From cd8534ece11a5e3664bb570f25693d0e683579fd Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Tue, 4 Feb 2020 16:08:58 +0100 Subject: [PATCH] Change --registry-scanning to --registry-disable-scanning --- cmd/fluxctl/install_cmd.go | 4 +-- cmd/fluxd/main.go | 26 ++++++++-------- docs/faq.md | 10 +++---- docs/references/daemon.md | 2 +- pkg/daemon/daemon_test.go | 2 +- pkg/daemon/loop.go | 6 ++-- pkg/daemon/sync_test.go | 2 +- pkg/install/generated_templates.gogen.go | 4 +-- pkg/install/install.go | 28 ++++++++--------- pkg/install/install_test.go | 30 +++++++------------ .../templates/flux-deployment.yaml.tmpl | 4 +-- .../14_release_image/release_image_patch.yaml | 2 +- .../fixtures/kustom/base/flux/e2e_patch.yaml | 2 +- 13 files changed, 56 insertions(+), 66 deletions(-) diff --git a/cmd/fluxctl/install_cmd.go b/cmd/fluxctl/install_cmd.go index b45e0a0acd..7b0ae8552e 100644 --- a/cmd/fluxctl/install_cmd.go +++ b/cmd/fluxctl/install_cmd.go @@ -48,8 +48,8 @@ fluxctl install --git-url 'git@github.com:/flux-get-started' --gi "whether to enable manifest generation") cmd.Flags().StringVar(&opts.Namespace, "namespace", "", "cluster namespace where to install flux") - cmd.Flags().BoolVar(&opts.RegistryScanning, "registry-scanning", true, - "scan container image registries to fill in the registry cache") + cmd.Flags().BoolVar(&opts.RegistryDisableScanning, "registry-disable-scanning", false, + "do not scan container image registries to fill in the registry cache") cmd.Flags().StringVarP(&opts.outputDir, "output-dir", "o", "", "a directory in which to write individual manifests, rather than printing to stdout") cmd.Flags().BoolVar(&opts.AddSecurityContext, "add-security-context", true, "Ensure security context information is added to the pod specs. Defaults to 'true'") diff --git a/cmd/fluxd/main.go b/cmd/fluxd/main.go index 3eb323e93b..00d6317bb8 100644 --- a/cmd/fluxd/main.go +++ b/cmd/fluxd/main.go @@ -151,15 +151,15 @@ func main() { memcachedTimeout = fs.Duration("memcached-timeout", time.Second, "maximum time to wait before giving up on memcached requests.") memcachedService = fs.String("memcached-service", "memcached", "SRV service used to discover memcache servers.") - registryScanning = fs.Bool("registry-scanning", true, "scan container image registries to fill in the registry cache") - automationInterval = fs.Duration("automation-interval", 5*time.Minute, "period at which to check for image updates for automated workloads") - registryPollInterval = fs.Duration("registry-poll-interval", 5*time.Minute, "period at which to check for updated images") - registryRPS = fs.Float64("registry-rps", 50, "maximum registry requests per second per host") - registryBurst = fs.Int("registry-burst", defaultRemoteConnections, "maximum number of warmer connections to remote and memcache") - registryTrace = fs.Bool("registry-trace", false, "output trace of image registry requests to log") - registryInsecure = fs.StringSlice("registry-insecure-host", []string{}, "let these registry hosts skip TLS host verification and fall back to using HTTP instead of HTTPS; this allows man-in-the-middle attacks, so use with extreme caution") - registryExcludeImage = fs.StringSlice("registry-exclude-image", []string{"k8s.gcr.io/*"}, "do not scan images that match these glob expressions; the default is to exclude the 'k8s.gcr.io/*' images") - registryUseLabels = fs.StringSlice("registry-use-labels", []string{"index.docker.io/weaveworks/*", "index.docker.io/fluxcd/*"}, "use the timestamp (RFC3339) from labels for (canonical) image refs that match these glob expression") + registryDisableScanning = fs.Bool("registry-disable-scanning", false, "do not scan container image registries to fill in the registry cache") + automationInterval = fs.Duration("automation-interval", 5*time.Minute, "period at which to check for image updates for automated workloads") + registryPollInterval = fs.Duration("registry-poll-interval", 5*time.Minute, "period at which to check for updated images") + registryRPS = fs.Float64("registry-rps", 50, "maximum registry requests per second per host") + registryBurst = fs.Int("registry-burst", defaultRemoteConnections, "maximum number of warmer connections to remote and memcache") + registryTrace = fs.Bool("registry-trace", false, "output trace of image registry requests to log") + registryInsecure = fs.StringSlice("registry-insecure-host", []string{}, "let these registry hosts skip TLS host verification and fall back to using HTTP instead of HTTPS; this allows man-in-the-middle attacks, so use with extreme caution") + registryExcludeImage = fs.StringSlice("registry-exclude-image", []string{"k8s.gcr.io/*"}, "do not scan images that match these glob expressions; the default is to exclude the 'k8s.gcr.io/*' images") + registryUseLabels = fs.StringSlice("registry-use-labels", []string{"index.docker.io/weaveworks/*", "index.docker.io/fluxcd/*"}, "use the timestamp (RFC3339) from labels for (canonical) image refs that match these glob expression") // AWS authentication registryAWSRegions = fs.StringSlice("registry-ecr-region", nil, "include just these AWS regions when scanning images in ECR; when not supplied, the cluster's region will included if it can be detected through the AWS API") @@ -560,7 +560,7 @@ func main() { // Registry components var imageRegistry registry.Registry = registry.ImageScanDisabledRegistry{} var cacheWarmer *cache.Warmer - if *registryScanning { + if !*registryDisableScanning { // Cache client, for use by registry and cache warmer var cacheClient cache.Client var memcacheClient *registryMemcache.MemcacheClient @@ -659,7 +659,7 @@ func main() { "sync-tag", *gitSyncTag, "state", *syncState, "readonly", *gitReadonly, - "registry-scanning", *registryScanning, + "registry-disable-scanning", *registryDisableScanning, "notes-ref", *gitNotesRef, "set-author", *gitSetAuthor, "git-secret", *gitSecret, @@ -727,7 +727,7 @@ func main() { AutomationInterval: *automationInterval, GitTimeout: *gitTimeout, GitVerifySignatures: *gitVerifySignatures, - ImageScanEnabled: *registryScanning, + ImageScanDisabled: *registryDisableScanning, }, } @@ -763,7 +763,7 @@ func main() { shutdownWg.Add(1) go daemon.Loop(shutdown, shutdownWg, log.With(logger, "component", "sync-loop")) - if *registryScanning { + if !*registryDisableScanning { cacheWarmer.Notify = daemon.AskForAutomatedWorkloadImageUpdates cacheWarmer.Priority = daemon.ImageRefresh cacheWarmer.Trace = *registryTrace diff --git a/docs/faq.md b/docs/faq.md index 3017e90e15..98121a044a 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -340,13 +340,13 @@ If the replicas field is not present in Git, Flux will not override the replica ### Can I disable Flux registry scanning? You can completely disable registry scanning by using the -`--registry-scanning=false` flag. This allows deploying Flux without Memcached. +`--registry-disable-scanning` flag. This allows deploying Flux without + Memcached. -If you only want to disable scanning for certain images, you can keep -`--registry-scanning` set to `true` (its default value) and tell Flux -what images to exclude. This is done by supplying a list of glob expressions -using the `registry-exclude-image` flag. +If you only want to disable scanning for certain images, don't set +`--registry-disable-scanning`. Instead, you can tell Flux what images to exclude +by supplying a list of glob expressions to the `--registry-exclude-image` flag. To exclude images from Docker Hub and Quay.io, use: diff --git a/docs/references/daemon.md b/docs/references/daemon.md index 86034ad477..104ecc6913 100644 --- a/docs/references/daemon.md +++ b/docs/references/daemon.md @@ -79,7 +79,7 @@ Version controlling of cluster manifests provides reproducibility and a historic | --registry-ecr-include-id | `[]` | include these AWS account ID(s) when scanning images in ECR (multiple values allowed); empty means allow all, unless excluded | --registry-ecr-exclude-id | `[]` | exclude these AWS account ID(s) when scanning ECR (multiple values allowed); defaults to the EKS system account, so system images will not be scanned | --registry-require | `[]` | exit with an error if the given services are not available. Useful for escalating misconfiguration or outages that might otherwise go undetected. Presently supported values: {`ecr`} | -| --registry-scanning | `true` | scan container image registries to fill in the registry cache +| --registry-disable-scanning | `false` | do not scan container image registries to fill in the registry cache | **k8s-secret backed ssh keyring configuration** | --k8s-secret-name | `flux-git-deploy` | name of the k8s secret used to store the private SSH key | --k8s-secret-volume-mount-path | `/etc/fluxd/ssh` | mount location of the k8s secret storing the private SSH key diff --git a/pkg/daemon/daemon_test.go b/pkg/daemon/daemon_test.go index a5c0efd97f..c7891877b9 100644 --- a/pkg/daemon/daemon_test.go +++ b/pkg/daemon/daemon_test.go @@ -741,7 +741,7 @@ func mockDaemon(t *testing.T) (*Daemon, func(), func(), *mock.Mock, *mockEventWr JobStatusCache: &job.StatusCache{Size: 100}, EventWriter: events, Logger: logger, - LoopVars: &LoopVars{SyncTimeout: timeout, GitTimeout: timeout, SyncState: gitSync, ImageScanEnabled: true}, + LoopVars: &LoopVars{SyncTimeout: timeout, GitTimeout: timeout, SyncState: gitSync}, } start := func() { diff --git a/pkg/daemon/loop.go b/pkg/daemon/loop.go index ff73a80414..3f4a80f175 100644 --- a/pkg/daemon/loop.go +++ b/pkg/daemon/loop.go @@ -20,7 +20,7 @@ type LoopVars struct { GitTimeout time.Duration GitVerifySignatures bool SyncState fluxsync.State - ImageScanEnabled bool + ImageScanDisabled bool initOnce sync.Once syncSoon chan struct{} @@ -62,7 +62,7 @@ func (d *Daemon) Loop(stop chan struct{}, wg *sync.WaitGroup, logger log.Logger) } // Same for registry scanning - if !d.ImageScanEnabled { + if d.ImageScanDisabled { logger.Log("info", "Registry scanning is disabled; no image updates will be attempted") } @@ -82,7 +82,7 @@ func (d *Daemon) Loop(stop chan struct{}, wg *sync.WaitGroup, logger log.Logger) default: } } - if d.Repo.Readonly() || !d.ImageScanEnabled { + if d.Repo.Readonly() || d.ImageScanDisabled { // don't bother trying to update images, and don't // bother setting the timer again continue diff --git a/pkg/daemon/sync_test.go b/pkg/daemon/sync_test.go index c6001735e7..a2efefca4f 100644 --- a/pkg/daemon/sync_test.go +++ b/pkg/daemon/sync_test.go @@ -76,7 +76,7 @@ func daemon(t *testing.T) (*Daemon, func()) { JobStatusCache: &job.StatusCache{Size: 100}, EventWriter: events, Logger: log.NewLogfmtLogger(os.Stdout), - LoopVars: &LoopVars{SyncTimeout: timeout, GitTimeout: timeout, ImageScanEnabled: true}, + LoopVars: &LoopVars{SyncTimeout: timeout, GitTimeout: timeout}, } return d, func() { close(shutdown) diff --git a/pkg/install/generated_templates.gogen.go b/pkg/install/generated_templates.gogen.go index f2a61075be..a6e990bfae 100644 --- a/pkg/install/generated_templates.gogen.go +++ b/pkg/install/generated_templates.gogen.go @@ -31,9 +31,9 @@ var templates = func() http.FileSystem { "/flux-deployment.yaml.tmpl": &vfsgen۰CompressedFileInfo{ name: "flux-deployment.yaml.tmpl", modTime: time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC), - uncompressedSize: 7265, + uncompressedSize: 7270, - compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xd4\x59\x6d\x6f\x1b\x37\xf2\x7f\xef\x4f\x31\x50\xfe\x40\x62\x40\x5a\xd9\x75\xdb\xff\x61\x7b\x2e\x2e\xcd\x83\x9b\x4b\x93\x1a\x76\x72\x87\xbe\xaa\x29\xee\x48\x4b\x88\x4b\xee\x71\xb8\x52\x05\xa1\xdf\xfd\x30\xe4\x3e\x70\x25\xd9\x29\xf2\xee\xf2\x22\xb6\xc9\xe1\x70\x9e\xe7\x37\xdc\xd9\x6c\x76\x26\x6a\xf5\x2f\x74\xa4\xac\xc9\x41\xd4\x35\xcd\x37\x97\x67\x6b\x65\x8a\x1c\x5e\x63\xad\xed\xae\x42\xe3\xcf\x2a\xf4\xa2\x10\x5e\xe4\x67\x00\x46\x54\x98\xc3\x52\x37\x7f\xec\xf7\xa0\x96\x90\x7d\x14\x15\x52\x2d\x24\xc2\x9f\x7f\xb6\xfb\xe1\xcf\x1c\xf6\xfb\xf1\xee\x7e\x0f\x68\x0a\x26\xa3\x1a\x25\x33\x73\x58\x6b\x25\x05\xe5\x70\x79\x06\x40\xa8\x51\x7a\xeb\x78\x07\xa0\x12\x5e\x96\xbf\x88\x05\x6a\x8a\x0b\xe9\xdd\x4c\xed\x9d\xf0\xb8\xda\xc5\x4d\xbf\xab\x31\x87\x3b\x94\x0e\x85\xc7\x33\x00\x8f\x55\xad\x85\xc7\x96\x59\xa2\x01\xff\x13\xc6\x58\x2f\xbc\xb2\xa6\x67\x0e\x50\x3b\x5b\xa1\x2f\xb1\xa1\x4c\xd9\x79\x6d\x9d\xcf\x61\x72\x75\x71\x75\x39\x81\x67\xe0\x51\xeb\x84\x02\xbc\x05\x92\x4e\xd4\x08\xf3\x0a\xbd\x53\x92\x58\xb9\xda\x2a\xe3\x9f\x13\xf0\xe1\xac\x65\xac\x47\x3a\x1c\x68\x01\xd0\xd9\x22\x6c\xd9\x02\xef\x47\x56\xe0\x7f\x0b\xf4\x22\x5b\x37\x0b\x74\x06\x3d\x06\xe1\x2c\xe5\xa0\x95\x69\x59\xb0\xe9\xdc\x46\x49\x7c\x29\xa5\x6d\x8c\xff\x38\xbe\x01\x60\x63\x75\x53\x61\x2f\xc3\xac\x95\x61\xa5\xfc\x6c\x8d\xbb\xfe\x22\x62\xf3\xf9\xe1\xe2\x6e\x65\xe0\x37\xe3\x23\x45\x88\x8c\x84\xaa\xc0\xa5\x68\xb4\xff\x60\x0b\xcc\xe1\xe2\xdb\x8b\x0b\x78\x06\xdb\x12\x0d\x54\x2c\x0d\x16\xe0\x50\x14\x33\x6b\xf4\x6e\x0a\x5b\x84\xad\x35\xcf\x3d\x2c\x10\xc4\x42\x23\x1b\x52\x96\x95\x2d\xce\x5a\x86\xcf\xe0\x53\xa9\x08\x14\x81\x00\x5f\xd5\x4b\x82\x86\xb0\x80\xa5\x75\xb0\x42\x83\x4e\x78\x65\x56\x70\x7f\xff\x33\xac\x71\x47\x19\xbc\x33\xf0\xfe\x6f\x04\x3f\x5e\xc3\x65\x76\x79\x31\xed\xb9\x74\x77\x47\x15\x08\x84\xc3\x54\x0e\xb2\x2c\x8a\x41\x2c\x40\x00\x61\x2d\x38\x9a\x5a\x43\xc1\x16\x7b\x36\x52\x18\xd8\x3a\xe5\x59\xd0\xec\xb4\xfd\x56\x68\x7a\x63\x60\x55\xfb\xdd\x6b\xe5\x52\x23\x56\x58\xa8\xa6\xca\xe1\x03\x56\xd6\xed\x52\x3d\x11\x96\x56\x6b\xbb\x65\x8d\xda\xab\x15\x05\x55\x1b\xe2\x35\x01\xb2\x21\x6f\x2b\xc5\x16\x58\x1b\xbb\x35\xbf\x97\x96\x3c\xf5\x2c\x96\x4a\xe3\x14\xb6\xa5\x92\x25\xec\x6c\x03\x5b\xa5\x75\x54\xca\x5b\x28\x2c\x27\x28\x2f\xf3\x21\xfe\xc5\x81\xdd\x1a\x16\xbb\x67\xe0\xb0\xb6\xe0\x84\x2f\xd1\x81\x2f\x85\x69\x2f\x5e\x29\x5f\x36\x0b\xb0\xbc\x88\xa0\xd5\x1a\x33\xf8\xcd\x36\xcf\xb5\x06\xa1\xc9\x76\x57\x8c\x8d\x0d\xca\x83\x32\xde\x86\x33\xd2\x1a\x2f\x94\x41\x37\x85\x05\x6a\xbb\xcd\xe