
+                            node.
+
+                            If the anti-affinity requirements specified by this field
+                            cease to be met
+
+                            at some point during pod execution (e.g. due to a pod
+                            label update), the
+
+                            system may or may not try to eventually evict the pod
+                            from its node.
+
+                            When there are multiple elements, the lists of nodes corresponding
+                            to each
+
+                            podAffinityTerm are intersected, i.e. all terms must be
+                            satisfied.'
+                          items:
+                            description: 'Defines a set of pods (namely those matching
+                              the labelSelector
+
+                              relative to the given namespace(s)) that this pod should
+                              be
+
+                              co-located (affinity) or not co-located (anti-affinity)
+                              with,
+
+                              where co-located is defined as running on a node whose
+                              value of
+
+                              the label with key <topologyKey> matches that of any
+                              node on which
+
+                              a pod of the set of pods is running'
+                            properties:
+                              labelSelector:
+                                description: A label query over a set of resources,
+                                  in this case pods.
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaceSelector:
+                                description: 'A label query over the set of namespaces
+                                  that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  selected by this field
+
+                                  and the ones listed in the namespaces field.
+
+                                  null selector and null or empty namespaces list
+                                  means "this pod''s namespace".
+
+                                  An empty selector ({}) matches all namespaces.'
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    description: matchExpressions is a list of label
+                                      selector requirements. The requirements are
+                                      ANDed.
+                                    items:
+                                      description: 'A label selector requirement is
+                                        a selector that contains values, a key, and
+                                        an operator that
+
+                                        relates the key and values.'
+                                      properties:
+                                        key:
+                                          description: key is the label key that the
+                                            selector applies to.
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          description: 'operator represents a key''s
+                                            relationship to a set of values.
+
+                                            Valid operators are In, NotIn, Exists
+                                            and DoesNotExist.'
+                                          enum:
+                                            - In
+                                            - NotIn
+                                            - Exists
+                                            - DoesNotExist
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          description: 'values is an array of string
+                                            values. If the operator is In or NotIn,
+
+                                            the values array must be non-empty. If
+                                            the operator is Exists or DoesNotExist,
+
+                                            the values array must be empty. This array
+                                            is replaced during a strategic
+
+                                            merge patch.'
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    description: 'matchLabels is a map of {key,value}
+                                      pairs. A single {key,value} in the matchLabels
+
+                                      map is equivalent to an element of matchExpressions,
+                                      whose key field is "key", the
+
+                                      operator is "In", and the values array contains
+                                      only "value". The requirements are ANDed.'
+                                    nullable: true
+                                    type: object
+                                type: object
+                              namespaces:
+                                description: 'namespaces specifies a static list of
+                                  namespace names that the term applies to.
+
+                                  The term is applied to the union of the namespaces
+                                  listed in this field
+
+                                  and the ones selected by namespaceSelector.
+
+                                  null or empty namespaces list and null namespaceSelector
+                                  means "this pod''s namespace".'
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              topologyKey:
+                                description: 'This pod should be co-located (affinity)
+                                  or not co-located (anti-affinity) with the pods
+                                  matching
+
+                                  the labelSelector in the specified namespaces, where
+                                  co-located is defined as running on a node
+
+                                  whose value of the label with key topologyKey matches
+                                  that of any node on which any of the
+
+                                  selected pods is running.
+
+                                  Empty topologyKey is not allowed.'
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                agentEnvVars:
+                  description: AgentEnvVars are extra environment variables to be
+                    added to the agent deployment.
+                  items:
+                    description: EnvVar represents an environment variable present
+                      in a Container.
+                    properties:
+                      name:
+                        description: Name of the environment variable. Must be a C_IDENTIFIER.
+                        nullable: true
+                        type: string
+                      value:
+                        description: 'Variable references $(VAR_NAME) are expanded
+
+                          using the previously defined environment variables in the
+                          container and
+
+                          any service environment variables. If a variable cannot
+                          be resolved,
+
+                          the reference in the input string will be unchanged. Double
+                          $$ are reduced
+
+                          to a single $, which allows for escaping the $(VAR_NAME)
+                          syntax: i.e.
+
+                          "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+
+                          Escaped references will never be expanded, regardless of
+                          whether the variable
+
+                          exists or not.
+
+                          Defaults to "".'
+                        nullable: true
+                        type: string
+                      valueFrom:
+                        description: Source for the environment variable's value.
+                          Cannot be used if value is not empty.
+                        nullable: true
+                        properties:
+                          configMapKeyRef:
+                            description: Selects a key of a ConfigMap.
+                            nullable: true
+                            properties:
+                              key:
+                                description: The key to select.
+                                nullable: true
+                                type: string
+                              name:
+                                description: 'Name of the referent.
+
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+                                  TODO: Add other useful fields. apiVersion, kind,
+                                  uid?'
+                                nullable: true
+                                type: string
+                              optional:
+                                description: Specify whether the ConfigMap or its
+                                  key must be defined
+                                nullable: true
+                                type: boolean
+                            type: object
+                          fieldRef:
+                            description: 'Selects a field of the pod: supports metadata.name,
+                              metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
+
+                              spec.nodeName, spec.serviceAccountName, status.hostIP,
+                              status.podIP, status.podIPs.'
+                            nullable: true
+                            properties:
+                              apiVersion:
+                                description: Version of the schema the FieldPath is
+                                  written in terms of, defaults to "v1".
+                                nullable: true
+                                type: string
+                              fieldPath:
+                                description: Path of the field to select in the specified
+                                  API version.
+                                nullable: true
+                                type: string
+                            type: object
+                          resourceFieldRef:
+                            description: 'Selects a resource of the container: only
+                              resources limits and requests
+
+                              (limits.cpu, limits.memory, limits.ephemeral-storage,
+                              requests.cpu, requests.memory and requests.ephemeral-storage)
+                              are currently supported.'
+                            nullable: true
+                            properties:
+                              containerName:
+                                description: 'Container name: required for volumes,
+                                  optional for env vars'
+                                nullable: true
+                                type: string
+                              divisor:
+                                description: Specifies the output format of the exposed
+                                  resources, defaults to "1"
+                                nullable: true
+                                type: string
+                              resource:
+                                description: 'Required: resource to select'
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            nullable: true
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                nullable: true
+                                type: string
+                              name:
+                                description: 'Name of the referent.
+
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+                                  TODO: Add other useful fields. apiVersion, kind,
+                                  uid?'
+                                nullable: true
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                nullable: true
+                                type: boolean
+                            type: object
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                agentNamespace:
+                  description: AgentNamespace defaults to the system namespace, e.g.
+                    cattle-fleet-system.
+                  nullable: true
+                  type: string
+                agentResources:
+                  description: AgentResources sets the resources for the cluster's
+                    agent deployment.
+                  nullable: true
+                  properties:
+                    claims:
+                      description: 'Claims lists the names of resources, defined in
+                        spec.resourceClaims,
+
+                        that are used by this container.
+
+
+
+                        This is an alpha field and requires enabling the
+
+                        DynamicResourceAllocation feature gate.
+
+
+
+                        This field is immutable. It can only be set for containers.'
+                      items:
+                        description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                        properties:
+                          name:
+                            description: 'Name must match the name of one entry in
+                              pod.spec.resourceClaims of
+
+                              the Pod where this field is used. It makes that resource
+                              available
+
+                              inside a container.'
+                            nullable: true
+                            type: string
+                        type: object
+                      nullable: true
+                      type: array
+                    limits:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: 'Limits describes the maximum amount of compute
+                        resources allowed.
+
+                        More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                      nullable: true
+                      type: object
+                    requests:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      description: 'Requests describes the minimum amount of compute
+                        resources required.
+
+                        If Requests is omitted for a container, it defaults to Limits
+                        if that is explicitly specified,
+
+                        otherwise to an implementation-defined value. Requests cannot
+                        exceed Limits.
+
+                        More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                      nullable: true
+                      type: object
+                  type: object
+                agentTolerations:
+                  description: AgentTolerations defines an extra set of Tolerations
+                    to be added to the Agent deployment.
+                  items:
+                    description: 'The pod this Toleration is attached to tolerates
+                      any taint that matches
+
+                      the triple <key,value,effect> using the matching operator <operator>.'
+                    properties:
+                      effect:
+                        description: 'Effect indicates the taint effect to match.
+                          Empty means match all taint effects.
+
+                          When specified, allowed values are NoSchedule, PreferNoSchedule
+                          and NoExecute.'
+                        nullable: true
+                        type: string
+                      key:
+                        description: 'Key is the taint key that the toleration applies
+                          to. Empty means match all taint keys.
+
+                          If the key is empty, operator must be Exists; this combination
+                          means to match all values and all keys.'
+                        nullable: true
+                        type: string
+                      operator:
+                        description: 'Operator represents a key''s relationship to
+                          the value.
+
+                          Valid operators are Exists and Equal. Defaults to Equal.
+
+                          Exists is equivalent to wildcard for value, so that a pod
+                          can
+
+                          tolerate all taints of a particular category.'
+                        nullable: true
+                        type: string
+                      tolerationSeconds:
+                        description: 'TolerationSeconds represents the period of time
+                          the toleration (which must be
+
+                          of effect NoExecute, otherwise this field is ignored) tolerates
+                          the taint. By default,
+
+                          it is not set, which means tolerate the taint forever (do
+                          not evict). Zero and
+
+                          negative values will be treated as 0 (evict immediately)
+                          by the system.'
+                        maximum: 86400
+                        nullable: true
+                        type: integer
+                      value:
+                        description: 'Value is the taint value the toleration matches
+                          to.
+
+                          If the operator is Exists, the value should be empty, otherwise
+                          just a regular string.'
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                clientID:
+                  description: 'ClientID is a unique string that will identify the
+                    cluster. It can
+
+                    either be predefined, or generated when importing the cluster.'
+                  nullable: true
+                  type: string
+                kubeConfigSecret:
+                  description: 'KubeConfigSecret is the name of the secret containing
+                    the kubeconfig for the downstream cluster.
+
+                    It can optionally contain a APIServerURL and CA to override the
+
+                    values in the fleet-controller''s configmap.'
+                  nullable: true
+                  type: string
+                kubeConfigSecretNamespace:
+                  description: 'KubeConfigSecretNamespace is the namespace of the
+                    secret containing the kubeconfig for the downstream cluster.
+
+                    If unset, it will be assumed the secret can be found in the namespace
+                    that the Cluster object resides within.'
+                  nullable: true
+                  type: string
+                paused:
+                  description: Paused if set to true, will stop any BundleDeployments
+                    from being updated.
+                  type: boolean
+                privateRepoURL:
+                  description: PrivateRepoURL prefixes the image name and overrides
+                    a global repo URL from the agents config.
+                  nullable: true
+                  type: string
+                redeployAgentGeneration:
+                  description: RedeployAgentGeneration can be used to force redeploying
+                    the agent.
+                  type: integer
+                templateValues:
+                  description: TemplateValues defines a cluster specific mapping of
+                    values to be sent to fleet.yaml values templating.
+                  nullable: true
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+              type: object
+            status:
+              properties:
+                agent:
+                  description: AgentStatus contains information about the agent.
+                  properties:
+                    lastSeen:
+                      description: 'LastSeen is the last time the agent checked in
+                        to update the status
+
+                        of the cluster resource.'
+                      nullable: true
+                      type: string
+                    namespace:
+                      description: Namespace is the namespace of the agent deployment,
+                        e.g. "cattle-fleet-system".
+                      nullable: true
+                      type: string
+                    nonReadyNodeNames:
+                      description: 'NonReadyNode contains the names of non-ready nodes.
+                        The list is
+
+                        limited to at most 3 names.'
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    nonReadyNodes:
+                      description: NonReadyNodes is the number of nodes that are not
+                        ready.
+                      type: integer
+                    readyNodeNames:
+                      description: 'ReadyNodes contains the names of ready nodes.
+                        The list is limited to
+
+                        at most 3 names.'
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    readyNodes:
+                      description: ReadyNodes is the number of nodes that are ready.
+                      type: integer
+                  type: object
+                agentAffinityHash:
+                  description: 'AgentAffinityHash is a hash of the agent''s affinity
+                    configuration,
+
+                    used to detect changes.'
+                  nullable: true
+                  type: string
+                agentConfigChanged:
+                  description: 'AgentConfigChanged is set to true if any of the agent
+                    configuration
+
+                    changed, like the API server URL or CA. Setting it to true will
+
+                    trigger a re-import of the cluster.'
+                  type: boolean
+                agentDeployedGeneration:
+                  description: AgentDeployedGeneration is the generation of the agent
+                    that is currently deployed.
+                  nullable: true
+                  type: integer
+                agentEnvVarsHash:
+                  description: AgentEnvVarsHash is a hash of the agent's env vars,
+                    used to detect changes.
+                  nullable: true
+                  type: string
+                agentMigrated:
+                  description: 'AgentMigrated is always set to true after importing
+                    a cluster. If
+
+                    false, it will trigger a migration. Old agents don''t have
+
+                    this in their status.'
+                  type: boolean
+                agentNamespaceMigrated:
+                  description: 'AgentNamespaceMigrated is always set to true after
+                    importing a
+
+                    cluster. If false, it will trigger a migration. Old Fleet agents
+
+                    don''t have this in their status.'
+                  type: boolean
+                agentPrivateRepoURL:
+                  description: AgentPrivateRepoURL is the private repo URL for the
+                    agent that is currently used.
+                  nullable: true
+                  type: string
+                agentResourcesHash:
+                  description: 'AgentResourcesHash is a hash of the agent''s resources
+                    configuration,
+
+                    used to detect changes.'
+                  nullable: true
+                  type: string
+                agentTLSMode:
+                  description: 'AgentTLSMode supports two values: `system-store` and
+                    `strict`. If set to
+
+                    `system-store`, instructs the agent to trust CA bundles from the
+                    operating
+
+                    system''s store. If set to `strict`, then the agent shall only
+                    connect to a
+
+                    server which uses the exact CA configured when creating/updating
+                    the agent.'
+                  nullable: true
+                  type: string
+                agentTolerationsHash:
+                  description: 'AgentTolerationsHash is a hash of the agent''s tolerations
+
+                    configuration, used to detect changes.'
+                  nullable: true
+                  type: string
+                apiServerCAHash:
+                  description: APIServerCAHash is a hash of the upstream API server
+                    CA, used to detect changes.
+                  nullable: true
+                  type: string
+                apiServerURL:
+                  description: 'APIServerURL is the currently used URL of the API
+                    server that the
+
+                    cluster uses to connect to upstream.'