0\x1e\x07\xab\x96\xde\xd7\x94\xcf\xe7\x85\x95\x94\x71\x60\xc9\x82\xc3\x1a\xcd\x9c\x73\x96\xfc\x7c\xd5\xa8\x02\x69\xde\x10\xce\x6a\xa7\x36\xc2\x63\x08\x3d\x56\x24\x2b\x7d\xa5\x7b\x4e\x9d\x2f\x88\xca\x99\xb4\x66\xa9\x56\xfd\x16\x40\x5c\xf8\x20\xea\x3c\x59\x4c\x33\x70\x96\x1c\xfb\x5a\xbf\x84\xd4\x9c\x47\x26\x43\xf8\x7d\xd1\x27\x5b\x45\x25\xaf\x94\x62\x83\x20\xa0\x50\xcb\x25\x3a\xae\xb6\x1d\x87\x36\xab\x86\x8a\x1a\x5c\x10\xd9\xa5\x4e\xe0\xaa\xb4\x51\x05\x76\x66\x5f\xaa\x55\x25\xea\x41\x10\xe5\x4b\x10\x06\xd0\x78\xb7\x0b\x3a\x3c\x44\xa2\x87\x29\x08\x53\x40\x63\xa4\xad\xb8\xcc\x87\xf3\x51\xdb\x0f\xc1\x9d\xc2\x14\x3d\x17\x34\x9b\xc0\x41\x21\xb5\xfe\x3c\xf2\x00\x9b\xe1\x2b\x3c\x90\x1c\xfb\xa2\x07\x42\x25\xf0\x16\x54\xc5\x05\x16\x6e\x6e\x6f\x42\x11\x80\x17\xac\x16\xa9\x95\x51\x66\xb8\x9c\x95\xdb\xa0\x53\x4b\x25\x43\xa5\x87\xba\x71\xb5\x25\xa4\xf3\xbf\x60\xc8\x9e\x4b\x2c\x1f\xd1\x8a\x6c\x20\xbe\xef\x2f\x18\x0e\x84\x5b\x0d\x69\xfa\x88\xc5\x56\xf5\x8a\xeb\x07\x25\xa6\x19\x97\xe0\x67\x8f\x14\xe1\xe3\x73\x27\x8a\x70\x67\xce\x3e\x13\x8f\xea\x7f\xd2\x21\x5a\xab\x3b\x0c\x75\xd2\x58\x98\xe4\x31\x13\x27\xa0\x2a\xb1\xc2\x18\xfd\x7c\x20\x83\xb7\xca\x14\x41\xe7\x8a\xcb\x8a\x43\x39\x44\x6d\x2c\x29\x1a\x05\x21\x17\x8f\x70\x94\x9d\xc0\x00\x03\x84\xef\xf3\xbe\x6c\x16\x59\x61\xe5\x1a\x5d\x26\x6d\x35\x77\xf3\x58\x03\xc2\x8f\xb9\x17\xbd\xe9\x3a\x3f\x32\x50\x60\x10\xc1\xb7\x7a\xb1\x02\x96\x34\xeb\x69\xc2\x35\x39\xb4\x0c\x95\x4d\xb9\xe5\x97\xd9\xe5\xff\x67\x97\x63\xda\xdb\x46\xeb\x5b\xab\x95\xdc\xe5\xf0\x6e\xf9\xd1\xfa\x5b\x87\x94\x6a\xe1\x90\x6c\xe3\x24\x52\x5a\xc7\x1d\xfe\xa7\x41\xf2\xa3\x35\x00\x59\x37\x39\x7c\x77\x51\x8d\x16\xab\x50\xea\x73\xf8\xfe\xdb\x0f\x6a\xc0\x17\xd6\xa5\x87\x67\x83\x67\x6e\x03\xd6\xb8\xba\xb8\xe2\xce\xa9\xcc\xd2\xba\x2a\x84\xac\xd0\x3d\xb5\x56\x1b\x34\x48\x74\xeb\xec\x02\x53\x09\xd8\xa4\x37\xe3\xae\x1d\xaf\x8a\x0c\xc7\xcb\xc2\x97\x39\xcc\x45\xad\xa2\xa5\x37\xdf\xcf\x55\x81\xc6\x2b\xbf\xcb\xea\x66\x91\xd0\x2a\xa3\xbc\x12\xfa\x35\x6a\xb1\xbb\xe7\xfc\x2c\x28\x87\xef\x12\x02\xaf\x2a\xb4\x8d\x3f\xb1\xc7\x4d\x56\xfd\x6f\x88\x9a\x24\xed\xc8\x31\xa7\xe1\x11\xc4\x36\x77\x1b\x25\x43\x2f\x83\x64\xc5\x9c\xa8\x64\x80\x68\x23\x64\x05\x6d\xdb\x7a\xb3\x62\x97\x81\x32\x31\xe6\x9e\x53\x3c\x43\x54\xce\x47\x65\xb2\xb3\xd9\xaf\x46\xef\x72\xf0\xae\x41\xe6\xc6\x18\x28\x54\xa8\x45\x5b\xd8\x39\xa5\x6a\x74\x4b\xeb\x24\x32\xd3\x08\x7a\x18\xf3\x3c\x26\x78\x8a\x4b\xc6\xb2\x6f\x84\x6b\x65\x8f\x64\x5f\x27\x7e\x92\xa3\xef\x8c\xd4\x4d\xa8\x9c\x0c\xdd\x62\x83\xeb\xaa\x6a\xc4\x06\x5f\x80\x32\x1d\x98\xf9\x81\x8f\x1e\xc0\x8c\xbe\xba\x42\x81\x52\x0b\xc7\x90\x6d\x61\x37\x49\x01\x78\x02\x06\xc4\xf2\x98\x2a\xef\xac\xf5\xf3\x8c\xa8\x7c\x54\x01\x61\x46\xb7\x4e\x86\x16\x35\x89\x37\x4f\x3b\x92\x84\x03\x9a\x8d\x72\xd6\x84\x86\x10\x7b\xed\xe4\xfd\xe7\x9f\xde\xbc\xfa\xf5\xe3\xdb\x77\x37\x93\xd8\x02\xa6\x6c\x0f\xbb\x41\xe7\xc6\xfd\x3a\x61\x13\x5a\xdc\x62\x17\xbb\xa9\xd7\xa7\x74\x3c\x6a\xb4\xc7\x3a\x0e\xc1\xc9\xc4\x8f\x2a\xca\x3d\x8f\x27\x96\xee\x36\x2e\xd1\x09\x14\x69\xa5\x0b\x3e\x49\x58\x1c\x02\x9a\xd4\xe9\x01\xcd\x74\xd0\x5b\x18\x10\xda\xa3\x33\x0c\xad\x8f\x24\x5e\x3a\x5b\x71\x58\x74\x88\x65\x0a\x82\x38\xdc\xda\xae\xca\x66\xd0\x56\xae\xe9\xd8\xd9\x68\x36\xf9\x09\xbb\x0c\xe6\x1e\xd9\x65\x23\x74\x83\x47\x36\xf9\x52\x10\x1f\xc6\x40\xd7\x73\x9f\x88\x00\x6e\xf9\xe3\x56\xff\x44\xb3\x7f\x24\x2e\x99\x2a\xa2\x9b\x11\xdd\xb8\x3e\x7c\x29\xf3\xb6\x82\x41\x89\x05\x6a\xea\x5a\xef\xe0\xe7\x4f\x9f\x6e\x61\x21\x48\x49\x10\x8d\x2f\x41\x3a\x0c\x95\x54\xe8\xd8\xd5\x87\x79\x80\x19\x6e\x94\x08\x8a\x3f\xdc\xbc\xfb\xf4\xfb\xcb\xcf\x9f\x7e\xfe\x7c\xff\xe6\xee\x21\xa8\xdb\x2f\xbd\x7f\xf3\xdb\xc3\x28\xe0\x37\xc2\x29\x9e\xe6\xa8\x03\xc8\x09\xc3\x08\x5f\x0e\xfc\xf7\xd6\xd9\x6a\xec\xc3\x48\x76\x87\xcb\x7c\xa4\xf9\x08\x2b\x72\x61\x63\x15\x06\x03\xb0\xcd\xf3\x91\x3d\xa2\x09\xe2\x8c\x8a\x05\x77\x62\x29\x64\x89\x05\x87\x56\x1a\xdb\x3d\xac\x66\x4b\x31\xf7\x69\xc2\xc5\xba\x16\x37\x27\x07\xda\x19\x3b\x1c\x9c\x86\x4b\x78\x36\x6c\x6d\xec\x4b\xa4\x34\x16\x06\xf4\xea\xb7\x96\xa5\x6c\xd8\x4e\x21\xe3\xc2\x4b\x42\x08\x44\x28\xed\x36\xcc\xbf\xd6\x18\x94\xc1\x65\xca\x8f\x63\x67\x36\xeb\x15\x08\xc3\x0f\x5f\x7e\xdd\x2f\x65\x2d\xe8\xcb\x68\x23\x33\xa9\x1b\xf2\xe8\x32\x2e\xe0\x3a\x35\xc9\x67\x8a\xb5\x66\x30\xc5\xab\x48\xfa\xee\x76\xa4\x14\x97\x1d\x42\x1f\xe6\xeb\x71\x64\x0f\x32\x74\xf4\x1c\x5d\xde\x31\x65\x98\x78\x93\x16\x94\x4a\xdc\x52\x5f\x9f\x8d\x50\xa6\x22\xa8\x1a\x0a\x2f\x00\xc1\x7a\x0a\x8b\x98\x4e\x8b\xd0\xd8\x02\xc6\x0b\x83\xff\x8b\x6e\x9a\x3e\x4f\x65\xe9\x8a\x4b\x4c\x43\x0e\xe0\x64\xfe\x1f\x09\xc2\xcd\x20\x36\xb8\x59\xa1\xdc\xf5\x51\xdb\x4b\xc5\xba\x4b\x10\xe6\xe0\xbc\xcf\x77\xbf\xc4\x07\x0a\x61\x56\x71\xef\x46\xf9\x30\x34\x93\xf2\xd6\xed\xfa\x72\xfd\x96\x91\x71\xc2\xee\xa9\x9c\xe3\xb0\x49\x74\x6f\x53\xe6\x64\x3a\xa5\xb9\xd0\x61\xe7\xff\x7b\x91\x66\xe6\x79\x3e\xfc\xfd\xfe\xcd\x6f\xe7\xff\x88\xa3\x7b\x80\xd5\x0d\xa1\x9b\x0f\xc2\x66\x69\xa2\xb3\x7d\x38\x9d\x1a\xa7\xaf\xf7\x7b\xc8\x6e\x94\x67\x65\xc3\x1b\xde\x98\x62\xe1\x84\x91\x65\x47\xf4\x53\xf8\x2b\xbe\xe6\xa9\x65\x58\xe2\xfa\x45\xa7\x4e\x32\x86\xe3\x73\xf7\x21\x52\xe8\x9f\x56\x99\xe4\xc0\x64\x3a\x69\x1f\x05\x35\x61\x7a\xfc\xe9\xa2\xe6\x90\x03\x4f\xc6\xa9\xab\x12\x46\x2d\x19\x93\x73\x0e\x91\x2a\xd0\x45\x77\x1c\x4c\x36\xe1\x4d\xc2\x12\x42\x63\x0a\x74\x07\x3e\x76\xa8\x85\x57\x1b\x0c\x90\x93\xba\x08\x5c\x8d\xfc\x7c\x90\x93\xbd\x72\xd4\x2c\x0a\xe5\x2e\xa7\xf1\xe7\x37\xfd\x0b\xe7\x60\x9c\xf0\x82\x79\xca\x38\xe1\x59\xb0\xb3\x6a\x47\x75\x82\xc1\x67\x42\x77\xea\x3c\x3b\xb7\xf7\x1c\xd3\xc0\xe9\xf3\x6f\x2a\xa1\x4e\x0a\x80\xbc\xd1\x71\xe8\xa8\x86\x37\xda\x93\xee\x40\x2e\x25\x5b\xcb\x06\x45\x13\x9e\xef\xd8\x4e\xdc\xb1\x95\x3f\x18\xc0\x53\x5b\xb5\xbd\xaf\xed\x6c\xd7\x4f\xb4\xba\xee\x44\xcb\x8b\x4f\x5d\xff\x7d\x8d\x3b\x50\xc5\x8f\x3d\xd9\x13\x70\x26\x91\x8a\x59\x08\xdf\x38\x1c\xbd\x02\x9c\xb8\x2b\x6c\xef\x66\x3d\x3d\x8d\xca\x55\x57\xad\x41\x79\x28\x05\x85\x56\x6c\x8d\xde\x81\x90\x12\x29\x56\xf4\x12\xe3\x43\xda\x8b\xee\xcd\xe6\x61\x29\x34\xe1\xc3\xf9\xd9\x7e\x3f\xeb\x1c\x71\xd7\xf6\xf0\x53\xbe\xe8\x98\x06\xfa\xe3\x7c\x38\x4d\x76\xc2\x4f\xe4\x5d\x23\x7d\x94\x77\x1b\xc6\x79\x86\x78\x8d\x07\xda\x19\x09\x0b\x6b\xd7\x6b\xc4\x9a\xa3\xbe\x17\x75\xb2\x52\x7e\x32\x85\x0a\x05\x1b\x9c\x0b\x1a\x88\x30\x63\xb7\x89\xd0\xd4\xe4\x1d\x8a\xaa\xcf\x88\xf3\x03\xc1\x98\xf5\x8c\xbc\xf0\x78\xcd\x05\xe6\xd1\xb8\x31\xf8\x87\xef\x82\x27\xe9\x78\xc2\xc0\xa4\xbb\x63\xd2\xf5\xa3\x84\xc9\x0b\xcc\x56\xd9\x14\xfe\x8d\x8c\x2c\x5f\x69\xdb\x14\xe7\x59\x78\x20\xf2\x76\xcd\xf3\x09\x41\x2d\x9c\x57\xb2\xd1\xc2\x75\xce\x68\xb9\x1c\xb6\xd2\xf6\xd6\xeb\x2d\x71\x1d\x95\xcc\x2b\xdb\x32\xdf\x6c\x6b\xdd\x9a\xfa\x61\xf3\xe0\x58\xb8\xe8\x5a\x2c\xe4\xe5\x37\x57\xc7\xff\xa7\x0a\xbf\x89\xd1\xd7\x55\xa5\xfe\xc1\xda\x9a\x27\x42\xe3\x43\x4b\x7d\x33\x10\x1f\x44\x48\xc7\x6f\x36\xf0\xbb\x0e\x38\xf0\xf1\x68\x39\x75\x24\x5c\xfc\x48\xe8\xdc\xa3\xdb\x9c\xf8\x94\xc1\x03\xc1\x80\x80\x38\x57\x7f\x48\x5b\xb1\x58\x73\x1b\x8b\x51\x46\xe8\x93\xef\x23\xcf\x93\x4f\x2c\xc9\xb7\x12\x76\x4e\x78\xba\x0b\xa0\x3c\x1b\x69\xa9\x15\x79\x34\xb3\x56\x84\xeb\xfc\xea\xe2\xea\xb2\x33\x92\xb1\x1e\xb2\x3b\x5c\x29\xf2\x6e\x77\x2f\x85\x09\xb1\x7a\x60\x26\xd7\xee\xcf\xa8\x25\x38\xd6\xb8\x2d\x8b\x2f\x8b\x42\xc5\xf7\x15\xee\xdb\x2f\x19\xb7\x8f\x2c\x38\xec\x0f\xd0\x6d\xbf\x07\x17\x50\xc0\x17\x4e\xcf\xc2\x77\xaf\x51\x29\x1d\x7e\xeb\x2e\xf8\xb5\x6e\xd9\xbf\xfe\x78\xdf\x61\x2e\x9a\xb6\xb3\x50\xe3\x5a\x04\x06\xa6\xb0\x9e\xc0\x06\x62\xa8\xc4\x2e\xbc\x4b\xe9\xcd\xf0\x3a\x69\x48\x5b\xbb\x6e\x6a\x50\x44\x0d\x12\x58\x03\x64\x2b\x84\xf7\xfd\xd7\x22\xe6\xde\xd4\x34\x3c\x3e\x16\x86\xba\xa7\xaf\xc9\x47\x6b\x70\x92\xee\xbc\x0a\x02\xa4\xcf\x8f\xf1\x72\x1a\xbf\x48\x76\x33\x4d\x90\x6f\xb4\xd3\x8f\x5b\x93\xcb\xc9\xd9\x7f\x03\x00\x00\xff\xff\x79\x0b\x87\xdd\x61\x1c\x00\x00"), + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xd4\x59\x6d\x6f\x1b\x37\xf2\x7f\xef\x4f\x31\x50\xfe\x40\x62\x40\x5a\xd9\x75\xdb\xff\x61\x7b\x2a\x2e\xcd\x83\x9b\x4b\x93\x1a\x76\x72\x87\xbe\xaa\x29\xee\x48\x4b\x88\x4b\xee\x71\xb8\x52\x05\xa1\xdf\xfd\x30\xe4\x3e\x70\x65\xd9\x29\xf2\xee\xf2\x22\xb6\x77\x87\xc3\x99\xdf\x3c\xfd\xc8\x9d\xcd\x66\x67\xa2\x56\xff\x42\x47\xca\x9a\x1c\x44\x5d\xd3\x7c\x7b\x79\xb6\x51\xa6\xc8\xe1\x35\xd6\xda\xee\x2b\x34\xfe\xac\x42\x2f\x0a\xe1\x45\x7e\x06\x60\x44\x85\x39\xac\x74\xf3\xc7\xe1\x00\x6a\x05\xd9\x47\x51\x21\xd5\x42\x22\xfc\xf9\x67\xfb\x3e\xfc\x99\xc3\xe1\x30\x7e\x7b\x38\x00\x9a\x82\xc5\xa8\x46\xc9\xca\x1c\xd6\x5a\x49\x41\x39\x5c\x9e\x01\x10\x6a\x94\xde\x3a\x7e\x03\x50\x09\x2f\xcb\x5f\xc4\x12\x35\xc5\x07\xe9\xde\x2c\xed\x9d\xf0\xb8\xde\xc7\x97\x7e\x5f\x63\x0e\xb7\x28\x1d\x0a\x8f\x67\x00\x1e\xab\x5a\x0b\x8f\xad\xb2\xc4\x03\xfe\x27\x8c\xb1\x5e\x78\x65\x4d\xaf\x1c\xa0\x76\xb6\x42\x5f\x62\x43\x99\xb2\xf3\xda\x3a\x9f\xc3\xe4\xea\xe2\xea\x72\x02\xcf\xc0\xa3\xd6\x89\x04\x78\x0b\x24\x9d\xa8\x11\xe6\x15\x7a\xa7\x24\xb1\x73\xb5\x55\xc6\x3f\x27\xe0\xc5\x59\xab\x58\x8f\x7c\x38\xf2\x02\xa0\xc3\x22\xbc\xb2\x05\xde\x8d\x50\xe0\x7f\x4b\xf4\x22\xdb\x34\x4b\x74\x06\x3d\x06\xe3\x2c\xe5\xa0\x95\x69\x55\x30\x74\x6e\xab\x24\xbe\x94\xd2\x36\xc6\x7f\x1c\xef\x00\xb0\xb5\xba\xa9\xb0\xb7\x61\xd6\xda\xb0\x56\x7e\xb6\xc1\x7d\xbf\x11\x31\x7c\x7e\xd8\xb8\x7b\x32\xe8\x9b\xf1\x92\x22\x64\x46\x22\x55\xe0\x4a\x34\xda\x7f\xb0\x05\xe6\x70\xf1\xed\xc5\x05\x3c\x83\x5d\x89\x06\x2a\xb6\x06\x0b\x70\x28\x8a\x99\x35\x7a\x3f\x85\x1d\xc2\xce\x9a\xe7\x