+                  nullable: true
+                  type: string
+                cattleNamespaceMigrated:
+                  description: 'CattleNamespaceMigrated is always set to true after
+                    importing a
+
+                    cluster. If false, it will trigger a migration. Old Fleet agents,
+
+                    don''t have this in their status.'
+                  type: boolean
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                desiredReadyGitRepos:
+                  description: 'DesiredReadyGitRepos is the number of gitrepos for
+                    this cluster that
+
+                    are desired to be ready.'
+                  type: integer
+                display:
+                  description: Display contains the number of ready bundles, nodes
+                    and a summary state.
+                  properties:
+                    readyBundles:
+                      description: 'ReadyBundles is a string in the form "%d/%d",
+                        that describes the
+
+                        number of bundles that are ready vs. the number of bundles
+                        desired
+
+                        to be ready.'
+                      nullable: true
+                      type: string
+                    readyNodes:
+                      description: 'ReadyNodes is a string in the form "%d/%d", that
+                        describes the
+
+                        number of nodes that are ready vs. the number of expected
+                        nodes.'
+                      nullable: true
+                      type: string
+                    sampleNode:
+                      description: 'SampleNode is the name of one of the nodes that
+                        are ready. If no
+
+                        node is ready, it''s the name of a node that is not ready.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: State of the cluster, either one of the bundle
+                        states, or "WaitCheckIn".
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  description: 'Namespace is the cluster namespace, it contains the
+                    clusters service
+
+                    account as well as any bundledeployments. Example:
+
+                    "cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f"'
+                  nullable: true
+                  type: string
+                readyGitRepos:
+                  description: ReadyGitRepos is the number of gitrepos for this cluster
+                    that are ready.
+                  type: integer
+                resourceCounts:
+                  description: ResourceCounts is an aggregate over the GitRepoResourceCounts.
+                  properties:
+                    desiredReady:
+                      description: DesiredReady is the number of resources that should
+                        be ready.
+                      type: integer
+                    missing:
+                      description: Missing is the number of missing resources.
+                      type: integer
+                    modified:
+                      description: Modified is the number of resources that have been
+                        modified.
+                      type: integer
+                    notReady:
+                      description: 'NotReady is the number of not ready resources.
+                        Resources are not
+
+                        ready if they do not match any other state.'
+                      type: integer
+                    orphaned:
+                      description: Orphaned is the number of orphaned resources.
+                      type: integer
+                    ready:
+                      description: Ready is the number of ready resources.
+                      type: integer
+                    unknown:
+                      description: Unknown is the number of resources in an unknown
+                        state.
+                      type: integer
+                    waitApplied:
+                      description: WaitApplied is the number of resources that are
+                        waiting to be applied.
+                      type: integer
+                  type: object
+                summary:
+                  description: 'Summary is a summary of the bundledeployments. The
+                    resource counts
+
+                    are copied from the gitrepo resource.'
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: contents.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Content
+    plural: contents
+    singular: content
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'Content is used internally by Fleet and should not be used
+            directly. It
+
+            contains the resources from a bundle for a specific target cluster.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            content:
+              description: 'Content is a byte array, which contains the manifests
+                of a bundle.
+
+                The bundle resources are copied into the bundledeployment''s content
+
+                resource, so the downstream agent can deploy them.'
+              nullable: true
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+          type: object
+      served: true
+      storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitreporestrictions.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: GitRepoRestriction
+    plural: gitreporestrictions
+    singular: gitreporestriction
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .defaultServiceAccount
+          name: Default-ServiceAccount
+          type: string
+        - jsonPath: .allowedServiceAccounts
+          name: Allowed-ServiceAccounts
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'GitRepoRestriction is a resource that can optionally be used
+            to restrict
+
+            the options of GitRepos in the same namespace.'
+          properties:
+            allowedClientSecretNames:
+              description: AllowedClientSecretNames is a list of client secret names
+                that GitRepos are allowed to use.
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            allowedRepoPatterns:
+              description: 'AllowedRepoPatterns is a list of regex patterns that restrict
+                the
+
+                valid values of the Repo field of a GitRepo.'
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            allowedServiceAccounts:
+              description: AllowedServiceAccounts is a list of service accounts that
+                GitRepos are allowed to use.
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            allowedTargetNamespaces:
+              description: 'AllowedTargetNamespaces restricts TargetNamespace to the
+                given
+
+                namespaces. If AllowedTargetNamespaces is set, TargetNamespace must
+
+                be set.'
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            defaultClientSecretName:
+              description: DefaultClientSecretName overrides the GitRepo's default
+                client secret.
+              nullable: true
+              type: string
+            defaultServiceAccount:
+              description: DefaultServiceAccount overrides the GitRepo's default service
+                account.
+              nullable: true
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitrepos.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+      - fleet
+    kind: GitRepo
+    plural: gitrepos
+    singular: gitrepo
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.repo
+          name: Repo
+          type: string
+        - jsonPath: .status.commit
+          name: Commit
+          type: string
+        - jsonPath: .status.display.readyBundleDeployments
+          name: BundleDeployments-Ready
+          type: string
+        - jsonPath: .status.conditions[?(@.type=="Ready")].message
+          name: Status
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: 'GitRepo describes a git repository that is watched by Fleet.
+
+            The resource contains the necessary information to deploy the repo, or
+            parts
+
+            of it, to target clusters.'
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                branch:
+                  description: Branch The git branch to follow.
+                  nullable: true
+                  type: string
+                caBundle:
+                  description: CABundle is a PEM encoded CA bundle which will be used
+                    to validate the repo's certificate.
+                  nullable: true
+                  type: string
+                clientSecretName:
+                  description: 'ClientSecretName is the name of the client secret
+                    to be used to connect to the repo
+
+                    It is expected the secret be of type "kubernetes.io/basic-auth"
+                    or "kubernetes.io/ssh-auth".'
+                  nullable: true
+                  type: string
+                correctDrift:
+                  description: CorrectDrift specifies how drift correction should
+                    work.
+                  nullable: true
+                  properties:
+                    enabled:
+                      description: Enabled correct drift if true.
+                      type: boolean
+                    force:
+                      description: Force helm rollback with --force option will be
+                        used if true. This will try to recreate all resources in the
+                        release.
+                      type: boolean
+                    keepFailHistory:
+                      description: KeepFailHistory keeps track of failed rollbacks
+                        in the helm history.
+                      type: boolean
+                  type: object
+                forceSyncGeneration:
+                  description: Increment this number to force a redeployment of contents
+                    from Git.
+                  type: integer
+                helmRepoURLRegex:
+                  description: 'HelmRepoURLRegex Helm credentials will be used if
+                    the helm repo matches this regex
+
+                    Credentials will always be used if this is empty or not provided.'
+                  nullable: true
+                  type: string
+                helmSecretName:
+                  description: HelmSecretName contains the auth secret for a private
+                    Helm repository.
+                  nullable: true
+                  type: string
+                helmSecretNameForPaths:
+                  description: HelmSecretNameForPaths contains the auth secret for
+                    private Helm repository for each path.
+                  nullable: true
+                  type: string
+                imageScanCommit:
+                  description: Commit specifies how to commit to the git repo when
+                    a new image is scanned and written back to git repo.
+                  properties:
+                    authorEmail:
+                      description: AuthorEmail gives the email to provide when making
+                        a commit
+                      nullable: true
+                      type: string
+                    authorName:
+                      description: AuthorName gives the name to provide when making
+                        a commit
+                      nullable: true
+                      type: string
+                    messageTemplate:
+                      description: 'MessageTemplate provides a template for the commit
+                        message,
+
+                        into which will be interpolated the details of the change
+                        made.'
+                      nullable: true
+                      type: string
+                  type: object
+                imageScanInterval:
+                  description: ImageScanInterval is the interval of syncing scanned
+                    images and writing back to git repo.
+                  nullable: true
+                  type: string
+                insecureSkipTLSVerify:
+                  description: InsecureSkipTLSverify will use insecure HTTPS to clone
+                    the repo.
+                  type: boolean
+                keepResources:
+                  description: KeepResources specifies if the resources created must
+                    be kept after deleting the GitRepo.
+                  type: boolean
+                paths:
+                  description: 'Paths is the directories relative to the git repo
+                    root that contain resources to be applied.
+
+                    Path globbing is supported, for example ["charts/*"] will match
+                    all folders as a subdirectory of charts/
+
+                    If empty, "/" is the default.'
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                paused:
+                  description: 'Paused, when true, causes changes in Git not to be
+                    propagated down to the clusters but instead to mark
+
+                    resources as OutOfSync.'
+                  type: boolean
+                pollingInterval:
+                  description: PollingInterval is how often to check git for new updates.
+                  nullable: true
+                  type: string
+                repo:
+                  description: Repo is a URL to a git repo to clone and index.
+                  nullable: true
+                  type: string
+                revision:
+                  description: Revision A specific commit or tag to operate on.
+                  nullable: true
+                  type: string
+                serviceAccount:
+                  description: ServiceAccount used in the downstream cluster for deployment.
+                  nullable: true
+                  type: string
+                targetNamespace:
+                  description: 'Ensure that all resources are created in this namespace
+
+                    Any cluster scoped resource will be rejected if this is set
+
+                    Additionally this namespace will be created on demand.'
+                  nullable: true
+                  type: string
+                targets:
+                  description: Targets is a list of targets this repo will deploy
+                    to.
+                  items:
+                    description: GitTarget is a cluster or cluster group to deploy
+                      to.
+                    properties:
+                      clusterGroup:
+                        description: ClusterGroup is the name of a cluster group in
+                          the same namespace as the clusters.
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        description: ClusterGroupSelector is a label selector to select
+                          cluster groups.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of a cluster.
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        description: ClusterSelector is a label selector to select
+                          clusters.
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector
+                              requirements. The requirements are ANDed.
+                            items:
+                              description: 'A label selector requirement is a selector
+                                that contains values, a key, and an operator that
+
+                                relates the key and values.'
+                              properties:
+                                key:
+                                  description: key is the label key that the selector
+                                    applies to.
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  description: 'operator represents a key''s relationship
+                                    to a set of values.
+
+                                    Valid operators are In, NotIn, Exists and DoesNotExist.'
+                                  nullable: true
+                                  type: string
+                                values:
+                                  description: 'values is an array of string values.
+                                    If the operator is In or NotIn,
+
+                                    the values array must be non-empty. If the operator
+                                    is Exists or DoesNotExist,
+
+                                    the values array must be empty. This array is
+                                    replaced during a strategic
+
+                                    merge patch.'
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            description: 'matchLabels is a map of {key,value} pairs.
+                              A single {key,value} in the matchLabels
+
+                              map is equivalent to an element of matchExpressions,
+                              whose key field is "key", the
+
+                              operator is "In", and the values array contains only
+                              "value". The requirements are ANDed.'
+                            nullable: true
+                            type: object
+                        type: object
+                      name:
+                        description: Name is the name of this target.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+              type: object
+            status:
+              properties:
+                commit:
+                  description: Commit is the Git commit hash from the last gitjob
+                    run.
+                  nullable: true
+                  type: string
+                conditions:
+                  description: 'Conditions is a list of Wrangler conditions that describe
+                    the state
+
+                    of the GitRepo.'
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                desiredReadyClusters:
+                  description: "DesiredReadyClusters\tis the number of clusters that\
+                    \ should be ready for bundles of this GitRepo."
+                  type: integer
+                display:
+                  description: Display contains a human readable summary of the status.
+                  properties:
+                    error:
+                      description: Error is true if a message is present.
+                      type: boolean
+                    message:
+                      description: Message contains the relevant message from the
+                        deployment conditions.
+                      nullable: true
+                      type: string
+                    readyBundleDeployments:
+                      description: 'ReadyBundleDeployments is a string in the form
+                        "%d/%d", that describes the
+
+                        number of ready bundledeployments over the total number of
+                        bundledeployments.'
+                      nullable: true
+                      type: string
+                    state:
+                      description: 'State is the state of the GitRepo, e.g. "GitUpdating"
+                        or the maximal
+
+                        BundleState according to StateRank.'
+                      nullable: true
+                      type: string
+                  type: object
+                gitJobStatus:
+                  description: GitJobStatus is the status of the last GitJob run,
+                    e.g. "Current" if there was no error.
+                  nullable: true
+                  type: string
+                lastSyncedImageScanTime:
+                  description: LastSyncedImageScanTime is the time of the last image
+                    scan.
+                  nullable: true
+                  type: string
+                observedGeneration:
+                  description: 'ObservedGeneration is the current generation of the
+                    resource in the cluster. It is copied from k8s
+
+                    metadata.Generation. The value is incremented for all changes,
+                    except for changes to .metadata or .status.'
+                  type: integer
+                readyClusters:
+                  description: 'ReadyClusters is the lowest number of clusters that
+                    are ready over
+
+                    all the bundles of this GitRepo.'
+                  type: integer
+                resourceCounts:
+                  description: ResourceCounts contains the number of resources in
+                    each state over all bundles.
+                  properties:
+                    desiredReady:
+                      description: DesiredReady is the number of resources that should
+                        be ready.
+                      type: integer
+                    missing:
+                      description: Missing is the number of missing resources.
+                      type: integer
+                    modified:
+                      description: Modified is the number of resources that have been
+                        modified.
+                      type: integer
+                    notReady:
+                      description: 'NotReady is the number of not ready resources.
+                        Resources are not
+
+                        ready if they do not match any other state.'
+                      type: integer
+                    orphaned:
+                      description: Orphaned is the number of orphaned resources.
+                      type: integer
+                    ready:
+                      description: Ready is the number of ready resources.
+                      type: integer
+                    unknown:
+                      description: Unknown is the number of resources in an unknown
+                        state.
+                      type: integer
+                    waitApplied:
+                      description: WaitApplied is the number of resources that are
+                        waiting to be applied.
+                      type: integer
+                  type: object
+                resourceErrors:
+                  description: ResourceErrors is a sorted list of errors from the
+                    resources.
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                resources:
+                  description: Resources contains metadata about the resources of
+                    each bundle.
+                  items:
+                    description: GitRepoResource contains metadata about the resources
+                      of a bundle.
+                    properties:
+                      apiVersion:
+                        description: APIVersion is the API version of the resource.
+                        nullable: true
+                        type: string
+                      error:
+                        description: Error is true if any Error in the PerClusterState
+                          is true.
+                        type: boolean
+                      id:
+                        description: ID is the name of the resource, e.g. "namespace1/my-config"
+                          or "backingimagemanagers.storage.io".
+                        nullable: true
+                        type: string
+                      incompleteState:
+                        description: 'IncompleteState is true if a bundle summary
+                          has 10 or more non-ready
+
+                          resources or a non-ready resource has more 10 or more non-ready
+                          or
+
+                          modified states.'