1e\x96\x08\x62\xa9\x91\x81\x94\x65\x65\x8b\xb3\x56\xe1\x33\xf8\x54\x2a\x02\x45\x20\xc0\x57\xf5\x8a\xa0\x21\x2c\x60\x65\x1d\xac\xd1\xa0\x13\x5e\x99\x35\xdc\xdd\xfd\x0c\x1b\xdc\x53\x06\xef\x0c\xbc\xff\x1b\xc1\x8f\x0b\xb8\xcc\x2e\x2f\xa6\xbd\x96\x6e\xef\xe8\x02\x81\x70\x98\xda\x41\x96\x4d\x31\x88\x05\x08\x20\xac\x05\x67\x53\x0b\x14\xec\xb0\x57\x23\x85\x81\x9d\x53\x9e\x0d\xcd\x4e\xe3\xb7\x46\xd3\x83\x81\x55\xed\xf7\xaf\x95\x4b\x41\xac\xb0\x50\x4d\x95\xc3\x07\xac\xac\xdb\xa7\x7e\x22\xac\xac\xd6\x76\xc7\x1e\xb5\x5b\x2b\x0a\xae\x36\xc4\xcf\x04\xc8\x86\xbc\xad\x14\x23\xb0\x31\x76\x67\x7e\x2f\x2d\x79\xea\x55\xac\x94\xc6\x29\xec\x4a\x25\x4b\xd8\xdb\x06\x76\x4a\xeb\xe8\x94\xb7\x50\x58\x2e\x50\x7e\xcc\x8b\xf8\x17\x07\x76\x67\xd8\xec\x5e\x81\xc3\xda\x82\x13\xbe\x44\x07\xbe\x14\xa6\xdd\x78\xad\x7c\xd9\x2c\xc1\xf2\x43\x04\xad\x36\x98\xc1\x6f\xb6\x79\xae\x35\x08\x4d\xb6\xdb\x62\x0c\x36\x28\x0f\xca\x78\x1b\xd6\x48\x6b\xbc\x50\x06\xdd\x14\x96\xa8\xed\x2e\x83\x3b\x1c\x50\x2d\xbd\xaf\x29\x9f\xcf\x0b\x2b\x29\xe3\xc4\x92\x05\xa7\x35\x9a\x39\xd7\x2c\xf9\xf9\xba\x51\x05\xd2\xbc\x21\x9c\xd5\x4e\x6d\x85\xc7\x90\x7a\xec\x48\x56\xfa\x4a\xf7\x9a\xba\x58\x10\x95\x33\x69\xcd\x4a\xad\xfb\x57\x00\xf1\xc1\x07\x51\xe7\xc9\xc3\xb4\x02\x67\xc9\xb2\xaf\x8d\x4b\x28\xcd\x79\x54\x32\xa4\xdf\x17\x63\xb2\x53\x54\xf2\x93\x52\x6c\x11\x04\x14\x6a\xb5\x42\xc7\xdd\xb6\xd3\xd0\x56\xd5\xd0\x51\x43\x08\xa2\xba\x34\x08\xdc\x95\xb6\xaa\xc0\x0e\xf6\x95\x5a\x57\xa2\x1e\x0c\x51\xbe\x04\x61\x00\x8d\x77\xfb\xe0\xc3\x7d\x14\xba\x9f\x82\x30\x05\x34\x46\xda\x8a\xdb\x7c\x58\x1f\xbd\xfd\x10\xc2\x29\x4c\xd1\x6b\x41\xb3\x0d\x1a\x14\x52\x1b\xcf\x07\x11\x60\x18\xbe\x22\x02\xc9\xb2\x2f\x46\x20\x74\x02\x6f\x41\x55\xdc\x60\xe1\xfa\xe6\x3a\x34\x01\x78\xc1\x6e\x91\x5a\x1b\x65\x86\xcd\xd9\xb9\x2d\x3a\xb5\x52\x32\x74\x7a\xa8\x1b\x57\x5b\x42\x3a\xff\x0b\x40\xf6\x5a\x62\xfb\x88\x28\x32\x40\xbc\xdf\x5f\x00\x0e\x84\x5b\x0f\x65\xfa\x08\x62\xeb\x7a\xcd\xfd\x83\x12\x68\xc6\x2d\xf8\xd9\x23\x4d\xf8\xe1\xba\x13\x4d\xb8\x83\xb3\xaf\xc4\x07\xfd\x3f\x99\x10\x2d\xea\x0e\x43\x9f\x34\x16\x26\x79\xac\xc4\x09\xa8\x4a\xac\x31\x66\x3f\x2f\xc8\xe0\xad\x32\x45\xf0\xb9\xe2\xb6\xe2\x50\x0e\x59\x1b\x5b\x8a\x46\x41\xc8\xcd\x23\x2c\xe5\x20\x30\xc1\x00\xe1\xfb\xba\x2f\x9b\x65\x56\x58\xb9\x41\x97\x49\x5b\xcd\xdd\x3c\xf6\x80\xf0\x63\xee\x45\x0f\x5d\x17\x47\x26\x0a\x4c\x22\x78\x57\x2f\xd6\xc0\x96\x66\xbd\x4c\xd8\x26\x87\x56\xa1\xb2\xa9\xb6\xfc\x32\xbb\xfc\xff\xec\x72\x2c\x7b\xd3\x68\x7d\x63\xb5\x92\xfb\x1c\xde\xad\x3e\x5a\x7f\xe3\x90\x52\x2f\x1c\x92\x6d\x9c\x44\x4a\xfb\xb8\xc3\xff\x34\x48\x7e\xf4\x0c\x40\xd6\x4d\x0e\xdf\x5d\x54\xa3\x87\x55\x68\xf5\x39\x7c\xff\xed\x07\x35\xf0\x0b\xeb\xd2\xc5\xb3\x21\x32\x37\x81\x6b\x5c\x5d\x5c\xf1\xe4\x54\x66\x65\x5d\x15\x52\x56\xe8\x5e\x5a\xab\x2d\x1a\x24\xba\x71\x76\x89\xa9\x05\x0c\xe9\xf5\x78\x6a\xc7\xad\xa2\xc2\xf1\x63\xe1\xcb\x1c\xe6\xa2\x56\x11\xe9\xed\xf7\x73\x55\xa0\xf1\xca\xef\xb3\xba\x59\x26\xb2\xca\x28\xaf\x84\x7e\x8d\x5a\xec\xef\xb8\x3e\x0b\xca\xe1\xbb\x44\xc0\xab\x0a\x6d\xe3\x4f\xbc\xe3\x21\xab\xfe\x37\x4c\x4d\x8a\x76\x14\x98\xd3\xf4\x08\xe2\x98\xbb\x89\x96\xa1\x97\xc1\xb2\x62\x4e\x54\x32\x41\xb4\x91\xb2\x82\xb6\x6d\xbf\x59\x73\xc8\x40\x99\x98\x73\xcf\x29\xae\x21\x2a\xe7\xa3\x36\xd9\x61\xf6\xab\xd1\xfb\x1c\xbc\x6b\x90\xb5\x31\x07\x0a\x1d\x6a\xd9\x36\x76\x2e\xa9\x1a\xdd\xca\x3a\x89\xac\x34\x92\x1e\xe6\x3c\x8f\x19\x9e\xf2\x92\xb1\xed\x5b\xe1\x5a\xdb\xa3\xd8\xd7\x99\x9f\xd4\xe8\x3b\x23\x75\x13\x3a\x27\x53\xb7\x38\xe0\xba\xae\x1a\xb9\xc1\x17\xa8\x4c\x47\x66\x7e\xe0\xa5\x47\x34\xa3\xef\xae\x50\xa0\xd4\xc2\x31\x65\x5b\xda\x6d\xd2\x00\x9e\xa0\x01\xb1\x3d\xa6\xce\x3b\x6b\xfd\x3c\x23\x2a\x1f\x75\x40\x98\xd1\xae\x93\x61\x44\x4d\xe2\xce\xd3\x4e\x24\xd1\x80\x66\xab\x9c\x35\x61\x20\xc4\x59\x3b\x79\xff\xf9\xa7\x37\xaf\x7e\xfd\xf8\xf6\xdd\xf5\x24\x8e\x80\x29\xe3\x61\xb7\xe8\xdc\x78\x5e\x27\x6a\xc2\x88\x5b\xee\xe3\x34\xf5\xfa\x94\x8f\x0f\x06\xed\x43\x1f\x87\xe4\x64\xe1\x47\x1d\xe5\x99\xc7\x27\x96\x6e\x37\x6e\xd1\x09\x15\x69\xad\x0b\x31\x49\x54\x1c\x13\x9a\x34\xe8\x81\xcd\x74\xd4\x5b\x18\x10\xda\xa3\x33\x4c\xad\x1f\x58\xbc\x72\xb6\xe2\xb4\xe8\x18\xcb\x14\x04\x71\xba\xb5\x53\x95\x61\xd0\x56\x6e\xe8\x61\xb0\xd1\x6c\xf3\x13\xb8\x0c\x70\x8f\x70\xd9\x0a\xdd\xe0\x03\x4c\xbe\x94\xc4\xc7\x39\xd0\xcd\xdc\x27\x32\x80\x47\xfe\x78\xd4\x3f\x31\xec\x1f\xc9\x4b\x96\x8a\xec\x66\x24\x37\xee\x0f\x5f\xaa\xbc\x9d\x60\x52\x62\x81\x9a\xba\xd6\x7b\xf8\xf9\xd3\xa7\x1b\x58\x0a\x52\x12\x44\xe3\x4b\x90\x0e\x43\x27\x15\x3a\x4e\xf5\xe1\x3c\xc0\x0a\xb7\x4a\x04\xc7\xef\xaf\xdf\x7d\xfa\xfd\xe5\xe7\x4f\x3f\x7f\xbe\x7b\x73\x7b\x1f\xdc\xed\x1f\xbd\x7f\xf3\xdb\xfd\x28\xe1\xb7\xc2\x29\x3e\xcd\x51\x47\x90\x13\x85\x91\xbe\x1c\xc5\xef\xad\xb3\xd5\x38\x86\x51\xec\x16\x57\xf9\xc8\xf3\x11\x57\xe4\xc6\xc6\x2e\x0c\x00\x30\xe6\xf9\x08\x8f\x08\x41\x3c\xa3\x62\xc1\x93\x58\x0a\x59\x62\xc1\xa9\x95\xe6\x76\x4f\xab\x19\x29\xd6\x3e\x4d\xb4\x58\xd7\xf2\xe6\x64\x41\x7b\xc6\x0e\x0b\xa7\x61\x13\x3e\x1b\xb6\x18\xfb\x12\x29\xcd\x85\x81\xbd\xfa\x9d\x65\x2b\x1b\xc6\x29\x54\x5c\xb8\x49\x08\x89\x08\xa5\xdd\x85\xf3\xaf\x35\x06\x65\x08\x99\xf2\xe3\xdc\x99\xcd\x7a\x07\xc2\xe1\x87\x37\x5f\xf4\x8f\xb2\x96\xf4\x65\xb4\x95\x99\xd4\x0d\x79\x74\x19\x37\x70\x9d\x42\xf2\x99\x62\xaf\x19\xa0\x78\x15\x45\xdf\xdd\x8c\x9c\xe2\xb6\x43\xe8\xc3\xf9\x7a\x9c\xd9\x83\x0d\x9d\x3c\x67\x97\x77\x2c\x19\x4e\xbc\xc9\x08\x4a\x2d\x6e\xa5\x17\x67\x23\x96\xa9\x08\xaa\x86\xc2\x0d\x40\x40\x4f\x61\x11\xcb\x69\x19\x06\x5b\xe0\x78\xe1\xe0\xff\xa2\x3b\x4d\x9f\xa7\xb6\x74\xcd\x25\x96\x21\x27\x70\x72\xfe\x1f\x19\xc2\xc3\x20\x0e\xb8\x59\xa1\xdc\xe2\xc1\xd8\x4b\xcd\xba\x4d\x18\xe6\x10\xbc\xcf\xb7\xbf\xc4\x0b\x0a\x61\xd6\xf1\xdd\xb5\xf2\xe1\xd0\x4c\xca\x5b\xb7\xef\xdb\xf5\x5b\x66\xc6\x89\xba\xa7\x6a\x8e\xd3\x26\xf1\xbd\x2d\x99\x93\xe5\x94\xd6\x42\xc7\x9d\xff\xef\x45\x5a\x99\xe7\xf9\xf0\xf7\xfb\x37\xbf\x9d\xff\x23\x1e\xdd\x03\xad\x6e\x08\xdd\x7c\x30\x36\x4b\x0b\x9d\xf1\xe1\x72\x6a\x9c\x5e\x1c\x0e\x90\x5d\x2b\xcf\xce\x86\x3b\xbc\xb1\xc4\xd2\x09\x23\xcb\x4e\xe8\xa7\xf0\x57\xbc\xcd\x53\xab\xf0\x88\xfb\x17\x9d\x5a\xc9\x1c\x8e\xd7\xdd\x85\x4c\xa1\x7f\x5a\x65\x92\x05\x93\xe9\xa4\xbd\x14\xd4\x84\xe9\xf2\xa7\x9b\x9a\x43\x4e\x3c\x19\x4f\x5d\x95\x30\x6a\xc5\x9c\x9c\x6b\x88\x54\x81\x2e\x86\xe3\xe8\x64\x13\xee\x24\x2c\x21\x34\xa6\x40\x77\x14\x63\x87\x5a\x78\xb5\xc5\x40\x39\xa9\xcb\xc0\xf5\x28\xce\x47\x35\xd9\x3b\x47\xcd\xb2\x50\xee\x72\x1a\x7f\x7e\xd3\xdf\x70\x0e\xe0\x84\x1b\xcc\x53\xe0\x84\x6b\xc1\x0e\xd5\x4e\xea\x84\x82\xcf\x84\xee\xd4\x7a\x0e\x6e\x1f\x39\x96\x81\xd3\xeb\xdf\x54\x42\x9d\x34\x00\xf9\x45\xa7\xa1\x93\x1a\xee\x68\x4f\x86\x03\xb9\x95\xec\x2c\x03\x8a\x26\x5c\xdf\x31\x4e\x3c\xb1\x95\x3f\x3a\x80\xa7\x58\xb5\xb3\xaf\x9d\x6c\x8b\x27\x46\x5d\xb7\xa2\xd5\xc5\xab\x16\x7f\xdf\xe0\x1e\x54\xf1\x63\x2f\xf6\x04\x9d\x49\xac\x62\x15\xc2\x37\x0e\x47\xb7\x00\x27\xf6\x0a\xaf\xf7\xb3\x5e\x9e\x46\xed\xaa\xeb\xd6\xa0\x3c\x94\x82\xc2\x28\xb6\x46\xef\x41\x48\x89\x14\x3b\x7a\x89\xf1\x22\xed\x45\x77\x67\x73\xbf\x12\x9a\xf0\xfe\xfc\xec\x70\x98\x75\x81\xb8\x6d\x67\xf8\xa9\x58\x74\x4a\x83\xfc\xc3\x7a\x38\x2d\x76\x22\x4e\xe4\x5d\x23\x7d\xb4\x77\x17\x8e\xf3\x4c\xf1\x1a\x0f\xb4\x37\x12\x96\xd6\x6e\x36\x88\x35\x67\x7d\x6f\xea\x64\xad\xfc\x64\x0a\x15\x0a\x06\x9c\x1b\x1a\x88\x70\xc6\x6e\x0b\xa1\xa9\xc9\x3b\x14\x55\x5f\x11\xe7\x47\x86\xb1\xea\x19\x79\xe1\x71\xc1\x0d\xe6\xd1\xbc\x31\xf8\x87\xef\x92\x27\x99\x78\xc2\xc0\xa4\xdb\x63\xd2\xcd\xa3\x44\xc9\x0b\xcc\xd6\xd9\x14\xfe\x8d\xcc\x2c\x5f\x69\xdb\x14\xe7\x59\xb8\x20\xf2\x76\xc3\xe7\x13\x82\x5a\x38\xaf\x64\xa3\x85\xeb\x82\xd1\x6a\x39\x1e\xa5\xed\xae\x8b\x1d\x71\x1f\x95\xac\x2b\xdb\xb1\xde\x6c\x67\xdd\x86\xfa\xc3\xe6\xd1\xb2\xb0\xd1\x42\x2c\xe5\xe5\x37\x57\x0f\xff\x4f\x1d\x7e\x13\xb3\xaf\xeb\x4a\xfd\x85\xb5\x35\x4f\xa4\xc6\x87\x56\xfa\x7a\x10\x3e\xca\x90\x4e\xdf\x6c\xd0\xb7\x08\x3c\xf0\xf1\x6c\x39\xb5\x24\x6c\xfc\x48\xea\xdc\xa1\xdb\x9e\xf8\x94\xc1\x07\x82\x81\x01\x71\xad\xfe\x90\x8e\x62\xb1\xe1\x31\x16\xb3\x8c\xd0\x27\xdf\x47\x9e\x27\x9f\x58\x92\x6f\x25\x1c\x9c\x70\x75\x17\x48\x79\x36\xf2\x52\x2b\xf2\x68\x66\xad\x09\x8b\xfc\xea\xe2\xea\xb2\x07\xe9\x16\xd7\x8a\xbc\xdb\xbf\x56\xc4\x10\xdf\x49\x61\x42\xba\x1e\x21\xe5\x5a\xb1\x59\x11\xe5\x66\xd4\x0a\xa6\x6e\xb7\xbd\xf1\x65\x51\xa8\x78\xc9\xc2\xc3\xfb\x25\x93\xf7\x11\x8c\xc3\xfb\x81\xbf\x1d\x0e\xe0\x02\x15\xf8\xc2\xea\x59\xf8\xf8\x35\xea\xa7\xc3\x6f\xdd\x06\xbf\xd6\xad\xfa\xd7\x1f\xef\x3a\xe2\x45\xd3\xf6\x40\xd4\xb8\x96\x86\x81\x29\xac\x27\xb0\x41\x18\x2a\xb1\x0f\x97\x53\x7a\x3b\x5c\x51\x1a\xd2\xd6\x6e\x9a\x1a\x14\x51\x83\x04\xd6\x00\xd9\x0a\xe1\x7d\xff\xc9\x88\xb5\x37\x35\x0d\x37\x90\x85\xa1\xee\xfe\x6b\xf2\xd1\x1a\x9c\xa4\x6f\x5e\x05\x03\xd2\x3b\xc8\xb8\x39\x8d\xaf\x25\xbb\x83\x4d\xb0\x6f\xf4\xa6\x3f\x73\x4d\x2e\x27\x67\xff\x0d\x00\x00\xff\xff\x3d\x76\x24\xe3\x66\x1c\x00\x00"), }, "/flux-secret.yaml.tmpl": &vfsgen۰CompressedFileInfo{ name: "flux-secret.yaml.tmpl", diff --git a/pkg/install/install.go b/pkg/install/install.go index eaf4611776..c1ee130f46 100644 --- a/pkg/install/install.go +++ b/pkg/install/install.go @@ -15,18 +15,18 @@ import ( //go:generate go run generate.go type TemplateParameters struct { - GitURL string - GitBranch string - GitPaths []string - GitLabel string - GitUser string - GitEmail string - GitReadOnly bool - RegistryScanning bool - Namespace string - ManifestGeneration bool - AdditionalFluxArgs []string - AddSecurityContext bool + GitURL