+                        type: boolean
+                      kind:
+                        description: Kind is the k8s kind of the resource.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Message is the first message from the PerClusterStates.
+                        nullable: true
+                        type: string
+                      name:
+                        description: Name of the resource.
+                        nullable: true
+                        type: string
+                      namespace:
+                        description: Namespace of the resource.
+                        nullable: true
+                        type: string
+                      perClusterState:
+                        description: PerClusterState is a list of states for each
+                          cluster. Derived from the summaries non-ready resources.
+                        items:
+                          description: ResourcePerClusterState is generated for each
+                            non-ready resource of the bundles.
+                          properties:
+                            clusterId:
+                              description: ClusterID is the id of the cluster.
+                              nullable: true
+                              type: string
+                            error:
+                              description: Error is true if the resource is in an
+                                error state, copied from the bundle's summary for
+                                non-ready resources.
+                              type: boolean
+                            message:
+                              description: Message combines the messages from the
+                                bundle's summary. Messages are joined with the delimiter
+                                ';'.
+                              nullable: true
+                              type: string
+                            patch:
+                              description: Patch for modified resources.
+                              nullable: true
+                              type: object
+                              x-kubernetes-preserve-unknown-fields: true
+                            state:
+                              description: State is the state of the resource.
+                              nullable: true
+                              type: string
+                            transitioning:
+                              description: 'Transitioning is true if the resource
+                                is in a transitioning state,
+
+                                copied from the bundle''s summary for non-ready resources.'
+                              type: boolean
+                          type: object
+                        nullable: true
+                        type: array
+                      state:
+                        description: State is the state of the resource, e.g. "Unknown",
+                          "WaitApplied", "ErrApplied" or "Ready".
+                        nullable: true
+                        type: string
+                      transitioning:
+                        description: Transitioning is true if any Transitioning in
+                          the PerClusterState is true.
+                        type: boolean
+                      type:
+                        description: Type is the type of the resource, e.g. "apiextensions.k8s.io.customresourcedefinition"
+                          or "configmap".
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                summary:
+                  description: Summary contains the number of bundle deployments in
+                    each state and a list of non-ready resources.
+                  properties:
+                    desiredReady:
+                      description: 'DesiredReady is the number of bundle deployments
+                        that should be
+
+                        ready.'
+                      type: integer
+                    errApplied:
+                      description: 'ErrApplied is the number of bundle deployments
+                        that have been synced
+
+                        from the Fleet controller and the downstream cluster, but
+                        with some
+
+                        errors when deploying the bundle.'
+                      type: integer
+                    modified:
+                      description: 'Modified is the number of bundle deployments that
+                        have been deployed
+
+                        and for which all resources are ready, but where some changes
+                        from the
+
+                        Git repository have not yet been synced.'
+                      type: integer
+                    nonReadyResources:
+                      description: 'NonReadyClusters is a list of states, which is
+                        filled for a bundle
+
+                        that is not ready.'
+                      items:
+                        description: 'NonReadyResource contains information about
+                          a bundle that is not ready for a
+
+                          given state like "ErrApplied". It contains a list of non-ready
+                          or modified
+
+                          resources and their states.'
+                        properties:
+                          bundleState:
+                            description: State is the state of the resource, like
+                              e.g. "NotReady" or "ErrApplied".
+                            nullable: true
+                            type: string
+                          message:
+                            description: Message contains information why the bundle
+                              is not ready.
+                            nullable: true
+                            type: string
+                          modifiedStatus:
+                            description: ModifiedStatus lists the state for each modified
+                              resource.
+                            items:
+                              description: 'ModifiedStatus is used to report the status
+                                of a resource that is modified.
+
+                                It indicates if the modification was a create, a delete
+                                or a patch.'
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                delete:
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                missing:
+                                  type: boolean
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                patch:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            description: Name is the name of the resource.
+                            nullable: true
+                            type: string
+                          nonReadyStatus:
+                            description: NonReadyStatus lists the state for each non-ready
+                              resource.
+                            items:
+                              description: NonReadyStatus is used to report the status
+                                of a resource that is not ready. It includes a summary.
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                                summary:
+                                  properties:
+                                    error:
+                                      type: boolean
+                                    message:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    state:
+                                      nullable: true
+                                      type: string
+                                    transitioning:
+                                      type: boolean
+                                  type: object
+                                uid:
+                                  description: 'UID is a type that holds unique ID
+                                    values, including UUIDs.  Because we
+
+                                    don''t ONLY use UUIDs, this is an alias to string.  Being
+                                    a type captures
+
+                                    intent and helps make sure that UIDs and names
+                                    do not get conflated.'
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    notReady:
+                      description: 'NotReady is the number of bundle deployments that
+                        have been deployed
+
+                        where some resources are not ready.'
+                      type: integer
+                    outOfSync:
+                      description: 'OutOfSync is the number of bundle deployments
+                        that have been synced
+
+                        from Fleet controller, but not yet by the downstream agent.'
+                      type: integer
+                    pending:
+                      description: 'Pending is the number of bundle deployments that
+                        are being processed
+
+                        by Fleet controller.'
+                      type: integer
+                    ready:
+                      description: 'Ready is the number of bundle deployments that
+                        have been deployed
+
+                        where all resources are ready.'
+                      type: integer
+                    waitApplied:
+                      description: 'WaitApplied is the number of bundle deployments
+                        that have been
+
+                        synced from Fleet controller and downstream cluster, but are
+                        waiting
+
+                        to be deployed.'
+                      type: integer
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: imagescans.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+      - fleet
+    kind: ImageScan
+    plural: imagescans
+    singular: imagescan
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.image
+          name: Repository
+          type: string
+        - jsonPath: .status.latestTag
+          name: Latest
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+                of an object.
+
+                Servers should convert recognized schemas to the latest internal value,
+                and
+
+                may reject unrecognized values.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource
+                this object represents.
+
+                Servers may infer this from the endpoint the client submits requests
+                to.
+
+                Cannot be updated.
+
+                In CamelCase.
+
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: API is taken from https://github.com/fluxcd/image-reflector-controller
+              properties:
+                gitrepoName:
+                  description: GitRepo reference name
+                  nullable: true
+                  type: string
+                image:
+                  description: Image is the name of the image repository
+                  nullable: true
+                  type: string
+                interval:
+                  description: 'Interval is the length of time to wait between
+
+                    scans of the image repository.'
+                  nullable: true
+                  type: string
+                policy:
+                  description: 'Policy gives the particulars of the policy to be followed
+                    in
+
+                    selecting the most recent image'
+                  properties:
+                    alphabetical:
+                      description: Alphabetical set of rules to use for alphabetical
+                        ordering of the tags.
+                      nullable: true
+                      properties:
+                        order:
+                          description: 'Order specifies the sorting order of the tags.
+                            Given the letters of the
+
+                            alphabet as tags, ascending order would select Z, and
+                            descending order
+
+                            would select A.'
+                          nullable: true
+                          type: string
+                      type: object
+                    semver:
+                      description: 'SemVer gives a semantic version range to check
+                        against the tags
+
+                        available.'
+                      nullable: true
+                      properties:
+                        range:
+                          description: 'Range gives a semver range for the image tag;
+                            the highest
+
+                            version within the range that''s a tag yields the latest
+                            image.'
+                          nullable: true
+                          type: string
+                      type: object
+                  type: object
+                secretRef:
+                  description: 'SecretRef can be given the name of a secret containing
+
+                    credentials to use for the image registry. The secret should be
+
+                    created with `kubectl create secret docker-registry`, or the
+
+                    equivalent.'
+                  nullable: true
+                  properties:
+                    name:
+                      description: 'Name of the referent.
+
+                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+                        TODO: Add other useful fields. apiVersion, kind, uid?'
+                      nullable: true
+                      type: string
+                  type: object
+                suspend:
+                  description: 'This flag tells the controller to suspend subsequent
+                    image scans.
+
+                    It does not apply to already started scans. Defaults to false.'
+                  type: boolean
+                tagName:
+                  description: TagName is the tag ref that needs to be put in manifest
+                    to replace fields
+                  nullable: true
+                  type: string
+              type: object
+            status:
+              properties:
+                canonicalImageName:
+                  description: 'CanonicalName is the name of the image repository
+                    with all the
+
+                    implied bits made explicit; e.g., `docker.io/library/alpine`
+
+                    rather than `alpine`.'
+                  nullable: true
+                  type: string
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one
+                          status to another.
+                        nullable: true
+                        type: string
+                      lastUpdateTime:
+                        description: The last time this condition was updated.
+                        nullable: true
+                        type: string
+                      message:
+                        description: Human-readable message indicating details about
+                          last transition
+                        nullable: true
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition.
+                        nullable: true
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False,
+                          Unknown.
+                        nullable: true
+                        type: string
+                      type:
+                        description: Type of cluster condition.
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+                lastScanTime:
+                  description: LastScanTime is the last time image was scanned
+                  nullable: true
+                  type: string
+                latestDigest:
+                  description: LatestDigest is the digest of latest tag
+                  nullable: true
+                  type: string
+                latestImage:
+                  description: 'LatestImage gives the first in the list of images
+                    scanned by
+
+                    the image repository, when filtered and ordered according to
+
+                    the policy.'
+                  nullable: true
+                  type: string
+                latestTag:
+                  description: Latest tag is the latest tag filtered by the policy
+                  nullable: true
+                  type: string
+                observedGeneration:
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
diff --git a/charts/fleet-crd/103.1.10+up0.9.11/templates/gitjobs-crds.yaml b/charts/fleet-crd/103.1.10+up0.9.11/templates/gitjobs-crds.yaml
new file mode 100644
index 0000000000..b5296dbaf5
--- /dev/null
+++ b/charts/fleet-crd/103.1.10+up0.9.11/templates/gitjobs-crds.yaml
@@ -0,0 +1,7690 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.git.repo
+      name: REPO
+      type: string
+    - jsonPath: .spec.git.branch
+      name: BRANCH
+      type: string
+    - jsonPath: .status.commit
+      name: COMMIT
+      type: string
+    - jsonPath: .status.jobStatus
+      name: JOBSTATUS
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              forceUpdateGeneration:
+                type: integer
+              git:
+                properties:
+                  branch:
+                    nullable: true
+                    type: string
+                  caBundle:
+                    nullable: true
+                    type: string
+                  clientSecretName:
+                    nullable: true
+                    type: string
+                  insecureSkipTLSVerify:
+                    type: boolean
+                  onTag:
+                    nullable: true
+                    type: string
+                  provider:
+                    nullable: true
+                    type: string
+                  repo:
+                    nullable: true
+                    type: string
+                  revision:
+                    nullable: true
+                    type: string
+                type: object
+              jobSpec:
+                properties:
+                  activeDeadlineSeconds:
+                    nullable: true
+                    type: integer
+                  backoffLimit:
+                    nullable: true
+                    type: integer
+                  backoffLimitPerIndex:
+                    nullable: true
+                    type: integer
+                  completionMode:
+                    nullable: true
+                    type: string
+                  completions:
+                    nullable: true
+                    type: integer
+                  manualSelector:
+                    nullable: true
+                    type: boolean
+                  maxFailedIndexes:
+                    nullable: true
+                    type: integer
+                  parallelism:
+                    nullable: true
+                    type: integer
+                  podFailurePolicy:
+                    nullable: true
+                    properties:
+                      rules:
+                        items:
+                          properties:
+                            action:
+                              nullable: true
+                              type: string
+                            onExitCodes:
+                              nullable: true
+                              properties:
+                                containerName:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                values:
+                                  items:
+                                    type: integer
+                                  nullable: true
+                                  type: array
+                              type: object
+                            onPodConditions:
+                              items:
+                                properties:
+                                  status:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  podReplacementPolicy:
+                    nullable: true
+                    type: string
+                  selector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  suspend:
+                    nullable: true
+                    type: boolean
+                  template:
+                    properties:
+                      metadata:
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          creationTimestamp:
+                            nullable: true
+                            type: string
+                          deletionGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          deletionTimestamp:
+                            nullable: true
+                            type: string
+                          finalizers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          generateName:
+                            nullable: true
+                            type: string
+                          generation:
+                            type: integer
+                          labels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          managedFields:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                fieldsType:
+                                  nullable: true
+                                  type: string
+                                fieldsV1:
+                                  nullable: true
+                                  type: object
+                                manager:
+                                  nullable: true
+                                  type: string
+                                operation:
+                                  nullable: true
+                                  type: string
+                                subresource:
+                                  nullable: true
+                                  type: string
+                                time:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          ownerReferences:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                blockOwnerDeletion:
+                                  nullable: true
+                                  type: boolean
+                                controller:
+                                  nullable: true
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                uid:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          resourceVersion:
+                            nullable: true
+                            type: string
+                          selfLink:
+                            nullable: true
+                            type: string
+                          uid:
+                            nullable: true
+                            type: string
+                        type: object
+                      spec:
+                        properties:
+                          activeDeadlineSeconds:
+                            nullable: true
+                            type: integer
+                          affinity:
+                            nullable: true
+                            properties:
+                              nodeAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        preference:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    nullable: true
+                                    properties:
+                                      nodeSelectorTerms:
+                                        items:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                type: object
+                              podAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaceSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              podAntiAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaceSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                            type: object
+                          automountServiceAccountToken:
+                            nullable: true
+                            type: boolean
+                          containers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resizePolicy:
+                                  items:
+                                    properties:
+                                      resourceName:
+                                        nullable: true
+                                        type: string
+                                      restartPolicy:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                resources:
+                                  properties:
+                                    claims:
+                                      items:
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                restartPolicy:
+                                  nullable: true
+                                  type: string
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        hostProcess:
+                                          nullable: true
+                                          type: boolean
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          dnsConfig:
+                            nullable: true
+                            properties:
+                              nameservers:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              options:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              searches:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          dnsPolicy:
+                            nullable: true
+                            type: string
+                          enableServiceLinks:
+                            nullable: true
+                            type: boolean
+                          ephemeralContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resizePolicy:
+                                  items:
+                                    properties:
+                                      resourceName:
+                                        nullable: true
+                                        type: string
+                                      restartPolicy:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                resources:
+                                  properties:
+                                    claims:
+                                      items:
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                restartPolicy:
+                                  nullable: true
+                                  type: string
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        hostProcess:
+                                          nullable: true
+                                          type: boolean
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                targetContainerName:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostAliases:
+                            items:
+                              properties:
+                                hostnames:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                ip:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostIPC:
+                            type: boolean
+                          hostNetwork:
+                            type: boolean
+                          hostPID:
+                            type: boolean
+                          hostUsers:
+                            nullable: true
+                            type: boolean
+                          hostname:
+                            nullable: true
+                            type: string
+                          imagePullSecrets:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          initContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resizePolicy:
+                                  items:
+                                    properties:
+                                      resourceName:
+                                        nullable: true
+                                        type: string
+                                      restartPolicy:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                resources:
+                                  properties:
+                                    claims:
+                                      items:
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                restartPolicy:
+                                  nullable: true
+                                  type: string
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        hostProcess:
+                                          nullable: true
+                                          type: boolean
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    grpc:
+                                      nullable: true
+                                      properties:
+                                        port:
+                                          type: integer
+                                        service:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          x-kubernetes-int-or-string: true
+                                      type: object
+                                    terminationGracePeriodSeconds:
+                                      nullable: true
+                                      type: integer
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          nodeName:
+                            nullable: true
+                            type: string
+                          nodeSelector:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          os:
+                            nullable: true
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          overhead:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          preemptionPolicy:
+                            nullable: true
+                            type: string
+                          priority:
+                            nullable: true
+                            type: integer
+                          priorityClassName:
+                            nullable: true
+                            type: string
+                          readinessGates:
+                            items:
+                              properties:
+                                conditionType:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          resourceClaims:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                                source:
+                                  properties:
+                                    resourceClaimName:
+                                      nullable: true
+                                      type: string
+                                    resourceClaimTemplateName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                          restartPolicy:
+                            nullable: true
+                            type: string
+                          runtimeClassName:
+                            nullable: true
+                            type: string
+                          schedulerName:
+                            nullable: true
+                            type: string
+                          schedulingGates:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          securityContext:
+                            nullable: true
+                            properties:
+                              fsGroup:
+                                nullable: true
+                                type: integer
+                              fsGroupChangePolicy:
+                                nullable: true
+                                type: string
+                              runAsGroup:
+                                nullable: true
+                                type: integer
+                              runAsNonRoot:
+                                nullable: true
+                                type: boolean
+                              runAsUser:
+                                nullable: true
+                                type: integer
+                              seLinuxOptions:
+                                nullable: true
+                                properties:
+                                  level:
+                                    nullable: true
+                                    type: string
+                                  role:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                nullable: true
+                                properties:
+                                  localhostProfile:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              supplementalGroups:
+                                items:
+                                  type: integer
+                                nullable: true
+                                type: array
+                              sysctls:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              windowsOptions:
+                                nullable: true
+                                properties:
+                                  gmsaCredentialSpec:
+                                    nullable: true
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    nullable: true
+                                    type: string
+                                  hostProcess:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUserName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          serviceAccount:
+                            nullable: true
+                            type: string
+                          serviceAccountName:
+                            nullable: true
+                            type: string
+                          setHostnameAsFQDN:
+                            nullable: true
+                            type: boolean
+                          shareProcessNamespace:
+                            nullable: true
+                            type: boolean
+                          subdomain:
+                            nullable: true
+                            type: string
+                          terminationGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          tolerations:
+                            items:
+                              properties:
+                                effect:
+                                  nullable: true
+                                  type: string
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                tolerationSeconds:
+                                  nullable: true
+                                  type: integer
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          topologySpreadConstraints:
+                            items:
+                              properties:
+                                labelSelector:
+                                  nullable: true
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          operator:
+                                            nullable: true
+                                            type: string
+                                          values:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                matchLabelKeys:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                maxSkew:
+                                  type: integer
+                                minDomains:
+                                  nullable: true
+                                  type: integer
+                                nodeAffinityPolicy:
+                                  nullable: true
+                                  type: string
+                                nodeTaintsPolicy:
+                                  nullable: true
+                                  type: string
+                                topologyKey:
+                                  nullable: true
+                                  type: string
+                                whenUnsatisfiable:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          volumes:
+                            items:
+                              properties:
+                                awsElasticBlockStore:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                azureDisk:
+                                  nullable: true
+                                  properties:
+                                    cachingMode:
+                                      nullable: true
+                                      type: string
+                                    diskName:
+                                      nullable: true
+                                      type: string
+                                    diskURI:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                azureFile:
+                                  nullable: true
+                                  properties:
+                                    readOnly:
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                    shareName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cephfs:
+                                  nullable: true
+                                  properties:
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretFile:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cinder:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                configMap:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                csi:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    nodePublishSecretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                    volumeAttributes:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                downwardAPI:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                emptyDir:
+                                  nullable: true
+                                  properties:
+                                    medium:
+                                      nullable: true
+                                      type: string
+                                    sizeLimit:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                ephemeral:
+                                  nullable: true
+                                  properties:
+                                    volumeClaimTemplate:
+                                      nullable: true
+                                      properties:
+                                        metadata:
+                                          properties:
+                                            annotations:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            creationTimestamp:
+                                              nullable: true
+                                              type: string
+                                            deletionGracePeriodSeconds:
+                                              nullable: true
+                                              type: integer
+                                            deletionTimestamp:
+                                              nullable: true
+                                              type: string
+                                            finalizers:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            generateName:
+                                              nullable: true
+                                              type: string
+                                            generation:
+                                              type: integer
+                                            labels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            managedFields:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsType:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsV1:
+                                                    nullable: true
+                                                    type: object
+                                                  manager:
+                                                    nullable: true
+                                                    type: string
+                                                  operation:
+                                                    nullable: true
+                                                    type: string
+                                                  subresource:
+                                                    nullable: true
+                                                    type: string
+                                                  time:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            namespace:
+                                              nullable: true
+                                              type: string
+                                            ownerReferences:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  blockOwnerDeletion:
+                                                    nullable: true
+                                                    type: boolean
+                                                  controller:
+                                                    nullable: true
+                                                    type: boolean
+                                                  kind:
+                                                    nullable: true
+                                                    type: string
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  uid:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            resourceVersion:
+                                              nullable: true
+                                              type: string
+                                            selfLink:
+                                              nullable: true
+                                              type: string
+                                            uid:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        spec:
+                                          properties:
+                                            accessModes:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            dataSource:
+                                              nullable: true
+                                              properties:
+                                                apiGroup:
+                                                  nullable: true
+                                                  type: string
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            dataSourceRef:
+                                              nullable: true
+                                              properties:
+                                                apiGroup:
+                                                  nullable: true
+                                                  type: string
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                namespace:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            resources:
+                                              properties:
+                                                claims:
+                                                  items:
+                                                    properties:
+                                                      name:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                limits:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                                requests:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            selector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            storageClassName:
+                                              nullable: true
+                                              type: string
+                                            volumeMode:
+                                              nullable: true
+                                              type: string
+                                            volumeName:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                fc:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      nullable: true
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    targetWWNs:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    wwids:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                flexVolume:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    options:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                flocker:
+                                  nullable: true
+                                  properties:
+                                    datasetName:
+                                      nullable: true
+                                      type: string
+                                    datasetUUID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                gcePersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    pdName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                gitRepo:
+                                  nullable: true
+                                  properties:
+                                    directory:
+                                      nullable: true
+                                      type: string
+                                    repository:
+                                      nullable: true
+                                      type: string
+                                    revision:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                glusterfs:
+                                  nullable: true
+                                  properties:
+                                    endpoints:
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                hostPath:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    type:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                iscsi:
+                                  nullable: true
+                                  properties:
+                                    chapAuthDiscovery:
+                                      type: boolean
+                                    chapAuthSession:
+                                      type: boolean
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    initiatorName:
+                                      nullable: true
+                                      type: string
+                                    iqn:
+                                      nullable: true
+                                      type: string
+                                    iscsiInterface:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      type: integer
+                                    portals:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    targetPortal:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                nfs:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    server:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                persistentVolumeClaim:
+                                  nullable: true
+                                  properties:
+                                    claimName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                photonPersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    pdID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                portworxVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                projected:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    sources:
+                                      items:
+                                        properties:
+                                          configMap:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          downwardAPI:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    fieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        apiVersion:
+                                                          nullable: true
+                                                          type: string
+                                                        fieldPath:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                    resourceFieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        containerName:
+                                                          nullable: true
+                                                          type: string
+                                                        divisor:
+                                                          nullable: true
+                                                          type: string
+                                                        resource:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                            type: object
+                                          secret:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          serviceAccountToken:
+                                            nullable: true
+                                            properties:
+                                              audience:
+                                                nullable: true
+                                                type: string
+                                              expirationSeconds:
+                                                nullable: true
+                                                type: integer
+                                              path:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                quobyte:
+                                  nullable: true
+                                  properties:
+                                    group:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    registry:
+                                      nullable: true
+                                      type: string
+                                    tenant:
+                                      nullable: true
+                                      type: string
+                                    user:
+                                      nullable: true
+                                      type: string
+                                    volume:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                rbd:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    image:
+                                      nullable: true
+                                      type: string
+                                    keyring:
+                                      nullable: true
+                                      type: string
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    pool:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                scaleIO:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    gateway:
+                                      nullable: true
+                                      type: string
+                                    protectionDomain:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    sslEnabled:
+                                      type: boolean
+                                    storageMode:
+                                      nullable: true
+                                      type: string
+                                    storagePool:
+                                      nullable: true
+                                      type: string
+                                    system:
+                                      nullable: true
+                                      type: string
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                secret:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                storageos:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                    volumeNamespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                vsphereVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyID:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyName:
+                                      nullable: true
+                                      type: string
+                                    volumePath:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                    type: object
+                  ttlSecondsAfterFinished:
+                    nullable: true
+                    type: integer
+                type: object
+              syncInterval:
+                type: integer
+            type: object
+          status:
+            properties:
+              commit:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              event:
+                nullable: true
+                type: string
+              hookId:
+                nullable: true
+                type: string
+              jobStatus:
+                nullable: true
+                type: string
+              lastExecutedCommit:
+                nullable: true
+                type: string
+              lastSyncedTime:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              secretToken:
+                nullable: true
+                type: string
+              updateGeneration:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- else -}}
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.git.repo
+    name: REPO
+    type: string
+  - JSONPath: .spec.git.branch
+    name: BRANCH
+    type: string
+  - JSONPath: .status.commit
+    name: COMMIT
+    type: string
+  - JSONPath: .status.jobStatus
+    name: JOBSTATUS
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            forceUpdateGeneration:
+              type: integer
+            git:
+              properties:
+                branch:
+                  nullable: true
+                  type: string
+                caBundle:
+                  nullable: true
+                  type: string
+                clientSecretName:
+                  nullable: true
+                  type: string
+                insecureSkipTLSVerify:
+                  type: boolean
+                onTag:
+                  nullable: true
+                  type: string
+                provider:
+                  nullable: true
+                  type: string
+                repo:
+                  nullable: true
+                  type: string
+                revision:
+                  nullable: true
+                  type: string
+              type: object
+            jobSpec:
+              properties:
+                activeDeadlineSeconds:
+                  nullable: true
+                  type: integer
+                backoffLimit:
+                  nullable: true
+                  type: integer
+                backoffLimitPerIndex:
+                  nullable: true
+                  type: integer
+                completionMode:
+                  nullable: true
+                  type: string
+                completions:
+                  nullable: true
+                  type: integer
+                manualSelector:
+                  nullable: true
+                  type: boolean
+                maxFailedIndexes:
+                  nullable: true
+                  type: integer
+                parallelism:
+                  nullable: true
+                  type: integer
+                podFailurePolicy:
+                  nullable: true
+                  properties:
+                    rules:
+                      items:
+                        properties:
+                          action:
+                            nullable: true
+                            type: string
+                          onExitCodes:
+                            nullable: true
+                            properties:
+                              containerName:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  type: integer
+                                nullable: true
+                                type: array
+                            type: object
+                          onPodConditions:
+                            items:
+                              properties:
+                                status:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                podReplacementPolicy:
+                  nullable: true
+                  type: string
+                selector:
+                  nullable: true
+                  properties:
+                    matchExpressions:
+                      items:
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          operator:
+                            nullable: true
+                            type: string
+                          values:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                  type: object
+                suspend:
+                  nullable: true
+                  type: boolean
+                template:
+                  properties:
+                    metadata:
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        creationTimestamp:
+                          nullable: true
+                          type: string
+                        deletionGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        deletionTimestamp:
+                          nullable: true
+                          type: string
+                        finalizers:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        generateName:
+                          nullable: true
+                          type: string
+                        generation:
+                          type: integer
+                        labels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        managedFields:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              fieldsType:
+                                nullable: true
+                                type: string
+                              fieldsV1:
+                                nullable: true
+                                type: object
+                              manager:
+                                nullable: true
+                                type: string
+                              operation:
+                                nullable: true
+                                type: string
+                              subresource:
+                                nullable: true
+                                type: string
+                              time:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        namespace:
+                          nullable: true
+                          type: string
+                        ownerReferences:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              blockOwnerDeletion:
+                                nullable: true
+                                type: boolean
+                              controller:
+                                nullable: true
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        resourceVersion:
+                          nullable: true
+                          type: string
+                        selfLink:
+                          nullable: true
+                          type: string
+                        uid:
+                          nullable: true
+                          type: string
+                      type: object
+                    spec:
+                      properties:
+                        activeDeadlineSeconds:
+                          nullable: true
+                          type: integer
+                        affinity:
+                          nullable: true
+                          properties:
+                            nodeAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      preference:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  nullable: true
+                                  properties:
+                                    nodeSelectorTerms:
+                                      items:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                              type: object
+                            podAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaceSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            podAntiAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaceSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                          type: object
+                        automountServiceAccountToken:
+                          nullable: true
+                          type: boolean
+                        containers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resizePolicy:
+                                items:
+                                  properties:
+                                    resourceName:
+                                      nullable: true
+                                      type: string
+                                    restartPolicy:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              resources:
+                                properties:
+                                  claims:
+                                    items:
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              restartPolicy:
+                                nullable: true
+                                type: string
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      hostProcess:
+                                        nullable: true
+                                        type: boolean
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        dnsConfig:
+                          nullable: true
+                          properties:
+                            nameservers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            options:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            searches:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        dnsPolicy:
+                          nullable: true
+                          type: string
+                        enableServiceLinks:
+                          nullable: true
+                          type: boolean
+                        ephemeralContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resizePolicy:
+                                items:
+                                  properties:
+                                    resourceName:
+                                      nullable: true
+                                      type: string
+                                    restartPolicy:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              resources:
+                                properties:
+                                  claims:
+                                    items:
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              restartPolicy:
+                                nullable: true
+                                type: string
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      hostProcess:
+                                        nullable: true
+                                        type: boolean
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              targetContainerName:
+                                nullable: true
+                                type: string
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostAliases:
+                          items:
+                            properties:
+                              hostnames:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              ip:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostIPC:
+                          type: boolean
+                        hostNetwork:
+                          type: boolean
+                        hostPID:
+                          type: boolean
+                        hostUsers:
+                          nullable: true
+                          type: boolean
+                        hostname:
+                          nullable: true
+                          type: string
+                        imagePullSecrets:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        initContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resizePolicy:
+                                items:
+                                  properties:
+                                    resourceName:
+                                      nullable: true
+                                      type: string
+                                    restartPolicy:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              resources:
+                                properties:
+                                  claims:
+                                    items:
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              restartPolicy:
+                                nullable: true
+                                type: string
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      hostProcess:
+                                        nullable: true
+                                        type: boolean
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  grpc:
+                                    nullable: true
+                                    properties:
+                                      port:
+                                        type: integer
+                                      service:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    nullable: true
+                                    type: integer
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        nodeName:
+                          nullable: true
+                          type: string
+                        nodeSelector:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        os:
+                          nullable: true
+                          properties:
+                            name:
+                              nullable: true
+                              type: string
+                          type: object
+                        overhead:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        preemptionPolicy:
+                          nullable: true
+                          type: string
+                        priority:
+                          nullable: true
+                          type: integer
+                        priorityClassName:
+                          nullable: true
+                          type: string
+                        readinessGates:
+                          items:
+                            properties:
+                              conditionType:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        resourceClaims:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                              source:
+                                properties:
+                                  resourceClaimName:
+                                    nullable: true
+                                    type: string
+                                  resourceClaimTemplateName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        restartPolicy:
+                          nullable: true
+                          type: string
+                        runtimeClassName:
+                          nullable: true
+                          type: string
+                        schedulerName:
+                          nullable: true
+                          type: string
+                        schedulingGates:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        securityContext:
+                          nullable: true
+                          properties:
+                            fsGroup:
+                              nullable: true
+                              type: integer
+                            fsGroupChangePolicy:
+                              nullable: true
+                              type: string
+                            runAsGroup:
+                              nullable: true
+                              type: integer
+                            runAsNonRoot:
+                              nullable: true
+                              type: boolean
+                            runAsUser:
+                              nullable: true
+                              type: integer
+                            seLinuxOptions:
+                              nullable: true
+                              properties:
+                                level:
+                                  nullable: true
+                                  type: string
+                                role:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                                user:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              nullable: true
+                              properties:
+                                localhostProfile:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            supplementalGroups:
+                              items:
+                                type: integer
+                              nullable: true
+                              type: array
+                            sysctls:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            windowsOptions:
+                              nullable: true
+                              properties:
+                                gmsaCredentialSpec:
+                                  nullable: true
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  nullable: true
+                                  type: string
+                                hostProcess:
+                                  nullable: true
+                                  type: boolean
+                                runAsUserName:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        serviceAccount:
+                          nullable: true
+                          type: string
+                        serviceAccountName:
+                          nullable: true
+                          type: string
+                        setHostnameAsFQDN:
+                          nullable: true
+                          type: boolean
+                        shareProcessNamespace:
+                          nullable: true
+                          type: boolean
+                        subdomain:
+                          nullable: true
+                          type: string
+                        terminationGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        tolerations:
+                          items:
+                            properties:
+                              effect:
+                                nullable: true
+                                type: string
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              tolerationSeconds:
+                                nullable: true
+                                type: integer
+                              value:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        topologySpreadConstraints:
+                          items:
+                            properties:
+                              labelSelector:
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              matchLabelKeys:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              maxSkew:
+                                type: integer
+                              minDomains:
+                                nullable: true
+                                type: integer
+                              nodeAffinityPolicy:
+                                nullable: true
+                                type: string
+                              nodeTaintsPolicy:
+                                nullable: true
+                                type: string
+                              topologyKey:
+                                nullable: true
+                                type: string
+                              whenUnsatisfiable:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        volumes:
+                          items:
+                            properties:
+                              awsElasticBlockStore:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              azureDisk:
+                                nullable: true
+                                properties:
+                                  cachingMode:
+                                    nullable: true
+                                    type: string
+                                  diskName:
+                                    nullable: true
+                                    type: string
+                                  diskURI:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              azureFile:
+                                nullable: true
+                                properties:
+                                  readOnly:
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                  shareName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cephfs:
+                                nullable: true
+                                properties:
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretFile:
+                                    nullable: true
+                                    type: string
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cinder:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              configMap:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              csi:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  nodePublishSecretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                  volumeAttributes:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              downwardAPI:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              emptyDir:
+                                nullable: true
+                                properties:
+                                  medium:
+                                    nullable: true
+                                    type: string
+                                  sizeLimit:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              ephemeral:
+                                nullable: true
+                                properties:
+                                  volumeClaimTemplate:
+                                    nullable: true
+                                    properties:
+                                      metadata:
+                                        properties:
+                                          annotations:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          creationTimestamp:
+                                            nullable: true
+                                            type: string
+                                          deletionGracePeriodSeconds:
+                                            nullable: true
+                                            type: integer
+                                          deletionTimestamp:
+                                            nullable: true
+                                            type: string
+                                          finalizers:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          generateName:
+                                            nullable: true
+                                            type: string
+                                          generation:
+                                            type: integer
+                                          labels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          managedFields:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsType:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsV1:
+                                                  nullable: true
+                                                  type: object
+                                                manager:
+                                                  nullable: true
+                                                  type: string
+                                                operation:
+                                                  nullable: true
+                                                  type: string
+                                                subresource:
+                                                  nullable: true
+                                                  type: string
+                                                time:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          namespace:
+                                            nullable: true
+                                            type: string
+                                          ownerReferences:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                blockOwnerDeletion:
+                                                  nullable: true
+                                                  type: boolean
+                                                controller:
+                                                  nullable: true
+                                                  type: boolean
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                uid:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          resourceVersion:
+                                            nullable: true
+                                            type: string
+                                          selfLink:
+                                            nullable: true
+                                            type: string
+                                          uid:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      spec:
+                                        properties:
+                                          accessModes:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          dataSource:
+                                            nullable: true
+                                            properties:
+                                              apiGroup:
+                                                nullable: true
+                                                type: string
+                                              kind:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          dataSourceRef:
+                                            nullable: true
+                                            properties:
+                                              apiGroup:
+                                                nullable: true
+                                                type: string
+                                              kind:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              namespace:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resources:
+                                            properties:
+                                              claims:
+                                                items:
+                                                  properties:
+                                                    name:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              limits:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                              requests:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          selector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          storageClassName:
+                                            nullable: true
+                                            type: string
+                                          volumeMode:
+                                            nullable: true
+                                            type: string
+                                          volumeName:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              fc:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    nullable: true
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  targetWWNs:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  wwids:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              flexVolume:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  options:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              flocker:
+                                nullable: true
+                                properties:
+                                  datasetName:
+                                    nullable: true
+                                    type: string
+                                  datasetUUID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              gcePersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  pdName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              gitRepo:
+                                nullable: true
+                                properties:
+                                  directory:
+                                    nullable: true
+                                    type: string
+                                  repository:
+                                    nullable: true
+                                    type: string
+                                  revision:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              glusterfs:
+                                nullable: true
+                                properties:
+                                  endpoints:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              hostPath:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              iscsi:
+                                nullable: true
+                                properties:
+                                  chapAuthDiscovery:
+                                    type: boolean
+                                  chapAuthSession:
+                                    type: boolean
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  initiatorName:
+                                    nullable: true
+                                    type: string
+                                  iqn:
+                                    nullable: true
+                                    type: string
+                                  iscsiInterface:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    type: integer
+                                  portals:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  targetPortal:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              nfs:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  server:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              persistentVolumeClaim:
+                                nullable: true
+                                properties:
+                                  claimName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              photonPersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  pdID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              portworxVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              projected:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  sources:
+                                    items:
+                                      properties:
+                                        configMap:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        downwardAPI:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  fieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      apiVersion:
+                                                        nullable: true
+                                                        type: string
+                                                      fieldPath:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                  resourceFieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      containerName:
+                                                        nullable: true
+                                                        type: string
+                                                      divisor:
+                                                        nullable: true
+                                                        type: string
+                                                      resource:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        secret:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        serviceAccountToken:
+                                          nullable: true
+                                          properties:
+                                            audience:
+                                              nullable: true
+                                              type: string
+                                            expirationSeconds:
+                                              nullable: true
+                                              type: integer
+                                            path:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              quobyte:
+                                nullable: true
+                                properties:
+                                  group:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  registry:
+                                    nullable: true
+                                    type: string
+                                  tenant:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                  volume:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              rbd:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  image:
+                                    nullable: true
+                                    type: string
+                                  keyring:
+                                    nullable: true
+                                    type: string
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  pool:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              scaleIO:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  gateway:
+                                    nullable: true
+                                    type: string
+                                  protectionDomain:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  sslEnabled:
+                                    type: boolean
+                                  storageMode:
+                                    nullable: true
+                                    type: string
+                                  storagePool:
+                                    nullable: true
+                                    type: string
+                                  system:
+                                    nullable: true
+                                    type: string
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secret:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              storageos:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                  volumeNamespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              vsphereVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyID:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyName:
+                                    nullable: true
+                                    type: string
+                                  volumePath:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                ttlSecondsAfterFinished:
+                  nullable: true
+                  type: integer
+              type: object
+            syncInterval:
+              type: integer
+          type: object
+        status:
+          properties:
+            commit:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            event:
+              nullable: true
+              type: string
+            hookId:
+              nullable: true
+              type: string
+            jobStatus:
+              nullable: true
+              type: string
+            lastExecutedCommit:
+              nullable: true
+              type: string
+            lastSyncedTime:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            secretToken:
+              nullable: true
+              type: string
+            updateGeneration:
+              type: integer
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- end -}}
diff --git a/charts/fleet-crd/103.1.10+up0.9.11/values.yaml b/charts/fleet-crd/103.1.10+up0.9.11/values.yaml
new file mode 100644
index 0000000000..d41d3a2444
--- /dev/null
+++ b/charts/fleet-crd/103.1.10+up0.9.11/values.yaml
@@ -0,0 +1 @@
+# This file is intentionally empty
diff --git a/charts/fleet/103.1.10+up0.9.11/Chart.yaml b/charts/fleet/103.1.10+up0.9.11/Chart.yaml
new file mode 100644
index 0000000000..8c37be202d
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: fleet-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: fleet
+apiVersion: v2
+appVersion: 0.9.11
+dependencies:
+- condition: gitops.enabled
+  name: gitjob
+  repository: file://./charts/gitjob
+description: Fleet Manager - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet
+version: 103.1.10+up0.9.11
diff --git a/charts/fleet/103.1.10+up0.9.11/README.md b/charts/fleet/103.1.10+up0.9.11/README.md
new file mode 100644
index 0000000000..2f2a4c302a
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/README.md
@@ -0,0 +1,30 @@
+# Fleet Helm Chart
+
+Fleet is GitOps at scale. Fleet is designed to manage multiple clusters.
+
+## What is Fleet?
+
+* Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.
+
+* Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters.
+
+## Introduction
+
+This chart deploys Fleet on a Kubernetes cluster. It also deploys some of its dependencies as subcharts.
+
+The documentation is centralized in the [doc website](https://fleet.rancher.io/).
+
+## Prerequisites
+
+Get helm if you don't have it. Helm 3 is just a CLI.
+
+
+## Install Fleet
+
+Install the Fleet Helm charts (there are two because we separate out CRDs for ultimate flexibility.):
+
+```
+$ helm repo add fleet https://rancher.github.io/fleet-helm-charts/
+$ helm -n cattle-fleet-system install --create-namespace --wait fleet-crd fleet/fleet-crd
+$ helm -n cattle-fleet-system install --create-namespace --wait fleet fleet/fleet
+```
\ No newline at end of file
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/.helmignore b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/.helmignore
new file mode 100644
index 0000000000..691fa13d6a
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
\ No newline at end of file
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/Chart.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/Chart.yaml
new file mode 100644
index 0000000000..c911624309
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: 0.9.17
+description: Controller that run jobs based on git events
+name: gitjob
+version: 0.9.17
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/_helpers.tpl b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/_helpers.tpl
new file mode 100644
index 0000000000..f652b5643d
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrole.yaml
new file mode 100644
index 0000000000..bcad90164f
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrole.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "batch"
+    resources:
+      - 'jobs'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'pods'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - ""
+    resources:
+      - 'secrets'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'configmaps'
+    verbs:
+      - '*'
+  - apiGroups:
+      - "gitjob.cattle.io"
+    resources:
+      - "gitjobs"
+      - "gitjobs/status"
+    verbs:
+      - "*"
\ No newline at end of file
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..0bf07c4ef8
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitjob-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/deployment.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/deployment.yaml
new file mode 100644
index 0000000000..7771db512c
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitjob
+spec:
+  selector:
+    matchLabels:
+      app: "gitjob"
+  template:
+    metadata:
+      labels:
+        app: "gitjob"
+    spec:
+      serviceAccountName: gitjob
+      containers:
+        - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          name: gitjob
+          args:
+          - gitjob
+          - --gitjob-image
+          - "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          {{- if .Values.debug }}
+          - --debug
+          {{- end }}
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.proxy }}
+            - name: HTTP_PROXY
+              value: {{ .Values.proxy }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.proxy }}
+            - name: NO_PROXY
+              value: {{ .Values.noProxy }}
+          {{- end }}
+          {{- if .Values.debug }}
+            - name: CATTLE_DEV_MODE
+              value: "true"
+          {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/leases.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/leases.yaml
new file mode 100644
index 0000000000..51f9339509
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/leases.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - "leases"
+    verbs:
+      - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: gitjob
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/service.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/service.yaml
new file mode 100644
index 0000000000..bf57c1b55c
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitjob
+spec:
+  ports:
+    - name: http-80
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: "gitjob"
\ No newline at end of file
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..5f8aecb045
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitjob
diff --git a/charts/fleet/103.1.10+up0.9.11/charts/gitjob/values.yaml b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/values.yaml
new file mode 100644
index 0000000000..92da006e38
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/charts/gitjob/values.yaml
@@ -0,0 +1,27 @@
+gitjob:
+  repository: rancher/gitjob
+  tag: v0.9.17
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - key: cattle.io/os
+    operator: "Equal"
+    value: "linux"
+    effect: NoSchedule
+
+# PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+debug: false
diff --git a/charts/fleet/103.1.10+up0.9.11/templates/_helpers.tpl b/charts/fleet/103.1.10+up0.9.11/templates/_helpers.tpl
new file mode 100644
index 0000000000..6cd96c3ace
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/103.1.10+up0.9.11/templates/configmap.yaml b/charts/fleet/103.1.10+up0.9.11/templates/configmap.yaml
new file mode 100644
index 0000000000..3fd0b15cf8
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/templates/configmap.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fleet-controller
+data:
+  config: |
+    {
+      "systemDefaultRegistry": "{{ template "system_default_registry" . }}",
+      "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
+      "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
+      "apiServerURL": "{{.Values.apiServerURL}}",
+      "apiServerCA": "{{b64enc .Values.apiServerCA}}",
+      "agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
+      "agentTLSMode": "{{.Values.agentTLSMode}}",
+      "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
+      "bootstrap": {
+        "paths": "{{.Values.bootstrap.paths}}",
+        "repo": "{{.Values.bootstrap.repo}}",
+        "secret": "{{.Values.bootstrap.secret}}",
+        "branch":  "{{.Values.bootstrap.branch}}",
+        "namespace": "{{.Values.bootstrap.namespace}}",
+        "agentNamespace": "{{.Values.bootstrap.agentNamespace}}",
+      },
+      "webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
+      "githubURLPrefix": "{{.Values.githubURLPrefix}}"
+    }
diff --git a/charts/fleet/103.1.10+up0.9.11/templates/deployment.yaml b/charts/fleet/103.1.10+up0.9.11/templates/deployment.yaml
new file mode 100644
index 0000000000..164340c444
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/templates/deployment.yaml
@@ -0,0 +1,102 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-controller
+spec:
+  selector:
+    matchLabels:
+      app: fleet-controller
+  template:
+    metadata:
+      labels:
+        app: fleet-controller
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: FLEET_PROPAGATE_DEBUG_SETTINGS_TO_AGENTS
+          value: {{ quote .Values.propagateDebugSettingsToAgents }}
+        {{- if .Values.clusterEnqueueDelay }}
+        - name: FLEET_CLUSTER_ENQUEUE_DELAY
+          value: {{ .Values.clusterEnqueueDelay }}
+        {{- end }}
+        {{- if .Values.proxy }}
+        - name: HTTP_PROXY
+          value: {{ .Values.proxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.proxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+        {{- end }}
+        {{- if .Values.cpuPprof }}
+        - name: FLEET_CPU_PPROF_DIR
+          value: /tmp/pprof/
+        {{- end }}
+        {{- if .Values.cpuPprof }}
+        - name: FLEET_CPU_PPROF_PERIOD
+          value: {{ quote .Values.cpuPprof.period }}
+        {{- end }}
+        {{- if .Values.debug }}
+        - name: CATTLE_DEV_MODE
+          value: "true"
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: fleet-controller
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        command:
+        - fleetcontroller
+        {{- if not .Values.gitops.enabled }}
+        - --disable-gitops
+        {{- end }}
+        {{- if not .Values.bootstrap.enabled }}
+        - --disable-bootstrap
+        {{- end }}
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- else }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          privileged: false
+          capabilities:
+            drop:
+            - ALL
+        {{- end }}
+        volumeMounts:
+          - mountPath: /tmp
+            name: tmp
+        {{- if .Values.cpuPprof }}
+          - mountPath: /tmp/pprof
+            name: pprof
+        {{- end }}
+      volumes:
+        - name: tmp
+          emptyDir: {}
+      {{- if .Values.cpuPprof }}
+        - name: pprof {{ toYaml .Values.cpuPprof.volumeConfiguration | nindent 10 }}
+      {{- end }}
+
+      serviceAccountName: fleet-controller
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
+
+{{- if not .Values.debug }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+{{- end }}
diff --git a/charts/fleet/103.1.10+up0.9.11/templates/job_cleanup_clusterregistrations.yaml b/charts/fleet/103.1.10+up0.9.11/templates/job_cleanup_clusterregistrations.yaml
new file mode 100644
index 0000000000..17d1ba7864
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/templates/job_cleanup_clusterregistrations.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.migrations.clusterRegistrationCleanup }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: fleet-cleanup-clusterregistrations
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        app: fleet-job
+    spec:
+      serviceAccountName: fleet-controller
+      restartPolicy: Never
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: 1000
+        runAsUser: 1000
+      containers:
+      - name: cleanup
+        image: "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          privileged: false
+        command:
+        - fleet
+        args:
+        - cleanup
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+  backoffLimit: 1
+{{- end }}
diff --git a/charts/fleet/103.1.10+up0.9.11/templates/rbac.yaml b/charts/fleet/103.1.10+up0.9.11/templates/rbac.yaml
new file mode 100644
index 0000000000..361d68c08b
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/templates/rbac.yaml
@@ -0,0 +1,114 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - gitjob.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - fleet.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+  namespace: {{.Release.Namespace}}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+
+{{- if .Values.bootstrap.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller-bootstrap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller-bootstrap
+  namespace: {{.Release.Namespace}}
+{{- end }}
diff --git a/charts/fleet/103.1.10+up0.9.11/templates/serviceaccount.yaml b/charts/fleet/103.1.10+up0.9.11/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..ba27c748d7
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller
+
+{{- if .Values.bootstrap.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller-bootstrap
+{{- end }}
diff --git a/charts/fleet/103.1.10+up0.9.11/values.yaml b/charts/fleet/103.1.10+up0.9.11/values.yaml
new file mode 100644
index 0000000000..bd057c9778
--- /dev/null
+++ b/charts/fleet/103.1.10+up0.9.11/values.yaml
@@ -0,0 +1,87 @@
+image:
+  repository: rancher/fleet
+  tag: v0.9.11
+  imagePullPolicy: IfNotPresent
+
+agentImage:
+  repository: rancher/fleet-agent
+  tag: v0.9.11
+  imagePullPolicy: IfNotPresent
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# Determines whether the agent should trust CA bundles from the operating system's trust store when connecting to a
+# management cluster. True in `system-store` mode, false in `strict` mode.
+agentTLSMode: "system-store"
+
+# A duration string for how often agents should report a heartbeat
+agentCheckinInterval: "15m"
+
+# Whether you want to allow cluster upon registration to specify their labels.
+ignoreClusterRegistrationLabels: false
+
+# Counts from gitrepo are out of sync with bundleDeployment state.
+# Just retry in a number of seconds as there is no great way to trigger an event that doesn't cause a loop.
+# If not set default is 15 seconds.
+# clusterEnqueueDelay: 120s
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+bootstrap:
+  enabled: true
+  # The namespace that will be autocreated and the local cluster will be registered in
+  namespace: fleet-local
+  # The namespace where the fleet agent for the local cluster will be ran, if empty
+  # this will default to cattle-fleet-system
+  agentNamespace: ""
+  # A repo to add at install time that will deploy to the local cluster. This allows
+  # one to fully bootstrap fleet, its configuration and all its downstream clusters
+  # in one shot.
+  repo: ""
+  secret: ""
+  branch: master
+  paths: ""
+
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+gitops:
+  enabled: true
+
+debug: false
+debugLevel: 0
+propagateDebugSettingsToAgents: true
+
+## Optional CPU pprof configuration. Profiles are collected continuously and saved every period
+## Any valid volume configuration can be provided, the example below uses hostPath
+#cpuPprof:
+#  period: "60s"
+#  volumeConfiguration:
+#    hostPath:
+#      path: /tmp/pprof
+#      type: DirectoryOrCreate
+
+migrations:
+  clusterRegistrationCleanup: true
diff --git a/charts/rancher-cis-benchmark-crd/5.6.0/Chart.yaml b/charts/rancher-cis-benchmark-crd/5.6.0/Chart.yaml
new file mode 100644
index 0000000000..cc5079bba4
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/5.6.0/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 5.6.0
diff --git a/charts/rancher-cis-benchmark-crd/5.6.0/README.md b/charts/rancher-cis-benchmark-crd/5.6.0/README.md
new file mode 100644
index 0000000000..f6d9ef621f
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/5.6.0/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscan.yaml
new file mode 100644
index 0000000000..3cbb0ffcd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanbenchmark.yaml
new file mode 100644
index 0000000000..fd291f8c33
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanprofile.yaml
new file mode 100644
index 0000000000..1e75501b7c
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanreport.yaml
new file mode 100644
index 0000000000..6e8c0b7de5
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/5.6.0/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/Chart.yaml b/charts/rancher-cis-benchmark/5.6.0/Chart.yaml
new file mode 100644
index 0000000000..36f60cf35d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/kube-version: '>= 1.25.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v5.6.0
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 5.6.0
diff --git a/charts/rancher-cis-benchmark/5.6.0/README.md b/charts/rancher-cis-benchmark/5.6.0/README.md
new file mode 100644
index 0000000000..50beab58ba
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/5.6.0/app-readme.md b/charts/rancher-cis-benchmark/5.6.0/app-readme.md
new file mode 100644
index 0000000000..d240859273
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/app-readme.md
@@ -0,0 +1,55 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
+
+## CIS Kubernetes Benchmark support
+
+| Source | Kubernetes distribution | scan profile                                                                                                       | Kubernetes versions |
+|--------|-------------------------|--------------------------------------------------------------------------------------------------------------------|---------------------|
+| CIS    | any                     | [cis-1.7](https://github.com/rancher/security-scan/tree/master/package/cfg/cis-1.7)                                | v1.25               |
+| CIS    | any                     | [cis-1.8](https://github.com/rancher/security-scan/tree/master/package/cfg/cis-1.8)                                | v1.26+              |
+| CIS    | rke                     | [rke-cis-1.7-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.7-permissive)  | rke1-v1.25          |
+| CIS    | rke                     | [rke-cis-1.7-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.7-hardened)      | rke1-v1.25          |
+| CIS    | rke                     | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.8-permissive)  | rke1-v1.26+         |
+| CIS    | rke                     | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.8-hardened)      | rke1-v1.26+         |
+| CIS    | rke2                    | [rke2-cis-1.7-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.7-permissive)| rke2-v1.25          |
+| CIS    | rke2                    | [rke2-cis-1.7-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.7-hardened)    | rke2-v1.25          |
+| CIS    | rke2                    | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.8-permissive)| rke2-v1.26+         |
+| CIS    | rke2                    | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.8-hardened)    | rke2-v1.26+         |
+| CIS    | k3s                     | [k3s-cis-1.7-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.7-permissive)  | k3s-v1.25           |
+| CIS    | k3s                     | [k3s-cis-1.7-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.7-hardened)      | k3s-v1.25           |
+| CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.8-permissive)  | k3s-v1.26+          |
+| CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.8-hardened)      | k3s-v1.26+          |
+| CIS    | eks                     | eks-1.2.0                                                                                                          | eks                 |
+| CIS    | aks                     | aks-1.0                                                                                                            | aks                 |
+| CIS    | gke                     | gke-1.2.0                                                                                                          | gke                 |
+
+## Upgrading to Kubernetes v1.25+
+
+Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API.
+
+As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`.
+
+> **Note:**
+> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`.
+
+> **Note:**
+> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).**
+>
+> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets.
+
+Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart.
+
+As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/_helpers.tpl b/charts/rancher-cis-benchmark/5.6.0/templates/_helpers.tpl
new file mode 100644
index 0000000000..b7bb000422
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/alertingrule.yaml
new file mode 100644
index 0000000000..1787c88a07
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-aks-1.0.yaml
new file mode 100644
index 0000000000..1ac866253f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-aks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.7.yaml
new file mode 100644
index 0000000000..fa8dfd8eb9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.7.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.7
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.25.0"
+  maxKubernetesVersion: "1.25.x"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.8.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.8.yaml
new file mode 100644
index 0000000000..f9fa2853e9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-cis-1.8.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.8
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.26.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-eks-1.2.0.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-eks-1.2.0.yaml
new file mode 100644
index 0000000000..c1bdd9ed5e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-eks-1.2.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.2.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-gke-1.2.0.yaml
new file mode 100644
index 0000000000..106ff7b0de
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-gke-1.2.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.2.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-hardened.yaml
new file mode 100644
index 0000000000..6fb369360c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.7-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.25.0"
+  maxKubernetesVersion: "1.25.x"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-permissive.yaml
new file mode 100644
index 0000000000..b556d70fe5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.7-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.7-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.25.0"
+  maxKubernetesVersion: "1.25.x"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-hardened.yaml
new file mode 100644
index 0000000000..3f6ac5c159
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.8-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.26.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-permissive.yaml
new file mode 100644
index 0000000000..26f1cdba98
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-k3s-cis-1.8-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.8-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.26.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-hardened.yaml
new file mode 100644
index 0000000000..39bac7833c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.7-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.25.0"
+  maxKubernetesVersion: "1.25.x"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-permissive.yaml
new file mode 100644
index 0000000000..2e2f09ac74
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.7-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.7-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.25.0"
+  maxKubernetesVersion: "1.25.x"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-hardened.yaml
new file mode 100644
index 0000000000..4dbf8b4522
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.8-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.26.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-permissive.yaml
new file mode 100644
index 0000000000..2aa0c85ac4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke-cis-1.8-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.8-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.26.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-hardened.yaml
new file mode 100644
index 0000000000..6306e9601a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.7-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.25.0"
+  maxKubernetesVersion: "1.25.x"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-permissive.yaml
new file mode 100644
index 0000000000..76236e11af
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.7-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.7-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.25.0"
+  maxKubernetesVersion: "1.25.x"
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-hardened.yaml
new file mode 100644
index 0000000000..bf8ee31f7b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.8-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.26.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-permissive.yaml
new file mode 100644
index 0000000000..bd396f9df5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/benchmark-rke2-cis-1.8-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.8-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.26.0"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/cis-roles.yaml
new file mode 100644
index 0000000000..23c93dc659
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/configmap.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/configmap.yaml
new file mode 100644
index 0000000000..32e6d6e550
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/configmap.yaml
@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.21.0: rke-profile-permissive-1.20
+    >=1.21.0: rke-profile-permissive-1.8
+  rke2: |-
+    <1.21.0: rke2-cis-1.20-profile-permissive
+    >=1.21.0: rke2-cis-1.8-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  aks: "aks-profile"
+  k3s: "k3s-cis-1.8-profile-permissive"
+  default: "cis-1.8-profile"
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/deployment.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/deployment.yaml
new file mode 100644
index 0000000000..8c9f72f5de
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: '{{ .Values.global.cattle.clusterName }}'
+        - name: CIS_OPERATOR_DEBUG
+          value: '{{ .Values.image.cisoperator.debug }}'
+        {{- if .Values.securityScanJob.overrideTolerations }}
+        - name: SECURITY_SCAN_JOB_TOLERATIONS
+          value: '{{ .Values.securityScanJob.tolerations | toJson  }}'
+        {{- end }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/network_policy_allow_all.yaml
new file mode 100644
index 0000000000..6ed5d645ea
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 0000000000..e78a6bd08a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/psp.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/psp.yaml
new file mode 100644
index 0000000000..9b8a5995ee
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/psp.yaml
@@ -0,0 +1,59 @@
+{{- if .Values.global.cattle.psp.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: cis-psp
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  fsGroup:
+    rule: RunAsAny
+  hostIPC: true
+  hostNetwork: true
+  hostPID: true
+  hostPorts:
+  - max: 65535
+    min: 0
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-psp-role
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - cis-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cis-psp-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-psp-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/rbac.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/rbac.yaml
new file mode 100644
index 0000000000..33fb93f04c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/rbac.yaml
@@ -0,0 +1,219 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-clusterrole
+rules:
+- apiGroups:
+  - "cis.cattle.io"
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - "pods"
+  - "services"
+  - "configmaps"
+  - "nodes"
+  - "serviceaccounts"
+  verbs:
+  - "get"
+  - "list"
+  - "create"
+  - "update"
+  - "watch"
+  - "patch"
+- apiGroups:
+  - "rbac.authorization.k8s.io"
+  resources:
+  - "rolebindings"
+  - "clusterrolebindings"
+  - "clusterroles"
+  verbs:
+  - "get"
+  - "list"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "list"
+  - "create"
+  - "patch"
+  - "update"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-scan-ns
+rules:
+{{- if .Values.global.cattle.psp.enabled }}
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
+{{- end }}
+- apiGroups:
+  - ""
+  resources:
+  - "namespaces"
+  - "nodes"
+  - "pods"
+  - "serviceaccounts"
+  - "services"
+  - "replicationcontrollers"
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
+- apiGroups: 
+  - "rbac.authorization.k8s.io"
+  resources:
+  - "rolebindings"
+  - "clusterrolebindings"
+  - "clusterroles"
+  verbs:
+  - "get"
+  - "list"
+- apiGroups:
+   - "batch"
+  resources:
+   - "jobs"
+   - "cronjobs"
+  verbs:
+   - "list"
+- apiGroups:
+    - "apps"
+  resources:
+    - "daemonsets"
+    - "deployments"
+    - "replicasets"
+    - "statefulsets"
+  verbs:
+    - "list"
+- apiGroups:
+    - "autoscaling"
+  resources:
+    - "horizontalpodautoscalers"
+  verbs:
+    - "list"
+- apiGroups:
+    - "networking.k8s.io"
+  resources:
+    - "networkpolicies"
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-operator-role
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - "services"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "delete"
+- apiGroups:
+  - ""
+  resources:
+  - "configmaps"
+  - "pods"
+  - "secrets"
+  verbs:
+  - "*"
+- apiGroups:
+  - "apps"
+  resources:
+  - "daemonsets"
+  verbs:
+  - "*"
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - prometheusrules
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cis-scan-ns
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-scan-ns
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.7.yaml
new file mode 100644
index 0000000000..edac79e2a3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.7.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.7-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.7
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.8.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.8.yaml
new file mode 100644
index 0000000000..bf68d6ec17
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-cis-1.8.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.8-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.8
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-hardened.yml
new file mode 100644
index 0000000000..51fd6baf00
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.7-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.7-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-permissive.yml
new file mode 100644
index 0000000000..0c1baf774a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.7-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.7-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.7-permissive
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-hardened.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-hardened.yml
new file mode 100644
index 0000000000..8a78b2a964
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.8-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.8-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-permissive.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-permissive.yml
new file mode 100644
index 0000000000..3bbf94335c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-k3s-cis-1.8-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.8-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.8-permissive
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-hardened.yaml
new file mode 100644
index 0000000000..e488eaedf0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.7
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.7-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-permissive.yaml
new file mode 100644
index 0000000000..8e6df750d6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.7-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.7
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.7-permissive
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-hardened.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-hardened.yaml
new file mode 100644
index 0000000000..24a1250c06
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.8
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.8-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-permissive.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-permissive.yaml
new file mode 100644
index 0000000000..4472913c64
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke-1.8-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.8
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.8-permissive
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-hardened.yml
new file mode 100644
index 0000000000..9e90d769ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.7-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.7-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-permissive.yml
new file mode 100644
index 0000000000..4363d3afab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.7-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.7-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.7-permissive
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-hardened.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-hardened.yml
new file mode 100644
index 0000000000..05fc5d8d33
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.8-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.8-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-permissive.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-permissive.yml
new file mode 100644
index 0000000000..a83409c02e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofile-rke2-cis-1.8-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.8-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.8-permissive
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofileaks.yml
new file mode 100644
index 0000000000..ea7b25b404
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofileaks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofileeks.yml
new file mode 100644
index 0000000000..de4500acd9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.2.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofilegke.yml
new file mode 100644
index 0000000000..3e5e2439ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.2.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..ec48ec6224
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/validate-install-crd.yaml
new file mode 100644
index 0000000000..562295791b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/5.6.0/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/5.6.0/templates/validate-psp-install.yaml
new file mode 100644
index 0000000000..a30c59d3b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/templates/validate-psp-install.yaml
@@ -0,0 +1,7 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+#{{- if .Values.global.cattle.psp.enabled }}
+#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
+#{{- end }}
+#{{- end }}
+#{{- end }}
diff --git a/charts/rancher-cis-benchmark/5.6.0/values.yaml b/charts/rancher-cis-benchmark/5.6.0/values.yaml
new file mode 100644
index 0000000000..550b652a9c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/5.6.0/values.yaml
@@ -0,0 +1,55 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.1.0
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.3.0
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.57.2
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+securityScanJob:
+  overrideTolerations: false
+  tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+    psp:
+      enabled: false
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.28.12
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/Chart.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/Chart.yaml
new file mode 100644
index 0000000000..f1e2ec31d0
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/Chart.yaml
@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.4.13
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 103.0.12+up0.4.13
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/templates/_helpers.tpl b/charts/rancher-webhook/103.0.12+up0.4.13/templates/_helpers.tpl
new file mode 100644
index 0000000000..c37a65c6f3
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/templates/deployment.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/templates/deployment.yaml
new file mode 100644
index 0000000000..b8a7201dac
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/templates/deployment.yaml
@@ -0,0 +1,82 @@
+{{- $auth := .Values.auth | default dict }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      {{- if $auth.clientCA }}
+      volumes:
+      - name: client-ca
+        secret:
+          secretName: client-ca
+      {{- end }}
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: CATTLE_PORT
+          value: {{.Values.port | default 9443 | quote}}
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if $auth.allowedCNs }}
+        - name: ALLOWED_CNS
+          value: '{{ join "," $auth.allowedCNs }}'
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: {{ .Values.port | default 9443 }}
+        startupProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          failureThreshold: 60
+          periodSeconds: 5
+        livenessProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          periodSeconds: 5
+        {{- if $auth.clientCA }}
+        volumeMounts:
+        - name: client-ca
+          mountPath: /tmp/k8s-webhook-server/client-ca
+          readOnly: true
+        {{- end }}
+        {{- if .Values.capNetBindService }}
+        securityContext:
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+        {{- end }}
+      serviceAccountName: rancher-webhook
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/templates/rbac.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/templates/rbac.yaml
new file mode 100644
index 0000000000..f4364995c0
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/templates/secret.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/templates/secret.yaml
new file mode 100644
index 0000000000..9fd331dc1e
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/templates/secret.yaml
@@ -0,0 +1,11 @@
+{{- $auth := .Values.auth | default dict }}
+{{- if $auth.clientCA }}
+apiVersion: v1
+data:
+  ca.crt: {{ $auth.clientCA }}
+kind: Secret
+metadata:
+  name: client-ca
+  namespace: cattle-system
+type: Opaque
+{{- end }}
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/templates/service.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/templates/service.yaml
new file mode 100644
index 0000000000..220afebeae
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: {{ .Values.port | default 9443 }}
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/templates/serviceaccount.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..9e7ad7e1fe
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-sudo
+  annotations:
+    cattle.io/description: "SA which can be impersonated to bypass rancher-webhook validation"
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/templates/webhook.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/templates/webhook.yaml
new file mode 100644
index 0000000000..53a0687b6f
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/templates/webhook.yaml
@@ -0,0 +1,9 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/tests/README.md b/charts/rancher-webhook/103.0.12+up0.4.13/tests/README.md
new file mode 100644
index 0000000000..6d3059a005
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/tests/README.md
@@ -0,0 +1,16 @@
+
+## local dev testing instructions
+
+Option 1: Full chart CI run with a live cluster
+
+```bash
+./scripts/charts/ci 
+```
+
+Option 2: Test runs against the chart only 
+
+```bash
+# install the helm plugin first - helm plugin install https://github.com/helm-unittest/helm-unittest.git
+bash dev-scripts/helm-unittest.sh
+```
+
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/tests/deployment_test.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/tests/deployment_test.yaml
new file mode 100644
index 0000000000..bbd6e30444
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/tests/deployment_test.yaml
@@ -0,0 +1,73 @@
+suite: Test Deployment
+templates:
+  - deployment.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 9443
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "9443"
+
+  - it: should set updated webhook port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 2319
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "2319"
+
+  - it: should not set capabilities by default.
+    asserts:
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext
+
+  - it: should set net capabilities when capNetBindService is true.
+    set:
+      capNetBindService: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].securityContext.capabilities.add
+          content: NET_BIND_SERVICE
+
+  - it: should not set volumes or volumeMounts by default
+    asserts:
+      - isNull:
+          path: spec.template.spec.volumes
+      - isNull:
+          path: spec.template.spec.volumeMounts
+
+  - it: should set CA fields when CA options are set
+    set:
+      auth.clientCA: base64-encoded-cert
+      auth.allowedCNs:
+        - kube-apiserver
+        - joe
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: client-ca
+            secret:
+              secretName: client-ca
+      - contains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: client-ca
+            mountPath: /tmp/k8s-webhook-server/client-ca
+            readOnly: true
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ALLOWED_CNS
+            value: kube-apiserver,joe
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/tests/service_test.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/tests/service_test.yaml
new file mode 100644
index 0000000000..03172ad033
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/tests/service_test.yaml
@@ -0,0 +1,18 @@
+suite: Test Service
+templates:
+  - service.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 9443
+
+  - it: should set updated target port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 2319
diff --git a/charts/rancher-webhook/103.0.12+up0.4.13/values.yaml b/charts/rancher-webhook/103.0.12+up0.4.13/values.yaml
new file mode 100644
index 0000000000..230a7d4dbc
--- /dev/null
+++ b/charts/rancher-webhook/103.0.12+up0.4.13/values.yaml
@@ -0,0 +1,30 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.4.13
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+mcm:
+  enabled: true
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+# port assigns which port to use when running rancher-webhook
+port: 9443
+
+# Parameters for authenticating the kube-apiserver.
+auth:
+  # CA for authenticating kube-apiserver client certs. If empty, client connections will not be authenticated.
+  # Must be base64-encoded.
+  clientCA: ""
+  # Allowlist of CNs for kube-apiserver client certs. If empty, any cert signed by the CA provided in clientCA will be accepted.
+  allowedCNs: []
diff --git a/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/Chart.yaml b/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/Chart.yaml
new file mode 100644
index 0000000000..4ed9d53942
--- /dev/null
+++ b/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-ui-plugin-system
+  catalog.cattle.io/release-name: ui-plugin-operator-crd
+apiVersion: v1
+description: Installs the CRDs for ui-plugin-operator.
+name: ui-plugin-operator-crd
+type: application
+version: 103.0.3+up0.2.2
diff --git a/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/README.md b/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/README.md
new file mode 100644
index 0000000000..a68add8280
--- /dev/null
+++ b/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/README.md
@@ -0,0 +1,2 @@
+# ui-plugin-operator-crd
+A Rancher chart that installs the CRDs used by ui-plugin-operator.
diff --git a/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/templates/crds.yaml b/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/templates/crds.yaml
new file mode 100644
index 0000000000..18b71d5b01
--- /dev/null
+++ b/charts/ui-plugin-operator-crd/103.0.3+up0.2.2/templates/crds.yaml
@@ -0,0 +1,61 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: uiplugins.catalog.cattle.io
+spec:
+  group: catalog.cattle.io
+  names:
+    kind: UIPlugin
+    plural: uiplugins
+    singular: uiplugin
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.release.name
+      name: Plugin Name
+      type: string
+    - jsonPath: .status.version
+      name: Version
+      type: string
+    - jsonPath: .status.state
+      name: State
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              plugin:
+                properties:
+                  endpoint:
+                    nullable: true
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                  noCache:
+                    type: boolean
+                  version:
+                    nullable: true
+                    type: string
+                type: object
+            type: object
+          status:
+            properties:
+              cacheState:
+                nullable: true
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/Chart.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/Chart.yaml
new file mode 100644
index 0000000000..a3f9910c5b
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/Chart.yaml
@@ -0,0 +1,19 @@
+annotations:
+  catalog.cattle.io/auto-install: ui-plugin-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: UI Plugin Operator
+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-ui-plugin-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux, windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: ui-plugin-operator
+apiVersion: v1
+appVersion: 0.1.3
+description: A UI Plugin Operator Chart for plugin management in Rancher
+keywords:
+- applications
+- infrastructure
+name: ui-plugin-operator
+type: application
+version: 103.0.3+up0.2.2
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/app-readme.md b/charts/ui-plugin-operator/103.0.3+up0.2.2/app-readme.md
new file mode 100644
index 0000000000..3473271768
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/app-readme.md
@@ -0,0 +1,21 @@
+# Rancher UI Plugin Operator
+
+This chart works together with the Rancher UI extensions feature to enable the ability to install UI extensions in your cluster.
+
+## Upgrading to Kubernetes v1.25+
+    ​
+Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API.
+    ​
+As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`.
+​
+> **Note:**
+> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`.
+    ​
+> **Note:**
+> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).**
+>
+> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets.
+​
+Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart.
+​
+As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/_helpers.tpl b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/_helpers.tpl
new file mode 100644
index 0000000000..0d41d827fc
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/_helpers.tpl
@@ -0,0 +1,89 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ui-plugin-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ui-plugin-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ui-plugin-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ui-plugin-operator.labels" -}}
+helm.sh/chart: {{ include "ui-plugin-operator.chart" . }}
+{{ include "ui-plugin-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ui-plugin-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ui-plugin-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ui-plugin-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ui-plugin-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes, 
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: linux
+{{- else -}}
+kubernetes.io/os: linux
+{{- end -}}
+{{- end -}}
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/dashboardrole.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/dashboardrole.yaml
new file mode 100644
index 0000000000..e8b7c456cf
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/dashboardrole.yaml
@@ -0,0 +1,33 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}-dashboard
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services/proxy
+  resourceNames:
+  - "http:{{ .Chart.Name }}:{{ .Values.service.port }}"
+  - "https:{{ .Chart.Name }}:{{ .Values.service.port }}"
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-dashboard
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-dashboard
+subjects:
+- kind: Group
+  name: system:authenticated
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/deployment.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/deployment.yaml
new file mode 100644
index 0000000000..7cf9e5dc7e
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/deployment.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  labels:
+    {{- include "ui-plugin-operator.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicas }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "ui-plugin-operator.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "ui-plugin-operator.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      serviceAccountName: {{ .Chart.Name }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          args:
+          - {{ template "ui-plugin-operator.name" . }}
+{{- if .Values.debug }}
+          - --debug
+          - --debug-level={{ .Values.debugLevel }}
+{{- end }}
+{{- if .Values.additionalArgs }}
+{{- toYaml .Values.additionalArgs | nindent 10 }}
+{{- end }}
+          # livenessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: http
+          # readinessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: http
+          resources:
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/hardened.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/hardened.yaml
new file mode 100644
index 0000000000..9d11df86cc
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/hardened.yaml
@@ -0,0 +1,123 @@
+{{- $namespaces := dict "_0" .Release.Namespace -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    metadata:
+      name: {{ .Chart.Name }}-patch-sa
+      labels:
+        app: {{ .Chart.Name }}-patch-sa
+    spec:
+      serviceAccountName: {{ .Chart.Name }}-patch-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      restartPolicy: Never
+      containers:
+      {{- range $_, $ns := $namespaces }}
+      - name: patch-sa-{{ $ns }}
+        image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }}
+        imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", "{{ $ns }}"]
+      {{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs: ['get', 'patch']
+{{- if .Values.global.cattle.psp.enabled }}
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ .Chart.Name }}-patch-sa
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-patch-sa
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+---
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
+{{- range $_, $ns := $namespaces }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ $ns }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
+{{- end }}
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/service.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/service.yaml
new file mode 100644
index 0000000000..7c4e735e9d
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  labels:
+    {{- include "ui-plugin-operator.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "ui-plugin-operator.selectorLabels" . | nindent 4 }}
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/serviceaccount.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..d43d0492b0
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/serviceaccount.yaml
@@ -0,0 +1,101 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+rules:
+- apiGroups: ["catalog.cattle.io"]
+  resources:
+  - uiplugins
+  - uiplugins/status
+  verbs: ["*"]
+- apiGroups: ["coordination.k8s.io"]
+  resources:
+  - leases
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+---
+{{- if .Values.global.cattle.psp.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/validate-psp-install.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/validate-psp-install.yaml
new file mode 100644
index 0000000000..a30c59d3b7
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/templates/validate-psp-install.yaml
@@ -0,0 +1,7 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+#{{- if .Values.global.cattle.psp.enabled }}
+#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
+#{{- end }}
+#{{- end }}
+#{{- end }}
diff --git a/charts/ui-plugin-operator/103.0.3+up0.2.2/values.yaml b/charts/ui-plugin-operator/103.0.3+up0.2.2/values.yaml
new file mode 100644
index 0000000000..ef014b63a7
--- /dev/null
+++ b/charts/ui-plugin-operator/103.0.3+up0.2.2/values.yaml
@@ -0,0 +1,69 @@
+# Default values for sample.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: rancher/ui-plugin-operator
+  pullPolicy: Always
+  tag: "v0.1.3"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 8080
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+
+replicas: 1
+
+resources: {}
+
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+podAnnotations: []
+
+additionalArgs: []
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    psp:
+      enabled: false # PSP enablement should default to false
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+    pullPolicy: IfNotPresent
+  rbac:
+    ## Create RBAC resources for ServiceAccounts and users
+    ##
+    enabled: false
+    # create: true
+    # userRoles:
+    #   ## Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets
+    #   create: true
+    #   ## Aggregate default user ClusterRoles into default k8s ClusterRoles
+    #   aggregateToDefaultRoles: true
+
+    # pspEnabled: true
+    # pspAnnotations: {}
+
+debug: false
+debugLevel: 0
diff --git a/index.yaml b/index.yaml
index c6b9261223..e495098363 100755
--- a/index.yaml
+++ b/index.yaml
@@ -121,6 +121,30 @@ entries:
     urls:
     - assets/elemental/elemental-104.0.0+up1.4.3.tgz
     version: 104.0.0+up1.4.3
+  - annotations:
+      catalog.cattle.io/auto-install: elemental-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Elemental
+      catalog.cattle.io/kube-version: '>= 1.23.0-0'
+      catalog.cattle.io/namespace: cattle-elemental-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/provides-gvr: elemental.cattle.io/v1beta1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: elemental-operator
+      catalog.cattle.io/scope: management
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/upstream-version: 1.6.5
+    apiVersion: v2
+    appVersion: 1.6.5
+    created: "2024-11-11T18:18:02.645696966-03:00"
+    description: Elemental provides Cloud Native OS Management for Cluster Nodes.
+    digest: e01ba212904a0037ac5c1a84b27365f43a883d20ba9e4c3b7c6d757846910ca4
+    icon: https://raw.githubusercontent.com/rancher/elemental/main/logo/icon-elemental.svg
+    name: elemental
+    urls:
+    - assets/elemental/elemental-103.4.1+up1.6.5.tgz
+    version: 103.4.1+up1.6.5
   - annotations:
       catalog.cattle.io/auto-install: elemental-crd=match
       catalog.cattle.io/certified: rancher
@@ -341,6 +365,21 @@ entries:
     urls:
     - assets/elemental-crd/elemental-crd-104.0.0+up1.4.3.tgz
     version: 104.0.0+up1.4.3
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-elemental-system
+      catalog.cattle.io/release-name: elemental-operator-crds
+    apiVersion: v2
+    appVersion: 1.6.5
+    created: "2024-11-11T18:18:06.850604413-03:00"
+    description: A Helm chart for deploying Rancher Elemental Operator CRDs
+    digest: 5aa44ef0c1e144b5a203e49dde264de2164b48603fab4a3bf3561849b0f92fe1
+    name: elemental-crd
+    type: application
+    urls:
+    - assets/elemental-crd/elemental-crd-103.4.1+up1.6.5.tgz
+    version: 103.4.1+up1.6.5
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -977,6 +1016,32 @@ entries:
     urls:
     - assets/fleet/fleet-104.0.0+up0.10.0.tgz
     version: 104.0.0+up0.10.0
+  - annotations:
+      catalog.cattle.io/auto-install: fleet-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/experimental: "true"
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: fleet
+    apiVersion: v2
+    appVersion: 0.9.11
+    created: "2024-11-11T18:18:22.616889473-03:00"
+    dependencies:
+    - condition: gitops.enabled
+      name: gitjob
+      repository: file://./charts/gitjob
+    description: Fleet Manager - GitOps at Scale
+    digest: 8d6c9be8dd468a45d66a6d32bce1caf1dd1318b1d4e783959f805930a4718942
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet
+    urls:
+    - assets/fleet/fleet-103.1.10+up0.9.11.tgz
+    version: 103.1.10+up0.9.11
   - annotations:
       catalog.cattle.io/auto-install: fleet-crd=match
       catalog.cattle.io/certified: rancher
@@ -2059,6 +2124,25 @@ entries:
     urls:
     - assets/fleet-agent/fleet-agent-104.0.0+up0.10.0.tgz
     version: 104.0.0+up0.10.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: fleet-agent
+    apiVersion: v2
+    appVersion: 0.9.11
+    created: "2024-11-11T18:18:30.680138726-03:00"
+    description: Fleet Manager Agent - GitOps at Scale
+    digest: 9470433d47dbd0ea99710a53e82e1589bfcb2dd930c235d31d2207b8cca09beb
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-agent
+    urls:
+    - assets/fleet-agent/fleet-agent-103.1.10+up0.9.11.tgz
+    version: 103.1.10+up0.9.11
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -2878,6 +2962,23 @@ entries:
     urls:
     - assets/fleet-crd/fleet-crd-104.0.0+up0.10.0.tgz
     version: 104.0.0+up0.10.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/release-name: fleet-crd
+    apiVersion: v2
+    appVersion: 0.9.11
+    created: "2024-11-11T18:18:26.218070958-03:00"
+    description: Fleet Manager CustomResourceDefinitions
+    digest: 102a6e8e1421ff4f48520b72aa812e7b689ef81010d3133795a97d154e5cb1ee
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-crd
+    urls:
+    - assets/fleet-crd/fleet-crd-103.1.10+up0.9.11.tgz
+    version: 103.1.10+up0.9.11
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -13024,6 +13125,32 @@ entries:
     urls:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-6.0.0.tgz
     version: 6.0.0
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/kube-version: '>= 1.25.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v5.6.0
+    created: "2024-11-11T18:18:15.519400168-03:00"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 23b3df0f8babcb8de7a9488f3ed3f3027634abac4b410957694704a9d66b518f
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-5.6.0.tgz
+    version: 5.6.0
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -13798,6 +13925,20 @@ entries:
     urls:
     - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-6.0.0.tgz
     version: 6.0.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2024-11-11T18:18:19.167292006-03:00"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 019b4a28a9f16c8a188a61530282bec109e8a6fb5ea5747b69a30614aff1be84
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-5.6.0.tgz
+    version: 5.6.0
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -26851,6 +26992,24 @@ entries:
     urls:
     - assets/rancher-webhook/rancher-webhook-104.0.0+up0.5.0.tgz
     version: 104.0.0+up0.5.0
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-webhook
+    apiVersion: v2
+    appVersion: 0.4.13
+    created: "2024-11-11T18:18:12.357365288-03:00"
+    description: ValidatingAdmissionWebhook for Rancher types
+    digest: 11c56a367d8bbc9f95fc1fbeeaa52f343afd3320afc57109d0610f0ad87bae36
+    name: rancher-webhook
+    urls:
+    - assets/rancher-webhook/rancher-webhook-103.0.12+up0.4.13.tgz
+    version: 103.0.12+up0.4.13
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -29090,6 +29249,29 @@ entries:
     - assets/system-upgrade-controller/system-upgrade-controller-100.0.0+up0.3.0.tgz
     version: 100.0.0+up0.3.0
   ui-plugin-operator:
+  - annotations:
+      catalog.cattle.io/auto-install: ui-plugin-operator-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: UI Plugin Operator
+      catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-ui-plugin-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux, windows
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: ui-plugin-operator
+    apiVersion: v1
+    appVersion: 0.1.3
+    created: "2024-11-11T18:56:13.217478307-03:00"
+    description: A UI Plugin Operator Chart for plugin management in Rancher
+    digest: f18a89fc30f8df5a42fea717151343b6326edfe0aab7e09f251c9ea229b9747c
+    keywords:
+    - applications
+    - infrastructure
+    name: ui-plugin-operator
+    type: application
+    urls:
+    - assets/ui-plugin-operator/ui-plugin-operator-103.0.3+up0.2.2.tgz
+    version: 103.0.3+up0.2.2
   - annotations:
       catalog.cattle.io/auto-install: ui-plugin-operator-crd=match
       catalog.cattle.io/certified: rancher
@@ -29252,6 +29434,20 @@ entries:
     - assets/ui-plugin-operator/ui-plugin-operator-101.0.0+up0.1.0.tgz
     version: 101.0.0+up0.1.0
   ui-plugin-operator-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-ui-plugin-system
+      catalog.cattle.io/release-name: ui-plugin-operator-crd
+    apiVersion: v1
+    created: "2024-11-11T18:56:17.440486344-03:00"
+    description: Installs the CRDs for ui-plugin-operator.
+    digest: fe6d83a7a42cbf62a9661babd7d112181badc2312b863ab3566097bf14a39e02
+    name: ui-plugin-operator-crd
+    type: application
+    urls:
+    - assets/ui-plugin-operator-crd/ui-plugin-operator-crd-103.0.3+up0.2.2.tgz
+    version: 103.0.3+up0.2.2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
diff --git a/release.yaml b/release.yaml
index 573c31c120..0864bbceb5 100644
--- a/release.yaml
+++ b/release.yaml
@@ -1,62 +1,20 @@
 elemental:
-  - 104.2.1+up1.6.5
+  - 103.4.1+up1.6.5
 elemental-crd:
-  - 104.2.1+up1.6.5
-rancher-istio:
-  - 104.4.1+up1.22.1
-  - 104.5.0+up1.23.2
-rancher-backup:
-  - 103.0.4+up4.0.4
-rancher-backup-crd:
-  - 103.0.4+up4.0.4
-fleet:
-  - 102.2.6+up0.8.5
-  - 102.2.7+up0.8.6
-  - 103.1.9+up0.9.10
-  - 104.1.1+up0.10.5
-fleet-agent:
-  - 102.2.6+up0.8.5
-  - 102.2.7+up0.8.6
-  - 103.1.9+up0.9.10
-  - 104.1.1+up0.10.5
-fleet-crd:
-  - 102.2.6+up0.8.5
-  - 102.2.7+up0.8.6
-  - 103.1.9+up0.9.10
-  - 104.1.1+up0.10.5
-harvester-csi-driver:
-  - 103.0.3+up0.1.20
-rancher-aks-operator:
-  - 104.4.0+up1.9.4
-rancher-aks-operator-crd:
-  - 104.4.0+up1.9.4
-rancher-eks-operator:
-  - 104.4.0+up1.9.4
-rancher-eks-operator-crd:
-  - 104.4.0+up1.9.4
-rancher-gke-operator:
-  - 104.4.0+up1.9.4
-rancher-gke-operator-crd:
-  - 104.4.0+up1.9.4
+  - 103.4.1+up1.6.5
 rancher-webhook:
-  - 104.0.4+up0.5.4
-  - 104.0.3+up0.5.3
-  - 2.0.13+up0.3.13
-rancher-gatekeeper:
-  - 104.0.1+up3.13.0
-rancher-gatekeeper-crd:
-  - 104.0.1+up3.13.0
-longhorn:
-  - 104.2.1+up1.7.2
-  - 102.5.1+up1.7.2
-  - 103.4.1+up1.7.2
-longhorn-crd:
-  - 104.2.1+up1.7.2
-  - 102.5.1+up1.7.2
-  - 103.4.1+up1.7.2
-prometheus-federator:
-  - 104.0.2+up0.4.2
+  - 103.0.12+up0.4.13
 rancher-cis-benchmark:
-  - 6.4.0
+  - 5.6.0
 rancher-cis-benchmark-crd:
-  - 6.4.0
+  - 5.6.0
+fleet:
+  - 103.1.10+up0.9.11
+fleet-crd:
+  - 103.1.10+up0.9.11
+fleet-agent:
+  - 103.1.10+up0.9.11
+ui-plugin-operator:
+  - 103.0.3+up0.2.2
+ui-plugin-operator-crd:
+  - 103.0.3+up0.2.2