string + GitBranch string + GitPaths []string + GitLabel string + GitUser string + GitEmail string + GitReadOnly bool + RegistryDisableScanning bool + Namespace string + ManifestGeneration bool + AdditionalFluxArgs []string + AddSecurityContext bool } func FillInTemplates(params TemplateParameters) (map[string][]byte, error) { @@ -38,8 +38,8 @@ func FillInTemplates(params TemplateParameters) (map[string][]byte, error) { if info.IsDir() { return nil } - if (params.GitReadOnly || !params.RegistryScanning) && strings.Contains(info.Name(), "memcache") { - // do not include memcached resources in readonly mode or when registry scanning is disabled + if params.RegistryDisableScanning && strings.Contains(info.Name(), "memcache") { + // do not include memcached resources when registry scanning is disabled return nil } manifestTemplateBytes, err := ioutil.ReadAll(rs) diff --git a/pkg/install/install_test.go b/pkg/install/install_test.go index 43e64884ae..8d3c80ea4b 100644 --- a/pkg/install/install_test.go +++ b/pkg/install/install_test.go @@ -58,35 +58,27 @@ func TestFillInTemplatesAllParameters(t *testing.T) { GitReadOnly: false, ManifestGeneration: true, AdditionalFluxArgs: []string{"arg1=foo", "arg2=bar"}, - RegistryScanning: true, AddSecurityContext: true, }) } func TestFillInTemplatesMissingValues(t *testing.T) { testFillInTemplates(t, 5, TemplateParameters{ - GitURL: "git@github.com:fluxcd/flux-get-started", - GitBranch: "branch", - GitPaths: []string{}, - GitLabel: "label", - RegistryScanning: true, + GitURL: "git@github.com:fluxcd/flux-get-started", + GitBranch: "branch", + GitPaths: []string{}, + GitLabel: "label", + RegistryDisableScanning: true, }) } func TestFillInTemplatesNoMemcached(t *testing.T) { testFillInTemplates(t, 3, TemplateParameters{ - GitURL: "git@github.com:fluxcd/flux-get-started", - GitBranch: "branch", - GitPaths: []string{}, - GitLabel: "label", - RegistryScanning: false, - }) - testFillInTemplates(t, 3, TemplateParameters{ - GitURL: "git@github.com:fluxcd/flux-get-started", - GitBranch: "branch", - GitPaths: []string{}, - GitLabel: "label", - GitReadOnly: false, + GitURL: "git@github.com:fluxcd/flux-get-started", + GitBranch: "branch", + GitPaths: []string{}, + GitLabel: "label", + RegistryDisableScanning: true, }) } @@ -102,7 +94,6 @@ func TestTestFillInTemplatesAddSecurityContext(t *testing.T) { GitReadOnly: false, ManifestGeneration: true, AdditionalFluxArgs: []string{"arg1=foo", "arg2=bar"}, - RegistryScanning: true, AddSecurityContext: true, } @@ -129,7 +120,6 @@ func TestFillInTemplatesNoSecurityContext(t *testing.T) { GitReadOnly: false, ManifestGeneration: true, AdditionalFluxArgs: []string{"arg1=foo", "arg2=bar"}, - RegistryScanning: true, AddSecurityContext: false, } diff --git a/pkg/install/templates/flux-deployment.yaml.tmpl b/pkg/install/templates/flux-deployment.yaml.tmpl index 0dfcad6894..3e3d2ea2c1 100644 --- a/pkg/install/templates/flux-deployment.yaml.tmpl +++ b/pkg/install/templates/flux-deployment.yaml.tmpl @@ -184,8 +184,8 @@ spec: # Serve /metrics endpoint at different port; # make sure to set prometheus' annotation to scrape the port value. - --listen-metrics=:3031 -{{- if not .RegistryScanning }} - - --registry-scanning=false +{{- if .RegistryDisableScanning }} + - --registry-disable-scanning {{- end }} {{ if .AdditionalFluxArgs }} # Additional arguments{{ range .AdditionalFluxArgs }} diff --git a/test/e2e/fixtures/kustom/14_release_image/release_image_patch.yaml b/test/e2e/fixtures/kustom/14_release_image/release_image_patch.yaml index 2a04771e58..861e2f0da1 100644 --- a/test/e2e/fixtures/kustom/14_release_image/release_image_patch.yaml +++ b/test/e2e/fixtures/kustom/14_release_image/release_image_patch.yaml @@ -1,6 +1,6 @@ - op: add path: /spec/template/spec/containers/0/args/- - value: --registry-scanning=true + value: --registry-disable-scanning=false - op: add path: /spec/template/spec/containers/0/args/- value: --registry-exclude-image=*bitnami/mongodb,*bitnami/redis,*k8s.gcr.io*,*docker/kube-*,*fluxcd/flux,*alpine,*memcached,*stefanprodan/gitsrv,*registry diff --git a/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml b/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml index bf4222f0dc..4390a9ff07 100644 --- a/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml +++ b/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml @@ -10,7 +10,7 @@ value: --sync-interval=10s - op: add path: /spec/template/spec/containers/0/args/- - value: --registry-scanning=false + value: --registry-disable-scanning - op: add path: /spec/template/spec/containers/0/volumeMounts/- value: