From 3b5ee319bbbdfdf156ad6a7336e39ac8407ae0f6 Mon Sep 17 00:00:00 2001
From: actions <actions@github.com>
Date: Mon, 12 Feb 2024 16:02:55 +0000
Subject: [PATCH] Fix new image tag on Calico v3.27.0

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
---
 .../rke2-calico/rke2-calico-crd-v3.27.001.tgz |   Bin 0 -> 146417 bytes
 assets/rke2-calico/rke2-calico-v3.27.001.tgz  |   Bin 0 -> 8707 bytes
 .../rke2-calico-crd/v3.27.001/Chart.yaml      |     5 +
 ...d.projectcalico.org_bgpconfigurations.yaml |   185 +
 .../crd.projectcalico.org_bgpfilters.yaml     |   130 +
 .../crd.projectcalico.org_bgppeers.yaml       |   134 +
 ...crd.projectcalico.org_blockaffinities.yaml |    60 +
 ....projectcalico.org_caliconodestatuses.yaml |   262 +
 ...projectcalico.org_clusterinformations.yaml |    63 +
 ...projectcalico.org_felixconfigurations.yaml |   869 +
 ...ojectcalico.org_globalnetworkpolicies.yaml |   867 +
 ...d.projectcalico.org_globalnetworksets.yaml |    52 +
 .../crd.projectcalico.org_hostendpoints.yaml  |   107 +
 .../crd.projectcalico.org_ipamblocks.yaml     |   118 +
 .../crd.projectcalico.org_ipamconfigs.yaml    |    57 +
 .../crd.projectcalico.org_ipamhandles.yaml    |    55 +
 .../calico/crd.projectcalico.org_ippools.yaml |   108 +
 .../crd.projectcalico.org_ipreservations.yaml |    53 +
 ...ico.org_kubecontrollersconfigurations.yaml |   252 +
 ...crd.projectcalico.org_networkpolicies.yaml |   848 +
 .../crd.projectcalico.org_networksets.yaml    |    50 +
 .../operator.tigera.io_apiservers_crd.yaml    |  1683 ++
 .../operator.tigera.io_imagesets_crd.yaml     |    69 +
 .../operator.tigera.io_installations_crd.yaml | 18764 ++++++++++++++++
 ...operator.tigera.io_tigerastatuses_crd.yaml |   106 +
 .../rke2-calico/v3.27.001/Chart.yaml          |    13 +
 .../rke2-calico/v3.27.001/README.md           |   161 +
 .../v3.27.001/templates/_helpers.tpl          |    23 +
 .../v3.27.001/templates/certs/certs-node.yaml |    13 +
 .../templates/certs/certs-typha.yaml          |    23 +
 .../templates/crs/custom-resources.yaml       |    52 +
 .../v3.27.001/templates/felixconfig.yaml      |    11 +
 .../v3.27.001/templates/ipamconfig.yaml       |     7 +
 .../00-namespace-tigera-operator.yaml         |    13 +
 .../tigera-operator/00-uninstall.yaml         |    38 +
 .../tigera-operator/01-imagepullsecret.yaml   |    16 +
 .../02-configmap-calico-resources.yaml        |    27 +
 .../02-podsecuritypolicy-tigera-operator.yaml |    49 +
 .../02-role-tigera-operator.yaml              |   331 +
 .../02-rolebinding-tigera-operator.yaml       |    12 +
 .../02-serviceaccount-tigera-operator.yaml    |     6 +
 .../tigera-operator/02-tigera-operator.yaml   |   101 +
 .../templates/validate-install-crd.yaml       |    35 +
 .../rke2-calico/v3.27.001/values.yaml         |    91 +
 index.yaml                                    |    26 +
 45 files changed, 25945 insertions(+)
 create mode 100755 assets/rke2-calico/rke2-calico-crd-v3.27.001.tgz
 create mode 100755 assets/rke2-calico/rke2-calico-v3.27.001.tgz
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/Chart.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpconfigurations.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpfilters.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgppeers.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_blockaffinities.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_caliconodestatuses.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_clusterinformations.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_felixconfigurations.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworkpolicies.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworksets.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_hostendpoints.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamblocks.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamconfigs.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamhandles.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ippools.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipreservations.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_kubecontrollersconfigurations.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networkpolicies.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networksets.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_apiservers_crd.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_imagesets_crd.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_installations_crd.yaml
 create mode 100755 charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_tigerastatuses_crd.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/Chart.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/README.md
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/_helpers.tpl
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-node.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-typha.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/crs/custom-resources.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/felixconfig.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/ipamconfig.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-namespace-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-uninstall.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/01-imagepullsecret.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-configmap-calico-resources.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-role-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-rolebinding-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/templates/validate-install-crd.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.27.001/values.yaml

diff --git a/assets/rke2-calico/rke2-calico-crd-v3.27.001.tgz b/assets/rke2-calico/rke2-calico-crd-v3.27.001.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..d831d9083f45eb24aafc9659b11bb2c2a842ce49
GIT binary patch
literal 146417
zcmV)QK(xOfiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0POwmb{jXAD30c{p8}&fYb4Kzlw`|tqMq(qvScT^Ez3NToaCH1
zlYmtqiK8M=4WKBoug_Zd9qt?cp5(W%H&BHlQAJXgold&yLn5;P6tJ<evHx#%%bxWT
zn(;*T5|!?qPN*{dIh|%-J=(LszrTNUcnJUB-``*S|Ng<tgRc$_UmQI<JlsD#c=6T#
z!QuY%qp!&R<4vLYDYT*LtNl;@*5cxRClAf}_e^On#W9&3JV}{O6weL(`&?*4vrH2+
zVdV7cOp}pRB*2&_f=<~nS-_zuW}dTSLi0T13AIB#nU$Y--hcM8zrTO*<hNdU_rSAw
z{tcVv88uAr;g5TXO8dEz|A!?8f9Xp#{$)7M6DdY~TqxLK-9|Fn&;PT7X9tJ%^Z)GV
z+5XG!{C|ljJpVN3?A|b;VMA}f)_pGbW(QAhxk!)6X`zjrUNJ2Tm9R55;)28Bo-#vI
zYUuG3LXaRVV@DK=p6Hw<w%1t6B0nbaMmVUp?FhlCy!v)<8jcUIGOo>EqpvTxHqa!`
z3PrQX{NSzTVq9cYEx&(4NUoS>YR2A+TOsen8_u#+ACnQyG<!mbPNb!Ir&*y5Q%?wS
z6c47|b6}Yr;CGS<n^Ig4Au?y;WN`ld^XuBrgw#m!;*v-rg`r#^ZLUogh%^;*+lMGw
z7%s;Ba@1VOoGHUSK=BE%Aoz7*4%>E`*ovff`x$=SEtREiWkimMnQ%=M1E>j8ZBq5f
z5ut*}q2291xwf!Xn&^ovveYhU#*`t7C2}nI-^;NzF%musG|DWD$%SD`(2UGzR<K<{
zMM|c0P873WA%zIWgC@F9-b%#?7bAI0CdTCYcyDjajmQ2(PN#+7X1-?uuK2JpQt7>v
z%~-al`M5__GU0|Lrci8;=DY_}7l`%K^k0=bFM7K+SG*#%QCy6J7l7U^J7Dpfa80P|
zimRvqZGW=Rxq5wlL;R;<GZvu_aIZS*Y6~pDxEL{on>bQ(3S%;n=8_A87?*J-7QwHJ
z;glP@?|&<pHg>Q2<dg~_4H+_0<S8{Q?UQpsPU)0or&P1gz5y1}x@Q5q-WG(^Y_Tyy
zEqLJxSi^oTp4#i2CH0ewScoTv!HKP%<$i7K_}R4&)tAL|$kgKRODFgm+gTj4A57VZ
z7MUR@*F@lpLbH?%=Y$d=Q`RRxone#ZkqJ3Ed~xvX=k298BdMm;9NXjg{Mpi51f@Ny
zW1y7bGvp$DD^s>&9j{z7!bNIXOs2`*gqexOSqT>bLo(<9Dp*pH`T8RTp;<;~nkuF>
z(`4sT3igypMWo2)_Pqs^1;(}}2^CWCgl6P?;QK@dy|kdSo85o)?Vx`?nEiNyZSCkO
zJ0Cpl69-o^WD`2$vcNs@vyTiKS<lk!`wh@u!gBlgqZPrY1$duUEs^@zNm``E`M4A6
zk=asRGhuvjbL~UbkQ+tS94~cPl%eCXC0zEdiY<W~HjT`%VUF|afN4WTN>yq%GoxzE
z7Uvonlfd*X6|)muo=n>*#0T#B=$nNZU(zWfV?JZT?)$>jVqYfh`-u<qUhDhc!`(40
zG*D+ba_5%(O6jo>zgno_pU2bbuTAqI<c(Anq^ngFnw2Brz`OR4D){wR3+2WUf3<z6
zV&ve647qWnsSjUT+{fxOc9xApF3(`seMY3@*Xb0$_xxGydq3F5yUo+I>#)Z`So(>C
zH8yI_RPW@P@YLQ)BhFM4EOTls|8h+Jd*?&?A5V|rzyIT7_%HX{!;qul5({5arRaQ-
zs~QWbSbA=ms}W6BQj7D&_5qm&TFT6wRJX{jVFNRv%QGTGFqQ&Q95TZ0ldMQtYPV1j
z#b|12M#^S9VVjeVR!B920*UiLs>pp<gTY1F&|kH={TtEGQq5dRBNLf<ju%IcVTQXX
z01gK)zgcQArT2VVOpnRYix<ydEWhRgUmt9A6K8UK&1Ot-Grvw0V`3F+ak1FJFFccD
zqTL%phjPZq-GnC-`yzIE+9P9GQqSpYlgh#boCrC;eDf~CcC_rNy}sWvJ$Xy-ub371
z%?*!H>DrQP6FUi-W%3SgDlJFm&dyKaAn>CdyJuu?%JhWfjM>lYKC#pzc8yz>(NckQ
z7x`<hOO}tNgd)twiY9DSWaWnppE7_#)3BDut_{t|tMjX~lEafDa`0>)K4)3HKDhzr
z-ioo7tBG<(+1wsH&5Y-Q{9sGcC>QnyNEi@4%l>o4VtZ@PIdDgIGwfWLpu>zUUj=LI
z<$!8^Csn#)7vI7EX@;lH^?{8W6<OA>dy%Qv;q@Ts#E?CJ*ZR<DXF)Ve6f=Ki^D8!r
zGXgaLU9*fO#&UJHYz|_%8-ehO_a(VZw~;5(IZYbalU1w{v7cyqwRrj_%ufiY08YtB
zqG7%um-Y#Hi|k9|n1oQv67kfJaLeY+yv$1Os-3-Cq=~@cxdkXTVu}e96?kupAyb0c
zJB-V{R3_Sry9vvU-jg$?W}Mya*-Mj)aqo_sNe^#vy$3t8_pk8379iZbJ9~FbPSTV}
z5R(cG<OT3q_XGXUF6bb3Nx{?qS|+g@z)8Auw<fHvfp*O+Ic~zpHSU;Hz>iyGn6BJy
zR7^GVmN@gFlo^XsJ>rjJgs#}9XXg=pvj%q+eQA%^jr7O<H6Hm@x9w%DlO;x#BwUg=
zduZ(cBeS+Naat!f;YDjy!5S~xI1F>eM*RLHomo1d*^~*hieDT=x>Q1(<(_d+Lc=DJ
z)wHNi$l7vbWH!|Wt?P3L2woH=K)SWW%U{go^!)7VAwp%s(};2>GJX32_%8BT)wrI~
z9I|Q+>4T-rR^35tT7d?^UY|o&>JS(Qbge|Xc3MU=%lps$LARIGua<b|e(((tUe^)!
z32LHSCEpeaw@o%|k$l@E+{Pi>CEr#Fw|Sbal5e|!yL!;I1>eS#iO(9hO|!^G9xnK5
zd+{dB8FkJFs|eZkVtarB7|-pg9A+}PbqaMno$doMQifv?KZun<5~n>Mg^d0w7|O^U
z2Q{EO*Y=xH<isiLS~25}*&Z4!Md8;hcY%!G^r0kl5e~2HR|8vv<uJJzXSl38OBQ|8
z==N67du-DAc@!pYTVLO!HEM0d2|C0vM=J8yl2eS#*NsE`Kz2j>L6@ZlxZzpm#hI9d
zQeGB>11CF&xj8hE!ZWy<xoLhP)>Knli8j$q4c7j9MVt#s(^oXJBIEj0XQ9)lAy7D2
zBNAytO`-c?+y1#2H`qiLQSFN(RvkbOL#_q5{LT<8+G*)WaC1nJ`NtoORCLVTFSzS=
z+BC5ODoZaH-7~hf;2+-G0{)puk%GI3J|;i?`~*j3>G$4E!v6SM`@;M)J`eZ*8u839
z)#~`=o_7DQgM;Tw{$Gbj&t7!?Uti*RWdAR4_CTL1qzK@(A+wCB-k6F0Z82oSf@djH
zFu4Ep4mfl?wS+=3=zqhfOdC4QkBKO<Ec7k&nD^*TWp7|$_^swmhQG($$lO$rPKN$t
zBR|w<@C@sGxH=!M&WEdI3m(~r3y=S@^Va!bb_n=+KA0U5Jn=*o88~z;z}35V;aKbX
zb+P+gD)ar}Dof>r5vfw9PzP+!CCsgyyPFkF0K24c1IKwwG^T^)6D(p6<-5zTUlkeq
z{;;Gs6aW!`%R*Ii-7p<evF5O-isuH{Q$G?-O7B-d`iH7oahwP8<)6gVlgcIH!6Qtm
zNha@drl^q*p9d112X=2Wp!6JgA5Ug>N95>1N95=q>WCaY&Jj84j!1Vz!iP^k(=CDn
zw;mB-J-T~j>FEy1KjtBM{CniLI3(Ro(jAh=KO~+0_>cEIT>opS)jHbWmHOYqmq$m7
z`rqdV2c7=+OFW+|{ui<1(KWOK7Sqq#Ut`)?n8dPfHpfA}d`NGnxa}0To#M7-3m#c<
zYw5zW+SYkbB|)^jZ(MHMBM07EsiAbC^B&=GcK_kQv(6T^xd2nj4jPlTuoOcYxW=G~
z&BT%ihF0A&mcLVc%mvLZ*}eHr=4(ZESej(}0!XDBfCzSPCNg&c8yGSMvQ}imVZafJ
zOBNOEnKW>ww=Cbf6*>W9Ktje6!&2KJGN>Iwm+sdE`s9%<J1=4<W~cn8EeH)^G_|`>
zz0)ik{b_5*#gjaZjP4>cJSLN&q9U1i#JaR!m4a*yxk~%VXuQ=F7aaHDo<44rlnYu4
zycT0v^UzqRg~+Gq&?{o08i3OneYD02gN?T=g7<!%``f`eYzhotcVSZv@sC^+L)DlW
zjL8QW!D%GtqY`4UerE8(6*w}+^hBMBxn779TR7<su{8vi+p)CAHs>X}F}VC>R{F7F
zv(jrGKMp}rjx(9i8LObc#ke^h&O-+vQyvN=2R`JPO>+|o25MVQF+D-|unU>c%%@XW
zMRVU`h^Ei6AV(y#-K(?<ZkgWG_YVBp8&LV=n&i|>Fc%j~7@x7!2f$*KnqpHqW4NW6
zl)2?}-K`uWe<Jnp^{#n^bIPMbEwjR~Y)%AAnAV!A2*4hGW#yk5!{_f&F2<USnP7?r
zhb6Mw_KTi$!F645T^C%}Jm~K&xX#js^T8Syc9qX1WY5V+I&wUmgT(9!Q7%<9VF40&
zBeAzdCb+91_+ON%cOdD<u8%sZ0<(Vo=|9g0v!lQKd~7?!vROz)ezk25|8o4Fw#{E4
z@COW9@S)lSgD-j}p@IIFcPhX^q@+v~G-R2yv=w+`rxFC3W!Dy@If#-<pmK}h(2nW2
zV~#7P1}E!)w$XiTJ3N%Vu(zZsxs2M5A!FHagM>`Q0MM%rF+BDQOa`V&VKkY<j3ju0
zks&j8j0u-D!7>N{X}F-hv=PpF*8;I*n4?>ZrcVC>J|aVDCWMJpBQs^WqF3JzAXkxX
z>hlz}GSpxR5@;Y=d+4L3q5H(1yr@kB)>tK_O5~IU%8&pC+q(80zX`EfyKNt5a!9jM
z7J$$LYJxMe5dtc^rF59FSCOl?hJW^Ypn|Y_nwVX}`>ap)o<G}#C<>k+14oR!qbe;=
zVw492;T;ebxjNT%l+io~miVfgQ(f`VoUqD~yfHQGj?R7TsGWri)`WEe8Qcgw$YZ&k
zUv)qoUQ`jx7SAT~4znXUEVm34D%P4;vzjqnW&_JSD~-XTTkkc)>|I-A%Baxwd6mqZ
zr3X$$P@8C<kgZE8*j8k09M2+P>smL0y)oG}OA5u!D%8BWx$rGr6u6VT0c;s)Y;SHZ
zER%<grYxCI!Syt<l$~#HuHQbb!jBE|zhjGqR#2C6#8Q&e<dzw2_XE-kLH;i%%)}_9
zYYvwVC3;G;4EPv0Q8|)EJ4MW$1vh%G<cz0Y+1wyq+f6HlvWd(!*<tCJ>8CYfjK+)&
zB%9xlrSzfpzf2~#bc8k_w!#d!BLDZ{{)<KX--|B(;|o2X$Nsl~9gl1Vw4<Nk=<`Km
zVEAs?Bv_x<qGd36JMZj+oqe#g5B{O;gCVI{(@MBRd8%hq%VFGgt%aXUS;oxD%s^+@
zs+Mw*8pIao$LHp6QFX{Li6Zn_k@YOZ>=C9{$*JK(p4q{GGm}{gJaxvXZqDjB<=W6&
zCbBs(iuuXmM`-ntM=;B@NhXGxO?t!?S3TIqg`XTa7k*vJz|_Mz{7(7C?)hUp59I&x
zPtZaEwzY}?E9!r|e17<BvHr*Nm-`+6|0SN^UHo?h^Bz~cKm+}yOxZPjU_ruIe7z)O
zEKhJj&RA^Fi5i`#(TN&=WKm<0W~?V|L<v##Y%FkORO{8H9<UWjS&~uj>jtp1C)I9`
zno{p~H<g0Ny^PAhpul8^=Mel`FclRVwfM}ZlCo&n7%D}FvM?lJ$^y-z7$iHb&*}4f
zDL&Nwi#te0y}w3L5JDT5V`~%129MW(DK67%X1V%Rd;Wg8N13%Aek9a5h5ibhv`=Nu
zE)V)OI+yI*|D;^gVaAq5B8rU^)03DK>iws1KtCz2Axl_FAJHYL>3o+WRRai@PB^Y9
zydLEc<u(-iEaonDT3p7ZMDH3rZ-TLuq1Tf;E}C2H;b6RUuqMN~8+L6E<}nkisu`Tv
zHe@2RRAYNTgP=OjrjArYuF_aY^3um&onM`Oe;B4}tM2_ePz#_3cHqN@x=>|Qn^#gc
zIKD>bcM)`PFe)oMfvaEezHvl?_bWQ=nvBT8<VD03?VmM#gzR^(SS=^=hO3J7Zd#yk
z`lS~Mwr_QQw&tp?pgB1|E9+drWIkmE4T_}b=WiygI{iK)%o%0V*wwYc9A+_|y>S+v
zcMs-}!W<qxg;w`0ch)13)k{-@vwpPMSwHH|dUw_%tLo1BZ*bOIUJl2r0($K15a)pR
zwf}75f7?$tx^%qOh7L2XCu}`N!|s@ohGv0F2)NI&Y9PA`qM1e&SqpsP{_gR~twR|b
zCU^8%CU+^#qXADy(fa~({3IAY{v5$$Xf41Euw{7X`K&uQ%38cOS(Qb<L0SPPxVk2y
zyj;r}G}4NdQ(EU5Zg$dcn0<q*_T5BkR#~yg9V0aA6<a-}zM+{SuSJsyiehW8;F@F5
zS9wDyq8Qau!2L>+2^Hh!;vDNws{OiJoD@vO$^Afk@dV&7pFA08wC-GP=6STZYw4z5
zixh0#;~A$VlJ<=3!PPQlda`T5Zr?KSA<THfjrR_2DZ@bkVO7sxQE-Bs`ufvgw1SCV
zRpbIm&N_4uNzTy%$vNssPUGx5lGBl#j^r#n&9Pj)7ze&qtE0wNi#+MN4VOo3S+qS1
zs10A`XLV7vL_?hM_UdIT9H=c6w1@y1k`pXx!<}Ic4rgUB166N1ep8h2)tl4j&!2w-
zN^mS^4KdvBZ%&&P<@O7`=nO@XWptRaz~5*Yn(^Qm2ufZ7$SX{NhjdZ<jCf!M_cmT<
zG-(xHKS2|XpInPszj95NxOF$}&vIeHN84`9#>^ILfMy*4m9sNk(6)SiON%(G`jnx%
zcCw#L+Fhj5+7tQKMK<}+pkOhdJeQSu1ea!0md1|F=ToPXF{%Vh-zYg<dqNjgp9;}J
zW3OUks?xU45+r5HC1}8)G?$O1!MW5w>tG*Qi)mY0*!jqXP~r8itMa;1`Kxr7G}Ijn
zp9S_0b&)PP1rvr8I#_qxV#&JuNXq!Rn-zS_(yC#xKDHlyKX7ZP+ZV1qnyg$nqyl)H
z^{nJJ$R{#wJlLGdy&2TMaT|NEOsVb=!wJ;%{*8q>cPFhQ&AB^iS)A+cr062LJ1IJw
z?oO&b-JR6*ba&Dk3;pBWNsXPmn3do2^U(MYbVU!yaZ3Qms`&4h2M3GsA4mIL{^u|9
ze3tm{7<N2zkcKN5U3~#w24NaY4VD8nmS>5SsfyHCYVn)IYAiTtFD|UkhWlFHWp2=@
ze{>iA(S?6>;U6tq@TlP*OGkD&00i;S9tZ3?j3o4F%E8(a^8rLOdZw3W8MgICxmo2u
z=CtrGoV=V$gpssoz7V20vLec*y79h!AM@~w!PB<%^Mt>hbkQ`i)!&W_HL-64lkava
z2$K1PDOh9!?)8e%bXCTtvsz=H$e5%BPy@}!0)mNzsfHy}K32gkw=gjYy=aCBsHV9T
zph(h1G9grxH!S1#E>l{WvG9&^d!k1&o_sDznAV;YmGjsv74?iNPFKb!e2=ZFpd}1e
zah(I?tzuIs1RiY=Sn~%Ja~{b5k1RgaJcb|2{~tVmd33bD$p61MdfxH>U*h>J{C^BP
z9+&?IdQ?j*y1@T0H(28TBePuK|Cd|*_WVCm;@Zj<1c2JBkyO~F<NZ6{zYhJ5_x}RC
z|1uqF<NfWw@POA&@!GMRStjq!2j_zU=F5De<n#xrZZk<&1_5uMv~~7*JSxXHm}Z3S
zyW?3#Xqpm=<tB|JsggOdBNHYPn(HD1w<)9OXv7mluRH&x$dEs|)U1xk{=A$zy^Vzg
zpnU)1#mVJ^q0-p<)4>8m|2A;B)7L6F)8=%-lG{~qxMs$gZF+%Su$S1rL<(~9!!>z*
z`m79U*L`y0Slr0Wk!JZ6*;0Vuv~?ygrI~Os-r6NwuOSib7Lkf<ong%QR=-+uWYDsE
z1Q1LV5zAw*>Jxc~Gl+G<>1-n14fE0I&Bdz=ImSv$tHAwg@TS(j%$lut$(_qroyqYS
z1KScQMBJuh_>>WgKV(QVyDtj;4POo3T*&c-C82hxlnsk<pPUv-F=4Vfncy`Wtp-pg
z@V0{C_BPG3?d@<>UrP!TrDIhIM(lFzl%oMP6($$L_UXBd$hJLHMPXBJ?AchJe2SBg
z37{ffn32!$-FQ+O_YMJk!>8;*()1O;l8f;=+t|<*m%?E+WD4mqJTZxpkC43JA<MFo
z-?Ja+EpIjEK@Q(XMy?|V*QHx;=?5^8+8{Cz$lPEgrUNH`EemVJu!N}@PnbprR73bQ
zS5TG4rIi3(m`LE{=Q8aX*>hd|jN$rjDDUGC>*jQ@>zgm(I;5r7gw7}j2UaX^gNa9Q
zZc#dICU#h;NuUFQV}IO$u-u$3+wVO|S*D03O<8{RFvN5p`UL!RBP^q71ZeSFFp8%3
z(uiSdLn(k}<X#h1BV#Ti?<b&Y^Nay`30B*)Xy<}0f&?g-x5LgH2-w)7YhI{aY8IuD
zkct!7h#@1X<=PYErQd5t+6YbCooQ6DDc>;6M`zbp?{Xsxb9#PuwTgv$HF#5RkJ5`3
z)j=}{KcT`7DE)ns6={@f0EX!7`pVKZxB_>b5aLRdNzMFlz-@s7l3_G49Ou|20UjE!
z25(;9qu_XrJNp)DoY3+LyD5ZV+2>C%WT8t9Js;784XCkmS_8fdJrKf*ff|Fbdn@6A
z%nl0N)@#OYL+L!`^}bFdr^eWmV<|zd<XF)uFbQ0gH7R1}ftqAe^0Y?omC~eO#&WlP
zhuVU%6vmrkj|mGV5(BVZi_`0RF1g~JA<2}SF=co7j#+fD=X<`!m=h{edp<=Xryxz2
zbFVPT6=iXB1C}HUqj?%538CSJkn>W1ZrPD)vE>>9@b475pjj645EXRFQZVrJ`~9aI
zWr(skhD7Mwt9Ngt0@PXO7%zAFOqk|rB$#%XV2UT?3d=)~ccYO7Q;duJ_Uhfwt_0FQ
z7@*&aT=5yt*m$i=Inry_(kZOYk?wkEF_$6b)?Q^<zX;m@GR#N6q)l7}A$qP8lZ6*j
z*c)myNg#~=d@`Y3@l$GQZ6kvh+OpdT>V1$7yQ8|jt&x?WIUXX{hzrdWD3-V)@-D{n
zEz=#leN4GpROR>~)Aq3YZGG<Pwcn6xbKKs*73Ax_+Nr11&^)6e>WTSjqC8A_Bvrz$
z25;7ywQo!q{t5V-7-D~t0&0H(FV#vd0qnJ1L6_XjIi-3*)v-~%;JiuY;vVC?Jp{;-
zfz+B?%ybGe%N}?>d6!({jHMzMQfk(&8-OMesOIj9CI7wiU;OEgAN?Z^{t>!8{jdMA
z;h}$hZ*HVxBrIDtrD~;u1zC`#Zcz!5Q1blQkVliN+djUc71VbYAxnx^6;#b}dUE8T
zu)Z4<9cz~5TzOIWgiGUC_$o*+t%<xVOZCW6c?Y<U$G9)$JY!QpCRY;^FwYl%a{kL8
z%vt=&l`n^THFy)_Hzq8(4N1U$<6(-Y@4)?A<OSE;z9kMaD&NDpf=y{+bsa}hbL#?a
zieo!=T=7uPkN7s{105?GZGr7vidl+MJk(JuRgCt|9C?O!3pw5`tkyS_CRVx5srljS
zis@VmOYj`OWKTYffnQsw+y)<Omh89AuCKOsT_^lVY}{dCT$}pGBLl;E5Qd~&vBYHa
zXgxVQD}f((n^rZ5@di+zFV7iOI;``3KJeOnF2>-aZ(IJ!+r&U>)r3Yy%$b^Utu3Q-
z@ho7G13d(+eKjq^b|25KuQn%OZ|t3LqiAv)Xua2B6YW80>0Lh%aP{bxJ@Z?nLs<aM
zz%9=Mj)La~%a&cfySX|!{VV9$caccN{o!j$b`%}!Ul;-|CAUaxF1RSbC?nv<J|Wk@
zT1G~$6;Zb0eK@YK@@!e2vOy5zJfcIz6D$`Q8JpeHX$~tRsZ4H}B16T~F(WAh&DjXz
z1Vj%<>pApcskb*p%b118g`@sQ1iL<ip!=QF=G24q)jX#wYXn;Ciu59<iwY>af%pn`
zu0c-&Lxd;^04(WYO~_m1DkDSoYTvBBusJtp*LdkS@ABm42W}>^FsC;cuhxW6L+?+~
zI;YaoEOL2r1DCZd3@G&-S3ol<#wAPGq>PGuBxT0ZJnu>XvmCMsopGr`pgUH310C$6
zYg_+X4B0@*`}u2U2*1uOYOE(Nyc)b|@BgrE+17+jhb*;s`fV{}z1)7l`Il)@|59Td
z(F%MlCw}e-?Wt{7<m(GcD@LdZPzZ+@a|@6O<f~jsbmYtCB(VdMA_puga%~i&(@@P@
zL1%kATG-cLBFThu(B59x%i@>w8-<W|m1CX9Yj{;Zn!dFJ-dirN=OV#W-J3wY)^WFi
zEj3XU{FDnwz6~mPUlkJ_IZ9WYQns!9jkW{CjEq_Vuy3WaJEpvpH@3WwVrh{uOMOkR
z$idY|B(~{yd^{=JMmbX3(R)b^-jhPpF@x-%)Fcy#z01i|D&%`>oYjGD=c<0%?|t+0
zf9!nt(8s@?{@2b_f7BnRA16<r{`;mp*2VM9l)Ux!?TR;)&SLl{QSpupv|}4I$@ncJ
zciav~RSH>(?lUUL4)3%6F1dK_TgK!HE(lFs1}r0E`shGm?>-#xL_)^oSSSM%<}=^j
zRN)&}_SaRwn<;$Ttei~(+ot-$%38gQ5gy7k8?;6zw{m1PwAxy-*i$m4xfNb++5FG$
zMEVeF)>cZFl02a~8KJvEfRI>Up4kDRov7fCB@!&p5E&C33rNa@1mT}%A=d1Y?K_t1
zZTPuF2JfHNv|HPgvJdDO%JzNoL15AMnsWmcgozoMQMF6B@pozru}C7PQ`*xkr&ws(
zo3|=3_8Yw%XcSq&D!AkU@$+)|=(e1@fKcEmvBqstI#q->f}H`$;AfviIMDdTxs#H^
ztnP&=3fJ$PtIxa9Xls{jor{s&+C?89yWFitL-3L(h`V|0S1gmwNX~OB7-7`GFmqaA
zG(AtJafJBQB!u0w!~zNd{%g2R??$7a`zr<QccalqyO58tgw2KRw=}=ze`lpkv&K#>
zcBw1@n*Y7Z;802+QAJ_yHT(9&dta=Ks<GvCWHFvt7*Aw|b?b#u=sW?|bL6@j#41#4
z^$GcbD$5fcV|u|d9h#k@50oiaU?-6*F+VUQEi@x3*Q!9%&c^yY2d?wMH8X42xoXWL
zpyfII<{`-9xf*<%O+o94QgqLZtHMv%jH$V+paVLFAhE(;;GyUGfa1le17cbynQ>sR
zuHArD<j)q(vYn?}c5jGcy2y+j3fF=O_cW0)MV?(2XPWFt!Q2{idoy?+V(yKERI^62
z+R7~*UB@#{Hti|4k8SD*6JwUU8oTDIHk<A$@=uX5ci<-ak4o$C6bvwMK|K^ImnS#A
zO6@Xa)*j*&O>WtuGkObbt1c1n3TnvEo^u8c`FW#<i?bIk=IIWuYTs-swaMnl%bQ7*
zbS#paYP?dd^KkgQQBs%<0p$BMKxkxN+qE_kY~TMa&4XaJ^>DC3e{I>@-O3(xJ^+pl
zkk-Dk=M?_ojX)0s7-WoE8&sHIDt@cEyjE=owQ8~oN_FDo4`GbO6RACwRHUOKLyScF
zX8XYz-l>L8KoH?Z6L}}d`Jjm*b<)uJKyOX~2iKP;Hv=o1L?i_<e>aM$#M<-L_cjn6
zEE`fyq1q}%#h5wYb@1`HgWpm)je1w)Jh`>917I2)QpH?&3r4QMn?z<A*T7W3=`S}m
z#(!3ZM3zt3lqs6ISy5k+3+;z*PRY^!izBjgu>b7v|M~y@|Bqh0c>dyP!&c>rjhLdt
zY+e)d7Qdm(Y9p5Gl!916jW*P@({pXuRQH|2xX?_K=g(dqeQhVR|IIhw>{=LRj7STY
zlH!$CrjyH)sNjH0#5Es&bMWGsUz|@NE2JTUSx%WMp3UtBC^^j76!%~$R>(d$oJH)6
z=DOmp%LP`;c_j_-F;!|R+qc0a$%Pe_`7E^HlV|(;`}@bwzWL^xZ(4OS{eNG2dEdJ&
zb$&fAOi!vFB6L)7Z%-0%Kft}Ot;${QgMyF!f>%*0mPnOaoHLZiy>P;OW?12{l(66f
zrJ%LzPLpNBh71frJf1465_`}HWJMb%0rfI2?A0nGj*M+8NKlBLgNM#Kw(!$>^CtJ;
ziIlgY`%+vhYh>O-@pC~xYtI;Z4S{+9!)jb^0wZ&WdNFyzcDFL;a1ORxkuDD~l*Y(u
z-@7F_rbN>bv&YNgXzV!qdVINJGjL0-ER=R|rzOG+U}!3WShx|H%Yx`TZlag8k#3q!
zUpr((7s&JAWPv)kFF4BQK!h><v4aPy3~*{5&dG>o8A@l$-(Z1F5(eJIuiSB@J&_?@
zYlpYqQMp=Xb+{3zt1Z~r?jtUKL%F)tJe(;$TN!V2R&Py4JY%4na`da@jw*#l3N7Q?
zRcO?8Agu<2!F$clU1;j!$Er9P@cr6IV_44T2P@{K5{h!kVpYO~t+R%H9@7=0DHlxZ
zy^PP8{R8y>vWVe*X~^~lsU07M`*aCleR3`m#i({U85=c<cqrI?&J<@BPjy}>E(;9?
zZUuQSoVD9dk+>5FM7Svkk84th)beYL&gKwL&?jfCoR2SbW+WLigW=!kC<9!G|5jvV
zHxrx|NF;wNcygP~L%jcHU;j)#2y#|B?;qQtGnzyR`EU+X8aw~j?-<R@#O>3&8B>a<
zO!u4gfpK)P_mwk#UdZv8l6f8tV`{q%V34<LD%E_Tq&+GFY9>u%G|%IjPa)#*lxE4d
zisqB=s2HD&qS0}m#|l%MMtLNDgJ}SQcvJ0-{7!0flEkyx*00*L=C0wj3q}r0Ms?gt
zzqEMRmSgE}D!Qy%_jdz&hZ@bY5!s=mcp@OUirvr??gWH#B!-?*cws#4lUH*O33r#o
z&O|1YTOALP4b=aUNdj9GRT7kZ#n#!?yTKOdHm#)L?&Uk`+#|D0-VrUQP&|cZ*($%K
z5M*{HyGZ7tpa@lT%A7yn)$5!0SC@9slhf1JgBytGi45x6Im$SpGiLt)Z|VBwUoGhT
za`66U3%P+mHQ(8AS$kH;cxGjhm!bv-+C`VZEu7CX{UN0fsN06xG>CLe(u8WrG?alq
zXRf4A7t|tz$8iTkpb&U){faVS4$U&}3*l$gv|WMQk45L$jGDe58M31KmdLK*d8}mq
z5hJEQUNKWBu_?m?3P#YI43so7k*iETAW4T=JTOOX?s^lNIzLe-gG^c4tj0u*%dWk&
z{2?}Bz}nT#;OgDYFR$LcyTLm;V<SU`85OsiX+DB=UW10<1hXKovslO6K*bKHUhp}T
zo%5y?!D^$jHTc=#YHK7b$ZPD!gp9_1mAfQkbk^XESjs@4Jeo-9*pY<+Eu*y=d)NT1
z^T8~VTD}cnNB<-ML*A$~tep#}z}}D|p^Z!Oq~gjK{5oS<EIIt=VJVir-l*7UU4s*Q
zE@jH}1=p*@iq~QL)AO?{+h;l4a~t$Re(;`UoSm*h*p4xs2IxMfbnZ9UDNa2f0Ko$G
zLWB#ebUJr$qiRB*fQ^6&3a&x;`sWYv98sQWI%4NyC<~EVj;%qBTj%xOH1w+j`2E>n
zuZ&-B&|_neEZpdUGaWKGF)x_9vqVh%5riwnbk4voT;_RaNujuzm-n<MDurgF0?sa-
zNgh?VCkaoPFmQn<1w;f9IT|_37_xJAu1c}QETqe6@SYyh<hEy74r=(2XWYzpeR}rt
z(sRnu(hUS0KOD(waH!fcNxlW_A_d6C#|S_ia<8$aW2P7d!OMMeQ$^^Z4-D)+LIE~;
zw^Rr>3DZIfhRGm2@kKe;1@UM-@j-ePJI=m49n`#?ll=JEvsm1Jk><xoU++STgO}gn
zAJ3jwe|^1=e;pkjK6if|9UYZ_z1+mlyk5f6?$<z~YA%t}VNlV-@8vE*)0W5hc=r53
z$?k|0jSb$iTkc=1<Er`)f<^s5$vT<(?JU|mHy0iz<?<i+`R1yAg!Eu)@fYr^jbyU5
zV0asud{>x<(aEKbk4q?JVa75flpsZ{B$Y;Xr1A@qO6d^bQD~(E?FlnUy1fkraz#p2
z>Z0$Abm7r}E0Ixy2nxI2F*A0jV3$x=V3M?!slY`p0Wof{NS<9@FOum^h;VF&99iB4
z%KqXx{=XyB9hq(+(~O!zu`^~^QmUm_kmxtDK4lhbBf-iHzq!#NNT?}@ct~w8DF`i$
z>|slml02gZDxfAbr$EEFr4i)&Dww=PotRcoc&}cv;MEKCR7j$8^h9<+d4D2X*Ow<Z
zZ;C9NUxCBJpTQXX_T>71hChOlXZMOh4(ID42MTf_liNRU^$FRsePTK_smK;|-9q|^
zVf&VnIT-B{Hq8wfMWpkQ4dUi&u!&Si4Wv-o`};}nfA9Cc>HYHafBbpJPUs_i`Qy{w
zr~lsienXv=oB6kNb(z>VLDLXZFeb+?y385El1VRDY{uDLv&z$bTKA*)(7gLG;j|GS
zS_0vIkm{BydprHvC-wMo{=X49w%VNI78dT;Q4cL0S$wmHJuMPfD~+ZRJ!Q+b|McH~
z{`o(m8;)-_-Rew&lgRmC<xW>EtAg8=?*K-yEd+s$6^*e6LW<tIoQZ2gliP9%K{a<E
z2s>qyUdj}ov9xR&855kj?19Se=v)WNuib_07oh(1xh$6BX1+|&qB9=;cs5uwRPWox
z4i3?DnTO}cvjNf4I}?+Hs%Uajz{gaI?QKIeQaR`<F?|o5ShRmnWy&B~4De<@o(+)s
zjnQNmYRBx!WFlp0<#S<qEBIKh<jh_jLuNpYU*&I$&r+23lKv;AVVQu1_CcC9>}n;I
zjqIq{Z4hNd+E|cD)Rw#gH{u3puS6*GbqSi0JLgs4od%*hqY+feoAI=u8PUZsC_91i
z_l^rlndp;6c_>~x&tfDv^8jUa7beN2=2q6)B8$!p+Pk0&B9o+u7Bdkfr^@i8$f(NZ
zb|0A5b_$ij2;9dZ+7Q@Wp^c(ku(UCbzmh^RkfOf)T}YVfohjluQycm3l^idfHr6s+
z$?}>e?~=9pxAUxaV$m1PjwcUfS<5i8*O+T?6-_)}Xpee?riicA3Fd04&Ro7jG>T27
z;6_4P_mNafL27Yl=enF)OVj1@aE^tvKUJ~N+uP)P@clJOi|I7xm0PaCyB&JQ!=LbM
zPKNVZ5O3XD9vRawbXsJF=NVfF1GFDNKRo+CpY#dyuQV`T?po22Fjx(Wjo1sACCH9<
zislWrB?KifcH7%~+uJyrW9-NT%u=4a-rnB(ZwrXM-5E2JgYD%z!)5>W0H{YY;zkYG
zm<#_wJKFX(dYorkHu&3B;M?AIUk)!Y*c+bDbaVcr=s_)q9Vj;9_iLXGZ0;?F3n894
zzQnv#DH8@#SvL^y<xoz`Z=_sXPO9K~g68UJMB&y3Cfz5O(!iBSn3!=T#S|_Zbe{xH
zU}!nJDKj)f#FHwSFiXviRI%xn{3&vKG`G}OacWpLuj7m?RG5nZ^z4vprD4jxR+IA?
zv74OGjBjs;g)Qu$6@MFaiyap4pufFsXzs@eF~*MnKwP<EBgOOtkYPqwIUbxhbPICD
zaS4VwBtA{<e2VD=vxFx!TS(tCV~UUFE}tMoZJ|;R`#3l17%_EBwk2<ld9M(9hV`-b
z+Xbn|v*PlcubX1yd~jZJ?6Ty|>JHacWfer)sL~q?HB{$URyo=F<Xw(VHC0KlTK1MG
z(_X4)(2*98v6aDcDYF{SEqF$DAT;{vhMczr)Z3f)>j3HP&3lh$_D{&CX8iPOX%YJ5
znnfL*9sKMv><~c$iNnK9v&~^F>1O9=`#jdE_4E+MuvSCV(vbzu^%&t;S7;L<9hG!W
zQQ*84+8tv1uH-Efi!SgMsNfN|U(1E<zpiji?a3U!+5d8hI{eJm3x+(ex2~!-xV;#<
z-z}Tymuz{182B)QSltxCH90AaY^6W{#h>ojMjw|;&qRK@;M#n=U}KuhKVH7M*-)$F
z7l8>RpjJwg-|FHFKf%?l{?#)k=4(02o;P%Bbd+sz@bnorQzkfG7G59X?RQJwtP8%Y
zO^U=oAF;wAwa|=gUA_MQygt40ZKBMCHjJjw6K=keW#JIpIbpGyj4|)TD=4A$z`eSV
z$?cm)SMf#iw%o^4H+$E63sUIo8d<poH$-yu$^WuEKb=F4ar792U^ZadoLRGM?X^ri
z3QZH({>r)Ri~>$C^v|7IT*8_H!pJf)Qk;{-1bvopQ<C!0h$$wF-HFN5@Rr<Dh1k1y
z8Y?^N4SBWzxC14JZ2e28p<@}c&8KY9RvyE0tQv}Wq%4|EbJY0I1k?j{7iQQNK62F(
z;<<v#3LpJ?CaEdC^_id`B*P^M<ufO3`)!YF8WW7PX6Y_u8MUVkMmZh454YpR{`AY=
zMs^R@i}a~&+d_~}Y{OuCA^`Eh*R_p-%q{!7!A%Y}_`(PGl$NO`4j$xiJ)zNEhr@_8
zG0W=whZCElyo?o??Z*4v?PFpem!GXFO~S1xUY)z$#<*9XuGJ1`51-2*E7jZ+p`h%@
zR2IUZqC^H!n0rD-O9M#d8;pF}H=Ir_gRw5fk}r;FZ>bn(>`UM5Z>hR{OZCcBIOhxP
zJ!Vhs-=VGz(wb;XzN03c8$>%h3>jJ)KT>kq_xb;Z3=(eJH)O)@Y045lt+G=z<gcQJ
zWQ=M<zQ!RnGrQnjf~nCVm^Y((;;;R=L-DDfL|hr|oUXxV2;!}4m~uZFVg1<%qF|&k
z2qMp)Z78H5m@iLm-Z`(QQigA;XST*J52Q9fC~g?IS8sX`#d|MGK@iH(M1HIkliD4j
z<j#(?oX)VUc%4jGicv9;J6%yQsYb<JOeyP2qF_RDEIa|<xTDBlB$*rznL_T7iW+@u
zGyv-$BPCcY?A_=)(>%|(XOBV@DUD-sB}xv}vli)Z|F_AE=;yGpNF439xk|~2$v%xY
zsLfnlRe%=l;&B72)g1LU5s#bmOO^66sy0m^E8>mqLu|2N;GI`=##PELkQ~P>RbCn#
z(m*xq>}qys>XKHtFpOa_Zn}~!!jJepdR4gQu3#`Z>>nJIf{kSZ&<HTIzeAA-NCO#D
zlFl7V@1>zKw$8|1Ldhh^6N(|c^}L{w5g}7(4eP(Co?&+6oPkz}v4gT@Q)UHkviElP
zxUm$XdUp88H$zH<%FZ67T=V$en4BiAjk_&|>{6y|AeFg-q$sOS?_ZaCKz1Ho8r5JK
zVS<(Tl6(chsxU&o9)>?Em6nzr2(tJ(_Aq|u@_eRU215jJfgC8)%ufn15KVzq{fd@I
zMyCY`(d{|pJbC`?<<ZMn*1<-LZ$q-5)#-j#Cj42EX=USFD{V&EOpYO&${Uw@;fjsf
zD(llltWS6-EU9-9LkXmJ=W$hmj~(KQocXkyL>4Bu!jiy(bp93qdpu$lB&BR{O@>c7
z-!L$5!c9?Cp&Ij<l}eTq_?9_wQg9%M+k9P`Rp0~Q+D8<0lZSLEale6<{mvi}>{=R{
zi>j%=VMj%lfwICgQFu}^Irev2WEsE?2NxZPe3^t|h&7$ZjH<m%j`u=gsh`PMso(Y$
zu4mP}@C_@q)3|2D49Ebe5)>0DYdAv}@4oeyd)?TU$R5TdZ@h|YHe-sLx!r^{))F=k
zSESwVgbpPrMeKR8coU;Ciedc}UwvPWopP;O)VUbRHA0;&l48bGmmu`xYo(<6_=Xyq
zZ74AYz_?BnV=FTzTr75YEP!Z}%EJ5ufn&b%+P$c?el$SLb#Us*r4+s}i9gzKTe?<l
zhMwO5fKz%8*0pQ?_sGd=yHBUgP|Go$r0L4?-fx4pRgiTVwk#D%<&<(kf+R!@><)7D
z=)*>ZwjBQVZ^_>Z2FVF6+>=ZeX^#tT$~pGQxu`q`qM;xYP=PAcnWkkfhbc`aT(DA|
zCghCvXwJzFW}$sQEQBdyBl?y-KZ&P(a^iz)MtBwMBoqqqXeQ8Q@2N|X-5ORCRC%;g
zK#_ws<?`ePQ+j#TrT;G6QtgO$@a$!OzrWu<*o-p!FT@=(<0#;xV?au^e><IGIa}Oh
z^oflZU!D#j-yiTASXHlILomzZTi|SO+q1a6{d6~QB#%p$0K^i6yXb0jaP&?8*^9%z
z`~UIRAf$$$Iu2JAQ(~M8NMZ;{f3<Uwu6ECxXNJsKXwrb1e*N<0ix^+rdL~V=L6L>G
zH}Ahd6<zQ@sVRtPmOuugQkNXH5WT&5U(bG7RW)s^X!<GjO9eGv-?v_tjX*)@Is_(g
zDi)JR0PEx&v>P&HBJ*w$5stAh0VfCzX9vC{rBT-9jc6d6Wlgn(Tohr>2v?|}q{pJ}
z)E1?ewZeCP3Q~|A4yINwGFD2qw<p*C^Zo0qle5>vP&H;|IY^*=Z%S$TH%S2NQoq6k
zf?ck1z&f#Am-}KN+hAJ4h&~G0$Pg`3*w-@1_VVP$8FH|8LZIo2DPdjxs50-fGtO&t
zlxs>1@|bx=1v42J%~rb4qeg-#RlCS5HeMrr*t>dje-DMJ4;8+_@S?yKzVS95vP_Dx
zJ>$S-P;~h1xp7e6xmS5DrYz6oe9DArWJ7$UXX(0-LK?1#ysPr7<F|J(eQ>3&oywGD
zv4N3WK{+xRjfvwC0>@B$c46p5PV>UmhkS~Tmv%-mb7m>s|Ag}0&(((f;sAgQPp}k7
z%wHHKMc@7!o2#1$7N`s=qD^x%-;6^+?-VEnMa^VAVR#Vf6Goy9=MMUi_<A}m1W#zR
zT&Bwnig!CkP5Z=}J|Fuo)*?CyOc@!SGqqN#t%m?a$tg1vR_Jf#TV@nb)-30?J!tId
z)ft+6D=ni8cJ?VYi863mhQY1g+umYOHM}p;3(@0Meyv@klbS^%BYZMZ<QP!<trv3O
zyD7Q!mKed777b<kg85+H%ugz^U4i|fKwkj4S9vdht{Li1cH+W&1eBF;?Q%Xf6l`gI
z@zAani~COMQZ_&z1E2D@Y8oR$ZeQIJeX?{eQXtCJ%Gjrz7dOXsWSymjg+h<d!SUFO
z`)2=}X7Me~09A_{pds&}$QkWkkp=HX+tGwL^nc)reOpkKJ{0~915`Uu*1BuKu!rtJ
zR3gM(dEg#IM)bS#$a|pJRL+>s;|7TXSIK-o)C03!UGW*Kr~dPm_GYZXiEqeQm`bqZ
zD*7(&83j6@Q4+Jml-xt$`OuJg2K>Tknl2_J^kJpGwr7yP(j}c^G&<%T!<o3n`l)1d
zmp9XWU_<D;Y<=r`JzOnzsKsB|e=mgrG^IOoo~@?PmG7G6pdn2K`1#e`{N6gATu9OT
zJ5w<=5)V|20h_PuHqS3-VlSb4b91paU~g_NLU+lYk(h4W#|DA$isZa^$D=-e4yq3H
ziwVKM*y=4lZs=5V73uTvFq5Em&!!GFWJ05shle`UV5VE|Jku&ueDOWPM6GLW&9yge
zhgmX|H@%J-dOX6gO}-6f`H?>9ksq8M@qD0<Q9&0?t&I`xMI`2$lytS{HsXA6^0w}m
z)Ps@j@38;10e$zCHlJXoAFB^-XzM|6&qd-hYpekJ)na?R0ct77uo#XM+Uqr=Dlex{
zL^L!=QLiiM11`}*1U375PIQJM^-^RJLAdo|u^$2_*9LuIy&6VYp8#|ubcTwwtNI|i
zUzYr6E(Thataa{U!IIHBHKSP7Aum)eAtB4ccVZN^rfuXR#oFehMWE_h&0r@g6tNN;
z?O7A1G@>LSYoz&_@`ws<b;ssJ2|YWP*sqajm6q%X3;3{##ar0t^>;O<18UmmnyCPT
zGDkS1-C=g`JguS^OLUVfJl4N1eCyZUAV_xU<s)X>XvCa#Qp7c4&+5+YsWxIb)PzM3
z&a&Y&dKXgW1FVO%hC&)^Fgq_ku!zqrcr^o!Y{jSV`Wj0ums=)f?i};{cnfK=(48KW
z*1J+D1hPihr8YUlxzYxh-l)vxcy@Vmv%Q@zX2p0fARUww{kHtYu@w{PxF~CUX@>Pz
z-QwI*5-AK9cs&eV_TE}$rO2QgR3E_jzK?#68(yZGr!1lBBuQB2?!Yz0_Up!;rB)Bi
z08N3_^IwYdgXIvPsK5hf;MLjF>nnL5>*N`KLWLCbslDqQt#VG#k%c&202QgPBabC8
zu^5BhCbTc~r5g9ig&b>ghpsPH&M<|Fmxgohy|A{@uOP@$0XbeNR1M=Jo={<`ytK0-
z6HH+u#aOuagld%GQ?8->W#uvHoxSC#426XfXoX&dy${e})Hm*2aKmZVkbA#v_rjj_
zg6LB&__Uak)V_*pGDfmw!l(3>p&Nl6cfsBF%SjfCP+3p@TZD*{0Bg`#(lkUM5`rQk
z27i5Y_+??yREli{Jeq5`VRGc4^dkrcR?caP<65dG=T%=w?#Ddo6LLO6+Erym&S)W`
zAjYtyc#%4!Bb8;&WrQ}s17S+oVKLfFqL|%hbX@}f{f`$Xm+K}cfq;(&*9{n`o}>e~
zO(^JsFP*#u{=-YzN+Lrp<S+Rm*-8L*YosfI6}9Fo2^Nk}iLS6rX40Cv<Y3d(C4L#-
zuPP-|F68^8)}<Uh(o&v(^Pr_{o<<S6eSdkrS+6@TQhBG}QbEV;4Oi@rX4zGdtqzm<
zp|NLkrqo7q9Oh0XZe-#I^~$rIvhbO&JAs8F;!1X3@Y)+NfYLt=Yhg8qF@KqSsHNR!
zP15zlLi^>2tFlEPokXBhlBpdg5}NBG^SNkeho$3~L}HCULZ!-#mYGE&u6yJYncPKa
ztUk$$@c91dQz3E`fyhw|B1c~oBHu}EUW-J{^9>}KA6k32Kq|&hOKo~a_FR5DKUM(K
zPxVnK*ILGMUq*9-HmtGMYe6Lk4rI>BGaji|-d+K=_yNO(m6Pmmo}MngzzvXmq2EIn
zd9-qo<KFD(Qx^DF#`2Sl&(`0)vPXrL)g%X2VAF;PW1G>YnzuRH4X&A4Fb)O@3BDLt
zU&7)7X3oWU9nX{>qP^-8PUc^sn@WQh>u|n+&$T2m2VXzilqZQVXanqB=-0NW$a=uL
z4;OXRyr@k*Y|2Hg!T$abw5?Cx{t$A&ZFDp^aH}}rjg$9<tJz><kP~iM(a~eA=;26r
zg_=jpTn-eMikp@ClOJ08)>oVRUz>{XR8$q(SCq*sL@j$-v!s8s=|Y_W5lyJqxs;=5
zA?&)VOSIGSy`IaoOlaS5EjZ;Zj)Xq75F#O@LG>j_N1`fXh*@G>KtyEFAbiaG+k-pK
zgmD%4xrF&mokbS?>LWvXt@VkRZ|zo#QtWR9g9!Jzi-}#GKhAyi<B6DWs8_yE*G+*M
zsaf#j*`Tfzwiu-gj%K9-YkW48e{p3HQzqui;kyq|Ox~yYhVB<Xo(&!~$0t;7cu;yz
z=UfpPw{o|5HF!g&G>7O#Y79*#Sk@U#hH*EHAJ1ZmO_p<jenBUUsIhD5N6?+8LEMKn
zQqeJUzo5sD-Ckd1)H0AxyuallJtkXN<0sDwMKkx$vTC(HCO`fB1V?4*_ozO{AHRC!
zN8Pe#zWQpS(mlhbc}5M>KGZ%@X@AM)@C$|+Iynq{6FAfTIh|&aZ|v{y?;jl=eubH-
z_Ur#YI6QjsZ2zl+!xu--4iEPa4_<t=|Lo=d%cHNz{$rfHW0)t+_AOYpZQC}xY}>YN
zySmh6+g6vW%T||d+pgcO^PY3&fA7pZ^I^X2h*%M^bLEryMDE;sF>*Yittmb(eo+S4
zI63wHia6TXU1l!ews;PQmdy`%Z@F@5=j8Pa#`4j&BrVf`bIAX$b_Yp#jEYxnIe}j!
zm&D^OOn(?0S8YB1Z>hWEC6FKNcH5wXVI)jfOYEgVmbUK850I}7F^g!*OjxLo*p>!^
zadc3c8~qI!FUl>))RHymy{8k3zkg#@nz#6gx1b<wPPn<I5N=e)LggxY;Z3Ip$96v6
zkC$8WvV7r#;eG%5rmO(xpfgmzTu}@ub4E1UCmPoa7#W`)97Zbcjuwz#j3c0$V&*Z2
ziFpqP1G@1#;fNvc8mXL<F%pToKa;0(=yTCXun^~cp2l>b`}F_!@^lGZiyNkU{+*fs
zkJ@xdPVmjVQa~kM<@x0(e1oeSkb3Jy;E+@-)o?8XQZ-n!0$af2+gtdH!icjn$wpON
z#~KJM6NC69`B!kh-FE=snqO8DTK^n2<jj~0TtoQalF9oTZAEERG^cE#9u4H}|D_l`
z)Ux3=={>rPcX9q=Lgbz=s~6RwxTDA#ozPp^CU(n8v1M8k52|}X$OaL@xmHSlt}bi}
zA{8Ct4!elMm`BBndg|w)v&QR33VaB5+Fh)RchJi)jT}}r@i=cp)m^BOtwL|okf-w7
z7fQXdeaPbv!*X!o)a)3iNf8KN<8pU-izvpw@u`1t4=08O4P`95wtx@hrMsuLqS+P)
z3+MYmiV=w9qhqQ<FnSQ8__0;J+?-HE#Iu1KS4$gjaSC2I6?@3Q1>ufmBR;#BMD*uP
zgRxn3msZO+c6j%b^dfBv+l-=Bs+CX=po3rpqA(4CH#u)gtLP2SLv>fj)Rux~nVC4^
z(|v!8Uz{GKu%V_wt5*`>c*{Je2CY*ff0df5^fM(WryG;po-Dz_h>iCfPK)OCAY^Io
zx=<Bhv0jM!c91;cq6g!_tr3FRXEIv0LWQ-Zb#03F4KuNN>|XQqZCb#;*1J(pMbrpz
zkFlg3k>hdklwU%5VF87WTX!uu!jrQxOBL&cByySNWw*V_JLQ9L7^iy2Br?!O>(qe5
z(+z%+I?@z!xs!4MAKgNGJ1faCsr$I4q*2<9#>UQ!S6Wlg52K6Q<CydbcG?;cY>w7)
z8%X#-;EIEb>D;&(Ga8`6H|j&e4W^`p{3u_(%4g@)<GW6a(bK~~INjtDPaUzB23O@L
zm$dX+3%Q_YaLd!E0*)=-Gl2~bFS;V!DRZY=3Y>sKA-iXTigUC8X*BFBEAkKl(`Kl)
z8~wmPPtpTAV*oC7lO+o)pP^n>C<woUx&wP%_~SaR>rRNe3{XQnz>WnE@pM=VWW@?M
zZN<;`pCV8vHUVC^`l(t>@#m65$qQfze*i@zr<Wv3Xo^RoHC*Pqs2(K1A=0}e?s)^$
ze7Mzmjgh;tMv|5KMJrv%s}Nv^e-}g7L!oQ1&Z~vo>`h8{fukMKd>$it(z!FX)Dv~7
z0-uIiJRGZ*DwDkMXRyXgvM5dDbyv+a*HAqjW3N5k2oj_%(=s0&<>wxBs+)~oQ19;e
zccEl{#}o-P-Iy+K`Z*aBT?O1~hNu=EFlx@3vE}lXYfA!0E7Qvv50gEtbU6X>)S-A*
z(B%Xgw_Er);}VBeugJyMr--l-(W1FwAOh_UlVv1JEddx<d-&T_V7m5?5=kpl64sv$
zdppA6_NT`3nZ{{V76s9r6&lxAZGHGf2jwj(Eb2;vZN;-V?k+qljSKeYpQ}XL6`O)K
z7p5j>M`v0&gI?{I(hHgyEA8GK^0&JDHY7X4*?VS-7T`FwLrmPVU?$$&41cxQFcIX2
z;TW5^_sg^+=vMPMJ~VCW?taQ2t9x;1Y+}=1&$3^^)uX(j`SAwfHDr(4J4p$1*p^1o
zMx#)uZr@99Wi^HhpXc+T{od39Rw3)xct7MVv2tNDdVKkC`x93qQ>KpZk%r=c%Cp#W
z6&=2Kx&SFtE&x>WW+=57QKNoULaJ_qMBCjU+o_#wr_!UQpqfn1o5@_)4x$`}e)6D;
z<xTh)SCfla<6Lh7k_EQ8l-S)vgA`Jto$4S6MWqd5AP}dq4!d+s64woH1>P+&3id2|
zz9W)4)>+p1_zGbt?ula0HZg9EeaR%mj$V%MKoOhH3k?M!eD;Np0_@W{S>+vYne`<9
zQewloE{#17GB>PN2Z0}G)0?!jEoXYvdc0yk9dVZQ$@*IV$cS3$QF?E{!ehERkEoOD
zS;y5T++3~4kdHonzQB#2f3G^MeAibUVQ6$wQ@0^xsDCh!nz#4;K-U`U(bdP;YVP0h
zT$JI$2&yWa!%V0(*W`bK!TzD=z-bsXQ*qhzgLwFBCJlm^><mszNnd>Os_D%ZV62Q>
zRvws)QLqJMtn75NINoFynSAr&y1EwTl}8puHwYm+@7BGYwwH?$X?LE0TtfP-IWWO?
z@h2)JbXmACr*O}CUC|cbkCB*tJNBq-x=%zbSpl5Q3#witZl(C}Cy*~b*Dsi*)In=Z
z&Ob6{1!mgoh;P~(*jfh6LQAF|qnUJwS^`S6?YV*{2+M<+((hr#n*)ss)9Z&|@2Z&r
zvnK`-nIF>5Oto=#zx+DCvUPLqMq;NPEl3}gMYNFsFU>t!j*~0<D%|E5k>blqOkXX@
z2z-mnihi|VmXqg1ST5uvU6HCbjg!coiIAId{vD&dMTo&UlQ1od1e4It67OENCaM(U
z%>)Zlrza{P#^88o7-T-`e8E@Yw$E3MD82aoX_G8<`pYzndxvoM1Z}Q3Ruw;Oe?w}s
zHS%KCBD!&tgB9P1dmR(Z4ga)tX0-RE9}b@UGpx6JHSThis)pS{csvMMnlR<yvrgN{
z@zLGTFZU^Ie5MWw$!S6wa#T3}2pK<Ny$B7BsDE17R8!^U$1UC7I5wE>OMe`AZEp{e
z0^K!7`e!fPZjH<C8v2EL8c4;Qf<-UyrFZBlemrR3I?;JQ36xTTmkdL-m8;EJ7AjN5
z2}y7ne~IvU?021m``FIs6oV1PsUW#S%;b%4m|kBHWbK28#=3ekPRPKfV4NRSnR(;a
zmmQ+*{Y<@ImAgIpBa{aM#VX@(sO1w*qbWV2(8rOHVu=-gxk=_#Tq!B<>8i8z3-}6>
zv}=2P!lD5TRPm`XSMa*etGm4bZWM0HSQ9ymJ6hj84X7&O-aSnJ$1T;{vxG&~B5Vb#
zihu#_g;erAiX_t}@1;MDZ__%XKe$J=y9on-Gs3hlskz$!iSZic1IjjcAX|J`5qTH9
zObFn9!p>Y)6eU*flQo2sK~ZhjW70<iJkA<5c;Lz|Ti`|NoS4A)dWqD;Ln5|g0D2Kp
zw78KJO3yd_j>{Y%&v|5l!mP4AB)!T<PQgmg8mUW!Ja%Ht=na_E*(ZJoUq0c`j!U>z
zA<AcHSb<(@WMV5<)DK;hD;c#R?5&d51gL--5Q{<K1&V>NTXQ5-<b#ER(+-OSW>JvY
zAPTDv)hQcmvLN#nT*~w2=ZLcN<{c?(Oq*#2`RZtdwTUyF%Dsyw(r_(Osoy7sMkNk%
z!5_D@-jP+a{1mQI*n;4d&I@h-R8LPE=ZQ5avS6)72=~sBC2MzP?&a;8c_TYEuGYDf
zIj?qmY@aDgl!LG5B7A`=Q*g_uw8}~dLD=QJQ7@was!m*G$Eo;R&t#y&>}XqacMXBv
zH4zP{fqe&qQ4%Zry=Aa?0b#S{VY9{k$dqNx!cYxkXY_lr1f7Wcu(H9~@=>!Osotl^
z5<cCP3byI3&=c=eUeaV{P5Z<#%1*<xN9dQjMbnl1$yI1;%csc}^bedFN_OGmMFlf{
z#FQ3amDCRsen4wK`(JjOP}TPey-S#TBFgj+LgaECVoAblX#*CbAb<9*9e%dAzysZu
zlYtzY%Jq$9Bq5bj(@-o5RgG&ntsk(Lx<hL%&xc^BrG}Az*Dt84{`lSIWNvRnpQC=B
z#&sL4)IP&B1+1{@eX{fR_tq&mT-5y}?FYi#V0vH)sT{5cY&Axi86tYm=yzEzlm#&O
zF2Sp*-c;z&PSDWUh$;`!nn!G31ea?=UImwT5LGfnR>Brqzc^xwE`lq$39ITMr37@e
zh5pkW%~%0jcotmlA29e0`ZoTH|2DNL*1?s;a{s}-?O%V-R}1*>u(j7embKfjr_7i1
z0rtDIpu_7;sTDpMmrp1+tISTeDZR`i2053s()N3%Grm|J#3FdiZ7(c(zqbFjrw2v_
zbLM*fY3|AV8?#N=@NZ*!p!~nM)G>Dg@x-!!nqM!x8(vt8dH)^O&i%Lbm(Am!P5TBr
z{%7Y^{{Q%pG|vwZrRM&(Q#Yso2J;f%eV}ea|6gv(%x{!f#nqPl-)X?<UHgYNyCQdC
z)!wH65chAYw!s_zPtLws`F2-WHL>iUW&Y(ZxYA<YKOFvx(*Lk2Av50<4lmf#d-?nY
z#ZOPu$HTJ!qewJJb#`+!{aQ167G=3U`$S)e<rLk<(_+1OgWGK~Wre2|<e_Tdpf^9g
z!Q}hseOXjnx<IDzvI5hu!?cF6aZzh#s>{<zk^_u@;%#vkN1YArO$C8EFDl>8{8YIk
zKts-AP7-#MZi(v_p`#nywi9lbNbvmw(UABH!`X!ld$CkuoPEg9=y*(p0#3p5h~hUF
z9A>EbYiP9bxaur|J3mW#r*HNeY?nAmFiT+wRp|gZyXiFA%XoCC-$+sLUa-7hf!~SY
z9{V&Z+G)uz$KNKij)tbjli;&Q&=bx+8Dvju&_MhtFoWK(>PC%Tc?s7znoxb_vWcc3
zSJLiK$9>#p{aeTXlC+{CO}rcL-f32Zfr#H636%O{Jwr8f!emk}6r(}dD&NdddXdzS
zTyi~lj;(SplhKH%;}<MI3y;9#4>qd>&9!EE6EMKyf1QG!;Fle5y<@4$rj#TV!<5@j
zJh_GFYnmvKB8y5acW9$y$w9+HBtqEgJj5cU!Z1u|tig}&lBC3LE{bdI8SFysM|Gjp
zjeaNJ=Ayy{V&-8YA1Yg<G4g5|#PC5<{91A$D<z+@E0w4OZj!vg&&8Oa8offyk<>O6
zT6C@X1a%b<SL?gM*OJ#&v{uj7zr_}vUX!MKPo6~U{;vS#o+Erc`Yy>KbS3-5O-a;@
zf<bToSi(<J)s==Ua|xS52oY-5)&s!>y4|I*KXT>x!!abY$nP<<$7A$g5*Q6CffmiB
zpm6R}Lt5YqbCM&KoYqWLQkq7T69@P|U|W{tQ({0)^1icDZFl9rlAH$6rV3X8K@VTX
z4iQ%J=*!9%D3NGS(NcI8WaQY&k49B^Uj|DA1jD~cAm4R_n*<9Yx-hd|N5>}c5SVT$
zcmWwFE$;ww!d5Dt0EF9ss8565ZAt*9poMB5pBeS$fYTtM6x-ck201BcnoGm|e&OzU
zBJpw_A{>5}FkHU9{P(fXFw}sq>;bLEMa4fn6Q&kj766V!HLUSf(x^I$+)P3U_i?@b
z1rM-V*HtKH=?<+b-hl{Zu|>na-5)8nPbJI3_kCaJnXWLF_avm%I#Bln7+R)Y4%$xC
z;(&DgOtENwPD3fNOa;$0_aS3&d{^v6DWiCz+AVmxnkCLF^pJ8$`v9TcI{#%O<g+*1
zV<p?R>QY*&Ya?J{8tKI2;xOgdO5X4K!^QmCO$>DaZTgixTwqYq4N|j)T28BO)G6yx
z#p8+i4mIuqAJ@9ne3D=-;GHw6k?)tw1dXV8C_;M@wIN2V5%TB2lBASTx+K2%-vf-V
z+ki1h6?n<7!x<$$xmCE~cg)7XstMP^!>tONx8-Ez+M*nRwDP^u6ZDWQXgWh0T`$5Q
z{)P^&YYL<{gH9SyfJE6=WFn%EZ*kQ|<M|hRviTl157EMNyIG(t2cj$0AJda`4KJYu
zFex;b0-3cOrHaU%)p<R_faFGGdX^$+hH((N5~qSSNoNbG)pnKT73wYoHqJj;UU%xL
zM#4S6iH`%{d3JH+W#c~%ieY(i0Xcad_zkVfIGR8<c|UWc7?P?byUF<q)SW}V7OBAM
z1c)ad|5z&QZ#6w;bjK-FL%_)xR`!`>f?F;%pKYe(#lS&lo|j$%|9A>HwxLzmWVTjN
zaF#hqcSaUb8H7(pZRF)ymT@9GVQoGyE<{@7F!DTyvu^kA54=ljeb%*}s<8|;sNo~D
zi})7mQ&K}@D4c_R5T0~booad@Rs3SR37He8;W59$q&-FhLTturdT3-h-*iqS_(cz9
zoQoc9ew7!6c9KyLKc*lk*r%j*wwG}`Qs-|G-(fc69mT3v<vLSug}~nRbTiT|TJotY
z1*`p0!npW?`7n)nGF6)~_pk69{PxPX+NB^5Unt-^49EBdc%A!ys9v(ZA8VKbWPtK#
z!z=5a1YdPxV%~H3*p3Cf^JcS~d<MV_T>wuuo5#)$?l)ixgZ~zqd`RXp$>(dj_<==^
zXb#jEi?2lIZS3&<?X|LHg5sds)V{BZ0m`zYHr(=R^Y941T<V^gb`-%D9OIOz)bjBK
z-KV2Iwc-QZk-(W+erm!}n9+(RPWd+}f4+JaBH58u0WEi>3a*cZ_s=yMDhIs_%xHGh
zufEsknK~Om#)P91q-5<K%<{u>9Ot6)%wPAwb3^sV$GslkHLd7d5#<LtE3jzo7K);Q
zY(F)M6S1T&_-0E@hpl#wWBm13*s;{(Qp-+1Bc$!z9Z?76WPpDNSansj(hp|y;)Q$f
z@*n0;D?^%gmG6wZ*`oYRN2I$6?G$+X!^>LI?N5?u{J$wqwmi>(I=54)I~t`o%5rR^
zTMlLa<yM;X5BrYh&2$2KT2N5GwI<=b4jyi|w$gC}kWjgEFoLsQ3EI$Zjf^-=7|mEy
zFRcWwlu~5djH0N~){D5W`xd};H9xK1>c;W)y7AkU(rS&ktiEL?<1;5t0{4g-|B&bN
z(|Z0VoOh>B^grRe+&M^ChjP^)`mFmC$~g?-D)z1kQL;~CR#tEHcgZ-Z-^m3;Wv=6m
zDwV4i+dxQe-Wc`gcEWt0k|6~X^MAuXwfQnqt*S=;zWq6)k%A_NC2RHm2w!^bFgJ1H
z!?3MDtK?+PMvN@em#hh=`-M?ZJpbGfi95G%?FNv-nu5FwK&_yCp61xPu1fjX?(3V|
zodEy39=cDHzy~~&=g#y478~}Ryn2~#+=H%R4d`!uTe#_Oe0DpxLzmAr3*ykvGz(Jc
zJ!RFY$WYH4gk{*uygAH5SNsqd;*UcXr5!rEYrXhSe2;yZctc%WzooqRAJ4erVd0-%
z5Ot29$l@&f=`in%Z2C?#t;>Zk)1|!5?Lar4V=}zDdaaNk0tCvvd`&VDm|S_usS;qV
z-;mJJO;!c4X0tH7savgy4`Bzl)4pPrxflISM~86k2rn#a-F@3#CH7oDvvfu0$C3*@
z+PM8jp9~$6nLr@;pY%1d;;rXK^G~{VCvsIp?tUEpB^b-OPrM(`skfFHh1}1%(Bb##
ze(Y<HPKZ?^AK!Gw)%a;GXkb|%!tRCX&*YE!hWu;E<X!Uy$wLD_XE{CjWnif{U}f!*
zVt%~4d6L+zPt0jMdaEQxJgPkagf8pIe2elWY_<qA2d~Y(2>S_p0$T;7rsX@kVWWnx
zic%WG#I^RG1D6t|#azb;7y89wJ;lphz_#ERg=8xaswrmJB}>~heOD@`gH>(1idB9$
zKaFUeyx>s68qQ~(6(zXpf~|{y=4>ZiKu*8_T3dEnqFB6~FT=UB9l>=s-4kg!d&Ou~
zi0UE}zYc5`hKQhufWWMhR5|!JhmO#1g7&6^swWcvr8&p>s!NXp9Wyv@GtkCk4vtc&
zF}Pv^jUCZu+zb`&5WOEkWOU39gRkMCm~#t<?6A&!#(^~{1ZbtaZiI8D5|~P7!tAg0
zLzAX}fh848e3&mFI&$~n0Fn))+M(8pSOr=}lRdq`Vl)2WpAst&kiBspi@qirWw2ZP
z!|Xpq`Is26*y39)Cg|ku;e3(tZ^i#2O{)W_I}A1)GtFG?0_ZedhP-#k)z_RL-F4C@
zpbeC7i_<ykZ=SHZlOjIa!iXZRktYmc*)is-3uSn4Z?*<#p}GttTmmdQ$9{k^G#8LS
z?4)9|k%ek9X;;q5u^)tF`}mx(V!VXjHYg?$i==R(Lcg7+UIecjH=oo7Ox3_-Tf(Mm
zp4vEIE^M{a)Ak8Uqm0e`QmyCr7aF8?LKMOYn9GKG2x5lhX342ydM_To4T6jrm|}<F
z(!v{^%4d#pMi;fLn^u<olZk215_H~Uu{p=yZ6q5zFySJucG?6pms6arc38Lv`Q-nJ
zZnJ4~=WD>_pVRux%8$4JxXYH0$dI+ypb5}856HVD<ky)65D?(wxxQ^P-uhyEI(+Lf
zRekUiW_S6SLF&(br1mma_*GTVo%l{*=Jfwod2xr?7HsVQU5sF3<ue45Qjsg?)~){5
z%%n4P+-|O43t4%<r_eqe;Jr#n`jQc4_0mSY4<BN!YidK%!u_T2ZXi?f)d+492r0nY
z*~hsD1GA2V5$v`lq|um&B*98+%b84C0ovbaCX`so5E`Su+b_hQ2i<gu+Q(YHf)PKG
z%@S>E%Z?S~GKf`a8HUzv2=xPgm&EKj^qS)&aO0eXE>#ETSP0+O%&JldXkUb6*HL8e
z#b2n#te^N6lihPqvqDXfIv}dy9U~T(b#m%%qc<tb!{R!Qxm6Jj8$!xirce|(6E?Gy
zh~r@ladI19(p)m*OY(7eZg3p{GgqKmj7|EjYIvR6xEnQo!~m-$OSxY*M+D9>p^r|d
zL2Lr#3YC>l?w%Uwo+}BSg`PnhTD73m!E@~AOgc8YMcKztR0zuoq>681u|@DxTTu-k
z^LI;?)yXYIx|oUp9*(ehcxH|A-*vPhb!rhuK)|k2K~8lM^4w&!lB!r_jn0zzVcgQJ
zezl~@jnJl0|GZisKPQ1lD?2y8VCPySP8ppEMJZl|-yWO}_ax&hH>Rp~IOwL7n@kEF
z-4leF&z`nbjD)a!=C3|(@kqF1E^4wI>|tyga~N_cw0RseJ{Y6YWL1I6`VR7l*r>oU
z=3JuJYR1XrP@DOk)n0U2vI`WDOA{n8)+y#y2gurzMD>2icVdLo;Af?&nU*|((k5oU
z%En6dDfV`i4J?Xm`7(EGVW_CotE_V0zB=(!nn}_F(MZ_!mU$qv<T<nCUsW6Vn#1LB
zgy`S@2BhTO3@2*pc-qba)t9U^Z71n|d1RvTEIf(O{p1Km5o?f-lqs@uFraYVRSzJb
zE#)gPv<BMfTU_zcC>CwV&5B0%Ct_v*voXP)F<~S{QKt&Ac|55Hp4!u}$Di7gR71Wr
z%hpM&Y*Da4N32(Dqe1j!OHIvIOjv<Nh6I5S1Ye{fJBcVBSg+4w3Q;{}w_n{T8ybIP
zn4@ahVu>7(F6XFqrb-y6a7H5EOaFUm%8vo)SXwE2q&kG-%~%)@gi?(0AUSeOkYYB6
z8LMMGH=b*K#*yGnF&-R=$!i)3o|A-A$8Dh%Z6Bb;c<!-2C6z^|(7t^;Pk0q3mF3Hv
zW;u4dI%#NIDTU><r#lH_)%QiU==O1RVf;`XNeoK^4&+sHef|)ip*#Vg5^>mI0jUoG
zx_x`F03I)QCuU^;0LqNTJizC|(-#y--x(Pes3$TLXv3C-BXBT&2^*M)RLBDCMFbZ(
zLCDq+97<B|(bg7%D%O<+57b?-zqi$CPsKZa6GGOH(rxh8LRg@R6H+EPq43$G^q_W`
zUE$P^C<q+mZ<v=bf-wz|oQ4%RP>bjW64QSqfSW=F(jp851$lhiH^O0Uo2sd-&|@_u
zb*GqY5AM?3&HW(05c^95KmZZa>k>Nv1VqHNmtIW0k8MmZ0bIaw!~X4S@3r9p6d;1J
z@FOovE)<aUGRN~(w-4a?x<;G=5C^RU0$~5;^f&<6<<W8RlP7wrJiKFWVR_h=gqu&$
z<_w*ghQmo?LY}<a`9+X~_Oa8KU=nbsY<|uKs7(ayuFl1XeO>4819~R!GhPG-<3^4?
zA^wILh5F`wGWXy2!KJ=*<4K%&cE>HBdv*&l)mcRKuleTMb+xM_s+jjKSMftnq;BCV
zn`j$6028HBq~vxAJQ0p(i?#{htkeHOd6#_Hq^YV;JSeNl`T><{cbQZ}s2h2{G*iDt
zENAbNaItkmJcE&<eZUHK1&ZrA1?Z8dqxKH6{PIv_#lSJ~uX=z9wVoO=wpNf=A(u)+
z)i(EY#sE58O~joro96O-nglp59AG0`bS%5hh1hLw2*%s+Os-TpK-OLFE9JV4yM|vv
zhb*NcP-`WVuK{5kgBmmYuD8RYaL07K_Pn{zeye+XQF64w25fCfdOH3xIAj75FzKPE
zDppe}*{OHdIE0GC)h}6&l<m@{zIYR7J>s6x2yT0r<aRH{zAJV4X$3KEi%%JHzY3gP
z&s+I-Mb-v#M%jPgKF(25lRYVR^Q~%SjhPpEtLLd}h59kgqh=F0Eh^kD#v#W>|1vv_
zgjvYt!uy9d20lvRgG%Zxwu)M}(YuP4x&dP{ZHyhARzo{jCDLH<O4^beXz`0L&?Rvn
z^-Dw)(d82c#a=kgy-rk;_OmN9+NA9xG`E#z8Gh|j``rj#^SdcHS7+AK3yAU{-k*&w
z{)98Fpj067Q7QJIwOHKn@G-Aq{p^h#1ycffAd~k?DNC#*^}`-${|%R<p6p_L9nW%&
zG5Np&Yb@7@_%lr6<o8=9dy(X&b=pd?hPF?4H;Pb|8H;>D;Q|^0(#EkGNxz=@Ha!De
zXc=B^paRIJCGsrh7BTnyK&?-i!~#1H2@g{8`*mkw#ra=h*fI>m0Jw+7pVd&-TQ!g{
z)l^FCbyTI4-iqzSRG9K>NrzneOE9pz+y;f&jZB$k)ya@D5UeZ|s@jX+0`P@a)w=ey
zM5Z0~tAnTyEACybGMsi!gF_w3QCfldaL4I-JS^LdwKo(iyqz=UFU=w!|D-1w9H9-A
z8OPea-a-=WQ;1zA9b1<re3p3;R0G7|ag?*st#{O(0GKk5g!)}v7axMXqxYk428ujk
zeLasaGykX5E>&vo+WmK(q5Vs;l}OnuGnfxV$05!Ue{1w>C62GuJYH7}RrY`t{b`Px
z-HQC@MnxX)<2|9~C!S(-OUrCb^7m<7O^)|0>8tnR)6Zk0wS@}d`Pvr-Z?iM5M4dIs
zcI5QdYF?rx2d{=KI`#6`#<6%ibNFDa;~;P;8I{-CLni=(Lm$fd1tfuVSt_u0aTKK;
z+Sb<g;u+r0077(Y`Kl>;SavD(4c+`yY6@cAIwXW^4j+`jE6>!dQaYGK{A#ngQgiOS
z2#fSk&?{a;!$)a8&3&-X|Mhxob>IB6j<RefH%I*SS|k?o7VxYx;xE=(HxBNl<aZwS
zUK0+s{CpB8wA>jU?z{YKi}qaDhB?%2(A2g(qV8VOs|~pbVV#2miNIT-L+TeM1Q{5y
zIPWXn{-jE)bFa1O^%_@7KAp||t?a~JE`(W3&wRaG-PwG2!dq%n`B@cFDb?Z=j^tf}
zpQ#uPanU%UNGa|}#X`}>{JRwttI|F+aG)X7oUE6G`!L5WE;D<_ZJ+;FcZ(7LMfVF#
zZEF(KQez5@)iw-WMH&wlZm;6}1K_&3_sVHf&+%8ttoW&8k2j|GzzP5{(Hj8f<Fl{o
z`Mja=o5~j*Rn=C@IJ>|R^oLGxWxV=KX%AZ;8mY$VZ{^}&*ain+zkl1EYF-z)ysNhq
zmF(EiSt_^49@_ycT$Pi8saiNo+|@i0YCPE7%!v$*){QR{u}>r-`@WmSp`y5V^w#z+
zacw-(FosY1EP>h!3E#1sfz6dP(yWY9>)^=9t8dLXpm|*!87>i@y%fgKHut}R)E$^M
z#*$UiD1_ZLS@G@v9wtS`d#)>psJ)inUg6vj`T<g74<-S<ZTntl!5ZkMUK5Zb03X)*
zV~U6HhDLE{lb-=}v#H{kXVwl!AQ*P{x7a8sFCDr;X2Lz$uG#XZCS!`4Pl3Y-`$=4d
z3H%@8$hJp9*K;|K9RJ;N0;YM-5{GyAm$=to;lAk5JD{jS4(5A>x~Ck(8Uw=9jJWaF
zjbFOu#v!lx!ZwXZUN%NLQX*M@TMdMj16Seal>+QTS06Aueec>#ZZB{5MafP*6!dQ%
zAwtj=#i-q2ycXZoL*y|;H)OCC{P(V;s)Fseem`YNqqv@Kr(DRdM;1qL*+WeaPQ~E<
z)jliksRlUbwv^=@n-hdt!9w)+fNZqVJ@&+({AIn4t=p3H3y!|bBBLxW*)kUibm%c`
zCEcf0J?SOt+VK!w=AV42>^9|8DhOP=(uzz@>)#B8Z9OomT0QWkHydbt36IRC2pf^|
zab0{$(pp@{)Of4TxJWs>O%<y_2XmuyF?rBaObs4$3_SbVe-O-dXK1@LbQAyWwo=>?
z>$h~c98{$5LfCbIrTb_<zI~-V++u#b@-!Rf3HB+NW>(5KaEb#Lfd_LVDF*kFP4goL
zRcX&Wp%|pR^@L!(RKD~*BhJd;UeyeVzF5&u!UaK!{RH6{ZCcNzmFD5SRW~8SCUfI}
zk63JX^RxAB!J}=82|E>S+lhU#^<3@q*Oa^yy^I5*xr1I$<?>{zR>j+JkXnyvY-37c
zOny>h`}<MC_Lg63L;0a{<*`SxIBYZ1jShxHXKPy7NQcdG<^k=#Cs%Jr`3HjXv}Ly)
zFO>}@`KPg39kCB2qYs;T5pc-U&B9#0k&gwi(eNd~t3$kV-L|w+!bfM5V*s}2A8F0B
zgzkeK;K*)embD_{hIO_$f>FM>QXSC*PPdngagS6SLk7Z?(ed;i%wO$*aizdhUyD!w
zqkG|WBA1Kx&^X@;!q*%iG-G**eYrExm`Visd@Vm9`<Pi?OKn1+RR>RruXj{04?=g}
z$;VF5)vPgs%X!=DZrga!b&LM(z7c|{mlF|v-CIl9LS#ZpAa5!OAa5)Spy<JSqsWn&
zpMeCkDS-r|Ie{e5eo!blo`x&fK?I}3K~Go7LLqU`2Xi-b%fbyIY5d&Ov-<exmgxy^
z_!ylN8}aiXVcZOSOS`*&R`g`+QHxBdu?^7o@v#Z2?p-Y}Y8~_B;n@}&=75_9HiIDI
zZ93OMA3FpT2{mG)RC-I8SpYI=)WCK>5gvg~rT{!XZx5&QGnub|Jbr(a`(A-T&xDUU
z3bzZ+{c~kujaIN1zmz?-_jP%B4HNxnhgCX;=Q^G1X8Q9wDU&1h$&Kg?9YU`obp_jg
z8p<KXuD?2quY?_0(sFr>k3Lk4tWvd=z)c?!ZsWh9+*Z1(&jJhBF~;DfooOWHnX_SI
zQF4!qS0oc7YZBDM!6G8#5{}MW!11z+mYtnL$vst)9c8Odo2QC48$w&sKt5AqaCK5_
zS_6m2z@?;Tahkg|`YZg)*f-Vdxr4NWpp{-kSydC@r`7Uym5DAes1)Ocv~;+k#|<gh
z$|jVXlo-aTb*ARnRkB)l!NcmKATaD5A!P?gVa!Xpt5xU6l6pA(s_PIL+S>%ui|*;>
z<$mk_sS$ERmZ+Ar)WfK>;>KtW^u$+VkgF4R1b2>`-X&PKQY%P=S%}OikhCkBtqQXr
za3;PZ^d|rFiGCsP3NpP;35DM%gI--sv7+weJo-=~SuJCP(+tl|e%oQl7R#fiHKENX
z7lJ3G5X!n@msE*<Ad<8mm5O>E0dWA4=$f{EuDRG}cCR*H<W;m+?b;&RUa7B>Ee73M
zhM)L+=S>rc>^sp&kHW3bU{&a73ge6L(y{}>o2&{dpgxo^n7Ci;juTU*;E|eQXINEV
zVrhhUxCudy9pvhPG!LuN@B<-^x6?lxmENj^;z#Wt8?pDwEdxebst7CFnQ3qIutWDH
z%LX+S4#F#ma;>Jm6e*HlO(6Eq;4|mJcTSjToS@OM*T!&jj}%44<+hXz-{P)v5v?$>
z#XEQARr0=ykSzj<3X=M$cR$xiI#a*wQ*Obh5#qNVgFlF304Sw}lrQ32V_x)cVzmXB
z#kvOYk}Z8ASu28S9$qxXXriB~oBfJbSi4KkMT_MKR_BL?f*1QBhN2H03THtoqG+3Z
ziqeO(4-HtcD9oIA7kIi*`5(<qLK8=CbGjBmEqBw(G=@5;oLz+;p{LQ~-4%T~#s&9k
zy-<-?D1b#nU0n#faPKWF6I_rKt!m$507ByXvy#zn^s$j;AST2O(2OS$NOys9C`3Qq
zOQs~Y$W5pPct@YdxS$$dm0@Ykn}#6oRMfm{FpP;SLu@x*ppCGUi%o?YoYQySmQXCe
z=lh<tnmXV*O#>gjYw>19YO-~k;hiu8o~O?}?-9yz-H=#vI=2YG3GllPxwiPtab_W&
zk$&r2y2DHH__Qk(*q5|t_BaiM?F}uPi86<~w}BTuBaL1_g-JrHe5Tfs^rgxuN&EFM
z7qP5w7c74q#GfVNF}#C+=47!E7*{1H5)nt>w4mU<6j4$<-2Xt2#92&4HDW6kjcTG6
z@&(~X{<K)W2)bYa&X)tz8>ZFMs(f1a0NX7S=7%)m`?@geq@e(DTk++l!B;(9R!d&g
z0U_^3ueJCnT=#&IkpkI76YRETq}Dp~qW)7|4Few|6l(&#o~CQd6bxO5;^sZo`~0fy
zYB8h*X{F@k=?BLXjRgGBYpuV}6d5VyjhPhl=lSxg`mm+opKEmUY@b5RmtfP6uah<b
z1IQ_uyvXQaQyEm|xp+{sQjn(ob==@Ven^lIYwaV4Xz0;(Go2QK)9q%546TkR%IesH
zK_$Bd?PPc%LBY|RYX{HL-^cA6+2{Yt>go`9`HicKSNmH~SoM1DG012O6jH-ulGz=E
zh?cz$b1lV&?>m@?;SUBetBjB+@y9O(*Fu=Z)z7fh(~n7`>ZSyweKd~!s#e6mqo_)Q
z-CM&_WA1nG7wTkSt13zkN@%lp9&qmhzAsT_U#+3z-`J)Mgyi`z3fBM;=R$aNncTW4
z8_vLbK5*X^&(@ekni;c3d%gJ0N6gH#-A+PTZ)>J?{RDb(iC7Lk_Nb)sbwliH$Mgnx
zwkuNR?NH*8>rH-l6-Y`_oS(u^M1u^p4zT@xH?i6ISMRv`R0H|Cofw<NvpmVM`@}f~
z2@e#4PLN*Fe3s9m@Y4LffAMQ8*i#;58r;{B%e#%t{Zvx}>Q8!|=wDNg@_8Q<YCb-R
zChsTG;=@^cgC}J`shx2GfN`pihW$4BWQ^4rY09e1V&zwr@9`szYWLD2Hi^1XTz-}F
zi5+3|CJJvFIV~jTsBuMSPX?}@fgOoDI-4BdmIJ}7o;E`)M*Xa=kHq>TvKc})6HPp8
zqH!Ux#lH7!@{%OEySSq5wbhkvv^73T>||J-`1vIyCGLE@@kp%`Hw0ucOkFoX`c|Bn
z;KTf)-K<i5cbpQx&ijgxVWuX3`I+rmhXRa0p&SO{zFg|Rt!?7zL1kX4@tw;>`u$dg
zU5^2Yo2WkpYllR9E0Pj>Q&O5bA8;D)lduo9v;tI$^Mik0u2+qNZ($=7S&0a&aoc50
zFcD)J$_>IRd}aVR&tAKwcdT2YU8=}=mCR6z&uS#Ytvhg(eip+-W}Fje)E%8nXgI{r
zEe7=Ri;I%olRn60KzCr@&{{tHN%^`wmrzd87Vf_s*(Y2xblUF?h_5}^N38b~;pH6V
z-^dA(n!d!SV9%7h*#Hk6^?k&fLh_17y~WF+<Cb8>S9|<69OD>z{oc>oVOB_F4|JLd
z5?Xq@Ki&X!S_c@&FzP6=TYZ#U#8744Wj#03qAK0^n$P&tmeDnz@JXJkHcE4UWtwpa
zRF@>#yx*UsNtTRm)2V%BKD-UYFhTmoF$al+be>ZA3<Nn>zJ7tdzPjj9jgKIeM8cSZ
zFp<fOUb+K!WxOqG)}LK|(Fp@!@T?2oRbL*opCSJ?i4HTRVS|bOYT4fOxZTU5-42A_
zVamC8=Z>GhSCdyOJFKj2xe=>DJ~7|e>_~`~+(s8WZM=GHfDidOq2*tqLv+~gy?3Qm
z);Ak*le85rFqMUK05h$70K|Z@NVslL7CgxjrH&qmV3axQwjq}24jTMRA>kl=&a^CB
z*DugbIb-$Idmsnq@V9dGGy!^~edu_Q?%(W<eY*3!@;#U}Hf;==%E)?hji6f|Yr7jV
zxc1?lim`Q~f=RUmbT35x0^sMQegT6*!OBr{P5eOblnuuRZN09J>+A4FwYhVHJFWAZ
z_U-1<B-fq2z478?S@?`ft*m6Q%f07u&zue<rmmN#g}}Hlzam0+5FNWqVM&kCWwnr=
zRJfmS{S=OoIjI%+@m}iU)#1lED%bORa^lAgR0b>btJcO_hLx~{PyV_zDUn^6+_l80
zjGoltjM1N#9<i`qOI@S8%KW@YuORUc5LrXK#9PpQHt$^5V8daFzdD%y;+E}U7VM#C
zHKJl#9sCZOmHgDCEPYeBbflUrCrY0hiCh51EP3zz>wza}XyC@^8S;}GiF?ZDVwZ<a
z&EbkxGT#gSRG%V3Dx(S!ldR9IKxF8x=Gi?MdJH)9CkHPG=nE%LS_K9tr=wq`XU8!G
z!^Mhd*cjnKMy-E`PpQBE{a($79i=GH4LiE1ScZ}L)3zrE@i0Qp6hXk7RT=+h!HL!o
zgQs4(gDOyw0R=irmrkEbpfQRX;ZC|J`mgeDOSbUr#Zk5}T1u5UiiScd1Nk21pI&PN
z<$rp6`ON<d{4eHFmV-j6CH9{c{6Bf|ewCk*QYa0PRi=wBvi>s}$G^A}0QQ4bZ=mH+
zp<A(&9LNu)zlv=+UXgAdZ-Q-vWvW5e<=Z5UH4asZWrET5jb&PUb&O?-Miyu8rxM4?
zK+bvk$7o@s7RMTbDl#Bw`tR6x3(E+NG}fB}mo!#e{GUm^U-)sz;*ZGxS?~<|pUFf2
z+2=x*F4Zc|EYl?8NV8NcUbB?@yGhRd_yV7D5c{ugbC1D)pk1ii!wx6%k^h1I3ucz7
zvyAc|rv6KSn?L(M*DFxY9Ce17nuhd0<GoP-Kj?Z}8D|r@Jq#k5+8(#?_H^|tYxnN3
zi=#o1L!ST_2@i#~?{uxT#a+7d7ST|4;sdgTbVNO))Y;i9Q4Io<)V*;ZzLu&rFC=-(
zjzW*Dt3XO>QT{bF2g15ronOh+(%6Ep*jgM5;~Z!XWjvN0hE-d09Lb^^$=zsUJrI^n
zDF=<p)|Zj1iwb83Ws!wDInF+obDU4(3adC(-I4)SNT-b^BL-is%jiDoj+-Q6OD!`R
zFsD9LX%u45cMV~R1$+5ZIjDUJim=5<q$sf--R#eVy<}_RBxj=Sn(#yBaXy4hGfSe~
zG1RBVNXo=0{+N<8=q^7>Xq=}mD#dj#uCIib6{`nF3h$R##xYRW<rj!F$lL?MJRBnn
z2yC*eo1ddT+F_<HN>b8;&eK`k!MaRt(s>BCGBW`_Fg*mwiYFFS*|_i*_}Gb0(S}Hi
zeMfac(L7U#(lB`+mJty0n8K+tir=_Y5EiDIt+iHySw;|$n_vBy)UcEE>RHF7^`LDG
zOLiR;4HyQSl1l?K<X!m|i~r0+J2fnN1c`@943>h9*5y!RAEv*t?uV(tuw{sg@Gq7D
z?mzW^nYiAS#<kXoG4M`@+GY_;xPYI@)e0O`@x~Ok_J1Tai{YK9j(IbN*_W=@SS~6o
z>nuxFywsUgf^CeV|2<IuBxGEVlu7iTLOUc9DSPLVm2jkIcE|Z!DJ7Y~JMq%pp_X#1
zs)Lq7@Ng_xbPgJppT|NY8P}v<*dg9DLq4zP;3y9}9fwR-jq{!!+;o6P@96Jm*ayhs
z^bBMqH@N$aVgaZCY5Dmio~CVA<j9b4i<dFeyk!m$T87jdB4StwKzYr3^^N<g5TLwE
zN(Z$mN=6?9glMA@HG5Qp*XP7!6Pn>0H~^mt5&~^<gm8qOac}PIArXC$kyntuOzXU3
z)6sOPbA56W<#XH~-H#hir`@1+VBF*d06ZQQUMI6~b7QoA+!q&vxPm?^!VcyITzShm
z^Ej1%d6NOU`nczK4rq=K#m^F!K`d5{vSL&)4>jgwo?@p3ev^eYO)`6qlis$h36vcD
zw!YCMAa^U5Q?2#+#2m47kM$2m&zqdXCGsgA>w%@vO~<V$!vOClwJi86);e5XtA`hf
z2EB#krFX=IOs3)DUqW)TF8PQ=md-9eR=rVf#}N0h8UZHC)%a{moT5X5c-af!l^&zm
z*YN`VEfk8$!L1O~2oz5Ca2{edok2vmh!*ur=Ve52uB9BPFyP&VHmCFeVdoRqdiIPV
z@5JcXEyTqGOC-LfeOtLzwP6h1#!f4C_a%C(8D7Q>YIjn0Zlz3n57~POlAx;Z9cn{6
zxr7ZkYvdE&G{2K31vk8`<$~jhI395sUNr8p7ejXgiyIp2@%?8qt!S&8s#jZQOzVz$
zL<Mv5fvCkS+FR@$9&;u>eimDLGM!UK6i9`bRPmuzr#&TCM_Tp84;}aeH2qV;!`;8J
zQ%}H3!DL*v4;tEme?g|l;Xd<++_(|%!wBQqvr?@Q+wvzN)nZab#*?ZqGOyr;p;If7
zx(tMc&;FWh)Pm*XUrz6<Y3!#R4O%xPRhK|_x%{+Koy-0+ef&pptr31aZr=SPBe7F&
zm4#9>H|qdn7rpdCb3PEIsmZ5{-gWH<?qTK%I(oBn^&(u_=nt~dHQ=hHc&HoS^N-D&
z!hGdrMT43j*9Wi;9As84?B!-|;ly!C`Z||zyuDz#c|1W_VLROV$e*|sT*-lmhmB;X
zW``ObC3Jpq2xusrS{eJY0M=dEFbK4nIYdGK!u%vv%7sdUud8LAJDoevRLe5!++3)}
zEur5PsE-rB$P|vVvM2Zzdo%8RA5m41m%)*Td}Efit~uou6cqCK{a^t6{QP!b&tvmV
z3IQHZ5AzoBc>???f_Va84-fM*{t@zmU?Af^c0N4He)TTuZZMkez_WWDK{-%)F+zbh
z=52p9q^tNldpt$)@Gy@5xOucG^nGK5POm8z-92&%>BDJXn3ERF8?Dk1KxDafS@=?%
zVyvc6DuMmO$f_M#hZFFUiBaf2nzKq(D!eLf{c&X=Abi$8bv+uuTF>fB{Hk+{NAILA
zX|6)1>r84BB`+vU;SOcaHE+|)t3oJcKe|@hb`NiKtbw`B@1^qoXy4p37B(wfvAAr0
z;6UCzkbwrxmSs<&s5;rU*}Y@?NSTv1M9M9Pk5cm2Z$b7!S*lW_lmhs7ZmOzd40Hyg
zFa<b*0AydvK^QXvS@ve4ZhkhI@6gFM{YC$vB`~RVG<Py|k_<E^1O4Hc_CEc1)CUYr
z2Ix#^pg-v%`grOG_W}xSZeDhEITKm#&0~kDs;vT1btr>$-~ApLxd$09^@(-({XsZP
zQX~r{rKgAmlN*G`uy4*+oi1VYp3+1~s|zX!`SV2}nPtvmohvhWfVODXpSI<?tuC>n
zdAk-ww5=-47;9LvekvUtYTPd0S}}<zAM8!FifHGC(n7~drCV-qqs@RrilN|Q7uUX7
z*e;4ySltB3ZJ=3JbCd>uomu_h!huyIPqh($HAqEi*+*IFU+Ow3<$vTb)Zv>_+zKk!
z)mCz$o9ChCu_hU7>3UT-lEKH?$jED_Y>UYwO?x@UsSf>Ii*&wznMQ!m90%7*#vLaE
zLOE44^rG_)e)3bjoX*h#_+KBIW~OsF4tgnP2n3_<wj;27QUUIj2P;BTzO5v-{yGe!
zg~eLZ&Or78ejYr6yjg+`D5hdo_j)|G((&{P&5?26xAg4EMl$Z{nK#&kJt};|5}-I1
z#@N`1bQ8l58|LmE+4y6JPK9$qN3-&yYA=m@RG52=sC*NKj6p&W({c*dECy0@a!@W1
ztLzZU3zcf0eq*oyDK3RpYA&dizkL`gw+J-s4Z9i9y?a0j?PsASnwU?kVP4@$R%Tnp
z;$Siw8cqQ$UF79^*MOjJiF{Xq^|8J-;aDJ&HMiztIG>|T2aQ}uCWa85!KEa@vTUh$
zEX#v*Zl9bytaE53qL3vf7Y9{y)K^}TTNqc+z-d@VX)Vj-D7ivaFfd=;=Oz8jfgUO6
z`w9dsS`Ee~Z_+Va3hdx-!)XOcX-yqT%>XvTfcCB@W3RK(RM?!&{qQfVLT^>gKQ)eS
zad2VYKI4L9oa23t=QaaDKlR-nepH=!h0Q%`%<AmJ=hGM{CYnT28?mBGwQM{|9Ak@4
zt96^$O!ShkqyEMr49((Rxd67}91~6xy~3AMo8(A-V@2kKvf%DJ#YlX1Jx+3taHnVy
zzK&CUfD%ykUkf<&56124NqHOZAlEruoRg0WIupF(Q6Br`UNvRwyMqhzQRMwmHF@#o
z{`?1zB-C02jpS1Pxu84^!rfgPIJbTb6!Bt9*8E~aakx#Zc~d=3h&N}sn%aln=`LLI
zvNvMyOt<+fHRCFirGsIarym(gmVdTM>aJC7w*rgVInOQyHluiY@6V?GkW3%NQ(*Ek
zI%8Nx{P#6WCKZv548faKndlwqLQbeDmGKAK9T<`32}hYNx={#j2-za4iaqgEnAtQ=
zxQSZ5n@`MS8LkC^&cX<J=}rU#IXCwdQZ`=5?b^~+y*HOjS0t2t9XK7U*nH?KPr5w3
zT%1}c0A3DO=Vv<d)E2(KgAwrNf>4syeD|f!93J=Ie#6qowG_5MIwS=f#mE&ml-}8c
zy^#ySslnK5DJ4KHz_z~mc2YI(R*;H5LcYB(_dL_FRudvHa8!#6rEY^p%bA14C<xFV
z<OIuiVjTjzyd*uMlwF{GYC{nr-j2s2Dj;qdr_In!lJ8Rcdj-P%8u5DtY1G-HO+rL3
zV}gQ0TDg$vF+F%S{7qybUM95cZO2D5i>`2J;$xC1!^H0pLEUL2zi>@$4ZhA?&v1WE
z(oSrZ@ybk(9&TPuJw49JXJ;Pzv|Lgrt~cCxe}<9EXZRGOQDpDK`Zh$z3*dhH`glAX
zI!qJDKA|CP3*5sRJU~;#w<+zha4eS7(Q`_enq#0^qki(J6&5~-+NqQrYv;@;q^Rg=
z{)<Ic5?iF$EK-6ikltP+zG9qcUoUc(UCbym_PM<hrC*KpyVw6Qm#pOE)T)8kePa~|
zlA=b=udR;h_KJyUr&@Z8v7tI=4;-Ue)4n@Ns>;Y?bjqlrKc;}HreOc;;qXl}xxW~d
zf-@Ua^emA^0UFj-g1e2J$5^@(Vn*$yXQ?fRT12Mi3>28js=!w!6=5>xPlkMMs4_%8
z#)EcwW)ao0bK!Gnt$n`0TJ~g6J~5@=r0Q}gRElH)vSJR+FLK(95X1qF{n-wIX4<`#
zqjip%0nx(0^iOfbWff>(uGwGXjE@Z~B%>FzwOQF|v@M)uDia)A%|PkV{344dY$=Y2
z3-0(>?b7ypLPni$Na1jsKd_)@T$F9OLLB}W=&Pl_&LHoonSse=C*bNrrPHY+UlFUS
z75NKt#C)7LsumT*og&?yZGdkhTSFz)*=UJND=v7=D{^ob5Rbr}vc|}}#lykipcwlO
zb4s|l#%Wr;di0uEdvHm#aySiNcI_4k3zcZ5qjzPR{8``SEcJ>PT5R3*hMH0;19j83
z9ZnY=XYLp4L*>!5Znj%dQ4(~umKm7kA>bZO262t^;tIuA%?ND685a)}YdQbntPagA
z<hG9Aw~>$2{jekJisoqAA&dQX$51%WFIx(m>V4l}&tqufB@VKfQoxe6N8)xj4#RA&
zP&!wK^LtPQ-V(PHIVa)HOXe-+`2jJjUXP7tQz2+<WEV3mGk-0DIEUZpt>vehupWbR
zo|8;#Jd9XUQo!aceDh*9kdjWboY0&HS5bxDNAl+{<r(mhJ*hjvx~=&i(Ho51)C}!`
z0dd=gp*?74$pQSp;{>Ck&me1viP@~^N4nSoltiN!<rQ?SKha5sS{T#6!$zrVwoBht
z&X~3XAlz9&a6DmbIJBwv>I<B}6f-u-??f>gu+P-P%lw(J0F+87U-};xV0KJyZ6U0?
zxW1VGi?+KAilm7Xgpa#3FoVP3?(XjH?hb<w?mD=;ySux)4m9rW&fswU%yYZ3w;S*K
z;UexsW@VRA9hH?qSN`&!`M+79LtvIC%fm;;n|ML<9lk1I42VKV=2_&&)OA{0e3sG)
z6{yu12{UIkvHmQ~9k0-kpcxG(vyi<7d`bM_WmVx41G}4#?P*Z*5iHOlrf*rl!-zu*
zGga)c4DzY_c(zvyB^4*9@CJD-Y(NnHGTR&W5_<$pTVXE>3!yw>3!(XZEcjOcEWSMC
zVG=45VBfubtCW4RuUcEewlnj<45+d6ys4<p<1tRiblal#wLEA7r(fqdm?be=+;E*7
zv+<O^b>Wb<Wnt&%=0)VK^2xiq80cZu@s8wFWFBG1xlhjzinR!0yvOm;Y5%VD2Rp9_
z@+(d|6H{(6vGX|Fv=+L5?YFOIgvVN}G@*@<t&Xy1aCl#nzfT8%jmz+ib-KQ1S23Oz
zbbmnP6RRr4^nu>T@3V}?=hgi91!D9Q7f;A`zcC2ep!lvNMkp16Vip+Ql6A0Ba4(TI
zSABohK6D+GOezzR1-}g0Q5@aS6#;FqjDjn|rzOTgEP`wVA(0Lnu93^{E@X-}7Ira!
z$9WY04W?voZHZ`3+@f-Jp|Ls%I3uDqB(W?r$xn#;(%|TQa;s7|evAzlpJ%1ZprGeu
zJGWtVZP%Oub3~WmB^-3oqeFZ_(iSM9p>No{MhLQvSe{W9%=ljHtC8N~jacFtbw^=r
zdlt;m|74fgb7pVwjaVb!uyar!h`u}!eWE_(B?D6_GGcTovZy!3sjwpO&M6>DEQAhs
zendp&VKKj7M`d4dxquhYfz7et3Hs-3TszYbg|hKv>3B*&Vvu+x-$1|{rF#^U#h3P4
zV{q?yvc6|A=a=V7G$YL+<E{q(aP!c>byu?u!-zHtF3{K+B`~S9zgNJB{$ZadS5}U`
zp?OUK(me2a@bD+6>meG9QdM2-<tu<YK2)9H3&n;;Tx-8}Dn&Ke4@nQzk(A~pC_qNl
zaL7Khiv_2aQgXAw#JT8ba&#5FivDUL13kOX6b7Q0s2d*pUM9I>CpJMh7pjJA$67OT
zOfe2<Wvwr@WOuMsN<kuwO{IJD*V(%GW(!cf&XJXhXO61@74Anqqa_9OIoaI3qysR+
zvsc9o_Oa(cY@}RX2;Ou>NZ#m&MHyy<Mx_@M6TqyhD}}6!$+B4XVj0VnQO{m99L8C?
z@fICr<JXoi>8I&JvPN;%%JqLpQcG_gE<DP~gcg0OB{!)W>DN~HI@L<sU_I?|33FG*
zK^J$2(_wV4Pj53k&=xE>`boZK!8nXyk<DC)q`ux3UqpeFybLHLyfy9-NmyFrxQ(<l
zlM7kiu<6P;a1xphFPFq1@<!$$^2XL6x;(9s1+2Rm(iR6S;CG}uS#ae*EGb0<T6{OL
zr<Zj>%k$<4pZ$26at=jJKW7n2z!kS>zk`u=CCuYBKufHs;pJXzjH&asSslT*uu=DH
zjItZ1HYqlo<}Y*vu{p^pXPkO+a{sY@LML-ziG?_?Tb;>B8_PrP%7H`h9O@ii#x^EJ
z!{Ty#lLz<6uEY8|XQr){8>n5+`wh9yy#-IFHgHeUaZQe4Xs}m2h-0Gp7{mbIOU5j)
ztF=+Qr<?z%5qDPEClLL%F6}Lms^WX>6fS(lK{UAJZBxb4Dvxn(eecysT+g4>#L1Hv
zO<9jG5=BE-YVZn+kBWqx#E=?)!dz74Gf5^btCfl>Ks1y4?S`l3$aK^_k%mWE`-nNm
z{BLIXsi;b!oz^Uj`u|+x;(hGph&Pd;0|pCh+c@)WS3E`592;ppV=T0zn-5TlSCfJ3
zegCc#|7Sx>w1u|VT=P0tzAfiJ+uRqPR9BNrQVQ%R{mF!l*U2QuK;Y9=4rmcf9_A&q
zn-*i%XeRe$0ZFRumWKGYigu~0QKW7p`qe9iN!}}U+A&~ldoig?)DCjs<xyk9B3-Xd
z4(c3zmB;nWF@79^Dw%HX@~CD()toN?4r?`HN}-Yk4ED~+-*sG}Q*+XDd9WA!@r8q}
z_8%N@e~8Qirm0HVwtWZY9ZJg74mvSIVvadBzRCP#%d6so96A07iDa4L;3$HW8jEL2
ziq1}njKaX;Wae~~!uI!Ear+H|QPA6;?FZVBFH4SRS;(12k80LV!eGudCix*Y<(l4s
zd|O;Pbcox9J@v3IIuB-nZ;sVNK%ObHO=FBPl-3c{>naW}<az92|GBM;jLoS~cOv+h
z${L4p|Kr>Xg`40Fj*DQFA4)(an}41ruLDvDMlE9sjZ2FV!cQgR{v8oiFBzS%)CJi8
zQ&xTjfh8ue3PPSx?Ww`?RILMwRDLjTz{en7x~JUhUE{RppwJp=6=l$gR{jL~ZjUuV
zFL+2zwM8^a6ROmSaOzKVLmS+M-=@yV4L-qWsp~F!1yd2UIk0;?N^vUH1_Ne=5vN!5
z9mWK4wwj4iOo9MyT5uLAV3|5m8<ZPnKL@w$@-Cg@GJH{xkeU%U^;a3{PAoZIL2e}C
zRcfLzFN#cAv~F$hQWiHa6|i6IbYl*JV{vL0BSS5Q5eKr}(jeQ6VpIQpt!psJWjIk5
zc4ak+yg|{>c*7)0gNgmS4aum!_R2cdPn!V1kQ|lTj4e);gOOa}62yArP*|`kFjB>n
z;l#0A<mIZo3DDQ^E{QqGQa`tSN>ndW(6LaSI*<og8^yv|{o4F}mkr{??r2T^#|kdO
znpT>d^0J)vkP6e&7O!skjJ|gHY@eh2eMmvJFeiJN5(Aud(Yy(V-E=QU%zr&9&9Q|0
zH~4B;O8E$Hl<u=!r3%I!3(<Msuq5kMuOfqO<U+P_7Czy$W&A0Zzp&RA$Sm@s38XaF
zVHmOv_xh%=LR2EWD$e>Qi$ccaQZW)G<|Wo|CepaSH*a-3opeS*Nt+H^+8IUmh`8FS
z9(Vu_uBZE*ix$)fICE;>xbmwQOfcuvj)AW}Frb7ZoBJ7wSK-8?EvSLT|CYUXzJN6M
z8(cD^zH;QZEBS8jaXfTTA2~Rxc723<thRqe00ebC?9)OG=-52wG(7n|hrdp$;!^U-
zw%!lxy`VdyL*Js66r%n)AYl^@2=rgNMfEhQ9Kp+fKg93|qJ<v79VN$2i3g-emj<Q`
zAbX1A@3<u|WD9c;r6I{q65zV;jud%DX&*w5tzpmIC&IS(442S}r!Bq%RaSbwETyw_
z{{~WNwm_b|)w$m(Gkz|(RTQDeS}v4;DxxwkaM^nh>DDBO$ob$%rDv-E?w1}?hHtAN
zT=Ftu8MrE{Ii*)h!~mKX*rgy$VYRXVz3Q14f~$0#emW1&3Swb*>ss~I3S`!7X<->2
zU_Pi<8c6&{s0o<xzSZfyk0`m(Emq`U_M)8uUSl+B_!cV&7>&AKG-|qi2R$C@^t>z8
z3C;j5(Hb@QLmm%R#ETU%52wamFN%BWnl&HB%+Eu5rFCDe&V#Xmt=hA38_D0cjaR&p
zHU@XDnaA>P>-YF?i}<%$Ttu~<pjb`T2JZ2<QH;Uvky>*E9*@BIM<}XGK|B(8op}GA
z(lc)u_~qz<nGf)SZSi`5rKZlsEi2)LP!XX5YAcXIt<Qz*>QYd`jgPW-T}5y|wRh#v
z_IxN1)^}xN^@U}OCOoV2aO{r!;p)-{)Q)_lnB@}#gu&$#!k=6gIV$JQvus8s;D}s5
zxsLJc<^|84QMmCUvHq4AcISc1<FG6wqmsbu6kk?g;h!_I{uF({0@gt`U>$T8(KZ~V
z$*-C{+W^+gkZ-oZ#$t^a(YV0Pw!!}`dv*WkNP;@*e=exIrH;BB8<_C_eqLqrSp!}@
z{-P4W7;mdXR8Chd{bGf4w!Us|z`iSqtHJB}%TT=$!pLd;fh)<3Ww|wjnoYq=2=sc2
zNx}`S8)7Ex*vt(phLCq;WC-kvv8f<o4F##Rj#)p<qBLb`#CI6fO?KmrAxD=RC^G%2
z$sY=SqBAR<Y>m%0#-%xedZ67Ujm`Vgon%&)VYQA`X@tOTB0~V*X~$N(J#qQ7BRwb4
zmgtm10CV~^)~13Tm<l~y`*+T4K^TGAias3xnP22;`O=}S3;Y)fO87GLcf57zO`M?=
ziURBM$;V>!3NF)jMJrZ$yIfJqnrSf747A?rvGk*Hw>1OtkGsk`T1j?GZhv>-#vmBI
zuU&&`_=i20cve@3CYu5&+joVcGeHwzM$|&dAN-`!gv<cAV#<|$5lL_QCyxOv!+x~1
z9$B4I2!-;l9*J#jB|_Nr!XVPk5${Ml)-i^xSV{M5u+1gT615RT+J`-opI9qtOoVT3
z&j~LIsRf`xTAAogYh<o%?c%en;K39yrMnLtYwHH$h)eN${xAa(y*&0qulhf*^yUX=
zXWXISf(u(n`|=S~q|`J}I=aV0#Fx&LwnfDbkA-qcW(S}Sn}VgJRnDj3zCeTeiCJt^
zdErWc2~z93%LrX~W}=Fuj<&=vR=d53#cLz}%<ZuEvJnouSB%o-gwQe1{k_t_(Qh@D
z;<9ez#%0GDu}3)Ju6v_$vQo_$foU%@lB!9+pKlk1X`NBH$1TGwd2SpKts$r!V4u36
zNl-8)viD}#aQ%*NX@YM)Se{mN5DeOUqFs;3Mb}rc{$82x6Xqm2=1DZ4d1*Lc^LoLQ
z2sW%%TDFNNSdBviF}C7#|A|!dd3|?&OdlG`pE>=pH^PsrH?tGEMeu%bY<?HRj|-d^
z=i?f{uHW6|@j%S`@(it3Z3pP_;d}G%e3?TZotxADaGhnb4ifk)r_^3?fAI)(+SqT3
z>r>kbygTL{T(J7cFPTaJ@Pn??Q_5vdqrV#>svqOvQ@|-S@6XIdp=9hnk4XjxavqRV
z%7-TeH3Zo}yww&~FhSStnM7gf#ieESSGHfu<MTEej+d(5Og6=Ay`*{CE?f?m71-32
zOs@|brhE>etvt{5Q;ZNYaf6Ab(g_DEhQO0>{N@RzOPUmh7umF9N>@PD=o_x1vv&}_
z^(>d-G7LHPC=f#RBbaP7!-T;5qBYdu^UI6kItit1N;?|M(D5;DlA<8VmTlqGN71uw
z;`XwRgEOL-w{z+360~7T;0il6ee2!{&ROH6gGOBs_{*Bw`}+QmS$WMxxt#^FnV!W*
z)ynx<1#%hH`wqfeL(qPHEcUlImbLx2Xw1Y0i{8&9?CUd?73-nL5Y9<>#F9IxvdQhm
z@Ga&u3#^#ro4?s`Sh53ezA3KgMC+${fobQ_hDFicw>c(!+C7g!<|X!gQy#5h;CkD)
z3fjHM640i);rd0w4>kUslxYZAQ1lVFhMg1Qnp0`jc{KNXxH#kS!Dz(n?fu~%(FNL-
zY>GQXlZ}8V&=N~kN9#(^i46>hWGN7j0xiGd%+$B&%x&k0QBSQWKR}y6co;q}mDQF5
zvFHYj0&*(~@k;=6+}%0VKxAvi&q|GiSIV3+%yJ&sGe&OX<aETlJi!X%@uXLqEM(OS
znR3@NuQ$x94DMPNf?#!Mx@Im>Z{LrX+uhrVqkmqxU2`f$!tdU{E3kp40@6#I+W>i^
zrwy;m1<%(TsJ$MLGhyvDLS2zDn`$+3J5JLGP`Ht)wi_i~(I}X+-z9K9U*t;OTA@dg
z1rt~kStQV4rd>~D<5^m5&<;uq$y}2MSU9JVU({N*0)kZ_poeXUYCFGoiF_X;2CRid
z@7r1(50Gf0kvO*BG<Lj?EoO3%O^`|s9+lF_z*SC#B2pRNlHc7QA@9VhHsBttdP3HG
zA6H6GWpcp|hAZ!pPo`c^EmTaRua@cIn6MH6pIn|Tn%KczJypP{Av}&h3;8*y@81SS
z?EOHtzMZ1e)O+^_9GZFpRP^3z?Os)tNq(nJ?WvlpX7kK-g6{reiFO6bCYcUU1pg)o
z8@N|)@vAJZ$V&6w+^>be%j68wG+ey23_Bojh05_-pHF(HDfR%;?xzJt&uX-9hjv3v
z)2-g<bEByKPpb1iPHaWoE5MdiCh&j%5u{w-B7XqfMbP9!wwYyslWBp%<Tnf*ZiSsg
z35JHsE#EyvQ{fW6NH&hIER@Wd#ABaoJX?I<cvVL35hXdKM<9(mZG{{tNl5$*gdNMZ
zv*%bX8PJ?d1Dy8L9zt6Eq+r8`)PaxEaGg<v@41M7>8X;({`!3~`t+QBi`e#!`KL;1
zKLjM|2p7s&EyhFCDf*^D3J<xG5swUKZ-`iuxYNC_<g_X!W<A`QRH+>&$_=Jc7*Xs)
z7`$^hk}82ryIw+~kzl=_7C}VSe8zmrb{1y$Og0o=Jc=?4jr+pb6Vl-MDr*@!_sB+^
zn%Dka^Y_H?fndms(q|P`gGmfa<k8PjZnT2TN)q|okc!q>aEEH>`o}a!96L5(e?Y`I
z8fIyA_eH>-#;)B{*N70K)<Ng`@?uP<&W3<XE0_Rr=6)x|`Cyj}g|$pkwfX*}PL}Ds
zg@(G0Axwd1r>fVec|N>C#sg(F7V69a<Wevy!R&|2k{Fc_UP6UbqPyY^Vvp<3VJlNV
z`OZTvZRIK*L_U0>M{Gb{Lr83mb(FQs>@S_Q_<AeTk0mbo2+sC+x6(udmz(Iy0XoU=
zJEZ7VT9l|H`pU&mRMboG@fpN>zMz3!A&1<y@c_A#z`Iz75M^u#1Xie7!)L+hGXD^e
z`Esi0@?s8Fs%p)rtt=lDl?A11-x6nE!ol)cU-PjKfiST<JneE{uiDMh-)~){&*Eyd
z7c@is<+&e0j=p>F$H*Ad1d9CVO<yOsC_VYX>@%=?lrMcCbR-An$JgbTJL^m@xF=TD
z^6!Zm6zPq(@}VRBU=PkZ!e>Lv)&UmOeEbgCc%nyHlrcoKEz55|#-317vcBKF(qQn{
zi@Y8GzD|(xh^eyUVyk7p_xYxI`wkug9z%1%$2(}Z-;JDXZ<lC{oFIBywDzbO;+^~E
zVNLmvi@aQa)<wDyC?JL6Ntd;$&*Yui`*D3^VnJ^@P5t|sig2-8?0RcK;M==^1@8im
zx!N-DPQ+_ftd7j8DXxShWfAQMVQ1I|G!!Pjh?F;D@tG<2LWpA>wG{Obj1<xyc_A_v
z(d<~;z9^i5W{^CFJ1FiY+nA3tm2K9P$`2_=QNQYlmo`-jqQtQR>_5wsO4~4KDHg{f
zKBQgi*u@2;a|a7EdC{8uN)!nZg{EYh$b}u%)XYAzW@H52S`LWqQ7%ArB|nHyfe}_Y
z!61`SmsFoz)|0-Y51MTDw2?j*v`!S*ElfmdTqagJ3JG~+QHBG87l<^<O!lKkv!u%g
zck&^Iuip`G9;G`wdWg<@H2ooIlfTe2-5#a9#lssL`?yxVYZIwdGziaz>~nGO6iH`|
zgaJp;p!eej=I|fT;S6ii^1)=*gq0%r5b2q3lVj;`PX;YfFKT`2hE4B@oN{AMW&MIS
zDT$A)KK@R;8c!*Iy#;(Iy*jPgSdl%17x^ID`miYd^cn9FP3fa*cHqZoH}@XMNC=_4
zP~^>gk0NtPsNn@~jZLEck^C`mvz~<$>(L0O7j0>;+vkJ@n4Nr6Aw9fqpZ3q&7V=be
zVCY62;6;O;Qf3a1%}LaKia%d9J|AIUu-+qQG1`T$_3d&`-Jc2WnbXH)T@~Da>U0oy
z`je%q!p^)@214W&Q*mg;2Gzjk9@qJLMWM&YLGH>3^Ke6`;O2Q=t5x4r@ka^4n0}Ya
z91|trOUuF|nm#qSqL>j9VrPLuo{2u>rtszgEn>ClKV@9&SHaN#vDXp;$Zojc-Ry=(
z<YCAMhKfLS7FK5`aXm$<NEO?TFcej+6|joe78%0T6>w&2=ITC?cz0CMgpq8uFP6{X
z#q(0u%Y5=Dk0GG(F|g&_DXsX--7S<;Awe>u?m*~vg!1)eexb7kQ=V+H`n`LVuC}LU
zEf0`Y+PV7ndv_}&KqXoiqe3b7ERajTo6qk!sTOmhpKwy*rM)eI^8+VddKYdkc?Qem
zts#1?HDrqcM`<bs_KDP&+5zh40tUpjUj`*1($ETOiOw@(^2ltEw!`7|4G0Sblwu-Q
zkRakN@xGRANm+h)5D4DH+Zq8L?l_A??F*Q~^pEPs%~Rk+8}Ai{nz#ik4#cHkw4;dK
z2{O3?3j~D|;w-R!Af`t26(ENoScuC8ip0du<ycZpP?s}nhFx3iSM1i=H76J!DlSu2
zLKZdlSVD?gFy3D4z11J@C2EHVwZ9R@ip37S&TGEE!X{kn`zEG;-CCSB&tTd{yqh0@
zixNlCTkEeX!Y}Jb5-z--Z%dkmr;^%U9tn%{tPTHG`5IB$(UD+47L20q!JQ1oKnG5v
z&(*^v8oW<DEOobk4V#`fPfTgTG^8I;x{x%L)vU8iMh+p77mMwYN~$P5ak!w8l-PUU
zMhFHy3|O=h89PyJwC}5S(~6nDg{qJi7HlIgiZ2CIArTEd3=NK2=Dnqxzc&mLA69m(
z=04KBi6q<m&5A_ly3NsFsLzm({U~C~k1Hq{#<leugdbMM44`n}ZD>kqTi(bNap-v~
z@zn5U$4;e>a<tExp7*&Mc{G#MPF1221YPe!hdw!<NUE6@!kS<y5gWWfOyB$c)eBi7
zSX1-$NAigaI~mU4pVNdcv+*iBQUP(j8z|U*1XceK7lO<|BpaMnkfE0=?=0jgCP#6m
z2^blse7?62bk)A9TM}J~dyGV8m&8AP*~wUX?swS+2`%f-EhrA$NxxbZ{`3pwS{6?G
zS=NKv#b%x7XCXr1xfeO!C>?9!6K6Wu|B*-&{0J{R75tPv8jfn&V@Qzt@-rSBY%*iI
z?FSQDpg{`hQ-w)YWx)e*Q1P?l&HIRc6_Fo;pS)X^ukV06Dao7B%x742Ulrr6-0Bf6
zD5nydSgLDBDmYS;zOq$440o2zfYe_4lbUJ+XJ1-ID7C6tdOR+~mLL2W8&tATcN9Q;
zOC2SzIfPwgbW08W6}Ru1Pa|=R7M0A8cuOi^D-kr!mScb>F0usklFn4R8qT+r9%7#r
zT~`CsaPNCS85iuYL<}Jx)<M27Jcw*_NdDyWEw8XB7q+splN?pAD9lqB#mjfaxRdm3
zoB$@0an@=+-_H1FxO@T}@#9>*jgyeC0XwXm*GG@F6SpLka^~wE?dwT_F3C`>;6KT&
zhydm^fZ^GdfUY9n=CAz~iJ{os)j^@VIowDo4tj689g7^WaPfMzhbdIgsdRZCSmcnN
z_oMB)0W7Gr?5ZJRl%fj=KaOWh$3FZdlTUoc7N^HsrHq&r%HHC8IC~CHt=|2>d0@c(
zB%sL9l(k;I(MtKN-OIsQj58n7M?1UCewm`CKSUg3qae4$>QytWBizXDFf&wbU0Zj9
zW)-@l=R+iY($J+Sk~Rp)<(Vh_?n<(ik4PU*xQG})K?m1vgrd>Lazbn14{j6GZh+kQ
za00T9*!feJ9ibakW{CWha8!36%f+vj|IE|T@u%aT&ZT-!$j^%PkC&d!oK}tIZ@bjE
z3mn1{I-$ZEU8oQ-eT<(ZeoM=Kf#l>d^3zD9(f9<CntcxM{Mo=3e}M?hj4ZusocNsU
zlRi}{_0N)@dp723RY4d6gCY!iQVZK{7QY^8MtMg)ep&j~t=`jn`qBO)(z+iS)rFj=
zK7r@9Dvla~<Hbc?S{qgD(jB*Y_lP!feCj2n^L5@PG}q_yO{kE8B3nP!>D+85io~Xm
zjEVN(SA~0Oz*SnR#y#fC5VvaIsme;0Z>oK9Jg$}ymDQb_A%V>oQo&dS%FHrU-L1vW
z*#J@ItHJvxwXd}wp|GWi>d-Su>Z$Z|)&cVujP2vkaKE9K%P(YlNGfnkNRsTp=;vr{
z3mF<V8V`0|#Kzd#V^SeipUWswQ_ZY!_Dvk>KtsD6;YdxhT@MDv--%BJwR*eL%ut+I
zGNuwYics9s{8)tkk%oe^lv5oR4Ky$m&Sdm*M>gd)zYsCmEvhNZ^=xNw5koQbm<8}(
z0`AzuZx_}-{N?0k&$xIggl1WxiZ)l_9LAmt`g0}njOqNnhn{$?Gf2G%Y+{z6kBV3N
zT|zgVy|)#{n%IzZ2)?bh^2O%7fEW6E3*TZqhueH25Y+bg6vR(9`(92nCd`;MqS&?I
z+#a!RF6(;*vSa2t{qT8mkcH^x&RE-O3h;j9hcut5K`w71xN9n$i(1wr$Xz|p)+gwF
zo4lGb0v1MV^jqL7GBV-2DN=wtVrmP9?=|dY+C&#Ez8#%bEJ0uGcjsgt8$*bw<oY)E
z;Y!(0+Y@abrec7+&|X{$C~-S=)TowC2A788kaoc&32RW?q8xZ39;rGhULW*-Z|Z9(
z-*w#j+C|H+Tc5bUqNe`Fim(gSfFXI*ZiC%S`s)X&OJM77#3m{Un6rjB?s&=4z{<YB
zj~o({g7kA|5SC5A7kH)w6z*)CFZ7Fr6xZW+d-o0FLJrE+jKWGZ>Yx;dc2b5{31$es
zL-6+40#)J-F&-87s{U!y`N#Ar4Z~MGWHzKfvJ1##_&xuO)U`6CY@`HPUIl#B`l)ZN
zSL`(QU5Vz}%QWXCkAG^5dc0#qszPHsps;jZf=BZ52SW6S(iy@FOp^}RT7JWbR77am
z<@GVa<|oINt`WihC&!P;988HHtomSGRI>Esr&@sQ$Zl&4K#iKw60bAY3!MImU)s@e
zV~Wm80IFjEygasIj2aVE@}x`B-UBwU$A}igDF?jpyal8dt&OFc03$tuOZ=4T$TBUq
zQ`_^fdD(8)21i289<xa>y)#Ao@XOu#+|3dM^SGKQARB2pv%T@k4rZONX+Z|qoeYav
zp!&;c5<*e-L*=_<gUnYk`s;KPdV4`AX<N>VseL7v$oO$50y7Ttk{C~lNj|`h1R!uP
z^ls&IsG;Z6t<;wz>wQFiWXAWc>u!diL)#pozL_nm5SvvAuvCKTipYvf-RJ#l^N^HN
zOn<wQaOAiLOUFky?DVXIQy3aeCFQ_21Zf**!*^*5KLX9I7n+FhrmY=0e=?7LdqC+n
z%i7QrXbgY7d$R9HMs4FvHkTSTOX2^>4igd>^H80%Y27muvxBYgZ#25#nnv335)_TT
zt11{vD-5qEoT%p>x~V0En8K1DyTo%S<lxhrjSR1<?;+2mWu|aj=2dOqyw))&qb!d+
z#c+?YP=!gyJZ3N*T3Oj6w;K<34EL(TBp3JPeAE8LOu^{&YiU2irDSXa18F)NF?(Qu
zV8QbB<~lU(<K*#B9k^R(_T$I<@gw;x*a-eAfp4lRwA;ttRm{ik+l9rx!zDA=l-A(c
z;z(of;tRV=TjPhMt@l~Zex>%uwxOma^KEZ1zd^SfxRC#4B8Vo}^Q2T^x&$}hO2GQ!
zugf<jSRuKqJfUkHso80}@gccSy(zyr{*ULeE3wG8WS;Dk?m@}yY>6RM85Z(lzJ49Q
zCJVV|d1qj>KEnJb%CY%p%o^qzyUgtDY(CGIFCU&B9;<Ix4GkkRKL4p<ffH|^T*(pe
zyL-HxT+N=OLIy|Iqi}p~ob21Netm?;aue<$b_Z37VNdM*8YEa2^?X6lx8ddbXN=bL
z#OWUF+-UgnKHjfF5AIxyH}(r`-tv!{Um`9BV-kGYs8H4CqLK}X`ylIHFPF|fKiPb5
ze_gVN(-cj)j$NZuDoPzINamJL9q{D!9#fW{=u3pzg>hM9(GIFN>HFH2-`mzRjifPy
zyWCO)a#aGZ_ytQPT6qTO6UlebgYJQIo-udDbCc#{j3H_oJ6Sx3)ZSG@TxEBby|=II
z>(5Ndeo^^-uO<s#<ZQ}q9{2&404_VTBhd6BPwDJBYYK7jB}(AXXKH+p>W3$}hU$sn
z@kY+2y&NNY&df(5`myfKGdJXO*2e_*Mt6z86%0Db)_x=5mGf-__>GX2URt=lcLNdZ
zi(D779hK(;PJAM#`+-1N`9ZnOxNCS^my<iQjF|kTZUcPPCPN???~#=9kD7E+SPcqI
zk=@_>MwS{{$2;&A5KueTI64~CQynWZ{Lj;(79r|l#!Upe3LzU*`xj=+M-Z;Bkob~T
z^XMvE>O0^43eyFuqE@i6R}&q(gOq;RyH3sF*b`|mYxJ++jrGCzsYiZn^wUj(CBf%{
zDxVH;GCP<^Wh7WB%k8TxjN!T!LupH2HDh3eIFWjF(Gi8?q@w611{@7ZN?l6)RGI}K
z9E~Ajkf55%$z6v`8=T5u#V(zE*1KL5B%gU5Wka*gH-N`)9pAFZk+#9jg$U^Nc-%Ex
zeOX6KEV;f+4JfCLg(<L+j5M;58bC?@(Rvypq!2%+8z`YjmusD4J52wC+f|#!dO)Tc
zY)yxYc+kfVat^`#OQVO@-Y)-eprf0`JHq)q#W1uta-BFK9&EjC(cUEc-X))sjF-?~
zk3#Op`BEbYb;`~at`2+pYXvU&LkSzBduW;<O6#sJTh9!e8mzq=V%iPhty5(u<+@a}
zx_upYEh&6$PR_$U&zZ{SkPPCjtU@BqfW<ZbzLK~MRV=NV;QsRSv3iYx1S@X%HyOF~
z%chF3hx+>VNDiOpN3}Et0SiX2P#21G9UGKm@mxbk&5PAlQ?{ZSOhDd>@Byd7*YwVV
zoAO{4spF;Di_oPEb#$T34eOS|6>{#r0DB`P5Xbub;L#QdABY+h4z>gHq`vl-%Z^0y
z7O8fX-yr+fJUyOF{I51Xi(OMH90?7bs!bYhM*^n-43bT1(w6VaU!%n=dk7lHut$1~
zf=)i8WAP2ZkLN%6z2BZ1<{L^7-#<?h8q5_xKT-CK0iU{3YdMI${;Q4P9KNefkgW}t
ztKg>$1nXqmUPx(X3nITDFLR#Iy8M)B?WEq7i?}+#CfWq7>4v1$p84@u70!qn1w`9c
zu5~Oy`@=;XMJc&vZ%&|P0Uc~xcNOr=6JVrDt_C9OcW;<ftiswPPbJgj6+)d>!TNcP
zfs9jBDb8lSLZe{itS8YgP766_%P}u^(6c#P7A-xd;vMY`ir>;B%l%iwZ2=mYu9H-~
zZ{<3%U;ofimE*Sv`&Yi(b<k*h#fXhh>^w9B0G5iAmpaf|SUGFZz5*>fY+{qQp+<gN
zn6|Z129qYFg9kOdmvrVrs%}w}evTb^v|1r>pdetRN#~eQKeD^N%%<4Z%@EX;QjLqS
zdJ%S`PY(!+X;prbBrS%5S+{#aZY*i<smzxGtZUv*fFp?2id)|6-q_^eyOi*bSz!?#
zlCJ(j;wAj_&n51WrCirgR=2@Db8yvH0v~>DsjIUysifCtTK{yp^ut*7I7gLzlY}{l
z31$-glvPgI@@Xzn;|@;)Bvhd$qIRvOl@p+8``tS&cP4XxlfiS{ds$^NJbhtO86~<V
zdoVMqn3Wb|B5plSXlPhVWRo?wxWz=hN^77~3hnWyjw;F@mH2T5leB%L)M?GuO{*b(
zr;$E*c=^)#fSMBjghTW{vG5ZU#wy?#wJa2cjZwnhg^RaO(5m7G&+`tHk!Nl?X5O+{
zVsF#X%dw&T5ujD$dv&-afu|7ogf;RYT4r`IZFvD1z2b_7{bS=BoaKq*_RQQ~LrD(r
z`(A>%JpY-`Pl|g$4O&W_pgVp*%gc>e)Sp`PNUIVJK$Alj(hGyL@qCS?b`J`my_3+e
z{Hx8w^UpjhaM7X4FLUq{J>pp@xuyj8D<b3+Yd3um49o$Lj5)wi+HqyNgm-?NUb>#J
zW<SF}G*g8G(y<7#@jD?oax_yr29;y)K(NSGUT+~yS_aiyAEnQc(cb?92TNFpl~{0i
z$s_0g2`@q0-E1wRi$h<=evPB7Du7x0v(31j89#@=mY#xD7BJl&Tlj*!1i?Zdzk<4R
zPO@gojGT-AJA=BwU8%X`OX%C_Y_qhJ*@e^n`}5gE!~}g#0d<(^o$(c$OmA_1ZzO_G
zlZ&J`i;e-)fM#vhm3>w~EnCYEZ;GDp0uLbQ)Hvl<6a~ll7qcHBo@&l8S0^1~WAXc(
zlKMjA6YM|p%h_^19x5J5C|{Z2T*Y<WssUG^y9xwIW$Pi>w&##bs(n^j6hh$%YLQ5&
zC3(#UB;^#jQ}1wo9TdS*5G(onA$I{1-e0L$$J<W1I3RavOzP!UK<&S(C@(rRAO6L_
zZ;n6=Tr`MPCNoeD;-!$YoUb$SYZJY_9d(E?--!u2AVkT~xVW86<O_`SaJ@6NkYt&q
zNy)A7S>GIfk};0ZJP$JZuhVa+ag#C8vat3F^>1sQ0^V9wgq|2Y3Y_%nR(8(B6a5^J
z;09EBh`eLUVG7&|Yc2*5+-<)=d0`fUAw8{?a#hf>*PMD*Z0CC%6d*rpIm*M($A4mg
zkwx5n5Y}%fmiT=3bM|?=;=JU_A=XUmUgPD35I(OO;UGavl(!RN=t`Rs=00%;z;(yN
z%u;d%2}=u#3P;X79ga4lRg&RDtO6~`FXkUdhy;jWRKZh~+W=hfP5d=TecGJb!49=t
zEEg_?lA%8}DH5DwtrTuTfgXgZhVr8Cvt_i17j(RsoTK-}4$;r4m;gkTw5R>Q4ESNQ
z1zwejPr!8@ub{&oc{Y%FPO&%6Qq}rcI-H;Y8%A9iiwrmvRpAM<8kwzn&Vkjyh*Qxh
zjuB49ESAxeDar@X`cPBa$^BErVC}<|MS^^G^OADYrapGqmX_g}<1N3;b|1h{*g!7B
zU6j+_`OXJ?#Y}(^PD1+Go`+L9#tfRzR+iC90Z196@frV+EISIoE0Ct!_tonv3I5Wi
z@2I5X2>OZJ(+A^Cxj^~p0hY)c`>TH~J8XYlg}5Pk2^NNl+oP`XfK|p%0-l09ErYg-
zDoW-%dYb``(%4F6i%i&zMWx2Hw&E5<Do>5#Wgv|nEl;88+NA~En>10$M-xmPdShQD
z>uV_N)^-O<QZXk31e&>;Dvui76D*3YuLA~)xHFWr0DbL7URP6lP_kARoWqnolMq_9
z7+iTL+{s`-rA0tH{P8m)g$?`1whYQwz%n>D-aL61pHO+*W%P=Lpaomh08|o?IC|qQ
z3Q)d)Sz&&l-4m(mGM)+pe>n?h1CtLhDH7a%`v;iLx|RNQrVF83ej?t$DQ$pJx^@Px
z%vC$;SN;P6Gxe`<j{SP<x=m5j<G${XQbv;Xu>?+h!Up5>7Xbr^S~$(91E$T)OG@%e
zTx7&;nESbnD;N(&rf|1xX05}~gz`~`XYHOGPQoQttb>v<b!?8uNBz>HXDMSxvA$Z!
zLi8KyR0if+JKEs1^(C#HkH&Do!%;BbklbxPs8_&6EIBOZpy;H2+(SWo(W(mt(qO%u
zCc_Y#jm#0T<jF|qr;8o4To<5_fx_K4qnIEvTJy9F4Z1ukIf|!JI3x!%xc`fQZ`aEd
z>f%1u%`@ln#~8tjB0|8bkhVJwo#0IZnh25c>Y@4jPoDm`NZg}hQ?syES(_%0ZK(B0
z%p?551LZAd`$OTA9}@nkJg0k<LVqA9k=jh&&@i*pu=xWfNb;oNl8iqsWcCu;2q6le
zF@$V2vP-NH3%MJ|cDS2(HL_r8*-0eB;U5YN%v^yu_yck^(ikCXChP?z{3Z4iXtO8&
z`fMoi{|&SMfxx9uB&Wj0dY?nXvyo{&PhvAav)cU?zxrFGN9Xp={BUbe*%ijgmaFD1
z41h!9n{W#VrgA{`b0JamU!wZi|7i8XZ7!lJ7-xf*PmtS?5Apv6fNQDvO3yT1F?rzp
zF0OsuyWY+1x(WoO07-Elq7TvgI{;`%I3YEX>T680@CrZecs;;Pk!_VAq+LZF(X$Mm
zR&;V=5$!UQCu)6>@fkcIg^hA@B1+#$G*A&$Z)A$&Nb*a~aA=Jjgqkw3)a5`Fh}v>b
z63Ld(%7mg61luCd+V5ixN$o~~U;2#G8=w!0;+>p;>8_Y%)&&t~^kX;EHi6|ApM^tN
z$B*0)a0_I?7&8^Y7~?M1c?9sPL_RD{R%Za7lrkRHFor5;QnBW_>$+l|kuEU86>0FF
z-DDwUUFA|q8b@2H#cT+4RlaInd4S01>J00ccJLol?zPY*I97H;<Y;gR7H!U6t#u9b
zJa|1_A7%LfY((+Y{d{zyOO62#ZiCk-Z}<5>Vt&f+hNY4|t2ZcxjZKK1d)jO0d5vxv
zbj7W>u}sG2^CKbn!!sfHqe~%NZ?@=ym+iHf%7Rugx>KAiS@HqaWkZ52s7$RX#azE;
z`EW%oeBaF42Vi7>V&_Rl6SHi%2NiS2&f+t`jsupmX`NO_mc_U(jFDNID|lC@x%V)b
z=If3KlsG|}@8tnl=5K90?3d18$sTNZe)Fv#jAPA%jX61nHr&MdN|dBpB~%UyDU%Zr
zl-v6bsJ0N<HWxv1wUVv{-k@Z-uJu83b7YgWTtFzxAb5#{HP}QTfgJXYn6NEJNPFI&
zy*kNFfbzbua}W_^jLDbPQ-Q5a*41iVa>SD8cX(7yF+)+qzxm)kTgOO_WkMAL3dQ|Z
zwBCL+ftY#|K*lpG`I*LOs6Px!_GcbaskXz#no_=*t>fDEyEGjcMCzdP#3$f>`+O_N
z5Aa}Ui6SGjL7ti0;s0<~v1U?~<ylS60D9l9zpAbNF|7H(LK~m)uZ4U459tQvZf9Z5
zreAC)s{YbopaB+-(l4@g_uzyZ!L?vw8Mcj2M5xV`RNd?sP~(qkRJDF@o$BY=RMFKe
z%D_CF!+Z$Q1ZV_^-yWpPYOSQ;bv#hSa({%mccC4z<gTXL$Sic|<G2Q+PlnTR-@$~T
ziwylrdHiB1cAQ?IAJt&S8vor{O4ngvf(Ea`X&JZc3tsx{2eG77B>YiKfdPRL*>Pon
z75E1`51wnfmFl#$;Zs=jd{m!_Ir?h3vVG*G-KfNTWT3KEZXyk(^2xFL*s?}k9CHFO
z&_=eVM3EyZFv8KC!+v9+UUmK*CzhV@jAmFY4dzswkhyQS;8oK0N@y3ZWivfjF{d-5
z%R=jS=#YH#>d-$1F%6ttFSAV=#>=&lurah6`Vo2aAvX>jBLm+#MiX6A@M?G(y6&#8
zCil+&%@{=F;F);}tzDZi$e?M3Ca(Ze2t=Yua%&4^+msVDKr1CJH>3PTF4hpD5Ye9L
zq&-wL@M;`mJ6DSj@etf8h>H(${gI0uA3AuVbP;BlIxn1H7CEKv4b7xG{}wM`(vf0l
zA{YM~+LqGtS)6B519L5I!eWy8eRQqVF)vMYbYy;YVgzBX8tREERe-=E$ORR;anL={
z4lcw6VOW<?8%AxQz{gnJDPPU6y=n_Qh<daE|Fl$WR3!J`jBw-2*U^%k3*dc;r^}G=
zUK?%m1-H5U<(qi2e#RRJx^<Qh-x?HiGoTJFLw4T*JsZ+Gn&vVqiLq51ZcI2BY>Tps
zVWdvP{bB)cO-WN#Mk8bzy61&P59`fy*yM*I9<sf%+L0O>NmaUG1kI6`gU8kHB0s%t
z08X|nOO5e4uQB^pQM*D3`S`BiTgjlxa+8l~d9Pp@T!~wL8r2lnwl3B;ChS(P8dV$B
zEiIx(bbWwDbjd{*tm-2GL|#sQWhpT#7<;RAI4HAySbiDZNTqabC+5wKax3##pI=V8
z8kACHlt=H!x5-qwL&AleAC|b_Ts#5Y%_J+UM&}q5SDbZs>^_fmH;**<okgx4A%Tth
zdoG<=J3<WG_?MN)cUC9eK*8ogBH$>|Cg9}qUK&c)J{35^Ecp2eYg#kPc&;UK)7DYV
z{k5pJ!FfRLD{KZV=v|3v8!`-9P~$S^SK04}{SW?YLA^dxfowpHaEKJx7DHT4{cyw^
zt=!Y$h)=E#IIAfwsq*YokX_c6-!x*F9Qygm8G)Qy(>kLw6t_DcByD$I#81TTKuGT(
zg>9%WXT(gx@y(5vppJalW1VQ#PA^Y<*^yz=->ct&Qq#LFh|7)ht=4rPHQHSAf-?v`
z{$zIWtuKxoIHYK))zl}pvkFyKJ}vjv+UwLY(Q-rn2Csy2HBqRAWc|YL6!yzY;V@Du
z-ySGe?jlTn3!)W>3V;F709@)!hpFQ%#46L5>;j-zK}s!CPv@Xmoy&VN*-CX20YE$p
zhK|Cu49^;rpDgR0+x69Ilqk5mjIRr*h5wNGE_viZf!O|(1?pOFvGZUq4kLOMZX@~y
zf7CO8FHP_f(ED0~($wj7eTMzDy{P{x-&gU!_IKnj13m+8Qmj<p;`)n&|6#(cK1mO!
z{A>yOz(4;N>H_acGJmr4_kV^qtT>6R-HrmOZ-Urg=ll7$MFftDu+aX2H`g4QZ`<bb
zzXwL#mfln}(vIkr_MsTl1Cg@JU|5&J2I}8a{>y-Gjn0El*?||lcw>DYtTkc%Ud1Nj
zEkVKpguVim5Aqi$;n*O*FLGA5Fo5D2!0%EDl)(z~{6KFTrK`A>2eiL`m8}*K-=1Cr
zLGQ3Y<X_eMM{-CG+Lrhy*KDqFN#G?aH{PHeblrSk>c1soK0I!`py<C?7{>QmeIBTW
z|2d<vx=IeP>KXo12gMsPLMFej!gXx|Yo<ZioEnFji1rTfoBwzIJEzu~qYgas6R41Z
z7qsJv(~(~eET8`SnRc&b1A}$jkoF;NJrHN<X$Ah(s7uNmC~oahg3Qp|rW+#NG_T9c
z{7wcPe;K>n-TpIp8UTrPq3;dSA`ja|k`Zawm!t663@y`LEL7Tt8iVX65X910PZ*n<
z7*9&aY)Eonl=vjNBj<#Y|A?WzrKT~ieh|=Eim6mJaM}KK4$LsfU@Me6h>K|-Z*Kz1
zs<d^`I=?dS9}e6`^A86;5P6d*><?f!pcQzzRcV9MmzgBPHDL*{Tl<or==rePS#_BP
zMrumbRNWI8*pHLv^^2*!cwErHqpN(cM7vJy?jA}j@z#+}p`H@-JiXGr+jh?Zh<|T{
zB*9Mx--W6YVdU_;^iqMbLtl%%$KE;(o0%k+Ns`i3rZ#a*ypv4xcKOk!KT1qsO@^Qz
zIpoI3$fcOP`<8H~VbE(Tc&PH?<;(u?yb^!eiU*UNB_XA`;d?WF>yZpO39^|9{CeFz
z9ns|BX2JQL{CRTpF|lthErY)dIha#e;Ch%-vBUPZqM`yumsw#oz_0ua3>X^cJQc2y
zMT@Zi`a6TVE?!=WcE}P7<GoY1|8L?GN6A_WaEuZR%)#oKdgk8`?O)vD;yBw;C}8iw
z0$}a)l*lm#8tcaeL2^-({TDMpfCRY15J-S+WB&&MmUi-b6Ac4V2G%R6b<f<Nt3U!=
zKmOkd@CuktAP((zYBVFH{;22{w(J_4<A`gjS^ToNUtwh~Wn8^&*tQlyfvo19*U!HO
z7>2;yq9Sb?Xn_CR{T~JxTt+hT9|H_I_#Xy%?*F*~=Cl55fW3u)2AK5EzXsTp=&u1z
zJd36>in9K{Gr%{K6lVWvfWJKcPXlbR@c(asO-JhF|24qla(@kQKk0uOVEzBo0PkR4
z$4!2d2d_{3ud0^f*$sR-q$CC(Lynfy9SJ_p7>>99G=yu0N>3}J4H$dCG$+7-f`Mb3
zrHUzUcxII`r|p%Lb&4BKe>SQ@Ne*rXO_^f?R<0$ivm}_|LrYW-P59E42ahzXndL&i
zb)13t^5=^^pMiCyAUKN9^q)|bNu_0*rX(?pBnu0ha%4T;7T!tI{g#Ud*#{8r)(gGO
z8U_<r&z^0w%Bf!P+sC6CdV0DZujpzfilot2LOED=Qx!kEYIms=zLtEQ^0d@Y(GIq~
zoeT=UIQVQ-m)GDI8-lJXy$zft=i>RRmIqEUo3nmp?&jge>ei9H_nJK8ubQ5u#(@X#
z!0EXT47u=+Tzo2|>-x*7zC${-qiAeS_$Z>S%cxTg#i#CL{1_dDSV#G5Y2V(*h6xA~
z4&q66om4Q%aL0$mAcGq|$9UeKg`YYAG~(`x`h68)^@(K74@E+G0jF0*yKwAeeiB1S
zRC~<R_1Lo@!dxmgF5e=XJyrZCA#@#e*HfP=6x6rLN;iWlKI1DKM>p}C4P1B$^Xi*r
z^;J(2;9{CcMo&9EYPJyjF4k&*55aOJJT+(_6x9yCI_No>zSIFLP|^xxbvpkSNek6{
z8`xc^iP_k>J%u!NTzT=-((#-z|Ke#ysbalNtIIJ$BGvt({i}h~<3!{8eGN;kLsb<-
zin>nvwvMLc7iKZYB|4o}PP9pyv&Str;T44@tOCSoNZE0OBZ=D{jF~QOcBpw_7n!Zt
zpay51^@%mIFDXJo`50^@CGBstx(QIkf}vD@B(pU?w@Jd%RcX47idlu@lMFlke}gHi
z)_sh&ozRkJ7WDjxve}#YC}R*T|A)~|Py81~>q;UXN(sHJ(D-H%{Xsw01~)-oQ40rn
zNd|YfBMSZoHb>ejP;#sQ5Ggrhm88TZfe(8PS%y|F*#J7)pGf~YT4RoX9j(bF(9sTF
z$GH|_5IlEw;8|;ctFq=$5%lWB{qcK?=_F<xACtNzv1<*7=S4a4K#3^$I@=fOL2&$B
zpcFv&tM%ylg08M<aOBiHtB|VLr@%He$sgOntxon^oNF3bONZ*a(5F$8C6JbueLPH1
zbAKIU`w>P$lR*EyHC*hw2U1p_BM6k;b%2?QTxnKyyRo$SF@{%3*4WIfw3hRyyB|kY
z-RJHpeD>BJPm#@mf4VsRs-DdN=EkV^Z)9hKQ3jLXnMTxilSxZ@I{MQ>L((F;4>N}O
zYL`!I2A=_VhoL*VEo;1qPgDHMJYi99Z_wPoogBF}mC7)hy=p&ASJZ^eq8+OVT|tsM
z>c++~T$=lGFO2)yH*_2}ldSdZx}6~9)i9#UGb4d9*!_E8qtRlqQ7-B?n8Pju#>tL#
za#>RdzcDfh6b~rPNX=({fz;Y%ooZf{SZWFsGp@nes68o$_nV@uFO2`*E)p5rI5Dtl
zZGFp_LBo{2-ks-rmBesL@~(atKJe<lOsCf^mXS#_=9!4vj6I5ijvE;yP^SUyRG*aC
zZyvkg;!s4UUYgB1zQ{7WFmoQ887{mKlan_PQPEK%K5~41WBl~IqL@Q8)1sJ?!;&)F
zsD4znRgD&r?3Wi6PsR*zlNoZ8zP~pT!iTu#G;O6|dgi*HN-NU&j(X4uVN((OXG~JB
zUa>s-QNO3t<3W$9`~z^RtGQcwobcsL<+1(-HuMRBJ1GLY*4;uWKbR;<JO(b<vFsY%
zPew^q`nE=24{=i-yIe<-fR~blj$=kbUV_mOcJoV7z3EfVi29{<6tgBcCxtJSb-<3$
zc5~ye+OO&Y%F|`-t?jL++V=|8QwW5eqwb2GlwT`bXd^tDAN{XBW|odp2IQZ7uHqZ`
zcJH|`5hCoQ>vpry(y$SGKAyGj;v3SOf6>isu^m)y;vKYcrbyxML6wi*I7*^#Y3oPr
zY@8>6Ofq*l`eFN|K15C*!={xId}(!jtDsExW{CT^Am5)O&NK}bkHJU03)y@?8k(Bi
z4nKJ+D4AX^$}>w$y3#lDXU8(bQxalcpZ6XZteSY$+fjGlI^Q}V;4Y?Pgr8O6ZsTk>
zi1r7*zVt`a!SsNyh)>YjOapHfK>-xkufuc{aGGzQbqsJOk!US@S9LFg{;q~J;bzEJ
z{lIERg<IEBN`>7eXjiAZ*WPh#b#K_4@$Gua-=p8sZMs_mebI^d9Z1pb{<;+fUb5#)
z%4{^0F4RS+!bH_*u<ZZs;$!oAVHsyN_R>N{DK}9mI#UQ*MhA{h`WGP;i@86%g-;pJ
zuBIkT{8~&?z&FgVp%9`Loo+;=jihp;>^u)#mRskYs!L2$raydF{6W_K#9?coS;sB~
zbSGII;8~<5H9>X7BmZz*ZIe&L05e~uZ77IqKFhuxM<jomj_?Q}@frV<z#ssK-^!$J
zd+h}F2amYQ^Zq%gzcX!tKoxdt7;|@}$TBhhJ2?UvFFyuhVN*dzi5T-NWyS;Zta)ji
zM+&U31&Xg=kP3o;{4i{-6sPKQTlKtgqd_)x(>Jb&W<H+EShCcvWP$dp`w&Vc-s%IQ
z*wYR<<|h`9OT&aOMJWX{{7$XSgOW%&ceFkB4v<RUj&(Mql0zW~uO9JfeZ&L38jvG3
zZXM(DbPAMca}g@PbB)grZ;s78KE*;87<caX7*@Q*9|k`Kq*RixwuUs*pTon5z&Qy}
zWm^dAvT=-9e}5q^pmK+9fE%rAiy_H`q#TT-Nm0tu{Vfv<3N6y)L^5I461l}4t7>+G
zlJszvi<wG3eZH|L_=ESXK8H4wgR}(ER!(jIz3@(1bl$UivaXR!y}Y{%qUOfPQ_ibd
zu6i8Q$H!%^tJWvW8tN;e4d{So%+GWGoZaLfbYSeCQLob|p!c~U4R~O)AG_Z3eSTC6
z?kD^ijwk$UXGNbjlSTTzHH-g?v%8FHYuy)xU)-U%yL)kmqQNytad$6HaVr!p?oM!b
zr$CY7?(SN=Mc>f1);@cm``&TSy&p1WGH1r~flQu}{Qh>jx>&|S__4h~2hiRCRfFzu
z>S1$U&a}3K`4iK@Zo=}z@c9=q%-y>v_t3}$;`lJlg0-?um{fXiXn)S9pXRdgZ|a{R
zbyl1FYBjzNBFL#faD7~|rW2*7u^B_8AbGd7-Nmx*@@V$yy2o)4OKC_>YlU#Cwy3e2
z{thKsfe(SVJLg2)&cY%`B3bFM0;hN@6swQ9BGf^~A-BSJ(NO_93Ak@UHWzc$sIe>N
z-rK{nJbUO70<+>8>N4!kyjqQ$DXhw39{DA=pl(9KP~^_5B2kMAWx3?dyF}LFL8s1;
zXU0~k?M4GmHjj*aP3|A@SiSUZK6inOlyG|9(j(=xrgJ%HddwYciHq+^zl5!iOHCty
z>?W8OaTKTP$g6e;j=v61*oV?+k&yrP61@~i1D=iM)vOA=gZtQY8cHXzlzAqu!isWo
zQV%I;6c0xdo16m|<W)x=9$q+iSHvO$Qm1#AJMFcZ1C|aRy1iq|8<RM8NIg8tBmJCs
z3^NqaJp(0_PF0Agr$+eN+sSoCSG%G@WtjN38ZNIr&4XS(>P(y2AYrFDR(7eT@``at
z4(1y+C$%T5&?37z6j%Ii7@@~$fHlSLL#+d$_vr`Xdd%+kd$#M7Rjg$X)xTgG!T+iM
zy>nCFYv-nniDx=K(YbVF@I=VH3g32>wIb{aArCc#CdH9>n%Blng?YC~!WE2&82(;8
z8rcrG!N6@q@0+`Cm*ed>U!zZYN!xXYg$rpo0t;zhW3qf8y@*S2Om@IaMhzU3J!BQ1
zO8gU(Eo1@5WaYl8-Cu%ZveAFXWGMhp5c9AQ5SM8_L&=eXq$f$+BL@ll+Er125N5A7
zR-BUM$>1a=zIkxFCcWKuVEK>7R)(dW8cokbf~b{52ahG~&ORthy}?>c!X$8~rlud7
z`IX)runY;{UP5*k=x8ZxyD}?Vlq8PJ)RF@Io6b~5{T$tJM+%@~nKIT2-XhzRd}*xH
z*h6sO6%Uz}4F!SGQ*kPJ!tf?4^B_dFR-;R!WEsln_f3u3s^qr+4nGUJFwq?6lE1P-
z1oZrzdQKB0k~ULQz?0i4IQClRH=8*;6AZ_XN<Y|47XsYg*;KOUW&LbL5A(4jUzaQR
z9Ie&?H7lQMyy9vqwe~38Lgek6cpQeFA5#G>SiF>pe6BEFqVJDH#3WmiFgs{nTqz?=
zB=$}9(Y_*O9;Lm72(h<|DJ#`pAJmTzYs712q4TyCLL0q$7grpOjz08wuz-V}D61$<
zKGlz-0zrTLRyOU*x$su%j)_@5uJuidx*sHcKrJ@^pV%v7OL(Sdpk1#NX>&u;pP>$p
zu<MrGGB>P`ssSQQ(F|Mdxn+c^;5JO5c^BkirHW6_4R(QTSe(~viO1&|Z5sk&D3(c9
z)hJ<5RQ+O`VU_B$^JK9R|BAhey~bWGqsP>FWCSkACdT3_6f&Fy9DZ58Ri?)^hpF1b
z`+2)igiN@sX{@R=cx4VwS)Lz&$AwWkC~l0s1<s&lE=^64z-$X><Ybx%7Y(>VsW(29
zf2l<`R5@++C(#z9hG<<rOPN6KOeV<)kA|!isGenSE4uOImb8pk|4lzDOHgNZx)NtK
z8n<XItV&-s@^*XaS}E6n3lg#ZG@2M)iwli-8ATUGXLt0hq;i!T#$4_R{oEbonhT&r
z%s-8mddV&oTY@e)nbQc`NI-boAfuz^Qn$AR-K~1mVmNT{73nvrTKEAqZ9g^c&+!Yw
z$cbdJ%*!g;_lr=ebnU0%(qpOiUJlIJm~Tzp>Q%6<AtkhPkZ7=lI||jSo@HKpEe*4<
zkC~GNDUwHx@oQlkUbaiMpw)UbICkCd>gBimWDUu<pNBBpUou)!Epq$D!<!?ua#pRb
zQD5pIh$kV$8QB$EDkz=zWdi2*OBvcJS!P+1i}ejwDZV)`J~@IWC5*a$p6HHNEVjZ#
z+D;ig-RgU*<;gcRpTAh21Y|}#e0KQWENp5%B84PYXGP>@s#$mcr_s_RZi4A^zwqis
z?hSc0IAUjMDB&~s5&UqFcx~fD@+aC#fX4NAM<1lvVzekvALKcjPt9|@E>S$KRvb8=
z6ynjx#$*)R&l9`qFP8#v?K7M$5hZ6=-R(QNny3uI>VU+Tr4hwhqhpFn;!0%>DhrKl
zjc{ivm|Pz})rnTo%fg3C;fZ%`4iqv{m{p-`YdhBDGEzcW^NWGrQ-tkUQoP04HYSGF
zi#O4E9;?_g+WMy2_d)r6YB+7`UFCY2wbaL%`Rw;D1;a;dyc;$xUt>clZowheUoQ*Z
z^Lx#9wszN58wV#%OryoiV`lbQ?J`!&S+<Fo{bt@uil<a<uoRQbkuv_`fnNpUf1iUK
zcQc{8lLp*yI<=D0%0zYNz2<hw-M&xKFP=5gRWP$T=oM(i*2RkF8NDd8*|Y;+=#u;|
zb5bDf5iq&N0uO??D8n<^)IX&}SQm*cX?=lWzNa<Mahv4GLHY3!?IV&Pw16lHjj7U8
zvD<(<tGHD`enOFOtA<5th8=NaJ*spD{J|tEfoIl1(e{&z%Y6T=8Xu<Wo{j#`$aAz)
zPt^09Tr!kISDxR}l`CayVu5%B(`2Er?@X#-Q!cjZ{P7>SyCWeuZf*VXq0Es}*bKj`
zp}gBhd&?0D?$!i*`xerBuq!}_bE=yJ(%Z5oKnVKw?Si-=T7b|DI^?bL$Tq1hvV#0w
zFRd4c%Mq-U9yIFoJp|(8QXmLGFAV(Y;(AI>42=C5l~+W=pCXFL9VdZ3=6Vu*K6}k!
zA)zT6H_#g4yAjdUym4sdy7!?0f`LdhgtFLihZTc?XjL;LpHTNuuk=_#2^^}8UFCo6
z)wI9p1qfiA1xnrXfO|Ei&)Z_Dx7B>u@>=-@bRu??o5EeaVArxy?pZ9tE|@Wcg#idy
z!@u{U4NLtJOCMFiI^)xzZlr(utD({QE%v7CTFgiNhAmg`yV-Co>!aQr;n{n8=#X#E
z`82zt>aCIN6xEVf!=WV-Ryy@!2wBt&DfXr1R(<g{PG=^4mATLF??S#4{=oh=c9&1<
zkaz`mL-Za1?^R!c;1zi@R}KX$rFnnUbA+rppIbi{XQZbRrDjEJEaC_VDRq5vvrWe0
zkI+G^a8<~CHjX<lay?aNSJ~bs@G8}i<@T*qUt@4#Iyu49XPn6nrsPG9)vk+zvh9m%
zP;K29-EDHCJ(&9#Jf!AQ*cZSdf3}>+9<!?;umq`lj3)lHYe9r2Dz&WD3$?x!hco=S
z>Cidq2ZR;gc8V~!i-<3`i&7^y=ca=Wz4O7hR(-}Pj}!i}+?)LZXXYs0&l<8CXN3)l
z6fVdBbpAEZx;3L<4S}c$h5>Z#b3w6VV(9~T%96-32SIw9?>bCzqaFg^2ne-fqJPt@
zk<~@=y(D}O;7@ukOtsp&+YNCAHJMo}$<>eC9uJdDBM$jEf2sR5C}OHAk3z)=$aRPx
z2xC}TbsW7lG1Sq{jpx~M#9*!QYs%EEjlWX&S|&>|Hrt>S%P@m;$urGrSE}w&(OsI1
zAsy#qPB%_vbrf6U8B|KI<%e9nt#Q_{&yZH#vum5%#b->Ad=j?*O&B9Hs$HI~0LquJ
zX7tr!exHA?LcvFwD0ch#qk7dz!O^q^NR|hpmPx%U{5W5(*?vzqAdU|lbQuc285b!g
zD52E>aMl=md4wyz{I04)9g>)K>P~t<sWv-@U0^r-u?BwDokU4s_`{!hoTobpLI>6s
zzj}8Pd=b*tvmT-m`So2Yr}=$J^U3*^JptU}l=fc>%>7{$(k^i{YM<#b%D8VY@V*hD
zsq+-OkQzlx&3IRrN(NGn@1oLFT<qf56H_~H#4NZmI#ps?cbg)qpmi~yA=0L(tMPse
z?!zwK8vfxO#ZD<dI=Sy;sliJBtzbr-r+sWnE4_F3pzvTO^fr5_u&>$jiB0yF-aOEr
zpoC?kYr|^A{s_o-9=u6OU_r<@I7VI1)wV&jx*98OS;SRTFGjzpQZzmJBdta&F^(gh
z64Ze1%BrK3Mi4<)W37ngzgRx1!LLe{G2#x-p@xyd5x+y_m;cZ<wh98bX(AkD_QLTw
zYA{ICupZrJ+IDvu9*T&ko>N|_Hz5DHXeoIBUk>MfH|90*BLH$L=&<n+O=F_2`_r2d
zI8un$Ag#Z|>F+vIglQ~z^86)Qxs;su@NY|K4<88g#%jM7!z9k9=18jf(8A-XEQLC=
zr?!TvpM$^b`3G75zD6aT1*i{zRPQ>5q6S1a+0zJmyr^9+pzhDuld>5ytE@kT$y)Fw
z9+|y`3ng+WIT=0ZSX#u_iXK`R_V$v~%D>Liu&|g@p8qZxt8DRkgaBKVLLe~oyF}#I
z&Vmd^Ndf7ta@8}e6S6pi`ubK@fg=x{22_m2;?1LXHCz<hKjOdR(ba4cmpK>X2GZX&
zB5C|8`UnC?Y1bLgqC2~_czS`h+C1NxWL-!N_2IBctDa9)wuWg;hUbE9QMQM4fm-G1
z<+yTl(ePiee%B<9+8GaM<giq#DGRxmM|}@(py<$u9M$?0q|NPf*O78JbD4LdXj^MK
zYGFyU(Hk1y1~^AaIpwOW#00@tCW<mxQhEKj_6`{_+L<G}wH`(1(N1zxUzyb!!N&3?
zwo^X2fnvIC<&Qq{U;{GFkISDVL<dCNd_dVQ(tT7*7&ICIwzb8POz5`*dCur>N8xHz
z6-K5bs^M^HXS<;CO<VCwC<pjg#WSWErd|6HF7&Zn^fOu8pwIj0Xr?`DGd~x6j*Xrq
zT2$mzMaG!@B5}0e3j2j9T%2D!>)1Bh=9AWxrLT=ZD4o7BV^c#qh`=3GIc5V>{;nKC
z18?aKBl01PVTk@Xqy`=ndiA#ySS=${sPebfV%>-kjL`o)5gg0E^T&qGM*Y$fgFc(M
zcSW*2a$b@#FspvE$9RPA!m3q@;+;OEgPi2)!|OY?CA7y#!lB8g>Z9#+*sp)j=!}Vb
zi7{V*KDJAB3+~Sp;(m#4VO+k=J?V4>rud{FGnO69?}etLyBKL3yFW*T;{bSmR8jkH
zE2WFX8L!|d-9PEJYOdIH#<y3%PpQ!yTzpnqrXA+LRr~bADk4G~Pxc!*R4GWgKOPae
zSoo9#PgwxTI0=^PeJPFnO@Sy%><|2lJW-Uzn_5PF&SD5LW}{L#6l+UO5h8+_lEm44
zF_gFxSeG~?E>p?V``d0_aBP-Fy}U$N7yMp}_%4Ch<3o8#cgWGSKay(=1a7HKcS!3*
zj{ehwst4-PY!#AWfY;44%F(QN$Ngv6o1<L)r%yp%H_BBce@;z;PodA0k=p%pqWD&2
zuFP+pOk_h0h6T7GhGOT>+{Ky<{kp+<bAz`!Lc<?r|C8-50EtVB!Z8;T*IELKWyTHa
zb+Nxz^nBZ_{6yfG8{HTahtv>1e{VxA(J?N1P?HBMeex4DR-Fg?+4c%FR+k40Z}&?r
zSxW^fSo;}hC<&u6<5bcefmmML9kFEB9nrete@G@p@s9Y-bdLwf|In};VmbgFMILS%
zB?Z<0@J$M;F~RFa(LPP6X;Dk4A}B+Cc)wryM*MFy{wxQ~2H#X#Q04FH!FSvgQa55p
z7WnqlqA(0$L#h5Y2&+YI7~+o&sR94b6ORl)0QPJb1S3OrUg$V;b>0zdd2!L7m(leG
zJdD=eVNr7c*_i3(k6A)aXl`XLG`#r;^Vbehj@edSD_pd_EuD71nd#-y(kLQFTPE)@
z(0Y{EhWNZCCECO<k3AGaCJdzV%u26oS}7Q6=%@vBExuXL36zw4VX!1?ulj!GQoLqx
zk<gsgf<J|cb?cj-zsK<<*B90k=GWQO7@@&thGjJdy2k$A+X8wcit;6Z!{vbfN~v`x
zDETDzT+S}gf@TZof<UAq{xl_Ap>%;r?MiKzmW};*E;R8ej6F>arAvoKy+a0h(rQ}C
zAy=KbsuPh~vZ8N~YQGTHz#A0qCn5lf&bV{=6yPD}f+XXqFv3_V6zFor_j%?m97>N%
z*s<(@6jjDkhq=rIq+^7cY{XZ~ic^GfBygOSHJymkN&GRS^ov+mQMZG1NP*>7j3f_-
zdAxPYuSTsDn3p@@UTZs%{DfTfKqW@DA4i=DB_Ul6ep3cmdvwaO^eo|7cIn<LD^Lf3
zBIGo(-23wHADn`8%<Cs-7$opIQAf7tEbgYEdifMi?pp>EM9C^%h<ox-IT>!X-ro75
zzyhw?aenbr>bTG=V;qpH{ak2JWSkkuoQ6|`gqGAA&EId<#*kLI7`DTR7<ZC-Ym_HA
z*l-&Ns@icr9z=Dy>mQ&AwnS4PJVGD7DU@e#!lhIObRI`5^h}=)>PN;iJ=_F>mK5!S
zRO(fiIbmr!5?G(UYv)Gq5Um@h4fT^?a`rK#VU#$8T1Ktnpj`F+uH)XkB1XU%2v8>0
z`k;@8sN*Y+D!NSli#g1otc`SwXzE^HnrGg7@SVV?CL}$G8f^143(6#$fDkfj@5tx7
z>w)#>TE2&)>+3K;y2#V@@-%7FQP_HhkL&H1r*VgI@J}Z{kLT0*Dg(iX@T{jxsIn`b
zd%v!X=l5ApJM=pzCuJ}2N9Gpf$~4^VD+f(JkrE%m%1g$E9ySQ=P!0_A34H_x9IW)i
zfUBbL`|WdPig2O9P+1dAg38!AwgaU3gya!N7rkMlc((L@DVGIaDUM08V#TCxE(Xc6
zryeOLp?9X+t<_eQ4`FC$gj%)c*e5L)w>Ik^St}M-mt7NxUFR3mc~368R><c?v_EWX
zm5eZlP>dwyek16`#vn@N2s^7E6K9lI!@*Z5hA)3VEr#3NOukDzOP%^ooRigsE`T46
z`#U?**Ggn<A9J72`^p=X<X-7bB$yDX50>T$ld#$-lB28wXi60OBo4G~lLK`Yn;+3q
z^WS(Q86Ek7NQ*^aoD|+`>JQ%04U?>N<cpqWTHQpA_UPw7+VrlpIgqMi-#@?c8fFNn
zvyFdu^fZD}B@xg+D%BZ#r`8tP-m$w#!(1YQwg+4C#p9#iiCd>ywaVDGf|#s|jGF3G
zJ-w{29OLkZZuh1l72#}5C-Ea|wYbZq1j4uq476y}d0}_};Pp$8z+>EPKVz>x{2E1@
zejJPgp!-Kt2Sw*vbSy`FKoe9u@y2P2?Zzpd)yC;Nly+kHcH(CPq_yZ&3kc5}%Z<}F
z4q;Z+`+Ec)0^Q3HYtc2g=eKU}vS4QzzX)jujWwO2c3Hbl;3Qg6O2H_RdL;H)r<m@n
zl}UutV?uQy_6$XdILs3|dldH&BqCP4hs`KbAg<S{uMlFE?kSZ$h}tt#;H#10q3$_^
zh-<39M7P1Hzh?0InRE1MyiGb)Im}>RP6*o1@8a_4^5}TrK(ffg2@kiRe?IqA>L!y<
z>2Pd+W4b!?Y=QTA;c(~jH%7G(xc`#yv{=U%G<}|!$|a-<7A9UCHi3GPQ?7a~I(yQf
zw@%z0m^;bdpW7|a@?j&E#n~ITJ{fd$(VS{2R<z_~&YtaF=0#rlb#k|VIFd}m2EA1x
zuNIW*I8*S1J_4Qcf2FO|BjpzON~SXP4Kw5SH|#IGv~9#PeaXd@wr8bsrYNOCmmyEr
z$#<LKvmKF_>OyKUuPvAs?w!ry8-RWTkn<)cbwaLrP2b_1l3asf4KpM3%UqrDrt3@i
zMJKR%<X!p<e)#0ZuI$N#lo>dU>g}IGBQzF6mae-N9eS!AE5?|BjP>daI@Y`NSdHvE
z*J8!HO;ZVUirBMDg&fy_gf;yYF6gBqaLwfjl+;~C^4aLEWo|tsYe%~qFZWF9F(K{x
zKTX4u){jSix%V1-=Tl#a-Ga*I*y*A`w<;3qZ5A)ZPK}aEI^XktC!)`l#9~g(3#1hy
zur!dDp_u@kw$0Rd0D-9j_fNEIm9~;KVJZP~qVfE_)L-}4vy#KSb<jq+eIzl)rkW1|
z=Y8l;u`#yLS*2xAH1S7e&dEeU{0xAz4-Vn;rF{XyTj{;^CdUE|{p+Oq<fVs_<JvqO
z0tih9B4`?$7b4Fk)z~l$6k`g|UxhTT-8l_5nOz6uoaJO)(wwPv*yOY9CSPK|9uqK_
zl1kB9+Vd4|>B&)t7QcC;n+rGqVroqZ($e<_nnFnOCwMP?wZ3Qhg>!dyE`qj1Meb4P
zwOgEdp;>6|UMYjQ{nj18e-r00PzpH0WMM*-yaUm%8COX+i9WNOOGnDqCR=><(~98_
zIXm2G#Z?}ZJJ<>{7kPIz&?jl&s{{^BFjzbyYpzKwn7@dc21u~KOXYFDucNG*z$*z7
z8PkE_L+9;>j5$wG%<keM<+`anwo#+O&EH4GZLn0>g;tV}kn|ULGc%&Y)P<mWkGE}%
zPyyc$(~;!a^xb0`Mf00-6wp&aGW<sn!-zG7I@(p+K=d|_kj;d!-k<}{Xgd1gUNM(0
zp!>AdLl1C&9lllLR~G`Ad?%9KVVzLn^-cA{L0#OSR5;m0%|>Q6w-6yoM_O1Pyi?F9
zO#Uq8S><5IHPYiD_aa-BA4i!yA;24{$7whIiYrWZ>J|faq%Ml#?LeruE|H&#N77Y?
zHJS|?Jf<3^_ofHfsz{!b)U1L|e&C^z8@u`{$TmD)!<iQ;F9{^crNp(J_+#YXaA_(u
zL1v_F;)lBfSAJ?QOzCH;iqX+Kxr#47uTZ_m6aE!kmQvvC*3gndi{{b9Q^}!PG1dtE
zb1AW!bH8=egE%zsQ@|Q|_p<lsAxT5R;ka<-V*<j7N2Ku6&XvfgXK+pM%Wu*mkuuz6
zlWR*Ok#U>tz#YlZ{z$|%F2Lx3cjv|8W+uK03WCX|JW1Uz5Zn|RQ>JFJ)H;*2o%Y0+
z)A^V(rB>7;H9T{(-zL5K{D}`g1@2l%)aGlMwe~MBjTNi`+pWpT+pdS^w^Kd3xKAkc
z)R`lV?p-A9t_^R`b3kKz<m~d{cS5+a=@<q=Br2qDD5b%y_M3%r98J;2uTjA|pl*I(
zt9a?xy$Nwa5v+YN>C-ns(EN4hPJ{5qNmaTQdJI1E@d#CkVw6(PbZ7ReO(8OnYre;c
zctrf5J!voh3(W5_Tnf>X2O=KCzUb6_d!mb>n1js9vLE($?`UftJCV*^Bkyf~m#Ccq
zB_vibq=L+J9mfp^e%dCB@p;I76;>~2t<nXsHgJf(Xt&YrFnWns1ku5Az!uCLi}^X>
z#V2CtGSVVdN-dhE0JSEp-QlSqoH-=4fk6u9oeD~7$9z=W*R42H(g|T=&b^+JwwX4w
z^E$&^a>N$onTc+gta?5t8p*C~es?es>{cPp`r+op3uPf3Q&j3_iLU4yTVlnf9~UPD
z#O`?V_yI0*jn<-NIh`q$d%^IdPF6?`JfgvI(0Cvg)}g+}>^6_dXJ4(B;xTYU;r3*u
zpF>WKo{HxF-oIG65+B=0?b54i|NGk#pcgO@gEk!~Q!-F1#6LOhYCOxq7tTp#2V5{)
zh^CkI`0%xKL*56F-O?}8or~_Loyqm(D)h`jni^<PGi-pg2wa^#C+$Vgc(+)0gnVIB
zcOG~Szls$ENPnYooSsNRns)r=nk>!>JqNs(*lCv{Gxz-p#kJ6J$)#t}9SD+WYP1Dy
zN4EKvv7%rw+<Y(JQXqxOiXKH{){QupHMVNdA#he#-P?!P#8$Gz(hOO~UR3~ru7k{>
zJ1yy)mc(($aa^sutI%YP{b6`*2TaaSE5kGZ`N8?<mus#&YL>z6O$xn)^z}+>50jHW
zJKZ8_YOu^&Azsd;j}s{@DIheFhv`nw7{bq!-0mKwM_S;0n6Fu0_9(a3I}Cl!R<NN=
zE$VTf>c#TRR*9YWE468uw-#~S&k*C{FZ3BrZ$G%7Z|@RY{Va`de%J#4F>V~r0%(50
z!u5%v5^^Wx%mFzAG8n0}t0>I^6C`Eit9Ka~Y_{!T#7webgTIrq<X#xi4Lt@eEuZQw
zizAYP-8MHsXlJpT<kIF9Zg(bMEtgK8;V;MKq<}ujO&Ktevg^lnw@%q@es@Dzv%#l8
zk&#&j9)@7!XSLn%g_8N)vCDnc{q&xvN+vaow1md7vCmd%f;Ju8OcQan!Z+^MHghA9
z0a2aDb~=ieeAVkX1os}vXc|h@Xo6fbEL_}H418q{bpAq4=kGAX;qSHj`uXA0;y)6i
zfvR-rFIy3q<<KoeA<Ve5Oa&gEM|DE_kL%Y&R8+q5TMR}+jPIrgQ;oHi>7c%;;fPio
za_f?`va^AnlZ=4jL*k=KV{*r?`!07AL!_@lQlRB5ms0G60~}JeSX;(lP88J41zGoX
z^!EkeJYjy+v-_y#SR2*?LlT%thK5-S@&&eSw<YIdGymVax`O(sJz~6Wi)Kd%G#h7;
zC^CxScYQFQ_gjEP-R@P?PZr;Bz>eU(GwF^55g2|aB{N56;}k|YA&0(=^@H-ZEO-_5
z31cX4_!IK#u-6Z!nDWo(A+ms%mU0%RbZvexgA&;aPgHaRh4rfeMkz-1Q}M>((ULfS
zG1(@eq^CU{LV+Qs3~*C-K=GHpg2+cH7i=ug^0EUs^>IB!p^7oVGVb@UrVfoA{U|9G
zlK)WZ=n~}0EczpYUHvEBd$;4q<oV@ni(_J#N}wA4;X3eK+Frj-1!y;59)9eEq}K1+
z%`9W!GVsH&Le$JAT_aZY3J)>bEuoMy-)x`4R2EzT<!WH3o}ww>TTwwEA?cBMx1FI`
z;jy~r<4O^dcCU7ds<R%IqrBiZQy^Fzk*p#G-DsJWuP!{lgj1m$Xd#19l+NHzaIvGE
z@qkxjQ!Fy!lY8;qIi&jP>0n4__fb>`ZUQ}!#Lgy=1Y84k>>n_h*y&Zx-#hC{SK(@^
zr3u^yYKJYLfoq_w^}2|`HBiyu8YmlZ4OExb8ZY<Qf0?@dg?Hsw7p(sz^?}@ZB8Nbp
z<n^V@oMm{Yec5m*3$3?M2Oa`RJg1gOjuj%vH_6#fg3$POCMam1YyjGHlxsylxLDu{
zj3Q0$7bc#5ElvpiUYZE*vMU_SMLPDXklwC2<_(+6jvsE|+#=Ja|Im^=2d;i%Ba%Gu
z*dO%@L)Sj#6e|OdKj^rEuK<rfpo}bFuk5^_>cn@bapB!Qg}1S_6ykr*@CX{YJbP3l
zfIHH<Pu^<^Ur)xJ%Uny6@$r=SuJhn(7PHO!{XqegLLjXXEw)Y*gQnixwwcB;*xgt!
zM(Z%RNu_W6VlU8QO1ocn-6;C5fB4Vf1JnbFAwkb<!=U`;`g~H6tdH8<p&wPTdCAWS
zcR&gshy!dNwD=f#6shR18ugAZBe93`d`X)gqXr7hnZHjKO{-8eV2hOF<V@bt#bw0F
zl6&{Hlxn)E-dL5X6{dp+AC#{5-Aq#J@_el9mX@p_rM~RD-zNn|&BRwwrfIPWwM&3r
z9_K%VndTkx8vb~KU8r@30+adQo{s*<)Azy1<j)KR#`8-{@I{D5!KF8U!8(|yjDH;e
zP^sT|pPq}(BcsaE9Y~|#iNyHf1uI;g@WBJwC_1c^5ZD^?4nTP%q%}*?6SwaS7eDvQ
z8L256gYPH6wk?r&9)ZiSHl#Rg9p|;)sgyp0PizZO-D!8XLn;-$Xz$>Pm$NJx%SiR8
zlu+Nos(f_Q`C8S*TKr*rN7WcSb_<XC0gFSFCklxB)8HqkJ&$W?hWodl=uvf1*rxj!
zOKEzJ(P#GH0)uG+HSOGl6T0cc1G7=B^5MbM(YWcQ&#lQ7v<fJa30hpVh~2hx=8VMj
z7>auW!Kw5JBdIdZU%Mus^!CrxJk@5R_Hcy02;VHRDlj&@);qQF?wa-wVc5{wFIBz$
zWm`|-0zDVh=4~N#u=^h3u*YTj8jkVcgQ4)7y`UKX-|wH<-sjyuey9z$LJW>oIgO{5
zS0;o0JQEL|cc5bNL1rd!_*i}-ucQ+bI+D&#oG(>=wYSv$Y?!B8wBeIiSj<s=>9$(Q
z!`jaG?HosZg($-gjMiTeKJNHGloH1@xjMxQ>oR0-*gr#wM>hd)&9C)OPmq}gOl^0C
zI;hK4yp+o7IBbe-wkf2GIV8-ZBFN&1Ma4}hq+|?K#}f01shl+E-4Wel2U)eXSCffd
z+bgu;!fj_9T~iha&?|OjOpp`6^-k)1Ge|uNUdu3ypQc-;RXiuovE2a%hUMu-4BQoj
zCg9EmXz!|^B4RXOZt0xN;@Qk>#2P~{Oj#J1z~xR~sBHkjk`a#!!+YE{CXC9s^Yq18
z0&`N^ecEyQjNi?fq?pQw=ajeFnDg7%TaS6;^v-o|ba6);DtGoTC|jiRn<q+(2SlOg
zhsm%xF*?ldJH+<hIorJTZrJ-w$Sl{!aAwW4hZxZj%}sZE4}s&YM+|Un$16=dwxDs7
z9eCe=UmohD#_~)ryYtSxbaho4&5~8Wl<*GgVJ}Flgl5l5av|tT{Ly-V3cFt9Oq@yP
z8Tpu1;$iDnum>w5f7MvBUZA@%R{WvhqN0SVg!F)Av@I<GJ#6@qB*hK5*hw<FkDQo!
z+?9KPOPI-uv#Wtv9E-Ikad~M}EvijTbH4!$=W}31xAVsiy@sq7tFnM#L{5U&GLi>_
zXD!5kq2}MZNwPob-HjNe6xP2o@cBsg$}`4k?+!S&eN^gog?)qEipw+`+A#{Abnv5H
zm`KFpg5(N2CbbN&M7W~)+L-kTyCodSGu&nhe%~46fxM^Zo51hS9Bgw==?Bf8AtXjW
zdf0I<5w=xp_nZ+Femeg$&mN?V6#4r7BfKWnbZ+ABpf~|xmQ}_xu63C;4d_F9%xjN6
z&?%-F@dJJ5E~lg<GcxsNEX1r@@s<n>EHK**4Y@cIhD|PrfJ_~;$ZIMGb`U)0U@|B4
z#A^|om0;#gZqmEiAXu*YGE!8OqnY8OkGY|PK&aNi5Q5q~Hy>}q3^1w3Gt2==S-|hD
z8(JrRJ^IXnk^068Ea(gVNV8lUVtSU!RnI>3f^auS^Dx!#JG@^05W0`VA42!-6z%XT
z)<pZG>XzVB@JF*T+<%|&0Y1<j&vrS)lD;B1gJW(eSkKp!<se@JhC<*CE)J!7SN(so
z-F1f$FrhaqgF!tH0@u0?;&rjVRuqKSE%rreRt78&42CQX**rC1<gM+KU4zA(%I%k$
z1^6h@_*-rN16a_xA4}xQUn2~DV7rE7JZk<+zzro&xeX=t?7LmwQlh`Axna9nx68XZ
z|HJOjuth<Ku<~%-E^p-F*#3|@*;ZM=Az3}dG{igNV3Eg3u&%#SI3#1K68NV2zl_^-
zM;xvDV`FQn^zP$msklOE0H^=F1T0mhgNvDZrH&~J2dq~3#<QB?+SK_mGbV!>@0&)6
z&FH(XR9@2T=@$Aj-|pYf?KTxKSy@N0wRYXZleobN^;7MiV52`(?ebv<76|7=$kt>e
zR!j{aMHC0;C!9ED{$@hUk3TPnW-WC?!zI1#1h!$8tZhYrcD$cZ&#+gpyepI&5Cy}Q
z_p#tzwFcYz+}qq?HxTzF^0Piy^Yeh{U(1=y#FOSFFgWvyC((Uk6n;Z?233czl+o>J
zx#3f(s9l3`y(;b%*P}|a6JL6~-~C24;{*}BGyyBUs_=_ui?Y|m%Cy%yuw^5(!$)Pt
ze)KM|?X8cGInnNmWEyC#eO-kFo)KP^X4W}aV|)AcKO$IOmt;Ce!y*s43>?eC+5AoH
zfsSeRuf)!E`46!d(EcHILb?AS_H8^1yH{f8x_Tvcsv7=$zIr!hMzs-!?Szu3>c5D+
zMOmBu53wV!uF!&sov9p5>>~rO#O~IiLd^I|?D9<W?%n@I>>*-&;sSw^#Fo1!HDqT`
z1j?~{p3Fa8r5X=Z!Sf8vKtEe;GWUyPL_p>l(C`uOwgKa=4OFpPuu02QSnqZs$-YT=
z#@d|1C>adx&czWQ_(h^6!B2{%anAq}SQQsP+p|h_=X{zcP7eev$93S*ez-k`QEJ#+
zlNzurY_vkQ_og?vkK+15e9Yh3&l&$kh$bRjos(LX2W3*YjhVnb;$yYlw|xPOhG_AA
ze%_|`cUTKgp+td=azAxYyENQI`g96!x?=4s-4~7Ae%a%;LK@4hagIwd%|jxI%HHBV
zogc<@J(+#Hojp86i{bXWKWqYt*w3PMfzka0_aS>dD>F0e`RC(ul|h%sEvC@JE}X``
z!}W_V-&26#!;sqG;-cmY`poE<SdP4{N6Vzc173J7>Ib#V_`4pSCH{%7cJ6!k==G^~
zRC=i3w_~0a$CaqaNMXUb4xTv-?-!#*q<F-zX1Bx8(%BYNpWp4u+`QXlA`ej(IXUQL
zNnE;kH-LOT^xf5HTK5i(bcJWiY?Nu?<M!!%CwS;8M|;yToxo9L9gow(u3w9IrC)um
zRIO^N4x(fVvv>$sC?gdwy9Mg1Rc4sR=XT~l6AdsxA>80<reT3n8wsOOOZ|fdSXUC;
zNHZKNJ^cFnk^8sfx!nM<Yi<W28pz(eN$^Ai6d)nuwt*XoFl+*A8)opn_n@s{=+!Ul
zmo^~@@An2m(m%ux=niK6?|W7Sxog)`Z%lF@R-5h{#2!~wJVYFQ{|~kvvkzP1?fsXn
z*Qku0|FQKSYX8{!6To){fns+@VkNe930Tlhy(?u})(QJaUFoCz{PoN}%Qfv6)Xkc`
zi9_7>SYmjzw;Zv1Wh9?MyQCtYCafZ+L->X+#6BXgraaXCur$<ugw=+w=!Wjai?(Cs
zh#=DYDge}<t3g6M^W80wW7v+Bkqv%LA44uUbM$piCJ9_RUEP1FmjyKzD`spLZ5#%H
zCuFMt&U$1MQrOuXw>_Lw@#OYU_ylJ*qGb^@4WSgLi%4{JV+d!;g%qTF>SUXrtrMJ8
zJ)Lbg%BgsT$S#vKzR{E)s#C*(o`jsGKZS0rdL+-(ES|32;j&h-RCV5d@MmT3r|WAb
zV=lt9b7GKS-=|+CMn2h3|H1y!m^sFhtqeh^`!n)Djctbbe#7<ZK*de1jPWW<IlEy9
z72GKx&-tX9W-PiUxxE%5Fz32Z(Es)=@yF4n8lj_7yE`|}$?tsj288D9H)5j^z?9Or
zTHx3}Po1Fd&GZ!e*D^rXuG{LuqgtSZ43g5XeI(83?TiyQDs+Rq*4o7$7Iog@)*raH
z(*|o{<63v@!(VRYg(B$Wtc)3drIOF6KCOP&jfols&6Zpf1oVBFLnrVrVt}lh3pb8j
zFRFwS)m(9WLiZE85BV06PK)jA*Uu%8)09rVV2)JGx{zA5ufQcL6rGvoKk9qq`{E`U
z(em3%9Mx!zvn)oMLt<FS;izTd(x`Q0J{t-WJWP(}e=F-ayeF@+?i`vgi69P^^)L=P
zVeqdCiPi3ZWPPvrkF1Mg{Uhro<$q*-;6G&D`1Ai()|<ormi7EsStlg=Th@K0&py1o
zAyt<UBfS_kS`x*~xZfhpQYJ4&(ET@AzxX5TT!gQ(UY_v(BkN8cf6F=p7g*L8US<90
zkE}l`{E>CF;D2P@Ot}(`c}aC0X5E<Q`DtG?oeCOVy^5%T<GFO^bd1X?k9q4%8YFyq
zs^z2T^DU&m|KOQ(*XacNkb7`_mpEKS=Jrzl5{*|CG$E9!dj~1tiJ<p5aRO)lTzpE3
z$$r1y-`Pj+bUW^NaRaY!CmqYOcVnuURJp)`DNYpw)7ByP^-AZfHL5|&3X8t3_9t`A
zFRfI|za0qU93X&GY}a;g4J%;knYIHydzw(uLV~n5E>M>7n;b>~3PxA=OEco%4_cu7
znUU4`dN6Hz#a4-fPwDB|eFqWJi?!NqHI2SEYl*3gp(|IN&Q;K?yYyn00maqz)l{}F
zb7X&}Ev)rEvNS@qNRB%?n@kK_<5y*%AJUX?=}vz(#dXL)UzVg0m;xzr$9$yHp)>P(
zxmqj}SSlrAMv2u}eJJD);^S6t0QMWD8McJ&Y-7_qSWP8_Re4PdQGP^kcEikrn;N}d
zc{^Ge&?9ft!${+~2?d7u7|d6WFB8EV?CD#@kMw)I&N#RoNsVYn&CjS!cAmhg2svY0
z_8IPsaSEf**q<)|GAjESn&T86nuX`%xBNh*V?(t3ICXpURPrGU-4oD{QWe6yGe`dt
z{1ro!C*gEl0Vmw(MX5QWo54ae<I7KN>F;p{D})R9B^rJiP`OZNQ$-3J<MFjb-Gc7E
z(PHBr$(d(BxsI2U=^>?5!=!<OX(i#8-hIEvle_E}qx(9qQ6Z@q9JkwcA2MluQ>_s^
z7(J-PPwlv9Z|mJv2Cj;nteG<M%o}^IweHEAuZE`&e!$SHAPu)Z-8-4dCX2W(^_DaF
zbuY>FIFtJBSMHfG=r_VJ8VWlM(yA9aNsfr`U2>fk#<sBB>qN;RrrDkQ3VATv3wKmE
zeFj19gH=BNZ<Q|ut2~fediNidFAHo`C=Hf#zuxLz8VNMXEG)WrDt>tZt9<g!tIBVK
zRsH}kMh2|%rcYzYDm~M_mj3fz_?GsSG20BOUHjhJR$m4^uQb+-j|z^oM6cEqes+6U
z`iD(~Yy>z84K?n$>Nz9_!F|(RjRfs{^PbHocecP5Q&;D=@5%4UV{Nujw)D_Y&Rv<I
zmdR#t%h9aNPhO(V^Q$0czQpc;*cN39#fMToD$MQTjl39%n80p?(ag6M^I%}IEDS1x
zq-w>dV3r*&QVvwuR+HnW3cUs6e0#z^;1A9Vx%|QTbn;i6Z^U8MBfil{=2ATABzsR&
zp*+SoSq|lm>m-#%HQT`sfFyE-S9fI*@B$n>O9A&k+Yf0lTT-Y;{Dt!&)=2d{qDgTQ
z^dJ_$A3JX{+M1XC1Lu9@mKmtr9$#@Dl?Iy@_!rKf{lR(p^aRzCUw`BL4c{xycWAug
zeB^)O{N{j&eExsO`K!NiJ{%)MYl#C2Mbz<coS&9Ur_*9A{)6-HpZ*Q!nK=Hz`4Z*-
z1?L+^{=xZtW?hD#vXIVToX61r7tVvi|Aq6>otDM%f8qRL<{z9Ndc}Fqvwv{@>%J?M
znPu=!i^4n+80Rk^CnveO+(vk6fNrf2N>^Z<x3%2Df5myBt5=-Q`u!-4{NrCZZ`En&
z6TSNv&i6Keao&Q&nW+kl^MPA91D9Z&SFr)({9@`W&bM6uJI*WK!@^0pfN_4N28{EY
z#bBK0q5cc!2M-vAKW^v2Y}sVP_RW*BT-?0ky!h4s3(j|dao&~tf5rJG_YjfLvo^QH
z?D>L`-WVXJm5y;E?Lqt~Z461snMT*a(*=%B<Gbj9&Wll4p(0H&Y0htL8|8p_bb3J4
z1bf66B)xFt;#BxdRRX?k$Xy9CrY&&x{OC|iRM@m;C6?!Ea8lvtx*UIYLZ#YFpBJ*q
zPs^?6*~QATnRccF{`;2-VpA`xv&?Y*3-|z#Y1?{UePaXGF-3o1MhFpxLS<*fhwZ|9
z0BRK-nkrKZwfqb(Qt7YaW4Hx;HJJh6!GiS5G%afVL3YZqb$9x=451O`pKni~JyT+Z
zZt|Ci*E^6a9`Oq~Zzdb~f9%*E8y2{}-;#JA<2yNcCBZ{{4$5z1smxkx|25yffxk|=
zbVamwEH0XMl)sum+u~g1g@j;iDIbJK&>h(U2KX=Ikme`LuO`1x2k}?FyFb1XS9hey
z`w={2%TELg;$Vq?fxVrOel_{resBu>UvU!XTV(+Jf;d}@Uo{&i+bUZ2!RSN@A)YHb
zulz9_-A@~&ERw=s%01Jw4Ph?IqThHT2-e;*O80=L6Mt)o&ivVt=DQbpz(9AYr8$XK
z%Fu!3rJV^LPVA2eP~L=RAo~3!7!h!%zIgzv>6J`ipIj0MfT-2k?`mIr7SuVXb1Y07
zmVPPn0ytl#MddMwa?9z)=%g@ILfOmQ=LzV;+MtwvT&@pHAndT>TT)4ij!eq@AEdi0
z$q3r|@C1q(y{N=r=0xaA;iE6)c}Dx*>)QNDcdr-`UIm)Xe5Re>0-KPY_*1|cQWQ@T
zV{qm<KxvI(AMJ?GKl<&pr4Hsb-f_hTIONF6>)D`L{K`sks|w2A);t2x6n~%ZMl_=O
z@%`xn3%v_g6PEUIn%GnS<#(ru%CF%Br1KMM4XVyx3SANl@(nEpero4FQxWwz`Ol;Y
zp~@V1V79kB&YeN8N*w?+Wr=uu13lyimTTIr06P9Q;J##CkCEHtgO-Fg9veCWQ)2kw
z!Nir|!Ne#gMBu(;X9MG*XG8O$G>>+SlBjxG^EQ$MF?s`h_0Ji=%0hIwN!g*{j`}&7
z;OI>{u>k>xIf2LtYY@8jF0a^eCRpd85QvSa5}j_MXw}9%zU+?UI{>sy#E&P@&-w^W
zlZyAVr+AeIrn)%E6(2j>tIw_*<&Wg}*w>b-7`=%G64o5}`)A(QI%C~)dwweZwu&-O
zB@WwIh|TXQj!Juh@!-BZL@mH)P}qbLNUs4aOwsqj?LDpR-p~UyAyI!J@zbx1jOkjo
zjQG-S1W#~2rrq!nyy^15@P`&B3YpZVQ|)Ana%G&Ghvr=eK^iWbi$w0sXpEAIUq%gY
zqB;TLJCQ)dManVtj@tNAC7n!$Rp`N5;1f+{49jL~>PHx<J!n7{744kJOOACxmM!sQ
zU&P@iHUHCo*BCz)rosS(&KWqHz2lF=d;iI6kG6ajdBOF+ARcU30Psclzf#>_wI0wA
zgQ25u5S<4Dw}c$kEb}!D0*BLTSVwE<9wc49v@l=-|4|UQnlt4S44x%+-cyQ$5G|N2
zkW&9WS*O`GVK6|%c)6mlMX?wno>@ZZv9Xyk!%#zEa|9hjvp9m0^_*)s@*Ni-dm#5i
zM*)1is^;oXemN66)a3l+JT<~4KbmBW?Yx@-x<yb5LaS9ltN%+N$f>PFZMPjWG{!Q+
zuAEFDd1CG)@S}^nI7M#iT*?$;p(!9$5x{Em-B?{}%r-h>PHLvZR>;blF0ZeYPvwny
z9k<S*betpmI{ApajNzF4*Z9Y%vvYp;?BVo0d(NhV57#C0zE;{LTrqW#>;3e!jEYHG
z;!e}PA>9`F*twL|BrB@|$D*uoh|*|9%S9quqT`TP5bsDoL65*)#z0^+?2mt?mRBPS
zj<n8ZG75wwe_xPQa1QQN{zEno2dHlmh@)_mNoFWvML0ZUdPJhp@lmt$&nRMnPe4+2
z;%wQ~JDNY8$Skd)j}s^Q(GJ>vX!(}9be3KaGi2@pOOr*3@SNKVYkBhTtSu}I`DjcS
z&kvc6qNcpHGc!Mk>k;CLie-|s+W?`%Pv8j%Fxh19zdBc9osxyu$+oCf2TAx&P91fg
z6mQ$j@=KfMhnDsB&3(3HRw6LT=?ir)AI{Z>FPd3q(b`NO%Zwfl@~vtXxQ7IHB2%le
zTE(lQoAmMbBv$^^e%}NLXH1Wz*TJmiilqIhVpL;atIza7fPzVNXF!9yDV$g*ptV_1
z^k$`on}BvM;#!-H+l0;7NWC!>W8DsaHE~jJApFE@y>!3TveK1WB!+Z|i=aP5LsAHp
zqFDpnh%D}adHNiiJuFTqXrYV?uwwaPN!>})giTZV#I;_uW*!YZiTH@Obh}@<LRW;N
zMvWhqVa|dpGTr$?NrfVeP3`nd%Im%Nh3aZEXn}{cPnL^KiSZkWZU*oLHS+7BaX~cE
zu?w1$VwwCrHf^6bxDT0Y=LtqTW`2tN{*W8RR|+wHsgI@tlhSO`Kvs;B>|+8ZXDZY~
zOV7$WzRC+Dnf%`sr+9fD;T0=$_F2{|nXUX)*wx>v!I{UFU^6Yi^~d%SLees-mgq(_
zAutR9v+#drxI>r!<c(Q_(!l$~&$K5j1=LI%_m1S~0y&dtYR;xt6<bVn7?yCK*wHw!
zY3<!?{^I*`mr~_1qT4ThW7S`X>wQ=?sGvJ2ryDQDn;gG@hJcE*HU!8BuZdok7#L-|
zhSxz&YKc|COa980EN2;*+{^PIL1Oe6$C)MGOp%IOF+v)-a^ZBS?^N|$@v@OZ8r*?w
zfKu2lo9=i)>4F(V&tPpthY*HboF#^>#PBZXzTVsL{VCJu4`72YNqaXN56*RGvFQ5(
z%Vj$MqY^Ciu<#ARB_y21xq45ImdYRvjcg<?i6VjtNtT&d?1tlIsBPV1@^oNL(Y<3X
zEPSTI^V#e1w5|ve7mUm-GySl-#g!1aN8k>;H|KJje8rkwEdDS@vkyFf;GL3SrYy|s
z=IT$z`(HQ@Ae<=!C|CK`|D*N!O91fnVV|H!e<bWbt`4r#dF<51c-`Q@@p_$TTYu&%
z>;J)a2g@>J7~UO%s9TH<R`_M`BjE29cSON~1aK-o|B|p2%Z#G_aaH2m8)3NIfd~S!
zn%->wUhuJYG@E}Me5~J8(leGsd29V!E#Q^I2MQtoLUrpV2*x94sG=ae@IMB>oe5bK
zR09@yDb9Dq@;rw8Z(cLnKU@8|h;9H*e9!$$=^r;^LJ!|)sr*^a2Ygc*fz#P1z;~Q9
z>l?;vFP!RchT;C$-#NPx!Rh?}nc)tvwdq6xqXB#YC$@J-5C}JQN0bs)=cWC5$v@@0
z3XUO=a%+>)3n^}odEWL3EmTaUZbZ_2`Un7L+LbEkoyeVFe_g+pAg4Wx<(<c6?V>i5
zQB#YVe3}LPw2YZhlXo7|N1uE!M++AOi5+CcnO(TgFiL_dKMyO&4x!GcRuBJHWO&H4
zc6U}uxjS9TRJoy8Kfe3r@I-LNyyD_rq0vC`IIy~}41Z%VSk~`;=N`HVw)vo(SDO!G
ze6@LXiFO<S24`jQB!Lf_>TlG}?dtIL4!XT^H!Ert%p0)HpC`TAJaa{MqS`la!9O;?
zL~r<8@1~REx=cZ&BSfR2J(e*6s{tcDJ|j7-CTO%PI}=KoCBS9XCAY?`c!ht@PTl?V
zgZqlvxhKsLw-<XU!c?lX!g_}!_xZtZ>BtApp?7+5OrDn#LJm{1nfQd-qoBk#vsshj
z8HSZ5kwaF*D{8t9>|}{C#rUihqC>E@+h&2aeWCwV+mjkq_WmTa%iqi$UmON(X3*UB
zH4i3?zW-a>-T%_|l<0rg_VA*&^){KF#p5LI>)Ef`UJgK02Wz|WF*TFmuW*h)c+6eV
z$_89PAL?WsfLjjWo$x1e33SUPWoqR$HnWD74m=3?OFeg6#4LNjt#O9wVim67Y>^9L
zRbJv!5u5Z;;ip5MIb~PDgI_q)@+`M0%@i7w3DPKR5)dbimQ-|OyA250=h8%csGuXV
z@yl<@Kd%U#;g?u?9QYo!SD)U##A$SjwYIE<hc0fm=^Y?`W(GF~C#=y$VuGe$G`a2q
zi9FvXk1lG0Kq7)mkB6Z3tmkHRk;lE0vO0qkKVNS*H?RBND~B%Mr>#Y$>yu<st<0{;
zmxtYJxXTk-C2|W3gC~G8j{s5td(GyqRM)8q)iA%Qf~(>h+`8qg?#ty8T^FCP+!cSp
zJ2Wxg{f5e5{)r=E?vT#ifYLW+0?&A>@G8I<QeoTghH}4q6KH39!Q+Fm#Gb12A6kLd
z1HD8X?X-mRAqpQ?MLs#MFT^)E8IDIa89ZcpTiI=_Rpy@*w~ej6jt|~NZF!y?P6NrB
z+0$bgH6mlrHI~P23}*1TfLuwm$uAoREyW}a<I<8!#`{s|&x<RUg7Nb_bMsMVJgeD~
zKE%41!5(uQiwlN9k|Inlx8J0|16KhYCW0u^m*M}G(=BBTFp&Z0bPE=1Cob%8mrI0~
z7%v=&>1T0ON3vao5|LQf141z9+ra~Q;{jN!hp-XWN=cj?4kce5q_b5O8OAT=c^MHD
z(LT2qCRTSUb~Nt%s_)wGxZ)_js$1?oXVur&)Au>8!!R%{B_ZAptUoffnpRVv|KTa?
z4tGPaXA`s8ba?IlyB=}jB+x=4J2uz82Cga{5Yten-I3}Z^_xl6&GN_ebfO8Ikds@1
z&n!etOoQgEaaur-4%9CBeC5yG8ympFKG1&d*CnF8yN4&lK+BDOI(za_X4-5?wFWq=
zyWvT2V#Q5UTizLe2x^UmjBw<AES=RR0+P?BvB3C{Jpki^x|EU7dTUEDP%NaYI{W!j
zI3uDpS!J!%;z&i}gDfV1u{caw?#8{^QHYzHSA4+C$`r%m1HkglaA~PgV>FHl7LRBi
zw4Re1Z_=;hc~-2@6~U6XPmGmvqh8)@L3S<vrVV49LJq3a*Su~RBWX`ZPtT`6zyG0U
zh<Mk-Yf7^$>6U#3$LdkZNj^$HRL50%Tt#1nRAEXN&C@`&4wM2JwTz4pIM-f1@x*D&
z^Qjl-p)F3w&6rWv)+2T3p}i?o_5ZN5c`2BkaR7u=&Fvdg(8)`|b75?y%@^k->6ASq
z#81zd4w{XnpTGQvI<J*`^c?3d7F9`q`#^we@UxY*utQ7?qYY72RZTl#ufRPvM~&E!
z;;!5e`E!Ky4B*qp6gOp9P>%;vA$DFX!LJX;MeeklI8XaM*4)nnBG}w-swuWspr;p1
zB>eza*lVip?Nm(#5+HibT6NKbI_7&)RcGQ$`CFq|zfopTeTPj+-&<_82=KRv%p<R9
z&T$#p8nO@X<xg*N)uEQ%dzxf-U!JdW6fgo4N;RXG@cq;Y-1pOFWIc9>4`%?KnMJM0
zl%Sa>E8~jO|Ax*dDu1Ih;9uyRB7Nfp0<Jk=&!u2;=e>7_LLbNy#c8HWj8?@VQonIk
z++}La@{qiXtnKLe3|Q-@0E|-3-j0%Dt9t!^w7qk1WN)LcJ&Gr`C)UKa)v=vSCbn(c
zwmY^xv2EM7ldtFZzI&g&&sX(*yH3^lW1*i;R#tU)tt9JuuKRu&Vn%#Kw!hj&k_&WB
zK{8P!^rS{-cYPZxJ=Y_eb`T4Oqcr)VGHc+v$=sssQU;-&6ud!yyE`YLcm!uARZI@>
z3>)~Bp1TWGTyl@3-1AGO3@|%{oklK!iHc%GiekAq;nGUhWy>`n6IdKl6O3EY2TNN_
z2dH&t_mGs7o{Fat$8^0q)v!a0v|@9U*2X7Ai3@mp2*jbOX+J$56AITyUvViYBl5`A
zd&!3Jt|_&ZN$ywxB9-UQYyVQ`co2ws6dwBcXy|miExfm_wQMb}9ViNnni^3--%zl*
z34NF3@wk1$AFv5Hs+xr5z=UU8z9pgcI=&J0dVaeue19Cu>W9*0Ib4b>e72K0zD{(1
zZly3;oA9_FxYDToXx{L679XvN2~)SY)T7439TvmtnxXf+k;qf~R{4IiJ+twq-Ejo^
zVWOH}aGPhco=&5(Xg&9xvfMd7Fj>`}CAfL^=&zo`^a?ZLRpPev*N&8}p_R!%aV(`J
zmM+wRP7}TMI&Do{P7;D%%^Y;gJP3?W8Q3snP!o2U(i-NJ{dA>N{KJ4Oj>r!oFO_;w
zJ|zx+R;@a|XZZWQu;*ev*Fe0-lk9sL?}W8<$Lq?saCXkRnTqy^<}i`>$?sy(9NmYp
z*ESAI!wE{P3v&fL#b-(@A<hM5NNgjyH0tWVvhsGW`}!K&dBkg9uLCq8NQx=rSxu)U
z87vDw`gsfDco1mMWG0e-7{~$Me!tHpf;yi1@|Tw)oIK}Tgzx5sl`oWJ+<JKPt^zwS
zo?)NEUT5d_!Y9#N@YQEsR(L1ja3;OrVju5rjN-Q6!&J7hGdF*VZTC$$h`+nuo!;eZ
zK0pyUi2yZUlr1B@_D?HmGbKmrvyvI36c_EC9MiOf?Ef?>+$rFqNhLua4O+5vQ|_tR
z#1#k#)<{x~&rj;)Ynz8CVoQHGOJUL|A#qF0iQ20;bSnU$yXCuM+5O5;<#VZ2OwlS0
zKT*nW%IAEi>|b3!w9`_e<-jH3$@)@9KQZC{hq^aqqG>4WC0xrH#_=$`iwhq-*RP`+
zcCp#c^gR6dXY4yH{Rj-cD;KvD0XMCEaQAFQ2B&O?=exN&UW@a)DfGe(mso#34@}Z=
zB;qZ$eY4<W#d4A4f#Q?Y-nlXX8e`y2+H<P;_lwmGT^GTma$SorOC|wGu=iv8derte
zv>A+~T?y(xU=U6h=dOqpYCyQcVXrP}#lN?BXQ*Oio?e4ONITQ-FW`wD?wJ*e$jolP
z<Gq?wu$$$k^^@*{iYc$Py%$PnbTgFhj#%YJ_DbP>NgQuCUUR-JOH=T4(Y6*zc4p6T
zTFN`20_28LnOlSlX)Tes^l2P*9UR`}G<C@sCB<rDUi&+Dr;xiO#?+YNE#{K>ol{K2
zaZ8KBNG`|A{QgN$Tg=I9y?0E))@-uw6{de6mBsB=g5#v5h0<1c1w6BJ{q{Zm`@$ur
z-onCu!Kk(}+3+L1u-ZZN%J2x_E_PE9eE~DPTGPp4dK(WfDO~IK;>i6ZWh-JMhgodg
zz}1MFLf23-OBDnvq`J(gfjKsh{>>58lpSDNq&#Vex5R+yX<?lswKi@aHEZk94R+?R
zH^M-YHDxmHc*!>KR&oEvUo7iW`W}<|MBP%1;-cEbkWlLB@8gp)*)*2plw*#p4vrV8
zd6=!ViW2j3wUDi&Vmtyf?W4jIWWbwX`zw-2JCYFRQDzw7l%&9+vuk0{pyiiC`e}B(
zY1Ve!98cYMywC5M9g4iPrkbvMziIWR$&zMBdTyY&<ZA`wtG~!suFoizq82N?ABFYo
z76oL`r&c_UD|ofBB+7&ml+8RCWsDcT3Rfy7Z9B!+wR<zQEC0AD6YH#N(=Aymn|v^(
zrE%9k?^v^ssF{)pPa#pbJa&JaT*OT`ZaoqX#B5HLD!Jj7G<15+{<F5|q@e`>`%%2H
zWSJ}A>9{L_DU$$g_EVutPEEr|o)Of(s|NlOuCw!#a}=d3;e>fa-EAy8nPqztY%-=%
zT)A*M-um$<xP%J^oB8Wi>>zGnl6M{%Q4~g8sQ~LM++H#+3cdI9NIoNwv5Guqr4o}S
z$kg;xT>eT!0Hf4rJ&_99m5@0f39KXj58(&aLjkh^ro7*?u@<5RUL3D{ROvUhy1QMg
z9&>ol3wG=#ad{ikqNV2F04GjB`$OZUuQq~<zbIU3+f?~RiF8b&!<ZsV$M?vd_V6Nx
z9XQQ+7L12B(<exvM{ti1zDa3g-ZTrqu=CAS$+EJNGaMMnVWtfog$!@0<%e7kFJX@L
zrJ%4U<n6?{F;dI|ja_z^f5KhM(?}_vheIi)difM+rX1lUi#O{v(`&QS&ivA+LN}C(
z9NFe_KB)S(S9WVF2UL02j~uo=9}1s@dp}Gw^F6G~ILgwPp1=ehIYnYShKONpLis#c
zM><#rZm_19Gi?VkZbr9qdWq4FCrFQwRquH)eQ-&2uupYSw;D}cIANzYzcJtbe1at4
zbZ&1@@GKmBFQ=p^)NV2V*iO$CC{cm`YNNd}81jb#ZIP&ZPvb^Tuv!f?w}59A8Wd7Q
zO-bf#3TN)^#;NVFPo22&jRGUsrdlzB07dKC*SDn(D8-6n7K>GUof?Xi1knd(v>F}c
z;y?6Ptm+wxpbswD`$Eo0xQ0_7Xx7pp-sn1%E?TItkWb|CjCcQsq6SR5{3UAw@3V4P
zw=AV1^_O{)?lc^1R|ummB&lBczit(*jLBTuIc7>&g7vEZp^rTyH>*&s*)O^o^~+Fk
z?MLrAPA)id+}X*T&tmBx%NIDpH%1iK909h&+QU=olJw_zl_0MwOf@@U?unUVZh8hk
zIfbXV73&6<-Zlw0on&2;UaK3Exs?&=qNr)BzDkl1clmRCd{ZpTRdWt89f3NO%K0B#
z#{%|;?JxCyub_IVak2X6A!o3(b4t}zt2J;EGoXLCa<1BG2~N}ciPVE39&^puV=P{t
z4DZt`eAdTR?S|KT(9y)P@I3~%`eM(`I5Ph=VNW+}*+>18^F%!zdmUq5k#3H1db!%=
zjNjqGU6x9e$OfgDR4VF<`&&~>esM#(FWm+38qW4|I%hR#!zG|a?^wA3>_qi1z^%`*
z(Ha2(T&dFnI}pGnOQ1da)zJQOw^^R{bla_sk;#!7G)Pyl_MpjU32?u2WWvN;$MybH
zKF+<{8qUSbR(`g`QhX<+jSEkSj^$XUHywQ#p!~UwZsG{FmDZ&^iuUCMs0ti#PjD~{
z&hB6D*fi<<nZ1C8L9Sh4w}X`sG-;AyCSH4uaIOV5*)i}U_r+S?&wfpl<`rETDDAlx
z@X#XM<85CGEY44BA_)T@Y1qsR$m~hsf!?#E6n|D!>U7@Ya4jY<d^3Yp98tMN;oMGQ
z(&GcPlis378IejdQ*|eVO?G`=J_-jbw-53D6k-`D*2BHFy;yfOWJ(=0+t*PMz;v_A
zAH8a=jVKXb{Ol^>0_1b!!MdiK%LnU~P@&16Gswu^{IAqj&RQhZ7t76n>Kn?^|E^R?
zafnN**a_I*w(A|6myn7w7-l)vXp51IYst!Z@s??V*lw`Co8x)zd%+g6JpB7#WE=Ty
z&xqEgeZfvIc|nR;48cSZnUl6&zCo1CwMDwDhJ-98P}UHt_4|t4S14KudDQgci$jI>
zmn2p5-YjLKF;GC;3${GeoLZT0t00S#)7^_o%y-hT<0a!|yP0LDE+>D>(Cd}RhGiUp
z8`G08(}J7_Kj9rAU({sra-Cv|RPYrn?RdkXfZgxbNQe+iizVp+Os6+x9V}wS;}EsJ
zG#+p++>r>Srq@uV(Rp;&MpZv?*kPAapj`GT+K0W<%n=1_L1-u$oS>ft9*r)YVx(Xv
zw?5);Io5%z=WJr|MY|rfp`pmcdBM^=xo)Wj>)MX|XI<+fj9jK&Lc?)~s^R7i9#z$X
zBV9%c=9Dml=s?%6QoW-?EqA3Fd=$I7*hPO*zr0C(Lv)_e{F#_GQy}&eK84HDeF}@A
z85ofG1Fu0FPZL?D{<myDQT4nS6J4X))LU>ls&B!(-O%_HD*81(HtltM+;J$(-Nqx7
z$e~$|(-SLIK8|k6p$+FWVe>Bzp#pwEmG99RQ`)EF&>?jKNs?IZh5)U@i53Gwokj3m
z`f(NjgjOvRX<mZz;I4tu-ulSM3HpOxY>Md{`iJ^pg%`5yri&(!2-X_6qwDirau94@
zXpP6dq%iV%qrh(kWMR~G0@8Te=!V9X@SRy=!o$WwN^r&=aevZPCWS@Rk%&mJrI~Mg
z`Ky(f(*j`OqA;pCG{=tqJ4}f*^(Hp<RSg!os5xUT$Skp%4KL2CMHG35v?Y*3LBHUS
zY$<-hkFiz-abYhCdV+K#&>jeF{(|q50Q;9}B;xPQjdJ5WT2%hHEq#@UgARN|M&l|J
z_ph}}K)!H0qdlXK>BS6U3F|oNFsr@mAT_}A%ul6TM5^WH&obw6xh1!6eD0f#YP9yH
zUi<Ah3*7rp?<@HZyF&{|`2Qn*4Qyst{C|jFh_M_e1OF1gWFMOUyZ8k|KldNvSGwu{
zOZ;k(-K$w)ddSMC)*7-ybu1BC)sVz7p5mqdS|67A*@DW(fxhvNU={MNuE70ll&O>Z
z0|W6hWFMuJhkf}t1N#aGh6!#o8{%Z14%0Q)l+?h>(P2ecX<;vlzULTB=G9vc_rz8^
z4@y3T*1VKhEY(9vWAu-}ex~4@&!dZ_pAFj{fBx$4fc<NHfu?!)|0`DQO7ZLH<JaDB
zg24VlA8vn;if8o;K7#45@uhD5SIYZ$teV3=@5&<twjlD%+hxf5_kY!2_0)NKf9Y)4
zJdz8AN9EE2g_1&`61(R;GB6wDBAFA0P^O<OLT!{D8I1>5_!34rpuT0ZSHon2!i+MN
zu(P`n71?~DMc)Z?x~Dvp*jl<0)(ZkT^-4D7yiez!Xe%3eC+0b!HH(1^)1AfZF{^Ec
zc}41xV@L}-Xu!}DQ2kZMVPsO5x?kudOZksI5i9lox%?%~NJ!Jzfz6*&^-(15B0EQu
z7Y=DY)rPjvGTmStfW#$XL${_FGV_0lFhl(>!d!D@SAMOWqo@1d5OW3zg(ij8<^Hus
zE3!Ryj-V!m&F1&G7srB8J(rothEEI6J+fX;m;-{*Q!MkBe;OV00~od~S~PcT`LO!g
zfKjk(QCYBSah0%Ak1NWdI4xBb3!zMSt&w)dZ|udI5=3yh39$)oCgpLExIJ?IkxuJn
zP8d0J(nNK`HvaRRQIoC^NF3c_lsm`RGFWL>XcCr;>ycIcf%AEKJt3@vKf}g(abcf3
znKY#S6EKh9{tGa#>e@zTp(Ok^{h`JV?UBaCqqub*Xa=4gc=)&r%bwmVak^namUO!7
zp0LgW2~@>=3`Q_o`kX<YLUw^{ZjF-Uc)K$IYP{;VmM-~1whLk*brhvU(H8hrMtl7s
z#0KjPW?Grm0&24tJBgiF$+KmB=*#vTfc%E-pt&zh&v+!D#w!Z_C^nV5Vd)Yc3x^VW
z<R2sQcWF&LE&eBl<ER+Lkc)XjnW`VJekC!kH4Z|^RKTF5!`rM6j+1CfCR_;fW)Mlf
zxBLgWto>!m?74r#(yrbAk-`23so{Z=hlu`#ng4zj&KwWG+{J@E6b;9ik!hP$+!S1O
zGM~aqm*gaiu-a4)KZ;=VO4h*-@PN2)EYuEBs!q&yt$F@y8cWA=YhI2J;yu`+5$S*<
z2VAlN;qG!}yTaO6jX8i(R7^96vZAeRft;~>7RLiG$nY+fP!gc!&~x%LqMltdQae=I
z!uTUa6A&IYkDsTX1!}qi#vFfnhso?e14<{{NMrEi+B8)Ao@xqc)WVEUt-*%)8>;I8
zsN!RB4LESy%P_-~FxhL_ZPl^m9%}CLi*tgJO8136Cyy<g7Z3?|54i`?F_QSOGm1-J
zv$k}eta?ydg|<ws<{C{EYQGei6wGstGkBsGrkAm){f6z6dO`h?6`|}O`N!4T>7opx
z9f$k}cd}*L`!6tVm{Ev7?w5#k_=CLQVzZgN5{YzDJ_rmY9yR_@(EgudTw^;r366hK
zg{aHAWI(Ai%{lpcBNkYYlf@OgsosriJ%O_oCCXe}%6TX{xKlc8q^&yRpwQ$MBbKQM
zpz~&5(C9rCPd}CPI~Ca{Dimvj+x!~5N*rDfUoXwb@YzcaFK;Vs^k)WKm^e5Z!a7)J
zeuHud94wPVB(5PcHkRxqKav=3map?89;e)s?t(*l5|$`^smY6MR66+)6M<C$hpa)A
zThC<@?t_HAUQHR~N{}pX)%q*Iio=P668^b;`}`0l+<{TD59pvbnk)41dEbHW>gsp{
zkEFt!0cb8YI8T>3Djd+)GUQsVe->ON7K5*`v`Xq|4tBiF0XAnhuxy;JN;PfPw;0|R
z9H6v>1#oXPuvZar!X>LY@hHta$!(rbc;)gWUNA;MS4X{L1C^p+=KG4|HcED?4C07b
z!v3zD$Fa#XFj48#is;h>vE?c7K5gDVzbi|3iXzbk>uujgd!>&sid3`a=q!i(c!fi7
z`X%dIv5!8V^+`DFWd7c8N1&SP<tm4Cv$m0c<D>%s!(upW%VxNH*~=NURMHVHg!vEV
zo@yj6rNe(SWRR_dh=oEPVT{F`2@&=EkZTvq_pC6h8jNAf&)aJr-*4&<B8k{<Y|snd
zCTXzMXmu&EaXLP3Q~m?p1EPL8AnF&b{Ym-o?&q(7E~L*?;U?awA}s$cKkaXjTK5i@
zE4-@i<xy4g3x=GQ3C{)n_-p2{i>8*6RYz_n|ATMAa#dqWTi>sgg`k~-pX+)Z+w^v*
zM016xN!q6corJ751hh6%SX-LXzj=w-RGrE2ZAkk$ERk_pD<_G}*;V%icyu)Z^O`g{
zP}*=Cr^qh;SEAF-a9g4J9CZv{bhZNn1#W%q`<z27p+C3{eDR_l>pXJH^mzLk(}6`r
z0Xf7t4B4*GN?gT%ypLzjeLmOM{xCF={hDvuttbQH%+2YDAmuAsi?(%J7$k(vA^}||
zvjZLPdUE(P)YUv_W)V_M`OuqX1(jzjtl+~zDww%^U+QsB0M-wCmZ#Rg+q#KV5XI#I
z5nOa^>zo!4V}=0{<WAav15lJ&%O|uVm5YsRZSL99D3B2bicXvO7j4e@JM>R@8h`uq
z-z>F%2BJ*y4cea{V6XojdNw-=zIgp&EB*;|fvYk4YR+EsxuLD(e{i|OY?AdO`A78<
zVcHb1VEuQ38W;$bL-@eVRe~_M@e4+?ET>C(r?SB83ywb?m8o|xoY(Pp&~}i;>zE6)
zoebo42tj4$E83F*f!$xixJmycsDV~%AgVh8LdL&|zx*}2!kwU#;rc<5X&6%=1#In~
z1T|2?8t@<8OURuW<b1LGh0cDLLA+QX^b87Q10C)T^q~r5{sS!tLdgW}pUNgr)Ib^`
z3CKR2`9u|N{@?P`{!tAFTu@Zy-at_K3zg~PD##tP{1a-5^^cS$_Tm6aeRE$l_Q=0w
zi{Lz1LVozw2r!bD>w9YumpE1#Zanh!m0UftuCUVdlo*Z$0ul0FN~1O{RsI7ke*iKS
z2*i%R0*hvc#hWP;$|`~Z4F7=TiC8+<N9p6cT+;{3E8UB*I!+gmRN)NBEO~D|Z>6}a
zr>UAicsYHPJ@9X1b#HV$=&Q7rX6g=sEVZ+<osOqNR3_B-#BEA~FE%C68Gdk%&v?M~
zmg>zEq8F_kK?+GtO}aPnP*Nl>rZQoBD|7$8o;T=3p2t3i(OF<N=QdJR%<^`NrapJ=
zSuQI-3ow_q)yC_Or26o5jAUkiIJ)({PCQ1-w4F#^I8C?Fqgv2-eHAydFUYWU2mjvZ
zT*!?db!A4138bpQkjX4Mkm@L`r4<}Gt&1%wTL+}5%V@liy$S37=#(e75#K#!a_Jef
z3HQ_=#(+X9iIPl5Wo<I}f=yj2;J<b92glsQpNE?+eWv&PEliT)X4-ZG@#it0->)bz
zn~Q}_Bc=&6pGw9W;iNAlKI_zA7Fs9qd>)}qD^J9Hvi^OXu3RM~J}411x?6JMfBUG&
z;cd&?H;<^AS2=3FYB^llfDt4)&jc<s+iFnQ4WIQv_C{Z{=qX&<bJn2m5RZ7aZx%P$
ztneX~&$2}Lu+i>GbXKF~6Oj)zCL7vT4}5#A3Iz(4I1mhLGztqc*>n_1J-Um2X|wqx
z4}p}39@rhQ5iL0B2<17lwQzhM#O7Fsg*rWUw@y6@w{a$*!e{P~yuTE@r~ZpTYzQy!
zgZu5OvD19KgM<5RYieJH_wD|6p!|7@)kr7f?f1vcN^R}T41T89%iRh3glDc%=j)&2
z*NFEG+CtuFBVHG1cFvb$Uf-4_HOTl7SX$O+3w$EEc>=Q%yKA0D5vrx<qy>?Pu`7+#
z1p-t%gl_gqhmdI>&vQPaTWWYkFi;!$z@bQRuIuZiE+e?cFg}p07>_iaBp=~82zPCv
zK%NtCKY5FLsfors_2hla?*%-dtp1CeW!u~G!>WYY*u5jJf#{mUJt<u4E3MPuU6k_t
zx+0~WL=I%FK~YtMLBKcB{m~rG@|#KMm_}g{WXdn419jn!G?rp6q7LjNqX=U#xZv62
zei7B9zWG#)s#$9I+w3ThV!`YC<pV;0)_77ecTD*1rT&Y_#3ICjQ%2$ZyvaXT5<&W)
zLjsUQJy1fgzb*q9lqIw7Udr}xQ8tNwhGmmV8_m32XUUd#bIsRvkx2N})A`qBQU-LZ
ziCeq!?NXQfJ8&M)5kmk$E)$!(wih@Lwoe}yapYH{wF-~_l^7;cm894YW-?bYtqeR?
z8dqrHEP7w5<et~GNRr9-hNX5Exuw83j&r?iak2mXklemi8-}e0<4G|JcP8WJ5>q96
zclN!acj>j|x;X@$Ze5RNdVCVcE@GLUdzsSW!QLgNpM6F<jU)EhAQiQUP60%f{ogd(
zRvi~AC|tBx>VM~fK_Zb*b8ThNYF_TLFP(`Ib_h8b=&@`55|#aV{x6+LPX?qjdENd?
zXWDjtxkWH7e(&I}80Z(_J^Vu!LAU+$1QM1{LaBLZp5k}-3Mq74HkBo1Es_`aQ$V*b
zNM~a3>T{r0u?qTKC509ZJO5W_I#0qIkOo)zCn*e<myK1&YLMVp4NXQ%-spFVhqjQ8
z`XM|Hik*qi+IoATLzNUWM*im|TGl0vK3w{tw+th`+O*C!f-_SbjPGl7Pv*GnIa5p#
zDa--{7;$@dr})gETQ?>nt4y5?-P_JC-;!80Qa9z(x}WJpP+2`W9PEgboAWljw$Fx@
zNsQ<zttpJ<jhck6UsrCX(;R7>xtUgOQN`ILcDUXvU*wmmh>7h=evmNNbDBuILO^lM
z@#EP}xJtAs6L>ubTfxo1se{OeRZg9NV$uqa+1l+n@oMe|mukVl$75l)$fA-^dYU(y
zTiM}-aYwhtab%JZWyC*7xo_{^NLc}dl=mD!NO`vHAEaCt@()t>9sducJb4U4%KD(Y
zR*j}p|3=Er|3=Csjv%DG?DTJ>ydV2r&kKZ<eN+B-q+I_WNSW$Ck#bX>@Ex^`=)Bqj
z)BDI?n98-?^kpf+*j45s0tK?M+!0@p^6lVbG=TjuZUWzeCqcp+Xo^m@mxJK0v%MWi
zN`4>@KQ~R~qZT?+XRC6u80ZY3a?gmdH_nZKXt9`N1ma;lg(Wc42j`g?B*ip(?WtwN
zp{uU`{Jy8dfiKcFiJ|Lge6W~&$gDURbt+;}DiXOIe++3==C@yYK1%$Yu@_@h5mIeo
z+pG}nyLs4!YP8!`R5bfNR=T-5k)?c+xk6-2$xoK)(>)CAM1&CJXn3u<Bc7nUtqHHO
z-)9F|%&8p;C0ty_N)l62{}}Dot5ZTYd3jz`{wyO$cg0f_yqWGjg=dMgS;}upAC_z}
zG;s%Q5hme-XVAy?LI$z`AGR5T#t5XR4ODu!V|T9KjU{2eNdkVg5v9Gi6=7fv>&0(t
zVcber%BC%=<<E_@fSSSta(ErjEyLH5p#6i`(?gA$Agc5@TKtnN)-M;GuPcKOOU^Xy
zQ=0ZgHc6^XJ67eD&)Bh*Yr9?%kbMiU^Y_lgk!CiqrHz*weaCrz4rN}PHL;=`Zc>RV
zHTyp=wfYtvy%{(5Mw&cCLh&yOK1?&z)8f*c?dw_IY$`c5GxUshUuw1MAMZmm*zD&k
z7CA<=WAcghw!pN|vepMIE(^;~rh4&)i|sszVk}p5g#&1OfPGLjMu0W01Ve2T)Sx)!
zaye;WgD(opetM>m6{pn$tc>-2#&o{+GP+3#A7cN>Tg3J9uuUQ|gWMu1(HC6j2>bgK
z(t(<5`Mi=PZw`l<&9;Of4o4eW-2%I-SZ><fSDKwF#tfvccVp0>D;j`vy!ESVSc8`_
zTvS%<x8HMucckzi8!phZ3me>T=kzUN3KnRCCL41p4XLHn-C%E26jZ}Y?5=`pu92px
zp3Gn~v_;P_(2lC6_jSj#1^Pl5Z?vTk@h*pq@R?D(EEQa)+*Y|LpEq*IK&i8$GTK_X
z0wGv4_<K5esG{ZUJcj@idy&$iyr9M=_vERQAVbwaJ61+BK`mQdlq`6>L*rHIPi0kJ
zSzJ=sYDI%p(JNX@RIWvoWV(7C1pFC~;UQPp3KZCns_%0?Ii`x$2-jA}o26h$WYUD_
zJ%<FOVkrthnYetKJ)q;->bQGrx0ND1X@BlYA)wBUw6#8FBLlKtrqXPO*W8y#q&4lb
z?N7nExkTVeQkV71+8p|DWMs{G2zDAPC(b(s=as&*g5_lGL8XZ23ka<fb+%)?ojQT(
zR$3lfHVLvGQpl`FUt=QY{{(PsBd%p9O=Q7RAQ&|O`XAhe?_pkcu-_<d^V{VU1aAEg
zz>M+=*!Hb5{HLy{3e%*G8S2GM-Au_?OrE2Q6wKo2Or^`^K=xfv_{E0+<2ALXTQ!-?
zmF5qJhwqMs^F~pVCZX_iOLd})QDxH*Naigs{tM>)_3TqiGI;GP+8w#P6TcE+s&hMR
zax&?&;{>k{H8{8_FLdLL^@WW4A1Vi_DT<S?>ZQL=ldN1F(Wg$}uVot<up`4)@o((d
zCL&n)WyYSko?p~>!ALk7I`rlifTT1HLO`k_tuuQKHi(R_$u!o%o*Bllq_HpHm8gFQ
z>4>6tTe-XJh^+Y)vK3&2;~a4K4{j3HrtuBhr&EXZY{4SWFhhqc=ggD-4_N4kEL%3n
zC6b(p!4Y>l(335`lm@w-5(G#EbvgZ?Cip7@H@Lm>$1-Sazr1T)MRrUJe-XVO{pHvS
zPcB*phLlhF`-0hzTd@vDxR+_Im|EJI&FQK8y4vb$<-?GMY6JxgzAaE9(;)uL!HSz^
z7lQWgYlD%iYkpw(jcJ&+F<Gg|>yb3<Nw4;6=i#ow%ZN;aaqSYui1Y`5mal6n(g?Ft
zuuWM!w$Xp=u_#~U59X7l6DU5XN_M=Tlf6HLDY<wu`W&r27WlJbQbAt-HQSW;V=VHf
zf$^tT+BIf7VJ~Kz8>Qv(iADEK;@Qf3jIxqcNl@0?dF_N3tEW4S89BS>O9{=x#S!y!
z%g_ve*?46_f<C#K(jNZkZ5Q2zyqU5+vPEIuX4P=DFzaKYn3^jTP<!Z9-n;nDM8Z@3
zv&Iezvjz&Ie<fAsoNsbtGNKz`okyfop&*uyQY;05^irFj*iZqRQ2nV{2JbDa_Dnvo
z?ld4L+>_Wz)+%lWntM4n%o5_D)RdSluAvkFntQN*zJK>Qp>3Y2+aaepQEGg^ef)`R
zT+ynmOH||blzKcYoJ+(Biwg+7&Dii^6!ku#dHETQ{2(D3zZNoX^NW#RLH@jt9sGn?
zT|nwAV(EOaI(T8|S`(7$?A-k5biy+n_F>{U7*rD~xg})6%=lnNWIeqP#De}ngvT%=
z^M@^ht!76G>_RUpKwQM%A)`4DKPfksF<~q9s0wfsaScrBVJ4b|TSoI3h#d#gubC>(
zA4#AtR@9j8JIae#lk8H;WwBl{8=X6}x+$|iRH+h9IPA=P_kks)BXX8P%8Y}aJA<)e
zsZunhA_4u*x}OsYQ4@Cf-q@ySt&F%wFUwCzX<(#FRX_p^&o?6adL$q@eY%<G>+*&f
z(t?M9%G##frv(a1cHmOFPG?Q2(Xc1D=-gjm(kT(B3@cMYZ3kkama`3tXvA$OA2h`J
ztr6aEb)*;DFf+~9T-b8vw<#ON^##}fFhR3?R-<=emvvLelv8Eb-PegzM@B-FZX4zb
zhAo|aHj3b_{o{mE+iUf*H=eSYhQBSKPAQZtd$+?HE6pE+r$OyR*412(FTD|HEoW$H
zHkUdXRu$N;ET@_5M5(tJ95@D@PmWTrbP{qo_&}@uhR}V@my%gYx(jF|%?>W*rd3xM
z;Oa8xIVvjn+BW^tArKXaenHkA=Hw{xy+Z#Y%*mvX8Byb6cU!4e6-pb01${Pi=sF@*
z0WkTrt&-<d9$Q-1`@VS@`t2u!;p^doEvusZK&+FKmDABrh9|(1|JMl?hmcZvV&$*0
z($cLb;|VT$Wyk&q1q6^49{P;GTi;>=U9<?gDO-c~oT2TmKKS9k(H><oaEVqixTM-Y
zmyuG9%rY$rx@>7PLJY@5oq(}sJ>S%LygthspXt!LHBX#AJqTsFbC)`8lYrVUI`m``
zSnQ|CSLy^Z1_sbaPMPV#bgR)x+6yq3q72sV=_2Qiu;YO>JVFKrBXN8*R{cvr>nuEn
z<EGT8CV6~XcJ!i(T`PMF?D8>vqDrot78dDW6q)-45oB~RAn!xSO*7T{D>`JXYUjY<
zNOF*Um5+>K1mO9{PiE!o;6cisIaq+DbqF$nRc|Nv>q^SVB%Lnod`3wR#w~6>ocqcf
z6ki2)(vGX~z#lFtjg85$e$2GV&Byd=<8=BzrX{Qw5}<oq({2%{rD84;prG;VqmhE5
zv_!$@1W)MVfri5bJexJAa*W0FmzZ(NG;Ok{6mA;U?uYn-S4(1kV+P~?9eb>>D1@MG
zaGm7o8JNn~coY)3`m{z;7eytMHvNP@DdRB9CC~bm1(V>PagL}B5`L&I@19*;$nZAY
zl$jH1{AgXOszYMJoXOrrpd30j{Vr^^*C+))^h>ou9p6gn`S89uVMS+tDSx@J8`fZ8
zpfcOwXRYj&Ajm*2S-TnbI4c;}pX!`{qOW=Iybqt<AH_yMcFgV+!(+LJ?=MQ(K{XSU
zQk@)5m#~Z%3oEZ?=QJ{_VR7N+SoAp-I@=AD$e4}?SJ`luXePbi2_LPM+iSDGQZ1*E
zI*ASo8PxI=mRLF>Ep6vQ$?_HdloC^fJS^#))Ul1?86)d+4!O1gc{{iWuE<q1D`xI&
z!;)2OlQRT?#u<p=v{BxnuS{8vFiv?s2eI*ew_Esv+TirIi8^9uLS8PGfmgJt#5wmD
zsfwf*f01IvaI7NO!hRv%bpcay^zAVQ&n!<wA<3tsHe0%xkvo2IXW1jyXKj<x&wGqU
z2Zb_($0Udj#Uck{f^W??q~Zd3hdeza*5FevaMD&|{&d3~N7Qw3t!HnFLU&cxEMwY7
zb341#L}x82g)Q-pPTswr>-SueGLSr|1%}K!p*HKnlfz}lhu@W0yJ(M8`UmdZ!ewj+
zp)qUXS5QI)(FQTPTTSK%n0pf%!gki;be`)Wi56ZB^97&H>fqVZ-^b{xm+TGA1mtlQ
z#3i?_WeJSFj>yC)aCq5y58`1OkQeA%3m+D>gya~Q^$cG=EAWBK^MIq}z_>^hK)wm@
z{b+;dh#m_3gbQi^W73BY0?Q)%s}I~a4umhb#!ovuR+vB7GN+Y^RQZ1`KVTW1<{9CF
z55q||uu+~-7F41#8HIKwCZ9n)>)#CJiAt2t(T<3)ZV>YGP?^tk6C3dYMP1=$?ki;(
z8{N$dqmH4SCrj~{OW;fi=WtRliuD_P-r-Ct#mfdmpyQ2+rkJv*n~a-e?=ao(*36Wm
zyTE%6H(^oFyA(3!wNu+hFk?8=4Hnp3@=7C5ZV&f`m7Z|?a8B5M<SeqG=f<Xe;t=r{
zU$G1rFa8bJ=%4cqMl&R~)Rdc3vbKfzV<LPNU03=?WtGlBo|BbUZMY)fWnm{s3yGkG
zNG;GbF}4ONeS*T4G*NK@Ll*4lP31IP)g%<hxjZ-Ro|%Ro*`LYuW2!^6aNf}AQP!j{
zr^JafRo0{g(+K^dsYTuG_c>1M^Z8xvfX`Ywd`$wDdz?&#;q~?t)!L9<eTfzO*`r(h
zR|jcgqr=3+-2SD0e?gt`^iSG~*=xu@<RHQ$U8)N|P3)}$B~{NvE$z4ImHsU(_kQN^
zJ_PlZMoL?VX_t8I4iOFawDBsOOFz9Y@dy2Bi4zqLk<DrU!$_~>NoxI}tU39|H87hX
zD7ja_KfcMnSRLquYjnRhLec<5D_kArT9+~_%5k)ZDs0+TW+xBv=9HLof3knf4RV!J
zd%cBIDq$C_-SB2{SLtMnh^jhR8fv28uS!^}H+kz|t7@OX7ndZzo_?>Y)$aVv`Oi+w
zeYKv^Chs@gLFP#xL##u-OxkZ8(I)@;3{9?*ZNTFmW<0`swA6A<rV%VQZ+_NrF26(%
zEmtCKQImlgQf$X5cC08IMpapo7~7c3VV2v>V0gOSFaw&>HGKz<Z*eaNX75U<6m<i|
zmSzh=O!J1{)MJ#p7?ger07xlx^-|_;T-Bt%Nmu{DOHtZLjl#N!^;5Rtd>NngSC+o)
zm9IkS#l4@I{}jd3Q1-jT^sB^aQqE}I7AhG{s^#I-uuV>2NgFV?caL9df{8@(aJ84c
zF&}e~+BGl^+s{B{M6<@Of{;_Zd@I#3{Or1GJot>E&oN(SLmY1)u)p{t<K`*inBRyp
z;v6(_x+Jl<P7#`H00>^$a&O|hhbLdJD>+}ntXr~fKQX9DjQa104&Mn+SJ>}{u0wHE
zk)5ItB+luwmC&(^r}vgnS{gTbUXh}BjP1j+nO#^Lj#)L_^?ie>>PQLie@0(VolTe&
zl+sF-B8x#c&$%qnf5zx=6HTKTcS|m@C@M<zeF079YRNJ8s_0lk!?5p5-w*R#V!*%?
z`qS={5o3zkE>i3*dSRv!XQ#XLkmcatiEQ7|P9tOWrBjStq41FY`8ICi<MIig_vP)t
zEBU=ln>}hOFCc>zUtUQ{`L)jCQ%C;T<zk`5Z1CoM{uPCPQB8b8WbYvEwmF=|wO}$=
ziAQ8dqSw>}SV6|Qdg%a~s1mcnyH#aX2*nIL)daq>22HxjiU2juio2QZ9WQ?08n1TV
zNFzg%MaCq9mP@XZdjr{G{K+)}ry7f0iFs1cXux&K8(|6_68DI4gQ>F%q*lrG9MJvk
z*6Cva!d<m2`)HWAeHJk7j!L;QN~{Ex7^j17AtL#r)QbminC2Ed2UaVow2d}r+vtih
zA>VWAazLOU)kFf}k%kbPD<gSVexFK*O5KbuQ4(9cSz#uC;VM`wsa><CdkPmDG~2@0
z+JeHG&vl_RavbIT?5Th{CRkOh10*+s2)Jc>X{`Vlg7;6T%zj^E(DBgk5?pbI!EZr-
zPljKsstM*9>A6U^IK$YWX3%=F&hN;Hn!Ku|-*Yk_6Mz4xeW;YOUG2|gdsRX}#_mel
zIU=PnIpeOwV>gbOmln$<6RW7Njvcq7Q#!OvR^n@gX3mS*yLg8u2KC_9+Z5**Lm#07
z2hYtlkzL*lAOhJEtC5jrNxaz;tL06FAtBgBhc4jtrkE+*aaHg8YSB8>;qE_u?n<{Y
zxou+-W%g74LjmbnSiG_N73M1?w`(Q%^mLyO*HuZ;l5{s@i}^&j>X{EthfGehbfu2}
zH;SmfT*nPo)!PATwjy!CiBDCuSVJv(el-nx76}FyC%gJ>ZB>PtbUkL%*lxScdjnb{
z0GsQ{2K@WmQ%q<tq=nm6tn2&DmeJ^mXZ1qvW;iaHm#1{DmNSI49nC_nw!rld7wh|1
z4sqwRGTYlvt;zD*1fNx!y_czNBA~NV0`+^qE-x_~b!@psBJtB7NU&4yDByL%MVVXn
z*}Z>Okl>>Gz!^b26$x|s`?XX$=jG31Tuur@_<iA+F;lZ2j0k(zKrhH#a}u<5SmU_F
zWzw{@+v2!9OK&rrwb*o`96fRVTE=J1yKDBPt&U~g;&t3atNfBSl@{_0(2S$n9h%a9
z#=mzg?cc-fxa3(ITsSA$soy<=kRyooqc~Fl%3+(mjZM@umvSW9Yk$|YDOb?8AJbt!
zSR^=~u_+G^M}{zdnJpjBeGO59JNeoatqVoD>FqOoW}R|JH5{g5r)+u*&5l02$nft$
zPcddD;c4cpJCZNG(+w2vgR&9=LgkZk4pCY#ZVRkd8dEMS!omzc>YLK3E26j*lY)cI
z-E5#_4<o!KyZien^bhy(<oGFn#uLD`zs=H<pMDV|`-mXWikh&M4O+s>C_dvbTlvCT
zkd`(SP0?v}r7tRrnD^Yr3tq)rN!!xnlKt|v80@=pBgZ|vQv1w@H)hniY!{xS9DchK
z8pmST9^vREBw#V@j<Tvp@Y;s}FZLtMq~icufs2@S@wd!+Q7b9|UB4i-77mIkkc&7e
zHse!6kq#T4d_NblmC0m`S%?gRU4DjJ90{)v4jD{<faw==^#W^SG5Q0Q7!}>A=zW+7
zU$tDDkXQ<?(5)l68m4DUF+#7bSBca>CXH>BYVw_Ja&ni@%_hyCs9mb2+=Zcqgo`IN
zRF%I=2+FM`-NVWQ?Q<U~fBUr5luuq45tPgKGv_zgR6r&oqpBR=3SVlHBWPG$TXd<$
z6K9e$3vNK-^LC+398K3I7oX(T^HZpQ8(<Dy1RbP^+P9V>2pg?gxa#(26t=v7OOY{{
z&9RO&D{<#_3qf<zN<=3ni7xlZ6|fVp!89`(Owe`XKAJPXD>{}t{xk=X#BDI*?;ZgJ
z;9j;SsJofejeJRP2ru<l>}gJPWl))VFMLo>%J-pi?(S%uWfFhPptv*C{xjsZl$S;g
zj98hM0D>n}LI)JvJe(Eg@J`1XkDh4X@yZVewbHeoXjda=sI4`!lYzzqzX{u!Sj~Gk
zzC-mQPxxSO_gGYf^PpWH=ZiQY2A>GtFz<_I1PRqAG{O#u1(H*DBNkn07#ZU?0(Sm0
zH|Va<be*iX@6o>Tq)x`37i5N{IY!^-F2-E2mc5W#HoRs>WIxtr-vt5eOcn9&{X<4v
zxx0*xdAp3#JbDlSo}FDrxP#Qc<LU1G$da)WY`Z5EL54B^qZi?0Wq;ED`-WGZhdQKG
z)TCX?Hu~U=Q52UBnET=2jqxc#f@1WQR2Sp-KQfB+^C?2iG)m|GCo_LLI&-qcs^OO4
zHF3m9QZg6NBa2|6w#W%^Nc@SM5}~#Za}Xlon&!Dhv)#sjZpJ`ZNxY97oJEB>i)NB3
z5fQxsoJFs%kHfwg$F3o&oa`5dmilYN>O3q+yr{QNT5)p3n&#0^i*gQMhs-g!ZPga!
zJPN!O3m3R7J(+>}Ipen+*hlRmIj%z2c{vcBr6MSsMKC_MReczXIl!wX@rwwpNG}bV
zKNT5cOnj$xv`i!O)_{F9EX#6>SY>9?JS3R0)@v4Nig+s;3xj^o=Ko|IkS{8zHLYh{
zM><YV=Q5p#4inL`P}yY%%=1Ve@I;BcRyql+a}<LvM@kf^&Y@u9`e|zkScu#XQ8u0A
z6(*2+DKtjiSi+K{Vp{b_{Q?0wZjSyb4N_0o7QM~w^|zI8F8>cnz?4{I-mm1g#u%=J
zP++;^C%qkAW9L`<&8`vSG(xV>@^X7w(p)JOdIE_2RSdKK#mS!DrOB^-%af9A)UkVP
z{tn0^@}j4%T{+I|P&ox5pX7**AZh!+Lng6&2<tN2Lf|oS4zm$Mp>c8^HxWbOf8?Ml
zBZ2BTab6B26^vCfOw_l+BgzLFU}c*44VNGO28jOv)p0KG`frRJkfvMS<X4oR1BWsz
zaOlfp+Q=H4ASYf0TY42+_4g>hTU=i%2DE-vDG#b!Nt{1C#ck$=Ibd^N8LwDeGKgPi
z0RV#~-GwG0urfYR)WQ#0Q~|^|A5Tue3Q6cSW1oW=uXCDT<0(oRqQ@{!=7(YR#7m|d
z%vLz`E^Gd51mSw&(wkuHjXGbn@<UWBD!*b-^SNyJsoIK|UY^FVDB`k<VazBe0Gyy|
zeg<_yVe4sFubr{85lQ%dB^gQyncywqtT0+>m=fx}zl6^CxY0pxCq-WS6KCZjHq>}3
zIn<c$J~AHfJ~GsZ!}rgFk$)b5Mu!@?#D^NgW360bW3AYq6637cgLwcOwp=&?dvHvs
zSh{J%%wK;R&v$8Hj33MRbeLM;%eW->Xw7A)xE|`l-50^Hmh>azkSDqEnC$5^yw3Cg
z6uk<zzz<=JEOsQtM!$Pp=*|R9DC0gbg4@K%p%md+rymZVOwQ8@a;XIuMr_Hi;JE}2
z3R*-qh|r22kk)?);F0tP+(q%XP0%CT&)8TXzejPww@Pux-)Lj;<mxuiH=Qo~Hk_kr
z=C*!?vL9151DM6f;Tn|Sw3}kUfF_hNGTQ>MeVmqrrhifRE_P>nf34+AQ)ZXX=1jRj
zFvJ3ta%$}oe~3h|(yT%_DAZ|zN;xrq-kpliV2yLpKzpJC(}lzmWd&{YWV&uzyFw?S
zwcyY3+D^K%!6})!lMBbJtJ^x#IPmkwA@KPRzCK0a;VA7+Fi9j^`E1sf^cX@hQX_Dw
zmPkFH^YJAreS=e6Lh;4pyv3y*fHcNN(4TG!y5l<^#{5P5Gt1}FhyF{X4D3aFMZ|#i
z5km>HZwP?=^6T?EWulJvxQbJ?;H27kf$P!SSHTKUk~rF}HtOlEzut7ib>=$KJVpD#
zU0(qGY=X^JUmdd$S_Cw0BDaX19-)vpZ$Y|W?pdFW9EBCCIc;K=hWZ*hx5KJ(dAq8k
zDH|lRAEGX<4A$>#f1s1loNSgDP;p^gV=JvP1FppHJ=@jkJ7!=Y=DzLBGrJ*wSrFVl
zo9LD6V`J%V!q|R%U%q+7&CqgL)g;~0kEGFYNErR6>aKmqW<5mhBu7~&Zl_Svo8B_X
z%HaBxVZ<B3B`iDlPP&$uC9M;EM-St}W(yV-oZW-x6wNp_O>)W;oA@r&lzd;(n#S8E
zBIiiPMv-O}dO}O2L>9^mQ_2HMpLS{aFK%zF-`pa`^VDgBD6e0C?n)Qq6ip`2v00Uj
zc|reXA5W<X!p8WFyDM>blPO@tGn{a2n@Kp0x6D<%g^kf$I~JqPzHs#UIz3l%0TSwp
z{}YGk!bqm=g+DpzjYCa)c)oXh<Pg@9Hj8{PnQ3$gQ<=k^A$v?voqEQ}?+7zz^=W;N
z(hNbA@u?DvvxVZo_Tnjr@*$N&QP3g*S{OrjsqCLEuTfp?Bs;nh03F?Ypk<c|^x(g)
zG!IJQH>qwD;mFMJzfLA3p5XP2UNol;7%R3L2yvgS-RzrAucIBKwY#jZR_fF~df$bb
z%~OJx$RI{(ALil9r8(!)&;!G*i%D&gkxs|jRHB-q^>7_S=F6$<#We2sU2-$&%81R1
z6J^P0Uv%zMIJ&K4n6v~j<RpU#PawWpxvMs-EHZ6KtSR%&fEqbnBV;T>kQUxhHf&S#
z^oZ;wx@{m7MS+uK%np1GIS_~5%bW;d7P8z;C4t3}pzWirNcwX2^QtR5N+C-To}^Td
zVh~GFhv3_Ti64hkO<=pMhjX`Y=4rsOU9O{`+piY%5|9N|QB2b=%biSv=Jnv3<4T9?
zC?(Y{t3`e%z%5>kZYoiXehdY0zQc#U)a)*elK3U=e0Lsyd5o;>@rk7E*<Yno5~`AC
zYmV&iKCd`bB_3#09P|zUj6zI_hNygiF0Asjv$HVFcLH|>yBhDZcp<wQ(j5k(fQ~)T
z`>;n2T6Q(Gfqw@<JD`;~pu+%k0gU^Piy;54+;gG=t)f*V=#-8Fu=tA6OQinUO?Axy
zY8Ub7NVdzafzCN2KdKttw6fx^aT(!`09|(yb<R((((712MG-#H@nd$c0`$7Hz84p^
z<hs%^zbPoF%+8`Zq?#Rvrnck)D~db-T5>W9$My)_^bQ<i8E`;|1P)wDxnuimwL)o#
zn|Kb~d})Z{8Gguue>Q()K%*W18hzJ!HwHajQB+K2dK`Kz@PG92E2b*pEcknfl8<%J
z>4eIwC`$cvJP!WOGtjx?&#U7X<K)}OWO^)lR!2=!oJT>JS34|SmTHk9)68*>Scxl5
zY4*@MB7I%tta9g%1nUe^^<hSPl4#2pDB2)!ty>GiWfN>xRX`>u9v*^Y4WLWCl{Vea
zy-)49QCRen-u=^R)7YBB(&LZ-To^JKaqoeWpKjIeUl-EZiY3n?CM=_<FUw=s?S`M#
zGi_~U$2J&M;u)%L8aMJ|(3}jnT5TlZyR2u%;vackcGrM9#xjti9!t#X>bYnebPs}7
zm*3N69h0AHpKO<Gwc%ha$9`&=Bj;rK(?Cp88SmxrgJpGK37OV*=O&<M3sK(6s4=um
zj)~Uhm#z}K^sQ=|ItjNvsH0OCGv3#g^?q!qnh=2d5}PCnD(S3j-6qJPq$!4LY}wFy
zjhq#$A!XN1xuJ%Iay0}4B9cTJ>2yCh&>Ne%KmWc|MO6_gF8Ch#GXEO)OwbAW$vCZv
z(6muX&W7x13jX^~R9YZ_V@Ck*Vw`85QZ)jyhcy#y8KB<TWYm<O!p=JZGkLq$yo&e}
zOU6t$3e4nSfqlVPjpfS*ihfwdw_z?poy~_9xjSFLU_Jat3Pj!~J7;;<o*2GKJr!+a
zodIm4Z-}HNZZ7i`F7G0Ejd)fQY}(G#K2aT$Q>u2}$!Lq}XIkH_$*#4$EF!r!q*wds
z#%(nhxKzNa&J1!vL9hrP2MOu7oO;>~Ya>_GzyPjOf+fB(AUpq}jLfM*)d%TM+4`%E
z3%(1hWT)Z-+C+G8wup@wx5|@k&_5#+C0j2-9`T6>jH8c}=!OqoYfqWpvWLm%t)B<(
zf&+e_x&^+UyasK&)igiOJUu<guzWo2T#S1ycH_VAY|Ef`CVxDx_4R?C(eZkjTRBPM
zoetCKFp_$bep{eD*oaHw<zQ%TdYt*V#4^12@wcOMxoC+;F!y?L0zCF%igg%V*2^WY
z{uJp$Xrv!P8iGLcT4XCJax`c@&%a|Y^PfnQ@3{VK^AmWy=kuUQlbv*<yPfdba2&8#
zUC{?AFw=n@Bv7PDnj>V|d9&B+VGg%Qe=@+yGS&0M>Aar40irRoM#(C}CFBk7qZHS4
zK-5eR-EY{O0>u*)Y0{5T5wj^ag43eF0bh>zbfh{N4lQGhIa2ti&qvWoQI{H&AMT>a
z{^bWe%QC~wHe6t3tlCGU?cfa+k84^j9`YuP)8G8?4E(tTT+g|e>v##x8mHvdKN@F;
z=uR5-9c~hE#zX9Q-8cSrt3D*FTU~?eQSj}J0f?Tr?}uK3<G1g<`15&iyd6VgB&H^G
zU0Eyxp&Qeww)<rc#I$Y_ory_nax|1RtE*&MXXBC?yGePE^51e>yl_Rn&c8cm6-T{Z
zlf9ntEG*rRka@XXH-c7Kv7H{iv7K59*Nu6*R!$#FyH+}nme+6WvVWg$1==4Zl0U7)
zb#gzg6do?zH!^0r@#zMHD$_pAcWzadea31-;*3Kt$xgqfZlxi)zMjkNjt`0P%i28M
zTt_~}ZT2c_W0p09(FRXH!0lJID$+J7ydVEzUGinc@Ax^z?l*vg()Y$q$TPPdMnmg8
z4{kb7)ZxOZUz%$o-^7Sk`@;yA&FkUyuC!D|hg)y~>{d%x6QLB}p8;=+RU&gHBkWe8
zgOj-`#p4+MrY`xaslZo}#NfwDM~Ssag}AWGd!T;$UWZR*C*EASP;+A9CaXdjmwFwY
zfUUFg=py9uNX}VmZqr7t6@8P3ZLE?lj3%3WpshRte>f>b5d-WIfdgGl5DkHdi!D2x
zmDC>7bBZF4T;k04Pno7&QNf8MLlkKFO`?q`t=fhzuBI(XFfQY4+XF<ELSNhczKP!D
zAd(+AoeJcIvblVp`(YA+K~3W(3YUn6tGhBc)GkK@D0C<X>uRQ)Kck-}wB7!}R@KLu
z^W%HLpCK`=xQaj-m`Ea(vn*3qioi2FOSA>Wb7*xW`$Ftb4!lR*4PPi?r_#3ZaIJNh
z>j}&+w$a)Nx~=k{$M37YsltZ7+AA&ws`1mAMVgLU>IS>5D;g?m+;+>a@Ob=Y*}GM1
zRBw2DXB7RsYZw5jjo<)q-y6$oTvHhfsnyX-bFe?dG<;y;T>v~FHA<U~lm0)<y;FQ$
zVb|^*+cq29w(YDqjcwa#Y^$-8#x|OyQR6hWZGNkLo_Fu>c<+;aaL;jL&XY9{uJxPO
ze~e*L(!Dfw-F*eq!si$|j%rh(*yYSf(CIN#T`<9S$m(O0Q${?{X9~jbbqm7P0wI_|
z^lL>QPsP~{tlB2$q11`DHECy-VX(MFe4PLGv@T4FT*IG4dEcO{Rdv(W{S|{q-u!H(
zfNPXzSnCuK)SL7xjZ>Ad=3okSy>*i;y_(nxBh4#FTK1sm!qIv1UtkKm^xwXB8xy9%
ziPW`S)Jd-)p4q^Vxow6<oL~Y7adUU;Hl_%W<wrL-{nkmjE8WhvncW{3ygoSLe*X6F
zCVwQ#E=k;F-}pjet>=!zD~YN;V;yi8ePPkn#nKUmSIOhZtm8(oRyOVYlr??V#q|eU
z-MQc}p5zNv5Q*P~MYISzm~W^LM&QEJ4RI{6cw(5;XR7()px+JdDX>&B0$@C%G?b;X
z9qDRtB2lJWA=>{jmWv7>Ps-SJD78RaZ3|B3x%F`2JtQ~cB8xZMKk5bfFd^Dc)Yn?7
z8MEI*cJ>?|&9&BfVK3M1z!SWWP<F^;py|-u7SYq9v`JE(W3s#6;6)S7em4Iyc6^ud
zqk@?mmjgAOmuWf@^B#X)iQ8rUI%+KmF87eYQ*3iSn&Bnjw>_jOiQNaU%Y0o93$BC&
z$s^3t5iBpjPMZOIna~@G)kMBZYYF_)B9Hn8Ikhh(#C~Km=6zitnYWwvEY@}bShQw9
zTmx;2!)+-m2U5l~@8?7Cn|@Csj)p0dSrVHeMHrE^vp|B-YC&%ok0!*Sp}W7168!x+
z0WqDb>z0QiQH<Ykw#lDwDO|7MftZVZc-z%GZtF;E!+YBlrN39%yv<848jgKxKm&0G
zj*vF#c=lLl@R`%^87|t}@+Y9}?Ij4-8RD1&gTgm|ZSfBAm#O(~c`QyfY2sE>F}AlX
zs#_Q}5+NJ;KyoCUGyLT0798iLk)5)W(&l0V7H2rT$I`#;YKi%Je+AV7nIJ{Bi->Nm
z#iQacNCD7R+ejGK!+nItd1G(Fb351MD`A=vJLn&|tKwcL6U8p_gj7_zD~kkwMgV(^
znOr4!_+B4zIgF`rmyhF?bhWp9pPO+`vOPAd)$=`<d>~mSgja&zJrV|DHuoF>b$*i+
z%#XDzf3QLj3DmLHvLj%y99|4$mxj%M-j6h}j(^ZeADfJmscB-s)+4M%O0-Y*u9H@N
z85ETNd-i~y5`<84XHkU#OyX|NanM&po;}NzZsZX{1TbzL0p!IqJ(T4iByDOU7z4i4
zYxb5q?U%18%RyTLrB%@Gc#%pXh-;6@gpg3{pl_~;{!~F6onSdfP|V-XF7LtZumdH;
z1DMj1hR3BpCSX2{;9dt0`3g0ZA3KX~o23|}FZ%-im>8Xbe?M0~<giKAhta35X%5*5
zXUrexs(wQd<eGo7Wz#c_ZK868Lw?iJEu`kA<qlYC8+DR*3mBHep)tc{YCaX4g!WD9
zau2xONPLZ*`ldowEZ|2wM~M*D)mu<wf!Khp3y9S-exx{e7#>2i2~>Qn_*2y?;h5GJ
z3G5F4WnQbf58l`cYd%I@inZ9(OksN?a{7*{o-ZL7Vit9#J4L9lSEV*-P|XO|v-T~2
zw;hd<iS%|Z+hdPWx`Y2k)6YxUCL!5RB2wv8z|EMWR_F^2N6Z>py9-aMjptn8*QX2N
zwOzDNKM#_#&w4y~olEK-nxCJSkO9MC*DRlpC2<bVIXe2?p>f5(hv9kFk9l=n#fAuH
z+kM8j5B;4zzz?f6i6LqqfF-bn^2^zNCI@eB4WtAdo&DU{d|u|)r1-W!OMtjm<ei1#
zs^kDyD3EyrRdu(p-e+emc=Stq6k`txySP>ZY_~O~oB2n0ue8-QI%B*bEDK7=lj|*;
z1%#P|8oa7LnG2#NVtm!sQ3an=1zrC@^ARkt4IcwT6SK#mc99ZMz|GS!o0V8q7m8l;
z#5eS9bVL6RiCz+(+p?EWq1n$*nit6T;2Dk%$*a#P`Gv#%&+mpalJ*_VDN0N}4xwyw
z2#vKQhMR6PB=gFUQe0nlDS{|oh6H*?D$@$UoJx5F1tLn?ggsDd=&$*ZL5{&irrBn<
zL=|7&<|gOhhqUw08TP}JPQnfPZ_BX%%qIDx{V48U2wgF8M;6m?_LAMeQ+dr<-`sxv
zd{E$LuG|EE+i?AB1JK_gr_RAR&mxn<z!yV##g{J^(ow(k)x<jB6`$G?P8T%uw>g&O
zBk0DorI~6!gXjC-e0>Htqk|2}`)E{5($P*_)~$|#^u<Q_xIlSJL&~JtUcE<fMpmHn
zE~_cKpg3N<MEi=r@zS6kq@P-)T0}hc;`|)J_S4|{^oikDFs_2(BOcq*r!=isn{W00
zA^qhE>H*h8-Sdnk@%&3t0DBvV&<PQmr}}IVAHYV6ex?9CZE2=h*U5a$Dc(#Otk51#
zI)t~KNO1b(F0-;z9;W`suYgV_XlNYNF-;*5+U3dAg+Ka@bRGepZLVc<mBL(mfes}o
z<*05JRuiax5W+#M?dkepjS+EB#`PD3<agrmDfUQf`YnULz4$#2H9kESfVTWfVl5?D
zeRW1Z#S~3Zp>~4m+K<=Im6IGIgDka<idh~ZC$7Zx6q%=hM+y!@-#?xCY9oPc)1O`&
z47-rUON!DqR#KHsV#EyZV=W6aHneyN%juDcd{<GPk35;nxd?0(q06g(O4I|LcDJ8@
z-+%H{mJqNQWGPJxN#Nh@iPC1uk73uTS)U$grgJ-$!vqy6%fYWtCzm&yx!CX)GdcQg
zpacorTKnLbJA1Bcw;3<-UmjZVG%n1Tfk>6gqd_J}I=k9`IL?`$8E_9qb`$R>Ugz*H
z#S+wci8R(b$2J1U1=CoM(_+ex;>yn>=%|qk8Fx8<5&zMcAhM?!;MJGyq}9!pm=N%y
zSd-|flnZ}6!(A=-oW!lmqjAwd`thJ-nw?A8Rz@=sMfn)wN?@7L+(cg2NB(LXCK0C6
z{IOm*b4!G<D0g-b{R+-D{L{p5IFo{!O`QVo!Nk$o?dzWzRK@DojmQ0&Qj*qUOUNJ^
zsrmFxzXIBJjg4Zuc3+NtdHoWOp}E>VAB&aU^P4ojPb^k@ld#B1GfY%40eLsbU&;vF
zjX9XubH;tA<8;Z<T%z$eXxqVJ^-?DYH+9mrf=4~aYoXVYplnv+MpfK>gWXo^r{76f
z;BBKJJd$lyUF8h|gg6Wp{hwc|csvQf6VMeOH`kpuXkb5E9)$|N-J8aBX*@i~1rpI9
zha0+fZVcd^w3RlQqPF1Cy^_jjziC1m<!ukt4yIDFP0Bz<)s2SCKUAd2`e#?g_ndNr
zsmHTPm2YZ-zk>C@3wByHc!*~}#K8#*#>GmR;WIK%6mK1ubjqzK(Gif|!xOnpih~oA
z+lq=at5=aEHt75`yuU^^wgJt@=IBk?*?dERN93&dek@e=hF3F>S~&13l6m~XkBnhP
zor2HrcX2A);`7s=K<|5_;LCE*Qt)<CPWyz<vYA(MN->*}0OF{54X=x6hO+o5xE;^E
z6#b;+=4^1UnO75FpeX2=I^|0F#s$L>HhL%iUB?Iy1EYIupl?dLJLm!=KR!82z<WMi
zzl$EVhRZEZvO?mH!2W10W9%YEM&-zW0$9@2Nn^;oP4!vs;^NJq+~x+F{=k3^1b(bf
z!nk0XX;y)JCT~L)QbA&5Z6PreCX4r$Hp+`+7**qo1OE`MJXX`6!xmjF(1~p9%W99A
zwf<R9vZVV|)edk{m=U&hQfIkJAJ;v%bBYcT)L}P;M+7uFkJ2tke#d&e9@1sDb3fh?
zNAOF5CGd#42xX@+-YYn49&<vHGsYJ|zqh;VIg9ALb(<$c?1!b#%QtjDC#;ljE0n<4
zR`QY&Vf8RVuo4OLXGKJ{6*>~|{;}P%L+4n*_JodL%$HBo+xgrgMO0?;Sz`?YBfh7A
zVfFr|PRL(XU5iG9Za=?LSQ|Cm$QEt3*HvMty(=%0hsiK)hJ8|dNqh|MoPvI5C2aDD
z{oy0n?Eh3!;xc4zk}a&5Pb~0^wCSBN;7V0WCDim36czx{RO|4q+)~r<)*5WyYE5<G
z#S<XDUP`111$*{G6s$_djqjL`N3-k8jxb)uBDmC$HnKs{yN}g5XkS>v!f2V#if->-
zdhami@Y#G9@w<ZGFRjths6z!PXSC|lLScMMtA39oxeS4<yS<(gAJuKHFE+F{NwBJf
zbUNtCq_^?`9=^||*%o$phg2U%FA?UN<~J`JDrvW!c(%{zRkyh>)Gxm!HHiGo+Beuu
z?xs_^3)nU~H!l62Ph|aC){*Ep4S-1<Hw%~@-w^;e$_Gus*q#?~&gM|aJk^>W$$W_3
zh!tvWlJWM`ub+oa-l2GD$#8xF^jQLC_wj5wlf4ep)SE4yzn|R=2^-JP=j=3R8;NrT
zn<sH{UojDdmi^ELRA&}-`zLl#S7(DWkTdnc<h);kxJf73Bp0yw9MoQ~+jGaU;$zIM
zIcF_8znClo+ueoeziB<5;$QS=pEM@(m567p)dyet)oRSNIRwx$`{eBwkuZvV{`q`A
zc&2-IVtWCIuU(%IvIZa?it2p1+U9AlB6&(H$OdclxY{<6kkeZ)0ssu5rg#4w8X5ph
zr2?FDWnRNBegu66(+I<uDdB`7n`_iM<Oh6n%mcugW1~!3QfQd+BwLXe+dN*qCr<_l
zZoWY}xC?#UCI{HPeDbX47&#G|H^*lNltW@oZp9ug8DHy=SoyH2tdaYJ<4GcIl9!T{
z`Gig8n;VL}2ZlhL5HCGr%UN*;kZUkVHNElrTLoY(Kzo&mz_4pjoSTLO`&J3{dt|-O
zuOG8Dl4+y`55UYaUti+%&S?#DqaR>XE+2p_@s?;a*w)CH^Kb+t-xkK-#<A+%Y3f7g
zg6!X=sY8~kwRkKU%mSJNIbJ*3Ne!JTX$>%nEBOL-u(#WOefJxduKU*4c@Qp42m2nD
zIl(K8xada?ID@uo(6%x5I7=zrtw2gBBNde;bBu$`<2rf)00Q)|l{vXO!qJNAbT1pN
zNb2|KS%m&PP#(KU)@!<^Mc}`{?)kQFX+@-%@%@?dOUbsE?*46~x2~)*wiM;mGAj^p
zsg%8MPSbj1wv;c5$v*v%&&~0p7GB(rY5Uj!oeJmAePVKN{n?{q(<XdG;oD>DCc4H0
z9=W*2L(7p66&GY*yF9FgL>%N~eOEwIn6H@CBIxn_33txcv8&cgwnm%!72m@b+`Le9
zJvYx60Z$Y4IdZAYrvqu$TTW{a*+or)Cn2ix&th@7zNCgF=l)z2)7QeDPX)F?m4)4J
z3T!o!9XWV0IPG*7Dy980H6BktT@c;9f=>}eP6#sBh;upR!WO!*%`j_`Q_h(PJ6M&!
zH!9WODEuLEZD06=opQDev9olNyidL0BEJ%1vaAl5Z$5!N@T@eM{^~sem=|CJEa3==
z<@3LvA?Lr>DFuA45T^;%O&ze^4T(tRDBfZg^J8h{z)(KESG~}Mh+ZAt19Fk;k4O;a
z_q7eIJVM*%the@D_2)&PdwpNq=&Qn{ewy3g=O)LzgWTk33_rl5N(*k_BKgx6?@~iW
z9aw4nPQ0Wc9MG`_#2LVak*ftj&L>d8#YKx+A1(1|lwoR&8XaK>QH3oe?hDuGtLqVJ
zGgh<~-5&g$Q<!v9HARFRqR$oVs@`fr&r)->FknBObRI`%Q@CGB+vgRVIp4V>52Nf<
z)(^!B|5@)UP){f+x`46z4Zju+NA>F@m5;F(lDme${LIVCQN}Gz_k4AT4R4qal}zKt
z6dnIbW3!{19z{lGu5LqwkU@Q}?WsY^Y^NfVj(}E4dgjE!I<iHNrDJm38o2@`0{t_L
zem-qdFG$7=*Li`)cF2d#LaQljLcMs=gSi{=t>Jqcw%q*0AN~_okHwPP*MnT^QfQmQ
z$S}PPSyI>C={Y^>)B%}Ph;gKxB?zP50mwl#_~b&ZD%&_&jZYh?7!Fs%9L@5=a9KjT
z%#<#y_2(;zY1J<g%i&P!vHlFo>nYBC9-$Y=1Ndb*_G4JJFs8sJ5R9;>98GLD;T$bV
z9@_$qPE^wh>Z8eJ7th`+<|&8{8JGCxKUa6<#Kl{>+iW{qOtf?_i)6#%7Rj8-JsSb9
zCD&3mZf#xHNejAQjyF8wQ&aQd`M9Y~54NiDI_1pmhwgNP1``lUd196eLM=j028K^d
z`*gwlc7DH|N?t_oE|WL!5rUP8wC3@cess=?Fr|=*R5q-GwmBCho)VboRC2y;*e-yI
zD9!NbIm4CG8T$^#V{gDDhL=*VWe0Lejr@5&2^yCu_u|r2O52V_`gI30ks~K+i`P^Z
zn7!bZN}_R0my5aGaezB)XR)&^S1C;xpHK_J0v|)BTeQr621RCPv57ZAs^Bgq!Ubp6
zSCnQYEy($n5iGKa$&fqowe+V!p+9sgOkQ#~AUMkyC+mC=jpMe^4jpGMdAM|0w}iSJ
z5UoJY2Cit2Avf<p)j2>T@{ZN0l2iCX=8Ca_Hd4BA(re#2FvO@KZ?a^iQ`Q@!fZlCR
z#uLZ8peM<hdprja9ZPi}<Ee245&N^c%&zV%rdzr^KMdJH$@L?`VTKkRZ$tbh$0{9t
zYyo8bUgxly|8<K|o>PHi`<p4x32&&qv9_WIag?d7&0T5&{FQ?3C24lGm5nmO!s!=x
z$Q1nkJB*$pP)@yk5E5|bl5ZF9r=Ztd3cLWahD+7>U2)`6>9i0e#qaMK-bFELbC@-E
z1fh?%4K&pO$qFCcIWL=WJ$pd{c_Z`#05pV+US-v`M^ob8y~#E3J>#aQdBvuul)6i?
zNj0bPV~YwcwdfSOTq_-ar}hnQgOZuH>!`pTXOQb|LpxQ}izDF=588NRlrUrui1J?r
zA~3`&8CMP=YLKoco?$C_1!dV~N_nAcHwor2oX=d6N7Q#%_SI{MmvxoNJI~EqjYRIl
z2dtZ#(+mrEQrZ2uq1{zK6`z`13K9DNGQQY^(FQxH3~nBh3lES5lYZK9_;;B(&F78`
z15*t*Rg=|WR1*kjlN!fXG7#0!O#5#%=sNmWlj%D=WCv>nF2dYX_=T^fT%!c=&f9cx
zea}vY@T#JDjCEU|AheqOCds-3;vvxkd?vSP?g~vB`PQ`RJ#G2b@E)RwW^RE*?2i8B
zRo$_VXAi$8truFcK43g9>gxPlC{$u9x$cHJC1#tmklghjOP3E6+^s^5ywA%edSt<v
z26grypIas&s@cHngqQIRi4+)r=!@HQ;4TX#HN3v0G`z0SNbsu;4SK25>}-qD>?D#A
z1*MP?sQ|~n1<ejB$2i6{j!Kkg@tGi#Y>PejsOhP<3h?)*{`)Eri%d^nR2$rqYqD+E
zO;06(2ZX?bquucf_*~g#k>!|VK``eYur&Kz3HYaH@@W9L3;&HTCcRW@PRcdnoeL#x
ztZb_nXSb(7#yCTFXj(notAZeIf&%2bA;s?P%K&%)?RQDa`JbV9nabn=bmfWAdZ*?`
z1p~SyNqO?G6<3QB<ix8);l)(D4_g7AI7v4Rr>D??+m2SjF&fPm?TqRq&u#(lO`{vx
zc1sD{(v`6tdj#jy6Mq(N4_3w+>fd7q+|QWgTt%yLn{DX0MJjm;#Qa^Q<F}l+WN&r)
zS;o-ci%1s)`YNHb)oPYn&)K~y?xY=9{-}i8l%R!WZQ2YeE{^v}3=R{s#<{S}!?Y$U
zHdj;)so72%@yVXX853s0)mlO>jqk;3(cs*pd{<`2M$#w8V~6`z%Q7RP#qOR%2ca=*
z9i-7D>4=FKzs=_yPX=KjH6U*NN9$Bp{!b_jp@V*io#_x(%`t^OopW@!Zs+e|Q4)Q5
zlI2imfYB;sh>}N@+xJxP0ZRf51Cs<yT<Gwnt%)0rqKPV^YYyW<OV2(4Y%*!h+>w?G
zHiJQs1Ga+!n_jsT0*i%TlqOm;-AL}N>6sT~DRM*F30j=-4Dmz5iPqg8oWU}3x0f2`
zLpXkgf+l#kT9)_b;1bK4KpGu@W-U6mL=}XRiYo|a4Z66*DTL~*Y!y7^Jr@z8P#H}r
z;t_j|E7Iskh=U&Q08{e1%U%9&2#EftI_^JkbCnx~hrI1(96h|ORtoxY{O&I|f*U)c
zc*k(1BG7P!PdDp72VK5hAa%vb-6xvoz=_Y`<pMvWTU_&KyDu)UVDfd|9dYp~3_dpB
zYYfFEV?G`sJmvXCPL(gH$`)!>XXB84+fJI7%1K0Cc&;Wus~jJUX^y*fhe5nII!tbT
zBJS5KsfP5oyWI^}nR)~7dJob`*7VOzxayf~7{vO0O*18p_^}Uzs1EO7Q-6j3r+&jK
zoL35C;<bRfpS}h)Sg!j^#=;RjZQA#j!`7VX7P~*4Pnr3DIVtyvPE5)?GR87$3B6z%
z2|bLGNI7cYh-#x(iE1nUJMmQe?*zDlD2bdPi@<QoEXHt>K~2YS`nH`x#z<^7WJZWW
z&nH-L`Z>U*WX+;AQw_ezy0-f^MTnL_=mCpttaY8`zeYhjZ@j}1qAba*gsH|-g7#i6
z$E+5)sFhgY1i|$78`1Ib^?TBlm{~AaQDS%%rT)A*fgkK1UIk@cLCO%VooLZv0O5rQ
zA;!jW;q^-&{v{Lv;d(+Xnt;?{>Dwt8RDXoiti?FQdQ(owO3SdRa*dS-DO@_3yA?n;
zz(KYd5P2vg5vl%wH#$`B(oiHHG@y=X;{1>!K~g8o^TpCyHiG4b1IYyG0XFAqJ(J7m
zcO)0cU{OTofPV^lMDRMytcSzFpD0^yZPW{dZaUpNwBn{_5SBlTm*{`7soEw9**+XG
zfAn?)m8c!r^|^};xyL3EI|u8$gU9YkN6_xxeBSaBB<qThRdHyJr%{xeK6V3L`;r5n
z-LnxJwwif<?Mk~3AT{N!2@z-hmzs)3>ibe0p!c1Ok1v*CKK*G!l0|p{VTd3GlNsD*
z#yHr~(NX0H%Z9S62qfX?bri!3RL6c@VorpPFI~3TBVV8$TDAMUyTh->ump7N1s_#M
z^bFYMDR(@;z)%k-T{e(%CDXOBG?PoopvEpq=G?+|Rf{r;YcxoP%`6MTwp#|)S|Mqg
zLH{oLYmw<9&TJB^WA%em*}3;q)ODn=BKz+#u`gLnBsn0eGAMJ(uF1#^bz9cY&B%$m
zufkr<vqmv)KHSx5a@kqjzGn&q>LaIcfgA6(OY;-k5CY=%C)`Z;T$}TxyoGU^zsTN|
zeRz&yf{upTofeN|q0JKZ%Wnk8y;@cZk%Lcq&GQb2&H{Y&2|LU|uMb`4>AyC|`~qIn
zR2xB>G)=nN<R{!3=>gm(E-R@l*nYH)suogEw>jgL^Psg?cPajoW<qqVWT#`}r8&PM
z5s=G5&~3@^S!wgF*X4iSH<A!jgR`#Mq0l4>mLHH;ZOQS6PB;(&$evE7jb*iXqJqBZ
zR~=HV;)c?hQR#4_nea!F#9@UG;lPvG#;}dW(iSmC?#p8t6F?2oe~5jF6T4w}RlQ;G
zQMqBD+H4@F*lfV2*mS;OfCg?-{hdfD0~aj+pd6xqH~sfe7Xu*k$*ggAi+T5#G(7os
z;<amp<e^a)qs0#baslX#cnx^v9{z#zbJzMAGcYV-YA=;;W2x3XUKx{|_!7sAvZ2GT
zqCsH(Afw8fI7JlVnkYr-j&5#{qyP8?1J4})k#=Pi^Z17iuXZdEPF5D<V`Q~BFnbo+
zgGve8uPJrUX}d>cJEE2hIY!n!Ij)W*K7oFFxNBQu_p+IcYil%)KVS-igTwbij*U7w
z`O`@(rT$FjOBLs$$%lqof)2L-j;^AMt8J+LL9IkXtDpL=>cWgcVLlIe<#bmHj&jX7
z5CKTK_VRPu_Gca>W3pSifUe6)!wRFJs8#1_cyZcv`K8M#%L!9kB`tES4w<!)zAFqB
z5$2j^%KRY1q_&N=&JLymO3||tBv(-@-u0;UL%21iYKzbU;w0Q_K@fRy#&3UBckYwe
zKXfrf^2NxAoo7fBcNriar`vpb$TvqNRL<`~<@Pm)u$nYIG*ZW74VfEU^Vzpf@O>?1
z1ro+vHF`ojF!-b5c2CjPR)j{3kx^x2!i0QpHVOXB&P7>-wt851IJ<k5UG1bsF{9OP
zUR#1Y0`8Kn`P5=0stVsw3$DW^2xbO!NfwQIxJb>y*TV+Yb1(iJId7?_x&QoFXy(12
zz+VqF%zUNO__DKBZ^P3MS|mOs8@;%>!fkriqc3)E3HXhG8}cJOP>(X_P!;{lg5<hu
zoV)s;W#{`YFLy8oTOpGM0;o~iRaV~`iU}+M0IyO8y~-D94Fe=pzmWodqZa6#XhU*n
z`i@|Hfv=tQVX_xr^Kffr967jTbCXpMzhDCcM#+@S_Y__#V37MysBlT*0<J1tR8Mk%
zI}*w#IZZ!F-4wHm=Xq${6oJnebC*uZ1lbCnP00{f-g*(Kkwop&*9tQ)rLqala=)^1
zDyjV-*g;#y0pCt0Hb!6O2JhFCdV+AGDX}E0nI8v7JZNWC1l1X!)iT<l*>R3i9iqrk
z9g+ZwOsMK#eVIV}r#i)v(OmzX0HsG<8K^_f(x~Y&vVX+}s5m%rG&?scl6s4v-uj4U
z;0$DTL(jQovz!AVICI=HEKm=tS~E#6mV|T#BIF@3cH|22v%qxSaikvzViemE*7|!$
zcOXZE)CLL$A~fGLR>@}hXJEzSw@NZ?BBRI@`^IBc5bse$ypM>sRlf$p{g!&tBF*En
zKf*&FBq|C4`7JdhSrdyAtXL2#-UZ5bZbUAgFM@;nJq+UZtSCmj&(0Mio;`Sn;%f{k
zaR_g)F{XqD2cAAf)iMH|ZpcGnglv-*E78HnoM`oct<nt89->kbo%$6Apun0&G259_
z3g(Js6?xcrme{`H41v7+=vg(NuImPv60pNV{@~q-a(8`nQXu;^gT!q!6I?<@vMsyQ
zd84%)i65M{_xlJMjx^lKFpZ0FTt1F_Zp`?me?^f|dU;mU5{C_bXN;A+4N5))pDY~(
zD=gg^l^T5&{9;VCmY9V~Is|(kQRV63hFI(_<RHUDgmE5e;jx*7;_J#4+=o&gh>92Z
zrK7k#EIJ}%l#jT*73C^=eU<08@<$d8pZE2kK!O^WoaqJ{2mvg@ly7ymP&Kl{p6+-K
z<xH>LlP1EoxG?-URTv!_h%fRe^hk_w%p0eiGeyFQN3T-YUZ5}b>%$8oLVW2bZm1yT
zFi{s^v<0#-ZTDPMO&QB`x&yrXpItp|%u}f#xed@u+;+uYw*(>_lK2*?$awg`e5;*F
zr>|@BxHO=;4oM+8yL&Ejbnj%#{FxkbO~nWVReoz$)EK7ns{r<cF|pztrmwjm=6?k%
zCwX4`SGuYN3zKZ_Ffd2~Ll?ChmR#;I7|p++YViXGxEYL7GG$!RxEu*w&ui1WVZj#z
zpDff!pd=dD=Za@W^}V;4rKq+Y?!%~CV8cAu8%VvuU=aVt!YYm;1+QQn1Bc2vlF2TW
zs*5w^Oi9dwglLQfONKT}`kdxR^PJXA{g*mlNlbEBiT;P6g9A5#82WP>Iq)O|=bw1Q
z|GNpe_xF$?s;VL&!~5k~$NRoa*zjJQu=|=hqO%e(!bl_x`gpoE_}=R`w4=qo=d}I?
zhcYN;aWme0X|vQVRUVZX?-9d_u6@{}zDs27@@t_LS(Y@|6M3BKh2vy9Ys=LS4zV%T
zhvR&A^=_FXw^|MvK|vwiM|`oEX`v{hGr25Ua5d|u&2h8fN^B_^T9TquW^^e@N;>VT
zVdLuM`cWtQ^xY)SaAuXUg1|5=kN&;k-C5`(Z9CYU0HY`NEhq{b(rF~~JRD;GM@>q*
z`mD9TTxHaO!TLO(3<n$gT`&Q>|0Sp{Ck_Qu1&Vdd7w3<4W%Yh1HFR-E81XfX0WCT{
zny%b)SerJ*%_~)mmk2P*Pd68_p0m=8$qE6sDF8^^;<4Xp=@D&+sHp8t$t@~pcZpY+
zT%nT}tc@(grj=sG6&D{CQr4#xu;gPwQ07hIfwQC_UE{YdO6t3POZfNT$Lr?p0)y_q
zVCDI8KB@0P^WHzO64N*MFlJs<{~{)RR5HQ7%OK`dvJ#17JPxs*QD&^_HAwuP-%;!s
z-ojL~)SD&0V-zK6-sKW@1=tAeSG3tOw+7$p<Uq7Xz=%T4*-=bmFBd)d8H7U$PCFP6
zkEZzXqT$WWPh6uNH^4P5($MAF0Kq~Eq`#E)mzCt4`d@OEq2@fMkfn*-AQpyT$gu@8
z-ppP1Oa908KXj-=Y+5)zi~WCXUc-J6>!G@#$&VO3&VMI<JLh5!;^6mn;{Q6aQh0Cm
zsX>CUi7_(Z>on~s!{*YHhy8W&IZ9H7FIYkiwP`f?XM5$3)(umgwAenbu%%2jR|@6u
zOy|Xoa$jW%S6zYQU&$5)4rVuILA$}U4dkg^s-&7i|0ON4>i&|JqeP#9SCV>~Np&~#
zvs$sifh;&{s4SQ~Bwj&2Hg0>*?mHJyAE6KIdbfJuIuIc@IE5TAAvOF16h95tDWzjM
z*?)UPTanhG6#`kyMBdgq(e*Ow2qRAjPw>tYCd<J={O#IF17&eRaTHuHsf+G9z)bb1
zP+jQ`JX|fi)+T8ky6(u?M_p%v8d?bDlAq9(C-D!IV&mzVfZWfkPD4)Y0A8WbkFf)x
zfVcH$WZkF10KK>49qe1;-p)2|;K`{&ueZ<pjg<HG#A7whX2s{r{+rLujg%B6Hg>=Z
z@rKwrA=>y*H~^pH)IwT4_A>KS=0<9h`j6E6eryY^>>D}*{^v+e+g>c3QM`Pa<Ktc{
z!B(C78!j)5Q+2+8|60vx+RZ4>^vNi$1uhTV(_q|1Hr#yfD22JF66ZNHXRi14)9kA=
zA6^mbx{`<NquToP(g^8n=l2a0dYWV|@8fVN8<?+Dt-Hm|*J#pi8=p<?veOiW12~Ty
zXaqFc`;$o*z<;_n;{Lo?>_vrbt=+4@)GRkC@PbnH6C{RsS}$nRsS&M$uQ{I&d-{D#
zzHSOk`gF{JyOj#8c|MDPkw`a(%+++ty6XND(In}^?Zm@)q6JQ4n-OgWTKVthbVDn!
zI2o(fK2jINbX3^I;KAfjhhEtnyLi4lgkANIvjV<Oaz^wWXViy7L&kLfMHa6nc-5gb
zYAXZ^c?^rm)nL+2Eoa<<aDN~Vl%U0f!VBAI7!NGoUmK_CM)cvFI?GVTh0rOT&Qx=$
z`b;VkLoeMr5N4I^ZXL&XWOKJI67o#(ZM~YjUp$`z0ChdisZL9ffy8W#($Gzn`f*!N
zOkRo}k3=5h2s3I3w(AD+)6kMv!R1T5Uv@r^>>lqmDB3ux_se^4DSBGHDs$<bPEYl*
z@HP@(3@M<6A+xK)Tukj5hmMQvHP?6JI*Hu@rHc^j_Truw1G<Q}h^I4zZZK&uK_zM1
zdF_LfGcq-CMe4G@MA*L>Lwt)Og7;Yeylu(bN;-4@f^Jw)${Cc-IX&I!yYF%v%S6QL
zBO1%ieer?T6GuH^wTPuR*x<c_WsTt+^0iyu1T)p9N)&Dx-Bk3v##qm$*h4PV>M|L7
zqJ=uB0HD`uN|Jtr7c9EI>3N+}IZ0QG$K$yYE;5BNy>q*v8L*y~b=uq<4J?FO+BxF>
z@@6^xj@3Zj;p8@1?-s;goNO4rkdPUrtkL`|g?`E4K&_U16+y=WO(<y>hdHq=WCW}X
zfFfGC<x{p@SGq^lVDVYN7XWx`j6M0rbZH3?jWhTt>L14HuJ@HXsq4zH4ljbL@@V?W
zrWX_-hq%F1RdB#t0b<aB(D;yfqS(B7_pHb|_+N%^rRy*iz~C~|ep35@pX8JlVd2_M
z=-i-~<xxACsE+aV<-1=@l2I-S@8c!2xhdFYW@{DZ&i4zk+36x>KYvF0*pk#P|FVba
zM@evq&k9APx^HdsD{-Vda>UaYEX)5x@I8qor@{9oeh8^LY1E26%zPh=l$`N(C^nYt
zlH+y+_KR{^U<>~*h}x^1$yX{BJ1tyOs@?nf>s9nQT<I%pu*2+TAMLTgA0U|aHfgV6
z)<YPK@A<<v2!$R2x(YMOyWxE(uif+L^2Xm-JyGDN5XCT&){8*7;Yw!v9JG@E(GYYB
z&2v;FpFwxFU=BL&(aWvA3YGDRLsNPiyzVcA9OBed;hx4QpnsRg8EXG9`pmb0|B~O^
zVLwVKF&p$#%=}~=0^sE?9&e%Y3aa@O>0l|czjZLZ>wNG4)g8K-gB^;07rZz@?8Log
zSAKNz!qn9<sG+#B;j}{J$8*15k*X)ox$0)f5g({?>6?IWxmIM@({VyvQX*G(-*0hl
zJ?X<H7(>W&rK5LiP2*C~3;+4Y*JvA|D%odzT9*q*<3hZ2APN+wc~w<4?ie^*<bs<9
z6@BQpn~WB&sI{DPiZdNX^bp^9PClchN%b!5aQJqJO`o1L*4ECVekeGm1f@0BJGw^T
z>`8%@VtO+wk5S-DA`s8W{b*vk?ILrFb#E(<?w*e!U-XoIxlpsMXA5j^|8}0J^ZV!C
zSJ<(1G(TYRNPR+GF39PP?(ahR^XV_?d(#ItixUtHdndy-uGK%|-a_F99*|@{f<sJj
zE<hG#7Hyf%;}KI54D_o+7AqaTM`LLkkFWZriZ#@ZQT0k40+w3y_4NwN@_oSqKHi6E
z(yNu`03Nv<Mb9!0qJ~rnReua1E!!)QtE{c7PB<0orWZJpmf&^@AZt%W8v-vPvvUS_
zG`fQHmC=PtAbD;4+tEk@K2Bctl~mdD^13&g2^kev!{5<?xejWJA{+yHioZ#*isA`t
zCKJ8y$~AR^=x9{FcqEBsh@8-^Yx7NNPo2!Ks73n>dWl>)S7+5D5T8nVMZ8_y%Dq;F
z@U5Gi7Q4}H#w2>7I6F*y-mlzhl~kQpovKCeskXL)DjI5b)o!wLotdiX-#;f4zx>A$
zZ&iAJd!U<AB=kJA8LfY^A%E~y!Pa2^>E`vZ=sU}c;TmBe5WqLjsB}SI_v;;yMa`8X
z5eBT8@_fV^wdVewVqhZZq1vgk*K<OotpHCW`91-oRLJ(r_L3;;q+m=pl1N}c!pZ;o
zC^4I#mnR_Iw+WFy2%h+={#Uv$7^K;x5>tKOC|Dz;f<?xnUBHBTwX~l^O>Y!Nc7S09
zq_09PzoWWBT<cMk_J#Qsn|WKsJtv=M1VnmWK<5-pgKFw!UcIi46I9}(uAYilwGH%n
zpL0O#Em#fKTE7051fnow?eV!bn7HC7-&HmDl3rZ<5*#FW;^*6YL#&T`hoxKA^=;eq
zLMMLV&7OCmkclcAu;M-wHyO}OB#xM<eaa<OfyD|UsXTn-nfVbd_X_obl82T)01^sU
zu!A#MB<)0ZKSz@XV1@WEK-etAJu$8z;I0z$J@+YfUfhG5eDh}Qxy7IF#eCDBE4coB
zf?{Hdoue!~Ur(XDLM$K^>Xl*nB3B8qJB65Ea{?4$+&T!Ju&WV`D6QJN0xHxnO@hKW
zWG{>3mTPRAQ(F5$Z-rzUzyD9jUF$T#<M{$T`02&hNN)fEQ+Q6Xuq_1Bj{;oRZosdE
z7BUARw#6hyxy#L5$Pv4nBpG--y{s%4EBYWRFbk5n{e*obMn}7Mgf7)M=%YHJS4gf9
z!NId;)0S!n1cJ#EI-PiMIty9a9A$W&VyaY*O+}>%v{Hkp2iTgQH|B+?{7VZQmI+_;
z8S#tb@S^4g6g{OR7az0LszMdBr16j^2qb)h)C*(SQ>no>Q>L~!wSQ1?Pk`qA3~?N%
zby;*=FJ$4<S=eFfGNQ6Z_l|x~e~^PoA#=Is{bu`nNKyVEl1>jzq;mE58uKZRepb3_
z)GoeiG~&v+r`x#bpIK29kU9I!Uwo<<*&Z>Q+H06ZAroE#cH6D;0*gQVP<QJ*UT>RI
zKcNp@lpJ8iFjtcEHQO`wYvM-b8JIfnuTEPv9A7!OS(YyBALdC<q4Nw48I<mt%sPU~
zkXs_QcS7^~oz_o0?mRIar8ky0bw3M^-ohhznUExRs<UohwK(=4tEy;vku}s_HZ^pj
z-)<0pJUY=-Cb-5Fn|vW8KgN+6&B(O+&5{(y;$d}3J@Kr6es2C@f7Q)FFqw5Yx@8@H
z_lMKIY3)nVl2*||0PTRY>PlYA#!Uf1a#CX!eRw<Im(R;)-3I-ejc;76E*aVM7<|SP
zJ}Y`iuB=p3uUWKkl@>}<{ezf`O$P}4F~~jlpgI9e<ZRY5O8yfe5A2zz&Mm{YzMJ9>
z-p~6{H}u&9$w$<omdK^BF}Z8>+eU^r$vT+VJ=V^Xy9^daJveKzK<u?SF>eL^PSOgA
z`S(~yH!+E@DxV{+GN*`3B|0l}3LudI9jDARNY0IeY>s?R5yNPbPiuJj9z2ok&U)MK
zcvN}+@z7}(v|!h4U-1;Twxr3onw(u2U7X6OoM<A#Mqih2s*-$?X08v@tvR}#GO+Co
z1Tspn9#gir!u+?%n3Ox~=m=0FkjKhaRlfA_B>kG#IKnmnt;9p0_ZChw*l9L3kXf;5
zA5k;|_-$`|mS(1aMj9)4iB-<oMOweRRWMjZ13RMu)=qsFyRxem&h{bZ@Pp^a5|wBi
zLXW#d!ou338{n3H*LS;uWCUL|DH_yRDHcO5gV{-L6a4&+=>EN?SzDCXvA(WDjTPE@
zW=TztneX5l9x7R@$NOTenAdO%_hs+cBH-yP!0+XC`lJ5M%MB#|I~9`0r)zj6$^MVN
zfzffFs$NzQu^hb{wFXoYgz7g6Kbkb`rS5{yCQ&XPG3?=sFH-Z}=o4^x*69nCj8wR<
z+qm2|e&^W!9LqJys|7$PgLl`eW(Ejlxb^*oGLR!<_P@*F-Ow+%%rYRpdzYOwO&xP1
z=)0X3`|vgpSe8fgmXl9VD7d+95O{T1RV(sVkk%C)TyLA{H|NgeOz}QP3RLQ9y)=h4
z+UH_}Io|690CLa#hVd!r?+rWi`j8Upt?64094O-WBe+ZGrdK4jRB_qC@2mt{%PAi2
zg#o0;r3|uuGl{!Ri<ah{gu&W8y=G-3b+*iOQl)dZb`d8~2K&fW5UAdD=<(rY9}-p0
z16zL@=Lt>zq8VH9Yv8VY)!h&nlNy*~hQiSwKs2KcqdM%x1~Ow?d1I~&RWQQ<y>NZ+
zWVBmLRK2fW#SRy8iO7vRnFFh7!|RcPUyDzw<6~VjVWZQ<-h+=3$QBlh(1l65Z*@_2
z{3zv;qn}~ehwO_H#_1NNs9SaH0Ad<XJFS$d{aO&pm8*Hk?*v|~sbaRdr#|(?)<Gww
zDd0Wit^p_;v3^Hswy(!kI-q3YAX?o4ROYj}3ZCxOdAmpa^*oW`alN*?fI<9&S4O;s
zhbJ`DL^~!%U1>)In^Qma3Xq>D(g=0`5RKQ>C8%Eu$yQ6aGS;iM@&5=7jrxZRHDM3^
zk=R)9jO$9W`^3gI;(Gt(hR^tOrJN=G&#y|Q&>cb<$#Hb|BoF^6jgxrxdQ(irXt$ye
z18RvGnDsLdJ)W6Rn`VP1b*=ONAEiM_{*Thoy(8!d@nOr&a&!ROAi#Avtb(S+{(i8o
zC7?ah6wcd{TU+?*BXqg++)wu0sxKC}uYMa7%+`+i$&#*~$V)^@n7ZTb5E~|rlRoQ=
zulx-}qoByW(|dX`);jDQ_QoPP{+z!w(*7A}q9B+@ol*SGoA=Bs@NK$+8K-dh<_IzB
zvG<`WkW(#34{IM&3$ulP@A4eCrW-UlLm1bq5yk&qag?2vZ9sSKQF6h!wAM-Xi#ARr
zklR?jb;ST<;4KwF9wFHqWw8qVO>|=UMXrClC!{Y{;5iDat&E6qmZ!rw{Rr4R?Gs^V
z177h2pw|~Lg7if9eQ%sAF-Ma(&>CBl-+x+LnXaGI?ZeYgaV^)=Wqty+n4`m(S|{fy
z<hLm6VwL;`NGa<S=T{c~zO#juxb>1s4=zS>?@YXg^jUiGFB9&tgWFuA;{O3VV(TA;
zG!NY81h;g58-E+F4Rj{QLD7w8q;PR9lG}^NOvHk!orR4ooGYF~YpImE!F!AZLvjvc
zODZDJ6H?**UaX_8l^`&wEK?~UA{Dq5Z;V$_N~d$o6L}2vN5%6|R}4R%dvCtAh{;P_
zXk9S+DitE+ktqekzi*54oo}UMt4hA*LIwyIG`Ot;>4B+~zbpYSkR|vpRzRuCWt%d#
zNC?~^hrXIC4RKvgd1{+2LhUNn{t71UO7h8<D#a2x5WxqAU~0+~x+#X|kDo(Zpw@z!
z@;7q;_-WX_9a;SYBdpn16~h~zOY<W95wIY0{ibuJjofMMlIc)&m}VVYG`ZE(EtV%|
zO69u>JJm)8cd}~=xsp(SL_stQZ2wl!0mU$oyswZhn@v9DDo9A;g|tL=Mo-tf`b)>N
z;a7o5L*+jGx4`?Yk{ls3(JJ_!XH|Zwp&Wcy#g<owar`ILU&=1Oevn}I?3ACfKzns`
z1%HNYs4NKF#dlE1v$tv4PP0l>mgTOvSe^+>_<?!3IdAkUmVd8CnhAlLLUwCzz0O-V
z=+N$ltiyUky;w6ed_9mY#L;j#infaq&4Wng#Xak|Q1~&KefAq>@J^>)x%;&;sZV3%
z_!ht<iZylRHxb{p_3HEbtB(%lVI*BDS<V)_ZXEyG+L2k!-7sI(J)f^6QYy-mJDyg8
zUyu4P7($)^96*DC{NF-?zfdxhjEGzoH9lqiPy&d59A?<+|D{53{-HTWDYp8C|6b$2
z7e_7IQVUL@i|wbk;`dz*mJcS|>9>^d6rk^SO`|2KP{7`^_18G5yt?51@}y+e9vaVZ
zQ0`>f1K!IYBPG*~Us~_b-hbh$EIZtc1=`XwB2@yOy!^I<gi@8s(XCBIW97>edokyK
zg4Zs*18BP-$&SaG^5Go1`ES0T8%cY!+9Q8NM3B-jb@uoNo+74G{?yVq%{vu^{977F
z$>*$l#XS}!u2}W!@8BXrGp|nX4Sqgttd@M0<+yjVZ;F=9jqY}kRMH&Ku0P|Ej#2q9
zB&`hSxGB8~1K5i@pkwa7x>Vl3Xxb@>mPmO=uK>YP8}4^utp68y5H8>Uhj@@!P9P8R
ze(=9|kgQ4|4|00@f53yRwP$X#%djazl3B)10W-WBpK|E=Y|hT2a`nCMymCvoUsqpf
zcSgpdd|aV?rv=3==B;TcROlBK5E6$RWlqSaeny=5Y9hgE>>G{fjC%2fhQHL`j_JO|
zf2~zr1UCLVb{wR(_yFDb5U!D->y?-G+%#V?f<J!3uqcN5bPk283~S}kdWyBvx?~s2
zC6C(oQ%?Dswg}T-Vu1F`+7%0PLfP+BcM4cK=Uo5o*YxLe9en5hIvlzZYPwnq8Dl?i
z{59%QfI~tr4Ty;Rn{)v=k$)55C0KRHEKw|~P5z&W2ej;l9OY5d<5_nakYLgXiD&Ku
zwzH|4aex(cKy7d@ocs@wV1LGShC;JcdnyQBpkZ3GTxW?;lV_AgRb;4s^Pi{4pb@vJ
zmY(4b#`ZskYP)?`mU;Tl+MhiuJ*bh)Xw4Sa1K}L2o(xcyHBROHK6~4X^jLrdcj-Fo
z>9-Z@0Uj4;FAeyXSLCAh;f5NrHQ08<W)^I(Gu3bV$C$Nzv8fX!Ob)cOsj8-zt7MgK
z=(d<loYp7S#CVx!MWs~Os4|>|$7hNx0Z>4I#?DbPi1UmW!2<mXq4;$1E1TJB2tROp
zc2M3(X#AU4zkTRYC)cf=1ZPe)j7RuJDuXwy>Z(p)hF$t2EH-2>JYbdVuMgP!O)s2U
z!l~rK%Hy)cXSJY(i$m%5b;G<ZaAQ-6a9$O<d0xb>Fa+<-BvSJ$UL8ZL>TS1^`)+fl
zrga|u0%w2+35ft5m{g-JoJhO`^jEasLbb|?xw#`)Cvv_HMK}f4P{v3ja2Y`ymMkLN
z+-=mZ(H!U-Dj?E#?<P@QAPlV+g~tV{xpF0|ozr=1;1wGW2J1bGb-zLE-(z7INFVOf
z>J|5arRNx9<S2xb&*VF_=YC~V)h%+46+f_X+R>vAXYckEXR<1QwQLkaG*gZprZK)q
z)T^-C#8}GUa%;Y}&AAKs4tt7|P~jc#k)lmvqbPz@e2KK8?ihn!0XR0ltw#K;@hj+B
zJz^f|5FpT;C{a)#5CrzFq1|<Z6u$Itu{qgy3??Gua?447$#ytFAyko~Gf(s{?<Q~^
z5q8~K<F;`v31R)|tp1#r$p6Q77Fy)qkZsz<_@TGE7D>M`@X3YO8mnGM(%c%0S*}7G
zM5l_yK(BPaLpzNw=STb5ct*5fs&+*qd5D*ynZ^kSz|&h+sHh<y6F2eR)J#p$Ts%Bt
zt{;{&5fL|4so9=#??pQSIRzB=oHH^-nppidQR9l@pU+44*XLuQs3sWh8>(HnML$Ov
zNNqr8Ao#{Y^w;MTGme4$>+|hNrmFn)`QTZQz>Tp!Nzq3CZ+yPufDGD~XSo0ReD_`d
z@%bd_i9kRet2Y1od^tN>2zyS=Z*YABe|<j8OB+Dv|MvOTd(>C{`g|JA|I6n~J^tT5
zU+URz)IXn3^1nWxW+9Wt_y78Qvj6q@0Ez$c`2Y!jeLmxjt4g5HmxzC5B9$j(5uAl5
z_*jCQGB)<vMk=fI@FhtD|CHskl191)Ug(;kjE9#~l*?s_Y~_z&rBj8qCDZJ54(fu1
zfh<C~=KhW_?bs90+jSJmFiK2sv3U#uD9S|-q@V#R3AEqaE_n_Z@G0;imNbeBTr0s8
zE+?EwLIy>7<ydiEi_<F{zuDsjl?S42p7oWe1IRXfs<jGq$2G3v*udNdyR7q}ZH{`J
z&ufl9k%dH0MabXlnX?Fts}RoU$VO{c?{9ODlZn;yI+J;sr;rvC{#JS9yMWFCt@7;w
z<onx?pMgOLR1ELa3yXZtdpT2awiKk0Vy9E@?*Bl&u^fYZXyGX*!Cc&_*_kx3%c8m0
zr26%T^Q4+AM=b0ybM>ChWOyN#i5_yjSs3Cd(1rpwWoNd6t*5gYhW}>t0eaeIb9L+C
zj`--~E0R!cq-f)r{*Om}0HZ@!Pe{RN|0L}1)%lLYBfc%kn^O@H!5pvvF=0mZDVGXZ
zU|l?WUMapxJKOfZ;vWPQe->?|5ED#0+@8fGv*<j!Tq^lAYG88)rie&E6XiVSKj2ft
zb&23u`u(v)_4>=A6duge2uokuvhe=_A4%}Q5T$xpto)A;DW>>OnCBVG25$Zj{Xs_U
zrl_-*z)Pj@A3y~73=4tUVX-hLvHM{$5L)Dqr$HHZ#sZLJoQ`MaTjspuW|viHAvwX?
z#spoBA^(82%?bKiOYR%omZHj@sA;_)1a+&2TL!{lgjvmejp4*2L9>G<PqR}96dBQf
z`eOF&zZx@~{Xb$Op+^Qh#^M3eB47Ro5<wWnaC)XDXFLVzt_^Pp!b;@ad7GNE#NQT)
zu_8Fa0r#<^x0LZ~io={KNE8WeNh}>b!r%5Wi_i-HiyAgFIzxMd+#zAq{g*LJv?Mx$
zD3rST{fk3f0+s6P{z!SacO;2`YrG>3voPc_xo<VfG(MMW>^GzMSrL$9a^s>!Nf;3-
zWl^$?z|4nw)WT_!n3x&SV6O)iNwO_Y-Y6+Nk!v*Ok%V{=LXjU)g_U@*wMiPb;i)wu
zKC@yJI`p{6E}vGUnno>DN5==p$yB5k=A%_;(H4=c*T+=-*^-$gK9_HWj-J{5VBP_S
zc8!Ni8+5ElSz*CigiaEC9j|SasOFZ?IUJV#s;CK$6xaG*^tMBYB67}Fci>?tgKbO`
z*+^!TQaQ(_EYDlERM=n6Ea})|G9j-`Gg0-xOZyQM<zS)*<l13UV9!AxO=*_mGti6s
zqi@2geSMzeNnb?%{r$I&IC<4cK&!X)g#4sZ3M}sm^57<G4gCg%JuE=h%8q^xyR6YA
zKL46g+5MMcjMIdeviJ|fI6eg64ACqx=I4v$noob<IA9@JLVzHO(STd8gz}?=!Ggwy
z#JP0CKT;_GidIo{7l>c$#m-4Vey-eo2MmZhgoFnurZNS@+DkUNj{HA@@#Y`FcqkjF
zxDsNM!}+_*E3N>qD3+}PIyRPILhJf~o7uiJCMB?jYfPlZ>88CT)gRS1?^hOujw)2#
zg5U)^1{^EpIUU~Z9;xaScD*7<<6ps=k~yJ2kgI6S!2ZX3WRL@cK?-j)Fa-T4R5WTq
z09PV0|40y9ap3xdK8-gTQuT!1e3n)k9eMjETPg#l=cVxoO|!-LYt+)o|Hs~21;^EG
zTbg27%#y{-%oZ~<vt)~znVFfHnVDG@Tg=R0F*9`9=f9_JMfFQ}b#z2UoQJjdUTbDP
z?T5^m-xy=2g*(&jNV<ii=l}eQNfcTTM8+r@^aXoQI=x_w7FM4lA?9lc1Y-mkQrK~<
z=Xf_Dl1uk*EZ5ne<U*0ZVTFGGmD7a;cn|<&6#{f1V*hpar-(kdFwZB=^X^I8^`ewp
z<DMVA>G~(5klFwPA=mfS>1yX=i&x){2J5EP+8aD{Cy&|fVD+)-bdy+laAcTEG%c*s
zL9g5np^4-0WDT+iQJ@p@0OcL)-d4u8oi`|WWvDCt!OqJ4EM0c72r{_1c$|mGVm9Su
zW?*A<P6Xdd#!b7`M*b=9bQH88exq>DVw9Lf%2mV0_5I1CYU2Kbaf;s5Dn&WEMo=!<
zd&RpA-)G!bfEhlj4wrlt4pdTKYt+7sX#Oo(8EvAAv(#mF6bs(nPhxZho9HaZao@E`
z=uf!Tk2uV3d6M;S81M?f`G117oJVBCjTAg$rcdoIZAgCYqfJS0#W>q|(O7tzSLvj1
zlDv@O6XJ7BYx$|Ql3+2V)E3X@ryK@C`9ysGux*6dsrWfI`aGh_0hKej45qD#O4YHZ
z*s*=?ZuPCyr9@OiNlNO*<jZ%rDw?f4|77JLpKSrcCixVGKR*D4*fkh??EooFRJ{Rc
zrIg~$i8sL(_tb(sdVgDLoULx<S^$(CKhMUw{Qh&DHfl`s_N{&eYAderxfu_$Eq$~a
z7Y9MD8uR4GW-TlOv}O|*`EdAC#qGZ(AR1JtU_c9Pu;SY;*(H+jLHmJ5y1N7{83fb}
zQI#!xugI>Zh5n05+g0QbQjSqh{FvIsRnO%21|RUER}I_Yr3v4e_S#)w-nVVY{mROI
zEJy4CYstb@wY=1T{CFy6NM4Wd2$o7uyS?uOx*b&ml3YciNe|EEK^LA>iR!vvovpV7
z>!$3S%*?0uWBQe-bSHYCLp8H{!e)}q4eIqZ;Sv%DLpct&Y(ELQu9|~5ltE!*yuo$i
zmi^}2!xLm6(r&$vCu?5x5GN9tabImzsLlxRD9pN61@Tl1iVOP{d83HWgaaH760EmD
z=pq4Z^UaqOMcE8zZu7=Gq$VwC7`G%uBi4zq`82PlJzf!x!+zo_>}3@n0c<?cFD`@+
z{s=dO{$GA_*<X5f`5W_mxUr(?U0D^CyuiC<eWm-8xD}Kc|8>6k;?-~X_5ahvEj;tf
z*ncH%Y48c<n|n@a%f<7(h-!R0p|@!~m*34XU3p^f{Yh%0T<U5_5Yz$Oa{$ELv^O;^
z5Nhy#cD-lK)11gR>88pz`E7hep%>rTaZ5S(f}4(Uz@y$Qr0(~8#Bj`JipNxH^l$HW
zrS_Z??`}5hkWILIJOhce&KW6o7Ih&Y6MimPP3&P`<)e2wi;_ESBC1H@Tv2~w(uz)v
z*{s<q)2I=-VSi&~)W>G>v<T3$3sa!N1j)F(0|nAi-(M?VVNhY8x3W87p3-Zoe-~MR
zLr7{jNsO5uAtQt(Y2SbSIV81jn;Ae>O}z~BTh`+;xaZYRRMtPZ&HSmbWn*#)S~h5W
z>~nFC;(g&tznsgI+ma!uUUNHt*)Y=G>$2Cv?&of89Ln9xVKo8Y#*Kc0+I$V2djP-2
z@;Z(SSI+qge|kR|aZ+g!C7jPH4z;(G#n`)Z5r$Vhw<HmKVHrDXnYBa{lE|H0A^!r+
zyB2u)3%d`SW>b7-U4e=&jR%5KxN4E9%AZRTBw&F8He!^TP2!ZAXxF!tng`GC`*3nI
z<p`@D8Tl%|y<g=2d~~6wq4PCLq~hxoj{>{F&-NDSbEyQi#qX@0>ioiIBe!BP<{d72
ze}yi<UGzUwpf;u(iyora`BY^YfP#UJU?y*yy;tK78dGLA>A)_|*H=7D7>?{^r3rOK
zY`tSf<QmZ-qLi{4#bUI<lX&tK(D)NET&O;`ZsH%jm*Wmxru2H+-R~Ee9d-D(1c$(X
zyBC`EAii0TI<z~m4kt3Jz+K&STWye}9Svf15=e#z|IEbiI`8JSYq-m@(}|8=3d7?0
zm6@`Pg>R`IrqzRO;uoL0k@M(odw!ttzMkHsbH2Y?;KbFsGjrY2?m{MA&K0+9fes?&
zcm5VH1qf9rbqFrRBmA|(xUlpurOLwZTl7M}9KL^)D&D8fuAA5>C;w8a=+=nh;N*Ei
z>4_yCuvjQa|Ip}CW@d$M6R6cK)@lQ(mB-UK3tO*zP-U!kdR3M>G2PpUFp9Vnnx?LP
z#YvEIgyX%xu<3NwPcBf?b`pC~tO~GHkP}||qg2^#IcaJ_Qva(|VI!OPFQv+Ym5pH(
zC(Kvclpnp85XK4ugda13<73!k^CWMKy%Pc<3K<52_D^zOKZNiD5lvS%&7LayX0U|%
z+}-0jm(>Hv3V;0~G_BY&D-8`A5C1Q{inPtWnyxhK0G@rip_5ny_W)We<ox!#e?99G
zqlW8mreCWj<y;Hib4OgGuxkFsGJez~Mz`5&x<GjXN97%>HsV7Xc-gNv&Lg9oW}DBL
zVu}jKUNAf>NwBAZ(;WM0;G<yO%r<J&KZUyJ^YMdKCvNHgn_wji^f5tHy9^*$d3O3=
z1uI9l{|Hus{6rq6A67#}<qiG{R+N<fC0Gf~`nO;u459eCV~XFUld2Ag@8**4wp+e?
z(?s2WTkDRUfzf@cd2$HKr$I|4%_bzY&wErILT4F7wD~2Xf_zQxEG;7BgYJ@C6m2Eo
zO-b?0uV^cv{U9@q%j;@CMAnnQ!Xde*fab`>$pS|<XFe_PXeTAk?ma%P<A*~DFBfys
zq-D-qui1Dh3CNN9_H)K!#z4!<Ub~uzL&44o<4gO!C3eqByd^8&+RLp~%XXPY+XSp%
zQeUg>HCT|VeO8TRkBc}vNmD46D25ulvT|!Xq`E`atC!CUdV11&eoEF+lkP)TcDnk}
zYvnnqWmjdx#~eyzNoPfuo_ex!bbYQZkd3#`>jn|6i&j<KYf+zp6Awol<?37sY-u<S
zO!^PEcan&7<rbDxEdT%E76-sdu&sn6!xxgw?Q(DTAmZJtyccmMvA92e@d7hbv52v0
z76n8XvuIf<$9<Yt$uZsWCTAw`7r{S{aSjwW<G*;aw592zy%C<3f>?jQx>YP~)`WJ+
zJcQQW|2M!j4z{6Sw;jd6AH#FZo~Y8wE8pDX7^<yQYh?2!u-jCYD&7UtQ-M_<U>w&m
zZJJiH_6SMv&)j$jPHTAm2wd}KC_A7wOM}btu78rqs=R~sy18rM^L*&xeSbIcQUB=V
zjGdZBflRYq{XqQd9B1Hs8EXF+BRHkf$8Va$k63(~OEGeb+tArALF*n(Yp3vrAM<&Q
zrlIzQZfaApl4W{`0QzPT1OSvx-##U*W;j?j<|ySXqN?*!P)_`t<}dni5H|Ya%6h8J
zM&??bW_bR^C}mH+!Je1c&&uFxz_Toi-~#O9@nl?_Hr0Ka<WY+fCan8T^V|U6_&C5f
zK4*q;|D~ifq%2iKE7GF!F%~E0=%wQX{)~E)qOSaN^}f>CO-V)RSn-7cymvb82tJLd
z8`NouUFR%@x2ntqi!;wBeZ^+Y5>c#sl7kq}W?Xo3#C3Bcb^}=q5KF#)$@|!jWa>(-
z+bBsx(w$1EHM~9$x88#&cA-FzsEX+l=olEjPoI0Vp5Z*LMpan&p$T5G@7TqCR<MrK
zMOLVIB>KlV9vY0zRzBssU3>E)P*s=P<glwVe)s(x=Qoz31_kM6)%SKSdq59?P{x>2
zx*qh1bta3bQ$yd+no^C&mxEY*HL26QLt0(vaiTN%6_k8=8J)C7#D%xN{d$bB`C!+h
zcJ#lqN!C$Esb*Ud0<&gpdx=o_jqxrmn6L}W{su$V8Nnkzr>ORmgZc@;oKJ?WqmkIA
z;eQQ|SW#vE{?|Yb9(YOs^QW0`o?<<(S}}02p;JbElFZ4qR>0h}V<K8s*(Ft3%6U+G
z<P5JnR1rQeHfjH<nehXm{jZ7K1<sB;4G+*xkmamaKJEYvY^XMoH+$?QQ)N^<6@~1Q
z56^8#S@~lkS6VXfGA$dE?p!Gc^#_RKTK7>S<$gW|<I^`Eb2N6`7<01jY=U)iFl|n%
zAt=)cPIT0{*GHC_^EHdS%)nJ-S7aDPN~jmsLWH+gyNUMcY=nQN{>wzJf3=MMC`5>~
zn(A1)ZuQFR^KU+Ra=xGT9l$5ic#B75`=pMTQYq_G#9s~f-288TXu6pnO_KH_;cUgd
zO5NMmSA(0`me7mDa+c+cyX<d5=LNfDM|A=C<Xq%mKIu_)FS_9LQ+p>-y#6Mo;9J!^
zKNm@ri!|s{YHsB?<L|R=-65NQ@T5-3=O@9@@<1D>nA+KF<0t!ywKM(OGO!P6qV_Xc
z{G24D{CR))@FhpY8AMI#?b)e=e|3NQf-}n*nb)9v<F^?|qh(dj_zDSC<4mhweOKR=
ziU!;cDV0m>CzmKJr5dgl-B9u5bL8NX?&z?^V`@T-ZR{VHK9#@Di@kbVwxxZCZtAFW
z*T0bYy+uPT+j_MV#-_^SQWGh!sp2eZHWOzZ*Qz{OTdWg9vwi`e6pyyIeHZ>67;mod
zL*Ri$h_vhh3^(tMHr%W*z1p<sh@je`A<uT34ge-Y5C4Km!%vUKeo6nnR}4w$o_w5)
zk1R`_D-|-WN0Ps2%Nl^TO#Y&+tiQ(RzaI32Dr`1@Q9T-P5(j#mmy`Tdid0#*O*#RB
zLXZ#oyj8{>E`Z9rj`aPi%$@KJk8ERYTNya(P3M0!C|cILbj{QCd%cBhc810_u0F~+
zDYNxpcu#+*S<>BF-LETF*)?KjHoJ^Cgq;P-am`?=#R5l3PLT<I`7tBKoln}vveHEb
zm;A@8qC;f`@TxpJ-tbz7SRgqkC+S%k({gJV$MRH{i%1cD=W(Sxl1rOD@we$lokC(f
zg2+lZ_Xad4Ou2Xe8dW?86+$jS{$j}l54v)X(e!m>GAwP>P0S2ma)Sp?wQFR>yB|HB
z>Oow2!S$Toa*@D2(GPzt=_j<VP1`ZHM;|YoU@Uy<07a&LMt&^0K#?p&N41BN<t<qU
zOFu)GDxLCWcR7h|lHJSOLPTs3v**?gG5yoWCNJ|9bYRyt1YxHh1hvi2ioQPS6)!Kz
z6|alGKJ*>#a@1?vJk)D(q!@kxd!zuYzZ=x+P%NWx*T_Gp(m4kM@S-ve>Ycg(uLD3L
z0SGx50F1pT{~Z}n04Tr%-s7E}(PNM-=^26LkOV$3haRw0%Va+I+gsdGg&zl=TQ_ua
zfu!u%Q}K41xxWaSL)N2uhs%v9XUx%m=aI+8B$zo%7<f-gP^?V<Sk#}j1fsaNH8*@V
zCTc<B?hIGuf?9O(o~IueNO&+?AU_8NViQwz^!R$;gQZXmE6bgxobo_MYhF)Fcpf$_
zJCdQr6w5^S|KIS)%75|5^rfP1W%t6C)N_h~CdDwpiAz>}atovF{GD9{%;C1L=7DSC
zC9Cr)yOhm`wYWu2Vs+8d;A)Nj7DhLsm8g;Kq4E^zFd@}Qa9BaYOJ9!(Xt1~@(frFz
zn|i4<iCe>ihvl7KV-Cw;ft~VYDxFA+tpo$3TdMomnDiqS@8YY`+C&Dbbbjj-#?p}?
zS_-yRFr54Mm1vE(PmclrV1b9OVH^pM1Rb!rGI}nbIZ%mt!m9hh!o6J)I2yZX=2+Pl
zfnL+w62V@BNjFa%oZ7%ELLIh>wl`_Y^w0@12dN?D1SQ6JjNqZ+MDt=5xic5X`L3Gk
z0G>@IzZ%53l=`9Br`V|4i&{lZy#$q+ui{@q!RZ^m2$i4j1X5;Nv;dy)f*q5bHHSJk
z;*hS&8Dj9+$4+;?mNI&Q^&)2m;{W|kEz>H<OvPr#A#1%JOAj}#v6xN_kITyq-^PwG
z$`O1n7ZhB<^VxcTr%l)eQg^uMMg0FBM><CS@8d`>yZ>DriF@@Q9Qhv{`5zql9~}9|
zcK9D0`F{qEeEF<<yp*wDQ^jL=Q@NV#&`OtR*NQ)1N9B{9kPKHd(o&UJeJX2eK!Xjt
z5EVwo1<ADInso7jW=HPaW2@KSdo$2D;e`W%3^{t?8XG?BIQrF~Wa@o{sd&JESn+-8
zs%e&n%a+y(k57jvEU$eX_OI35yE`N{A}1e$rZoV2eXq4PNY>gW8?$hvBLll|RKm<Y
z9<FFqB7SzCL{BmyVRj!tHvisOI7ZU|I~EQ~8Ck#y2!+favPlLYo9UT}WaNPF5aP`3
zlgP2*KkOGGus;1En?C_$vp2(He@u>{`UAFVE|Dgr6^v}i_j3S1Hl;IxZT^tW+IU3<
z1y%ETKlj_nNF^XZDi9I3>sV{0!WbYzWvo?P5)(sD5;G;yP9s0jPU6plUGYB;fE^H^
zBmz&l$0R|y7tcgTxrf}(Xr%3(jG6L{zh*|Bt(Rz4RDInI%W8lxj4=unclZ17kpJPl
z*lDOQ1RM)dV;BpM=++e<HS-{obkY-yiuOLdEy6J_!Mb$x_ryRfD?d}b@8B~79u|iX
z`Tjsqq1<0pln{^#LoRk|z#&QryaHpsJa=C6FU8_Ke8m+e@B+h8whTn9^+!g&f=|Un
zz|MVP=^yz*`!mA?--rarx}d<e5DBpwSP17CaUKcLoMNncW}8l9)OdO2#0i~8Ie#$O
zuIDO8QJ=LE{tNdeulL=EnDIj)9iaz^?I7>R$m_K2;B;SG_Xz%`ajoCvR?6_%Q_~~h
zkCt&BK|XPHDZdN;5=k%Ixo-mmvAQ`4i*}f{3my}SUBC{qRihUHl0Mb$*iEre+9+_D
za@|*-oij4_pK^_)SVO;pzt#UjECiX`hPb9h%@CCAhHBNP0=XE8zr>$KF6@oCfspX@
z_=w?s5O5eH6jHkhJWgX$hNb}+6+UgDzBe&n!2=(ot5o`l*g+hln^Y$GddW!oW(_K5
z-?NL6+?hrNdM3;CU6mc@N^3hc)Rr4Yo77wdzqD_y@Su;df(DT<jwM;k1o7;FM}S5M
ze!Faxxf7QsdHa|V$%gVsadvb1k)vaO+kOS4j2isM=}z;d)yaiCG5y=Nma@~(Cuvvv
zY#$mz#viBqc_GIir#l3f$vQk17e{cz?k~ITb!iStJh7UH0L`O)r2(q<Uu!&RPEv`*
zciI({7t0vXOoeCEUvKw$CI5g;Fyk-`CB4i97L8v?vxbc1k_m%=n-t)dNg;zSl`zOn
z`S&(!SO)|+?EG3Zs&7`m917U8Xwb-@-xdPCnM)y#@`&^YY+n5Zo1#tmCShuKk|GVs
z42oI#eiV$N!B@Mcxe}2Igl~)AlnyB@V7k;N0sn^c1bz_-fDv&PF4t2RE!U$IE!&6F
zYAJ@(aw&w<mMqtk|2-&Kwg&=KF$z$%Wa|!){yF<otQYvfbN@Ie$G0U#|GAG@k$qgS
zgk=0F?__wk3yf;pgRsf>u_i_XFCv8ZI3ecy6%QhT__2HV!UKT;4ODNFa7g-l&Z}Zf
zN6i%D(iX32(A6%FY0mLu>8qCi+&ks+6#K<}V~od~(4%8L{RT5D>&6Arazgif%muz|
zw)Kmt$JoHESHKX$g4{(~(it9SX9_oe!&A%s%VSK>(x&zizQdb;y|aSVv+D8h*^={=
z*XI^k^l!xa3=a?RY8-71Dq0)%!WNblKiHU*WULi*_SVhf-AjtdlEJeDl;cm}^bh5<
z?7izC3x7tA9^@H)By)>I*a;!^N|*94qe{P$dsJ6rI_Z|pN%i>j?uO~c<9HG0lz3%6
z99NNQh=(2^Eob}6#Ygs3XwQq-2<i4CQyS_hvlh)xe-lG<aKTYEDqce*?}jEG6G6KT
zv0F*B>cxfZrs_GLzUA#+N)PbVQHW(t<jUm>?M#^?OW>if4KrF4?+igSx`{R}<Yt9+
zI(5>Q#{QTrA>d;5cM6kK%z-?aR+tPfR~i{E6m-<*CM+e2D#i0KF&`OW4>*+|Pfp-e
z!AY^aKf~({v-<pjO|`KZsqAA@F3peoEuj4>WNM~NbQaZHatx(Reo)s1uKX-?y-<a_
zz|#<7ixB#oM`8h$gCa_|2$Tk}-S@SRL8U$+V7x|PNE3&Kt=|<{u-akcO>>_lKEHTm
zDf?M#MHP`9{d696LATmEwE7KHOfLq1e~DTSW%Ai@0am#xo`&CPZ~&LeG<$BR3&c1q
zN8~t1GL(tx1!nr0qf*@k_pw`V`L&ZW(@=I627*a_bonHTW-GD0nKg(G$IU%hkZg-w
zP@6yMq4ZE~Y*>OE4Wv~6K5cxLI=*LTcX{tJF6s+4k$qDlC)S!YQ4jUoo-gVbJ;a{g
zt}f0vPj)*O9v?w)2;DgC9XVHnW7B?RiU3@U9mQi^)&;TZMRrCP7`wh2<X*Hvj@{;_
ziu?7F+^1}xerIag1)Z4}6XG}GxGo$BAEYqhAudPfZe3kD0O)+CsQ$V+Ywe_CpQ+4H
zIjMK)RY(H%R`uFl;+jKXP+Fbs``Ph!vBYOx^Wo_Bd|q&l|M7A<e(Ai6(9`}hw-EE<
z<L%|-1gK!>d3`)A-1h8N;P+Ie-(<b@;M4brOnsV<?w_2<eeQJ5XUA@bTS;^!$-RTs
zw%aAOWs~__72Ub+>upl#<p*x<)!XG1KuOJxMBa}4xQQY276H>-$mRwX8<M>n9SGU*
zK4Wl8O^D?EC7zUrg5tBhC!_@9aP$L;+LeFJ8FOv2)AecFO9ZNkI_;u_r|6aP^2h==
z_;>>_NFlj(_m9`zUF%D~ob^&z89bt`!={cVSAhvA!`vhfcqC9+MW)7XSK|}|`0=Zf
zAM>y92Fy^hv(OW+Ge1~TYAai}_$D^NBg-a8s?1xx?C#sA^opwAh8AvzT7Xnt?HxMD
ziv)YO83RP>^Zpd0ERVX4QQhEgqSl7yNfuCFr54|NcO^lF9NPFas*A~)8E;wN$)zPS
ztku@@3)~^M<PIU!68rL(jnSN6Hsj=-{m)vRJbP)EF^*rg6fJMDI_@oP{A&4|*-PFx
z4^o@+1NAfV(iJXpBKWN2Slb3sQCd7#4a*~LsgStxgRLpcZ4|nUM6TqDDwhGY(|GXZ
zr7i`_Vb>Ku2qOM)%bAijS<&F{1wK*H03EP!i{_V!issdOr%L8i_a2pwd5VU3kLB$o
zql#XC3;zA+=j6);Mlx1~_(doxR{mm^leu0-CkuK7!3@Z5FnK(mEB{1W0A?9Q1tI!K
z0578~<EV_A<>mBq9;_{tJPcBxpWEhxw^qIOq<iWxr0^40i?z=}s~d+vds?k110U!e
zPq8#{xa6qEcibQrwYzSIAR>@CEnm`Gn`*rt&+D68@@*ADV+Pg0JnPMjaE!1mT8Ze#
zX6tm=%rWrQoV`ieISwiaQD~B;N;#0XzO{?f8SCu2LW(vU^(>j}8z8CWp(AlLDF`3r
zKDHL>cJ0%yXu6fd@^i2?KFm+m2^chlC5g&V6=sOG{FY|0*7#(c*2iJeh#rha>EF=~
zVCqqFL0!M^&0wS(1zvf^mQ8Z=I4?FpAinK=_bTtXUh!H49YOOj;m(Pu0o6YEW)Y_~
z*vy&cY>)Ql`_ub3)H!makf>vxK}I^a)@W*ZTwO4m;$#oXIQqsHzZBsKXHo1c$)Ecj
zJ$AcL6*!$F_C$>dW)}zJocYTS(Jv9`4XWo=VVtMVEE}wBcCMl(7tL`ZGgT4Ix4CGu
z)xAY4Pku9IrV>z}Phwft)Hb%H`2Dz#+A!_vP3RR=7@yS1K3o3Vpe1Vw!8NST%U?eh
z8IczR4$Q$we;331nQs*4i9(>$x_-n!pmSaQvfVh)<6u;Q^)R)|T)?Hffn6l(B*3^#
zo-YzUa2(8_3s8AYKPg;2zaGtI4qzS7Q0m39-S8x6LZK*6(RNaMg&Px3dR?0B#I<K4
znP{8e2{flUd=KZiQw(vEJXV~qbNdZezjRrx8ult`qs|xQRVp5JLp`8x##)mx|FNWz
z;Y8$FByUWikFC;kRM4I1>P#QNQ#M0e-e)8W=EHdYK4w+)8DUOj*E1~;`LbB9klMh$
z&LA|YE+6YJwyg-CGi(%Q4~t1Psa9_*h|uApahyF*YDfhCz9yGRpJ;KXY3cV!`x0Tx
z>Rw}|lDGFcX)R+^kDX7#RcDEm1jk@%P~7fm)KSLcb=|x5{2rJq3Yqs=h~8mx?o#uE
z$Kp^GU;BM}46@Ltbgba>$g%WCwC1O+rn-mzb0sZLLTk2M%F_h#EEbxjwv{QXLP7j`
zKF*niBJ@nV_r2h7_XC`Td85|HU|P<cpVd4}^0DBeC=(+Qbb{q#RwFWFsu08xy_XGr
zk0QQWfnYi|D=m;e{VG8h{4;Ht+k1nRd4Htk4GQ&0o3NA(KG!FTD%uY=1?rsA#`~u8
zDeK?KBrXblUk6?w8n6~kfT?Rv)~8Of1Z)oAxi9mF9XY%^AHM6XC#P#Ii-wvQ^iW5Z
z5Dfs3=wf=Zds!{el()~(29b`7SQQz$?a_EDXM;Nh6&7Vy8&(!{rhxb7H<<7ftxP9S
zjZ)MQv~1P>Sw5P!Hfm3`14B(@)z-0`XaXX1{Cx66jgz13<cVe#V&GneO=Xk&(x(?e
z!|F39y_)Yyt?m;oYh!#T)Gr_G_qV@=-4_zsOLZafice10HB?$ta|K-nF%4%s*&Mt4
zF5CN6I-T24H-0#iz|DQn;7R3)U5LfAb6Qq6+^xH+vWXSn*}++OqphJv4v2^GGz%~=
zt=cWR^Y3Z|s`%Akc~IN$Mq0+;+ITQ-_Kg|er}0Tb#s416^X@5O%j@Pf#^-hPGMSJ5
z;0DUoFb{XJizs+Z33w%(dLDtWv<B9Ev|m=qh?u})LdMA|`EiApt;hO9hPN^b({v}P
zkv_@DL0-_b#d(s-pk+R=DQww$hn)JmIxB9K!x;~#!$x4^1XR^B{E+IJNg56;lvMFW
za0!`M&Ds#+!rh$2Lc5=N8!Q@s1CuhX2K=uTk$?rZ@t*IC(fbo@5tc@qnwYienZgr0
z1LMI~ulx=W7wN1&lHz7I`0H5P`ZpiT<l0oXl9smR6GY8b@0Xf)R~P&jWb$euJ12l-
z$m45(EgY!l?5Y?i<YXp|OR2Y59h5KoLe#f+E&MFZb0(@`hr0L+h&bAv+l9X4SS$?H
zqz31vSZc$D)Vh8`XN3wq2I}Q(OQ5RFQ}~b-Lv)*AybF?z?CXusWBX{Ac=nafil0N3
z7x|9jyXaHezotiJqV|O@yWOJ~$Nn(av0i54!6FZ7kJE=>h`eRUx!|<wl^JLqm~fJF
zCJ7{BJsn6RHQYu=;TTL){$lHsIDejrXz;t*>G;hv5X>T^kR;LRW`|uajlM1m+5s^d
z$H<qBRPPG6KZMxfVtR<H5k*Zn5#B|L4oTnsqx065VsW(CH4f8Yy0^$ArQ`&7wXx{}
zVAOnhm^IA2h9F2juV%BdfkgE<r72Gh+b<|BtB`PrJt`7CSD@6Mysc|Tcd<TJgR~_?
zcoWphpKsfNm7>Hju~tPjF04l4iKBA4<i?UkdNX)MNomA3+aI|LMG&L?U7H;C_TgpU
zk*ynb0V<|x>=}i9ejgl9V%+c>1yN1*>#p(z2A$Dd6tfm3!8TGWY6=ca44Sf`l&l({
z*#MEu!JOs3y$Slwp;G*{(>%`;h2r<($p};7@aMcBI#>)&M>4yVN3MRto9K5zNr_;Q
z#txNF!W89rRD_(xCkDizy7((xTCU{_XP|-(%4r1;?XIQ8sLaU&bvo1dh*RF;UX3X!
z``;6&sak~~Z9CjS*Lfjz<)PCMy+F~I({99inJVnUiyo>OBnn^3byF^<SH$~Yrr_bb
zRN`?WiicV3ncqqd?o}5iSfU6>Gb7E<2xQ|#b6-&@W6Xex_f&*9$y83)EA-$EM?+gL
z1$Tlay9))tn}md&qji<Bui_a#@O3&KBMDyO8LoTsU_LS>x^9dJO2k1Z<OuVhbku;A
zj=4@|fhA>oVS4NaaN&;pdP@0gITiewaA5I9R8n-+3Rj_HcJQ)w$DEHT7rHv?ps+OP
z%h>gFtb_^1onhW#+=c@wpE9rEp5oJv@XH-KhI#w7kfeJT`s#MfrKuuw$9J+I^P_%4
zg!u=*C=-)GUJCZ?^x~F*gk=eLMA*gD9+y&l54Mkun3ju`840V$Vsh-oq)_nU-zG_a
z_D_XK{~b@%1>bLMV{sG0IM?VT9w6(*^%M^YRB*5HbXjQY`WdOPv#4(fh~}=L)=wH;
z(ka?MCDU7qj<2zh8C{a;u0|u(V}EY{^JsnJ^sbub35e#_W48t7p;<=GM$Kk7Ec}^f
z0xWDx^ogw@#yHad3JJops!AWUCA95vsza4aHDsZVi|E?v^>!RLMcZ=OkY0><Y_O%(
z%4*J@*+WG-cx|y+f8jECNVS!}luQ*-P_@lcAQY`-i0+w=HdBjUG@I*)qYVaR*ws(0
zogY<wkz`bhW@qF!mo$6mt6ZKPy*0dHOaEr5F|=U(&>v?+HulS?#w;v#8A0*pXc$fD
z(BGm9brg8k9+Yn8q88LG0F~3>Z%?E8q*SN^$*H{%{d31;@`TwW%35I%OC5C*EdvBs
zET_$PqE~t`qT@H`Ct#wLT8P}ljQn<A+=gx&W|A-IZp`ka*ZZnTpl?eVdn6#HyN^^L
zS=K$I+9PIpQO4OQ(A$}It8~*VNo2cz_wMC@IVWn)b1NQ&a%9JHEYcO`scVl_*S*Ij
zc`Gypv`=~gz(g0k9uk@GDEEGJl_y@;<|ST>V<N~&V#W{v)}IaF@<r2V48TN<xD}mp
zP)PNbatv;qvM8S0y%Rk*_D^3FZk%)||NX8400s0!Po1mV@{3z9R6c>_=m=hJ^KR~D
zy2)a<x3{qUnO+<@k{JI3iiiZJdRlQZG4~&%+6z32uWg6?3)hyt2!(>kuTecr!mLTD
z6F)KaW~m|H%KpZ6|8;4;73GTJ5hgwAO&Fi?li;R3NbN+iBlye!m?$o0i~r}&5AmDv
z>gpVRXpEGhagC(c><Urv#GaGOobY9?hVw&)O!=;)luTcq>Ko_BOgHEDUzgkgwYaZq
z$lBB9s^{qt(J5wh(}X_G;xR<K)lrA)ql}X%Zv_JP8ouQo9ZFX7YCSr~qN{O}=FJ7L
zie|{q?OTlY<aJcGeYUqDkpqITsJ(1+lnAVnyn~H6&IR=s1dDz}+wnw!s$@38g@*H9
zg@S$BoGhYjrisW=b<+ZxERI=7@#O@X`e;AJtNru7b_*Rnue8wpbS!S3XcE<5MHeph
zw192)!_-1#mc*iVfC(1E{;dz3r{hSZUSeOsa30@xI$&l+VK4YKGNGRlU8BHG{~N>>
zRZO~0G}SJn{lIsMZG~Aw{uLIgrFEkS;;ZwU3C6h~^FgAc%0i0x@~Bi7h=jJIFVdGr
z^arFk2f2J_Rw`}BErii>Vu~+OEGA&toC>Q&oCe(9m4=j|Netk2PDYtODMRDA!TX?;
z5y``#cS#fl3OCT`?o;3$cuOb^UyfKr;s@;Bwxu$Fuf`3dvEIpDfP?hk)KYE0?POfG
zHPKpx_bQkYh6-+zLU?(5Vp?jqW!nSI<iq?4x()fluPl2v;-+gA@h^r(g~5uqcX2uO
z0+$TaR17fa%Oj!&Qdi8dy7ku7MV2`$c46tjwjvN1zoJzYl7xz^_an-p(ID~k!FrYU
znPA4o>fpIovCypcq0WbB$ZhWWxH=rPt6o`{;IX5TC3*O_^vLh!8EFrZciGgR)dneh
zhbxDMKiT_&mnXK=sb6Dr^{kksxAQ9}JqjpvYG6^L65b>Ch5JY3Y6s(FY}t1&HyK>^
z=e*tIe6}-*ZHl;F0eZ*<iFVh3_HkSy6J0l8QSQ|X|I;|$mHy`e&_)IZlp=5xhm7JC
zhe(aI0hd67vDP;lW;#3m+Fx(JC!e=`+}4Bq!42^0QVs|aTrT4L#+!qDVL$dQUffc0
zl_MsXU==Ypxs7B+S|slp=r*NAnukWfqL^JjQmlQsw&Vc4<|Nt8NYxXYbVrR0yNAI9
zi`+DvJ_;z-)l|W$&wf6CPSZ{$nY}x4tRrARUUzOa3J+vT`}-*sSYHWI<y51->ze(8
z@fuq~n6-=pbX*TQgI34thsQ=aE@93v9HDZC2TuIJ<P4q~GHS7Pc{m?W8Az;}Fjryi
zd?8%Hy~Wp|%x~mKftQB5B@&>U!1A4U-%0E6p93O-H-Hvg7N^$AEeSP%cVL~UxURHK
z%?v;VqqDZi)lv5+w@hK?eF>xA*le-=VF$(M0Eyk>cZ~uzHdxt*4_)WBpjkaRWTiz=
z=4Sq@Kfze9V|Z2l@H(5hB`5BO(gK!@Mawwq6Nld>kf6>rhzZk;lo&jzIDt@dp6!Bu
zot>dI%j@lNaSei$8|NPW)C4ysKvRvxfQP4nX4RJ|aUlUh_Wn#InhH#k>ac9D9iwYg
zIOjHr$pL1!@vzzGUZ5Wbvfjx0QbY*<gsze`>LXE8?I=Dt5PzoKuCeqhjl9gD!*Klt
zvx6--;!jt2R=SN0&=r>Q*GvI)h0y_BVahZo(SN$ats4kxtaz~_P@<e|F@m??fhc~;
zyMyx>8~Xv7)L*N*A9&3zF3YOfzC|Iq1Pe84uCn~xIpX~(pxP-4ba$cFQLF(^?TFu0
zw%0zd_a+~*9myH0F7lE$X)lik+85-oS3V=|&s1ukc%SXZy=Fe+A#fj~al~<b*V9=B
zzftRJ%Yh3A6RH}Q77YGN5epqiA8rVyqA^m-2vcC_u$)?m?nT+Cs66`akV8eK3|af*
zfbu<j%v;5fe<49ZhC>7CcaAKEKy8@$NUnQ%Yf|iW1;J$*2-7!9#L_t4(j8)jE7A+%
zefAjY9j`zB%t$Pess8HY`!HkhAB88vpkn%wkUN7jy|G^n1fHtwidz*_QQhk@%LHKu
zd{YN~zWlTkuQO7UtTQ5)tUEx}YA!_8a?bzLi8hk^djM!j0|Bb^qLj^<`s2j^oc$>p
z1@v?NzATCG?herX7-d%Fnc=A+{`HY}G7>rn3bgJ0*x~cm5~G9@?#F$R90Nqd4NE3=
z;Tp4Xj`y7kqPtTlGOhRGp=c5iVqj2R;WZ7tGw3nRJ98=h*aBAas#Kd}vwmub?*bq+
zzYW>jP0Y>PH;8LdyvkrU_%gXS?q;0hLyBG@qVUTj)|shScpP0J-F%I&Z4U1*v3zQ9
z+wl0DiJqMXYcF;hw$cSMa6WUeNs^4@h%vkB;HUK1!Sl<nQ8tk?1C$2l8C;6uv)+lJ
zrB;MGfcavfM>%e_4MMF|`lCw^Bk6xHBz1j%G16Tv+j!jMnBallkklS`HhkWzwwKmq
zQ)FkzZx;`mp~Pm%q8~<r3j}w{E@Xd@s8Rd@YK;ZKfI{275@%aQr_y<=NeJ4KI<k*j
z7JH0M=Je{$kbF_Tw0ZLUxhuwi3p@KLRd7w(Jk*;f>bYUB&9`#O@vM8^=3xywaAr!=
zCLF53YPTf>5&7_}>+@1%-Eb>^7g|37uxIL>;It8=XvLn!R=|yjyP1E*pzZFP<b^aY
z4VLU$DC8IsnycDW?9cQnn56b^JHG0UE%DCl`nKBIuej|6BMcNBD=9+&7c-e@$5SP;
z9S4w8x=QGH1Ze%{+Z|AV;j4@j{_D=%P@A;rY!B#<MqwWwH&1xY4zK}ZPwc^B*@vOD
zbpd-~>*GF3CMa*YDMqOs{tv_a55xQq!~74!{6Cgqu5oD}>_=N?%;g2QRoyvLBX87I
z#jlJQvbKphMLCrGILXRS*Tr;&P>?8R4^8W_9(^0ci$!K8Qwvq~>5s2EX0@gONrlq+
zlHqSAW;AurRxlai<o^07r^!9fev|eg#;f=$T=i95swo!zwV{>=Iwup;$EnRUX0y37
zkW`VsqtslosMao;>hMBr`HNf&xojnxd18b;AQQEoeyvsu!E+1LYAySbuzL|_pDWV8
zGH;#wU4UdD^C9g_z)y-sNn-aPkRsucmH43SN2yi~iovR_kgxyQ{Fg;iDhV$<3UM(r
zY$_!}A_uD3u*bmG@Vk8Xo2)YCJw2pqj;vN$a}7JwdYDEJ2=eBQTTagj_VXMxL`b$F
zJ#I8^)I$E#SuSkHcU?`Zp*>0Q6WPy%H^xWt+%KWMSl3FYlFRLC;7^kqc}To@{ZjO@
zVy43QiGIJkVM_hkgPhy4v#8Z~r7hA=1)n&oSA*v81QzGN;1CGCX&kJsT~X1E2lr+4
zODssa_whqeV|I1MfyXP_G_ef@5z9?|A1Jg(-vu#m6k{!a3x}2n0xDPcI;?*R-?wQ6
zST8+(z7C8zYDdLH4;hD!<U%8`5RCR>{G_+FsgWhwl3CZ8%8{>rq>iT!gtSS-l1YU&
zs@)^f?ssWVR;yWLzjyi{L=wHCLSVHd_e;8uq~pJc<nZgefmas|Fn~xZ_x(>ql451{
ziz9$Y8dCokk<|VFk4QS={~?kCo&O?|%72Jt=EcbCRm_r?2pHb{|5GA4xYMYY{BI(8
zKKE!{dW$8ceU07aDAYv@wxio}y06>q*wn^xNmrFM(*T@mhMxu^>N~G8Npr2cYLW_a
z_g>bEX*{?Rd5i2Ue2@Fks~g`$)5<++j-Kbxyb6kD{Z22p<>ooDu;^Id#LbM=yl5z5
zKO8)O*mO~;^t!rVRHwe6frReE75CN$YEG1DT$o=OtbWJv90&tWR%pMvnRhFMiHmYz
zM+6Ug+gU|aCv#mHboEQ9G3I?szYcjJFaf2IIf2#x88i2i(a4(BRZ;ReI-Pn|<It1F
zrx3qQJ5=;x@%!jo#_1BhUgz5zl&i`Y>7{Un`5m$H-ngfY_<dKK)0*p$MVQFMs}r8A
zENe$)(nwVC6Qdl%qkxu;C4)^B1C?<oIjQDa&J6B@A1SqPCvjByBOl6Yed~?K>;jih
zaxNIZh8sGdKgu>*pjXw;1j+Y^@Fu_R+aSN1gXgDA@<`K#z6}<L$YTr>^qPB8olSJe
ztzn(OtzIe&@q)rF)ZI5XkG2_pD!oTdT`>32sGVhHdD3;m+a~Q*S}~!mofz^0Vm?5T
zUyDK{MqUIlS%ag^nBAJ=8C8xKgKrdpA;^=h2-!gB!~FBa{_wi@fAc!z&dt%c$D0&f
zY-<m(cab&SiibtZSSPOZ3#<&%fdXciwUPYe#RWJZRhhp0K<B+B_JWRW!;)2eC&`-5
zz9i2tE};;#$NCGJmF3!RHR>N;F#d8!HgZ_qi&pS{4r7ogqaDE^I@36|-eMii8dq=l
za5T=_X-IgnJ_kRQ8FAo}ItN6u`!oX?_IEdshZ9RX>s;rIYR&bOvXnb`cvl>ZYmL8I
zK&yjRXCM?hpKRU5S6rC)2w;}kf3~Nz2+0N)a;O<)%142-w0%t@bW$$~q}wQ=GRxwB
zc-dH>vfKKCbXqcYV43jWFx{FDk#I4zJ|zItAs+s(m@akqA55o(IxQegI$f@?-1QgJ
z8J+&cbd#gK|HgFRgr*K`HA)#Nj$3lR=}|0wX<G)l)VjmiNx0Kpo0WlbHEAhkg2Hat
zV)McFIvsj~d>(UF@_5<x>$!b}5{QBq{FI<|o?5-s6$)AWRmI!-l9z;FxIVEAlkiE6
zBt)mcx+i=G<5bcO=_rq-umaxuC3iw5Y=tH<y6*^%SGkq5G}51qFcN%rqhl*V{ONoT
z`{(u^X7W;vE|4~`;!!BqmGAo1DafYxbMcgP5=)t2NfHRnwI*Kz#Cqt(8?%`?{{_|6
z-Gl}IL4VPP3+KW<I{JFhIAYQ1C1Ra|CcWaK;Ux<gP&LCqtvq=C98=E)rE%=#b?0Up
zmnv>V5FA%L7V`noRY;Pg>BDidu0ShDO}0-F%jFyEV*2ypufwK{!3pn>$)!O*`p;H*
zqxG1cE~M@v&l3LkgJxLy@q1vE-HEoV%KmV4q%$@o*025K-g}=L?}sz^(lgrM%M{0|
zfZxD6y&c}+jEC8uAn#@h<h=Rt2Q}y#H~k}?>pRY`)XsRHM+^Ag7B3QdeBMHy1-!Jb
z-hMMbuawAmMex2%ATNEG@O`|$d3ZgoY<aSjC{zkZ>A~hn>O*JJz>DJEg0ILwI+4ht
z2;Ls{)bPDb*gPlncsqE>5zW0u9ZY$>y~<VcK4uK#SNT-)D7OKP%V|P~YYUgA=Dr;0
z3mEHh3-`i=vqw?j7t1Wk@LW4<$Htzj(X&;38x{FdWN5h9Set4yO^TLcR7fK+IVi1s
zjSgp2TCCX7lyJ0vIfMITjs_TK;Z26cl;hjurJ3ErK}lH6>oM|4!=X|uobzr)XxQbB
zI9_&C<!&+gX3*lLOQsfN1zVXy&zTAI-0k%&*e%vrH(en;jAm3z;V%vD>EA4QI#_X9
z198d~htuggSX3sO2ypkpV90vBaYHYvu=xWkp7Qb3d@Yw_b%9#MU%0UI<E;>3?%e9Q
zDt;W%$B-3qK&-&y9t$Vme#zZd+n%cM#!QJ*v*(H57>X246=A)}aoJX*#`*lEwrKbM
z7ID--^O+(4Ksve@VAq3X-}RAKHlwG@>%%qP@gB%^iTuG|-qY#MIi=;JAJt+SaGc}r
zavN*8Z>p24-T18%s;|3i6;~)+-9->PPwj_-xL7|tYINjsI1JUNYXG&n0b0o+ew>u9
z79}|1{&8SAj>^gkO;x<rmVLNI3npsTcUmGA^tDw@vYWgVF8)O=h?elFu@Fr^oo8)o
z0*jnELGzuZ8ZeSYsRF~iBA@TyWgcmNcV&N%VtvZ*cTsiQj%bFxNTTW1nDv)}KDnjO
z_PFl+*o_L(zu9^740EVR?yc#K;PG{Fq(;QHk2@%d(C{u~!a;LgTF<RY*YGSM0}a3!
zVrwbN9bYz1gI!sreVi(u)YOMALo6Fqn|DdtUJ61_GS)_EkQFyk)}?N#TGV86DjONF
z-AFG`5|~_XOk11`$kF@G*;31D1(=3->%J^8SIyx=jpaOUv)12JeX5M@g=Kj(bu!IL
zoSjInm>1rqdjW$V8OXaJ4m5S<=p--H^sR>kV!jWelP4$oN`u^#S*!OT*dnu}P@k0&
zT6yk5itEa;Q93S3yICI7OlvOg1}e$_ILh}Zo<5vyt!o+h1JOYWO|CIbvrhbG_Rx{2
zsT}{Z3(`3LIHE|L?RB%d!=o2XN&J{1Pelg2eUDzOP9Mx6>?ix`qegP#g3M5RFG0`K
zi&V|TIXWKe89L9nf*-@LpbXme{0H{r0aW5d^gS&pQ?v@oihC1nc90f9bPPTMF#Bs1
zP!642;-#qe>o!fB%R+f+LWxShQw?IVR8zzV9Js>Jps5w~rWFC$WqxRBA+Sp0V`Bm^
zRYG7@%u}`(qc6U?QlC^)E6JZlfaG&p2CX;Z#xt$tD9xt*$MhjJ4UkK8&lV!-SM=AW
z<QF@KPBg9BX+b{o;FkU68bb|p@5|NYDvZ;mvx~&Z78{0oOIrI<*xDMXD;v=k%_f_M
zHXVmHJ+%ZQhjI(%a)aC7kn5IM%i88!XB$ny)zxO*ZLcL3x{ckj%@fNK*?gXE+1Al`
zEL=5oX2{jwtJ>U>DncQv*qE^=Mk{dC(o--p;?&YApwAKBKQuip&vkmvJDM7D((PxH
zL5@!cT^!i>$#}-qz$>T67o7Dm1{=#+MX$=0PN&&&DE3f%N>aEnw6<}C14z%m2Vnv`
z70ktL0H!H$N%!Ruu-B$eBw+&G)KWxtloQRif3##R`F2l*lO4e;V^iiZKB@(HZVYvb
zzM%_dFl^0*)leQK_!GB*l2%UYZ^t~PtgzQmT*Y?IFB-q4J8LZu)fn+(9dtP1*PPBF
zb#Ux&)h7>nGm$}lVB<$`Yid5V_TKIl{OXR3Ddsao)$!rhk!W~`W{EjC*Q_}|8%?!p
zR#y9t>C-YV2?U<`wOn(?34L}twpfJSs7A_OwWZowZqiv~67ry=os_nnzzXN$o=$AM
zdPt#UcQ?YkK7vuyB;SZU-^(QrV3(ieG2Np5HUr%H)S9s2r;6(nVW~yfaC&8d;Kfn?
zdvnI5>6s1JqZ!wIpt|E=BIkTW>vz2thvNISx{i~oj^n^&>p^V2$WrFQ3Ww96hD+Z)
z*IKfRNAsywU4qr~gJZRD;UsH^Y*W}pgGe=Vmf84*aRg3>Y~z;=qvj1mXF}fvYsS-y
z+OX&v6<i*!&AE;N>fD0yUE^SPebk6Mk0=|34YD08*fDl`vToA{0Vv{ZeTBA$iNT{o
z%OmtN!yC}kMTM}hzX$`8S#|WvVk!tvCZf^{V55-9qNE#17+*{}$S@kRJrByxvSGgn
zH4*)SP#GroH^DVNMQFNACSg~Ya0$GJGiI%v(%-C>^vqczc6BFr*>-~r7D?HuUBrvr
z(sv3zM6cdcuVP?Rs3!CI@eKC^^O2IKIJ~>()>_QhS*%J_(qUlw>u`@d1vHgJdJiYE
z@4h<wUmZ-sN!kCTgW0&6w7dg1onrM5Rrd__FifUWK);c9I8iUQpu%C{P+vOi)x7*8
zfO%Yj4$iCDe%+c!C?42XQQFLP=eZVISZcekCJXX|-atEIYo6(PYWH)YmbO8RoplIV
ziDQwL!#|C}2GM}~jieS51zt>HTz<z$Ow^?9P#{ZQ6o5GOGz(EOt*JJbYO<&ZqRKz{
z5?OiOr7AxGfzaRyx3uS!t}J>D^>lnq-t)Tui2wPJutn>m3%!eSH6n;mS@P>El^nPs
z-8r|-f*M2^$(B_LFh>ENu1@R$TyqVx2KyCR&g{^%*1?zd$D#T@^5Kx?;$QBwvt_@A
zR-r9>t`hR9t2INCE50tro~q`PZn56>E}LsbKZZt~eAhC!54^6eV`Y7JRBW;i(4;G{
zQmL&K0q9<67DY1V;}7BwIOEx+vYpW@lcLH;CFXH>I|0+r5m-zHCc8%}Yd0Ks3@y>B
zA>d!X@99=tN<Q<=7sgSkyf;;4I@c~ZDU}MOD7`unSu84uMKBAuL6u?rW@>g>Xl}e_
z7CmijVAO$FpIA$ODRZG^s3w)Nc+w7Wk$}nJdi`~7f4*(I;ivgLrOUMe#9(bQGgNL0
zX?akNVqww!-4<B(=MTk*E$R9MajQju5Jo<FvoXS(a1QRK#%R}{uNw3;45w`sMOi8>
zj_=~9qG2mb2Kt8>dfNyQ)Cfb9D2q)RUQ~k6R*t!FnL>oG$fz%~oR<*WcJYsO(nDwx
zE@Z(tEV+wc$V|2o5`?pSg@V4XF@@GUd67jOlbzc~#3bskNThj{2?+Pd4u)eX%YxLn
zfuACnxiX^|o*`E|Bbg-vySS@P=hhqXQh|mD(K7dzIqKvYyR3$6_uB5ViAto^8O^BH
zt^?Xz3F(o{n?OJ7Hx`O%vjX*PvP96B<KmHJ=vd9*Z#w1kn)$z^h*%lswCiG7=lr9E
z!H%7GYfS<%MKrNq95Vbz3zK6{^2B}la0kdO*Pg9Vb;V7?yWS}!)kz|UyGU5Ozr!l$
zxbiX5oo=1cwV{xJT`=+h*&Ty=)wmbgRa_k5Y)AqD!Sj={8?Cct5fEwKcWeS($~DKC
z8S{G%XRc{|2Aag7p5?94q}T$JY;WSMhfO1QH}|OXG!B0-65gaa{}wJ|pR)iX?D6qc
zgML3=GJbc5Ihfh<`>DFblO3j&OCOI;{Uakdr+G}p<7ztxOm%ea4q2P)y1@+&Xr-A1
zT~`{2Lxl1hYi0=puX3_*5z(<Ry8c4&W?sYDuMicryPfS4**FRrrJ8Y<W6MG@FS&1T
zsuK1%*$l;T8H6P4p`^!4Dx$H-(-jX7TMmevimk*sKfn#J9HBgZjK-Li=QG8U67P1y
z1YuJ>$CI6~fpT=0vTc+8c;jpDKgATdBmJ@KBZTqBk>GwX&MzAWCZ8=ReBDvqc_@ca
z7O_js0ZgyWGe!t^`lzc+pq@n`U?v4*mKd@WRDo93+;7ktQj$`S>n`bZX>G~9-bk3X
zR?1EkYt#|+;rn6GkLo%31mQXQ>lR_5ZNmV6r|JvY_R01)SF=BIn20Fc-DL+7#3nFt
zT*bluX$W`yFlB)N^ObOb7N(Sv9-xJRBLqy=1PPM`!{pqCO)TXlu+_9l($FzVO{1fn
zJ?(WmK4oc(uEU*MB=q38Ki`(R;MwyW>GvTI8hAAUuDzGKaw1Jszj0au$R|dZnhN$$
zHI;6h5^5|&{?WiB)MR+-^r(>Oxd@Lg!D;g&NLB@sgCBjtq_jKK07A+f`4nALfUUp!
z@B`v;>PhLxh%Of`asMNQf$sXBr7#icWIcrS@t!t2i=`X3ALWUt!!>T>?OSLW6`m2g
zTIDp+&HfF#Vi6g{4cl`x_Q6f1-Vg`oTPv{yr)YQpi_a>QPCjfiQ8kTCyW%QNtmMMn
z^=m8kMNkgSc<bsfU4X?$_@MO+f))woRY3CNtyO<a+qNo&h=X6#x|ehn*O|bE<w^g)
zv@rh{dv6t7H`}1u#>|wMnVFfH9WygCGcz+YW6XBU%y!Joj4?Cw*~!=4Q+-bNRL#tp
zyZ=IaOM2xhgDh=H>se1f%Kw{%$pEwJ;7DL6eHnjbp%8KJVy7ch`4A}0uYRZv1n)(N
z9>>65IZw`%=lCh`CcoZVquahH8Gxv0iw=;M2S^1_XWzkVKjQwZ$~+r|d_P-l{?!YM
zs18a?B~zozd%MCu@kqlFAAmhsGEN=aqEUbf-?()%YCACIuUB%?#an#B>-iUasnt;)
zbz7Djbt{SrB`b~+Lj+8J7631xRgA{mq5x>7tZgbhq2_do;kiu)K)mot{$-T_f57U$
zU<~OWf=K`{03+E&`{b_t_{<xTi*NNy1P_-*7grO_bdKBSL-@u_FNQ2Ztk)rFPy%BG
zl{m3Kxz?!q1h;G=?>6Qs-sV5yFh~9WJq{z?b^1TUVS1iX|0^73i0pp_hw0*e_0A6Y
z4<Kf{=r0h{oNd+_?^0BsaZVnH%pq`!Kp}cTtO7=hZu1dmuNLMHylldGkS{v&BQ2%h
zMrjdefU_1^OCe|)P+}jJ6x9~1M4l!UIy4L(tx&*#$|)WhQq3f&fFdka8Gt^bOph$Y
zF~gnq!wIxV_*Bc1xWrl@XoA^Q>c8M&LJT(x=^OEoZN=ih_333H$NU_|jQ-Zo@TB5C
zf99Zs6dR8PE(8>tKngNiBH#L(RukLbHq|yJomPnomBW-oBwopSpo1xGoJUO0gU*wJ
zZigJ=UEj81RHPfu-itF~*0zX)=xRQEmUaPS@7j<=N}w``BCLXHk61<^X`cd8CNF?p
z0)WHBLld4?+m&@Yp-*v069{qrph&=u*@MtsjWW?Cbrd|}YlR_4-s|r3q6)KY16e9>
zA;Hv5PG`o=uHnABe)jGN26LSy`5q{V40=uSDj#GDauE|0lKf)FCPPX{4~7Ov0}ytQ
zj#Xl|yUA-?VVCsF%w4^&4pH_ks-u|N5j^R5h4q%2k&p;b@1lm-mFtBcL75y0!SRmy
z1)beYTNdljz?bClj(gmoe)eZlEj0${a+SA~(U+}%>v#{wM4;JY<URIIG!CUHx=}0=
zR2oPHp_VJ|h#rjCT7I68nVSbZo$f%0*qxYF%ZDsWg;YV-0zF{dZ+K0)9jwOjMElrJ
z{d`+W=D4Bl3;Yo^hFKg1C=HH^ECL`g#eWl(B!6?35*TQv|26{%TSDalsG0pZM%u)`
zxC{V}A;4A~IxtPQ4+jY_{tcn@nftk8PX*4H1!!@}@KjrG6#{0wrTvhACDNUnY6mUW
zaOyIN8@>8X;Yiu0T#)O0Z9-YcB1&qO)qC6R1hW3@Q$C<u>U3k$px`@KG`1R5PnV+w
zGO-USDp5K!gzWKw_JK4nu$OIt`9o}$9bx<E2;4dQh@)lxTvwF<k{3nay9A|wEv24q
ztttJxlVyft*juCD%Id<y)~U)l<TJMoWd7><UL3Yd%tK2;9=)@o^4qZlieCreDnW2D
zsWp0)Za@9+0giBdFS1)sY0N8lzujU8s_^$=JT2xk@Y1e&pG_5Gm=S15(^AD1|3g73
zEG$Havp3$}0({pGQO!JXSo{5E|20G-a?y+&mq(qFA8;O?b63pGm)4<JM{n=U0yNTc
zQs3rDNlU|h?|wqxZ8sjsTU4`6Vt24INlwHUbN{xD5jUH{gqoqw4A@be0ZMxskEJp)
zF|DZ$e!<*Yp+J>m0bwCqq@)Kat2OAbv(u9=MY81VBm#=N`qN%dTB)^aJQu9&G7@cZ
z$l>`0+v2|FdHPW0qYiF&dLc{>XW!FYdh-24%EP%>h!Qu&=x}zT&18~W0%wh6Z*gk5
zkwFXDGzKKqWR&Ha-9!89d>e5tX48@Brp!nsQvq}Fp@y{muXCT4@@qd~8T#1~Z{$Di
z^^iqh=}NkeNb&Zydd=<|ALTVYWt|&)&7)eFunQJuO9<fk9tq&<c3FV)T)S6UCLGlA
zUrVKNmWn@iLpecB=LH5RXAzuJ0?W}MX|u3YqeZ_a2_zR*KEm#=s6=kUl>3fzPKE#Y
zJdk!i3IPimJ2q3}Z-^LY29(#&)_y^>q}Nd^HeRP3gJfh?)y8m``9Vpg>|De)RaP#U
zynRC_d#tMTP(cV%o)cv;IuarN>C^@pAgv?>zMwc*6%?fl<}Qm8*Q+1MAAKhPhZi0|
zXOBnF?XCrNS-}@cp+8UVf$AbsBg;$$Nu*4M`KP-ck}d}PPj`KvZ8XzhbX~!8<iU3o
z1N6V$_4qMD5j5@pBc4g}ADK;0z)C<&GlB*}E`r9B;V%S(`!~Z0SodcT3wcq(mrwid
z7U%9pHs|L__=P);{sV%t*gvZB_O185KdN#$fU3ON3si4MpPs|vm*<(y;}=DSs{<T^
zaZs0LI_IX>7i>rE^FS3yy3N3ca39mQZW8v5+<<qlJsq;w79t)eS+e#S9!15ub6o%I
zBPs2pkDdMFlGvt1Zt4v-vo|^I{T%g?i~N4BVG!m>U#1%0r6<qx;rpkb-$rVvLYxtD
z-xpz5_n$u3@yn<^F-MM~o!vg#C=ivSbFWgiv9mBsLRzVk&(84V)kbkw;hy}J#3$1a
zF@>Be01tCmOuYaQ)*09w-R-Q*dDr8l`Gx$E$}Yg-G=}GzY&csN-{z0BAVL`>vyyl0
z#SvqMPhEOT-1$@1BN-aYZjRnB-RycICdkscY&Uxe8lz=UnDkOSSa^%RY;7s<r;}>u
zgUZw=8ehP%UR;+hW;EST7I1i$-P4r4ml2(*kw=TE4M!|=6EVXP62YkQ@K;<$y@sjB
zmpMA;%<Rwtu_S8~Am|r`!(p8C<p8ZvEo*+!QN{iivuik)2M&567NwIa(g^|F44eCu
zufNZ*oOO`KMM58gx$j}l2WN&*QUG`I@qz7vlq`VF-JE_$oto1C$G-i1@0B`P#afsA
zM8b>Fc+!t1&M>}==)CN5@Y!3yL3YV%;m}dZTz|y&B5KKhTgW5O758r^>S>1h&Cv`h
z-<iyo?Z>0S%euv5nv*Sf%QY288S1YF<{46xY_j5SX@2{3{1tHhabOa5!~}kDeajQ1
z^@hx%*Nd~hjr%K@#>v6+b{t=1b7LL<Z&Ke1kkn5AB=n#E3F_0x|9f74@}JngxdUJT
zncv)DmN1l=!yJ(O|0m=Ry^}^t=3e()OGXC3H4ojt`{Sq7w*YTy5vlqF*x#F)WtSLn
z43N+>fWP7Sgh}h|!n!%)?0gGKP6`OGQz(R=&onj40<H~GM%?LD95Rkp7y=l{heQ-c
zTb=+@Q52xLK1%A(OeE94%>b4_<wpNB*JA*h>;EME0Rex+7>d1{`tg<lAdl#fIv{|k
zyl?l9sQg3XkEk3Gf{PWE`3J9t7$~z@9#Xz^(J{kI$ftTbMT-8P^U5xvtDh(T<(C~3
z2hc*|c{3Q{+b>jMxSN_xY=|hJ;{5x)r5S%c<p{ns|9HxUhYzD6+Cuhge;wfi9}{io
z84v~ep(Mrmx%P~^Eq__~fg~zwMzG2KN=^i1hlLYN6zyjRhrT-;niu0ICnWC@4emN3
z$=W}uQd57F|COdG>NWT?>1&0)GynGW!*!t;FJnEKGt|mAKdOgovCYsBsu1|edy$VT
z)<8I?k1lSLUw@11>0!W-0G@KNKb~?Rn?Ig%^j-y`{2j^tw%fS$Ff7<qv%+(ba70BU
z)xX8{@Z!Z0gHJG~Y^?-71vE4CCaeST#v%A9Y2a*Ow)xA*3OCY#d$dS)VkusqaVhv<
zI!SEeyKA?A6B0s(B0NT00-5ksQoe%TN}R@9sMME=Y=2is{^n8xIO+%{{$_T=Do{Yo
z3;2w><fgKlgD_vrl6W6btq~$C0%5#co*Ar6;>hh8%r?LDK6&vIP+U*W{Zpmd$&&I6
zgH8=w4Y|+#hjoEi0O8JKEbYzr<@ScL3Ygckgv_O2h`a)NCp0-AV}YKkcCP&S0idmd
za;A?z^c;M(+j0_5%aA$QMEW6QIm0r?p3C&|2tyVM;B0khGAi-sY=u3~NtTPLa%{SJ
zF;c1d?`Nwnxi|u2-QF~^M|p=XKW9REsgAUl-K?S!gX$#GNDlc7>J-vQb%hM--@@i~
zYJfM1zi)t*U~+(^!GA*jqJVAx2K&<hb_)Y=5rK@B*tjk3zM#j2T#;1zaugn^jsjK6
zjK-k&6J)qQ#q~jGVjzEt>vx)m(iz3nHID`zN^luq{}$IH&JYZyXj2TPWRnl3C|a!~
zC|Iq8D_C(1rtkn(D*l-P0gQB_{|)lT{@v)`2H~Jj%er%YUY>P4p2?=v?uGF>W9VN)
z%ZdK+lzU%&T>tTulLI{Ew!FXtSM+Jvt&cn|Tb_Pp=ubEB3?{&@>!}{=-rg~-9}fal
zL1>o(ufpA88(UwqE@XRsy6kIyc&}&Tw*5%-KF%pCJ9dff$+;``ar(5oahelbQ^ZZV
zz+(0(^>LW0G<uxg>D&j(80@ZE0z6IYeE7}znYM?P)EH?o)+{KS%4^-dKGkiE99g!!
z)-m)T@nS<!K-089i<MqX+FV*~f59x$IVTrL;%|zWT;vg$_FSK$rF#ZM!C>fMZsz}p
z(<Gz9h72?wv>GVg+aOzaNSPsjsLa`U^cwo|dr&H&&~#UQRm?ngRl^}zSk0>ay!w@R
z;K_4DgyoKPmxMZAa7IK~k<vQKQHjBoOkZ7w@o?jys5VbaiPje}6>i02(|EgLagCPy
z($KStV_5Yon7UAF;&b4zHHS6*N+58mnn}n&JGeaQrO}_$fLyZ<*-*pIr89J$B9U5Z
zDe=8~-UIf5Whr5>RTOgWw>c;v6m!A*VJ^jQq8)I+Ci(VOo!G}R_TTHG>oq&Rja>-f
zbp6h3o`Mbo;aa21fyRaYmUlmrO;hK?RN2&TPh#Zw<5S`z&68YKm{~9S3CfklY~%Ec
z*WpDx<PRC39JC)q%zY4}f=*jtO1+tauivL8QK;=poX4CAuu)XK`^;nUEiFLd;|M+~
z9nP)2kW-EOx21QA7Dzhv@B@=!`8J24#mdSw#&-JRf0#DtDd51^1F@_YVk-M6`xgm*
zQLf~5RQD3OVbj9)eB%Lr(06971{W1GR1_-W4~D^rBiV-8MQdqRB}=#@y{JBvCEt2R
z89@;aWE+nn{T|G?Y>z~{!=)Wnp?aFx-WJ@ltqQdrv5Rf*IKOaorYHwF&iA7g<;O|2
z**nO?M{k=>T5flkaOEcsCzmc=%@5qq4liWYG)wb`R$303CS;YvnnzxRuK}@(-dl<t
zvT+Pbs<J(w+CGn`c+IN5Z5?k9GY<&9@An6;T-Twx+V96FV()z2U2T6xB5QbkUr(NO
zuNPvsRHUC}KDJ_0w+aq@8;u;C?|*#S=~&2$+YL4qZI1r%0an{+8P$?a<a<)!guS7&
zO`_20yR=_viOmQiF*j0h*|&XySnnbPo;H`w@gp)Md)eRVx8ZY1;~tj~#WN`yoemG@
zJG;&=3vRuw4MO40vu=;FHr3(wy6OTpU;QTaIF~c~p7eOz_^|8AHt!xyQvDRI)0V%9
z8gNyy=Iqd|^Rm32<(j%Ud9?Cnydm~G5E1_grD=*A-8s{DpqCG&ZP@x<t07A$u7VeM
zPd~B|17xinBaVn^4$X6a=;n{qAD7%+zbz~|S2S`cpfoM(2mxKwdSM!_i)G%{H?wM$
z7SUHxE!pB9+dwQo#h4W2RfMS9V!a3hfhXkME&pcKBg6Yxk^BHz^+n(1-)1I(F28@;
z|9C+?Ts*ejU;{ufiQ)ea!L$|1Nv?yO;^(v$Y-r35B^<Jgb9{3<dvE#Ak@YK8sy?~U
z`%(kpU011uz0NAjp<ETZ>5DfPmy8K{Bzgt>GG%XvXoO7{-B^dYr~~RlESi<R6RVpf
z2-QATRIze&hi1y*4KW(^8pyg<>6rtyOM4{=R#hvq;g6BoW@t1uZZ)!eLevTL{n2&a
z1=+jVR@Yy};io<{Vr_MxKq`BR`nDS0tEl+4(>}3`4;W^pF_z820+aU_xhJ+>F1b)z
ztp=A`+m6@HeihiJ)}bZKDr9rg)d6^M%XB>90;q>0VO6I^K7Tow>FE$~g-JkXX;TCS
zAh)jHQV8cpVsNps#eN;646pMw{O!WX!}Ga3W~02b@T1^dTG`XmCAAGl+BJH@V{InA
z-P%ar>GY)JuslXX-nZ@Al5>W}sBYpkmNQ#rb6b)(h^xyV)#;}Njfyhuhbr}F7g+BP
z>n1Wd-BVou9)hhv`%UfU9$K?7*6u>>DT@C{tWW%tSQq<-acLKCT8p{^((2Y+L_<Pp
zO10^PQMtOLM7CfPEBlazQHe2`0lesU`WvJyI|HwC|BsMcPPBZzdvyOiE|I`|vKWy}
z$<Y6l=C`ys&LTy=)MLD`23cIEk87jkIvZ#Ii@5~{;P+gsrZI6!+W6_bNSX~PTV|mU
zu`G(B^;}9vlCv?UCu=cKH87S1`C(ArpS&jdiMAlT_*fX|ceeyctJnR-U|6>PNvo&-
z4-AH05TWr824j5q4+eA8@NXE5$sY{n7V;kqCR2XPMFvZHYv>I0zr$eqUH$`uIlB(`
z5xK!=Jqtzoc-vjT`cS_BR`io{lN*YmoX@Yz6IG>|s8sh*%0hE{8!0>&)6%k|)xfBG
z@iN$#>z_k1%_Ck1PwnQ%sB}=9iiMT~@BMZKtLUbf=e3%hO?R>$aG3nGJKk;41(V55
zW%vs0{fVZ)OyU8yGGkEjx&8`_Pli#?q5x4~pr&LQ@GT1`cxWOmCbeaMH+jZgcB8wg
z4TI(^u(U{-jsOGtt32q{Hc8oZpoB~7YD+OIH%?g(@;X1ID4#@Tw={1@g8pp!mz~iM
z82QHamq@gi{x)(IR59o$|3dmfqs#DpPCoXdp`({$u?hC(-cqSzriGk|P3)Du{%#6i
zE$Z+Z*@2qDt!RYS^VLknUX#kwsY)JUbw?+f^gh9;S2fnS&(H$Xs-J>D)-q%YOc=s=
z#eI{VEMd7h`cyf~S_?<l-4%Z9eGlg!&9atGJxL3PQ@qwBJN2O_Q!J}{mkWFVy!7QP
z{OvZSx8Kw^Q$4s^Bnhp)Do5p*9*5y2^V-oD<n8*f0$=$8XfsZ;^Clfrm`WW@)|l>m
zcaO+D)t4*jiGzSp<tv>j^L>#v_8zS2@O_pBWEu4!wvw>7X-Gw|($whX+uoXZqYrAN
z*yq)O#>aqX%2^5dW?rSJBMHqrMnquEQJ-ma$^63d4TzQ{&CD8{%vTG=I-{W60=IT~
zj;cvBv_qY4<|Nb_I8%1j+y->}OP=#o;=sYBzFE&Iyh<TZVH9(CvG|Qc(^{pt2}p88
z5YyQ&E5?*!85TLMjAYI~OWhKCXOAp%>u0TYS1q0U0xRn%cUe$}U8<d7_fZ#`(KmQH
zi0-+xaGG4xaGGxjj)kt35I#Ro;ec(seID+=*<~NjdhZzgw1vii%H#SX`$Sh-k_HG3
z!>c}nGqZorDXb3mIsdf#y1ql4vVk#K#s7WfhlpcOa<TROcI0u53|7l5Jk24H<}faI
zFxVud+skh-b|@D`R@%=c{5=(oW`vh4&UTeoT&C}Mn|&|({<gT~(V4v0$@RFJeW<VR
zgGW+4pS_S&<&;4j6F+Fxej#K*54R8^ZKkg)tvalf>yGf(2%5=Il}-a5`d$RQzv-^g
zH!k}QqklHLpJK5_+0mpz<&Po>Ifqk~Rn(RIwkXiPuxSXuC^>Hv*0Qp(PD-cRhgrGV
zntDPVS07`Grc6A7c8aJkO$=<*YUus3kw55>wBs_0wvM|*@|keblgpbxLicR&ve5}P
z)$PV~OPA|=?e$x?+O+%j9!l9Z#*NSWv3VO~WHbN8eNfK3{1CW7^Xet?aBi<&wOUgE
z9zqL;`eHftCULur;<(Sv^N#?@q;UQ8vaho5mafl-sP1G<xK*c>_oGr%melEhwc@Ie
zO3Y$r1!0+_1jgZsiFR7`>h%=F1AGY+^W`#(HR1M}$S%E~sZ*o+do5nF4OY{6%4ZVu
zf~2Ik$#pE=yHkZvps!juljgi}`@A04yyle6Qen;2O^kP*@(K{jG8jjPKy&Gk6-g>z
zy*XVukNRf)J?;aIo6Zu|&IipC_+mvVqvjRt2D4@Ej%5?#BZ>rcw1+COm@a|JUQ`$1
z{W#oZGtNV|{<1vd{gAg_u|A%|g(ID@(w3x9nebT{CbZ-Ta-7AI)YWnK(%y6OPMe<4
zM4?~L3G7D{^qco5Nu!ESO+thmN@~o>ae3L{HXa)4w3nI^Rxly05=@O#N82%kwrZxO
zMkL<kXPEkvEiwD~_y$(C&!-e&YmHFcdc&-(9?ETgOAdhVCij7h@!V`chj^>d?Y;c`
zaq_}&V22<JQa~!=UlFL)T1;`h-T0QEQ_M|$LDiFR(L<HqlA4a&0qXw?0r-t?d$+MQ
zED~qgrg>B`#g`;F8L5^`MBoCIJwdd=3~&k8Xf7VywQ1Y4fy5Z!(6#58yMqlhZe(Q)
zu}QsjDg>RA4`7>s=WlIalw3L|Uf19|1WMsZvFW*3+1jI$M74U~h)Nm+?sk54KLdOg
z;}vFHmgPZP-R39#-6K@*)=T{m<s}^gjXkc!t-~Mng*{<ACq_ItYa0R82FfaNf-Bv=
zLCs;ei3J&&OScZB(1jX8%9f;D$!4lcSSnvO<rJ8$Xhy1Y?!S6}g1(9NtO?i&I)_k#
zBM=G~Ck23_?d59jJUz|$>QMOEbYXscZ4uZ;>Uqsi=t1UQ^|$;H3|$TO_#x7+BrWOK
z%4RB;STb5nsJ25+ihe{(R|gTh7AJnlz_;puxYd87lt;FG5w_TapC(u)hm;1`$qvE!
z!6gMTKJjqk^n!W?d1j!0sXzwbISoQV?@E_j6YvRg(_Y&&h9xo%W40+Cz9>`*rpEkM
z%?_#~>eIreY$)3B`#SzTWylY!fo$}VEI1Cci-4qZYlK=a26|vIQ{&m&N|(LXBq`S#
zC{q%ZN%cqunz-z4D8gF9@YOl_zB)%khb%F*Mnn@@bvDi)SfI^?N=hsIvXt^?#ly^N
zvu;sH{#l>e&hmNcW@Xd3$oUaKcoR-;*0$Err^qem49*ger1Zj|4o4NC%mxDFsU}B!
zBU+$k-iaX5Bz(X!fP$8NJ=6py>u$eDST{7cOrGx{K{OpsJ{d3Pk<_iM^!Wj=b=!Q|
zrjVlBS6u#pBJ!TJi>0M!GG2O|QS(g4dT?T)jFj3DP!1JzS^ph9!gL#rk}P`KjTJwZ
zC4i$Eu^6AL;0$M3NK1}mCM>}vc-L7?-plgsNdqZc0S~t8n=aWGlXNqig(+WD7dvpQ
zh$2X}?`N~N#NSUvJET=L7=gK`>K;FyTv@3-+Ipd7l&~&_UYRZ(GMQ9*GKvdyI#E^p
z)~GD6+&sP@D{?&B4Bn6hkJR?vd(^5}3h4#gI-W!&`&ZqFp1?xm-opht-@m)*u~uRL
zSV~T2tVP&BWg%lL)=G46)Eo0OxZQOMq92Ln&gNTiZ>^eetxeyxMv?EAQ4u?W;kX-W
zhAlR3<+!PokL~*}zky9iETg^4R^fOQ<8}C9tV#$8eQ7Y45-D1~-`M!l;j-ggL?|S_
z%n?=kX637m)e{2;R$34(QdUaspcDf4l)cWVum@7@QE+f~)=Bp5mnQP=(NR!D+mF;h
z5kYmY0oshK2d{*#*bc(CMGLrBrISSgFTIiXn%=>s1t$FwZ6{jrlDuCAI-gZtZYqT#
z3l*4KyTCZVuYkejiS}-_=Oa%l8!O*SGb3QUMas|1-tV+TONEd^l)Q>bgZx8oy5k`Y
zXE8HD1~pfJwRa2@IUY1r`%5#Nv=51y9JPN&(avUi6DO0*=_Va8vfdjSGo32tQL4^>
z^TUY8;&b(3nnZPHem-2;s#?dUlp8Ecc&mpo^(%E?4Z?`?tqY@Qv@3Mtoz&lwx9~}@
zXf&7iUQP*0`p^%Wo+C6To8H#5?<(cUD{bw<0<=bFjnWJ0@}$?IKHtJ>E_$%szuu@9
z5fomFnHXM`Dv;btTH0Z4V*z41HbWA+)ado|{*H}&XI`9rmMk{C22_9}Q}jSqK(>wj
zA?-|L1f$xpPj7ZliPsp0tNn8N!d?U;=q-+$WwjwWrQAr+9iZ$jjN`o!1*8PlwC+XO
z4vo%gYnbcv;J_NwdO>QB3Vc`L5(9QTF&NF5W|dSJgU&bZ8LdG3?V0%G#3G6BTl1B4
zdk|V(z4S-pS^A!=!R4I2rxFj6!XVSluNL6BPd!6+hS~ZZf_|mrc9%mrwqnc1Nijv+
zlUGsXV?8K9n;2BSc<dNrw?||+x^)L;vcP%*g~Y}p4W^W)%VuQ{+6z;~g4_KCqVzI0
z!<IOUf0bRb^-4LhLYIaJEO|fdI)N8E<CVBOUm8!Ifoape(F~g#P3V^@T0|w`&ksu3
zMnq^mf$)0`Ejct9YnDoBu`Rur7Q_q}Hy+<%IKQNX@1Rcu7aH`+%iDh-8YGO0R5ATI
z+(T%F9j-Yac0p}~w-amsrTJzoj`stg<a+Z;&2yam4790gzTu4wGJ4UjDL5Ony(MjS
z8CZ*4%;t-pS?AGOJpP8;?fV%n;>{?ht@NWDw?rSNDTurshR{S=SRw>L+c<{knWro1
z>ATCRbl6?r<0t7Up__CVUN5L$>03M;HSK)%Yw>&Ydgg|GO)ny1C41qkh3U)H1{_)3
z<*AsK>A6f@19U4UcZxCJ2m6e)18^-Xeh*s2frko+W!M-cl=CixjqKA^I@Jwg@0<^-
zxaHOpwI57di>2TawRMt`x$V8a^fb2j&$LI+KcMHI138_%?DuWI)*orV#98qyNGDr$
z8l948(ye&ZBcxh&9-B%v>D1jPRIy2Q3u{hYL#)4!NGBjk9_AghF%EHuB|MZkYo1H<
zX;~1uccbX5f#vD+pZN9co$raoS`n{zWy&VN_+?cI+eD|`oroP!R2nO<$BixyNb`x`
zG0z6NBU^V|8vCC$X|#}vN_MA$TVT~m4)j?3%ugQ!KpjUbcZ@6dH>b_O%wnk_;k!kR
zLL7tyO$8YhDjP?72$8$sCYSq4i0Yg3C0)Y2cEMGcS#(sVX=(1Xn=INGmceNOzvv~E
zmJ+mC0QZA|F^uBsG9a~@c?Luj3qNxMG@DYw8mnxm9yQcTT_7^b`IX#69e(Mp;dVCB
zl#=r+9+Z|u#c8Q}OO2y3xDDwPsQN@`wwlg{y>ttKSgJ7uagvdp*h-Z8@51MlG3%Mt
zZ|%W4E~$_xNYF)FtVgkUKLNh+soVkW>hj04X^w$o9p7tFS{I_CkCg3oTE0n%q9>81
zewu1^kjN@4&uJG|SNF4i6h};=Z;}!!o)T3+<P@#AYGSIYO_-_};+Lo`!tMR=`(Nkt
zs~|d8(dkR6tezW58=nxCj4OE~Gx9Z+t~<#m>&!YAR9-VG?FYUuQdZ8BtcJpcT$;eN
z+iz2!BFQ_(lMl77c5H6p#=q6dedu;KVUU<wpTHZ+NXs|KnS6t3iru(Z0Hn*B9|IB>
zAP#_)OmnMsc@@cHw*R49em@U~Ou67DYoC1qUR^Im2Ssa24HS}1KO>Qxk=FcYn&6O}
znLyt7{^uo2S0uv5$8TmLX+)-Jlko3;B_#RJ9tGIDo|TC;FF_jaH!VrmT+Ce{e&RrM
z&^T11#-2RJ<wIsxZcUlbP;wr9VR=0OGYLH!Is5Pif>hl9v>W7j>nsC(h?%q{jBCaz
z!{NU@MZy2R@wI%7iOo8dO$2<r#1CY5T|TC~l>qW|(c~Xk)w}QytlD9MB@=3bSBDAN
zO|0-@s=S-^V6v%c)lo%2Gp%oBlIbdUR8vXg#AlU%Y9rx*Cgt{3Q*BF6rT>LG3MQ*C
zV&vky@hoF?6vqv|zHro9ZfA@;X&Q_y%re-hz-5K-yar)rT@cP7w|P=QCJwYTR3uuj
ztArH{wUE{`{U!L|v7i_;!95z`praeP;uxo~&TcEeKImus(ELe$Y3scMC_S5$9r*M6
zH*~}DM_n#wrHFoLSt|Wwyp;8Il&%T~Mj9w8E$bU)``_rJcWuQoUXFt4LnOx_JC>m2
zW6j|#qLz5=)A?@46#$J}IZKvFByocSqLR0_tcCGUn2r&6>S@qco_MX~u}Zs60shgD
z5QL!QD+q={98|br3-Q<%PAgPB9cFX2P1LYBPjJi|vt~%c&c1XyYdhHUASGvMTSU3x
zfGXHZdKO}%Fdv=-0(IrN$^et=i80To(zj`FDcvrGhx-s{hRgpC(>l5VU|M%&YS8Fs
zMWU>w3#ZjKt;>JsSyrRZT;xtfN-s>34+KDO04Y?7(4X!3r#!7D#+rlGTkrIf<J$<q
zvj{(HLiJcf#Vo`JP3XMmX)e#h4`?KU{VpO!I~&<?#pbrhqL$PIm6V3ouA}-)5*GpY
z>u7vgBBr-AA*h77N=o6j&Z~s0wFnK31v9UrU@Ryu`8{7S5#Bc(>vNk6Q=8P}4+o}G
zmJg>ZwRa6?kgdf}i(GNFmJyYH<RLF!QObK(XpOHpPGXk$O=$kR!oJ1OYc`x{EGdu5
z$17|;Hn)mdVu>)tv{;=*j@efO^1f6yNabxDTIi32oOP8ov87Ce2kD8J(#?k9I18~e
zdo31olzf6;C_ZHU2cV!;=lOG}&5jOKsTB+?VEj;)4*tlCcaaLWtbYAA*oQ2ya;9rA
zM_DF#h2WYs3l_utG8ZO?An@ik#DWk^>&KR!)*Y1#(%#nXnIgP33(vO>IbS&zRh%<I
z4f8LoowMC2$g9=@S5PLmOs<Hl7o{INswk5Sb&T@4KmEqq-FBlnW+z^(4@}sO+B+e8
zEve*i=IfMZc=EP$1x2`A9IJfd@^6$XUwFKiWV{Fc*s`38WR1=z=wj4CQp+L5sB3I^
zK6sz)00K-bUm3Ccl)Y=R1gzZf^D6aUM{9I$12!zdokgmKk4>C;csshWJ8P>YRK1#p
z71kV_A`aHNDwFZP(lH#Wncw|Na%IXFnLty<<U}x3(t+2OocVHV(->-vT9Z`KM=~38
zO%rwPPTcIjvV<bgnWC;jWQ@_nZs{VByNNgeSz>F_)d)gQ(LM=8(ohGz05p6j677p-
z(xO83Kuqg40Zv<<fKS|k=FD|<=e^jVSJuiJEZHaN@cWvK*^rM@pm+Bt)}5H4eZf8q
z0i7b{+?dHI{+9#9vrSq+u&YN^x>=RhiZ+@$gPTWl%>IYxouXOs=fjLvYzvcSE_COO
zAQ!l^Uv9a-w0nxbOSurDX8*`|JIN?4@J1K`NG`)k(Dj353;o*}wFluL*e<x2ehy@-
zV-D{LEbkh6RK$^LKnM$CaAny%Kl}xY%Nqji*2zJX;A4_Xi5GXwrGd{fb&&=p@@@X`
z0FvttYmkwoe<XVg>E3gx9u8SVvXh|lP3d5Q_TFfgjFWC4h+{6QSPUw~`UN@76dM4z
zSV@Q!gwjE<9<ij)3di*Xd#C71v0MxNVF5^M7^HhTh0OYFbuHTYLX$tK>DW6c;$qlw
z8SmrQ0~zhHGF3;+_t+=9`2_d{wW$wp4}|+)4~0P37=gSBpJ%0COq(JL!H_iqnC7n3
zA%#xtP`SkrqEe4;FBZ3)F{J5>?&ZO7zxP76P~9a+*5SF*7sbJW1L1!a(lBGb+lMT{
zLT(=tvhA|jMiv4*48WloDP~ioHw$LQ#0GJjY!C&v^9r5J98np`Bg11+_h5B%M)s&6
z=4e)dH*Z^D3?m7fE#)BI8k!(*XG6Uosrl(B&J>-KuZglr%2^cNG{YYgSfUsTd4?@w
zBZ!k=t9TMe2$d&0cM?aMsRq()J`W6|)8dgNlwlPPx4*(NAHp06Z(i5SdNU`r0?$({
z&|V#y$y!wQu)&|w`CIo9cho$?931`+(EFGXDCCOY(&#3xST&T-g}GkJy~{q+f<5do
z{ctun%&qb7pl;2zyZA-)w2*^k6s|A8S?9?tBU^v9C4qpLP4Le3+-9@QEhO1h&G&2n
zloMb+d;iPp-UE2uHibXDZss2)8aQBp1~7o{Mh1e02u{gL{A#Z*REM5>fCo9f5lOYz
z(Bac#3%V4iCFTG((z($<w554O-)H%zToJD$bd%!TO@-<Rx*X?mgA2I+5Jz?F!R8Qb
zVnnM1K(}Iw15q6MbXg{Oa3dz98AM})?&3DqDH&(KiCT4HTry@)I*7$4_l_ku-iZHz
zv*fYYl0tQu&HMQt5Fi;HLv(N>Yx9~oQ~UQZr#!p!Eu?hSQbalPPo%b8^+dUEo7d-Q
zrQ}3;AxY)0>lDh5EAoF4Se)XhP?o<4tlHld|IWfb{U5QgEivfXI#s_G2UnP5bNS-A
zG1K<K_vLG`jqMdgo4`i${3ZtyTFX6)YMtC^u8B7M@Wg|OAFzCl!z?KO&3}^&@}VRc
z{k=5)Z)etrf*et7Tsf3~Ul7~>l!g8JU#sD0|5sSp|D=Y?`-g=6zpsWfeeDgA`d?AQ
z`NczG6Oje=vQuCi#<O6Og&1B{-IT5zloH|+vB8D_<B~{&CrKANOlUW;18>o8VKZr$
zs!%&jN=6Wtt%kXq(x-dI^xWw@DCqRb!@u-zsw79cp!0VN|8JP#cmQU&)qgX?@$*`_
z9q~t_{_lw4)MA;kNdFr%oZ9~nW;pEsb2D7xzszv|GQ<7L4EHZH+`r6l|1!h<tKI5f
z?N<M4xB6GR)&I?QD>fHioc!KZ6>^<3uI#$_R&$5Q6U;-()>(7x>u)JmxqqI8_jNKX
z4){hVr7=8f4yP8ILH`xO6@vjpaIpqcD3y&9mu>nobhjT;aeNk!u;(13hE6MC#~Y12
zcDcl8zDq4ykDGzr00-P~%O3}v{vQXN%~P`=Q!4~!`G^S74NEKc8mduk55`IxPWq2g
zYp(r{=Fj`jUz_!;Y&JycQ@2!dZ54Id;z@XkXG85PSxfF&RM(YME(sMluV2HgM#3cg
zVEi7)xn8$wroTMJiKpjrOFS4%hQ^cBt(Y-mz6&;o>NUfN><VIlT$x63fg$ORON=s_
z6tcD;_|3Wu4ib*Rz@c;r_$li@Xo>80@K0kH3DOpp*g@|nvIv-<6R8{K;FppV>hDiR
zJ4u%Z+sH|q*d$sDAXYW8{6geX#9@aJ;LgMfnr?{#`z+gLKt(2Z-UoGn+G%?%8+PdR
zKea74%v;S_GNrxtGxI<jmI6l+_xmNFpl5c(CquDzWA}E1tlv@xT&#{)InOdR=b@Zq
zuO%4&InqVFjuj?@MA_>QAZu9Rg6Du^GoPn@WKr_N1VafI@`q7~A`p9a@#fi!)rk3!
z!IUl;#VTjM!IYL`URxYLs!||E#bBq?&pK)<=ImktZqphjX@k)!2uG7d;wpX`ltg*_
zaew&GMQxCkVDYp-W+{s>3Tk%5Z4FvDI-Rin*;+%8k1x5OE@hngFW;T3ELqV-M5vr1
z`2z)pskgza9O8v(EM2#$vYx#OzN#MR+ZAK_G6eVGGg4<^aGZM{s#%4G0E|mg6AFY;
zR4HHbcQ|csS4SgRxv4pO)#1<@`n^B;-@T*7{a3>1wd^3qwhvg$=1*&yg`ldEtQ+U#
zl5$D6C7*9>Zwa*Oq{ACep8e0V6{`ep3~##Im+(5W&%E2(Up;(pt|uVcmymqid@tuZ
zn?GU^9v)m=b$y*b4i*Lv*{m+lEp?1sA8MN0Yj$okbNC+~c;Bb=l(4?{wd6o@{4C@p
z)j-YXUW(i2($#Dq^5Jkq6%yU5t%ST(kzkTvZn?-%XI?jTrL85M*TPQJta5bb&Q`e#
zOG_gqRGCw|LU)M9`)wsJuH;&Rao_}$_%&LhSm(Q|4~1?P8+z`N>F24t_v-y~v@0vK
ziWz+j#-53Ytww$z3+Nq4k{jcJH?U|n!r`LiF~+x&P9lCJny_T$Ui_8y6VvZVZizpr
zO*pj|v%3Yi0=)D<PUu#=P*V<A3&D&h2Q>4{hCe^{H~fAHI#1whTk0tl*07GSS9q-o
z0b`lMeWB@%&e>xQs~p1SB*OMKZ^nfvYd=%bUE#Z{!-YL|0DFMvXaExm(SI`f88b8=
zVgxt)%j}&C-h&wmDI@RpqL4W3iWs~snSuCvjyQEUhl12Cj`SXz<GABPn~+S}<{UQH
zs+&58)2j~X`Vf8eL~)8CDSF8f_JAYg23yEICV##fuzKi}BcyKdG}n;ae~Rzb4DjA<
zp1TX!%H2Ce3-A?yO}gtlUb6?~TEu~20RQQWfyNe!86D*Wr<6)?BT-W#b@hcO00&-g
za!QguSPOyA_p{Q2?~Pn)GF51>kuZ6W!K4!I;LT*iFFhxlLoZQCPBvtnIBs1I>V!Rb
zhY9?NB>rsQ&2{Hy7}q9cbk&ssKVygVFLsZ<3tpGNi<F@X&w#g&{Y+KUnl5fqG>V7r
zJwc%b%Q247tIl-s<&GL@6P|L^US3DE`)_9cr@DdT=wjwC#YGHSeny0?L26e<;$e5T
zt=gx=_KcW3iKtp%m<|aEu<?7Nr}rR@^yRY9%-f=dIYh)XfPXU2&88M(kU<sY^`4d?
zJ;SdQ>Ntk?6Bco0Dq>nILyTGR1tJGs2MwwL%bCZ2OEHe4FMnlAYB!y)7U<WGpn=tQ
zZN(>?3Z4gR8kr9$T`RbJ5g!2Aa(pL|y5v#}s&`t~lOT59S`jSyX{iU!8<xjBJunOE
z-@5iPJ0Ee%%39zEH=E;?LI_^$Vd>bllKD+5WGt#d*`#XbMZ<330%~!IXqp=2W_y)G
zWq60{x8RV~qUUd0^ApX_uNt|ZVOjyzvO1J*zJVfJ3X#|yBj?v!>|mpj>$^6>`wGaj
zdz-4lJ}Qcuu@CRU_nvKwACHBpK!nxZ#U&!pDUl)K4cQeZ_EX6!a+;labO%)AnYTPq
zU|8^THsTmGfiMBh;CQ}F;drcG>SUv%yla~2N2}31BBut{QrhJ)w%zA$k)SAKd3I_j
z2nP7lmKI4fn<fz}!Ze^`x&!DEtG7`#GGBzHQhvOj_wl8QR1VSS3RQjzLLUS=7~6+$
zXPEmw$i5wD|DIHff-u$biiurnax2Ouu#DR<|4IKX=<a6Y&DtLg%cj6TdE$Isqi3`c
zty%)>FdbHwz4mpPYUjnTKTS)or}l*uvSfu>7ix`%d)StKcm`GNx`kmuH~Bsq$NCf{
zqQ9g>W9U9Z+R_nMbeOs7O2PQjPBj_B5<NN;h4zl}Ck@IASuRZ6L`Mp;4$&49r@{G3
z1lbc=!DlswzWDJ03e2yCbWOTs>?6{eQOZ{f&Bf3rjd}JcEaLeS)WoSzdGzd`)p;v5
z0e+l*(W3$2^B_`*X_9x|8vFf>GD&t&WG!=pqHNA<N`njf{b-ILQIZq8gvANyD;<c8
zrG6LqUF9h*ao1KgzlXY^%ZAMLEzcL%w2mwop?ODZB_YoZCJ*t`@qhbVQU*WCE!Ell
zUZ!q|i#uCjPEoiCu|L;M)j1d1YO4@0;*Zs?K1IAfSgv1%{VmwXBVLyY8HDgiz38c*
z_JLDW%d(rb*BdEnt6&M$>+Y%)?_C#pG_Q@|$yxyura=j(4q32MlF=Cwych=>s5;}i
zSua14B*lW=Wtv)E7p6jG0pU+wVY>t!y7Y3nM#J^}>^WG>hw(J=D-=wUuS!Ix;qhaP
zA$%9<k}<76>5t?~Z$B2_1+a<;_J{lFFbKgB!3aXS*TYBy`$()p!K<Jl1#)HhyyjTi
z!f~|$othLC_?9n#emUzbxtnP&uwj(w%>2k+2|rQvy#cEh?fK(VNEj;7_F(&U|06$*
zDihoa45})XB8G{edK0uW+?OAT9-LiLuZ{9G_O)qmZR+<kB`+8r<LY|%```zJ4g_D7
z9qE?=ymYO>!oC!y4^2zc5s6-B<IYVM+6t^ut5FqIn#5Na3W0+FvV16PpQeqzcaoc#
z=JU43pKB`4wKVJ*-HXPSotlf&1Ciqz8bV{*d?HPE7OIt;7QJy2^;jyNvK2sb=B{*9
zTk#fO=6@XNH)=CJZs#cDbe1=j-bk)`D!J!Q@}~)TDq5@iySM8oRq>RDU{)?HEP9ro
z;j$o_EI6J(wTm{oM0y1H$ZE=*u)b%nzH%mKr-vwZuS}U!!IZbv#wuEpl~he@U-sNN
zJ#mV<_iaj8^CS+dL>FRqCaARI!0F5z#}=KpV_Pq5n4QKjttC}${VpAeyAaWIqIp4q
zFSDA-J~ID0+`JtPryVwGBiQ>?>56A@PKXS<bkM_X{g~%E%~D#gIqfprvPp6T)&6dE
zal<4&gKl*3=CCrpKhpN3RQaU59o{h1$7Snxt&#$-?b#|`9@2o$Uhm<v;y~0f*Kyyg
zE}J+L)ZxlkVy=ZgMh(>*htzu0(}YTlvRgeoc0#FO)Efb|_j5Rl>euWSo&_5m8LdqW
zA3W?#VVfp*>xmd568}I$tzrb!`UI)N>~!3(xZA7DJk`H}laQegO2hDF3y#wuy9zVY
z=Y@LPM#vdl7?|r7TXaPAB`DHj<(zw)6($DH(L`xae(wj1{{V_u>!EQ^gPwI3XHiS*
zZ0!gP?NzWkTnAR;s7UJ(6g2xX28FAILMu|cZHHi@^3CLklgjA`H_%;#k9QsTGli-=
zJ%fo;YA11OfGXd6fA?4I`=+S5r75EX{47q5<np>Q86+?V$om&sqGpG8){Qs+i5M$k
zd0KweYTX(UY6XVEGCn_4(V2?ILn(_EzVk1F-w0J8ER~s?^y-nbrZ{1XoQ}_LQOc{o
zz^!4Y5mJyFD<(~0e2$Ctb|EJ8U}YSb>$yOQ4#$x4!N3#Cz!VF_gzKt&&sWG3K^z9D
zpd%z0Yh#Zvp*pVzw_*>XbYSPn!o^NxQpF@IfgWP1hORH9gy#$!)-))!+y3Bl`oseh
z@RHj6>L5TX{_cB==PpGWf`M%=WcseRuEdUMtdNBb1tVgvA8N`wj*p6gZ;tS(#MeLA
zhYZ(?Gasl;yo2lB<K``TX~jA$Q3;cQ34Det4gUb_&nB?Nq<;q|JF^kk8TP&Jh_lA=
zMIR;{LJ^HZ;Q6b34Cf<IH(1uy0f;vIDrARbyWS(e&B`vSQPqXw(W-M@#xpP}>I#WI
zC!wi_shIw1(ES7`kZ60u_|J;TdF;H(W!G>q{fs&)JVb}E#*}PFr>Dt!$2tW;1QmPH
z<fNJdc}2Q5a8YMfHiBRI3o<Be-qpYj0o^Cr=qc;^HC(3YDqK1uQw*q=t(d@zB|^(q
z3?kKH($>2kK^*$}R5KK;>$wxcQo|2HBsv}Y_;9zu7I9?UWinDc@u)MrY$=;pu>mEN
z^XM9SC)rxL#j6;VnwTLZXuR$USF1V5@!zO|l;Tfn%})e=P3s(;ca)W95gT@gm~-;_
zQ+!iP8})O^Op-=JS{y?JZP5B{dYiHrr5vG{w_qoA8BMRylDN2^WJnZvDuCX;mS=cQ
z9{jDfyw^Yg|1sOHVu+>z=k>AT)jsX!NKhP36aIAPJtgV7|9W&>4Sm1ABnH=Nt?Kla
zit|N3?X^JYSx3G!ke@Z_s$!^a%cIe^MN{6{_Ir}qinyS&S88|EtE>_xd&Ds?TOz}b
zzl#uUf;4#AjGd5kb(<hJs|yGX@>3rJlzfOhp4zs4B}QD~1`#8{tEXs!9o0#k`g^<J
zN|(i()Lj)Qzl}oLZp;UtDK}`Z6U<La_i&wCjH9YZXG~@)AI?2ALUU5vmyAsPOvc~a
zFtCn}M4MmhPWi@18$LVpGBUa=KgLCX$*NNygT>Xk-@I0j7BDL%bKwb3tK9Gr^j08K
zEA<y~7WiE>=p>P<3zH~|m_(#dCc@R~$NL_XH64JP=M5PNK51Iwek}&-$tf3eqL&sp
z!>(9w*lXO?6dKSql?YdaeILf)JdMo_8xGSx{*YA^3*?*?ddrqBs(ID`3#Z@pxQD%`
zHerg*6dMyXRAE0S7Q2X5F<K@L_7sPJ!t^!iB-Mi5G#SjsaG)e@(RQFIpc#+cmPD9R
zY=cbD3@jiDp{k~D{G<qy#hFbE$F*{`jr~#`9;2t7uRP8yEQUC&FuuHC%#0*&7J8mG
zt)%xxuk_3uE41r384RP#Di~<OtRGao+|kZG$ZRtlknsf?HP*+WO+?0QekFgNP)9Nz
z$!5qo9F5I}jtN+ZW#h(J*(6B+?Nhkx>Hc8>_3)yG5}g;(1)}s76C9@AhMpIfKs)<&
z3H>Rk4H>~y64b_!mtgbZd$_qq^M#?mbCpo`h)S7rIWQ*cfj;4lHy8_bj_jVMW@SI&
z6IuYHJ~P!W*EBDLWXLmSBffk7NK{GEFHy6qoQfG>UF@NcFr=9I#bn}nj0V($6C>9=
zGx=3L^Vm>TP#%e7^i1ntUDVUCn)kKp$Q!1aO(6;N<M+UNicy&EhB1ekl0LO~uFi9@
zkisxdSqmu|rRIDVDW@GMl8za@W>zZ~%0~*uEQHXiV-2i^+!)_bQ$`vI#Y9OONPiDS
z;RbUw+65iWu7)`yjx%k93AY~2wx=vvUbpXrQ(0F3qG1-~J{D8dg_tmNu!;$G03+}E
zcH--T#J5HTci%J0XT_W!(#-^USMADy2xo4=RxzqP8O(#i4az7qo-s4ulo|wmIg4>g
zwWDt^oba?sVaRx@tvsy*<6?_E-^6cC^Mq;Up>Pg--W>N^SWsaA)wrTJ7xw;Yt(w&)
zl(Z1MKSu7c#LJBrH?y!ugbXzETMI-hajP73bEMvVFy$aBwqyC>2Q{7te>|fQwhz(a
zHI_c8B=daKRzmFO2I)GsG(ri)FWD3vNB__AO7zdq6|XV3?<i|#;-%Mi6}2oQLu8ZK
z2Dqd0YVcCYmX6GT1N#}~D((da<r1SIJcP-RTT~XLY2HaIgZ?X3^8({=U|e`b&rTXj
zS;5^GJif6G+$aM_63I40tivFao{n57sLLfiK8YMjamkS{%7h&)?x;zutYw)gow@3Y
zwjR9CGE|v&;G3sIVzwUp;M6Ye@EUb$+K?;q81|i^7U%KhFQV!8)ZX@|$0ZS`(EB{(
z2~zR?UBQC!<ANjsV$qy3AD)K#hK(erhUREMv0_fRksIrZBjlGtk=d7LRhx?OQt`-5
zbwnDu=8~k#k5c0!6beOwsDcSpO<yGF2xy7DCRv8H7{PdZ&z5<%y5ic~^JG{%U1zUn
z;gn91VGyFob_McliXjfVnwt~nJS;;Of8o;MBRW2)4)Gac$<(uLdcT~EZ|cfmv2cdm
zBjj{(5-|;xF~erlhi43x7}K=i!HODM((K`CiNTMX6-Atlqkj_UJA@*8)w3Ns=b*w2
zEl598U@{;jN7E*l5!|x3@r4<Th`wJ$7);u*#`Ygfw)_~0Id4ZYk1ysjnpC)AdtMQe
z6?>FfHzW(^sHa9`_C6reW<uv1Re`U~-HtP7?y<*Z`!a;_;XSdpL}>N({Jn}Pj1Y#5
z5hYT3$Z+k=nkD9yjpBd|YJ%ksXVmrc_I`xwF$`~lY8pXs6X}!XX7aa=0Hn!xg}g_8
z6N&>@vxkEOV<p;=iu$>#U(P-b9t8T6n?X^PUZt!1S9I84Lyk~;7{(jqwYm8?NSGyx
zXkucEh0>Wx12EJdkyUx>bS`CidDFcF$Zj)zaX&0)-|E{77YZ9zN(ro=7*N-9xNTQb
zGb(j9)oO4pBWKLyGQu#*1;e>&H3HWIYWbqjU%|%~adtnh$U5Z?<5&+A#z)xr6A#j~
z#DDfMt$59t?D>MjNPH6?Ph8Zfiyjmp#L+-iIsDm`OgiktuUu9L%4}R_3>rwyqEYlf
zA!AQqyd>dNTn6q*q`1GoTX|-R6+dERQ0OEnRT!$DYX!$`|AW1%#SBc7oL{wz%1ux!
z9WN6yxQ~L-mR3ngT2>g>HB-xx824E)Ov-C>=RuY+JHa;NO%J1Y;Q`HYwwhxqcv(J2
zI0ZW%=m7-{p#x6Ji;r|vD^|t}V(}Ed=JCFCh-8WOyA#h%hdmEt&C3@{x2!;|9@W}6
zP+d76Z}U@cYQA0vyec||$CB^I6~^$nM$B~G>_6P0YMX3ywv6(Q-vyL>mY^Sg<tA<a
zS}L?SGmOW;ow&d85XM}_(Tzpq`|QLUzrG*t=p<TWNEM7!XW;9?ok+o)f6}8Szyloo
z$QCqf#P~AYb7eLd1xXe5b*<^~6m1pD?~;qO2#%;0H`ZHz{$9kZpwy$#UI2?>`#P`H
z7G!`LkBm{RI%eE-2LeA^yrl#tJ+U|qcZXUTkwmL)NkfNkL!rz66)6*ze+;_IHKg4d
z;aR3s885&@5tWGeOweVU!QtDlINP(+bDEJLi!}5woJXFvL8Clm?Ym5N*P3XW4OEN+
zVPF6>rto1RM3u>^MW=fVtEf~v5tu8+rfgG@w~q6^sl~!tXxjzeHQoGc|L6(<@7<o9
z=FQ}>SP>KSQY7X6{|N>M`S{0HH`B<7h=ghyEy{Z~@Sl_K73V!r>u;S=qu3O=p_7sB
zK8!pjY##O!R!Zq~Ne&LJlMqo|lhLo=+(hd`+ywdK@e2M-5i`|dj{Iu<<`V3->h$VO
z+bU^ptx%5pvDLAuF0@M>KPLMd*=182tpuui@`$~)(lMwJt_w-CjA|CUgpD~fTKeM)
z$VTH4V5M?7TJI<)MQcmy0$o3_p>V$_`~SqXX+zBl*P_dPD4R4@jS@ORW<WXP3*}Js
z71iyg{csDo`!wp@^h!~oWKmE_xdup#@T~VZs{}kHr!<4~lqz_%;`CKj?cEI32=vE_
zmDL2!!T#X}4lD2KxTR)7oJ{^sCqLipx)1x4kAD~+-@IS@^QOBy?xUj3uIgT_>b6g>
z?s{$*duQR5EMQE&ps9i}`Ih76*F~sq=N};xGBTjLGQTEdgzxD7-MxD#N$`d~1VN3j
zZu=0%Yy5?B*l50yQ?{d6WYhBZZpJef!8zqiQVCnD53jBWrLiBJt=;{2!{C(N0V$Pf
zE86|(5h`a)OJlTG0^Xm#E)>j*?nu+F0w56=39RoCdsgDp8B1LYzyxB!=PB0u??#nn
zxsaL~OVO65TEH80ak;|wOp)D$tAm5XqswAu(^<aA^mOmj-G3A`#STKRXa-+ox+{!V
zR}Kz7dUPG`zP79FX7}~PeR|)2wfE`nb+qyKz4xcs<+@z7H?Jqv0*-Fp-}|)o+up$C
zyeXtLX;H6RZ*vM;>u+{*Y5mDged|vK>-IR#V@`~=@D$7F0xqE?)X`X+XYMv{LKt($
z%dYab85rfeP=L8w=C{^VU|UqQe9Ei%)zg@oR=>p=0M#9B<F~3lbJdXC{-U6z5bK6{
z&vfw!CC;zDEz7eArHO>ts&}Oir|NTO+nJ&tum$7ut8dr!@TzsUcVK&nV<Q5sYAU#o
z1+}pVx2;5Ip~WNt4Jh%}?%NzB+oY9s2FF$!aWvv$9kg;WG8`k`-^%ih_*r+PZ0*_h
zeX%nj);k#1$v~}(aP3Pw_FCI~rG+%sVeOk@R_;K41Wvgi|NPgB_nxoc-6ikfaN;^t
z#xj{|$Z~WaPkk}WNF)13O#EO!S&jkqLoAbMNwf5^ckJ))?|=02CH}v^zrXVT!Tuj!
z9=&()^23h~U%uRbdGO(T`-d-I{^967vj0mEpir91_x87b*XrQ@O)i?V??5UPt~6)x
zMgzy%s?psaF_HQH;Kd!|$uT)apS|~qe+HO5&IEtqT^B~8;6dqncU)sMOOd7^Ckx=1
zBt0uwnt(*${?+&U(ZNA<^n#!ca7>z<7OnH*3uE${S75!ys#<*Q4hzfSVaMPkais>O
zOzE%Ie)`&XtH{$r(sUIaD@z&2rbx{nUl5{VVI=dZ%>sKth#Mp#GHKKmHanp_6={)q
za!ppU8EU3>6^rqWr;RbL8lJ|Vl;9WCsLL&`pig)I3r&<yKG`V^jGeuksG${F@|VBA
z=-8Ti;mMS5{fxd?bdjo1RBKU#4rFV0Y>RH<q7k7;`Y1*RhW_WC=v{e7a|6E}RZWYx
z^U+)6UEAC6K&Rbd2XM)%N{JTx#ODax8}6->M8&s|QLkEv9Qet_*>^{mjjvbpzG@3^
z)%V(=-?`B@<KC4XNB!qoy3@Siv0Zk?G^ds3+8!sViN%I0*38l}gR^%zC!59EEqH?{
z4!jI1mZNL)!V0ubtU?!&OEXeg#yw)e??ECh#DcS*OW4Z$U~SBI)ebWR;QlC?b>A7Y
zK!SM-DR>Q@@1$@p@I>ca9FtqEb9FqOE|~V)K`gSYz(eII+1aenLaJ#3_mEB%TTG~o
zZ<&Tz7ZRp4XA?x7+lXP7{70#P?zHH*YsxQ*?F}<vWVb8IT<Zr>5!%OXzWMy}s`S3J
zoz1g!ukl|s1%_aZ&%t{_T@hpgJjsRad<`T{*}4Z@6|;<Kg*HDZZF~Kl;vR`Un>?{)
zn$K!3sdqjB=op?D!uFej`u4th^O|G8@5&wXRbT6uImC@+lYqiAN@cWQZMS~x<t={F
z?$=uxQb(X6Up8aV9bNrZ(>H8K<^K5_m7}o*WId|``-`k>j@8vKU87FSDs!XJ__*@Y
zZtO~ry?g3?dCM`k-2RRN;eL}=nr8XBz%f>Z3x~TfPp2QXo^erhW|{peL1SCefTrnk
zOsI?fLQ=+yb1Ci_RyVJ-+U{WruHj8*2cusvz*|LJ(QCLdau*oZeGcaK2<AR%toDS=
zB!jsRvBH}?rHuPkS;cC8fmqztEp)}>B64o!aXlW_NpT?`3)MYcybQ(KYRs%ew-%Us
zB<HWhynEN^h5D0(OMaoaM?0>Qu8sTIt^0gEU(eUCdi`Gj00960^#YSh0PGq7qfM76

literal 0
HcmV?d00001

diff --git a/assets/rke2-calico/rke2-calico-v3.27.001.tgz b/assets/rke2-calico/rke2-calico-v3.27.001.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..f4375266159b99a141b86e86f596955cbbc0364b
GIT binary patch
literal 8707
zcmV+eBK+MSiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYcZyYzWD8B#x`co7}0b&R0p3&30bACR6EGvo5#_~Y&N$!CW
zcsboQGmO||hh&dDs~EUn<9@ySNiO*4=kz=zD{?lgMi6V7WU=_D2a8qJ@*4NUm@pcP
z{^^WJ9W6-8{_>#DU@#aQA0FC&2ZKTT-@%Kc<G<`39v$x=9u5xoj{Y*(J2)8Z{RIXO
zi$?d8D^28I2A|zmdvO0E58+&BqN(6&7y!gX6DFonOtfYgQPJllMU{~lhoI>cB?(1_
zl4v0VlF=VgDk}I8=KBH3vg+qSwErR+1PQ8G(oEZz=Ui#Rm;yaRcxQn@0SqQW!l~Vd
z!Azt$gqhZv8ut5{6u)4s-5!k+5v#}{Vz47)k!$yVzl#GJo4&ScO;a*O)t?}vA3vCO
zQO2i%8SxNmgb^r_%NW%#2urwAs%QB)ibdM&qVNCF60x5WrBN2IK2RRBJVDiu4WX%i
zdp<j%yGs4_mAX&}=B>pT>;=o~U#I^$VL7UYX8;@M|M2*D(5C;RgQF+<e~f1bED?-y
z#;!1ys1;BJ1XPAGB@AZBQkYO=3Ea$RJllnv8FE)Vp_uGKERkrmZ7hIb2V%iBp`7xm
zCG{+4%ojQ!ri)x*0$R92!kEKDL4p|*3rt|V06nA1VPGi+2v00Pi7IE>fG@}*3U*v=
zhpHVyN-~42MBC;X7v{D3GeJcqCIw1{-b>Jy28xPi9LTi-F|of}Qxyd}!48~#Bx%NQ
z2w|vDhZD+{DynE2%a>8#j5Tz<M!zV*gLb_k+<poI>iDGP%9be$uBBijMmW9`%#66;
z*P$8L5PDoB7)rq~y3WTaIcijf!}+FRX4>`w04S$y2)(n9RB7d2<79%d9zyRzT*Wg?
za%Ssq>Hu||Yzz17BgVP5V3CtC!(<3r<`@7NpbYhog5@cWSU#nEMD)xybBI^nj-;5=
z1WiXhE3yppx<Gv+<n_?@Ii6-icuke<BLKe~4xS`Do}uiOuO&|C$077mDy5K^cy1V)
z8WV;eJx;E5e@<kd(Q)4++@IUh%wnwircDP$5o!0*gidp_?*w1H;jt}cBMVY_NG08Y
z-PmcaG@zMnpuDR!l;Zn8Oz{G41pivY7(LmRy_OAxv=kSu9ti=(XpDv^eh@KXZ^uUV
zT;c>J@)*@_MdSvuGUPQ8G9}ufK(Y*p1ftADxY4JE%50am+a^gtogSh#O790hM`n;O
z(?w`!g7T@Sv2uy)1or;tz$h+PDCa1L^{qG|OkohjD7B?6v*q1>G9+OCFlGKPk*0!Q
z7*!zv(2HzFwybM*?5mt742MCm1DEKu3y}D0j>^n2Pk_;sYGsw8YE?@m05Xw8fy6>D
zv0P&ZYP?~6OI>FoVM(GTg$8wMcEsGMRxpUJdch7{hy<^YVO;2SD-q$fn!^T>8{Q(+
z5E$k8M+5XUS6ZY{(^uDn&O~xj({23}c_@sGk!=R>gRNGyJvV#Fu8zbhRa!1eqPCrE
zm~;E`Z82TN-W-BwNc}edDK$QTN|W1*4)&vi07?{wkcjviWkf~b8pfJ!0X^2t>{~Le
zboF4$#F*H|YN0fyuW>?hrZ3B`9KU6`(P~f6Uti7-JKi1JcV@2b<k)>}#qD?jKT)2D
z8)ZpL1vDe6t7QAslE(UEGNGL6MJX9buEhysA|@JNF%e%YUldri{j|OU2FwkWIL(Pn
z&YE;>_(~fiEnq@F!sXx3_JJyuBkb%Q9qt*%k3{DZU!%rYzn!C$G{GVCPG=Zjt2})>
znJ__;S5jOfe`)YB(=bEA^lT)g9>U)SfBRbikhnQK<4Gnc*YCvlLg|y(9f*3brN~S}
zCZ<<7M@jYKYN3YEJLeN&3O**;SwmDlwEkDu|23u=GrC;=!wgx5Qbjs@fTO?${eSQ1
zaKEMh9~~bbKk5IE@!a0_zkw-o!)vfoa-C9a7#cC+D-#^K{-*!wQ*e75noUhPLa(i=
z*rq)QeKk6P=tp;^bgU)n<SS+UuRg%=B^ZfcG;1<V=oMVAcQ?SulP;v1&?8xIX5_S~
zzNzkSpe0SO@`+(2y}liMf2q?IP~239pFR!ORPxM!X)u9Vx}aRTB~{HVUR`stlB=d}
z1!E(>(y=?It<|yMhUyt;kujVjTRz<cc4utf8nrgnF8Qj^ZHF%lZVAk2w8ea^N38%O
z37;Z-b&ZQ%_-am=0arrkYUI|p?ER(HOL<bgd6v*vL(fn`&jNnlv7xH!zkwG2LsAB<
zI$xT?*FW9--|E2b|Dlo9pJx-=#Qz6}hb{j9;&5;9#Qz`TvHYJ-fbfMm&=nM8mp(E}
zZw`dbxAw4OPIp{r;FN)v3kHl~6e8E~EEYT_8lE|uVh7ykE6ObN=g%$RPoJ7L=DpyW
z@?;2(jDr+4Nr<)wFK4v1RtgKpzgl6r){6{>@HQjA<`@(pOuHyHy4&q-r6cz28QTb@
z3U`ZYuVYa5PxuYS$A`#cuw3RE7m>B0Y=nA^i%y`|xM;z2C(6(bdNa1=`Li46vbfR9
z?X6{De|Qe|^nA{<ng3gY{44>miT@uQ@3r~=@!tLu|9_0<kIw%c!*>VwHzaGzgJlt5
z+lMh(F91rOUzp<Hw_qI~bwp6qZnM#5Df|YMC&)D%e)<%IVHn&|iuob@u42ri+#$!R
zlKTiU*SbTJl?C?|Wgf4UvaDVHB+RyXR`7qR`mr^YhNYGH{vu%0{qNph%l@-JIC#4M
zeVoU!?argNzZmi4^OY~V$}l!(Ymw6KBRcea!(P#{H0v~A^p;Hm&%B4kHs*r}euIe=
zsX20=NJ$pYH*~k+im_rND=HLVla_I5_!6c|om2)Y-)cfRVf8k#APiNE+gY%ddR;%p
zs{2;QrGUmX(~Iu)Zd{~BG#d%QRMBChuo!#y@;9pXs;-T?@T}RtAA93Up<KswaXvbH
zO=E2>L*5pn-{yKMD4+JAcUJ7P9`cxEDt8$4p!ehd`r+iF2fdgka>-WM=<TlP9XHTB
z{+-b~E{V^s#t&54-mH17Hb3>fcHXF2*tBZxYltsxrsgX5{2u5ngZ3hoDO}U}3N-KE
z9Z%{V|IycM?TkFo0+cgy7t%KB_eqjSRO%$xBC(fTRPY}UABx()A|>2vrYBS?{jJD(
z(zAD28%Mty&t9X4rQPBFYG~c1B&odrN=5v<HlPl5+_T_7Wf%{aL}6+6Ew%oAaK`Ww
zkEV<*oe$aqwk+rrv1MsfzAhav)(!MzbnakmHOeMFE5`YxSpRE3-TJ@1T6fM358w{E
z$^ZLs@1SM>IX>Ed^8bF6#|o;-k)q_*j<nmCYB|=g)s`JFmRWiowt-WCS<R_qnM6&m
zZ6T)>5Bqkh)2*0U9gh{P>`O1j7kRqrpJpU|F!J9>{|EbR|BvH?gBMTq{}|65DDQl9
z^2SlnMv7bZ=DNMD^vBZeD{9tq2Ei_eukO~%HUDkN_}))9{kP07{lOqC&Cp@nHnWjK
zY@+|8y%#O}-{JAo{r}@Uoi`H~#aee=PPFbI02(1=-o*-k?LLSud+|e0WXRQwPIM2v
z<5l^_2B3)qLsd8lL$6nQ*Vx+5mDf2|cVqbQD9N0M))i_9y+H$?FTI?1ezvCnocme3
zyGF2q{`dFW@_&Et=;+D+^HH8U{f~)`XO+DFFEQRs|JA-&e^uEe)a$>hkYw3<Xy5`-
z)Xc?84xwk%02iceFZe!v3adAM6!7U&ug#MTs2zAi<h6?t`!6vDqJTgqF-(x5J-W<<
zxQ^hRsc=IX1Hst>#t7(QA`;UiBT{>CV&WpxN{n}bauCw+4=n(>%6;Tn-Mj=;LClbF
zOd!u7lT?`M9;QYjDW5_jZg?XqCu&TG!E{(5k4uH&4bth%%vgBTTP}62!b~t4FNSvD
zp~~YJF~OwN;0kWw=C8gHDpqS(<PsSYg~gime2w~gf8JsO6gU-Lxz-=G;O6xpl7d~k
z=$(3KN!8dN{v!AdxIh2>wQAQ8E}i|=qGzgFx*3;u@7^RDexyf!Z7y(*(ihEy(nXkC
z5glQkgsY<Zsk1|WOQq63Q9b+KHSrY{$~lekB#uSS^~DNt?jn|K04K_FFri;@yLt00
z{6&n*Vfs*$+uL%_taJ^Js*wT^IaNb=-wUg)-23@oPlWzUKU>QGz0fXTmNVw#SMQ(&
zY_$I!x9orW`!5ck^#4bBtPec$`3Z9#^ROHyvE)7P?ljih2D=)CVR%PRsM}j-G_*`(
z3wN%_1;aVh)i26)Vn8_T>i$5^bE+9`*lt_b>;I*7{B_Tk^uHgvc}YoDL=bN87_@=@
z_l^$t+UNflM^FAgkMex>;kc8aD}T*pnr?5O?I?Q(-U%PG?$g9T2?5495wd(=#;dt-
zb*oPq^*u=}9Kr#)mJ1g_U*vsgr+O%WL(Z*6KSS5b#l^p?)ld$Qnu(kxHn4w;&|yYB
za82LjOw)|j+V>4$iV9-FO<R&AE;iL3R?4ZY!sE{;un;+Lbk!uLVvay6ob`-oxG_hZ
zZcrAA0pXGM5U92uRc<^&dM^v@jzeREap<!KRJfoE)eoH`M97_f8Y-_L4B<Ch4WPbH
zx@N~$bNlBz3(YILS5|@DX&pj#YR3>_t&`zI$WYJFbY51dP9Zy9>y(1w5b&c$$q5S$
zyfN_s!qrK`gGXI!8^Ye-{u&+aMSFumH0baDwN|n}IEV((-rj*JI4s1)A75H*&Hpoz
zD2#JS^}-z-x3>dtwErBm@_+3gA09pFe~<Eb{;x2dqdXO9W>{wL|KE%DkHSF@qEnKQ
zF=bR!RMFq_F?u47zN7lbMr5k>$HM!HksW7w@eGLz?HG<>zL>Z`WDajL<X5Ii5w02q
zJGGa&LS=MGyGc(CL;t8x1y@=UYFN8zgd~X?GRtk|{(NtYniTSDB$5J-J6hk}5bh4#
zu@Od5K{yd%)(O6$b`r+K4JIQgCX}Hyy$|8*Z@w-KF`1-u%5YlGWndePih?s06Q3@q
ztWo&Uzm_7aFQUsDbn?Rw0f0+h<6nI}6H1SWo_+0p#)Y)-zpZ=OYbyOu&%-hCzumFW
z|476QzacU?8J&M^ndFI5dFlmIW~N>lY3p2VmGu<JvmzCZccuf9q?9`mP9|uiSgtVg
zy|-YTGD1_+RhN;(4ovv0E+M3p4`JY}TIAypj*pHGj(oNA(P=e>w%z&b+MMS6ME$oy
zZ%~rCktAQg$(6n|B^QEU3Ss9!;SZGO9~<>-ofE#W<$0DdOp$BCzLO%)R5!@4-CJ|i
zDorsv@U4(zYBic7#g-I8!_)wZN`s9Z=U!=TX^eHEY_E^osYH^z<!oUl>08RsxjYxs
z+vURdrMcsu|Jhpp8@1`~SHJdIFaP%r506{%-}?v0`%mY;M|pN&gfgW{S#x$7d}WjT
z$()xt{2F;WNqN+Athy;t<(R|~$@NS~`cE(a|Ed~}sNPO}DcCkw%!WUC-c2%EXP4$x
z&s`Bz*{~WGYkRCz<twAb)_;^+zI^G8<kbuGse5W~=2-t(T1M(XtkJ6tlsL<~dp}1x
zt|9AAR^`uWX|)fn*Le9O&ysq*+6|ETc|&wOyZcNPuYS#iCY|UtaHu2qyY=|66H+1J
zG_0x{pASn?O=H5s#t!j2v0ZrAeQ2{?Ee&x8F8m4J4Z+qcQj=K%OzBh-o9EJkh&m@D
zD@WLxnjQEFy^+9X#uO6X+0b2*Yhg4-%BR~c<4THNHDb>fjLcA7FUOP{Eut!0`SMY=
zhWTZBuPEFp)VOLwNal&XW9;=5JLNlqso<)?5;V~`$yxdGo?~n-|7UQAr7^V#rR%0}
z{qXxXXodb0W#<S>T%A3wN?D1RD61@5>zpT!tR|*}yB$9nohx^wpt?wss-jinTMmp^
zH3X7TWdk3UMqo<o2ip~I`(|<TRfQce9ZIehu6o^u+A8e;TMeXZY;7cMI?@%paa$5=
z?#5!j?Z7#=2M6l{Va<^UWGv>m+f**fT*5Y0mD#(>Cknr^$X2WM0L$Dl>Fa5*q^6~g
zL-2-A%BO2sV_D4_9q3k_uBYgg>#~y6!)`a<ZggvLAl})23FQXD^$k!%sKWE15TjWp
z1XKRkbv{N<{|u$-Ksbc)G}|<g3dtJgYw+C~*TR|pp}My6!{uOIzu_E~R7k29F(Ycb
zeg1psp3cm+5=W6FRLR_aC}5l?)6W!&pCtyVkD}g2(edoGJTR=&nw$E@Dl&Ikp|^RK
zjFE}>dKJd85Hg{B8+5Is)|Z-DrG+F@+@v}xnn*fdp);(R&=zL(5p?tM2k;BtfuHIJ
zWm+>)@4^k1S9FDfUkV9-Xk019d~x0Dc-4e?pbdF`XX*V=NYqrGiIJ@`k997)x7?O0
zZKXuKT{XR_Na$n%SEr||^@7p{zs+!p%CWmdh^tG4-=B7zHaroGi5s(1WX|jd39LVA
zgDJ!)HJ#Add6s6m%!G29QCp)HG9`>H%tlpamy*gh;(Qys-P>Odd@A?xBD2E7OtFLi
zy|}?SN&~EkhDN1TORb~I^z1vfxYYVr?snQjEyl_#7B~}1*9pg{hQ&>VzrX+z$EY4>
z=~o<%3`P!%t__l_inE)UQO)B_kvF`|-wl-e6ODDkT+Jo6RhU*QK)xiy`XOPJ+P9sq
zWof`(;CE@eOQnrdv6;tZgIitOTct(UxzHx<VR<s|IG0AH8{3GpHA1RfZ>nm`-Lcw5
zhToK`)Gz^vXBb~Q>&)k`yEnT~?!Lj$rGHjj%U<)q$xl}$9k>e~P^jHCPbWg-B`aI4
z@E0+z8G)qW<%>I=d^$wG^|J6eNbD_R;+%O%mPwIGYV8Ihsm9{8&^qzmTVHKBLlm3v
z4yKb%7V&_nY%6TH(@LQ(v8su#b1^H2In{o9J8cBSq$VFw(Wz0C%1>QbD`%}7Qo_m9
z-isPB;1gY}=6^NFo7BpcNNlNQ{z)A`?{xp?Ewp#N2HfcXy?@lY|2x`y^8b09XX!rf
zm0RQOZ}c|b->KYwA;^Afrf~SKN2088safM0YBuC0PE5DUmx^ngbUYhbGpauofp2)W
zrvK&@=ABr;Ci>q$UZVfw7Y9%D{}|7Tc#H;lZsYs5hEO{`a(5fT9aBB>fBQ@=zt6KZ
z{ol{^$37eA|LDbWJO9J}@r%PJ`hSe4PX8p!ROO@dy1dB!Tn4aR?04z!Dlua;Cd&B{
zszwa2Js<zjh%8=((E9l0c69P8DDGK_b5UU_NVxoZTs`1*b3E`i@yE?C+f@~p+>f{G
zven_gPpI|w;m|v9h1z}E&m4H&RSQfdiR}@X3TK73wwsx_0VdjBb2fzLhENTY8q_L;
zNQ)9Qx>NBODW6u^1>7mv4!=U-JA=W<B5;MV;E5W-@xa$x6)x^Q?QM4TF<Rei+hMJ~
z{dA|yt017dTXu2Z<v%5A#=z!xjzwRNFo!b6d=-)1KhnJRA<zQ7^T~zKBZ&&RuGNc0
zni8H2Yp<Z@RZx5FY|n43LtneP8^@f;kkN7R6>(@hg)?+xZHgx~P~9hI%P-C@L0O`f
zYCAQCzGMwqOEG)<&DKj~V;<!5?jiql^6vEe4;LqI&aOr$r)RBU**M%`;VIW{J9_)t
zw(M&3trY37RRHc|&;AV9S>~p&;QjVHv7KGN9i3gCynB1Ovj5@IKI<OCyYuhPE>Av`
z@XjyJ-+efLbMoEUhab-_ug>3IbVI+rUH|pB_UtduM{!;EhGd;H;_$03HH!nC3JZJt
zQWIgX;|XhQ(OS$%bLcB~dvROS#3}3C-4Bwhsg6}gv}y5_^VLMmXR>=E5*)(da4-m#
zr*S3JqFax3RU=ffq?x{J_b*<&=;(d}bjqndUBh3UkvBBeC}Ev*Q!?7}8ym%Kh2yXG
zlZDG=noPIj6R%I+om{<pdwKTZ-T#bMP+YaxoB4BzLhZdxFVd<PhBk64^kfwlS1xUE
zbu)O?R$bG~ePmj#C`&WFXctXdFZyft<Yu9=rZKc6$5PdfsMPNB-<&X-xIN-_S}c>_
z?fV}G$4lqG!T#Y>{Kum_JD%fCH9TX;;TaR+I?tfD&gR>LUd`CrgP!^C`EwZ9P|zLs
zVa<uic~a&Rt_oaQU|ZN*m2tHH>bp@R$8XOCiQNOtx0Gp=_isPK`?qEyzAloR-V=rk
zw6R}Qw-;*n1>=_Myt)LwC!po@%l8D-2=RAH`9nauLVZs#=6q6oru&{C&POM2?4o~0
zdpEbA0pNS$K2dg003#vTy&GSm(JDV@Tl_sA<7wqy@(?@iA@<m|yQ}l-3;puD3-@V!
zZuG5tc3e+Ac%Sxl-}~kEE(26EMZn4E+}jgXttOqojHtikqUi6L7FXKlI*gwCdjDSw
zrA8HNji}%i-&XGW<?~W~*oCj0s%B)6huOgB8U9*Uu|sQMQhkT+viR%t^0iATV|^a@
zG=h<Js4etypGZbZRGF~1sHO?ngoj0r8ei3gRZ`^&BP&8T4zKp(!Q_8k|GPXpdHv=r
zN|OhJ?w$?tzemUI_}{(#<EQ-ZkMr#KP~IT$A-z-qfg742TL4K!rZL%tG0~b~s8MN5
ztg|TiR6{M#O#id;xKe`Ux^R2@dwHVUg*lZvCk#>&&nP!<O#3mB7^bKR0|SQ%lBlRa
zEpumn1^PxnN`4VFW26Cp%0!;P1<`bFeZZLaNmauj2%)fT#)5N<HJuyu#;9))dA+l$
zX4`EHjrJ5f@1%}~9?k#zzyFVd3B!+c%n*o-XH=v0g0@*7gw(|hdsZbTwV*j~bWyvI
z8x{kpNODGGBdHZnKw~`Pf{7_LGw1G7DWBSbp3Ve~9ay3XWQ=gE8Z36<W`=r(5~wu*
zzsFajZ-0I^(>hbbe!nUH5)rGKNJt6g8ad%H_Hmp|`nkd|CJI$(em>s?r3p`nOu**9
z*oF5$QJ#n!1>av>Rh?L{DUGF2Vxps1q<!RJuKIpg_!CF}#x<^t#r^Wnu-bY3`XoOG
zA>sXxqfyn{l<HYNw!Jh)*PmyZ&HrSl=y?#rS#5=VBCtu$m=#N6Qro}fM)zA|g2ei{
z??T4%!lPFx=b~<j10;=S)_iV3Ew%G|yaCq;)F6ZtZg)jW|A|Q*2Y*cuG%a$8SW0sn
z$E>PpT&w@S4E_VNj8mso{roKImj%yvE$-G0&&sbNrCR+XFJ=R-LHCu=GvI=UVvdrL
zg{}X-`0;E`37n74M`oSuN7bHhx%p}fKL5xF4{1iT=XDO`X$L3=q;`vE`IyldV#^tX
z1i`~hVp@+<H7LJ7y*M{3H>F&e`G`3U-OuMO#s#|MLolP$8Cw8OCT8qhTVK-_Lp&dW
z|AZO5seBus8AbiMU0Znn>bnt0k=r<LrAd5!_xTu4v*#`nHYOZMGDoSYLJQV2$AVE=
ztUTK^*b#@FAK7f7XiQkSuFWuxC<u0nbk>wlgJ3VJTtVxoy42VbGoh#!auEdq0Q}=0
z{|I~{Xj^9bZnxWJ;8tf+1w@0ysY?uKZ|It4`s!Y~frIs8*R04WSVbdr+&vYYoY%BG
zI|irNQSJj;|Iupuj}?8}wuQ<Vm!hr4m)c_p!_5fpz<*~`Nv!W)F!FiDLAu=BFh7X)
z4_s8nX>Eo42(&_02q71tux>DR2bJov-F4-Z6#d;06_huZh8`_UZ`-a<3|!z1%A%bz
z6Oo~03rKK+J|Nie9M6r{q2-q$S12ut*3#REy$(E-J1v}z@XCw1br}*#>9a2;#e|wE
z-Ul12cjI!vuc~!mYEA9Vle;z#qrHqZBA%h&##Q`}(wI5#YMTuL194*{;f!X*r1+Vy
z-zCqC<hk(!wO`1gf*bNJwh6j{6j&8Uwjv?D!!sJ#jX$y%+xDbn1Cq*~Z0L?({;E66
zf?U3@64g%PvvFRH1uAYoAPn^)!<Q+_DMFaR*SEdm7Oyvi+g{Dr!TvUdQITQZZ>EZ9
zdL7qypFVy1dKsBYLVjsXmhvqwakejoS;&`Asp+qOU@V(1tbZ6xYk5)rh&Xwt|0UGE
z9I6`y^8Ll}?X993qfCm#)P~>ew>ZoR=hLT+Lb~Ag9*A{0C^+l;!OxMVni)9Ti1WP&
z-tySVf&#f2QBZ!T!wC+<Yh6?h5WWCmllgj4x<=}Dabpk0rLHpMQ*uBTt@+Z8d)M;x
zmv+{|Fp-N;=DbAvKjE8iE`-M6H{aM0RGZ|ZxU_W%I?F~@M9u|GASEs)dS+7&n)eHl
z%QCwd{DdIU070vH%qbel82qR6vC4Ip>mrde2Z>=laaqy#4b?M|>t^?+km^EW`u?4m
zJYfukJwrIzkIF8}WzMVp=1YdfbdHIdm0QXee#Vxn>2~g>9i&l;kjEGVW_F7en!9`W
z1xZ<vL3NCva;nLgp*ztDrD04Ijhknmz;v(!OX>Qp8AxRqQ^MSMtV4~92i|oaW43rg
z&0Z`MxA^@N>=Yhe#X4l}9Bnt33o53{YzXT*XA8|1cS&d}Rn(>grK(QeMaFK4Dredq
z`--pR?D$ky7F9chlw<~3|0$kpTv*>WJ9o<JuO214GzDn)y#Qaaof*6}RZ*}L?7*2z
zgFS>WRH(xVWlI%RG>zrUsBgv^`j2SX&kS_<$A2<wUfg}4f+=#8gf(@gj7XBAM(M3z
z?yLk?@eEU9upbkJNw8C-OX@K3H$F{tGCGGu#JSlSww;-_;dV!|a%1-EDE3K4cRFtt
zqI%C)8OA}q-7tV6_OJ9kT6X=hj$}6Ob7}VyiKWc~6EguTH`fvicJb{#gI~4BT~>6f
zs9R0AV6Q9BoBv^o7v4*9jGjcwUdskTx=$mm9ti=(yhZN^5fk>-hErV@Q?7O^g0hj9
zW-GgUUWWq7G9(g+O`O%B{vwNebNe>7*-|`)kz`gLq>HdP6Zricz|sJQ@c!pN{bnxj
z_v}tCzni|ijm<>V0#WTyjSR|pVX7_-%U&edoPdTe6(VAh&4^)i=M!K!(J*F&U+<PV
z`bn-uN^G`5ws4jzqkmu$1u^;*$OfkO#m9yF!<6~IM4Ae2y`cjD+ufFR0b=qh=Ls_c
zaR)BTV`35U?&hpt?)*$7-u7Sy^lDMavt8iT*Bzh?7B)v~n$qI44h3OGLFM4;Ip@2Y
z+xXo(w^QlUD`CMqGNF_;=x59-Pz@*a5O6ZVSP$VsoVm}%1yF9$A)Gmvv3j*D55KEk
zumcx$NBeDt(DuP^<`@@h2#oUlquqhI(ju*g3vAIt(2P1LWt4;ElU8mA#)ogTq#V)p
z<OmKzErW<--CB756$MQ{*<n!nEVeqg0VOt{(_#p}=42635tQzNwRZ0FKi0nJNG;ZE
zHG<x7a(Y$Rjcw`>ZS@f?;6iY88!4g6Dq&U!vNd;$tyXh?HOs|N2mW7|)O=*CJ7+!%
h5WuQyU;57Q>3Mpdo<GO){{jF2|Nraeg}DH-003GIJFx%&

literal 0
HcmV?d00001

diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/Chart.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/Chart.yaml
new file mode 100755
index 000000000..b4d4d2714
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+description: Installs the CRDs for rke2-calico
+name: rke2-calico-crd
+type: application
+version: v3.27.001
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpconfigurations.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpconfigurations.yaml
new file mode 100755
index 000000000..a53e60085
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpconfigurations.yaml
@@ -0,0 +1,185 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bgpconfigurations.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: BGPConfiguration
+    listKind: BGPConfigurationList
+    plural: bgpconfigurations
+    singular: bgpconfiguration
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: BGPConfiguration contains the configuration for any BGP routing.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BGPConfigurationSpec contains the values of the BGP configuration.
+            properties:
+              asNumber:
+                description: 'ASNumber is the default AS number used by a node. [Default:
+                  64512]'
+                format: int32
+                type: integer
+              bindMode:
+                description: BindMode indicates whether to listen for BGP connections
+                  on all addresses (None) or only on the node's canonical IP address
+                  Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen
+                  for BGP connections on all addresses.
+                type: string
+              communities:
+                description: Communities is a list of BGP community values and their
+                  arbitrary names for tagging routes.
+                items:
+                  description: Community contains standard or large community value
+                    and its name.
+                  properties:
+                    name:
+                      description: Name given to community value.
+                      type: string
+                    value:
+                      description: Value must be of format `aa:nn` or `aa:nn:mm`.
+                        For standard community use `aa:nn` format, where `aa` and
+                        `nn` are 16 bit number. For large community use `aa:nn:mm`
+                        format, where `aa`, `nn` and `mm` are 32 bit number. Where,
+                        `aa` is an AS Number, `nn` and `mm` are per-AS identifier.
+                      pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$
+                      type: string
+                  type: object
+                type: array
+              ignoredInterfaces:
+                description: IgnoredInterfaces indicates the network interfaces that
+                  needs to be excluded when reading device routes.
+                items:
+                  type: string
+                type: array
+              listenPort:
+                description: ListenPort is the port where BGP protocol should listen.
+                  Defaults to 179
+                maximum: 65535
+                minimum: 1
+                type: integer
+              logSeverityScreen:
+                description: 'LogSeverityScreen is the log severity above which logs
+                  are sent to the stdout. [Default: INFO]'
+                type: string
+              nodeMeshMaxRestartTime:
+                description: Time to allow for software restart for node-to-mesh peerings.  When
+                  specified, this is configured as the graceful restart timeout.  When
+                  not specified, the BIRD default of 120s is used. This field can
+                  only be set on the default BGPConfiguration instance and requires
+                  that NodeMesh is enabled
+                type: string
+              nodeMeshPassword:
+                description: Optional BGP password for full node-to-mesh peerings.
+                  This field can only be set on the default BGPConfiguration instance
+                  and requires that NodeMesh is enabled
+                properties:
+                  secretKeyRef:
+                    description: Selects a key of a secret in the node pod's namespace.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                          TODO: Add other useful fields. apiVersion, kind, uid?'
+                        type: string
+                      optional:
+                        description: Specify whether the Secret or its key must be
+                          defined
+                        type: boolean
+                    required:
+                    - key
+                    type: object
+                type: object
+              nodeToNodeMeshEnabled:
+                description: 'NodeToNodeMeshEnabled sets whether full node to node
+                  BGP mesh is enabled. [Default: true]'
+                type: boolean
+              prefixAdvertisements:
+                description: PrefixAdvertisements contains per-prefix advertisement
+                  configuration.
+                items:
+                  description: PrefixAdvertisement configures advertisement properties
+                    for the specified CIDR.
+                  properties:
+                    cidr:
+                      description: CIDR for which properties should be advertised.
+                      type: string
+                    communities:
+                      description: Communities can be list of either community names
+                        already defined in `Specs.Communities` or community value
+                        of format `aa:nn` or `aa:nn:mm`. For standard community use
+                        `aa:nn` format, where `aa` and `nn` are 16 bit number. For
+                        large community use `aa:nn:mm` format, where `aa`, `nn` and
+                        `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and
+                        `mm` are per-AS identifier.
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              serviceClusterIPs:
+                description: ServiceClusterIPs are the CIDR blocks from which service
+                  cluster IPs are allocated. If specified, Calico will advertise these
+                  blocks, as well as any cluster IPs within them.
+                items:
+                  description: ServiceClusterIPBlock represents a single allowed ClusterIP
+                    CIDR block.
+                  properties:
+                    cidr:
+                      type: string
+                  type: object
+                type: array
+              serviceExternalIPs:
+                description: ServiceExternalIPs are the CIDR blocks for Kubernetes
+                  Service External IPs. Kubernetes Service ExternalIPs will only be
+                  advertised if they are within one of these blocks.
+                items:
+                  description: ServiceExternalIPBlock represents a single allowed
+                    External IP CIDR block.
+                  properties:
+                    cidr:
+                      type: string
+                  type: object
+                type: array
+              serviceLoadBalancerIPs:
+                description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes
+                  Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress
+                  IPs will only be advertised if they are within one of these blocks.
+                items:
+                  description: ServiceLoadBalancerIPBlock represents a single allowed
+                    LoadBalancer IP CIDR block.
+                  properties:
+                    cidr:
+                      type: string
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpfilters.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpfilters.yaml
new file mode 100755
index 000000000..49dc53f8e
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgpfilters.yaml
@@ -0,0 +1,130 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: bgpfilters.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: BGPFilter
+    listKind: BGPFilterList
+    plural: bgpfilters
+    singular: bgpfilter
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BGPFilterSpec contains the IPv4 and IPv6 filter rules of
+              the BGP Filter.
+            properties:
+              exportV4:
+                description: The ordered set of IPv4 BGPFilter rules acting on exporting
+                  routes to a peer.
+                items:
+                  description: BGPFilterRuleV4 defines a BGP filter rule consisting
+                    a single IPv4 CIDR block and a filter action for this CIDR.
+                  properties:
+                    action:
+                      type: string
+                    cidr:
+                      type: string
+                    interface:
+                      type: string
+                    matchOperator:
+                      type: string
+                    source:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+              exportV6:
+                description: The ordered set of IPv6 BGPFilter rules acting on exporting
+                  routes to a peer.
+                items:
+                  description: BGPFilterRuleV6 defines a BGP filter rule consisting
+                    a single IPv6 CIDR block and a filter action for this CIDR.
+                  properties:
+                    action:
+                      type: string
+                    cidr:
+                      type: string
+                    interface:
+                      type: string
+                    matchOperator:
+                      type: string
+                    source:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+              importV4:
+                description: The ordered set of IPv4 BGPFilter rules acting on importing
+                  routes from a peer.
+                items:
+                  description: BGPFilterRuleV4 defines a BGP filter rule consisting
+                    a single IPv4 CIDR block and a filter action for this CIDR.
+                  properties:
+                    action:
+                      type: string
+                    cidr:
+                      type: string
+                    interface:
+                      type: string
+                    matchOperator:
+                      type: string
+                    source:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+              importV6:
+                description: The ordered set of IPv6 BGPFilter rules acting on importing
+                  routes from a peer.
+                items:
+                  description: BGPFilterRuleV6 defines a BGP filter rule consisting
+                    a single IPv6 CIDR block and a filter action for this CIDR.
+                  properties:
+                    action:
+                      type: string
+                    cidr:
+                      type: string
+                    interface:
+                      type: string
+                    matchOperator:
+                      type: string
+                    source:
+                      type: string
+                  required:
+                  - action
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgppeers.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgppeers.yaml
new file mode 100755
index 000000000..61e1eded0
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_bgppeers.yaml
@@ -0,0 +1,134 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bgppeers.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: BGPPeer
+    listKind: BGPPeerList
+    plural: bgppeers
+    singular: bgppeer
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BGPPeerSpec contains the specification for a BGPPeer resource.
+            properties:
+              asNumber:
+                description: The AS Number of the peer.
+                format: int32
+                type: integer
+              filters:
+                description: The ordered set of BGPFilters applied on this BGP peer.
+                items:
+                  type: string
+                type: array
+              keepOriginalNextHop:
+                description: Option to keep the original nexthop field when routes
+                  are sent to a BGP Peer. Setting "true" configures the selected BGP
+                  Peers node to use the "next hop keep;" instead of "next hop self;"(default)
+                  in the specific branch of the Node on "bird.cfg".
+                type: boolean
+              maxRestartTime:
+                description: Time to allow for software restart.  When specified,
+                  this is configured as the graceful restart timeout.  When not specified,
+                  the BIRD default of 120s is used.
+                type: string
+              node:
+                description: The node name identifying the Calico node instance that
+                  is targeted by this peer. If this is not set, and no nodeSelector
+                  is specified, then this BGP peer selects all nodes in the cluster.
+                type: string
+              nodeSelector:
+                description: Selector for the nodes that should have this peering.  When
+                  this is set, the Node field must be empty.
+                type: string
+              numAllowedLocalASNumbers:
+                description: Maximum number of local AS numbers that are allowed in
+                  the AS path for received routes. This removes BGP loop prevention
+                  and should only be used if absolutely necesssary.
+                format: int32
+                type: integer
+              password:
+                description: Optional BGP password for the peerings generated by this
+                  BGPPeer resource.
+                properties:
+                  secretKeyRef:
+                    description: Selects a key of a secret in the node pod's namespace.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                          TODO: Add other useful fields. apiVersion, kind, uid?'
+                        type: string
+                      optional:
+                        description: Specify whether the Secret or its key must be
+                          defined
+                        type: boolean
+                    required:
+                    - key
+                    type: object
+                type: object
+              peerIP:
+                description: The IP address of the peer followed by an optional port
+                  number to peer with. If port number is given, format should be `[<IPv6>]:port`
+                  or `<IPv4>:<port>` for IPv4. If optional port number is not set,
+                  and this peer IP and ASNumber belongs to a calico/node with ListenPort
+                  set in BGPConfiguration, then we use that port to peer.
+                type: string
+              peerSelector:
+                description: Selector for the remote nodes to peer with.  When this
+                  is set, the PeerIP and ASNumber fields must be empty.  For each
+                  peering between the local node and selected remote nodes, we configure
+                  an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified,
+                  and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified.  The
+                  remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
+                  or the global default if that is not set.
+                type: string
+              reachableBy:
+                description: Add an exact, i.e. /32, static route toward peer IP in
+                  order to prevent route flapping. ReachableBy contains the address
+                  of the gateway which peer can be reached by.
+                type: string
+              sourceAddress:
+                description: Specifies whether and how to configure a source address
+                  for the peerings generated by this BGPPeer resource.  Default value
+                  "UseNodeIP" means to configure the node IP as the source address.  "None"
+                  means not to configure a source address.
+                type: string
+              ttlSecurity:
+                description: TTLSecurity enables the generalized TTL security mechanism
+                  (GTSM) which protects against spoofed packets by ignoring received
+                  packets with a smaller than expected TTL value. The provided value
+                  is the number of hops (edges) between the peers.
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_blockaffinities.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_blockaffinities.yaml
new file mode 100755
index 000000000..c7fccdff1
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_blockaffinities.yaml
@@ -0,0 +1,60 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: blockaffinities.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: BlockAffinity
+    listKind: BlockAffinityList
+    plural: blockaffinities
+    singular: blockaffinity
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BlockAffinitySpec contains the specification for a BlockAffinity
+              resource.
+            properties:
+              cidr:
+                type: string
+              deleted:
+                description: Deleted indicates that this block affinity is being deleted.
+                  This field is a string for compatibility with older releases that
+                  mistakenly treat this field as a string.
+                type: string
+              node:
+                type: string
+              state:
+                type: string
+            required:
+            - cidr
+            - deleted
+            - node
+            - state
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_caliconodestatuses.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_caliconodestatuses.yaml
new file mode 100755
index 000000000..aab84d176
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_caliconodestatuses.yaml
@@ -0,0 +1,262 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: caliconodestatuses.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: CalicoNodeStatus
+    listKind: CalicoNodeStatusList
+    plural: caliconodestatuses
+    singular: caliconodestatus
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
+              resource.
+            properties:
+              classes:
+                description: Classes declares the types of information to monitor
+                  for this calico/node, and allows for selective status reporting
+                  about certain subsets of information.
+                items:
+                  type: string
+                type: array
+              node:
+                description: The node name identifies the Calico node instance for
+                  node status.
+                type: string
+              updatePeriodSeconds:
+                description: UpdatePeriodSeconds is the period at which CalicoNodeStatus
+                  should be updated. Set to 0 to disable CalicoNodeStatus refresh.
+                  Maximum update period is one day.
+                format: int32
+                type: integer
+            type: object
+          status:
+            description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus.
+              No validation needed for status since it is updated by Calico.
+            properties:
+              agent:
+                description: Agent holds agent status on the node.
+                properties:
+                  birdV4:
+                    description: BIRDV4 represents the latest observed status of bird4.
+                    properties:
+                      lastBootTime:
+                        description: LastBootTime holds the value of lastBootTime
+                          from bird.ctl output.
+                        type: string
+                      lastReconfigurationTime:
+                        description: LastReconfigurationTime holds the value of lastReconfigTime
+                          from bird.ctl output.
+                        type: string
+                      routerID:
+                        description: Router ID used by bird.
+                        type: string
+                      state:
+                        description: The state of the BGP Daemon.
+                        type: string
+                      version:
+                        description: Version of the BGP daemon
+                        type: string
+                    type: object
+                  birdV6:
+                    description: BIRDV6 represents the latest observed status of bird6.
+                    properties:
+                      lastBootTime:
+                        description: LastBootTime holds the value of lastBootTime
+                          from bird.ctl output.
+                        type: string
+                      lastReconfigurationTime:
+                        description: LastReconfigurationTime holds the value of lastReconfigTime
+                          from bird.ctl output.
+                        type: string
+                      routerID:
+                        description: Router ID used by bird.
+                        type: string
+                      state:
+                        description: The state of the BGP Daemon.
+                        type: string
+                      version:
+                        description: Version of the BGP daemon
+                        type: string
+                    type: object
+                type: object
+              bgp:
+                description: BGP holds node BGP status.
+                properties:
+                  numberEstablishedV4:
+                    description: The total number of IPv4 established bgp sessions.
+                    type: integer
+                  numberEstablishedV6:
+                    description: The total number of IPv6 established bgp sessions.
+                    type: integer
+                  numberNotEstablishedV4:
+                    description: The total number of IPv4 non-established bgp sessions.
+                    type: integer
+                  numberNotEstablishedV6:
+                    description: The total number of IPv6 non-established bgp sessions.
+                    type: integer
+                  peersV4:
+                    description: PeersV4 represents IPv4 BGP peers status on the node.
+                    items:
+                      description: CalicoNodePeer contains the status of BGP peers
+                        on the node.
+                      properties:
+                        peerIP:
+                          description: IP address of the peer whose condition we are
+                            reporting.
+                          type: string
+                        since:
+                          description: Since the state or reason last changed.
+                          type: string
+                        state:
+                          description: State is the BGP session state.
+                          type: string
+                        type:
+                          description: Type indicates whether this peer is configured
+                            via the node-to-node mesh, or via en explicit global or
+                            per-node BGPPeer object.
+                          type: string
+                      type: object
+                    type: array
+                  peersV6:
+                    description: PeersV6 represents IPv6 BGP peers status on the node.
+                    items:
+                      description: CalicoNodePeer contains the status of BGP peers
+                        on the node.
+                      properties:
+                        peerIP:
+                          description: IP address of the peer whose condition we are
+                            reporting.
+                          type: string
+                        since:
+                          description: Since the state or reason last changed.
+                          type: string
+                        state:
+                          description: State is the BGP session state.
+                          type: string
+                        type:
+                          description: Type indicates whether this peer is configured
+                            via the node-to-node mesh, or via en explicit global or
+                            per-node BGPPeer object.
+                          type: string
+                      type: object
+                    type: array
+                required:
+                - numberEstablishedV4
+                - numberEstablishedV6
+                - numberNotEstablishedV4
+                - numberNotEstablishedV6
+                type: object
+              lastUpdated:
+                description: LastUpdated is a timestamp representing the server time
+                  when CalicoNodeStatus object last updated. It is represented in
+                  RFC3339 form and is in UTC.
+                format: date-time
+                nullable: true
+                type: string
+              routes:
+                description: Routes reports routes known to the Calico BGP daemon
+                  on the node.
+                properties:
+                  routesV4:
+                    description: RoutesV4 represents IPv4 routes on the node.
+                    items:
+                      description: CalicoNodeRoute contains the status of BGP routes
+                        on the node.
+                      properties:
+                        destination:
+                          description: Destination of the route.
+                          type: string
+                        gateway:
+                          description: Gateway for the destination.
+                          type: string
+                        interface:
+                          description: Interface for the destination
+                          type: string
+                        learnedFrom:
+                          description: LearnedFrom contains information regarding
+                            where this route originated.
+                          properties:
+                            peerIP:
+                              description: If sourceType is NodeMesh or BGPPeer, IP
+                                address of the router that sent us this route.
+                              type: string
+                            sourceType:
+                              description: Type of the source where a route is learned
+                                from.
+                              type: string
+                          type: object
+                        type:
+                          description: Type indicates if the route is being used for
+                            forwarding or not.
+                          type: string
+                      type: object
+                    type: array
+                  routesV6:
+                    description: RoutesV6 represents IPv6 routes on the node.
+                    items:
+                      description: CalicoNodeRoute contains the status of BGP routes
+                        on the node.
+                      properties:
+                        destination:
+                          description: Destination of the route.
+                          type: string
+                        gateway:
+                          description: Gateway for the destination.
+                          type: string
+                        interface:
+                          description: Interface for the destination
+                          type: string
+                        learnedFrom:
+                          description: LearnedFrom contains information regarding
+                            where this route originated.
+                          properties:
+                            peerIP:
+                              description: If sourceType is NodeMesh or BGPPeer, IP
+                                address of the router that sent us this route.
+                              type: string
+                            sourceType:
+                              description: Type of the source where a route is learned
+                                from.
+                              type: string
+                          type: object
+                        type:
+                          description: Type indicates if the route is being used for
+                            forwarding or not.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_clusterinformations.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_clusterinformations.yaml
new file mode 100755
index 000000000..0fb10e261
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_clusterinformations.yaml
@@ -0,0 +1,63 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterinformations.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: ClusterInformation
+    listKind: ClusterInformationList
+    plural: clusterinformations
+    singular: clusterinformation
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: ClusterInformation contains the cluster specific information.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterInformationSpec contains the values of describing
+              the cluster.
+            properties:
+              calicoVersion:
+                description: CalicoVersion is the version of Calico that the cluster
+                  is running
+                type: string
+              clusterGUID:
+                description: ClusterGUID is the GUID of the cluster
+                type: string
+              clusterType:
+                description: ClusterType describes the type of the cluster
+                type: string
+              datastoreReady:
+                description: DatastoreReady is used during significant datastore migrations
+                  to signal to components such as Felix that it should wait before
+                  accessing the datastore.
+                type: boolean
+              variant:
+                description: Variant declares which variant of Calico should be active.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_felixconfigurations.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_felixconfigurations.yaml
new file mode 100755
index 000000000..c7cbeea68
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_felixconfigurations.yaml
@@ -0,0 +1,869 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: felixconfigurations.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: FelixConfiguration
+    listKind: FelixConfigurationList
+    plural: felixconfigurations
+    singular: felixconfiguration
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: Felix Configuration contains the configuration for Felix.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FelixConfigurationSpec contains the values of the Felix configuration.
+            properties:
+              allowIPIPPacketsFromWorkloads:
+                description: 'AllowIPIPPacketsFromWorkloads controls whether Felix
+                  will add a rule to drop IPIP encapsulated traffic from workloads
+                  [Default: false]'
+                type: boolean
+              allowVXLANPacketsFromWorkloads:
+                description: 'AllowVXLANPacketsFromWorkloads controls whether Felix
+                  will add a rule to drop VXLAN encapsulated traffic from workloads
+                  [Default: false]'
+                type: boolean
+              awsSrcDstCheck:
+                description: 'Set source-destination-check on AWS EC2 instances. Accepted
+                  value must be one of "DoNothing", "Enable" or "Disable". [Default:
+                  DoNothing]'
+                enum:
+                - DoNothing
+                - Enable
+                - Disable
+                type: string
+              bpfCTLBLogFilter:
+                description: 'BPFCTLBLogFilter specifies, what is logged by connect
+                  time load balancer when BPFLogLevel is debug. Currently has to be
+                  specified as ''all'' when BPFLogFilters is set to see CTLB logs.
+                  [Default: unset - means logs are emitted when BPFLogLevel id debug
+                  and BPFLogFilters not set.]'
+                type: string
+              bpfConnectTimeLoadBalancing:
+                description: 'BPFConnectTimeLoadBalancing when in BPF mode, controls
+                  whether Felix installs the connect-time load balancer. The connect-time
+                  load balancer is required for the host to be able to reach Kubernetes
+                  services and it improves the performance of pod-to-service connections.When
+                  set to TCP, connect time load balancing is available only for services
+                  with TCP ports. [Default: TCP]'
+                enum:
+                - TCP
+                - Enabled
+                - Disabled
+                type: string
+              bpfConnectTimeLoadBalancingEnabled:
+                description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode,
+                  controls whether Felix installs the connection-time load balancer.  The
+                  connect-time load balancer is required for the host to be able to
+                  reach Kubernetes services and it improves the performance of pod-to-service
+                  connections.  The only reason to disable it is for debugging purposes.
+                  This will be deprecated. Use BPFConnectTimeLoadBalancing [Default:
+                  true]'
+                type: boolean
+              bpfDSROptoutCIDRs:
+                description: BPFDSROptoutCIDRs is a list of CIDRs which are excluded
+                  from DSR. That is, clients in those CIDRs will accesses nodeports
+                  as if BPFExternalServiceMode was set to Tunnel.
+                items:
+                  type: string
+                type: array
+              bpfDataIfacePattern:
+                description: BPFDataIfacePattern is a regular expression that controls
+                  which interfaces Felix should attach BPF programs to in order to
+                  catch traffic to/from the network.  This needs to match the interfaces
+                  that Calico workload traffic flows over as well as any interfaces
+                  that handle incoming traffic to nodeports and services from outside
+                  the cluster.  It should not match the workload interfaces (usually
+                  named cali...).
+                type: string
+              bpfDisableGROForIfaces:
+                description: BPFDisableGROForIfaces is a regular expression that controls
+                  which interfaces Felix should disable the Generic Receive Offload
+                  [GRO] option.  It should not match the workload interfaces (usually
+                  named cali...).
+                type: string
+              bpfDisableUnprivileged:
+                description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled
+                  sysctl to disable unprivileged use of BPF.  This ensures that unprivileged
+                  users cannot access Calico''s BPF maps and cannot insert their own
+                  BPF programs to interfere with Calico''s. [Default: true]'
+                type: boolean
+              bpfEnabled:
+                description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
+                  [Default: false]'
+                type: boolean
+              bpfEnforceRPF:
+                description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
+                  with BPF programs regardless of what is the per-interfaces or global
+                  setting. Possible values are Disabled, Strict or Loose. [Default:
+                  Loose]'
+                pattern: ^(?i)(Disabled|Strict|Loose)?$
+                type: string
+              bpfExtToServiceConnmark:
+                description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
+                  mark that is set on connections from an external client to a local
+                  service. This mark allows us to control how packets of that connection
+                  are routed within the host and how is routing interpreted by RPF
+                  check. [Default: 0]'
+                type: integer
+              bpfExternalServiceMode:
+                description: 'BPFExternalServiceMode in BPF mode, controls how connections
+                  from outside the cluster to services (node ports and cluster IPs)
+                  are forwarded to remote workloads.  If set to "Tunnel" then both
+                  request and response traffic is tunneled to the remote node.  If
+                  set to "DSR", the request traffic is tunneled but the response traffic
+                  is sent directly from the remote node.  In "DSR" mode, the remote
+                  node appears to use the IP of the ingress node; this requires a
+                  permissive L2 network.  [Default: Tunnel]'
+                pattern: ^(?i)(Tunnel|DSR)?$
+                type: string
+              bpfForceTrackPacketsFromIfaces:
+                description: 'BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic
+                  from these interfaces to skip Calico''s iptables NOTRACK rule, allowing
+                  traffic from those interfaces to be tracked by Linux conntrack.  Should
+                  only be used for interfaces that are not used for the Calico fabric.  For
+                  example, a docker bridge device for non-Calico-networked containers.
+                  [Default: docker+]'
+                items:
+                  type: string
+                type: array
+              bpfHostConntrackBypass:
+                description: 'BPFHostConntrackBypass Controls whether to bypass Linux
+                  conntrack in BPF mode for workloads and services. [Default: true
+                  - bypass Linux conntrack]'
+                type: boolean
+              bpfHostNetworkedNATWithoutCTLB:
+                description: 'BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls
+                  whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing
+                  determines the CTLB behavior. [Default: Enabled]'
+                enum:
+                - Enabled
+                - Disabled
+                type: string
+              bpfKubeProxyEndpointSlicesEnabled:
+                description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls
+                  whether Felix's embedded kube-proxy accepts EndpointSlices or not.
+                type: boolean
+              bpfKubeProxyIptablesCleanupEnabled:
+                description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF
+                  mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s
+                  iptables chains.  Should only be enabled if kube-proxy is not running.  [Default:
+                  true]'
+                type: boolean
+              bpfKubeProxyMinSyncPeriod:
+                description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the
+                  minimum time between updates to the dataplane for Felix''s embedded
+                  kube-proxy.  Lower values give reduced set-up latency.  Higher values
+                  reduce Felix CPU usage by batching up more work.  [Default: 1s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              bpfL3IfacePattern:
+                description: BPFL3IfacePattern is a regular expression that allows
+                  to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
+                  in addition to BPFDataIfacePattern. That is, tunnel interfaces not
+                  created by Calico, that Calico workload traffic flows over as well
+                  as any interfaces that handle incoming traffic to nodeports and
+                  services from outside the cluster.
+                type: string
+              bpfLogFilters:
+                additionalProperties:
+                  type: string
+                description: "BPFLogFilters is a map of key=values where the value
+                  is a pcap filter expression and the key is an interface name with
+                  'all' denoting all interfaces, 'weps' all workload endpoints and
+                  'heps' all host endpoints. \n When specified as an env var, it accepts
+                  a comma-separated list of key=values. [Default: unset - means all
+                  debug logs are emitted]"
+                type: object
+              bpfLogLevel:
+                description: 'BPFLogLevel controls the log level of the BPF programs
+                  when in BPF dataplane mode.  One of "Off", "Info", or "Debug".  The
+                  logs are emitted to the BPF trace pipe, accessible with the command
+                  `tc exec bpf debug`. [Default: Off].'
+                pattern: ^(?i)(Off|Info|Debug)?$
+                type: string
+              bpfMapSizeConntrack:
+                description: 'BPFMapSizeConntrack sets the size for the conntrack
+                  map.  This map must be large enough to hold an entry for each active
+                  connection.  Warning: changing the size of the conntrack map can
+                  cause disruption.'
+                type: integer
+              bpfMapSizeIPSets:
+                description: BPFMapSizeIPSets sets the size for ipsets map.  The IP
+                  sets map must be large enough to hold an entry for each endpoint
+                  matched by every selector in the source/destination matches in network
+                  policy.  Selectors such as "all()" can result in large numbers of
+                  entries (one entry per endpoint in that case).
+                type: integer
+              bpfMapSizeIfState:
+                description: BPFMapSizeIfState sets the size for ifstate map.  The
+                  ifstate map must be large enough to hold an entry for each device
+                  (host + workloads) on a host.
+                type: integer
+              bpfMapSizeNATAffinity:
+                type: integer
+              bpfMapSizeNATBackend:
+                description: BPFMapSizeNATBackend sets the size for nat back end map.
+                  This is the total number of endpoints. This is mostly more than
+                  the size of the number of services.
+                type: integer
+              bpfMapSizeNATFrontend:
+                description: BPFMapSizeNATFrontend sets the size for nat front end
+                  map. FrontendMap should be large enough to hold an entry for each
+                  nodeport, external IP and each port in each service.
+                type: integer
+              bpfMapSizeRoute:
+                description: BPFMapSizeRoute sets the size for the routes map.  The
+                  routes map should be large enough to hold one entry per workload
+                  and a handful of entries per host (enough to cover its own IPs and
+                  tunnel IPs).
+                type: integer
+              bpfPSNATPorts:
+                anyOf:
+                - type: integer
+                - type: string
+                description: 'BPFPSNATPorts sets the range from which we randomly
+                  pick a port if there is a source port collision. This should be
+                  within the ephemeral range as defined by RFC 6056 (1024–65535) and
+                  preferably outside the  ephemeral ranges used by common operating
+                  systems. Linux uses 32768–60999, while others mostly use the IANA
+                  defined range 49152–65535. It is not necessarily a problem if this
+                  range overlaps with the operating systems. Both ends of the range
+                  are inclusive. [Default: 20000:29999]'
+                pattern: ^.*
+                x-kubernetes-int-or-string: true
+              bpfPolicyDebugEnabled:
+                description: BPFPolicyDebugEnabled when true, Felix records detailed
+                  information about the BPF policy programs, which can be examined
+                  with the calico-bpf command-line tool.
+                type: boolean
+              chainInsertMode:
+                description: 'ChainInsertMode controls whether Felix hooks the kernel''s
+                  top-level iptables chains by inserting a rule at the top of the
+                  chain or by appending a rule at the bottom. insert is the safe default
+                  since it prevents Calico''s rules from being bypassed. If you switch
+                  to append mode, be sure that the other rules in the chains signal
+                  acceptance by falling through to the Calico rules, otherwise the
+                  Calico policy will be bypassed. [Default: insert]'
+                pattern: ^(?i)(insert|append)?$
+                type: string
+              dataplaneDriver:
+                description: DataplaneDriver filename of the external dataplane driver
+                  to use.  Only used if UseInternalDataplaneDriver is set to false.
+                type: string
+              dataplaneWatchdogTimeout:
+                description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
+                  used for Felix's (internal) dataplane driver. Increase this value
+                  if you experience spurious non-ready or non-live events when Felix
+                  is under heavy load. Decrease the value to get felix to report non-live
+                  or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
+                  by the generic HealthTimeoutOverrides."
+                type: string
+              debugDisableLogDropping:
+                type: boolean
+              debugMemoryProfilePath:
+                type: string
+              debugSimulateCalcGraphHangAfter:
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              debugSimulateDataplaneHangAfter:
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              defaultEndpointToHostAction:
+                description: 'DefaultEndpointToHostAction controls what happens to
+                  traffic that goes from a workload endpoint to the host itself (after
+                  the traffic hits the endpoint egress policy). By default Calico
+                  blocks traffic from workload endpoints to the host itself with an
+                  iptables "DROP" action. If you want to allow some or all traffic
+                  from endpoint to host, set this parameter to RETURN or ACCEPT. Use
+                  RETURN if you have your own rules in the iptables "INPUT" chain;
+                  Calico will insert its rules at the top of that chain, then "RETURN"
+                  packets to the "INPUT" chain once it has completed processing workload
+                  endpoint egress policy. Use ACCEPT to unconditionally accept packets
+                  from workloads after processing workload endpoint egress policy.
+                  [Default: Drop]'
+                pattern: ^(?i)(Drop|Accept|Return)?$
+                type: string
+              deviceRouteProtocol:
+                description: This defines the route protocol added to programmed device
+                  routes, by default this will be RTPROT_BOOT when left blank.
+                type: integer
+              deviceRouteSourceAddress:
+                description: This is the IPv4 source address to use on programmed
+                  device routes. By default the source address is left blank, leaving
+                  the kernel to choose the source address used.
+                type: string
+              deviceRouteSourceAddressIPv6:
+                description: This is the IPv6 source address to use on programmed
+                  device routes. By default the source address is left blank, leaving
+                  the kernel to choose the source address used.
+                type: string
+              disableConntrackInvalidCheck:
+                type: boolean
+              endpointReportingDelay:
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              endpointReportingEnabled:
+                type: boolean
+              externalNodesList:
+                description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes
+                  which may source tunnel traffic and have the tunneled traffic be
+                  accepted at calico nodes.
+                items:
+                  type: string
+                type: array
+              failsafeInboundHostPorts:
+                description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports
+                  and CIDRs that Felix will allow incoming traffic to host endpoints
+                  on irrespective of the security policy. This is useful to avoid
+                  accidentally cutting off a host with incorrect configuration. For
+                  back-compatibility, if the protocol is not specified, it defaults
+                  to "tcp". If a CIDR is not specified, it will allow traffic from
+                  all addresses. To disable all inbound host ports, use the value
+                  none. The default value allows ssh access and DHCP. [Default: tcp:22,
+                  udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]'
+                items:
+                  description: ProtoPort is combination of protocol, port, and CIDR.
+                    Protocol and port must be specified.
+                  properties:
+                    net:
+                      type: string
+                    port:
+                      type: integer
+                    protocol:
+                      type: string
+                  required:
+                  - port
+                  - protocol
+                  type: object
+                type: array
+              failsafeOutboundHostPorts:
+                description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports
+                  and CIDRs that Felix will allow outgoing traffic from host endpoints
+                  to irrespective of the security policy. This is useful to avoid
+                  accidentally cutting off a host with incorrect configuration. For
+                  back-compatibility, if the protocol is not specified, it defaults
+                  to "tcp". If a CIDR is not specified, it will allow traffic from
+                  all addresses. To disable all outbound host ports, use the value
+                  none. The default value opens etcd''s standard ports to ensure that
+                  Felix does not get cut off from etcd as well as allowing DHCP and
+                  DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666,
+                  tcp:6667, udp:53, udp:67]'
+                items:
+                  description: ProtoPort is combination of protocol, port, and CIDR.
+                    Protocol and port must be specified.
+                  properties:
+                    net:
+                      type: string
+                    port:
+                      type: integer
+                    protocol:
+                      type: string
+                  required:
+                  - port
+                  - protocol
+                  type: object
+                type: array
+              featureDetectOverride:
+                description: FeatureDetectOverride is used to override feature detection
+                  based on auto-detected platform capabilities.  Values are specified
+                  in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=".  "true"
+                  or "false" will force the feature, empty or omitted values are auto-detected.
+                pattern: ^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$
+                type: string
+              featureGates:
+                description: FeatureGates is used to enable or disable tech-preview
+                  Calico features. Values are specified in a comma separated list
+                  with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
+                  This is used to enable features that are not fully production ready.
+                pattern: ^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$
+                type: string
+              floatingIPs:
+                description: FloatingIPs configures whether or not Felix will program
+                  non-OpenStack floating IP addresses.  (OpenStack-derived floating
+                  IPs are always programmed, regardless of this setting.)
+                enum:
+                - Enabled
+                - Disabled
+                type: string
+              genericXDPEnabled:
+                description: 'GenericXDPEnabled enables Generic XDP so network cards
+                  that don''t support XDP offload or driver modes can use XDP. This
+                  is not recommended since it doesn''t provide better performance
+                  than iptables. [Default: false]'
+                type: boolean
+              healthEnabled:
+                type: boolean
+              healthHost:
+                type: string
+              healthPort:
+                type: integer
+              healthTimeoutOverrides:
+                description: HealthTimeoutOverrides allows the internal watchdog timeouts
+                  of individual subcomponents to be overridden.  This is useful for
+                  working around "false positive" liveness timeouts that can occur
+                  in particularly stressful workloads or if CPU is constrained.  For
+                  a list of active subcomponents, see Felix's logs.
+                items:
+                  properties:
+                    name:
+                      type: string
+                    timeout:
+                      type: string
+                  required:
+                  - name
+                  - timeout
+                  type: object
+                type: array
+              interfaceExclude:
+                description: 'InterfaceExclude is a comma-separated list of interfaces
+                  that Felix should exclude when monitoring for host endpoints. The
+                  default value ensures that Felix ignores Kubernetes'' IPVS dummy
+                  interface, which is used internally by kube-proxy. If you want to
+                  exclude multiple interface names using a single value, the list
+                  supports regular expressions. For regular expressions you must wrap
+                  the value with ''/''. For example having values ''/^kube/,veth1''
+                  will exclude all interfaces that begin with ''kube'' and also the
+                  interface ''veth1''. [Default: kube-ipvs0]'
+                type: string
+              interfacePrefix:
+                description: 'InterfacePrefix is the interface name prefix that identifies
+                  workload endpoints and so distinguishes them from host endpoint
+                  interfaces. Note: in environments other than bare metal, the orchestrators
+                  configure this appropriately. For example our Kubernetes and Docker
+                  integrations set the ''cali'' value, and our OpenStack integration
+                  sets the ''tap'' value. [Default: cali]'
+                type: string
+              interfaceRefreshInterval:
+                description: InterfaceRefreshInterval is the period at which Felix
+                  rescans local interfaces to verify their state. The rescan can be
+                  disabled by setting the interval to 0.
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              ipipEnabled:
+                description: 'IPIPEnabled overrides whether Felix should configure
+                  an IPIP interface on the host. Optional as Felix determines this
+                  based on the existing IP pools. [Default: nil (unset)]'
+                type: boolean
+              ipipMTU:
+                description: 'IPIPMTU is the MTU to set on the tunnel device. See
+                  Configuring MTU [Default: 1440]'
+                type: integer
+              ipsetsRefreshInterval:
+                description: 'IpsetsRefreshInterval is the period at which Felix re-checks
+                  all iptables state to ensure that no other process has accidentally
+                  broken Calico''s rules. Set to 0 to disable iptables refresh. [Default:
+                  90s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              iptablesBackend:
+                description: IptablesBackend specifies which backend of iptables will
+                  be used. The default is Auto.
+                pattern: ^(?i)(Auto|FelixConfiguration|FelixConfigurationList|Legacy|NFT)?$
+                type: string
+              iptablesFilterAllowAction:
+                pattern: ^(?i)(Accept|Return)?$
+                type: string
+              iptablesFilterDenyAction:
+                description: IptablesFilterDenyAction controls what happens to traffic
+                  that is denied by network policy. By default Calico blocks traffic
+                  with an iptables "DROP" action. If you want to use "REJECT" action
+                  instead you can configure it in here.
+                pattern: ^(?i)(Drop|Reject)?$
+                type: string
+              iptablesLockFilePath:
+                description: 'IptablesLockFilePath is the location of the iptables
+                  lock file. You may need to change this if the lock file is not in
+                  its standard location (for example if you have mapped it into Felix''s
+                  container at a different path). [Default: /run/xtables.lock]'
+                type: string
+              iptablesLockProbeInterval:
+                description: 'IptablesLockProbeInterval is the time that Felix will
+                  wait between attempts to acquire the iptables lock if it is not
+                  available. Lower values make Felix more responsive when the lock
+                  is contended, but use more CPU. [Default: 50ms]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              iptablesLockTimeout:
+                description: 'IptablesLockTimeout is the time that Felix will wait
+                  for the iptables lock, or 0, to disable. To use this feature, Felix
+                  must share the iptables lock file with all other processes that
+                  also take the lock. When running Felix inside a container, this
+                  requires the /run directory of the host to be mounted into the calico/node
+                  or calico/felix container. [Default: 0s disabled]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              iptablesMangleAllowAction:
+                pattern: ^(?i)(Accept|Return)?$
+                type: string
+              iptablesMarkMask:
+                description: 'IptablesMarkMask is the mask that Felix selects its
+                  IPTables Mark bits from. Should be a 32 bit hexadecimal number with
+                  at least 8 bits set, none of which clash with any other mark bits
+                  in use on the system. [Default: 0xff000000]'
+                format: int32
+                type: integer
+              iptablesNATOutgoingInterfaceFilter:
+                type: string
+              iptablesPostWriteCheckInterval:
+                description: 'IptablesPostWriteCheckInterval is the period after Felix
+                  has done a write to the dataplane that it schedules an extra read
+                  back in order to check the write was not clobbered by another process.
+                  This should only occur if another application on the system doesn''t
+                  respect the iptables lock. [Default: 1s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              iptablesRefreshInterval:
+                description: 'IptablesRefreshInterval is the period at which Felix
+                  re-checks the IP sets in the dataplane to ensure that no other process
+                  has accidentally broken Calico''s rules. Set to 0 to disable IP
+                  sets refresh. Note: the default for this value is lower than the
+                  other refresh intervals as a workaround for a Linux kernel bug that
+                  was fixed in kernel version 4.11. If you are using v4.11 or greater
+                  you may want to set this to, a higher value to reduce Felix CPU
+                  usage. [Default: 10s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              ipv6Support:
+                description: IPv6Support controls whether Felix enables support for
+                  IPv6 (if supported by the in-use dataplane).
+                type: boolean
+              kubeNodePortRanges:
+                description: 'KubeNodePortRanges holds list of port ranges used for
+                  service node ports. Only used if felix detects kube-proxy running
+                  in ipvs mode. Felix uses these ranges to separate host and workload
+                  traffic. [Default: 30000:32767].'
+                items:
+                  anyOf:
+                  - type: integer
+                  - type: string
+                  pattern: ^.*
+                  x-kubernetes-int-or-string: true
+                type: array
+              logDebugFilenameRegex:
+                description: LogDebugFilenameRegex controls which source code files
+                  have their Debug log output included in the logs. Only logs from
+                  files with names that match the given regular expression are included.  The
+                  filter only applies to Debug level logs.
+                type: string
+              logFilePath:
+                description: 'LogFilePath is the full path to the Felix log. Set to
+                  none to disable file logging. [Default: /var/log/calico/felix.log]'
+                type: string
+              logPrefix:
+                description: 'LogPrefix is the log prefix that Felix uses when rendering
+                  LOG rules. [Default: calico-packet]'
+                type: string
+              logSeverityFile:
+                description: 'LogSeverityFile is the log severity above which logs
+                  are sent to the log file. [Default: Info]'
+                pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
+                type: string
+              logSeverityScreen:
+                description: 'LogSeverityScreen is the log severity above which logs
+                  are sent to the stdout. [Default: Info]'
+                pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
+                type: string
+              logSeveritySys:
+                description: 'LogSeveritySys is the log severity above which logs
+                  are sent to the syslog. Set to None for no logging to syslog. [Default:
+                  Info]'
+                pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
+                type: string
+              maxIpsetSize:
+                type: integer
+              metadataAddr:
+                description: 'MetadataAddr is the IP address or domain name of the
+                  server that can answer VM queries for cloud-init metadata. In OpenStack,
+                  this corresponds to the machine running nova-api (or in Ubuntu,
+                  nova-api-metadata). A value of none (case insensitive) means that
+                  Felix should not set up any NAT rule for the metadata path. [Default:
+                  127.0.0.1]'
+                type: string
+              metadataPort:
+                description: 'MetadataPort is the port of the metadata server. This,
+                  combined with global.MetadataAddr (if not ''None''), is used to
+                  set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort.
+                  In most cases this should not need to be changed [Default: 8775].'
+                type: integer
+              mtuIfacePattern:
+                description: MTUIfacePattern is a regular expression that controls
+                  which interfaces Felix should scan in order to calculate the host's
+                  MTU. This should not match workload interfaces (usually named cali...).
+                type: string
+              natOutgoingAddress:
+                description: NATOutgoingAddress specifies an address to use when performing
+                  source NAT for traffic in a natOutgoing pool that is leaving the
+                  network. By default the address used is an address on the interface
+                  the traffic is leaving on (ie it uses the iptables MASQUERADE target)
+                type: string
+              natPortRange:
+                anyOf:
+                - type: integer
+                - type: string
+                description: NATPortRange specifies the range of ports that is used
+                  for port mapping when doing outgoing NAT. When unset the default
+                  behavior of the network stack is used.
+                pattern: ^.*
+                x-kubernetes-int-or-string: true
+              netlinkTimeout:
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              openstackRegion:
+                description: 'OpenstackRegion is the name of the region that a particular
+                  Felix belongs to. In a multi-region Calico/OpenStack deployment,
+                  this must be configured somehow for each Felix (here in the datamodel,
+                  or in felix.cfg or the environment on each compute node), and must
+                  match the [calico] openstack_region value configured in neutron.conf
+                  on each node. [Default: Empty]'
+                type: string
+              policySyncPathPrefix:
+                description: 'PolicySyncPathPrefix is used to by Felix to communicate
+                  policy changes to external services, like Application layer policy.
+                  [Default: Empty]'
+                type: string
+              prometheusGoMetricsEnabled:
+                description: 'PrometheusGoMetricsEnabled disables Go runtime metrics
+                  collection, which the Prometheus client does by default, when set
+                  to false. This reduces the number of metrics reported, reducing
+                  Prometheus load. [Default: true]'
+                type: boolean
+              prometheusMetricsEnabled:
+                description: 'PrometheusMetricsEnabled enables the Prometheus metrics
+                  server in Felix if set to true. [Default: false]'
+                type: boolean
+              prometheusMetricsHost:
+                description: 'PrometheusMetricsHost is the host that the Prometheus
+                  metrics server should bind to. [Default: empty]'
+                type: string
+              prometheusMetricsPort:
+                description: 'PrometheusMetricsPort is the TCP port that the Prometheus
+                  metrics server should bind to. [Default: 9091]'
+                type: integer
+              prometheusProcessMetricsEnabled:
+                description: 'PrometheusProcessMetricsEnabled disables process metrics
+                  collection, which the Prometheus client does by default, when set
+                  to false. This reduces the number of metrics reported, reducing
+                  Prometheus load. [Default: true]'
+                type: boolean
+              prometheusWireGuardMetricsEnabled:
+                description: 'PrometheusWireGuardMetricsEnabled disables wireguard
+                  metrics collection, which the Prometheus client does by default,
+                  when set to false. This reduces the number of metrics reported,
+                  reducing Prometheus load. [Default: true]'
+                type: boolean
+              removeExternalRoutes:
+                description: Whether or not to remove device routes that have not
+                  been programmed by Felix. Disabling this will allow external applications
+                  to also add device routes. This is enabled by default which means
+                  we will remove externally added routes.
+                type: boolean
+              reportingInterval:
+                description: 'ReportingInterval is the interval at which Felix reports
+                  its status into the datastore or 0 to disable. Must be non-zero
+                  in OpenStack deployments. [Default: 30s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              reportingTTL:
+                description: 'ReportingTTL is the time-to-live setting for process-wide
+                  status reports. [Default: 90s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              routeRefreshInterval:
+                description: 'RouteRefreshInterval is the period at which Felix re-checks
+                  the routes in the dataplane to ensure that no other process has
+                  accidentally broken Calico''s rules. Set to 0 to disable route refresh.
+                  [Default: 90s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              routeSource:
+                description: 'RouteSource configures where Felix gets its routing
+                  information. - WorkloadIPs: use workload endpoints to construct
+                  routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
+                pattern: ^(?i)(WorkloadIPs|CalicoIPAM)?$
+                type: string
+              routeSyncDisabled:
+                description: RouteSyncDisabled will disable all operations performed
+                  on the route table. Set to true to run in network-policy mode only.
+                type: boolean
+              routeTableRange:
+                description: Deprecated in favor of RouteTableRanges. Calico programs
+                  additional Linux route tables for various purposes. RouteTableRange
+                  specifies the indices of the route tables that Calico should use.
+                properties:
+                  max:
+                    type: integer
+                  min:
+                    type: integer
+                required:
+                - max
+                - min
+                type: object
+              routeTableRanges:
+                description: Calico programs additional Linux route tables for various
+                  purposes. RouteTableRanges specifies a set of table index ranges
+                  that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.
+                items:
+                  properties:
+                    max:
+                      type: integer
+                    min:
+                      type: integer
+                  required:
+                  - max
+                  - min
+                  type: object
+                type: array
+              serviceLoopPrevention:
+                description: 'When service IP advertisement is enabled, prevent routing
+                  loops to service IPs that are not in use, by dropping or rejecting
+                  packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled",
+                  in which case such routing loops continue to be allowed. [Default:
+                  Drop]'
+                pattern: ^(?i)(Drop|Reject|Disabled)?$
+                type: string
+              sidecarAccelerationEnabled:
+                description: 'SidecarAccelerationEnabled enables experimental sidecar
+                  acceleration [Default: false]'
+                type: boolean
+              usageReportingEnabled:
+                description: 'UsageReportingEnabled reports anonymous Calico version
+                  number and cluster size to projectcalico.org. Logs warnings returned
+                  by the usage server. For example, if a significant security vulnerability
+                  has been discovered in the version of Calico being used. [Default:
+                  true]'
+                type: boolean
+              usageReportingInitialDelay:
+                description: 'UsageReportingInitialDelay controls the minimum delay
+                  before Felix makes a report. [Default: 300s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              usageReportingInterval:
+                description: 'UsageReportingInterval controls the interval at which
+                  Felix makes reports. [Default: 86400s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              useInternalDataplaneDriver:
+                description: UseInternalDataplaneDriver, if true, Felix will use its
+                  internal dataplane programming logic.  If false, it will launch
+                  an external dataplane driver and communicate with it over protobuf.
+                type: boolean
+              vxlanEnabled:
+                description: 'VXLANEnabled overrides whether Felix should create the
+                  VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
+                  determines this based on the existing IP pools. [Default: nil (unset)]'
+                type: boolean
+              vxlanMTU:
+                description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
+                  device. See Configuring MTU [Default: 1410]'
+                type: integer
+              vxlanMTUV6:
+                description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel
+                  device. See Configuring MTU [Default: 1390]'
+                type: integer
+              vxlanPort:
+                type: integer
+              vxlanVNI:
+                type: integer
+              windowsManageFirewallRules:
+                description: 'WindowsManageFirewallRules configures whether or not
+                  Felix will program Windows Firewall rules. (to allow inbound access
+                  to its own metrics ports) [Default: Disabled]'
+                enum:
+                - Enabled
+                - Disabled
+                type: string
+              wireguardEnabled:
+                description: 'WireguardEnabled controls whether Wireguard is enabled
+                  for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network).
+                  [Default: false]'
+                type: boolean
+              wireguardEnabledV6:
+                description: 'WireguardEnabledV6 controls whether Wireguard is enabled
+                  for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network).
+                  [Default: false]'
+                type: boolean
+              wireguardHostEncryptionEnabled:
+                description: 'WireguardHostEncryptionEnabled controls whether Wireguard
+                  host-to-host encryption is enabled. [Default: false]'
+                type: boolean
+              wireguardInterfaceName:
+                description: 'WireguardInterfaceName specifies the name to use for
+                  the IPv4 Wireguard interface. [Default: wireguard.cali]'
+                type: string
+              wireguardInterfaceNameV6:
+                description: 'WireguardInterfaceNameV6 specifies the name to use for
+                  the IPv6 Wireguard interface. [Default: wg-v6.cali]'
+                type: string
+              wireguardKeepAlive:
+                description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
+                  option. Set 0 to disable. [Default: 0]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+              wireguardListeningPort:
+                description: 'WireguardListeningPort controls the listening port used
+                  by IPv4 Wireguard. [Default: 51820]'
+                type: integer
+              wireguardListeningPortV6:
+                description: 'WireguardListeningPortV6 controls the listening port
+                  used by IPv6 Wireguard. [Default: 51821]'
+                type: integer
+              wireguardMTU:
+                description: 'WireguardMTU controls the MTU on the IPv4 Wireguard
+                  interface. See Configuring MTU [Default: 1440]'
+                type: integer
+              wireguardMTUV6:
+                description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard
+                  interface. See Configuring MTU [Default: 1420]'
+                type: integer
+              wireguardRoutingRulePriority:
+                description: 'WireguardRoutingRulePriority controls the priority value
+                  to use for the Wireguard routing rule. [Default: 99]'
+                type: integer
+              workloadSourceSpoofing:
+                description: WorkloadSourceSpoofing controls whether pods can use
+                  the allowedSourcePrefixes annotation to send traffic with a source
+                  IP address that is not theirs. This is disabled by default. When
+                  set to "Any", pods can request any prefix.
+                pattern: ^(?i)(Disabled|Any)?$
+                type: string
+              xdpEnabled:
+                description: 'XDPEnabled enables XDP acceleration for suitable untracked
+                  incoming deny rules. [Default: true]'
+                type: boolean
+              xdpRefreshInterval:
+                description: 'XDPRefreshInterval is the period at which Felix re-checks
+                  all XDP state to ensure that no other process has accidentally broken
+                  Calico''s BPF maps or attached programs. Set to 0 to disable XDP
+                  refresh. [Default: 90s]'
+                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworkpolicies.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworkpolicies.yaml
new file mode 100755
index 000000000..d2b5fc4d2
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworkpolicies.yaml
@@ -0,0 +1,867 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: globalnetworkpolicies.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: GlobalNetworkPolicy
+    listKind: GlobalNetworkPolicyList
+    plural: globalnetworkpolicies
+    singular: globalnetworkpolicy
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              applyOnForward:
+                description: ApplyOnForward indicates to apply the rules in this policy
+                  on forward traffic.
+                type: boolean
+              doNotTrack:
+                description: DoNotTrack indicates whether packets matched by the rules
+                  in this policy should go through the data plane's connection tracking,
+                  such as Linux conntrack.  If True, the rules in this policy are
+                  applied before any data plane connection tracking, and packets allowed
+                  by this policy are marked as not to be tracked.
+                type: boolean
+              egress:
+                description: The ordered set of egress rules.  Each rule contains
+                  a set of packet match criteria and a corresponding action to apply.
+                items:
+                  description: "A Rule encapsulates a set of match criteria and an
+                    action.  Both selector-based security Policy and security Profiles
+                    reference rules - separated out as a list of rules for both ingress
+                    and egress packet matching. \n Each positive match criteria has
+                    a negated version, prefixed with \"Not\". All the match criteria
+                    within a rule must be satisfied for a packet to match. A single
+                    rule can contain the positive and negative version of a match
+                    and both must be satisfied for the rule to match."
+                  properties:
+                    action:
+                      type: string
+                    destination:
+                      description: Destination contains the match criteria that apply
+                        to destination entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                    http:
+                      description: HTTP contains match criteria that apply to HTTP
+                        requests.
+                      properties:
+                        methods:
+                          description: Methods is an optional field that restricts
+                            the rule to apply only to HTTP requests that use one of
+                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+                            methods are OR'd together.
+                          items:
+                            type: string
+                          type: array
+                        paths:
+                          description: 'Paths is an optional field that restricts
+                            the rule to apply to HTTP requests that use one of the
+                            listed HTTP Paths. Multiple paths are OR''d together.
+                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+                            ONLY specify either a `exact` or a `prefix` match. The
+                            validator will check for it.'
+                          items:
+                            description: 'HTTPPath specifies an HTTP path to match.
+                              It may be either of the form: exact: <path>: which matches
+                              the path exactly or prefix: <path-prefix>: which matches
+                              the path prefix'
+                            properties:
+                              exact:
+                                type: string
+                              prefix:
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    icmp:
+                      description: ICMP is an optional field that restricts the rule
+                        to apply to a specific type and code of ICMP traffic.  This
+                        should only be specified if the Protocol field is set to "ICMP"
+                        or "ICMPv6".
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    ipVersion:
+                      description: IPVersion is an optional field that restricts the
+                        rule to only match a specific IP version.
+                      type: integer
+                    metadata:
+                      description: Metadata contains additional information for this
+                        rule
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          description: Annotations is a set of key value pairs that
+                            give extra information about the rule
+                          type: object
+                      type: object
+                    notICMP:
+                      description: NotICMP is the negated version of the ICMP field.
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    notProtocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: NotProtocol is the negated version of the Protocol
+                        field.
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    protocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: "Protocol is an optional field that restricts the
+                        rule to only apply to traffic of a specific IP protocol. Required
+                        if any of the EntityRules contain Ports (because ports only
+                        apply to certain protocols). \n Must be one of these string
+                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+                        \"UDPLite\" or an integer in the range 1-255."
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    source:
+                      description: Source contains the match criteria that apply to
+                        source entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                  required:
+                  - action
+                  type: object
+                type: array
+              ingress:
+                description: The ordered set of ingress rules.  Each rule contains
+                  a set of packet match criteria and a corresponding action to apply.
+                items:
+                  description: "A Rule encapsulates a set of match criteria and an
+                    action.  Both selector-based security Policy and security Profiles
+                    reference rules - separated out as a list of rules for both ingress
+                    and egress packet matching. \n Each positive match criteria has
+                    a negated version, prefixed with \"Not\". All the match criteria
+                    within a rule must be satisfied for a packet to match. A single
+                    rule can contain the positive and negative version of a match
+                    and both must be satisfied for the rule to match."
+                  properties:
+                    action:
+                      type: string
+                    destination:
+                      description: Destination contains the match criteria that apply
+                        to destination entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                    http:
+                      description: HTTP contains match criteria that apply to HTTP
+                        requests.
+                      properties:
+                        methods:
+                          description: Methods is an optional field that restricts
+                            the rule to apply only to HTTP requests that use one of
+                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+                            methods are OR'd together.
+                          items:
+                            type: string
+                          type: array
+                        paths:
+                          description: 'Paths is an optional field that restricts
+                            the rule to apply to HTTP requests that use one of the
+                            listed HTTP Paths. Multiple paths are OR''d together.
+                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+                            ONLY specify either a `exact` or a `prefix` match. The
+                            validator will check for it.'
+                          items:
+                            description: 'HTTPPath specifies an HTTP path to match.
+                              It may be either of the form: exact: <path>: which matches
+                              the path exactly or prefix: <path-prefix>: which matches
+                              the path prefix'
+                            properties:
+                              exact:
+                                type: string
+                              prefix:
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    icmp:
+                      description: ICMP is an optional field that restricts the rule
+                        to apply to a specific type and code of ICMP traffic.  This
+                        should only be specified if the Protocol field is set to "ICMP"
+                        or "ICMPv6".
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    ipVersion:
+                      description: IPVersion is an optional field that restricts the
+                        rule to only match a specific IP version.
+                      type: integer
+                    metadata:
+                      description: Metadata contains additional information for this
+                        rule
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          description: Annotations is a set of key value pairs that
+                            give extra information about the rule
+                          type: object
+                      type: object
+                    notICMP:
+                      description: NotICMP is the negated version of the ICMP field.
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    notProtocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: NotProtocol is the negated version of the Protocol
+                        field.
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    protocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: "Protocol is an optional field that restricts the
+                        rule to only apply to traffic of a specific IP protocol. Required
+                        if any of the EntityRules contain Ports (because ports only
+                        apply to certain protocols). \n Must be one of these string
+                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+                        \"UDPLite\" or an integer in the range 1-255."
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    source:
+                      description: Source contains the match criteria that apply to
+                        source entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                  required:
+                  - action
+                  type: object
+                type: array
+              namespaceSelector:
+                description: NamespaceSelector is an optional field for an expression
+                  used to select a pod based on namespaces.
+                type: string
+              order:
+                description: Order is an optional field that specifies the order in
+                  which the policy is applied. Policies with higher "order" are applied
+                  after those with lower order.  If the order is omitted, it may be
+                  considered to be "infinite" - i.e. the policy will be applied last.  Policies
+                  with identical order will be applied in alphanumerical order based
+                  on the Policy "Name".
+                type: number
+              performanceHints:
+                description: "PerformanceHints contains a list of hints to Calico's
+                  policy engine to help process the policy more efficiently.  Hints
+                  never change the enforcement behaviour of the policy. \n Currently,
+                  the only available hint is \"AssumeNeededOnEveryNode\".  When that
+                  hint is set on a policy, Felix will act as if the policy matches
+                  a local endpoint even if it does not. This is useful for \"preloading\"
+                  any large static policies that are known to be used on every node.
+                  If the policy is _not_ used on a particular node then the work done
+                  to preload the policy (and to maintain it) is wasted."
+                items:
+                  type: string
+                type: array
+              preDNAT:
+                description: PreDNAT indicates to apply the rules in this policy before
+                  any DNAT.
+                type: boolean
+              selector:
+                description: "The selector is an expression used to pick pick out
+                  the endpoints that the policy should be applied to. \n Selector
+                  expressions follow this syntax: \n \tlabel == \"string_literal\"
+                  \ ->  comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\"
+                  \  ->  not equal; also matches if label is not present \tlabel in
+                  { \"a\", \"b\", \"c\", ... }  ->  true if the value of label X is
+                  one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\",
+                  ... }  ->  true if the value of label X is not one of \"a\", \"b\",
+                  \"c\" \thas(label_name)  -> True if that label is present \t! expr
+                  -> negation of expr \texpr && expr  -> Short-circuit and \texpr
+                  || expr  -> Short-circuit or \t( expr ) -> parens for grouping \tall()
+                  or the empty selector -> matches all endpoints. \n Label names are
+                  allowed to contain alphanumerics, -, _ and /. String literals are
+                  more permissive but they do not support escape characters. \n Examples
+                  (with made-up labels): \n \ttype == \"webserver\" && deployment
+                  == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
+                  \"dev\" \t! has(label_name)"
+                type: string
+              serviceAccountSelector:
+                description: ServiceAccountSelector is an optional field for an expression
+                  used to select a pod based on service accounts.
+                type: string
+              types:
+                description: "Types indicates whether this policy applies to ingress,
+                  or to egress, or to both.  When not explicitly specified (and so
+                  the value on creation is empty or nil), Calico defaults Types according
+                  to what Ingress and Egress rules are present in the policy.  The
+                  default is: \n - [ PolicyTypeIngress ], if there are no Egress rules
+                  (including the case where there are   also no Ingress rules) \n
+                  - [ PolicyTypeEgress ], if there are Egress rules but no Ingress
+                  rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are
+                  both Ingress and Egress rules. \n When the policy is read back again,
+                  Types will always be one of these values, never empty or nil."
+                items:
+                  description: PolicyType enumerates the possible values of the PolicySpec
+                    Types field.
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworksets.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworksets.yaml
new file mode 100755
index 000000000..f27bf7973
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_globalnetworksets.yaml
@@ -0,0 +1,52 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: globalnetworksets.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: GlobalNetworkSet
+    listKind: GlobalNetworkSetList
+    plural: globalnetworksets
+    singular: globalnetworkset
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs
+          that share labels to allow rules to refer to them via selectors.  The labels
+          of GlobalNetworkSet are not namespaced.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GlobalNetworkSetSpec contains the specification for a NetworkSet
+              resource.
+            properties:
+              nets:
+                description: The list of IP networks that belong to this set.
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_hostendpoints.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_hostendpoints.yaml
new file mode 100755
index 000000000..9f59f44fb
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_hostendpoints.yaml
@@ -0,0 +1,107 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: hostendpoints.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: HostEndpoint
+    listKind: HostEndpointList
+    plural: hostendpoints
+    singular: hostendpoint
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HostEndpointSpec contains the specification for a HostEndpoint
+              resource.
+            properties:
+              expectedIPs:
+                description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.
+                  If \"InterfaceName\" is not present, Calico will look for an interface
+                  matching any of the IPs in the list and apply policy to that. Note:
+                  \tWhen using the selector match criteria in an ingress or egress
+                  security Policy \tor Profile, Calico converts the selector into
+                  a set of IP addresses. For host \tendpoints, the ExpectedIPs field
+                  is used for that purpose. (If only the interface \tname is specified,
+                  Calico does not learn the IPs of the interface for use in match
+                  \tcriteria.)"
+                items:
+                  type: string
+                type: array
+              interfaceName:
+                description: "Either \"*\", or the name of a specific Linux interface
+                  to apply policy to; or empty.  \"*\" indicates that this HostEndpoint
+                  governs all traffic to, from or through the default network namespace
+                  of the host named by the \"Node\" field; entering and leaving that
+                  namespace via any interface, including those from/to non-host-networked
+                  local workloads. \n If InterfaceName is not \"*\", this HostEndpoint
+                  only governs traffic that enters or leaves the host through the
+                  specific interface named by InterfaceName, or - when InterfaceName
+                  is empty - through the specific interface that has one of the IPs
+                  in ExpectedIPs. Therefore, when InterfaceName is empty, at least
+                  one expected IP must be specified.  Only external interfaces (such
+                  as \"eth0\") are supported here; it isn't possible for a HostEndpoint
+                  to protect traffic through a specific local workload interface.
+                  \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints;
+                  initially just pre-DNAT policy.  Please check Calico documentation
+                  for the latest position."
+                type: string
+              node:
+                description: The node name identifying the Calico node instance.
+                type: string
+              ports:
+                description: Ports contains the endpoint's named ports, which may
+                  be referenced in security policy rules.
+                items:
+                  properties:
+                    name:
+                      type: string
+                    port:
+                      type: integer
+                    protocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                  required:
+                  - name
+                  - port
+                  - protocol
+                  type: object
+                type: array
+              profiles:
+                description: A list of identifiers of security Profile objects that
+                  apply to this endpoint. Each profile is applied in the order that
+                  they appear in this list.  Profile rules are applied after the selector-based
+                  security policy.
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamblocks.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamblocks.yaml
new file mode 100755
index 000000000..976e46a6d
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamblocks.yaml
@@ -0,0 +1,118 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamblocks.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: IPAMBlock
+    listKind: IPAMBlockList
+    plural: ipamblocks
+    singular: ipamblock
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPAMBlockSpec contains the specification for an IPAMBlock
+              resource.
+            properties:
+              affinity:
+                description: Affinity of the block, if this block has one. If set,
+                  it will be of the form "host:<hostname>". If not set, this block
+                  is not affine to a host.
+                type: string
+              allocations:
+                description: Array of allocations in-use within this block. nil entries
+                  mean the allocation is free. For non-nil entries at index i, the
+                  index is the ordinal of the allocation within this block and the
+                  value is the index of the associated attributes in the Attributes
+                  array.
+                items:
+                  type: integer
+                  # TODO: This nullable is manually added in. We should update controller-gen
+                  # to handle []*int properly itself.
+                  nullable: true
+                type: array
+              attributes:
+                description: Attributes is an array of arbitrary metadata associated
+                  with allocations in the block. To find attributes for a given allocation,
+                  use the value of the allocation's entry in the Allocations array
+                  as the index of the element in this array.
+                items:
+                  properties:
+                    handle_id:
+                      type: string
+                    secondary:
+                      additionalProperties:
+                        type: string
+                      type: object
+                  type: object
+                type: array
+              cidr:
+                description: The block's CIDR.
+                type: string
+              deleted:
+                description: Deleted is an internal boolean used to workaround a limitation
+                  in the Kubernetes API whereby deletion will not return a conflict
+                  error if the block has been updated. It should not be set manually.
+                type: boolean
+              sequenceNumber:
+                default: 0
+                description: We store a sequence number that is updated each time
+                  the block is written. Each allocation will also store the sequence
+                  number of the block at the time of its creation. When releasing
+                  an IP, passing the sequence number associated with the allocation
+                  allows us to protect against a race condition and ensure the IP
+                  hasn't been released and re-allocated since the release request.
+                format: int64
+                type: integer
+              sequenceNumberForAllocation:
+                additionalProperties:
+                  format: int64
+                  type: integer
+                description: Map of allocated ordinal within the block to sequence
+                  number of the block at the time of allocation. Kubernetes does not
+                  allow numerical keys for maps, so the key is cast to a string.
+                type: object
+              strictAffinity:
+                description: StrictAffinity on the IPAMBlock is deprecated and no
+                  longer used by the code. Use IPAMConfig StrictAffinity instead.
+                type: boolean
+              unallocated:
+                description: Unallocated is an ordered list of allocations which are
+                  free in the block.
+                items:
+                  type: integer
+                type: array
+            required:
+            - allocations
+            - attributes
+            - cidr
+            - strictAffinity
+            - unallocated
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamconfigs.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamconfigs.yaml
new file mode 100755
index 000000000..e8cf3ef64
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamconfigs.yaml
@@ -0,0 +1,57 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamconfigs.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: IPAMConfig
+    listKind: IPAMConfigList
+    plural: ipamconfigs
+    singular: ipamconfig
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPAMConfigSpec contains the specification for an IPAMConfig
+              resource.
+            properties:
+              autoAllocateBlocks:
+                type: boolean
+              maxBlocksPerHost:
+                description: MaxBlocksPerHost, if non-zero, is the max number of blocks
+                  that can be affine to each host.
+                maximum: 2147483647
+                minimum: 0
+                type: integer
+              strictAffinity:
+                type: boolean
+            required:
+            - autoAllocateBlocks
+            - strictAffinity
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamhandles.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamhandles.yaml
new file mode 100755
index 000000000..c0051dd1e
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipamhandles.yaml
@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamhandles.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: IPAMHandle
+    listKind: IPAMHandleList
+    plural: ipamhandles
+    singular: ipamhandle
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPAMHandleSpec contains the specification for an IPAMHandle
+              resource.
+            properties:
+              block:
+                additionalProperties:
+                  type: integer
+                type: object
+              deleted:
+                type: boolean
+              handleID:
+                type: string
+            required:
+            - block
+            - handleID
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ippools.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ippools.yaml
new file mode 100755
index 000000000..83311f963
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ippools.yaml
@@ -0,0 +1,108 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: ippools.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: IPPool
+    listKind: IPPoolList
+    plural: ippools
+    singular: ippool
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPPoolSpec contains the specification for an IPPool resource.
+            properties:
+              allowedUses:
+                description: AllowedUse controls what the IP pool will be used for.  If
+                  not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
+                items:
+                  type: string
+                type: array
+              blockSize:
+                description: The block size to use for IP address assignments from
+                  this pool. Defaults to 26 for IPv4 and 122 for IPv6.
+                type: integer
+              cidr:
+                description: The pool CIDR.
+                type: string
+              disableBGPExport:
+                description: 'Disable exporting routes from this IP Pool''s CIDR over
+                  BGP. [Default: false]'
+                type: boolean
+              disabled:
+                description: When disabled is true, Calico IPAM will not assign addresses
+                  from this pool.
+                type: boolean
+              ipip:
+                description: 'Deprecated: this field is only used for APIv1 backwards
+                  compatibility. Setting this field is not allowed, this field is
+                  for internal use only.'
+                properties:
+                  enabled:
+                    description: When enabled is true, ipip tunneling will be used
+                      to deliver packets to destinations within this pool.
+                    type: boolean
+                  mode:
+                    description: The IPIP mode.  This can be one of "always" or "cross-subnet".  A
+                      mode of "always" will also use IPIP tunneling for routing to
+                      destination IP addresses within this pool.  A mode of "cross-subnet"
+                      will only use IPIP tunneling when the destination node is on
+                      a different subnet to the originating node.  The default value
+                      (if not specified) is "always".
+                    type: string
+                type: object
+              ipipMode:
+                description: Contains configuration for IPIP tunneling for this pool.
+                  If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling
+                  is disabled).
+                type: string
+              nat-outgoing:
+                description: 'Deprecated: this field is only used for APIv1 backwards
+                  compatibility. Setting this field is not allowed, this field is
+                  for internal use only.'
+                type: boolean
+              natOutgoing:
+                description: When natOutgoing is true, packets sent from Calico networked
+                  containers in this pool to destinations outside of this pool will
+                  be masqueraded.
+                type: boolean
+              nodeSelector:
+                description: Allows IPPool to allocate for a specific node by label
+                  selector.
+                type: string
+              vxlanMode:
+                description: Contains configuration for VXLAN tunneling for this pool.
+                  If not specified, then this is defaulted to "Never" (i.e. VXLAN
+                  tunneling is disabled).
+                type: string
+            required:
+            - cidr
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipreservations.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipreservations.yaml
new file mode 100755
index 000000000..0108a3c11
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_ipreservations.yaml
@@ -0,0 +1,53 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: ipreservations.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: IPReservation
+    listKind: IPReservationList
+    plural: ipreservations
+    singular: ipreservation
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPReservationSpec contains the specification for an IPReservation
+              resource.
+            properties:
+              reservedCIDRs:
+                description: ReservedCIDRs is a list of CIDRs and/or IP addresses
+                  that Calico IPAM will exclude from new allocations.
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_kubecontrollersconfigurations.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_kubecontrollersconfigurations.yaml
new file mode 100755
index 000000000..504de3e39
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_kubecontrollersconfigurations.yaml
@@ -0,0 +1,252 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: kubecontrollersconfigurations.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: KubeControllersConfiguration
+    listKind: KubeControllersConfigurationList
+    plural: kubecontrollersconfigurations
+    singular: kubecontrollersconfiguration
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeControllersConfigurationSpec contains the values of the
+              Kubernetes controllers configuration.
+            properties:
+              controllers:
+                description: Controllers enables and configures individual Kubernetes
+                  controllers
+                properties:
+                  namespace:
+                    description: Namespace enables and configures the namespace controller.
+                      Enabled by default, set to nil to disable.
+                    properties:
+                      reconcilerPeriod:
+                        description: 'ReconcilerPeriod is the period to perform reconciliation
+                          with the Calico datastore. [Default: 5m]'
+                        type: string
+                    type: object
+                  node:
+                    description: Node enables and configures the node controller.
+                      Enabled by default, set to nil to disable.
+                    properties:
+                      hostEndpoint:
+                        description: HostEndpoint controls syncing nodes to host endpoints.
+                          Disabled by default, set to nil to disable.
+                        properties:
+                          autoCreate:
+                            description: 'AutoCreate enables automatic creation of
+                              host endpoints for every node. [Default: Disabled]'
+                            type: string
+                        type: object
+                      leakGracePeriod:
+                        description: 'LeakGracePeriod is the period used by the controller
+                          to determine if an IP address has been leaked. Set to 0
+                          to disable IP garbage collection. [Default: 15m]'
+                        type: string
+                      reconcilerPeriod:
+                        description: 'ReconcilerPeriod is the period to perform reconciliation
+                          with the Calico datastore. [Default: 5m]'
+                        type: string
+                      syncLabels:
+                        description: 'SyncLabels controls whether to copy Kubernetes
+                          node labels to Calico nodes. [Default: Enabled]'
+                        type: string
+                    type: object
+                  policy:
+                    description: Policy enables and configures the policy controller.
+                      Enabled by default, set to nil to disable.
+                    properties:
+                      reconcilerPeriod:
+                        description: 'ReconcilerPeriod is the period to perform reconciliation
+                          with the Calico datastore. [Default: 5m]'
+                        type: string
+                    type: object
+                  serviceAccount:
+                    description: ServiceAccount enables and configures the service
+                      account controller. Enabled by default, set to nil to disable.
+                    properties:
+                      reconcilerPeriod:
+                        description: 'ReconcilerPeriod is the period to perform reconciliation
+                          with the Calico datastore. [Default: 5m]'
+                        type: string
+                    type: object
+                  workloadEndpoint:
+                    description: WorkloadEndpoint enables and configures the workload
+                      endpoint controller. Enabled by default, set to nil to disable.
+                    properties:
+                      reconcilerPeriod:
+                        description: 'ReconcilerPeriod is the period to perform reconciliation
+                          with the Calico datastore. [Default: 5m]'
+                        type: string
+                    type: object
+                type: object
+              debugProfilePort:
+                description: DebugProfilePort configures the port to serve memory
+                  and cpu profiles on. If not specified, profiling is disabled.
+                format: int32
+                type: integer
+              etcdV3CompactionPeriod:
+                description: 'EtcdV3CompactionPeriod is the period between etcdv3
+                  compaction requests. Set to 0 to disable. [Default: 10m]'
+                type: string
+              healthChecks:
+                description: 'HealthChecks enables or disables support for health
+                  checks [Default: Enabled]'
+                type: string
+              logSeverityScreen:
+                description: 'LogSeverityScreen is the log severity above which logs
+                  are sent to the stdout. [Default: Info]'
+                type: string
+              prometheusMetricsPort:
+                description: 'PrometheusMetricsPort is the TCP port that the Prometheus
+                  metrics server should bind to. Set to 0 to disable. [Default: 9094]'
+                type: integer
+            required:
+            - controllers
+            type: object
+          status:
+            description: KubeControllersConfigurationStatus represents the status
+              of the configuration. It's useful for admins to be able to see the actual
+              config that was applied, which can be modified by environment variables
+              on the kube-controllers process.
+            properties:
+              environmentVars:
+                additionalProperties:
+                  type: string
+                description: EnvironmentVars contains the environment variables on
+                  the kube-controllers that influenced the RunningConfig.
+                type: object
+              runningConfig:
+                description: RunningConfig contains the effective config that is running
+                  in the kube-controllers pod, after merging the API resource with
+                  any environment variables.
+                properties:
+                  controllers:
+                    description: Controllers enables and configures individual Kubernetes
+                      controllers
+                    properties:
+                      namespace:
+                        description: Namespace enables and configures the namespace
+                          controller. Enabled by default, set to nil to disable.
+                        properties:
+                          reconcilerPeriod:
+                            description: 'ReconcilerPeriod is the period to perform
+                              reconciliation with the Calico datastore. [Default:
+                              5m]'
+                            type: string
+                        type: object
+                      node:
+                        description: Node enables and configures the node controller.
+                          Enabled by default, set to nil to disable.
+                        properties:
+                          hostEndpoint:
+                            description: HostEndpoint controls syncing nodes to host
+                              endpoints. Disabled by default, set to nil to disable.
+                            properties:
+                              autoCreate:
+                                description: 'AutoCreate enables automatic creation
+                                  of host endpoints for every node. [Default: Disabled]'
+                                type: string
+                            type: object
+                          leakGracePeriod:
+                            description: 'LeakGracePeriod is the period used by the
+                              controller to determine if an IP address has been leaked.
+                              Set to 0 to disable IP garbage collection. [Default:
+                              15m]'
+                            type: string
+                          reconcilerPeriod:
+                            description: 'ReconcilerPeriod is the period to perform
+                              reconciliation with the Calico datastore. [Default:
+                              5m]'
+                            type: string
+                          syncLabels:
+                            description: 'SyncLabels controls whether to copy Kubernetes
+                              node labels to Calico nodes. [Default: Enabled]'
+                            type: string
+                        type: object
+                      policy:
+                        description: Policy enables and configures the policy controller.
+                          Enabled by default, set to nil to disable.
+                        properties:
+                          reconcilerPeriod:
+                            description: 'ReconcilerPeriod is the period to perform
+                              reconciliation with the Calico datastore. [Default:
+                              5m]'
+                            type: string
+                        type: object
+                      serviceAccount:
+                        description: ServiceAccount enables and configures the service
+                          account controller. Enabled by default, set to nil to disable.
+                        properties:
+                          reconcilerPeriod:
+                            description: 'ReconcilerPeriod is the period to perform
+                              reconciliation with the Calico datastore. [Default:
+                              5m]'
+                            type: string
+                        type: object
+                      workloadEndpoint:
+                        description: WorkloadEndpoint enables and configures the workload
+                          endpoint controller. Enabled by default, set to nil to disable.
+                        properties:
+                          reconcilerPeriod:
+                            description: 'ReconcilerPeriod is the period to perform
+                              reconciliation with the Calico datastore. [Default:
+                              5m]'
+                            type: string
+                        type: object
+                    type: object
+                  debugProfilePort:
+                    description: DebugProfilePort configures the port to serve memory
+                      and cpu profiles on. If not specified, profiling is disabled.
+                    format: int32
+                    type: integer
+                  etcdV3CompactionPeriod:
+                    description: 'EtcdV3CompactionPeriod is the period between etcdv3
+                      compaction requests. Set to 0 to disable. [Default: 10m]'
+                    type: string
+                  healthChecks:
+                    description: 'HealthChecks enables or disables support for health
+                      checks [Default: Enabled]'
+                    type: string
+                  logSeverityScreen:
+                    description: 'LogSeverityScreen is the log severity above which
+                      logs are sent to the stdout. [Default: Info]'
+                    type: string
+                  prometheusMetricsPort:
+                    description: 'PrometheusMetricsPort is the TCP port that the Prometheus
+                      metrics server should bind to. Set to 0 to disable. [Default:
+                      9094]'
+                    type: integer
+                required:
+                - controllers
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networkpolicies.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networkpolicies.yaml
new file mode 100755
index 000000000..d9a399980
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networkpolicies.yaml
@@ -0,0 +1,848 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: networkpolicies.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: NetworkPolicy
+    listKind: NetworkPolicyList
+    plural: networkpolicies
+    singular: networkpolicy
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              egress:
+                description: The ordered set of egress rules.  Each rule contains
+                  a set of packet match criteria and a corresponding action to apply.
+                items:
+                  description: "A Rule encapsulates a set of match criteria and an
+                    action.  Both selector-based security Policy and security Profiles
+                    reference rules - separated out as a list of rules for both ingress
+                    and egress packet matching. \n Each positive match criteria has
+                    a negated version, prefixed with \"Not\". All the match criteria
+                    within a rule must be satisfied for a packet to match. A single
+                    rule can contain the positive and negative version of a match
+                    and both must be satisfied for the rule to match."
+                  properties:
+                    action:
+                      type: string
+                    destination:
+                      description: Destination contains the match criteria that apply
+                        to destination entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                    http:
+                      description: HTTP contains match criteria that apply to HTTP
+                        requests.
+                      properties:
+                        methods:
+                          description: Methods is an optional field that restricts
+                            the rule to apply only to HTTP requests that use one of
+                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+                            methods are OR'd together.
+                          items:
+                            type: string
+                          type: array
+                        paths:
+                          description: 'Paths is an optional field that restricts
+                            the rule to apply to HTTP requests that use one of the
+                            listed HTTP Paths. Multiple paths are OR''d together.
+                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+                            ONLY specify either a `exact` or a `prefix` match. The
+                            validator will check for it.'
+                          items:
+                            description: 'HTTPPath specifies an HTTP path to match.
+                              It may be either of the form: exact: <path>: which matches
+                              the path exactly or prefix: <path-prefix>: which matches
+                              the path prefix'
+                            properties:
+                              exact:
+                                type: string
+                              prefix:
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    icmp:
+                      description: ICMP is an optional field that restricts the rule
+                        to apply to a specific type and code of ICMP traffic.  This
+                        should only be specified if the Protocol field is set to "ICMP"
+                        or "ICMPv6".
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    ipVersion:
+                      description: IPVersion is an optional field that restricts the
+                        rule to only match a specific IP version.
+                      type: integer
+                    metadata:
+                      description: Metadata contains additional information for this
+                        rule
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          description: Annotations is a set of key value pairs that
+                            give extra information about the rule
+                          type: object
+                      type: object
+                    notICMP:
+                      description: NotICMP is the negated version of the ICMP field.
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    notProtocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: NotProtocol is the negated version of the Protocol
+                        field.
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    protocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: "Protocol is an optional field that restricts the
+                        rule to only apply to traffic of a specific IP protocol. Required
+                        if any of the EntityRules contain Ports (because ports only
+                        apply to certain protocols). \n Must be one of these string
+                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+                        \"UDPLite\" or an integer in the range 1-255."
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    source:
+                      description: Source contains the match criteria that apply to
+                        source entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                  required:
+                  - action
+                  type: object
+                type: array
+              ingress:
+                description: The ordered set of ingress rules.  Each rule contains
+                  a set of packet match criteria and a corresponding action to apply.
+                items:
+                  description: "A Rule encapsulates a set of match criteria and an
+                    action.  Both selector-based security Policy and security Profiles
+                    reference rules - separated out as a list of rules for both ingress
+                    and egress packet matching. \n Each positive match criteria has
+                    a negated version, prefixed with \"Not\". All the match criteria
+                    within a rule must be satisfied for a packet to match. A single
+                    rule can contain the positive and negative version of a match
+                    and both must be satisfied for the rule to match."
+                  properties:
+                    action:
+                      type: string
+                    destination:
+                      description: Destination contains the match criteria that apply
+                        to destination entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                    http:
+                      description: HTTP contains match criteria that apply to HTTP
+                        requests.
+                      properties:
+                        methods:
+                          description: Methods is an optional field that restricts
+                            the rule to apply only to HTTP requests that use one of
+                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+                            methods are OR'd together.
+                          items:
+                            type: string
+                          type: array
+                        paths:
+                          description: 'Paths is an optional field that restricts
+                            the rule to apply to HTTP requests that use one of the
+                            listed HTTP Paths. Multiple paths are OR''d together.
+                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+                            ONLY specify either a `exact` or a `prefix` match. The
+                            validator will check for it.'
+                          items:
+                            description: 'HTTPPath specifies an HTTP path to match.
+                              It may be either of the form: exact: <path>: which matches
+                              the path exactly or prefix: <path-prefix>: which matches
+                              the path prefix'
+                            properties:
+                              exact:
+                                type: string
+                              prefix:
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    icmp:
+                      description: ICMP is an optional field that restricts the rule
+                        to apply to a specific type and code of ICMP traffic.  This
+                        should only be specified if the Protocol field is set to "ICMP"
+                        or "ICMPv6".
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    ipVersion:
+                      description: IPVersion is an optional field that restricts the
+                        rule to only match a specific IP version.
+                      type: integer
+                    metadata:
+                      description: Metadata contains additional information for this
+                        rule
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          description: Annotations is a set of key value pairs that
+                            give extra information about the rule
+                          type: object
+                      type: object
+                    notICMP:
+                      description: NotICMP is the negated version of the ICMP field.
+                      properties:
+                        code:
+                          description: Match on a specific ICMP code.  If specified,
+                            the Type value must also be specified. This is a technical
+                            limitation imposed by the kernel's iptables firewall,
+                            which Calico uses to enforce the rule.
+                          type: integer
+                        type:
+                          description: Match on a specific ICMP type.  For example
+                            a value of 8 refers to ICMP Echo Request (i.e. pings).
+                          type: integer
+                      type: object
+                    notProtocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: NotProtocol is the negated version of the Protocol
+                        field.
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    protocol:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      description: "Protocol is an optional field that restricts the
+                        rule to only apply to traffic of a specific IP protocol. Required
+                        if any of the EntityRules contain Ports (because ports only
+                        apply to certain protocols). \n Must be one of these string
+                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+                        \"UDPLite\" or an integer in the range 1-255."
+                      pattern: ^.*
+                      x-kubernetes-int-or-string: true
+                    source:
+                      description: Source contains the match criteria that apply to
+                        source entity.
+                      properties:
+                        namespaceSelector:
+                          description: "NamespaceSelector is an optional field that
+                            contains a selector expression. Only traffic that originates
+                            from (or terminates at) endpoints within the selected
+                            namespaces will be matched. When both NamespaceSelector
+                            and another selector are defined on the same rule, then
+                            only workload endpoints that are matched by both selectors
+                            will be selected by the rule. \n For NetworkPolicy, an
+                            empty NamespaceSelector implies that the Selector is limited
+                            to selecting only workload endpoints in the same namespace
+                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
+                            NamespaceSelector implies that the Selector is limited
+                            to selecting only GlobalNetworkSet or HostEndpoint. \n
+                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
+                            the Selector applies to workload endpoints across all
+                            namespaces."
+                          type: string
+                        nets:
+                          description: Nets is an optional field that restricts the
+                            rule to only apply to traffic that originates from (or
+                            terminates at) IP addresses in any of the given subnets.
+                          items:
+                            type: string
+                          type: array
+                        notNets:
+                          description: NotNets is the negated version of the Nets
+                            field.
+                          items:
+                            type: string
+                          type: array
+                        notPorts:
+                          description: NotPorts is the negated version of the Ports
+                            field. Since only some protocols have ports, if any ports
+                            are specified it requires the Protocol match in the Rule
+                            to be set to "TCP" or "UDP".
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        notSelector:
+                          description: NotSelector is the negated version of the Selector
+                            field.  See Selector field for subtleties with negated
+                            selectors.
+                          type: string
+                        ports:
+                          description: "Ports is an optional field that restricts
+                            the rule to only apply to traffic that has a source (destination)
+                            port that matches one of these ranges/values. This value
+                            is a list of integers or strings that represent ranges
+                            of ports. \n Since only some protocols have ports, if
+                            any ports are specified it requires the Protocol match
+                            in the Rule to be set to \"TCP\" or \"UDP\"."
+                          items:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^.*
+                            x-kubernetes-int-or-string: true
+                          type: array
+                        selector:
+                          description: "Selector is an optional field that contains
+                            a selector expression (see Policy for sample syntax).
+                            \ Only traffic that originates from (terminates at) endpoints
+                            matching the selector will be matched. \n Note that: in
+                            addition to the negated version of the Selector (see NotSelector
+                            below), the selector expression syntax itself supports
+                            negation.  The two types of negation are subtly different.
+                            One negates the set of matched endpoints, the other negates
+                            the whole match: \n \tSelector = \"!has(my_label)\" matches
+                            packets that are from other Calico-controlled \tendpoints
+                            that do not have the label \"my_label\". \n \tNotSelector
+                            = \"has(my_label)\" matches packets that are not from
+                            Calico-controlled \tendpoints that do have the label \"my_label\".
+                            \n The effect is that the latter will accept packets from
+                            non-Calico sources whereas the former is limited to packets
+                            from Calico-controlled endpoints."
+                          type: string
+                        serviceAccounts:
+                          description: ServiceAccounts is an optional field that restricts
+                            the rule to only apply to traffic that originates from
+                            (or terminates at) a pod running as a matching service
+                            account.
+                          properties:
+                            names:
+                              description: Names is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account whose name is in the list.
+                              items:
+                                type: string
+                              type: array
+                            selector:
+                              description: Selector is an optional field that restricts
+                                the rule to only apply to traffic that originates
+                                from (or terminates at) a pod running as a service
+                                account that matches the given label selector. If
+                                both Names and Selector are specified then they are
+                                AND'ed.
+                              type: string
+                          type: object
+                        services:
+                          description: "Services is an optional field that contains
+                            options for matching Kubernetes Services. If specified,
+                            only traffic that originates from or terminates at endpoints
+                            within the selected service(s) will be matched, and only
+                            to/from each endpoint's port. \n Services cannot be specified
+                            on the same rule as Selector, NotSelector, NamespaceSelector,
+                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+                            can only be specified with Services on ingress rules."
+                          properties:
+                            name:
+                              description: Name specifies the name of a Kubernetes
+                                Service to match.
+                              type: string
+                            namespace:
+                              description: Namespace specifies the namespace of the
+                                given Service. If left empty, the rule will match
+                                within this policy's namespace.
+                              type: string
+                          type: object
+                      type: object
+                  required:
+                  - action
+                  type: object
+                type: array
+              order:
+                description: Order is an optional field that specifies the order in
+                  which the policy is applied. Policies with higher "order" are applied
+                  after those with lower order.  If the order is omitted, it may be
+                  considered to be "infinite" - i.e. the policy will be applied last.  Policies
+                  with identical order will be applied in alphanumerical order based
+                  on the Policy "Name".
+                type: number
+              performanceHints:
+                description: "PerformanceHints contains a list of hints to Calico's
+                  policy engine to help process the policy more efficiently.  Hints
+                  never change the enforcement behaviour of the policy. \n Currently,
+                  the only available hint is \"AssumeNeededOnEveryNode\".  When that
+                  hint is set on a policy, Felix will act as if the policy matches
+                  a local endpoint even if it does not. This is useful for \"preloading\"
+                  any large static policies that are known to be used on every node.
+                  If the policy is _not_ used on a particular node then the work done
+                  to preload the policy (and to maintain it) is wasted."
+                items:
+                  type: string
+                type: array
+              selector:
+                description: "The selector is an expression used to pick pick out
+                  the endpoints that the policy should be applied to. \n Selector
+                  expressions follow this syntax: \n \tlabel == \"string_literal\"
+                  \ ->  comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\"
+                  \  ->  not equal; also matches if label is not present \tlabel in
+                  { \"a\", \"b\", \"c\", ... }  ->  true if the value of label X is
+                  one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\",
+                  ... }  ->  true if the value of label X is not one of \"a\", \"b\",
+                  \"c\" \thas(label_name)  -> True if that label is present \t! expr
+                  -> negation of expr \texpr && expr  -> Short-circuit and \texpr
+                  || expr  -> Short-circuit or \t( expr ) -> parens for grouping \tall()
+                  or the empty selector -> matches all endpoints. \n Label names are
+                  allowed to contain alphanumerics, -, _ and /. String literals are
+                  more permissive but they do not support escape characters. \n Examples
+                  (with made-up labels): \n \ttype == \"webserver\" && deployment
+                  == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
+                  \"dev\" \t! has(label_name)"
+                type: string
+              serviceAccountSelector:
+                description: ServiceAccountSelector is an optional field for an expression
+                  used to select a pod based on service accounts.
+                type: string
+              types:
+                description: "Types indicates whether this policy applies to ingress,
+                  or to egress, or to both.  When not explicitly specified (and so
+                  the value on creation is empty or nil), Calico defaults Types according
+                  to what Ingress and Egress are present in the policy.  The default
+                  is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including
+                  the case where there are   also no Ingress rules) \n - [ PolicyTypeEgress
+                  ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress,
+                  PolicyTypeEgress ], if there are both Ingress and Egress rules.
+                  \n When the policy is read back again, Types will always be one
+                  of these values, never empty or nil."
+                items:
+                  description: PolicyType enumerates the possible values of the PolicySpec
+                    Types field.
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networksets.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networksets.yaml
new file mode 100755
index 000000000..8f201640b
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/calico/crd.projectcalico.org_networksets.yaml
@@ -0,0 +1,50 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: networksets.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: NetworkSet
+    listKind: NetworkSetList
+    plural: networksets
+    singular: networkset
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: NetworkSetSpec contains the specification for a NetworkSet
+              resource.
+            properties:
+              nets:
+                description: The list of IP networks that belong to this set.
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_apiservers_crd.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_apiservers_crd.yaml
new file mode 100755
index 000000000..c347d5a00
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_apiservers_crd.yaml
@@ -0,0 +1,1683 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  name: apiservers.operator.tigera.io
+spec:
+  group: operator.tigera.io
+  names:
+    kind: APIServer
+    listKind: APIServerList
+    plural: apiservers
+    singular: apiserver
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: APIServer installs the Tigera API server and related resources.
+          At most one instance of this resource is supported. It must be named "default"
+          or "tigera-secure".
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the desired state for the Tigera API server.
+            properties:
+              apiServerDeployment:
+                description: APIServerDeployment configures the calico-apiserver (or
+                  tigera-apiserver in Enterprise) Deployment. If used in conjunction
+                  with ControlPlaneNodeSelector or ControlPlaneTolerations, then these
+                  overrides take precedence.
+                properties:
+                  metadata:
+                    description: Metadata is a subset of a Kubernetes object's metadata
+                      that is added to the Deployment.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: Annotations is a map of arbitrary non-identifying
+                          metadata. Each of these key/value pairs are added to the
+                          object's annotations provided the key does not already exist
+                          in the object's annotations.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: Labels is a map of string keys and values that
+                          may match replicaset and service selectors. Each of these
+                          key/value pairs are added to the object's labels provided
+                          the key does not already exist in the object's labels.
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the API server Deployment.
+                    properties:
+                      minReadySeconds:
+                        description: MinReadySeconds is the minimum number of seconds
+                          for which a newly created Deployment pod should be ready
+                          without any of its container crashing, for it to be considered
+                          available. If specified, this overrides any minReadySeconds
+                          value that may be set on the API server Deployment. If omitted,
+                          the API server Deployment will use its default value for
+                          minReadySeconds.
+                        format: int32
+                        maximum: 2147483647
+                        minimum: 0
+                        type: integer
+                      template:
+                        description: Template describes the API server Deployment
+                          pod that will be created.
+                        properties:
+                          metadata:
+                            description: Metadata is a subset of a Kubernetes object's
+                              metadata that is added to the pod's metadata.
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: Annotations is a map of arbitrary non-identifying
+                                  metadata. Each of these key/value pairs are added
+                                  to the object's annotations provided the key does
+                                  not already exist in the object's annotations.
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: Labels is a map of string keys and values
+                                  that may match replicaset and service selectors.
+                                  Each of these key/value pairs are added to the object's
+                                  labels provided the key does not already exist in
+                                  the object's labels.
+                                type: object
+                            type: object
+                          spec:
+                            description: Spec is the API server Deployment's PodSpec.
+                            properties:
+                              affinity:
+                                description: 'Affinity is a group of affinity scheduling
+                                  rules for the API server pods. If specified, this
+                                  overrides any affinity that may be set on the API
+                                  server Deployment. If omitted, the API server Deployment
+                                  will use its default value for affinity. WARNING:
+                                  Please note that this field will override the default
+                                  API server Deployment affinity.'
+                                properties:
+                                  nodeAffinity:
+                                    description: Describes node affinity scheduling
+                                      rules for the pod.
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node matches the corresponding matchExpressions;
+                                          the node(s) with the highest sum are the
+                                          most preferred.
+                                        items:
+                                          description: An empty preferred scheduling
+                                            term matches all objects with implicit
+                                            weight 0 (i.e. it's a no-op). A null preferred
+                                            scheduling term matches no objects (i.e.
+                                            is also a no-op).
+                                          properties:
+                                            preference:
+                                              description: A node selector term, associated
+                                                with the corresponding weight.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            weight:
+                                              description: Weight associated with
+                                                matching the corresponding nodeSelectorTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - preference
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to an update),
+                                          the system may or may not try to eventually
+                                          evict the pod from its node.
+                                        properties:
+                                          nodeSelectorTerms:
+                                            description: Required. A list of node
+                                              selector terms. The terms are ORed.
+                                            items:
+                                              description: A null or empty node selector
+                                                term matches no objects. The requirements
+                                                of them are ANDed. The TopologySelectorTerm
+                                                type implements a subset of the NodeSelectorTerm.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            type: array
+                                        required:
+                                        - nodeSelectorTerms
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                  podAffinity:
+                                    description: Describes pod affinity scheduling
+                                      rules (e.g. co-locate this pod in the same node,
+                                      zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node has pods which matches the corresponding
+                                          podAffinityTerm; the node(s) with the highest
+                                          sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to a pod
+                                          label update), the system may or may not
+                                          try to eventually evict the pod from its
+                                          node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                  podAntiAffinity:
+                                    description: Describes pod anti-affinity scheduling
+                                      rules (e.g. avoid putting this pod in the same
+                                      node, zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          anti-affinity expressions specified by this
+                                          field, but it may choose a node that violates
+                                          one or more of the expressions. The node
+                                          that is most preferred is the one with the
+                                          greatest sum of weights, i.e. for each node
+                                          that meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          anti-affinity expressions, etc.), compute
+                                          a sum by iterating through the elements
+                                          of this field and adding "weight" to the
+                                          sum if the node has pods which matches the
+                                          corresponding podAffinityTerm; the node(s)
+                                          with the highest sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the anti-affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the anti-affinity requirements
+                                          specified by this field cease to be met
+                                          at some point during pod execution (e.g.
+                                          due to a pod label update), the system may
+                                          or may not try to eventually evict the pod
+                                          from its node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                type: object
+                              containers:
+                                description: Containers is a list of API server containers.
+                                  If specified, this overrides the specified API server
+                                  Deployment containers. If omitted, the API server
+                                  Deployment will use its default values for its containers.
+                                items:
+                                  description: APIServerDeploymentContainer is an
+                                    API server Deployment container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the API server Deployment container by name.
+                                      enum:
+                                      - calico-apiserver
+                                      - tigera-queryserver
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named API server Deployment
+                                        container's resources. If omitted, the API
+                                        server Deployment will use its default value
+                                        for this container's resources. If used in
+                                        conjunction with the deprecated ComponentResources,
+                                        then this value takes precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              initContainers:
+                                description: InitContainers is a list of API server
+                                  init containers. If specified, this overrides the
+                                  specified API server Deployment init containers.
+                                  If omitted, the API server Deployment will use its
+                                  default values for its init containers.
+                                items:
+                                  description: APIServerDeploymentInitContainer is
+                                    an API server Deployment init container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the API server Deployment init container by
+                                        name.
+                                      enum:
+                                      - calico-apiserver-certs-key-cert-provisioner
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named API server Deployment
+                                        init container's resources. If omitted, the
+                                        API server Deployment will use its default
+                                        value for this init container's resources.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              nodeSelector:
+                                additionalProperties:
+                                  type: string
+                                description: 'NodeSelector is the API server pod''s
+                                  scheduling constraints. If specified, each of the
+                                  key/value pairs are added to the API server Deployment
+                                  nodeSelector provided the key does not already exist
+                                  in the object''s nodeSelector. If used in conjunction
+                                  with ControlPlaneNodeSelector, that nodeSelector
+                                  is set on the API server Deployment and each of
+                                  this field''s key/value pairs are added to the API
+                                  server Deployment nodeSelector provided the key
+                                  does not already exist in the object''s nodeSelector.
+                                  If omitted, the API server Deployment will use its
+                                  default value for nodeSelector. WARNING: Please
+                                  note that this field will modify the default API
+                                  server Deployment nodeSelector.'
+                                type: object
+                              tolerations:
+                                description: 'Tolerations is the API server pod''s
+                                  tolerations. If specified, this overrides any tolerations
+                                  that may be set on the API server Deployment. If
+                                  omitted, the API server Deployment will use its
+                                  default value for tolerations. WARNING: Please note
+                                  that this field will override the default API server
+                                  Deployment tolerations.'
+                                items:
+                                  description: The pod this Toleration is attached
+                                    to tolerates any taint that matches the triple
+                                    <key,value,effect> using the matching operator
+                                    <operator>.
+                                  properties:
+                                    effect:
+                                      description: Effect indicates the taint effect
+                                        to match. Empty means match all taint effects.
+                                        When specified, allowed values are NoSchedule,
+                                        PreferNoSchedule and NoExecute.
+                                      type: string
+                                    key:
+                                      description: Key is the taint key that the toleration
+                                        applies to. Empty means match all taint keys.
+                                        If the key is empty, operator must be Exists;
+                                        this combination means to match all values
+                                        and all keys.
+                                      type: string
+                                    operator:
+                                      description: Operator represents a key's relationship
+                                        to the value. Valid operators are Exists and
+                                        Equal. Defaults to Equal. Exists is equivalent
+                                        to wildcard for value, so that a pod can tolerate
+                                        all taints of a particular category.
+                                      type: string
+                                    tolerationSeconds:
+                                      description: TolerationSeconds represents the
+                                        period of time the toleration (which must
+                                        be of effect NoExecute, otherwise this field
+                                        is ignored) tolerates the taint. By default,
+                                        it is not set, which means tolerate the taint
+                                        forever (do not evict). Zero and negative
+                                        values will be treated as 0 (evict immediately)
+                                        by the system.
+                                      format: int64
+                                      type: integer
+                                    value:
+                                      description: Value is the taint value the toleration
+                                        matches to. If the operator is Exists, the
+                                        value should be empty, otherwise just a regular
+                                        string.
+                                      type: string
+                                  type: object
+                                type: array
+                              topologySpreadConstraints:
+                                description: TopologySpreadConstraints describes how
+                                  a group of pods ought to spread across topology
+                                  domains. Scheduler will schedule pods in a way which
+                                  abides by the constraints. All topologySpreadConstraints
+                                  are ANDed.
+                                items:
+                                  description: TopologySpreadConstraint specifies
+                                    how to spread matching pods among the given topology.
+                                  properties:
+                                    labelSelector:
+                                      description: LabelSelector is used to find matching
+                                        pods. Pods that match this label selector
+                                        are counted to determine the number of pods
+                                        in their corresponding topology domain.
+                                      properties:
+                                        matchExpressions:
+                                          description: matchExpressions is a list
+                                            of label selector requirements. The requirements
+                                            are ANDed.
+                                          items:
+                                            description: A label selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: key is the label key
+                                                  that the selector applies to.
+                                                type: string
+                                              operator:
+                                                description: operator represents a
+                                                  key's relationship to a set of values.
+                                                  Valid operators are In, NotIn, Exists
+                                                  and DoesNotExist.
+                                                type: string
+                                              values:
+                                                description: values is an array of
+                                                  string values. If the operator is
+                                                  In or NotIn, the values array must
+                                                  be non-empty. If the operator is
+                                                  Exists or DoesNotExist, the values
+                                                  array must be empty. This array
+                                                  is replaced during a strategic merge
+                                                  patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          description: matchLabels is a map of {key,value}
+                                            pairs. A single {key,value} in the matchLabels
+                                            map is equivalent to an element of matchExpressions,
+                                            whose key field is "key", the operator
+                                            is "In", and the values array contains
+                                            only "value". The requirements are ANDed.
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      description: MatchLabelKeys is a set of pod
+                                        label keys to select the pods over which spreading
+                                        will be calculated. The keys are used to lookup
+                                        values from the incoming pod labels, those
+                                        key-value labels are ANDed with labelSelector
+                                        to select the group of existing pods over
+                                        which spreading will be calculated for the
+                                        incoming pod. Keys that don't exist in the
+                                        incoming pod labels will be ignored. A null
+                                        or empty list means only match against labelSelector.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    maxSkew:
+                                      description: 'MaxSkew describes the degree to
+                                        which pods may be unevenly distributed. When
+                                        `whenUnsatisfiable=DoNotSchedule`, it is the
+                                        maximum permitted difference between the number
+                                        of matching pods in the target topology and
+                                        the global minimum. The global minimum is
+                                        the minimum number of matching pods in an
+                                        eligible domain or zero if the number of eligible
+                                        domains is less than MinDomains. For example,
+                                        in a 3-zone cluster, MaxSkew is set to 1,
+                                        and pods with the same labelSelector spread
+                                        as 2/2/1: In this case, the global minimum
+                                        is 1. | zone1 | zone2 | zone3 | |  P P  |  P
+                                        P  |   P   | - if MaxSkew is 1, incoming pod
+                                        can only be scheduled to zone3 to become 2/2/2;
+                                        scheduling it onto zone1(zone2) would make
+                                        the ActualSkew(3-1) on zone1(zone2) violate
+                                        MaxSkew(1). - if MaxSkew is 2, incoming pod
+                                        can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+                                        it is used to give higher precedence to topologies
+                                        that satisfy it. It''s a required field. Default
+                                        value is 1 and 0 is not allowed.'
+                                      format: int32
+                                      type: integer
+                                    minDomains:
+                                      description: "MinDomains indicates a minimum
+                                        number of eligible domains. When the number
+                                        of eligible domains with matching topology
+                                        keys is less than minDomains, Pod Topology
+                                        Spread treats \"global minimum\" as 0, and
+                                        then the calculation of Skew is performed.
+                                        And when the number of eligible domains with
+                                        matching topology keys equals or greater than
+                                        minDomains, this value has no effect on scheduling.
+                                        As a result, when the number of eligible domains
+                                        is less than minDomains, scheduler won't schedule
+                                        more than maxSkew Pods to those domains. If
+                                        value is nil, the constraint behaves as if
+                                        MinDomains is equal to 1. Valid values are
+                                        integers greater than 0. When value is not
+                                        nil, WhenUnsatisfiable must be DoNotSchedule.
+                                        \n For example, in a 3-zone cluster, MaxSkew
+                                        is set to 2, MinDomains is set to 5 and pods
+                                        with the same labelSelector spread as 2/2/2:
+                                        | zone1 | zone2 | zone3 | |  P P  |  P P  |
+                                        \ P P  | The number of domains is less than
+                                        5(MinDomains), so \"global minimum\" is treated
+                                        as 0. In this situation, new pod with the
+                                        same labelSelector cannot be scheduled, because
+                                        computed skew will be 3(3 - 0) if new Pod
+                                        is scheduled to any of the three zones, it
+                                        will violate MaxSkew. \n This is a beta field
+                                        and requires the MinDomainsInPodTopologySpread
+                                        feature gate to be enabled (enabled by default)."
+                                      format: int32
+                                      type: integer
+                                    nodeAffinityPolicy:
+                                      description: "NodeAffinityPolicy indicates how
+                                        we will treat Pod's nodeAffinity/nodeSelector
+                                        when calculating pod topology spread skew.
+                                        Options are: - Honor: only nodes matching
+                                        nodeAffinity/nodeSelector are included in
+                                        the calculations. - Ignore: nodeAffinity/nodeSelector
+                                        are ignored. All nodes are included in the
+                                        calculations. \n If this value is nil, the
+                                        behavior is equivalent to the Honor policy.
+                                        This is a beta-level feature default enabled
+                                        by the NodeInclusionPolicyInPodTopologySpread
+                                        feature flag."
+                                      type: string
+                                    nodeTaintsPolicy:
+                                      description: "NodeTaintsPolicy indicates how
+                                        we will treat node taints when calculating
+                                        pod topology spread skew. Options are: - Honor:
+                                        nodes without taints, along with tainted nodes
+                                        for which the incoming pod has a toleration,
+                                        are included. - Ignore: node taints are ignored.
+                                        All nodes are included. \n If this value is
+                                        nil, the behavior is equivalent to the Ignore
+                                        policy. This is a beta-level feature default
+                                        enabled by the NodeInclusionPolicyInPodTopologySpread
+                                        feature flag."
+                                      type: string
+                                    topologyKey:
+                                      description: TopologyKey is the key of node
+                                        labels. Nodes that have a label with this
+                                        key and identical values are considered to
+                                        be in the same topology. We consider each
+                                        <key, value> as a "bucket", and try to put
+                                        balanced number of pods into each bucket.
+                                        We define a domain as a particular instance
+                                        of a topology. Also, we define an eligible
+                                        domain as a domain whose nodes meet the requirements
+                                        of nodeAffinityPolicy and nodeTaintsPolicy.
+                                        e.g. If TopologyKey is "kubernetes.io/hostname",
+                                        each Node is a domain of that topology. And,
+                                        if TopologyKey is "topology.kubernetes.io/zone",
+                                        each zone is a domain of that topology. It's
+                                        a required field.
+                                      type: string
+                                    whenUnsatisfiable:
+                                      description: 'WhenUnsatisfiable indicates how
+                                        to deal with a pod if it doesn''t satisfy
+                                        the spread constraint. - DoNotSchedule (default)
+                                        tells the scheduler not to schedule it. -
+                                        ScheduleAnyway tells the scheduler to schedule
+                                        the pod in any location, but giving higher
+                                        precedence to topologies that would help reduce
+                                        the skew. A constraint is considered "Unsatisfiable"
+                                        for an incoming pod if and only if every possible
+                                        node assignment for that pod would violate
+                                        "MaxSkew" on some topology. For example, in
+                                        a 3-zone cluster, MaxSkew is set to 1, and
+                                        pods with the same labelSelector spread as
+                                        3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
+                                        If WhenUnsatisfiable is set to DoNotSchedule,
+                                        incoming pod can only be scheduled to zone2(zone3)
+                                        to become 3/2/1(3/1/2) as ActualSkew(2-1)
+                                        on zone2(zone3) satisfies MaxSkew(1). In other
+                                        words, the cluster can still be imbalanced,
+                                        but scheduler won''t make it *more* imbalanced.
+                                        It''s a required field.'
+                                      type: string
+                                  required:
+                                  - maxSkew
+                                  - topologyKey
+                                  - whenUnsatisfiable
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                    type: object
+                type: object
+            type: object
+          status:
+            description: Most recently observed status for the Tigera API server.
+            properties:
+              conditions:
+                description: Conditions represents the latest observed set of conditions
+                  for the component. A component may be one or more of Ready, Progressing,
+                  Degraded or other customer types.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              state:
+                description: State provides user-readable status.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_imagesets_crd.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_imagesets_crd.yaml
new file mode 100755
index 000000000..1ff5e5eb9
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_imagesets_crd.yaml
@@ -0,0 +1,69 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  name: imagesets.operator.tigera.io
+spec:
+  group: operator.tigera.io
+  names:
+    kind: ImageSet
+    listKind: ImageSetList
+    plural: imagesets
+    singular: imageset
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: ImageSet is used to specify image digests for the images that
+          the operator deploys. The name of the ImageSet is expected to be in the
+          format `<variant>-<release>`. The `variant` used is `enterprise` if the
+          InstallationSpec Variant is `TigeraSecureEnterprise` otherwise it is `calico`.
+          The `release` must match the version of the variant that the operator is
+          built to deploy, this version can be obtained by passing the `--version`
+          flag to the operator binary.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ImageSetSpec defines the desired state of ImageSet.
+            properties:
+              images:
+                description: Images is the list of images to use digests. All images
+                  that the operator will deploy must be specified.
+                items:
+                  properties:
+                    digest:
+                      description: Digest is the image identifier that will be used
+                        for the Image. The field should not include a leading `@`
+                        and must be prefixed with `sha256:`.
+                      type: string
+                    image:
+                      description: Image is an image that the operator deploys and
+                        instead of using the built in tag the operator will use the
+                        Digest for the image identifier. The value should be the image
+                        name without registry or tag or digest. For the image `docker.io/calico/node:v3.17.1`
+                        it should be represented as `calico/node`
+                      type: string
+                  required:
+                  - digest
+                  - image
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_installations_crd.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_installations_crd.yaml
new file mode 100755
index 000000000..124743ae7
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_installations_crd.yaml
@@ -0,0 +1,18764 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  name: installations.operator.tigera.io
+spec:
+  group: operator.tigera.io
+  names:
+    kind: Installation
+    listKind: InstallationList
+    plural: installations
+    singular: installation
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: Installation configures an installation of Calico or Calico Enterprise.
+          At most one instance of this resource is supported. It must be named "default".
+          The Installation API installs core networking and network policy components,
+          and provides general install-time configuration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the desired state for the Calico or Calico
+              Enterprise installation.
+            properties:
+              calicoKubeControllersDeployment:
+                description: CalicoKubeControllersDeployment configures the calico-kube-controllers
+                  Deployment. If used in conjunction with the deprecated ComponentResources,
+                  then these overrides take precedence.
+                properties:
+                  metadata:
+                    description: Metadata is a subset of a Kubernetes object's metadata
+                      that is added to the Deployment.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: Annotations is a map of arbitrary non-identifying
+                          metadata. Each of these key/value pairs are added to the
+                          object's annotations provided the key does not already exist
+                          in the object's annotations.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: Labels is a map of string keys and values that
+                          may match replicaset and service selectors. Each of these
+                          key/value pairs are added to the object's labels provided
+                          the key does not already exist in the object's labels.
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the calico-kube-controllers
+                      Deployment.
+                    properties:
+                      minReadySeconds:
+                        description: MinReadySeconds is the minimum number of seconds
+                          for which a newly created Deployment pod should be ready
+                          without any of its container crashing, for it to be considered
+                          available. If specified, this overrides any minReadySeconds
+                          value that may be set on the calico-kube-controllers Deployment.
+                          If omitted, the calico-kube-controllers Deployment will
+                          use its default value for minReadySeconds.
+                        format: int32
+                        maximum: 2147483647
+                        minimum: 0
+                        type: integer
+                      template:
+                        description: Template describes the calico-kube-controllers
+                          Deployment pod that will be created.
+                        properties:
+                          metadata:
+                            description: Metadata is a subset of a Kubernetes object's
+                              metadata that is added to the pod's metadata.
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: Annotations is a map of arbitrary non-identifying
+                                  metadata. Each of these key/value pairs are added
+                                  to the object's annotations provided the key does
+                                  not already exist in the object's annotations.
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: Labels is a map of string keys and values
+                                  that may match replicaset and service selectors.
+                                  Each of these key/value pairs are added to the object's
+                                  labels provided the key does not already exist in
+                                  the object's labels.
+                                type: object
+                            type: object
+                          spec:
+                            description: Spec is the calico-kube-controllers Deployment's
+                              PodSpec.
+                            properties:
+                              affinity:
+                                description: 'Affinity is a group of affinity scheduling
+                                  rules for the calico-kube-controllers pods. If specified,
+                                  this overrides any affinity that may be set on the
+                                  calico-kube-controllers Deployment. If omitted,
+                                  the calico-kube-controllers Deployment will use
+                                  its default value for affinity. WARNING: Please
+                                  note that this field will override the default calico-kube-controllers
+                                  Deployment affinity.'
+                                properties:
+                                  nodeAffinity:
+                                    description: Describes node affinity scheduling
+                                      rules for the pod.
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node matches the corresponding matchExpressions;
+                                          the node(s) with the highest sum are the
+                                          most preferred.
+                                        items:
+                                          description: An empty preferred scheduling
+                                            term matches all objects with implicit
+                                            weight 0 (i.e. it's a no-op). A null preferred
+                                            scheduling term matches no objects (i.e.
+                                            is also a no-op).
+                                          properties:
+                                            preference:
+                                              description: A node selector term, associated
+                                                with the corresponding weight.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            weight:
+                                              description: Weight associated with
+                                                matching the corresponding nodeSelectorTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - preference
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to an update),
+                                          the system may or may not try to eventually
+                                          evict the pod from its node.
+                                        properties:
+                                          nodeSelectorTerms:
+                                            description: Required. A list of node
+                                              selector terms. The terms are ORed.
+                                            items:
+                                              description: A null or empty node selector
+                                                term matches no objects. The requirements
+                                                of them are ANDed. The TopologySelectorTerm
+                                                type implements a subset of the NodeSelectorTerm.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            type: array
+                                        required:
+                                        - nodeSelectorTerms
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                  podAffinity:
+                                    description: Describes pod affinity scheduling
+                                      rules (e.g. co-locate this pod in the same node,
+                                      zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node has pods which matches the corresponding
+                                          podAffinityTerm; the node(s) with the highest
+                                          sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to a pod
+                                          label update), the system may or may not
+                                          try to eventually evict the pod from its
+                                          node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                  podAntiAffinity:
+                                    description: Describes pod anti-affinity scheduling
+                                      rules (e.g. avoid putting this pod in the same
+                                      node, zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          anti-affinity expressions specified by this
+                                          field, but it may choose a node that violates
+                                          one or more of the expressions. The node
+                                          that is most preferred is the one with the
+                                          greatest sum of weights, i.e. for each node
+                                          that meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          anti-affinity expressions, etc.), compute
+                                          a sum by iterating through the elements
+                                          of this field and adding "weight" to the
+                                          sum if the node has pods which matches the
+                                          corresponding podAffinityTerm; the node(s)
+                                          with the highest sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the anti-affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the anti-affinity requirements
+                                          specified by this field cease to be met
+                                          at some point during pod execution (e.g.
+                                          due to a pod label update), the system may
+                                          or may not try to eventually evict the pod
+                                          from its node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                type: object
+                              containers:
+                                description: Containers is a list of calico-kube-controllers
+                                  containers. If specified, this overrides the specified
+                                  calico-kube-controllers Deployment containers. If
+                                  omitted, the calico-kube-controllers Deployment
+                                  will use its default values for its containers.
+                                items:
+                                  description: CalicoKubeControllersDeploymentContainer
+                                    is a calico-kube-controllers Deployment container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the calico-kube-controllers Deployment container
+                                        by name.
+                                      enum:
+                                      - calico-kube-controllers
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named calico-kube-controllers
+                                        Deployment container's resources. If omitted,
+                                        the calico-kube-controllers Deployment will
+                                        use its default value for this container's
+                                        resources. If used in conjunction with the
+                                        deprecated ComponentResources, then this value
+                                        takes precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              nodeSelector:
+                                additionalProperties:
+                                  type: string
+                                description: 'NodeSelector is the calico-kube-controllers
+                                  pod''s scheduling constraints. If specified, each
+                                  of the key/value pairs are added to the calico-kube-controllers
+                                  Deployment nodeSelector provided the key does not
+                                  already exist in the object''s nodeSelector. If
+                                  used in conjunction with ControlPlaneNodeSelector,
+                                  that nodeSelector is set on the calico-kube-controllers
+                                  Deployment and each of this field''s key/value pairs
+                                  are added to the calico-kube-controllers Deployment
+                                  nodeSelector provided the key does not already exist
+                                  in the object''s nodeSelector. If omitted, the calico-kube-controllers
+                                  Deployment will use its default value for nodeSelector.
+                                  WARNING: Please note that this field will modify
+                                  the default calico-kube-controllers Deployment nodeSelector.'
+                                type: object
+                              tolerations:
+                                description: 'Tolerations is the calico-kube-controllers
+                                  pod''s tolerations. If specified, this overrides
+                                  any tolerations that may be set on the calico-kube-controllers
+                                  Deployment. If omitted, the calico-kube-controllers
+                                  Deployment will use its default value for tolerations.
+                                  WARNING: Please note that this field will override
+                                  the default calico-kube-controllers Deployment tolerations.'
+                                items:
+                                  description: The pod this Toleration is attached
+                                    to tolerates any taint that matches the triple
+                                    <key,value,effect> using the matching operator
+                                    <operator>.
+                                  properties:
+                                    effect:
+                                      description: Effect indicates the taint effect
+                                        to match. Empty means match all taint effects.
+                                        When specified, allowed values are NoSchedule,
+                                        PreferNoSchedule and NoExecute.
+                                      type: string
+                                    key:
+                                      description: Key is the taint key that the toleration
+                                        applies to. Empty means match all taint keys.
+                                        If the key is empty, operator must be Exists;
+                                        this combination means to match all values
+                                        and all keys.
+                                      type: string
+                                    operator:
+                                      description: Operator represents a key's relationship
+                                        to the value. Valid operators are Exists and
+                                        Equal. Defaults to Equal. Exists is equivalent
+                                        to wildcard for value, so that a pod can tolerate
+                                        all taints of a particular category.
+                                      type: string
+                                    tolerationSeconds:
+                                      description: TolerationSeconds represents the
+                                        period of time the toleration (which must
+                                        be of effect NoExecute, otherwise this field
+                                        is ignored) tolerates the taint. By default,
+                                        it is not set, which means tolerate the taint
+                                        forever (do not evict). Zero and negative
+                                        values will be treated as 0 (evict immediately)
+                                        by the system.
+                                      format: int64
+                                      type: integer
+                                    value:
+                                      description: Value is the taint value the toleration
+                                        matches to. If the operator is Exists, the
+                                        value should be empty, otherwise just a regular
+                                        string.
+                                      type: string
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                    type: object
+                type: object
+              calicoNetwork:
+                description: CalicoNetwork specifies networking configuration options
+                  for Calico.
+                properties:
+                  bgp:
+                    description: BGP configures whether or not to enable Calico's
+                      BGP capabilities.
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                  containerIPForwarding:
+                    description: 'ContainerIPForwarding configures whether ip forwarding
+                      will be enabled for containers in the CNI configuration. Default:
+                      Disabled'
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                  hostPorts:
+                    description: 'HostPorts configures whether or not Calico will
+                      support Kubernetes HostPorts. Valid only when using the Calico
+                      CNI plugin. Default: Enabled'
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                  ipPools:
+                    description: IPPools contains a list of IP pools to create if
+                      none exist. At most one IP pool of each address family may be
+                      specified. If omitted, a single pool will be configured if needed.
+                    items:
+                      properties:
+                        blockSize:
+                          description: 'BlockSize specifies the CIDR prefex length
+                            to use when allocating per-node IP blocks from the main
+                            IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)'
+                          format: int32
+                          type: integer
+                        cidr:
+                          description: CIDR contains the address range for the IP
+                            Pool in classless inter-domain routing format.
+                          type: string
+                        disableBGPExport:
+                          default: false
+                          description: 'DisableBGPExport specifies whether routes
+                            from this IP pool''s CIDR are exported over BGP. Default:
+                            false'
+                          type: boolean
+                        encapsulation:
+                          description: 'Encapsulation specifies the encapsulation
+                            type that will be used with the IP Pool. Default: IPIP'
+                          enum:
+                          - IPIPCrossSubnet
+                          - IPIP
+                          - VXLAN
+                          - VXLANCrossSubnet
+                          - None
+                          type: string
+                        natOutgoing:
+                          description: 'NATOutgoing specifies if NAT will be enabled
+                            or disabled for outgoing traffic. Default: Enabled'
+                          enum:
+                          - Enabled
+                          - Disabled
+                          type: string
+                        nodeSelector:
+                          description: 'NodeSelector specifies the node selector that
+                            will be set for the IP Pool. Default: ''all()'''
+                          type: string
+                      required:
+                      - cidr
+                      type: object
+                    type: array
+                  linuxDataplane:
+                    description: 'LinuxDataplane is used to select the dataplane used
+                      for Linux nodes. In particular, it causes the operator to add
+                      required mounts and environment variables for the particular
+                      dataplane. If not specified, iptables mode is used. Default:
+                      Iptables'
+                    enum:
+                    - Iptables
+                    - BPF
+                    - VPP
+                    type: string
+                  mtu:
+                    description: MTU specifies the maximum transmission unit to use
+                      on the pod network. If not specified, Calico will perform MTU
+                      auto-detection based on the cluster network.
+                    format: int32
+                    type: integer
+                  multiInterfaceMode:
+                    description: 'MultiInterfaceMode configures what will configure
+                      multiple interface per pod. Only valid for Calico Enterprise
+                      installations using the Calico CNI plugin. Default: None'
+                    enum:
+                    - None
+                    - Multus
+                    type: string
+                  nodeAddressAutodetectionV4:
+                    description: NodeAddressAutodetectionV4 specifies an approach
+                      to automatically detect node IPv4 addresses. If not specified,
+                      will use default auto-detection settings to acquire an IPv4
+                      address for each node.
+                    properties:
+                      canReach:
+                        description: CanReach enables IP auto-detection based on which
+                          source address on the node is used to reach the specified
+                          IP or domain.
+                        type: string
+                      cidrs:
+                        description: CIDRS enables IP auto-detection based on which
+                          addresses on the nodes are within one of the provided CIDRs.
+                        items:
+                          type: string
+                        type: array
+                      firstFound:
+                        description: FirstFound uses default interface matching parameters
+                          to select an interface, performing best-effort filtering
+                          based on well-known interface names.
+                        type: boolean
+                      interface:
+                        description: Interface enables IP auto-detection based on
+                          interfaces that match the given regex.
+                        type: string
+                      kubernetes:
+                        description: Kubernetes configures Calico to detect node addresses
+                          based on the Kubernetes API.
+                        enum:
+                        - NodeInternalIP
+                        type: string
+                      skipInterface:
+                        description: SkipInterface enables IP auto-detection based
+                          on interfaces that do not match the given regex.
+                        type: string
+                    type: object
+                  nodeAddressAutodetectionV6:
+                    description: NodeAddressAutodetectionV6 specifies an approach
+                      to automatically detect node IPv6 addresses. If not specified,
+                      IPv6 addresses will not be auto-detected.
+                    properties:
+                      canReach:
+                        description: CanReach enables IP auto-detection based on which
+                          source address on the node is used to reach the specified
+                          IP or domain.
+                        type: string
+                      cidrs:
+                        description: CIDRS enables IP auto-detection based on which
+                          addresses on the nodes are within one of the provided CIDRs.
+                        items:
+                          type: string
+                        type: array
+                      firstFound:
+                        description: FirstFound uses default interface matching parameters
+                          to select an interface, performing best-effort filtering
+                          based on well-known interface names.
+                        type: boolean
+                      interface:
+                        description: Interface enables IP auto-detection based on
+                          interfaces that match the given regex.
+                        type: string
+                      kubernetes:
+                        description: Kubernetes configures Calico to detect node addresses
+                          based on the Kubernetes API.
+                        enum:
+                        - NodeInternalIP
+                        type: string
+                      skipInterface:
+                        description: SkipInterface enables IP auto-detection based
+                          on interfaces that do not match the given regex.
+                        type: string
+                    type: object
+                  windowsDataplane:
+                    description: 'WindowsDataplane is used to select the dataplane
+                      used for Windows nodes. In particular, it causes the operator
+                      to add required mounts and environment variables for the particular
+                      dataplane. If not specified, it is disabled and the operator
+                      will not render the Calico Windows nodes daemonset. Default:
+                      Disabled'
+                    enum:
+                    - HNS
+                    - Disabled
+                    type: string
+                type: object
+              calicoNodeDaemonSet:
+                description: CalicoNodeDaemonSet configures the calico-node DaemonSet.
+                  If used in conjunction with the deprecated ComponentResources, then
+                  these overrides take precedence.
+                properties:
+                  metadata:
+                    description: Metadata is a subset of a Kubernetes object's metadata
+                      that is added to the DaemonSet.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: Annotations is a map of arbitrary non-identifying
+                          metadata. Each of these key/value pairs are added to the
+                          object's annotations provided the key does not already exist
+                          in the object's annotations.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: Labels is a map of string keys and values that
+                          may match replicaset and service selectors. Each of these
+                          key/value pairs are added to the object's labels provided
+                          the key does not already exist in the object's labels.
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the calico-node DaemonSet.
+                    properties:
+                      minReadySeconds:
+                        description: MinReadySeconds is the minimum number of seconds
+                          for which a newly created DaemonSet pod should be ready
+                          without any of its container crashing, for it to be considered
+                          available. If specified, this overrides any minReadySeconds
+                          value that may be set on the calico-node DaemonSet. If omitted,
+                          the calico-node DaemonSet will use its default value for
+                          minReadySeconds.
+                        format: int32
+                        maximum: 2147483647
+                        minimum: 0
+                        type: integer
+                      template:
+                        description: Template describes the calico-node DaemonSet
+                          pod that will be created.
+                        properties:
+                          metadata:
+                            description: Metadata is a subset of a Kubernetes object's
+                              metadata that is added to the pod's metadata.
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: Annotations is a map of arbitrary non-identifying
+                                  metadata. Each of these key/value pairs are added
+                                  to the object's annotations provided the key does
+                                  not already exist in the object's annotations.
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: Labels is a map of string keys and values
+                                  that may match replicaset and service selectors.
+                                  Each of these key/value pairs are added to the object's
+                                  labels provided the key does not already exist in
+                                  the object's labels.
+                                type: object
+                            type: object
+                          spec:
+                            description: Spec is the calico-node DaemonSet's PodSpec.
+                            properties:
+                              affinity:
+                                description: 'Affinity is a group of affinity scheduling
+                                  rules for the calico-node pods. If specified, this
+                                  overrides any affinity that may be set on the calico-node
+                                  DaemonSet. If omitted, the calico-node DaemonSet
+                                  will use its default value for affinity. WARNING:
+                                  Please note that this field will override the default
+                                  calico-node DaemonSet affinity.'
+                                properties:
+                                  nodeAffinity:
+                                    description: Describes node affinity scheduling
+                                      rules for the pod.
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node matches the corresponding matchExpressions;
+                                          the node(s) with the highest sum are the
+                                          most preferred.
+                                        items:
+                                          description: An empty preferred scheduling
+                                            term matches all objects with implicit
+                                            weight 0 (i.e. it's a no-op). A null preferred
+                                            scheduling term matches no objects (i.e.
+                                            is also a no-op).
+                                          properties:
+                                            preference:
+                                              description: A node selector term, associated
+                                                with the corresponding weight.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            weight:
+                                              description: Weight associated with
+                                                matching the corresponding nodeSelectorTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - preference
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to an update),
+                                          the system may or may not try to eventually
+                                          evict the pod from its node.
+                                        properties:
+                                          nodeSelectorTerms:
+                                            description: Required. A list of node
+                                              selector terms. The terms are ORed.
+                                            items:
+                                              description: A null or empty node selector
+                                                term matches no objects. The requirements
+                                                of them are ANDed. The TopologySelectorTerm
+                                                type implements a subset of the NodeSelectorTerm.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            type: array
+                                        required:
+                                        - nodeSelectorTerms
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                  podAffinity:
+                                    description: Describes pod affinity scheduling
+                                      rules (e.g. co-locate this pod in the same node,
+                                      zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node has pods which matches the corresponding
+                                          podAffinityTerm; the node(s) with the highest
+                                          sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to a pod
+                                          label update), the system may or may not
+                                          try to eventually evict the pod from its
+                                          node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                  podAntiAffinity:
+                                    description: Describes pod anti-affinity scheduling
+                                      rules (e.g. avoid putting this pod in the same
+                                      node, zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          anti-affinity expressions specified by this
+                                          field, but it may choose a node that violates
+                                          one or more of the expressions. The node
+                                          that is most preferred is the one with the
+                                          greatest sum of weights, i.e. for each node
+                                          that meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          anti-affinity expressions, etc.), compute
+                                          a sum by iterating through the elements
+                                          of this field and adding "weight" to the
+                                          sum if the node has pods which matches the
+                                          corresponding podAffinityTerm; the node(s)
+                                          with the highest sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the anti-affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the anti-affinity requirements
+                                          specified by this field cease to be met
+                                          at some point during pod execution (e.g.
+                                          due to a pod label update), the system may
+                                          or may not try to eventually evict the pod
+                                          from its node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                type: object
+                              containers:
+                                description: Containers is a list of calico-node containers.
+                                  If specified, this overrides the specified calico-node
+                                  DaemonSet containers. If omitted, the calico-node
+                                  DaemonSet will use its default values for its containers.
+                                items:
+                                  description: CalicoNodeDaemonSetContainer is a calico-node
+                                    DaemonSet container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the calico-node DaemonSet container by name.
+                                      enum:
+                                      - calico-node
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named calico-node DaemonSet
+                                        container's resources. If omitted, the calico-node
+                                        DaemonSet will use its default value for this
+                                        container's resources. If used in conjunction
+                                        with the deprecated ComponentResources, then
+                                        this value takes precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              initContainers:
+                                description: InitContainers is a list of calico-node
+                                  init containers. If specified, this overrides the
+                                  specified calico-node DaemonSet init containers.
+                                  If omitted, the calico-node DaemonSet will use its
+                                  default values for its init containers.
+                                items:
+                                  description: CalicoNodeDaemonSetInitContainer is
+                                    a calico-node DaemonSet init container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the calico-node DaemonSet init container by
+                                        name.
+                                      enum:
+                                      - install-cni
+                                      - hostpath-init
+                                      - flexvol-driver
+                                      - mount-bpffs
+                                      - node-certs-key-cert-provisioner
+                                      - calico-node-prometheus-server-tls-key-cert-provisioner
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named calico-node DaemonSet
+                                        init container's resources. If omitted, the
+                                        calico-node DaemonSet will use its default
+                                        value for this container's resources. If used
+                                        in conjunction with the deprecated ComponentResources,
+                                        then this value takes precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              nodeSelector:
+                                additionalProperties:
+                                  type: string
+                                description: 'NodeSelector is the calico-node pod''s
+                                  scheduling constraints. If specified, each of the
+                                  key/value pairs are added to the calico-node DaemonSet
+                                  nodeSelector provided the key does not already exist
+                                  in the object''s nodeSelector. If omitted, the calico-node
+                                  DaemonSet will use its default value for nodeSelector.
+                                  WARNING: Please note that this field will modify
+                                  the default calico-node DaemonSet nodeSelector.'
+                                type: object
+                              tolerations:
+                                description: 'Tolerations is the calico-node pod''s
+                                  tolerations. If specified, this overrides any tolerations
+                                  that may be set on the calico-node DaemonSet. If
+                                  omitted, the calico-node DaemonSet will use its
+                                  default value for tolerations. WARNING: Please note
+                                  that this field will override the default calico-node
+                                  DaemonSet tolerations.'
+                                items:
+                                  description: The pod this Toleration is attached
+                                    to tolerates any taint that matches the triple
+                                    <key,value,effect> using the matching operator
+                                    <operator>.
+                                  properties:
+                                    effect:
+                                      description: Effect indicates the taint effect
+                                        to match. Empty means match all taint effects.
+                                        When specified, allowed values are NoSchedule,
+                                        PreferNoSchedule and NoExecute.
+                                      type: string
+                                    key:
+                                      description: Key is the taint key that the toleration
+                                        applies to. Empty means match all taint keys.
+                                        If the key is empty, operator must be Exists;
+                                        this combination means to match all values
+                                        and all keys.
+                                      type: string
+                                    operator:
+                                      description: Operator represents a key's relationship
+                                        to the value. Valid operators are Exists and
+                                        Equal. Defaults to Equal. Exists is equivalent
+                                        to wildcard for value, so that a pod can tolerate
+                                        all taints of a particular category.
+                                      type: string
+                                    tolerationSeconds:
+                                      description: TolerationSeconds represents the
+                                        period of time the toleration (which must
+                                        be of effect NoExecute, otherwise this field
+                                        is ignored) tolerates the taint. By default,
+                                        it is not set, which means tolerate the taint
+                                        forever (do not evict). Zero and negative
+                                        values will be treated as 0 (evict immediately)
+                                        by the system.
+                                      format: int64
+                                      type: integer
+                                    value:
+                                      description: Value is the taint value the toleration
+                                        matches to. If the operator is Exists, the
+                                        value should be empty, otherwise just a regular
+                                        string.
+                                      type: string
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                    type: object
+                type: object
+              calicoNodeWindowsDaemonSet:
+                description: CalicoNodeWindowsDaemonSet configures the calico-node-windows
+                  DaemonSet.
+                properties:
+                  metadata:
+                    description: Metadata is a subset of a Kubernetes object's metadata
+                      that is added to the DaemonSet.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: Annotations is a map of arbitrary non-identifying
+                          metadata. Each of these key/value pairs are added to the
+                          object's annotations provided the key does not already exist
+                          in the object's annotations.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: Labels is a map of string keys and values that
+                          may match replicaset and service selectors. Each of these
+                          key/value pairs are added to the object's labels provided
+                          the key does not already exist in the object's labels.
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the calico-node-windows
+                      DaemonSet.
+                    properties:
+                      minReadySeconds:
+                        description: MinReadySeconds is the minimum number of seconds
+                          for which a newly created DaemonSet pod should be ready
+                          without any of its container crashing, for it to be considered
+                          available. If specified, this overrides any minReadySeconds
+                          value that may be set on the calico-node-windows DaemonSet.
+                          If omitted, the calico-node-windows DaemonSet will use its
+                          default value for minReadySeconds.
+                        format: int32
+                        maximum: 2147483647
+                        minimum: 0
+                        type: integer
+                      template:
+                        description: Template describes the calico-node-windows DaemonSet
+                          pod that will be created.
+                        properties:
+                          metadata:
+                            description: Metadata is a subset of a Kubernetes object's
+                              metadata that is added to the pod's metadata.
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: Annotations is a map of arbitrary non-identifying
+                                  metadata. Each of these key/value pairs are added
+                                  to the object's annotations provided the key does
+                                  not already exist in the object's annotations.
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: Labels is a map of string keys and values
+                                  that may match replicaset and service selectors.
+                                  Each of these key/value pairs are added to the object's
+                                  labels provided the key does not already exist in
+                                  the object's labels.
+                                type: object
+                            type: object
+                          spec:
+                            description: Spec is the calico-node-windows DaemonSet's
+                              PodSpec.
+                            properties:
+                              affinity:
+                                description: 'Affinity is a group of affinity scheduling
+                                  rules for the calico-node-windows pods. If specified,
+                                  this overrides any affinity that may be set on the
+                                  calico-node-windows DaemonSet. If omitted, the calico-node-windows
+                                  DaemonSet will use its default value for affinity.
+                                  WARNING: Please note that this field will override
+                                  the default calico-node-windows DaemonSet affinity.'
+                                properties:
+                                  nodeAffinity:
+                                    description: Describes node affinity scheduling
+                                      rules for the pod.
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node matches the corresponding matchExpressions;
+                                          the node(s) with the highest sum are the
+                                          most preferred.
+                                        items:
+                                          description: An empty preferred scheduling
+                                            term matches all objects with implicit
+                                            weight 0 (i.e. it's a no-op). A null preferred
+                                            scheduling term matches no objects (i.e.
+                                            is also a no-op).
+                                          properties:
+                                            preference:
+                                              description: A node selector term, associated
+                                                with the corresponding weight.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            weight:
+                                              description: Weight associated with
+                                                matching the corresponding nodeSelectorTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - preference
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to an update),
+                                          the system may or may not try to eventually
+                                          evict the pod from its node.
+                                        properties:
+                                          nodeSelectorTerms:
+                                            description: Required. A list of node
+                                              selector terms. The terms are ORed.
+                                            items:
+                                              description: A null or empty node selector
+                                                term matches no objects. The requirements
+                                                of them are ANDed. The TopologySelectorTerm
+                                                type implements a subset of the NodeSelectorTerm.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            type: array
+                                        required:
+                                        - nodeSelectorTerms
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                  podAffinity:
+                                    description: Describes pod affinity scheduling
+                                      rules (e.g. co-locate this pod in the same node,
+                                      zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node has pods which matches the corresponding
+                                          podAffinityTerm; the node(s) with the highest
+                                          sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to a pod
+                                          label update), the system may or may not
+                                          try to eventually evict the pod from its
+                                          node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                  podAntiAffinity:
+                                    description: Describes pod anti-affinity scheduling
+                                      rules (e.g. avoid putting this pod in the same
+                                      node, zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          anti-affinity expressions specified by this
+                                          field, but it may choose a node that violates
+                                          one or more of the expressions. The node
+                                          that is most preferred is the one with the
+                                          greatest sum of weights, i.e. for each node
+                                          that meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          anti-affinity expressions, etc.), compute
+                                          a sum by iterating through the elements
+                                          of this field and adding "weight" to the
+                                          sum if the node has pods which matches the
+                                          corresponding podAffinityTerm; the node(s)
+                                          with the highest sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the anti-affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the anti-affinity requirements
+                                          specified by this field cease to be met
+                                          at some point during pod execution (e.g.
+                                          due to a pod label update), the system may
+                                          or may not try to eventually evict the pod
+                                          from its node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                type: object
+                              containers:
+                                description: Containers is a list of calico-node-windows
+                                  containers. If specified, this overrides the specified
+                                  calico-node-windows DaemonSet containers. If omitted,
+                                  the calico-node-windows DaemonSet will use its default
+                                  values for its containers.
+                                items:
+                                  description: CalicoNodeWindowsDaemonSetContainer
+                                    is a calico-node-windows DaemonSet container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the calico-node-windows DaemonSet container
+                                        by name.
+                                      enum:
+                                      - calico-node-windows
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named calico-node-windows DaemonSet
+                                        container's resources. If omitted, the calico-node-windows
+                                        DaemonSet will use its default value for this
+                                        container's resources. If used in conjunction
+                                        with the deprecated ComponentResources, then
+                                        this value takes precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              initContainers:
+                                description: InitContainers is a list of calico-node-windows
+                                  init containers. If specified, this overrides the
+                                  specified calico-node-windows DaemonSet init containers.
+                                  If omitted, the calico-node-windows DaemonSet will
+                                  use its default values for its init containers.
+                                items:
+                                  description: CalicoNodeWindowsDaemonSetInitContainer
+                                    is a calico-node-windows DaemonSet init container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the calico-node-windows DaemonSet init container
+                                        by name.
+                                      enum:
+                                      - install-cni
+                                      - hostpath-init
+                                      - flexvol-driver
+                                      - mount-bpffs
+                                      - node-certs-key-cert-provisioner
+                                      - calico-node-windows-prometheus-server-tls-key-cert-provisioner
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named calico-node-windows DaemonSet
+                                        init container's resources. If omitted, the
+                                        calico-node-windows DaemonSet will use its
+                                        default value for this container's resources.
+                                        If used in conjunction with the deprecated
+                                        ComponentResources, then this value takes
+                                        precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              nodeSelector:
+                                additionalProperties:
+                                  type: string
+                                description: 'NodeSelector is the calico-node-windows
+                                  pod''s scheduling constraints. If specified, each
+                                  of the key/value pairs are added to the calico-node-windows
+                                  DaemonSet nodeSelector provided the key does not
+                                  already exist in the object''s nodeSelector. If
+                                  omitted, the calico-node-windows DaemonSet will
+                                  use its default value for nodeSelector. WARNING:
+                                  Please note that this field will modify the default
+                                  calico-node-windows DaemonSet nodeSelector.'
+                                type: object
+                              tolerations:
+                                description: 'Tolerations is the calico-node-windows
+                                  pod''s tolerations. If specified, this overrides
+                                  any tolerations that may be set on the calico-node-windows
+                                  DaemonSet. If omitted, the calico-node-windows DaemonSet
+                                  will use its default value for tolerations. WARNING:
+                                  Please note that this field will override the default
+                                  calico-node-windows DaemonSet tolerations.'
+                                items:
+                                  description: The pod this Toleration is attached
+                                    to tolerates any taint that matches the triple
+                                    <key,value,effect> using the matching operator
+                                    <operator>.
+                                  properties:
+                                    effect:
+                                      description: Effect indicates the taint effect
+                                        to match. Empty means match all taint effects.
+                                        When specified, allowed values are NoSchedule,
+                                        PreferNoSchedule and NoExecute.
+                                      type: string
+                                    key:
+                                      description: Key is the taint key that the toleration
+                                        applies to. Empty means match all taint keys.
+                                        If the key is empty, operator must be Exists;
+                                        this combination means to match all values
+                                        and all keys.
+                                      type: string
+                                    operator:
+                                      description: Operator represents a key's relationship
+                                        to the value. Valid operators are Exists and
+                                        Equal. Defaults to Equal. Exists is equivalent
+                                        to wildcard for value, so that a pod can tolerate
+                                        all taints of a particular category.
+                                      type: string
+                                    tolerationSeconds:
+                                      description: TolerationSeconds represents the
+                                        period of time the toleration (which must
+                                        be of effect NoExecute, otherwise this field
+                                        is ignored) tolerates the taint. By default,
+                                        it is not set, which means tolerate the taint
+                                        forever (do not evict). Zero and negative
+                                        values will be treated as 0 (evict immediately)
+                                        by the system.
+                                      format: int64
+                                      type: integer
+                                    value:
+                                      description: Value is the taint value the toleration
+                                        matches to. If the operator is Exists, the
+                                        value should be empty, otherwise just a regular
+                                        string.
+                                      type: string
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                    type: object
+                type: object
+              calicoWindowsUpgradeDaemonSet:
+                description: Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated
+                  and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet
+                  configures the calico-windows-upgrade DaemonSet.
+                properties:
+                  metadata:
+                    description: Metadata is a subset of a Kubernetes object's metadata
+                      that is added to the Deployment.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: Annotations is a map of arbitrary non-identifying
+                          metadata. Each of these key/value pairs are added to the
+                          object's annotations provided the key does not already exist
+                          in the object's annotations.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: Labels is a map of string keys and values that
+                          may match replicaset and service selectors. Each of these
+                          key/value pairs are added to the object's labels provided
+                          the key does not already exist in the object's labels.
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the calico-windows-upgrade
+                      DaemonSet.
+                    properties:
+                      minReadySeconds:
+                        description: MinReadySeconds is the minimum number of seconds
+                          for which a newly created Deployment pod should be ready
+                          without any of its container crashing, for it to be considered
+                          available. If specified, this overrides any minReadySeconds
+                          value that may be set on the calico-windows-upgrade DaemonSet.
+                          If omitted, the calico-windows-upgrade DaemonSet will use
+                          its default value for minReadySeconds.
+                        format: int32
+                        maximum: 2147483647
+                        minimum: 0
+                        type: integer
+                      template:
+                        description: Template describes the calico-windows-upgrade
+                          DaemonSet pod that will be created.
+                        properties:
+                          metadata:
+                            description: Metadata is a subset of a Kubernetes object's
+                              metadata that is added to the pod's metadata.
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: Annotations is a map of arbitrary non-identifying
+                                  metadata. Each of these key/value pairs are added
+                                  to the object's annotations provided the key does
+                                  not already exist in the object's annotations.
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: Labels is a map of string keys and values
+                                  that may match replicaset and service selectors.
+                                  Each of these key/value pairs are added to the object's
+                                  labels provided the key does not already exist in
+                                  the object's labels.
+                                type: object
+                            type: object
+                          spec:
+                            description: Spec is the calico-windows-upgrade DaemonSet's
+                              PodSpec.
+                            properties:
+                              affinity:
+                                description: 'Affinity is a group of affinity scheduling
+                                  rules for the calico-windows-upgrade pods. If specified,
+                                  this overrides any affinity that may be set on the
+                                  calico-windows-upgrade DaemonSet. If omitted, the
+                                  calico-windows-upgrade DaemonSet will use its default
+                                  value for affinity. WARNING: Please note that this
+                                  field will override the default calico-windows-upgrade
+                                  DaemonSet affinity.'
+                                properties:
+                                  nodeAffinity:
+                                    description: Describes node affinity scheduling
+                                      rules for the pod.
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node matches the corresponding matchExpressions;
+                                          the node(s) with the highest sum are the
+                                          most preferred.
+                                        items:
+                                          description: An empty preferred scheduling
+                                            term matches all objects with implicit
+                                            weight 0 (i.e. it's a no-op). A null preferred
+                                            scheduling term matches no objects (i.e.
+                                            is also a no-op).
+                                          properties:
+                                            preference:
+                                              description: A node selector term, associated
+                                                with the corresponding weight.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            weight:
+                                              description: Weight associated with
+                                                matching the corresponding nodeSelectorTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - preference
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to an update),
+                                          the system may or may not try to eventually
+                                          evict the pod from its node.
+                                        properties:
+                                          nodeSelectorTerms:
+                                            description: Required. A list of node
+                                              selector terms. The terms are ORed.
+                                            items:
+                                              description: A null or empty node selector
+                                                term matches no objects. The requirements
+                                                of them are ANDed. The TopologySelectorTerm
+                                                type implements a subset of the NodeSelectorTerm.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            type: array
+                                        required:
+                                        - nodeSelectorTerms
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                  podAffinity:
+                                    description: Describes pod affinity scheduling
+                                      rules (e.g. co-locate this pod in the same node,
+                                      zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node has pods which matches the corresponding
+                                          podAffinityTerm; the node(s) with the highest
+                                          sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to a pod
+                                          label update), the system may or may not
+                                          try to eventually evict the pod from its
+                                          node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                  podAntiAffinity:
+                                    description: Describes pod anti-affinity scheduling
+                                      rules (e.g. avoid putting this pod in the same
+                                      node, zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          anti-affinity expressions specified by this
+                                          field, but it may choose a node that violates
+                                          one or more of the expressions. The node
+                                          that is most preferred is the one with the
+                                          greatest sum of weights, i.e. for each node
+                                          that meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          anti-affinity expressions, etc.), compute
+                                          a sum by iterating through the elements
+                                          of this field and adding "weight" to the
+                                          sum if the node has pods which matches the
+                                          corresponding podAffinityTerm; the node(s)
+                                          with the highest sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the anti-affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the anti-affinity requirements
+                                          specified by this field cease to be met
+                                          at some point during pod execution (e.g.
+                                          due to a pod label update), the system may
+                                          or may not try to eventually evict the pod
+                                          from its node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                type: object
+                              containers:
+                                description: Containers is a list of calico-windows-upgrade
+                                  containers. If specified, this overrides the specified
+                                  calico-windows-upgrade DaemonSet containers. If
+                                  omitted, the calico-windows-upgrade DaemonSet will
+                                  use its default values for its containers.
+                                items:
+                                  description: CalicoWindowsUpgradeDaemonSetContainer
+                                    is a calico-windows-upgrade DaemonSet container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the calico-windows-upgrade DaemonSet container
+                                        by name.
+                                      enum:
+                                      - calico-windows-upgrade
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named calico-windows-upgrade
+                                        DaemonSet container's resources. If omitted,
+                                        the calico-windows-upgrade DaemonSet will
+                                        use its default value for this container's
+                                        resources.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              nodeSelector:
+                                additionalProperties:
+                                  type: string
+                                description: 'NodeSelector is the calico-windows-upgrade
+                                  pod''s scheduling constraints. If specified, each
+                                  of the key/value pairs are added to the calico-windows-upgrade
+                                  DaemonSet nodeSelector provided the key does not
+                                  already exist in the object''s nodeSelector. If
+                                  omitted, the calico-windows-upgrade DaemonSet will
+                                  use its default value for nodeSelector. WARNING:
+                                  Please note that this field will modify the default
+                                  calico-windows-upgrade DaemonSet nodeSelector.'
+                                type: object
+                              tolerations:
+                                description: 'Tolerations is the calico-windows-upgrade
+                                  pod''s tolerations. If specified, this overrides
+                                  any tolerations that may be set on the calico-windows-upgrade
+                                  DaemonSet. If omitted, the calico-windows-upgrade
+                                  DaemonSet will use its default value for tolerations.
+                                  WARNING: Please note that this field will override
+                                  the default calico-windows-upgrade DaemonSet tolerations.'
+                                items:
+                                  description: The pod this Toleration is attached
+                                    to tolerates any taint that matches the triple
+                                    <key,value,effect> using the matching operator
+                                    <operator>.
+                                  properties:
+                                    effect:
+                                      description: Effect indicates the taint effect
+                                        to match. Empty means match all taint effects.
+                                        When specified, allowed values are NoSchedule,
+                                        PreferNoSchedule and NoExecute.
+                                      type: string
+                                    key:
+                                      description: Key is the taint key that the toleration
+                                        applies to. Empty means match all taint keys.
+                                        If the key is empty, operator must be Exists;
+                                        this combination means to match all values
+                                        and all keys.
+                                      type: string
+                                    operator:
+                                      description: Operator represents a key's relationship
+                                        to the value. Valid operators are Exists and
+                                        Equal. Defaults to Equal. Exists is equivalent
+                                        to wildcard for value, so that a pod can tolerate
+                                        all taints of a particular category.
+                                      type: string
+                                    tolerationSeconds:
+                                      description: TolerationSeconds represents the
+                                        period of time the toleration (which must
+                                        be of effect NoExecute, otherwise this field
+                                        is ignored) tolerates the taint. By default,
+                                        it is not set, which means tolerate the taint
+                                        forever (do not evict). Zero and negative
+                                        values will be treated as 0 (evict immediately)
+                                        by the system.
+                                      format: int64
+                                      type: integer
+                                    value:
+                                      description: Value is the taint value the toleration
+                                        matches to. If the operator is Exists, the
+                                        value should be empty, otherwise just a regular
+                                        string.
+                                      type: string
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                    type: object
+                type: object
+              certificateManagement:
+                description: CertificateManagement configures pods to submit a CertificateSigningRequest
+                  to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates.
+                  This feature requires that you bring your own CSR signing and approval
+                  process, otherwise pods will be stuck during initialization.
+                properties:
+                  caCert:
+                    description: Certificate of the authority that signs the CertificateSigningRequests
+                      in PEM format.
+                    format: byte
+                    type: string
+                  keyAlgorithm:
+                    description: 'Specify the algorithm used by pods to generate a
+                      key pair that is associated with the X.509 certificate request.
+                      Default: RSAWithSize2048'
+                    enum:
+                    - ""
+                    - RSAWithSize2048
+                    - RSAWithSize4096
+                    - RSAWithSize8192
+                    - ECDSAWithCurve256
+                    - ECDSAWithCurve384
+                    - ECDSAWithCurve521
+                    type: string
+                  signatureAlgorithm:
+                    description: 'Specify the algorithm used for the signature of
+                      the X.509 certificate request. Default: SHA256WithRSA'
+                    enum:
+                    - ""
+                    - SHA256WithRSA
+                    - SHA384WithRSA
+                    - SHA512WithRSA
+                    - ECDSAWithSHA256
+                    - ECDSAWithSHA384
+                    - ECDSAWithSHA512
+                    type: string
+                  signerName:
+                    description: 'When a CSR is issued to the certificates.k8s.io
+                      API, the signerName is added to the request in order to accommodate
+                      for clusters with multiple signers. Must be formatted as: `<my-domain>/<my-signername>`.'
+                    type: string
+                required:
+                - caCert
+                - signerName
+                type: object
+              cni:
+                description: CNI specifies the CNI that will be used by this installation.
+                properties:
+                  ipam:
+                    description: IPAM specifies the pod IP address management that
+                      will be used in the Calico or Calico Enterprise installation.
+                    properties:
+                      type:
+                        description: "Specifies the IPAM plugin that will be used
+                          in the Calico or Calico Enterprise installation. * For CNI
+                          Plugin Calico, this field defaults to Calico. * For CNI
+                          Plugin GKE, this field defaults to HostLocal. * For CNI
+                          Plugin AzureVNET, this field defaults to AzureVNET. * For
+                          CNI Plugin AmazonVPC, this field defaults to AmazonVPC.
+                          \n The IPAM plugin is installed and configured only if the
+                          CNI plugin is set to Calico, for all other values of the
+                          CNI plugin the plugin binaries and CNI config is a dependency
+                          that is expected to be installed separately. \n Default:
+                          Calico"
+                        enum:
+                        - Calico
+                        - HostLocal
+                        - AmazonVPC
+                        - AzureVNET
+                        type: string
+                    required:
+                    - type
+                    type: object
+                  type:
+                    description: "Specifies the CNI plugin that will be used in the
+                      Calico or Calico Enterprise installation. * For KubernetesProvider
+                      GKE, this field defaults to GKE. * For KubernetesProvider AKS,
+                      this field defaults to AzureVNET. * For KubernetesProvider EKS,
+                      this field defaults to AmazonVPC. * If aws-node daemonset exists
+                      in kube-system when the Installation resource is created, this
+                      field defaults to AmazonVPC. * For all other cases this field
+                      defaults to Calico. \n For the value Calico, the CNI plugin
+                      binaries and CNI config will be installed as part of deployment,
+                      for all other values the CNI plugin binaries and CNI config
+                      is a dependency that is expected to be installed separately.
+                      \n Default: Calico"
+                    enum:
+                    - Calico
+                    - GKE
+                    - AmazonVPC
+                    - AzureVNET
+                    type: string
+                required:
+                - type
+                type: object
+              componentResources:
+                description: Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment,
+                  and KubeControllersDeployment. ComponentResources can be used to
+                  customize the resource requirements for each component. Node, Typha,
+                  and KubeControllers are supported for installations.
+                items:
+                  description: Deprecated. Please use component resource config fields
+                    in Installation.Spec instead. The ComponentResource struct associates
+                    a ResourceRequirements with a component by name
+                  properties:
+                    componentName:
+                      description: ComponentName is an enum which identifies the component
+                      enum:
+                      - Node
+                      - Typha
+                      - KubeControllers
+                      type: string
+                    resourceRequirements:
+                      description: ResourceRequirements allows customization of limits
+                        and requests for compute resources such as cpu and memory.
+                      properties:
+                        claims:
+                          description: "Claims lists the names of resources, defined
+                            in spec.resourceClaims, that are used by this container.
+                            \n This is an alpha field and requires enabling the DynamicResourceAllocation
+                            feature gate. \n This field is immutable. It can only
+                            be set for containers."
+                          items:
+                            description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                            properties:
+                              name:
+                                description: Name must match the name of one entry
+                                  in pod.spec.resourceClaims of the Pod where this
+                                  field is used. It makes that resource available
+                                  inside a container.
+                                type: string
+                            required:
+                            - name
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                          - name
+                          x-kubernetes-list-type: map
+                        limits:
+                          additionalProperties:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          description: 'Limits describes the maximum amount of compute
+                            resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                          type: object
+                        requests:
+                          additionalProperties:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          description: 'Requests describes the minimum amount of compute
+                            resources required. If Requests is omitted for a container,
+                            it defaults to Limits if that is explicitly specified,
+                            otherwise to an implementation-defined value. More info:
+                            https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                          type: object
+                      type: object
+                  required:
+                  - componentName
+                  - resourceRequirements
+                  type: object
+                type: array
+              controlPlaneNodeSelector:
+                additionalProperties:
+                  type: string
+                description: ControlPlaneNodeSelector is used to select control plane
+                  nodes on which to run Calico components. This is globally applied
+                  to all resources created by the operator excluding daemonsets.
+                type: object
+              controlPlaneReplicas:
+                description: ControlPlaneReplicas defines how many replicas of the
+                  control plane core components will be deployed. This field applies
+                  to all control plane components that support High Availability.
+                  Defaults to 2.
+                format: int32
+                type: integer
+              controlPlaneTolerations:
+                description: ControlPlaneTolerations specify tolerations which are
+                  then globally applied to all resources created by the operator.
+                items:
+                  description: The pod this Toleration is attached to tolerates any
+                    taint that matches the triple <key,value,effect> using the matching
+                    operator <operator>.
+                  properties:
+                    effect:
+                      description: Effect indicates the taint effect to match. Empty
+                        means match all taint effects. When specified, allowed values
+                        are NoSchedule, PreferNoSchedule and NoExecute.
+                      type: string
+                    key:
+                      description: Key is the taint key that the toleration applies
+                        to. Empty means match all taint keys. If the key is empty,
+                        operator must be Exists; this combination means to match all
+                        values and all keys.
+                      type: string
+                    operator:
+                      description: Operator represents a key's relationship to the
+                        value. Valid operators are Exists and Equal. Defaults to Equal.
+                        Exists is equivalent to wildcard for value, so that a pod
+                        can tolerate all taints of a particular category.
+                      type: string
+                    tolerationSeconds:
+                      description: TolerationSeconds represents the period of time
+                        the toleration (which must be of effect NoExecute, otherwise
+                        this field is ignored) tolerates the taint. By default, it
+                        is not set, which means tolerate the taint forever (do not
+                        evict). Zero and negative values will be treated as 0 (evict
+                        immediately) by the system.
+                      format: int64
+                      type: integer
+                    value:
+                      description: Value is the taint value the toleration matches
+                        to. If the operator is Exists, the value should be empty,
+                        otherwise just a regular string.
+                      type: string
+                  type: object
+                type: array
+              csiNodeDriverDaemonSet:
+                description: CSINodeDriverDaemonSet configures the csi-node-driver
+                  DaemonSet.
+                properties:
+                  metadata:
+                    description: Metadata is a subset of a Kubernetes object's metadata
+                      that is added to the DaemonSet.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: Annotations is a map of arbitrary non-identifying
+                          metadata. Each of these key/value pairs are added to the
+                          object's annotations provided the key does not already exist
+                          in the object's annotations.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: Labels is a map of string keys and values that
+                          may match replicaset and service selectors. Each of these
+                          key/value pairs are added to the object's labels provided
+                          the key does not already exist in the object's labels.
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the csi-node-driver
+                      DaemonSet.
+                    properties:
+                      minReadySeconds:
+                        description: MinReadySeconds is the minimum number of seconds
+                          for which a newly created DaemonSet pod should be ready
+                          without any of its container crashing, for it to be considered
+                          available. If specified, this overrides any minReadySeconds
+                          value that may be set on the csi-node-driver DaemonSet.
+                          If omitted, the csi-node-driver DaemonSet will use its default
+                          value for minReadySeconds.
+                        format: int32
+                        maximum: 2147483647
+                        minimum: 0
+                        type: integer
+                      template:
+                        description: Template describes the csi-node-driver DaemonSet
+                          pod that will be created.
+                        properties:
+                          metadata:
+                            description: Metadata is a subset of a Kubernetes object's
+                              metadata that is added to the pod's metadata.
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: Annotations is a map of arbitrary non-identifying
+                                  metadata. Each of these key/value pairs are added
+                                  to the object's annotations provided the key does
+                                  not already exist in the object's annotations.
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: Labels is a map of string keys and values
+                                  that may match replicaset and service selectors.
+                                  Each of these key/value pairs are added to the object's
+                                  labels provided the key does not already exist in
+                                  the object's labels.
+                                type: object
+                            type: object
+                          spec:
+                            description: Spec is the csi-node-driver DaemonSet's PodSpec.
+                            properties:
+                              affinity:
+                                description: 'Affinity is a group of affinity scheduling
+                                  rules for the csi-node-driver pods. If specified,
+                                  this overrides any affinity that may be set on the
+                                  csi-node-driver DaemonSet. If omitted, the csi-node-driver
+                                  DaemonSet will use its default value for affinity.
+                                  WARNING: Please note that this field will override
+                                  the default csi-node-driver DaemonSet affinity.'
+                                properties:
+                                  nodeAffinity:
+                                    description: Describes node affinity scheduling
+                                      rules for the pod.
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node matches the corresponding matchExpressions;
+                                          the node(s) with the highest sum are the
+                                          most preferred.
+                                        items:
+                                          description: An empty preferred scheduling
+                                            term matches all objects with implicit
+                                            weight 0 (i.e. it's a no-op). A null preferred
+                                            scheduling term matches no objects (i.e.
+                                            is also a no-op).
+                                          properties:
+                                            preference:
+                                              description: A node selector term, associated
+                                                with the corresponding weight.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            weight:
+                                              description: Weight associated with
+                                                matching the corresponding nodeSelectorTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - preference
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to an update),
+                                          the system may or may not try to eventually
+                                          evict the pod from its node.
+                                        properties:
+                                          nodeSelectorTerms:
+                                            description: Required. A list of node
+                                              selector terms. The terms are ORed.
+                                            items:
+                                              description: A null or empty node selector
+                                                term matches no objects. The requirements
+                                                of them are ANDed. The TopologySelectorTerm
+                                                type implements a subset of the NodeSelectorTerm.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            type: array
+                                        required:
+                                        - nodeSelectorTerms
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                  podAffinity:
+                                    description: Describes pod affinity scheduling
+                                      rules (e.g. co-locate this pod in the same node,
+                                      zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node has pods which matches the corresponding
+                                          podAffinityTerm; the node(s) with the highest
+                                          sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to a pod
+                                          label update), the system may or may not
+                                          try to eventually evict the pod from its
+                                          node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                  podAntiAffinity:
+                                    description: Describes pod anti-affinity scheduling
+                                      rules (e.g. avoid putting this pod in the same
+                                      node, zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          anti-affinity expressions specified by this
+                                          field, but it may choose a node that violates
+                                          one or more of the expressions. The node
+                                          that is most preferred is the one with the
+                                          greatest sum of weights, i.e. for each node
+                                          that meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          anti-affinity expressions, etc.), compute
+                                          a sum by iterating through the elements
+                                          of this field and adding "weight" to the
+                                          sum if the node has pods which matches the
+                                          corresponding podAffinityTerm; the node(s)
+                                          with the highest sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the anti-affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the anti-affinity requirements
+                                          specified by this field cease to be met
+                                          at some point during pod execution (e.g.
+                                          due to a pod label update), the system may
+                                          or may not try to eventually evict the pod
+                                          from its node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                type: object
+                              containers:
+                                description: Containers is a list of csi-node-driver
+                                  containers. If specified, this overrides the specified
+                                  csi-node-driver DaemonSet containers. If omitted,
+                                  the csi-node-driver DaemonSet will use its default
+                                  values for its containers.
+                                items:
+                                  description: CSINodeDriverDaemonSetContainer is
+                                    a csi-node-driver DaemonSet container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the csi-node-driver DaemonSet container by
+                                        name.
+                                      enum:
+                                      - csi-node-driver
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named csi-node-driver DaemonSet
+                                        container's resources. If omitted, the csi-node-driver
+                                        DaemonSet will use its default value for this
+                                        container's resources.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              nodeSelector:
+                                additionalProperties:
+                                  type: string
+                                description: 'NodeSelector is the csi-node-driver
+                                  pod''s scheduling constraints. If specified, each
+                                  of the key/value pairs are added to the csi-node-driver
+                                  DaemonSet nodeSelector provided the key does not
+                                  already exist in the object''s nodeSelector. If
+                                  omitted, the csi-node-driver DaemonSet will use
+                                  its default value for nodeSelector. WARNING: Please
+                                  note that this field will modify the default csi-node-driver
+                                  DaemonSet nodeSelector.'
+                                type: object
+                              tolerations:
+                                description: 'Tolerations is the csi-node-driver pod''s
+                                  tolerations. If specified, this overrides any tolerations
+                                  that may be set on the csi-node-driver DaemonSet.
+                                  If omitted, the csi-node-driver DaemonSet will use
+                                  its default value for tolerations. WARNING: Please
+                                  note that this field will override the default csi-node-driver
+                                  DaemonSet tolerations.'
+                                items:
+                                  description: The pod this Toleration is attached
+                                    to tolerates any taint that matches the triple
+                                    <key,value,effect> using the matching operator
+                                    <operator>.
+                                  properties:
+                                    effect:
+                                      description: Effect indicates the taint effect
+                                        to match. Empty means match all taint effects.
+                                        When specified, allowed values are NoSchedule,
+                                        PreferNoSchedule and NoExecute.
+                                      type: string
+                                    key:
+                                      description: Key is the taint key that the toleration
+                                        applies to. Empty means match all taint keys.
+                                        If the key is empty, operator must be Exists;
+                                        this combination means to match all values
+                                        and all keys.
+                                      type: string
+                                    operator:
+                                      description: Operator represents a key's relationship
+                                        to the value. Valid operators are Exists and
+                                        Equal. Defaults to Equal. Exists is equivalent
+                                        to wildcard for value, so that a pod can tolerate
+                                        all taints of a particular category.
+                                      type: string
+                                    tolerationSeconds:
+                                      description: TolerationSeconds represents the
+                                        period of time the toleration (which must
+                                        be of effect NoExecute, otherwise this field
+                                        is ignored) tolerates the taint. By default,
+                                        it is not set, which means tolerate the taint
+                                        forever (do not evict). Zero and negative
+                                        values will be treated as 0 (evict immediately)
+                                        by the system.
+                                      format: int64
+                                      type: integer
+                                    value:
+                                      description: Value is the taint value the toleration
+                                        matches to. If the operator is Exists, the
+                                        value should be empty, otherwise just a regular
+                                        string.
+                                      type: string
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                    type: object
+                type: object
+              fipsMode:
+                description: 'FIPSMode uses images and features only that are using
+                  FIPS 140-2 validated cryptographic modules and standards. Default:
+                  Disabled'
+                enum:
+                - Enabled
+                - Disabled
+                type: string
+              flexVolumePath:
+                description: FlexVolumePath optionally specifies a custom path for
+                  FlexVolume. If not specified, FlexVolume will be enabled by default.
+                  If set to 'None', FlexVolume will be disabled. The default is based
+                  on the kubernetesProvider.
+                type: string
+              imagePath:
+                description: "ImagePath allows for the path part of an image to be
+                  specified. If specified then the specified value will be used as
+                  the image path for each image. If not specified or empty, the default
+                  for each image will be used. A special case value, UseDefault, is
+                  supported to explicitly specify the default image path will be used
+                  for each image. \n Image format: `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
+                  \n This option allows configuring the `<imagePath>` portion of the
+                  above format."
+                type: string
+              imagePrefix:
+                description: "ImagePrefix allows for the prefix part of an image to
+                  be specified. If specified then the given value will be used as
+                  a prefix on each image. If not specified or empty, no prefix will
+                  be used. A special case value, UseDefault, is supported to explicitly
+                  specify the default image prefix will be used for each image. \n
+                  Image format: `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
+                  \n This option allows configuring the `<imagePrefix>` portion of
+                  the above format."
+                type: string
+              imagePullSecrets:
+                description: ImagePullSecrets is an array of references to container
+                  registry pull secrets to use. These are applied to all images to
+                  be pulled.
+                items:
+                  description: LocalObjectReference contains enough information to
+                    let you locate the referenced object inside the same namespace.
+                  properties:
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?'
+                      type: string
+                  type: object
+                  x-kubernetes-map-type: atomic
+                type: array
+              kubeletVolumePluginPath:
+                description: 'KubeletVolumePluginPath optionally specifies enablement
+                  of Calico CSI plugin. If not specified, CSI will be enabled by default.
+                  If set to ''None'', CSI will be disabled. Default: /var/lib/kubelet'
+                type: string
+              kubernetesProvider:
+                description: KubernetesProvider specifies a particular provider of
+                  the Kubernetes platform and enables provider-specific configuration.
+                  If the specified value is empty, the Operator will attempt to automatically
+                  determine the current provider. If the specified value is not empty,
+                  the Operator will still attempt auto-detection, but will additionally
+                  compare the auto-detected value to the specified value to confirm
+                  they match.
+                enum:
+                - ""
+                - EKS
+                - GKE
+                - AKS
+                - OpenShift
+                - DockerEnterprise
+                - RKE2
+                type: string
+              logging:
+                description: Logging Configuration for Components
+                properties:
+                  cni:
+                    description: Customized logging specification for calico-cni plugin
+                    properties:
+                      logFileMaxAgeDays:
+                        description: 'Default: 30 (days)'
+                        format: int32
+                        type: integer
+                      logFileMaxCount:
+                        description: 'Default: 10'
+                        format: int32
+                        type: integer
+                      logFileMaxSize:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'Default: 100Mi'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      logSeverity:
+                        description: 'Default: Info'
+                        enum:
+                        - Error
+                        - Warning
+                        - Debug
+                        - Info
+                        type: string
+                    type: object
+                type: object
+              nodeMetricsPort:
+                description: NodeMetricsPort specifies which port calico/node serves
+                  prometheus metrics on. By default, metrics are not enabled. If specified,
+                  this overrides any FelixConfiguration resources which may exist.
+                  If omitted, then prometheus metrics may still be configured through
+                  FelixConfiguration.
+                format: int32
+                type: integer
+              nodeUpdateStrategy:
+                description: NodeUpdateStrategy can be used to customize the desired
+                  update strategy, such as the MaxUnavailable field.
+                properties:
+                  rollingUpdate:
+                    description: 'Rolling update config params. Present only if type
+                      = "RollingUpdate". --- TODO: Update this to follow our convention
+                      for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`.
+                      See https://github.com/kubernetes/kubernetes/issues/35345'
+                    properties:
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of nodes with an existing
+                          available DaemonSet pod that can have an updated DaemonSet
+                          pod during during an update. Value can be an absolute number
+                          (ex: 5) or a percentage of desired pods (ex: 10%). This
+                          can not be 0 if MaxUnavailable is 0. Absolute number is
+                          calculated from percentage by rounding up to a minimum of
+                          1. Default value is 0. Example: when this is set to 30%,
+                          at most 30% of the total number of nodes that should be
+                          running the daemon pod (i.e. status.desiredNumberScheduled)
+                          can have their a new pod created before the old pod is marked
+                          as deleted. The update starts by launching new pods on 30%
+                          of nodes. Once an updated pod is available (Ready for at
+                          least minReadySeconds) the old DaemonSet pod on that node
+                          is marked deleted. If the old pod becomes unavailable for
+                          any reason (Ready transitions to false, is evicted, or is
+                          drained) an updated pod is immediatedly created on that
+                          node without considering surge limits. Allowing surge implies
+                          the possibility that the resources consumed by the daemonset
+                          on any given node can double if the readiness check fails,
+                          and so resource intensive daemonsets should take into account
+                          that they may cause evictions during disruption.'
+                        x-kubernetes-int-or-string: true
+                      maxUnavailable:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of DaemonSet pods that can
+                          be unavailable during the update. Value can be an absolute
+                          number (ex: 5) or a percentage of total number of DaemonSet
+                          pods at the start of the update (ex: 10%). Absolute number
+                          is calculated from percentage by rounding up. This cannot
+                          be 0 if MaxSurge is 0 Default value is 1. Example: when
+                          this is set to 30%, at most 30% of the total number of nodes
+                          that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+                          can have their pods stopped for an update at any given time.
+                          The update starts by stopping at most 30% of those DaemonSet
+                          pods and then brings up new DaemonSet pods in their place.
+                          Once the new pods are available, it then proceeds onto other
+                          DaemonSet pods, thus ensuring that at least 70% of original
+                          number of DaemonSet pods are available at all times during
+                          the update.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of daemon set update. Can be "RollingUpdate"
+                      or "OnDelete". Default is RollingUpdate.
+                    type: string
+                type: object
+              nonPrivileged:
+                description: NonPrivileged configures Calico to be run in non-privileged
+                  containers as non-root users where possible.
+                type: string
+              registry:
+                description: "Registry is the default Docker registry used for component
+                  Docker images. If specified then the given value must end with a
+                  slash character (`/`) and all images will be pulled from this registry.
+                  If not specified then the default registries will be used. A special
+                  case value, UseDefault, is supported to explicitly specify the default
+                  registries will be used. \n Image format: `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
+                  \n This option allows configuring the `<registry>` portion of the
+                  above format."
+                type: string
+              serviceCIDRs:
+                description: Kubernetes Service CIDRs. Specifying this is required
+                  when using Calico for Windows.
+                items:
+                  type: string
+                type: array
+              typhaAffinity:
+                description: Deprecated. Please use Installation.Spec.TyphaDeployment
+                  instead. TyphaAffinity allows configuration of node affinity characteristics
+                  for Typha pods.
+                properties:
+                  nodeAffinity:
+                    description: NodeAffinity describes node affinity scheduling rules
+                      for typha.
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        description: The scheduler will prefer to schedule pods to
+                          nodes that satisfy the affinity expressions specified by
+                          this field, but it may choose a node that violates one or
+                          more of the expressions.
+                        items:
+                          description: An empty preferred scheduling term matches
+                            all objects with implicit weight 0 (i.e. it's a no-op).
+                            A null preferred scheduling term matches no objects (i.e.
+                            is also a no-op).
+                          properties:
+                            preference:
+                              description: A node selector term, associated with the
+                                corresponding weight.
+                              properties:
+                                matchExpressions:
+                                  description: A list of node selector requirements
+                                    by node's labels.
+                                  items:
+                                    description: A node selector requirement is a
+                                      selector that contains values, a key, and an
+                                      operator that relates the key and values.
+                                    properties:
+                                      key:
+                                        description: The label key that the selector
+                                          applies to.
+                                        type: string
+                                      operator:
+                                        description: Represents a key's relationship
+                                          to a set of values. Valid operators are
+                                          In, NotIn, Exists, DoesNotExist. Gt, and
+                                          Lt.
+                                        type: string
+                                      values:
+                                        description: An array of string values. If
+                                          the operator is In or NotIn, the values
+                                          array must be non-empty. If the operator
+                                          is Exists or DoesNotExist, the values array
+                                          must be empty. If the operator is Gt or
+                                          Lt, the values array must have a single
+                                          element, which will be interpreted as an
+                                          integer. This array is replaced during a
+                                          strategic merge patch.
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  description: A list of node selector requirements
+                                    by node's fields.
+                                  items:
+                                    description: A node selector requirement is a
+                                      selector that contains values, a key, and an
+                                      operator that relates the key and values.
+                                    properties:
+                                      key:
+                                        description: The label key that the selector
+                                          applies to.
+                                        type: string
+                                      operator:
+                                        description: Represents a key's relationship
+                                          to a set of values. Valid operators are
+                                          In, NotIn, Exists, DoesNotExist. Gt, and
+                                          Lt.
+                                        type: string
+                                      values:
+                                        description: An array of string values. If
+                                          the operator is In or NotIn, the values
+                                          array must be non-empty. If the operator
+                                          is Exists or DoesNotExist, the values array
+                                          must be empty. If the operator is Gt or
+                                          Lt, the values array must have a single
+                                          element, which will be interpreted as an
+                                          integer. This array is replaced during a
+                                          strategic merge patch.
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            weight:
+                              description: Weight associated with matching the corresponding
+                                nodeSelectorTerm, in the range 1-100.
+                              format: int32
+                              type: integer
+                          required:
+                          - preference
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        description: 'WARNING: Please note that if the affinity requirements
+                          specified by this field are not met at scheduling time,
+                          the pod will NOT be scheduled onto the node. There is no
+                          fallback to another affinity rules with this setting. This
+                          may cause networking disruption or even catastrophic failure!
+                          PreferredDuringSchedulingIgnoredDuringExecution should be
+                          used for affinity unless there is a specific well understood
+                          reason to use RequiredDuringSchedulingIgnoredDuringExecution
+                          and you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution
+                          will always have sufficient nodes to satisfy the requirement.
+                          NOTE: RequiredDuringSchedulingIgnoredDuringExecution is
+                          set by default for AKS nodes, to avoid scheduling Typhas
+                          on virtual-nodes. If the affinity requirements specified
+                          by this field cease to be met at some point during pod execution
+                          (e.g. due to an update), the system may or may not try to
+                          eventually evict the pod from its node.'
+                        properties:
+                          nodeSelectorTerms:
+                            description: Required. A list of node selector terms.
+                              The terms are ORed.
+                            items:
+                              description: A null or empty node selector term matches
+                                no objects. The requirements of them are ANDed. The
+                                TopologySelectorTerm type implements a subset of the
+                                NodeSelectorTerm.
+                              properties:
+                                matchExpressions:
+                                  description: A list of node selector requirements
+                                    by node's labels.
+                                  items:
+                                    description: A node selector requirement is a
+                                      selector that contains values, a key, and an
+                                      operator that relates the key and values.
+                                    properties:
+                                      key:
+                                        description: The label key that the selector
+                                          applies to.
+                                        type: string
+                                      operator:
+                                        description: Represents a key's relationship
+                                          to a set of values. Valid operators are
+                                          In, NotIn, Exists, DoesNotExist. Gt, and
+                                          Lt.
+                                        type: string
+                                      values:
+                                        description: An array of string values. If
+                                          the operator is In or NotIn, the values
+                                          array must be non-empty. If the operator
+                                          is Exists or DoesNotExist, the values array
+                                          must be empty. If the operator is Gt or
+                                          Lt, the values array must have a single
+                                          element, which will be interpreted as an
+                                          integer. This array is replaced during a
+                                          strategic merge patch.
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  description: A list of node selector requirements
+                                    by node's fields.
+                                  items:
+                                    description: A node selector requirement is a
+                                      selector that contains values, a key, and an
+                                      operator that relates the key and values.
+                                    properties:
+                                      key:
+                                        description: The label key that the selector
+                                          applies to.
+                                        type: string
+                                      operator:
+                                        description: Represents a key's relationship
+                                          to a set of values. Valid operators are
+                                          In, NotIn, Exists, DoesNotExist. Gt, and
+                                          Lt.
+                                        type: string
+                                      values:
+                                        description: An array of string values. If
+                                          the operator is In or NotIn, the values
+                                          array must be non-empty. If the operator
+                                          is Exists or DoesNotExist, the values array
+                                          must be empty. If the operator is Gt or
+                                          Lt, the values array must have a single
+                                          element, which will be interpreted as an
+                                          integer. This array is replaced during a
+                                          strategic merge patch.
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            type: array
+                        required:
+                        - nodeSelectorTerms
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
+                type: object
+              typhaDeployment:
+                description: TyphaDeployment configures the typha Deployment. If used
+                  in conjunction with the deprecated ComponentResources or TyphaAffinity,
+                  then these overrides take precedence.
+                properties:
+                  metadata:
+                    description: Metadata is a subset of a Kubernetes object's metadata
+                      that is added to the Deployment.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: Annotations is a map of arbitrary non-identifying
+                          metadata. Each of these key/value pairs are added to the
+                          object's annotations provided the key does not already exist
+                          in the object's annotations.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: Labels is a map of string keys and values that
+                          may match replicaset and service selectors. Each of these
+                          key/value pairs are added to the object's labels provided
+                          the key does not already exist in the object's labels.
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the typha Deployment.
+                    properties:
+                      minReadySeconds:
+                        description: MinReadySeconds is the minimum number of seconds
+                          for which a newly created Deployment pod should be ready
+                          without any of its container crashing, for it to be considered
+                          available. If specified, this overrides any minReadySeconds
+                          value that may be set on the typha Deployment. If omitted,
+                          the typha Deployment will use its default value for minReadySeconds.
+                        format: int32
+                        maximum: 2147483647
+                        minimum: 0
+                        type: integer
+                      strategy:
+                        description: The deployment strategy to use to replace existing
+                          pods with new ones.
+                        properties:
+                          rollingUpdate:
+                            description: Rolling update config params. Present only
+                              if DeploymentStrategyType = RollingUpdate. to be.
+                            properties:
+                              maxSurge:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                description: 'The maximum number of pods that can
+                                  be scheduled above the desired number of pods. Value
+                                  can be an absolute number (ex: 5) or a percentage
+                                  of desired pods (ex: 10%). This can not be 0 if
+                                  MaxUnavailable is 0. Absolute number is calculated
+                                  from percentage by rounding up. Defaults to 25%.
+                                  Example: when this is set to 30%, the new ReplicaSet
+                                  can be scaled up immediately when the rolling update
+                                  starts, such that the total number of old and new
+                                  pods do not exceed 130% of desired pods. Once old
+                                  pods have been killed, new ReplicaSet can be scaled
+                                  up further, ensuring that total number of pods running
+                                  at any time during the update is at most 130% of
+                                  desired pods.'
+                                x-kubernetes-int-or-string: true
+                              maxUnavailable:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                description: 'The maximum number of pods that can
+                                  be unavailable during the update. Value can be an
+                                  absolute number (ex: 5) or a percentage of desired
+                                  pods (ex: 10%). Absolute number is calculated from
+                                  percentage by rounding down. This can not be 0 if
+                                  MaxSurge is 0. Defaults to 25%. Example: when this
+                                  is set to 30%, the old ReplicaSet can be scaled
+                                  down to 70% of desired pods immediately when the
+                                  rolling update starts. Once new pods are ready,
+                                  old ReplicaSet can be scaled down further, followed
+                                  by scaling up the new ReplicaSet, ensuring that
+                                  the total number of pods available at all times
+                                  during the update is at least 70% of desired pods.'
+                                x-kubernetes-int-or-string: true
+                            type: object
+                        type: object
+                      template:
+                        description: Template describes the typha Deployment pod that
+                          will be created.
+                        properties:
+                          metadata:
+                            description: Metadata is a subset of a Kubernetes object's
+                              metadata that is added to the pod's metadata.
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: Annotations is a map of arbitrary non-identifying
+                                  metadata. Each of these key/value pairs are added
+                                  to the object's annotations provided the key does
+                                  not already exist in the object's annotations.
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: Labels is a map of string keys and values
+                                  that may match replicaset and service selectors.
+                                  Each of these key/value pairs are added to the object's
+                                  labels provided the key does not already exist in
+                                  the object's labels.
+                                type: object
+                            type: object
+                          spec:
+                            description: Spec is the typha Deployment's PodSpec.
+                            properties:
+                              affinity:
+                                description: 'Affinity is a group of affinity scheduling
+                                  rules for the typha pods. If specified, this overrides
+                                  any affinity that may be set on the typha Deployment.
+                                  If omitted, the typha Deployment will use its default
+                                  value for affinity. If used in conjunction with
+                                  the deprecated TyphaAffinity, then this value takes
+                                  precedence. WARNING: Please note that this field
+                                  will override the default calico-typha Deployment
+                                  affinity.'
+                                properties:
+                                  nodeAffinity:
+                                    description: Describes node affinity scheduling
+                                      rules for the pod.
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node matches the corresponding matchExpressions;
+                                          the node(s) with the highest sum are the
+                                          most preferred.
+                                        items:
+                                          description: An empty preferred scheduling
+                                            term matches all objects with implicit
+                                            weight 0 (i.e. it's a no-op). A null preferred
+                                            scheduling term matches no objects (i.e.
+                                            is also a no-op).
+                                          properties:
+                                            preference:
+                                              description: A node selector term, associated
+                                                with the corresponding weight.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            weight:
+                                              description: Weight associated with
+                                                matching the corresponding nodeSelectorTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - preference
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to an update),
+                                          the system may or may not try to eventually
+                                          evict the pod from its node.
+                                        properties:
+                                          nodeSelectorTerms:
+                                            description: Required. A list of node
+                                              selector terms. The terms are ORed.
+                                            items:
+                                              description: A null or empty node selector
+                                                term matches no objects. The requirements
+                                                of them are ANDed. The TopologySelectorTerm
+                                                type implements a subset of the NodeSelectorTerm.
+                                              properties:
+                                                matchExpressions:
+                                                  description: A list of node selector
+                                                    requirements by node's labels.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchFields:
+                                                  description: A list of node selector
+                                                    requirements by node's fields.
+                                                  items:
+                                                    description: A node selector requirement
+                                                      is a selector that contains
+                                                      values, a key, and an operator
+                                                      that relates the key and values.
+                                                    properties:
+                                                      key:
+                                                        description: The label key
+                                                          that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: Represents a
+                                                          key's relationship to a
+                                                          set of values. Valid operators
+                                                          are In, NotIn, Exists, DoesNotExist.
+                                                          Gt, and Lt.
+                                                        type: string
+                                                      values:
+                                                        description: An array of string
+                                                          values. If the operator
+                                                          is In or NotIn, the values
+                                                          array must be non-empty.
+                                                          If the operator is Exists
+                                                          or DoesNotExist, the values
+                                                          array must be empty. If
+                                                          the operator is Gt or Lt,
+                                                          the values array must have
+                                                          a single element, which
+                                                          will be interpreted as an
+                                                          integer. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            type: array
+                                        required:
+                                        - nodeSelectorTerms
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                  podAffinity:
+                                    description: Describes pod affinity scheduling
+                                      rules (e.g. co-locate this pod in the same node,
+                                      zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          affinity expressions specified by this field,
+                                          but it may choose a node that violates one
+                                          or more of the expressions. The node that
+                                          is most preferred is the one with the greatest
+                                          sum of weights, i.e. for each node that
+                                          meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          affinity expressions, etc.), compute a sum
+                                          by iterating through the elements of this
+                                          field and adding "weight" to the sum if
+                                          the node has pods which matches the corresponding
+                                          podAffinityTerm; the node(s) with the highest
+                                          sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the affinity requirements specified
+                                          by this field cease to be met at some point
+                                          during pod execution (e.g. due to a pod
+                                          label update), the system may or may not
+                                          try to eventually evict the pod from its
+                                          node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                  podAntiAffinity:
+                                    description: Describes pod anti-affinity scheduling
+                                      rules (e.g. avoid putting this pod in the same
+                                      node, zone, etc. as some other pod(s)).
+                                    properties:
+                                      preferredDuringSchedulingIgnoredDuringExecution:
+                                        description: The scheduler will prefer to
+                                          schedule pods to nodes that satisfy the
+                                          anti-affinity expressions specified by this
+                                          field, but it may choose a node that violates
+                                          one or more of the expressions. The node
+                                          that is most preferred is the one with the
+                                          greatest sum of weights, i.e. for each node
+                                          that meets all of the scheduling requirements
+                                          (resource request, requiredDuringScheduling
+                                          anti-affinity expressions, etc.), compute
+                                          a sum by iterating through the elements
+                                          of this field and adding "weight" to the
+                                          sum if the node has pods which matches the
+                                          corresponding podAffinityTerm; the node(s)
+                                          with the highest sum are the most preferred.
+                                        items:
+                                          description: The weights of all of the matched
+                                            WeightedPodAffinityTerm fields are added
+                                            per-node to find the most preferred node(s)
+                                          properties:
+                                            podAffinityTerm:
+                                              description: Required. A pod affinity
+                                                term, associated with the corresponding
+                                                weight.
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            weight:
+                                              description: weight associated with
+                                                matching the corresponding podAffinityTerm,
+                                                in the range 1-100.
+                                              format: int32
+                                              type: integer
+                                          required:
+                                          - podAffinityTerm
+                                          - weight
+                                          type: object
+                                        type: array
+                                      requiredDuringSchedulingIgnoredDuringExecution:
+                                        description: If the anti-affinity requirements
+                                          specified by this field are not met at scheduling
+                                          time, the pod will not be scheduled onto
+                                          the node. If the anti-affinity requirements
+                                          specified by this field cease to be met
+                                          at some point during pod execution (e.g.
+                                          due to a pod label update), the system may
+                                          or may not try to eventually evict the pod
+                                          from its node. When there are multiple elements,
+                                          the lists of nodes corresponding to each
+                                          podAffinityTerm are intersected, i.e. all
+                                          terms must be satisfied.
+                                        items:
+                                          description: Defines a set of pods (namely
+                                            those matching the labelSelector relative
+                                            to the given namespace(s)) that this pod
+                                            should be co-located (affinity) or not
+                                            co-located (anti-affinity) with, where
+                                            co-located is defined as running on a
+                                            node whose value of the label with key
+                                            <topologyKey> matches that of any node
+                                            on which a pod of the set of pods is running
+                                          properties:
+                                            labelSelector:
+                                              description: A label query over a set
+                                                of resources, in this case pods.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaceSelector:
+                                              description: A label query over the
+                                                set of namespaces that the term applies
+                                                to. The term is applied to the union
+                                                of the namespaces selected by this
+                                                field and the ones listed in the namespaces
+                                                field. null selector and null or empty
+                                                namespaces list means "this pod's
+                                                namespace". An empty selector ({})
+                                                matches all namespaces.
+                                              properties:
+                                                matchExpressions:
+                                                  description: matchExpressions is
+                                                    a list of label selector requirements.
+                                                    The requirements are ANDed.
+                                                  items:
+                                                    description: A label selector
+                                                      requirement is a selector that
+                                                      contains values, a key, and
+                                                      an operator that relates the
+                                                      key and values.
+                                                    properties:
+                                                      key:
+                                                        description: key is the label
+                                                          key that the selector applies
+                                                          to.
+                                                        type: string
+                                                      operator:
+                                                        description: operator represents
+                                                          a key's relationship to
+                                                          a set of values. Valid operators
+                                                          are In, NotIn, Exists and
+                                                          DoesNotExist.
+                                                        type: string
+                                                      values:
+                                                        description: values is an
+                                                          array of string values.
+                                                          If the operator is In or
+                                                          NotIn, the values array
+                                                          must be non-empty. If the
+                                                          operator is Exists or DoesNotExist,
+                                                          the values array must be
+                                                          empty. This array is replaced
+                                                          during a strategic merge
+                                                          patch.
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                    required:
+                                                    - key
+                                                    - operator
+                                                    type: object
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    type: string
+                                                  description: matchLabels is a map
+                                                    of {key,value} pairs. A single
+                                                    {key,value} in the matchLabels
+                                                    map is equivalent to an element
+                                                    of matchExpressions, whose key
+                                                    field is "key", the operator is
+                                                    "In", and the values array contains
+                                                    only "value". The requirements
+                                                    are ANDed.
+                                                  type: object
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            namespaces:
+                                              description: namespaces specifies a
+                                                static list of namespace names that
+                                                the term applies to. The term is applied
+                                                to the union of the namespaces listed
+                                                in this field and the ones selected
+                                                by namespaceSelector. null or empty
+                                                namespaces list and null namespaceSelector
+                                                means "this pod's namespace".
+                                              items:
+                                                type: string
+                                              type: array
+                                            topologyKey:
+                                              description: This pod should be co-located
+                                                (affinity) or not co-located (anti-affinity)
+                                                with the pods matching the labelSelector
+                                                in the specified namespaces, where
+                                                co-located is defined as running on
+                                                a node whose value of the label with
+                                                key topologyKey matches that of any
+                                                node on which any of the selected
+                                                pods is running. Empty topologyKey
+                                                is not allowed.
+                                              type: string
+                                          required:
+                                          - topologyKey
+                                          type: object
+                                        type: array
+                                    type: object
+                                type: object
+                              containers:
+                                description: Containers is a list of typha containers.
+                                  If specified, this overrides the specified typha
+                                  Deployment containers. If omitted, the typha Deployment
+                                  will use its default values for its containers.
+                                items:
+                                  description: TyphaDeploymentContainer is a typha
+                                    Deployment container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the typha Deployment container by name.
+                                      enum:
+                                      - calico-typha
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named typha Deployment container's
+                                        resources. If omitted, the typha Deployment
+                                        will use its default value for this container's
+                                        resources. If used in conjunction with the
+                                        deprecated ComponentResources, then this value
+                                        takes precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              initContainers:
+                                description: InitContainers is a list of typha init
+                                  containers. If specified, this overrides the specified
+                                  typha Deployment init containers. If omitted, the
+                                  typha Deployment will use its default values for
+                                  its init containers.
+                                items:
+                                  description: TyphaDeploymentInitContainer is a typha
+                                    Deployment init container.
+                                  properties:
+                                    name:
+                                      description: Name is an enum which identifies
+                                        the typha Deployment init container by name.
+                                      enum:
+                                      - typha-certs-key-cert-provisioner
+                                      type: string
+                                    resources:
+                                      description: Resources allows customization
+                                        of limits and requests for compute resources
+                                        such as cpu and memory. If specified, this
+                                        overrides the named typha Deployment init
+                                        container's resources. If omitted, the typha
+                                        Deployment will use its default value for
+                                        this init container's resources. If used in
+                                        conjunction with the deprecated ComponentResources,
+                                        then this value takes precedence.
+                                      properties:
+                                        claims:
+                                          description: "Claims lists the names of
+                                            resources, defined in spec.resourceClaims,
+                                            that are used by this container. \n This
+                                            is an alpha field and requires enabling
+                                            the DynamicResourceAllocation feature
+                                            gate. \n This field is immutable. It can
+                                            only be set for containers."
+                                          items:
+                                            description: ResourceClaim references
+                                              one entry in PodSpec.ResourceClaims.
+                                            properties:
+                                              name:
+                                                description: Name must match the name
+                                                  of one entry in pod.spec.resourceClaims
+                                                  of the Pod where this field is used.
+                                                  It makes that resource available
+                                                  inside a container.
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Limits describes the maximum
+                                            amount of compute resources allowed. More
+                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          description: 'Requests describes the minimum
+                                            amount of compute resources required.
+                                            If Requests is omitted for a container,
+                                            it defaults to Limits if that is explicitly
+                                            specified, otherwise to an implementation-defined
+                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                          type: object
+                                      type: object
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                              nodeSelector:
+                                additionalProperties:
+                                  type: string
+                                description: 'NodeSelector is the calico-typha pod''s
+                                  scheduling constraints. If specified, each of the
+                                  key/value pairs are added to the calico-typha Deployment
+                                  nodeSelector provided the key does not already exist
+                                  in the object''s nodeSelector. If omitted, the calico-typha
+                                  Deployment will use its default value for nodeSelector.
+                                  WARNING: Please note that this field will modify
+                                  the default calico-typha Deployment nodeSelector.'
+                                type: object
+                              terminationGracePeriodSeconds:
+                                description: Optional duration in seconds the pod
+                                  needs to terminate gracefully. May be decreased
+                                  in delete request. Value must be non-negative integer.
+                                  The value zero indicates stop immediately via the
+                                  kill signal (no opportunity to shut down). If this
+                                  value is nil, the default grace period will be used
+                                  instead. The grace period is the duration in seconds
+                                  after the processes running in the pod are sent
+                                  a termination signal and the time when the processes
+                                  are forcibly halted with a kill signal. Set this
+                                  value longer than the expected cleanup time for
+                                  your process. Defaults to 30 seconds.
+                                format: int64
+                                type: integer
+                              tolerations:
+                                description: 'Tolerations is the typha pod''s tolerations.
+                                  If specified, this overrides any tolerations that
+                                  may be set on the typha Deployment. If omitted,
+                                  the typha Deployment will use its default value
+                                  for tolerations. WARNING: Please note that this
+                                  field will override the default calico-typha Deployment
+                                  tolerations.'
+                                items:
+                                  description: The pod this Toleration is attached
+                                    to tolerates any taint that matches the triple
+                                    <key,value,effect> using the matching operator
+                                    <operator>.
+                                  properties:
+                                    effect:
+                                      description: Effect indicates the taint effect
+                                        to match. Empty means match all taint effects.
+                                        When specified, allowed values are NoSchedule,
+                                        PreferNoSchedule and NoExecute.
+                                      type: string
+                                    key:
+                                      description: Key is the taint key that the toleration
+                                        applies to. Empty means match all taint keys.
+                                        If the key is empty, operator must be Exists;
+                                        this combination means to match all values
+                                        and all keys.
+                                      type: string
+                                    operator:
+                                      description: Operator represents a key's relationship
+                                        to the value. Valid operators are Exists and
+                                        Equal. Defaults to Equal. Exists is equivalent
+                                        to wildcard for value, so that a pod can tolerate
+                                        all taints of a particular category.
+                                      type: string
+                                    tolerationSeconds:
+                                      description: TolerationSeconds represents the
+                                        period of time the toleration (which must
+                                        be of effect NoExecute, otherwise this field
+                                        is ignored) tolerates the taint. By default,
+                                        it is not set, which means tolerate the taint
+                                        forever (do not evict). Zero and negative
+                                        values will be treated as 0 (evict immediately)
+                                        by the system.
+                                      format: int64
+                                      type: integer
+                                    value:
+                                      description: Value is the taint value the toleration
+                                        matches to. If the operator is Exists, the
+                                        value should be empty, otherwise just a regular
+                                        string.
+                                      type: string
+                                  type: object
+                                type: array
+                              topologySpreadConstraints:
+                                description: TopologySpreadConstraints describes how
+                                  a group of pods ought to spread across topology
+                                  domains. Scheduler will schedule pods in a way which
+                                  abides by the constraints. All topologySpreadConstraints
+                                  are ANDed.
+                                items:
+                                  description: TopologySpreadConstraint specifies
+                                    how to spread matching pods among the given topology.
+                                  properties:
+                                    labelSelector:
+                                      description: LabelSelector is used to find matching
+                                        pods. Pods that match this label selector
+                                        are counted to determine the number of pods
+                                        in their corresponding topology domain.
+                                      properties:
+                                        matchExpressions:
+                                          description: matchExpressions is a list
+                                            of label selector requirements. The requirements
+                                            are ANDed.
+                                          items:
+                                            description: A label selector requirement
+                                              is a selector that contains values,
+                                              a key, and an operator that relates
+                                              the key and values.
+                                            properties:
+                                              key:
+                                                description: key is the label key
+                                                  that the selector applies to.
+                                                type: string
+                                              operator:
+                                                description: operator represents a
+                                                  key's relationship to a set of values.
+                                                  Valid operators are In, NotIn, Exists
+                                                  and DoesNotExist.
+                                                type: string
+                                              values:
+                                                description: values is an array of
+                                                  string values. If the operator is
+                                                  In or NotIn, the values array must
+                                                  be non-empty. If the operator is
+                                                  Exists or DoesNotExist, the values
+                                                  array must be empty. This array
+                                                  is replaced during a strategic merge
+                                                  patch.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          description: matchLabels is a map of {key,value}
+                                            pairs. A single {key,value} in the matchLabels
+                                            map is equivalent to an element of matchExpressions,
+                                            whose key field is "key", the operator
+                                            is "In", and the values array contains
+                                            only "value". The requirements are ANDed.
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      description: MatchLabelKeys is a set of pod
+                                        label keys to select the pods over which spreading
+                                        will be calculated. The keys are used to lookup
+                                        values from the incoming pod labels, those
+                                        key-value labels are ANDed with labelSelector
+                                        to select the group of existing pods over
+                                        which spreading will be calculated for the
+                                        incoming pod. Keys that don't exist in the
+                                        incoming pod labels will be ignored. A null
+                                        or empty list means only match against labelSelector.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    maxSkew:
+                                      description: 'MaxSkew describes the degree to
+                                        which pods may be unevenly distributed. When
+                                        `whenUnsatisfiable=DoNotSchedule`, it is the
+                                        maximum permitted difference between the number
+                                        of matching pods in the target topology and
+                                        the global minimum. The global minimum is
+                                        the minimum number of matching pods in an
+                                        eligible domain or zero if the number of eligible
+                                        domains is less than MinDomains. For example,
+                                        in a 3-zone cluster, MaxSkew is set to 1,
+                                        and pods with the same labelSelector spread
+                                        as 2/2/1: In this case, the global minimum
+                                        is 1. | zone1 | zone2 | zone3 | |  P P  |  P
+                                        P  |   P   | - if MaxSkew is 1, incoming pod
+                                        can only be scheduled to zone3 to become 2/2/2;
+                                        scheduling it onto zone1(zone2) would make
+                                        the ActualSkew(3-1) on zone1(zone2) violate
+                                        MaxSkew(1). - if MaxSkew is 2, incoming pod
+                                        can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+                                        it is used to give higher precedence to topologies
+                                        that satisfy it. It''s a required field. Default
+                                        value is 1 and 0 is not allowed.'
+                                      format: int32
+                                      type: integer
+                                    minDomains:
+                                      description: "MinDomains indicates a minimum
+                                        number of eligible domains. When the number
+                                        of eligible domains with matching topology
+                                        keys is less than minDomains, Pod Topology
+                                        Spread treats \"global minimum\" as 0, and
+                                        then the calculation of Skew is performed.
+                                        And when the number of eligible domains with
+                                        matching topology keys equals or greater than
+                                        minDomains, this value has no effect on scheduling.
+                                        As a result, when the number of eligible domains
+                                        is less than minDomains, scheduler won't schedule
+                                        more than maxSkew Pods to those domains. If
+                                        value is nil, the constraint behaves as if
+                                        MinDomains is equal to 1. Valid values are
+                                        integers greater than 0. When value is not
+                                        nil, WhenUnsatisfiable must be DoNotSchedule.
+                                        \n For example, in a 3-zone cluster, MaxSkew
+                                        is set to 2, MinDomains is set to 5 and pods
+                                        with the same labelSelector spread as 2/2/2:
+                                        | zone1 | zone2 | zone3 | |  P P  |  P P  |
+                                        \ P P  | The number of domains is less than
+                                        5(MinDomains), so \"global minimum\" is treated
+                                        as 0. In this situation, new pod with the
+                                        same labelSelector cannot be scheduled, because
+                                        computed skew will be 3(3 - 0) if new Pod
+                                        is scheduled to any of the three zones, it
+                                        will violate MaxSkew. \n This is a beta field
+                                        and requires the MinDomainsInPodTopologySpread
+                                        feature gate to be enabled (enabled by default)."
+                                      format: int32
+                                      type: integer
+                                    nodeAffinityPolicy:
+                                      description: "NodeAffinityPolicy indicates how
+                                        we will treat Pod's nodeAffinity/nodeSelector
+                                        when calculating pod topology spread skew.
+                                        Options are: - Honor: only nodes matching
+                                        nodeAffinity/nodeSelector are included in
+                                        the calculations. - Ignore: nodeAffinity/nodeSelector
+                                        are ignored. All nodes are included in the
+                                        calculations. \n If this value is nil, the
+                                        behavior is equivalent to the Honor policy.
+                                        This is a beta-level feature default enabled
+                                        by the NodeInclusionPolicyInPodTopologySpread
+                                        feature flag."
+                                      type: string
+                                    nodeTaintsPolicy:
+                                      description: "NodeTaintsPolicy indicates how
+                                        we will treat node taints when calculating
+                                        pod topology spread skew. Options are: - Honor:
+                                        nodes without taints, along with tainted nodes
+                                        for which the incoming pod has a toleration,
+                                        are included. - Ignore: node taints are ignored.
+                                        All nodes are included. \n If this value is
+                                        nil, the behavior is equivalent to the Ignore
+                                        policy. This is a beta-level feature default
+                                        enabled by the NodeInclusionPolicyInPodTopologySpread
+                                        feature flag."
+                                      type: string
+                                    topologyKey:
+                                      description: TopologyKey is the key of node
+                                        labels. Nodes that have a label with this
+                                        key and identical values are considered to
+                                        be in the same topology. We consider each
+                                        <key, value> as a "bucket", and try to put
+                                        balanced number of pods into each bucket.
+                                        We define a domain as a particular instance
+                                        of a topology. Also, we define an eligible
+                                        domain as a domain whose nodes meet the requirements
+                                        of nodeAffinityPolicy and nodeTaintsPolicy.
+                                        e.g. If TopologyKey is "kubernetes.io/hostname",
+                                        each Node is a domain of that topology. And,
+                                        if TopologyKey is "topology.kubernetes.io/zone",
+                                        each zone is a domain of that topology. It's
+                                        a required field.
+                                      type: string
+                                    whenUnsatisfiable:
+                                      description: 'WhenUnsatisfiable indicates how
+                                        to deal with a pod if it doesn''t satisfy
+                                        the spread constraint. - DoNotSchedule (default)
+                                        tells the scheduler not to schedule it. -
+                                        ScheduleAnyway tells the scheduler to schedule
+                                        the pod in any location, but giving higher
+                                        precedence to topologies that would help reduce
+                                        the skew. A constraint is considered "Unsatisfiable"
+                                        for an incoming pod if and only if every possible
+                                        node assignment for that pod would violate
+                                        "MaxSkew" on some topology. For example, in
+                                        a 3-zone cluster, MaxSkew is set to 1, and
+                                        pods with the same labelSelector spread as
+                                        3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
+                                        If WhenUnsatisfiable is set to DoNotSchedule,
+                                        incoming pod can only be scheduled to zone2(zone3)
+                                        to become 3/2/1(3/1/2) as ActualSkew(2-1)
+                                        on zone2(zone3) satisfies MaxSkew(1). In other
+                                        words, the cluster can still be imbalanced,
+                                        but scheduler won''t make it *more* imbalanced.
+                                        It''s a required field.'
+                                      type: string
+                                  required:
+                                  - maxSkew
+                                  - topologyKey
+                                  - whenUnsatisfiable
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                    type: object
+                type: object
+              typhaMetricsPort:
+                description: TyphaMetricsPort specifies which port calico/typha serves
+                  prometheus metrics on. By default, metrics are not enabled.
+                format: int32
+                type: integer
+              variant:
+                description: 'Variant is the product to install - one of Calico or
+                  TigeraSecureEnterprise Default: Calico'
+                enum:
+                - Calico
+                - TigeraSecureEnterprise
+                type: string
+              windowsNodes:
+                description: Windows Configuration
+                properties:
+                  cniBinDir:
+                    description: CNIBinDir is the path to the CNI binaries directory
+                      on Windows, it must match what is used as 'bin_dir' under [plugins]
+                      [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni]
+                      on the containerd 'config.toml' file on the Windows nodes.
+                    type: string
+                  cniConfigDir:
+                    description: CNIConfigDir is the path to the CNI configuration
+                      directory on Windows, it must match what is used as 'conf_dir'
+                      under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni]
+                      on the containerd 'config.toml' file on the Windows nodes.
+                    type: string
+                  cniLogDir:
+                    description: CNILogDir is the path to the Calico CNI logs directory
+                      on Windows.
+                    type: string
+                  vxlanAdapter:
+                    description: VXLANAdapter is the Network Adapter used for VXLAN,
+                      leave blank for primary NIC
+                    type: string
+                  vxlanMACPrefix:
+                    description: VXLANMACPrefix is the prefix used when generating
+                      MAC addresses for virtual NICs
+                    pattern: ^[0-9A-Fa-f]{2}-[0-9A-Fa-f]{2}$
+                    type: string
+                type: object
+            type: object
+          status:
+            description: Most recently observed state for the Calico or Calico Enterprise
+              installation.
+            properties:
+              calicoVersion:
+                description: CalicoVersion shows the current running version of calico.
+                  CalicoVersion along with Variant is needed to know the exact version
+                  deployed.
+                type: string
+              computed:
+                description: Computed is the final installation including overlaid
+                  resources.
+                properties:
+                  calicoKubeControllersDeployment:
+                    description: CalicoKubeControllersDeployment configures the calico-kube-controllers
+                      Deployment. If used in conjunction with the deprecated ComponentResources,
+                      then these overrides take precedence.
+                    properties:
+                      metadata:
+                        description: Metadata is a subset of a Kubernetes object's
+                          metadata that is added to the Deployment.
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: Annotations is a map of arbitrary non-identifying
+                              metadata. Each of these key/value pairs are added to
+                              the object's annotations provided the key does not already
+                              exist in the object's annotations.
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: Labels is a map of string keys and values
+                              that may match replicaset and service selectors. Each
+                              of these key/value pairs are added to the object's labels
+                              provided the key does not already exist in the object's
+                              labels.
+                            type: object
+                        type: object
+                      spec:
+                        description: Spec is the specification of the calico-kube-controllers
+                          Deployment.
+                        properties:
+                          minReadySeconds:
+                            description: MinReadySeconds is the minimum number of
+                              seconds for which a newly created Deployment pod should
+                              be ready without any of its container crashing, for
+                              it to be considered available. If specified, this overrides
+                              any minReadySeconds value that may be set on the calico-kube-controllers
+                              Deployment. If omitted, the calico-kube-controllers
+                              Deployment will use its default value for minReadySeconds.
+                            format: int32
+                            maximum: 2147483647
+                            minimum: 0
+                            type: integer
+                          template:
+                            description: Template describes the calico-kube-controllers
+                              Deployment pod that will be created.
+                            properties:
+                              metadata:
+                                description: Metadata is a subset of a Kubernetes
+                                  object's metadata that is added to the pod's metadata.
+                                properties:
+                                  annotations:
+                                    additionalProperties:
+                                      type: string
+                                    description: Annotations is a map of arbitrary
+                                      non-identifying metadata. Each of these key/value
+                                      pairs are added to the object's annotations
+                                      provided the key does not already exist in the
+                                      object's annotations.
+                                    type: object
+                                  labels:
+                                    additionalProperties:
+                                      type: string
+                                    description: Labels is a map of string keys and
+                                      values that may match replicaset and service
+                                      selectors. Each of these key/value pairs are
+                                      added to the object's labels provided the key
+                                      does not already exist in the object's labels.
+                                    type: object
+                                type: object
+                              spec:
+                                description: Spec is the calico-kube-controllers Deployment's
+                                  PodSpec.
+                                properties:
+                                  affinity:
+                                    description: 'Affinity is a group of affinity
+                                      scheduling rules for the calico-kube-controllers
+                                      pods. If specified, this overrides any affinity
+                                      that may be set on the calico-kube-controllers
+                                      Deployment. If omitted, the calico-kube-controllers
+                                      Deployment will use its default value for affinity.
+                                      WARNING: Please note that this field will override
+                                      the default calico-kube-controllers Deployment
+                                      affinity.'
+                                    properties:
+                                      nodeAffinity:
+                                        description: Describes node affinity scheduling
+                                          rules for the pod.
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node matches the corresponding
+                                              matchExpressions; the node(s) with the
+                                              highest sum are the most preferred.
+                                            items:
+                                              description: An empty preferred scheduling
+                                                term matches all objects with implicit
+                                                weight 0 (i.e. it's a no-op). A null
+                                                preferred scheduling term matches
+                                                no objects (i.e. is also a no-op).
+                                              properties:
+                                                preference:
+                                                  description: A node selector term,
+                                                    associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                weight:
+                                                  description: Weight associated with
+                                                    matching the corresponding nodeSelectorTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - preference
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to an update),
+                                              the system may or may not try to eventually
+                                              evict the pod from its node.
+                                            properties:
+                                              nodeSelectorTerms:
+                                                description: Required. A list of node
+                                                  selector terms. The terms are ORed.
+                                                items:
+                                                  description: A null or empty node
+                                                    selector term matches no objects.
+                                                    The requirements of them are ANDed.
+                                                    The TopologySelectorTerm type
+                                                    implements a subset of the NodeSelectorTerm.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                type: array
+                                            required:
+                                            - nodeSelectorTerms
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        type: object
+                                      podAffinity:
+                                        description: Describes pod affinity scheduling
+                                          rules (e.g. co-locate this pod in the same
+                                          node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                      podAntiAffinity:
+                                        description: Describes pod anti-affinity scheduling
+                                          rules (e.g. avoid putting this pod in the
+                                          same node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the anti-affinity expressions specified
+                                              by this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling anti-affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the anti-affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the anti-affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                    type: object
+                                  containers:
+                                    description: Containers is a list of calico-kube-controllers
+                                      containers. If specified, this overrides the
+                                      specified calico-kube-controllers Deployment
+                                      containers. If omitted, the calico-kube-controllers
+                                      Deployment will use its default values for its
+                                      containers.
+                                    items:
+                                      description: CalicoKubeControllersDeploymentContainer
+                                        is a calico-kube-controllers Deployment container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the calico-kube-controllers Deployment
+                                            container by name.
+                                          enum:
+                                          - calico-kube-controllers
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named calico-kube-controllers
+                                            Deployment container's resources. If omitted,
+                                            the calico-kube-controllers Deployment
+                                            will use its default value for this container's
+                                            resources. If used in conjunction with
+                                            the deprecated ComponentResources, then
+                                            this value takes precedence.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  nodeSelector:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'NodeSelector is the calico-kube-controllers
+                                      pod''s scheduling constraints. If specified,
+                                      each of the key/value pairs are added to the
+                                      calico-kube-controllers Deployment nodeSelector
+                                      provided the key does not already exist in the
+                                      object''s nodeSelector. If used in conjunction
+                                      with ControlPlaneNodeSelector, that nodeSelector
+                                      is set on the calico-kube-controllers Deployment
+                                      and each of this field''s key/value pairs are
+                                      added to the calico-kube-controllers Deployment
+                                      nodeSelector provided the key does not already
+                                      exist in the object''s nodeSelector. If omitted,
+                                      the calico-kube-controllers Deployment will
+                                      use its default value for nodeSelector. WARNING:
+                                      Please note that this field will modify the
+                                      default calico-kube-controllers Deployment nodeSelector.'
+                                    type: object
+                                  tolerations:
+                                    description: 'Tolerations is the calico-kube-controllers
+                                      pod''s tolerations. If specified, this overrides
+                                      any tolerations that may be set on the calico-kube-controllers
+                                      Deployment. If omitted, the calico-kube-controllers
+                                      Deployment will use its default value for tolerations.
+                                      WARNING: Please note that this field will override
+                                      the default calico-kube-controllers Deployment
+                                      tolerations.'
+                                    items:
+                                      description: The pod this Toleration is attached
+                                        to tolerates any taint that matches the triple
+                                        <key,value,effect> using the matching operator
+                                        <operator>.
+                                      properties:
+                                        effect:
+                                          description: Effect indicates the taint
+                                            effect to match. Empty means match all
+                                            taint effects. When specified, allowed
+                                            values are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Key is the taint key that the
+                                            toleration applies to. Empty means match
+                                            all taint keys. If the key is empty, operator
+                                            must be Exists; this combination means
+                                            to match all values and all keys.
+                                          type: string
+                                        operator:
+                                          description: Operator represents a key's
+                                            relationship to the value. Valid operators
+                                            are Exists and Equal. Defaults to Equal.
+                                            Exists is equivalent to wildcard for value,
+                                            so that a pod can tolerate all taints
+                                            of a particular category.
+                                          type: string
+                                        tolerationSeconds:
+                                          description: TolerationSeconds represents
+                                            the period of time the toleration (which
+                                            must be of effect NoExecute, otherwise
+                                            this field is ignored) tolerates the taint.
+                                            By default, it is not set, which means
+                                            tolerate the taint forever (do not evict).
+                                            Zero and negative values will be treated
+                                            as 0 (evict immediately) by the system.
+                                          format: int64
+                                          type: integer
+                                        value:
+                                          description: Value is the taint value the
+                                            toleration matches to. If the operator
+                                            is Exists, the value should be empty,
+                                            otherwise just a regular string.
+                                          type: string
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                        type: object
+                    type: object
+                  calicoNetwork:
+                    description: CalicoNetwork specifies networking configuration
+                      options for Calico.
+                    properties:
+                      bgp:
+                        description: BGP configures whether or not to enable Calico's
+                          BGP capabilities.
+                        enum:
+                        - Enabled
+                        - Disabled
+                        type: string
+                      containerIPForwarding:
+                        description: 'ContainerIPForwarding configures whether ip
+                          forwarding will be enabled for containers in the CNI configuration.
+                          Default: Disabled'
+                        enum:
+                        - Enabled
+                        - Disabled
+                        type: string
+                      hostPorts:
+                        description: 'HostPorts configures whether or not Calico will
+                          support Kubernetes HostPorts. Valid only when using the
+                          Calico CNI plugin. Default: Enabled'
+                        enum:
+                        - Enabled
+                        - Disabled
+                        type: string
+                      ipPools:
+                        description: IPPools contains a list of IP pools to create
+                          if none exist. At most one IP pool of each address family
+                          may be specified. If omitted, a single pool will be configured
+                          if needed.
+                        items:
+                          properties:
+                            blockSize:
+                              description: 'BlockSize specifies the CIDR prefex length
+                                to use when allocating per-node IP blocks from the
+                                main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)'
+                              format: int32
+                              type: integer
+                            cidr:
+                              description: CIDR contains the address range for the
+                                IP Pool in classless inter-domain routing format.
+                              type: string
+                            disableBGPExport:
+                              default: false
+                              description: 'DisableBGPExport specifies whether routes
+                                from this IP pool''s CIDR are exported over BGP. Default:
+                                false'
+                              type: boolean
+                            encapsulation:
+                              description: 'Encapsulation specifies the encapsulation
+                                type that will be used with the IP Pool. Default:
+                                IPIP'
+                              enum:
+                              - IPIPCrossSubnet
+                              - IPIP
+                              - VXLAN
+                              - VXLANCrossSubnet
+                              - None
+                              type: string
+                            natOutgoing:
+                              description: 'NATOutgoing specifies if NAT will be enabled
+                                or disabled for outgoing traffic. Default: Enabled'
+                              enum:
+                              - Enabled
+                              - Disabled
+                              type: string
+                            nodeSelector:
+                              description: 'NodeSelector specifies the node selector
+                                that will be set for the IP Pool. Default: ''all()'''
+                              type: string
+                          required:
+                          - cidr
+                          type: object
+                        type: array
+                      linuxDataplane:
+                        description: 'LinuxDataplane is used to select the dataplane
+                          used for Linux nodes. In particular, it causes the operator
+                          to add required mounts and environment variables for the
+                          particular dataplane. If not specified, iptables mode is
+                          used. Default: Iptables'
+                        enum:
+                        - Iptables
+                        - BPF
+                        - VPP
+                        type: string
+                      mtu:
+                        description: MTU specifies the maximum transmission unit to
+                          use on the pod network. If not specified, Calico will perform
+                          MTU auto-detection based on the cluster network.
+                        format: int32
+                        type: integer
+                      multiInterfaceMode:
+                        description: 'MultiInterfaceMode configures what will configure
+                          multiple interface per pod. Only valid for Calico Enterprise
+                          installations using the Calico CNI plugin. Default: None'
+                        enum:
+                        - None
+                        - Multus
+                        type: string
+                      nodeAddressAutodetectionV4:
+                        description: NodeAddressAutodetectionV4 specifies an approach
+                          to automatically detect node IPv4 addresses. If not specified,
+                          will use default auto-detection settings to acquire an IPv4
+                          address for each node.
+                        properties:
+                          canReach:
+                            description: CanReach enables IP auto-detection based
+                              on which source address on the node is used to reach
+                              the specified IP or domain.
+                            type: string
+                          cidrs:
+                            description: CIDRS enables IP auto-detection based on
+                              which addresses on the nodes are within one of the provided
+                              CIDRs.
+                            items:
+                              type: string
+                            type: array
+                          firstFound:
+                            description: FirstFound uses default interface matching
+                              parameters to select an interface, performing best-effort
+                              filtering based on well-known interface names.
+                            type: boolean
+                          interface:
+                            description: Interface enables IP auto-detection based
+                              on interfaces that match the given regex.
+                            type: string
+                          kubernetes:
+                            description: Kubernetes configures Calico to detect node
+                              addresses based on the Kubernetes API.
+                            enum:
+                            - NodeInternalIP
+                            type: string
+                          skipInterface:
+                            description: SkipInterface enables IP auto-detection based
+                              on interfaces that do not match the given regex.
+                            type: string
+                        type: object
+                      nodeAddressAutodetectionV6:
+                        description: NodeAddressAutodetectionV6 specifies an approach
+                          to automatically detect node IPv6 addresses. If not specified,
+                          IPv6 addresses will not be auto-detected.
+                        properties:
+                          canReach:
+                            description: CanReach enables IP auto-detection based
+                              on which source address on the node is used to reach
+                              the specified IP or domain.
+                            type: string
+                          cidrs:
+                            description: CIDRS enables IP auto-detection based on
+                              which addresses on the nodes are within one of the provided
+                              CIDRs.
+                            items:
+                              type: string
+                            type: array
+                          firstFound:
+                            description: FirstFound uses default interface matching
+                              parameters to select an interface, performing best-effort
+                              filtering based on well-known interface names.
+                            type: boolean
+                          interface:
+                            description: Interface enables IP auto-detection based
+                              on interfaces that match the given regex.
+                            type: string
+                          kubernetes:
+                            description: Kubernetes configures Calico to detect node
+                              addresses based on the Kubernetes API.
+                            enum:
+                            - NodeInternalIP
+                            type: string
+                          skipInterface:
+                            description: SkipInterface enables IP auto-detection based
+                              on interfaces that do not match the given regex.
+                            type: string
+                        type: object
+                      windowsDataplane:
+                        description: 'WindowsDataplane is used to select the dataplane
+                          used for Windows nodes. In particular, it causes the operator
+                          to add required mounts and environment variables for the
+                          particular dataplane. If not specified, it is disabled and
+                          the operator will not render the Calico Windows nodes daemonset.
+                          Default: Disabled'
+                        enum:
+                        - HNS
+                        - Disabled
+                        type: string
+                    type: object
+                  calicoNodeDaemonSet:
+                    description: CalicoNodeDaemonSet configures the calico-node DaemonSet.
+                      If used in conjunction with the deprecated ComponentResources,
+                      then these overrides take precedence.
+                    properties:
+                      metadata:
+                        description: Metadata is a subset of a Kubernetes object's
+                          metadata that is added to the DaemonSet.
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: Annotations is a map of arbitrary non-identifying
+                              metadata. Each of these key/value pairs are added to
+                              the object's annotations provided the key does not already
+                              exist in the object's annotations.
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: Labels is a map of string keys and values
+                              that may match replicaset and service selectors. Each
+                              of these key/value pairs are added to the object's labels
+                              provided the key does not already exist in the object's
+                              labels.
+                            type: object
+                        type: object
+                      spec:
+                        description: Spec is the specification of the calico-node
+                          DaemonSet.
+                        properties:
+                          minReadySeconds:
+                            description: MinReadySeconds is the minimum number of
+                              seconds for which a newly created DaemonSet pod should
+                              be ready without any of its container crashing, for
+                              it to be considered available. If specified, this overrides
+                              any minReadySeconds value that may be set on the calico-node
+                              DaemonSet. If omitted, the calico-node DaemonSet will
+                              use its default value for minReadySeconds.
+                            format: int32
+                            maximum: 2147483647
+                            minimum: 0
+                            type: integer
+                          template:
+                            description: Template describes the calico-node DaemonSet
+                              pod that will be created.
+                            properties:
+                              metadata:
+                                description: Metadata is a subset of a Kubernetes
+                                  object's metadata that is added to the pod's metadata.
+                                properties:
+                                  annotations:
+                                    additionalProperties:
+                                      type: string
+                                    description: Annotations is a map of arbitrary
+                                      non-identifying metadata. Each of these key/value
+                                      pairs are added to the object's annotations
+                                      provided the key does not already exist in the
+                                      object's annotations.
+                                    type: object
+                                  labels:
+                                    additionalProperties:
+                                      type: string
+                                    description: Labels is a map of string keys and
+                                      values that may match replicaset and service
+                                      selectors. Each of these key/value pairs are
+                                      added to the object's labels provided the key
+                                      does not already exist in the object's labels.
+                                    type: object
+                                type: object
+                              spec:
+                                description: Spec is the calico-node DaemonSet's PodSpec.
+                                properties:
+                                  affinity:
+                                    description: 'Affinity is a group of affinity
+                                      scheduling rules for the calico-node pods. If
+                                      specified, this overrides any affinity that
+                                      may be set on the calico-node DaemonSet. If
+                                      omitted, the calico-node DaemonSet will use
+                                      its default value for affinity. WARNING: Please
+                                      note that this field will override the default
+                                      calico-node DaemonSet affinity.'
+                                    properties:
+                                      nodeAffinity:
+                                        description: Describes node affinity scheduling
+                                          rules for the pod.
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node matches the corresponding
+                                              matchExpressions; the node(s) with the
+                                              highest sum are the most preferred.
+                                            items:
+                                              description: An empty preferred scheduling
+                                                term matches all objects with implicit
+                                                weight 0 (i.e. it's a no-op). A null
+                                                preferred scheduling term matches
+                                                no objects (i.e. is also a no-op).
+                                              properties:
+                                                preference:
+                                                  description: A node selector term,
+                                                    associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                weight:
+                                                  description: Weight associated with
+                                                    matching the corresponding nodeSelectorTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - preference
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to an update),
+                                              the system may or may not try to eventually
+                                              evict the pod from its node.
+                                            properties:
+                                              nodeSelectorTerms:
+                                                description: Required. A list of node
+                                                  selector terms. The terms are ORed.
+                                                items:
+                                                  description: A null or empty node
+                                                    selector term matches no objects.
+                                                    The requirements of them are ANDed.
+                                                    The TopologySelectorTerm type
+                                                    implements a subset of the NodeSelectorTerm.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                type: array
+                                            required:
+                                            - nodeSelectorTerms
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        type: object
+                                      podAffinity:
+                                        description: Describes pod affinity scheduling
+                                          rules (e.g. co-locate this pod in the same
+                                          node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                      podAntiAffinity:
+                                        description: Describes pod anti-affinity scheduling
+                                          rules (e.g. avoid putting this pod in the
+                                          same node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the anti-affinity expressions specified
+                                              by this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling anti-affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the anti-affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the anti-affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                    type: object
+                                  containers:
+                                    description: Containers is a list of calico-node
+                                      containers. If specified, this overrides the
+                                      specified calico-node DaemonSet containers.
+                                      If omitted, the calico-node DaemonSet will use
+                                      its default values for its containers.
+                                    items:
+                                      description: CalicoNodeDaemonSetContainer is
+                                        a calico-node DaemonSet container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the calico-node DaemonSet container by
+                                            name.
+                                          enum:
+                                          - calico-node
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named calico-node DaemonSet
+                                            container's resources. If omitted, the
+                                            calico-node DaemonSet will use its default
+                                            value for this container's resources.
+                                            If used in conjunction with the deprecated
+                                            ComponentResources, then this value takes
+                                            precedence.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  initContainers:
+                                    description: InitContainers is a list of calico-node
+                                      init containers. If specified, this overrides
+                                      the specified calico-node DaemonSet init containers.
+                                      If omitted, the calico-node DaemonSet will use
+                                      its default values for its init containers.
+                                    items:
+                                      description: CalicoNodeDaemonSetInitContainer
+                                        is a calico-node DaemonSet init container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the calico-node DaemonSet init container
+                                            by name.
+                                          enum:
+                                          - install-cni
+                                          - hostpath-init
+                                          - flexvol-driver
+                                          - mount-bpffs
+                                          - node-certs-key-cert-provisioner
+                                          - calico-node-prometheus-server-tls-key-cert-provisioner
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named calico-node DaemonSet
+                                            init container's resources. If omitted,
+                                            the calico-node DaemonSet will use its
+                                            default value for this container's resources.
+                                            If used in conjunction with the deprecated
+                                            ComponentResources, then this value takes
+                                            precedence.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  nodeSelector:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'NodeSelector is the calico-node
+                                      pod''s scheduling constraints. If specified,
+                                      each of the key/value pairs are added to the
+                                      calico-node DaemonSet nodeSelector provided
+                                      the key does not already exist in the object''s
+                                      nodeSelector. If omitted, the calico-node DaemonSet
+                                      will use its default value for nodeSelector.
+                                      WARNING: Please note that this field will modify
+                                      the default calico-node DaemonSet nodeSelector.'
+                                    type: object
+                                  tolerations:
+                                    description: 'Tolerations is the calico-node pod''s
+                                      tolerations. If specified, this overrides any
+                                      tolerations that may be set on the calico-node
+                                      DaemonSet. If omitted, the calico-node DaemonSet
+                                      will use its default value for tolerations.
+                                      WARNING: Please note that this field will override
+                                      the default calico-node DaemonSet tolerations.'
+                                    items:
+                                      description: The pod this Toleration is attached
+                                        to tolerates any taint that matches the triple
+                                        <key,value,effect> using the matching operator
+                                        <operator>.
+                                      properties:
+                                        effect:
+                                          description: Effect indicates the taint
+                                            effect to match. Empty means match all
+                                            taint effects. When specified, allowed
+                                            values are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Key is the taint key that the
+                                            toleration applies to. Empty means match
+                                            all taint keys. If the key is empty, operator
+                                            must be Exists; this combination means
+                                            to match all values and all keys.
+                                          type: string
+                                        operator:
+                                          description: Operator represents a key's
+                                            relationship to the value. Valid operators
+                                            are Exists and Equal. Defaults to Equal.
+                                            Exists is equivalent to wildcard for value,
+                                            so that a pod can tolerate all taints
+                                            of a particular category.
+                                          type: string
+                                        tolerationSeconds:
+                                          description: TolerationSeconds represents
+                                            the period of time the toleration (which
+                                            must be of effect NoExecute, otherwise
+                                            this field is ignored) tolerates the taint.
+                                            By default, it is not set, which means
+                                            tolerate the taint forever (do not evict).
+                                            Zero and negative values will be treated
+                                            as 0 (evict immediately) by the system.
+                                          format: int64
+                                          type: integer
+                                        value:
+                                          description: Value is the taint value the
+                                            toleration matches to. If the operator
+                                            is Exists, the value should be empty,
+                                            otherwise just a regular string.
+                                          type: string
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                        type: object
+                    type: object
+                  calicoNodeWindowsDaemonSet:
+                    description: CalicoNodeWindowsDaemonSet configures the calico-node-windows
+                      DaemonSet.
+                    properties:
+                      metadata:
+                        description: Metadata is a subset of a Kubernetes object's
+                          metadata that is added to the DaemonSet.
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: Annotations is a map of arbitrary non-identifying
+                              metadata. Each of these key/value pairs are added to
+                              the object's annotations provided the key does not already
+                              exist in the object's annotations.
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: Labels is a map of string keys and values
+                              that may match replicaset and service selectors. Each
+                              of these key/value pairs are added to the object's labels
+                              provided the key does not already exist in the object's
+                              labels.
+                            type: object
+                        type: object
+                      spec:
+                        description: Spec is the specification of the calico-node-windows
+                          DaemonSet.
+                        properties:
+                          minReadySeconds:
+                            description: MinReadySeconds is the minimum number of
+                              seconds for which a newly created DaemonSet pod should
+                              be ready without any of its container crashing, for
+                              it to be considered available. If specified, this overrides
+                              any minReadySeconds value that may be set on the calico-node-windows
+                              DaemonSet. If omitted, the calico-node-windows DaemonSet
+                              will use its default value for minReadySeconds.
+                            format: int32
+                            maximum: 2147483647
+                            minimum: 0
+                            type: integer
+                          template:
+                            description: Template describes the calico-node-windows
+                              DaemonSet pod that will be created.
+                            properties:
+                              metadata:
+                                description: Metadata is a subset of a Kubernetes
+                                  object's metadata that is added to the pod's metadata.
+                                properties:
+                                  annotations:
+                                    additionalProperties:
+                                      type: string
+                                    description: Annotations is a map of arbitrary
+                                      non-identifying metadata. Each of these key/value
+                                      pairs are added to the object's annotations
+                                      provided the key does not already exist in the
+                                      object's annotations.
+                                    type: object
+                                  labels:
+                                    additionalProperties:
+                                      type: string
+                                    description: Labels is a map of string keys and
+                                      values that may match replicaset and service
+                                      selectors. Each of these key/value pairs are
+                                      added to the object's labels provided the key
+                                      does not already exist in the object's labels.
+                                    type: object
+                                type: object
+                              spec:
+                                description: Spec is the calico-node-windows DaemonSet's
+                                  PodSpec.
+                                properties:
+                                  affinity:
+                                    description: 'Affinity is a group of affinity
+                                      scheduling rules for the calico-node-windows
+                                      pods. If specified, this overrides any affinity
+                                      that may be set on the calico-node-windows DaemonSet.
+                                      If omitted, the calico-node-windows DaemonSet
+                                      will use its default value for affinity. WARNING:
+                                      Please note that this field will override the
+                                      default calico-node-windows DaemonSet affinity.'
+                                    properties:
+                                      nodeAffinity:
+                                        description: Describes node affinity scheduling
+                                          rules for the pod.
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node matches the corresponding
+                                              matchExpressions; the node(s) with the
+                                              highest sum are the most preferred.
+                                            items:
+                                              description: An empty preferred scheduling
+                                                term matches all objects with implicit
+                                                weight 0 (i.e. it's a no-op). A null
+                                                preferred scheduling term matches
+                                                no objects (i.e. is also a no-op).
+                                              properties:
+                                                preference:
+                                                  description: A node selector term,
+                                                    associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                weight:
+                                                  description: Weight associated with
+                                                    matching the corresponding nodeSelectorTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - preference
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to an update),
+                                              the system may or may not try to eventually
+                                              evict the pod from its node.
+                                            properties:
+                                              nodeSelectorTerms:
+                                                description: Required. A list of node
+                                                  selector terms. The terms are ORed.
+                                                items:
+                                                  description: A null or empty node
+                                                    selector term matches no objects.
+                                                    The requirements of them are ANDed.
+                                                    The TopologySelectorTerm type
+                                                    implements a subset of the NodeSelectorTerm.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                type: array
+                                            required:
+                                            - nodeSelectorTerms
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        type: object
+                                      podAffinity:
+                                        description: Describes pod affinity scheduling
+                                          rules (e.g. co-locate this pod in the same
+                                          node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                      podAntiAffinity:
+                                        description: Describes pod anti-affinity scheduling
+                                          rules (e.g. avoid putting this pod in the
+                                          same node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the anti-affinity expressions specified
+                                              by this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling anti-affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the anti-affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the anti-affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                    type: object
+                                  containers:
+                                    description: Containers is a list of calico-node-windows
+                                      containers. If specified, this overrides the
+                                      specified calico-node-windows DaemonSet containers.
+                                      If omitted, the calico-node-windows DaemonSet
+                                      will use its default values for its containers.
+                                    items:
+                                      description: CalicoNodeWindowsDaemonSetContainer
+                                        is a calico-node-windows DaemonSet container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the calico-node-windows DaemonSet container
+                                            by name.
+                                          enum:
+                                          - calico-node-windows
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named calico-node-windows
+                                            DaemonSet container's resources. If omitted,
+                                            the calico-node-windows DaemonSet will
+                                            use its default value for this container's
+                                            resources. If used in conjunction with
+                                            the deprecated ComponentResources, then
+                                            this value takes precedence.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  initContainers:
+                                    description: InitContainers is a list of calico-node-windows
+                                      init containers. If specified, this overrides
+                                      the specified calico-node-windows DaemonSet
+                                      init containers. If omitted, the calico-node-windows
+                                      DaemonSet will use its default values for its
+                                      init containers.
+                                    items:
+                                      description: CalicoNodeWindowsDaemonSetInitContainer
+                                        is a calico-node-windows DaemonSet init container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the calico-node-windows DaemonSet init
+                                            container by name.
+                                          enum:
+                                          - install-cni
+                                          - hostpath-init
+                                          - flexvol-driver
+                                          - mount-bpffs
+                                          - node-certs-key-cert-provisioner
+                                          - calico-node-windows-prometheus-server-tls-key-cert-provisioner
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named calico-node-windows
+                                            DaemonSet init container's resources.
+                                            If omitted, the calico-node-windows DaemonSet
+                                            will use its default value for this container's
+                                            resources. If used in conjunction with
+                                            the deprecated ComponentResources, then
+                                            this value takes precedence.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  nodeSelector:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'NodeSelector is the calico-node-windows
+                                      pod''s scheduling constraints. If specified,
+                                      each of the key/value pairs are added to the
+                                      calico-node-windows DaemonSet nodeSelector provided
+                                      the key does not already exist in the object''s
+                                      nodeSelector. If omitted, the calico-node-windows
+                                      DaemonSet will use its default value for nodeSelector.
+                                      WARNING: Please note that this field will modify
+                                      the default calico-node-windows DaemonSet nodeSelector.'
+                                    type: object
+                                  tolerations:
+                                    description: 'Tolerations is the calico-node-windows
+                                      pod''s tolerations. If specified, this overrides
+                                      any tolerations that may be set on the calico-node-windows
+                                      DaemonSet. If omitted, the calico-node-windows
+                                      DaemonSet will use its default value for tolerations.
+                                      WARNING: Please note that this field will override
+                                      the default calico-node-windows DaemonSet tolerations.'
+                                    items:
+                                      description: The pod this Toleration is attached
+                                        to tolerates any taint that matches the triple
+                                        <key,value,effect> using the matching operator
+                                        <operator>.
+                                      properties:
+                                        effect:
+                                          description: Effect indicates the taint
+                                            effect to match. Empty means match all
+                                            taint effects. When specified, allowed
+                                            values are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Key is the taint key that the
+                                            toleration applies to. Empty means match
+                                            all taint keys. If the key is empty, operator
+                                            must be Exists; this combination means
+                                            to match all values and all keys.
+                                          type: string
+                                        operator:
+                                          description: Operator represents a key's
+                                            relationship to the value. Valid operators
+                                            are Exists and Equal. Defaults to Equal.
+                                            Exists is equivalent to wildcard for value,
+                                            so that a pod can tolerate all taints
+                                            of a particular category.
+                                          type: string
+                                        tolerationSeconds:
+                                          description: TolerationSeconds represents
+                                            the period of time the toleration (which
+                                            must be of effect NoExecute, otherwise
+                                            this field is ignored) tolerates the taint.
+                                            By default, it is not set, which means
+                                            tolerate the taint forever (do not evict).
+                                            Zero and negative values will be treated
+                                            as 0 (evict immediately) by the system.
+                                          format: int64
+                                          type: integer
+                                        value:
+                                          description: Value is the taint value the
+                                            toleration matches to. If the operator
+                                            is Exists, the value should be empty,
+                                            otherwise just a regular string.
+                                          type: string
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                        type: object
+                    type: object
+                  calicoWindowsUpgradeDaemonSet:
+                    description: Deprecated. The CalicoWindowsUpgradeDaemonSet is
+                      deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet
+                      configures the calico-windows-upgrade DaemonSet.
+                    properties:
+                      metadata:
+                        description: Metadata is a subset of a Kubernetes object's
+                          metadata that is added to the Deployment.
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: Annotations is a map of arbitrary non-identifying
+                              metadata. Each of these key/value pairs are added to
+                              the object's annotations provided the key does not already
+                              exist in the object's annotations.
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: Labels is a map of string keys and values
+                              that may match replicaset and service selectors. Each
+                              of these key/value pairs are added to the object's labels
+                              provided the key does not already exist in the object's
+                              labels.
+                            type: object
+                        type: object
+                      spec:
+                        description: Spec is the specification of the calico-windows-upgrade
+                          DaemonSet.
+                        properties:
+                          minReadySeconds:
+                            description: MinReadySeconds is the minimum number of
+                              seconds for which a newly created Deployment pod should
+                              be ready without any of its container crashing, for
+                              it to be considered available. If specified, this overrides
+                              any minReadySeconds value that may be set on the calico-windows-upgrade
+                              DaemonSet. If omitted, the calico-windows-upgrade DaemonSet
+                              will use its default value for minReadySeconds.
+                            format: int32
+                            maximum: 2147483647
+                            minimum: 0
+                            type: integer
+                          template:
+                            description: Template describes the calico-windows-upgrade
+                              DaemonSet pod that will be created.
+                            properties:
+                              metadata:
+                                description: Metadata is a subset of a Kubernetes
+                                  object's metadata that is added to the pod's metadata.
+                                properties:
+                                  annotations:
+                                    additionalProperties:
+                                      type: string
+                                    description: Annotations is a map of arbitrary
+                                      non-identifying metadata. Each of these key/value
+                                      pairs are added to the object's annotations
+                                      provided the key does not already exist in the
+                                      object's annotations.
+                                    type: object
+                                  labels:
+                                    additionalProperties:
+                                      type: string
+                                    description: Labels is a map of string keys and
+                                      values that may match replicaset and service
+                                      selectors. Each of these key/value pairs are
+                                      added to the object's labels provided the key
+                                      does not already exist in the object's labels.
+                                    type: object
+                                type: object
+                              spec:
+                                description: Spec is the calico-windows-upgrade DaemonSet's
+                                  PodSpec.
+                                properties:
+                                  affinity:
+                                    description: 'Affinity is a group of affinity
+                                      scheduling rules for the calico-windows-upgrade
+                                      pods. If specified, this overrides any affinity
+                                      that may be set on the calico-windows-upgrade
+                                      DaemonSet. If omitted, the calico-windows-upgrade
+                                      DaemonSet will use its default value for affinity.
+                                      WARNING: Please note that this field will override
+                                      the default calico-windows-upgrade DaemonSet
+                                      affinity.'
+                                    properties:
+                                      nodeAffinity:
+                                        description: Describes node affinity scheduling
+                                          rules for the pod.
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node matches the corresponding
+                                              matchExpressions; the node(s) with the
+                                              highest sum are the most preferred.
+                                            items:
+                                              description: An empty preferred scheduling
+                                                term matches all objects with implicit
+                                                weight 0 (i.e. it's a no-op). A null
+                                                preferred scheduling term matches
+                                                no objects (i.e. is also a no-op).
+                                              properties:
+                                                preference:
+                                                  description: A node selector term,
+                                                    associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                weight:
+                                                  description: Weight associated with
+                                                    matching the corresponding nodeSelectorTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - preference
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to an update),
+                                              the system may or may not try to eventually
+                                              evict the pod from its node.
+                                            properties:
+                                              nodeSelectorTerms:
+                                                description: Required. A list of node
+                                                  selector terms. The terms are ORed.
+                                                items:
+                                                  description: A null or empty node
+                                                    selector term matches no objects.
+                                                    The requirements of them are ANDed.
+                                                    The TopologySelectorTerm type
+                                                    implements a subset of the NodeSelectorTerm.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                type: array
+                                            required:
+                                            - nodeSelectorTerms
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        type: object
+                                      podAffinity:
+                                        description: Describes pod affinity scheduling
+                                          rules (e.g. co-locate this pod in the same
+                                          node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                      podAntiAffinity:
+                                        description: Describes pod anti-affinity scheduling
+                                          rules (e.g. avoid putting this pod in the
+                                          same node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the anti-affinity expressions specified
+                                              by this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling anti-affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the anti-affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the anti-affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                    type: object
+                                  containers:
+                                    description: Containers is a list of calico-windows-upgrade
+                                      containers. If specified, this overrides the
+                                      specified calico-windows-upgrade DaemonSet containers.
+                                      If omitted, the calico-windows-upgrade DaemonSet
+                                      will use its default values for its containers.
+                                    items:
+                                      description: CalicoWindowsUpgradeDaemonSetContainer
+                                        is a calico-windows-upgrade DaemonSet container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the calico-windows-upgrade DaemonSet container
+                                            by name.
+                                          enum:
+                                          - calico-windows-upgrade
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named calico-windows-upgrade
+                                            DaemonSet container's resources. If omitted,
+                                            the calico-windows-upgrade DaemonSet will
+                                            use its default value for this container's
+                                            resources.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  nodeSelector:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'NodeSelector is the calico-windows-upgrade
+                                      pod''s scheduling constraints. If specified,
+                                      each of the key/value pairs are added to the
+                                      calico-windows-upgrade DaemonSet nodeSelector
+                                      provided the key does not already exist in the
+                                      object''s nodeSelector. If omitted, the calico-windows-upgrade
+                                      DaemonSet will use its default value for nodeSelector.
+                                      WARNING: Please note that this field will modify
+                                      the default calico-windows-upgrade DaemonSet
+                                      nodeSelector.'
+                                    type: object
+                                  tolerations:
+                                    description: 'Tolerations is the calico-windows-upgrade
+                                      pod''s tolerations. If specified, this overrides
+                                      any tolerations that may be set on the calico-windows-upgrade
+                                      DaemonSet. If omitted, the calico-windows-upgrade
+                                      DaemonSet will use its default value for tolerations.
+                                      WARNING: Please note that this field will override
+                                      the default calico-windows-upgrade DaemonSet
+                                      tolerations.'
+                                    items:
+                                      description: The pod this Toleration is attached
+                                        to tolerates any taint that matches the triple
+                                        <key,value,effect> using the matching operator
+                                        <operator>.
+                                      properties:
+                                        effect:
+                                          description: Effect indicates the taint
+                                            effect to match. Empty means match all
+                                            taint effects. When specified, allowed
+                                            values are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Key is the taint key that the
+                                            toleration applies to. Empty means match
+                                            all taint keys. If the key is empty, operator
+                                            must be Exists; this combination means
+                                            to match all values and all keys.
+                                          type: string
+                                        operator:
+                                          description: Operator represents a key's
+                                            relationship to the value. Valid operators
+                                            are Exists and Equal. Defaults to Equal.
+                                            Exists is equivalent to wildcard for value,
+                                            so that a pod can tolerate all taints
+                                            of a particular category.
+                                          type: string
+                                        tolerationSeconds:
+                                          description: TolerationSeconds represents
+                                            the period of time the toleration (which
+                                            must be of effect NoExecute, otherwise
+                                            this field is ignored) tolerates the taint.
+                                            By default, it is not set, which means
+                                            tolerate the taint forever (do not evict).
+                                            Zero and negative values will be treated
+                                            as 0 (evict immediately) by the system.
+                                          format: int64
+                                          type: integer
+                                        value:
+                                          description: Value is the taint value the
+                                            toleration matches to. If the operator
+                                            is Exists, the value should be empty,
+                                            otherwise just a regular string.
+                                          type: string
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                        type: object
+                    type: object
+                  certificateManagement:
+                    description: CertificateManagement configures pods to submit a
+                      CertificateSigningRequest to the certificates.k8s.io/v1beta1
+                      API in order to obtain TLS certificates. This feature requires
+                      that you bring your own CSR signing and approval process, otherwise
+                      pods will be stuck during initialization.
+                    properties:
+                      caCert:
+                        description: Certificate of the authority that signs the CertificateSigningRequests
+                          in PEM format.
+                        format: byte
+                        type: string
+                      keyAlgorithm:
+                        description: 'Specify the algorithm used by pods to generate
+                          a key pair that is associated with the X.509 certificate
+                          request. Default: RSAWithSize2048'
+                        enum:
+                        - ""
+                        - RSAWithSize2048
+                        - RSAWithSize4096
+                        - RSAWithSize8192
+                        - ECDSAWithCurve256
+                        - ECDSAWithCurve384
+                        - ECDSAWithCurve521
+                        type: string
+                      signatureAlgorithm:
+                        description: 'Specify the algorithm used for the signature
+                          of the X.509 certificate request. Default: SHA256WithRSA'
+                        enum:
+                        - ""
+                        - SHA256WithRSA
+                        - SHA384WithRSA
+                        - SHA512WithRSA
+                        - ECDSAWithSHA256
+                        - ECDSAWithSHA384
+                        - ECDSAWithSHA512
+                        type: string
+                      signerName:
+                        description: 'When a CSR is issued to the certificates.k8s.io
+                          API, the signerName is added to the request in order to
+                          accommodate for clusters with multiple signers. Must be
+                          formatted as: `<my-domain>/<my-signername>`.'
+                        type: string
+                    required:
+                    - caCert
+                    - signerName
+                    type: object
+                  cni:
+                    description: CNI specifies the CNI that will be used by this installation.
+                    properties:
+                      ipam:
+                        description: IPAM specifies the pod IP address management
+                          that will be used in the Calico or Calico Enterprise installation.
+                        properties:
+                          type:
+                            description: "Specifies the IPAM plugin that will be used
+                              in the Calico or Calico Enterprise installation. * For
+                              CNI Plugin Calico, this field defaults to Calico. *
+                              For CNI Plugin GKE, this field defaults to HostLocal.
+                              * For CNI Plugin AzureVNET, this field defaults to AzureVNET.
+                              * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC.
+                              \n The IPAM plugin is installed and configured only
+                              if the CNI plugin is set to Calico, for all other values
+                              of the CNI plugin the plugin binaries and CNI config
+                              is a dependency that is expected to be installed separately.
+                              \n Default: Calico"
+                            enum:
+                            - Calico
+                            - HostLocal
+                            - AmazonVPC
+                            - AzureVNET
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      type:
+                        description: "Specifies the CNI plugin that will be used in
+                          the Calico or Calico Enterprise installation. * For KubernetesProvider
+                          GKE, this field defaults to GKE. * For KubernetesProvider
+                          AKS, this field defaults to AzureVNET. * For KubernetesProvider
+                          EKS, this field defaults to AmazonVPC. * If aws-node daemonset
+                          exists in kube-system when the Installation resource is
+                          created, this field defaults to AmazonVPC. * For all other
+                          cases this field defaults to Calico. \n For the value Calico,
+                          the CNI plugin binaries and CNI config will be installed
+                          as part of deployment, for all other values the CNI plugin
+                          binaries and CNI config is a dependency that is expected
+                          to be installed separately. \n Default: Calico"
+                        enum:
+                        - Calico
+                        - GKE
+                        - AmazonVPC
+                        - AzureVNET
+                        type: string
+                    required:
+                    - type
+                    type: object
+                  componentResources:
+                    description: Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment,
+                      and KubeControllersDeployment. ComponentResources can be used
+                      to customize the resource requirements for each component. Node,
+                      Typha, and KubeControllers are supported for installations.
+                    items:
+                      description: Deprecated. Please use component resource config
+                        fields in Installation.Spec instead. The ComponentResource
+                        struct associates a ResourceRequirements with a component
+                        by name
+                      properties:
+                        componentName:
+                          description: ComponentName is an enum which identifies the
+                            component
+                          enum:
+                          - Node
+                          - Typha
+                          - KubeControllers
+                          type: string
+                        resourceRequirements:
+                          description: ResourceRequirements allows customization of
+                            limits and requests for compute resources such as cpu
+                            and memory.
+                          properties:
+                            claims:
+                              description: "Claims lists the names of resources, defined
+                                in spec.resourceClaims, that are used by this container.
+                                \n This is an alpha field and requires enabling the
+                                DynamicResourceAllocation feature gate. \n This field
+                                is immutable. It can only be set for containers."
+                              items:
+                                description: ResourceClaim references one entry in
+                                  PodSpec.ResourceClaims.
+                                properties:
+                                  name:
+                                    description: Name must match the name of one entry
+                                      in pod.spec.resourceClaims of the Pod where
+                                      this field is used. It makes that resource available
+                                      inside a container.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: 'Limits describes the maximum amount of
+                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: 'Requests describes the minimum amount
+                                of compute resources required. If Requests is omitted
+                                for a container, it defaults to Limits if that is
+                                explicitly specified, otherwise to an implementation-defined
+                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                              type: object
+                          type: object
+                      required:
+                      - componentName
+                      - resourceRequirements
+                      type: object
+                    type: array
+                  controlPlaneNodeSelector:
+                    additionalProperties:
+                      type: string
+                    description: ControlPlaneNodeSelector is used to select control
+                      plane nodes on which to run Calico components. This is globally
+                      applied to all resources created by the operator excluding daemonsets.
+                    type: object
+                  controlPlaneReplicas:
+                    description: ControlPlaneReplicas defines how many replicas of
+                      the control plane core components will be deployed. This field
+                      applies to all control plane components that support High Availability.
+                      Defaults to 2.
+                    format: int32
+                    type: integer
+                  controlPlaneTolerations:
+                    description: ControlPlaneTolerations specify tolerations which
+                      are then globally applied to all resources created by the operator.
+                    items:
+                      description: The pod this Toleration is attached to tolerates
+                        any taint that matches the triple <key,value,effect> using
+                        the matching operator <operator>.
+                      properties:
+                        effect:
+                          description: Effect indicates the taint effect to match.
+                            Empty means match all taint effects. When specified, allowed
+                            values are NoSchedule, PreferNoSchedule and NoExecute.
+                          type: string
+                        key:
+                          description: Key is the taint key that the toleration applies
+                            to. Empty means match all taint keys. If the key is empty,
+                            operator must be Exists; this combination means to match
+                            all values and all keys.
+                          type: string
+                        operator:
+                          description: Operator represents a key's relationship to
+                            the value. Valid operators are Exists and Equal. Defaults
+                            to Equal. Exists is equivalent to wildcard for value,
+                            so that a pod can tolerate all taints of a particular
+                            category.
+                          type: string
+                        tolerationSeconds:
+                          description: TolerationSeconds represents the period of
+                            time the toleration (which must be of effect NoExecute,
+                            otherwise this field is ignored) tolerates the taint.
+                            By default, it is not set, which means tolerate the taint
+                            forever (do not evict). Zero and negative values will
+                            be treated as 0 (evict immediately) by the system.
+                          format: int64
+                          type: integer
+                        value:
+                          description: Value is the taint value the toleration matches
+                            to. If the operator is Exists, the value should be empty,
+                            otherwise just a regular string.
+                          type: string
+                      type: object
+                    type: array
+                  csiNodeDriverDaemonSet:
+                    description: CSINodeDriverDaemonSet configures the csi-node-driver
+                      DaemonSet.
+                    properties:
+                      metadata:
+                        description: Metadata is a subset of a Kubernetes object's
+                          metadata that is added to the DaemonSet.
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: Annotations is a map of arbitrary non-identifying
+                              metadata. Each of these key/value pairs are added to
+                              the object's annotations provided the key does not already
+                              exist in the object's annotations.
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: Labels is a map of string keys and values
+                              that may match replicaset and service selectors. Each
+                              of these key/value pairs are added to the object's labels
+                              provided the key does not already exist in the object's
+                              labels.
+                            type: object
+                        type: object
+                      spec:
+                        description: Spec is the specification of the csi-node-driver
+                          DaemonSet.
+                        properties:
+                          minReadySeconds:
+                            description: MinReadySeconds is the minimum number of
+                              seconds for which a newly created DaemonSet pod should
+                              be ready without any of its container crashing, for
+                              it to be considered available. If specified, this overrides
+                              any minReadySeconds value that may be set on the csi-node-driver
+                              DaemonSet. If omitted, the csi-node-driver DaemonSet
+                              will use its default value for minReadySeconds.
+                            format: int32
+                            maximum: 2147483647
+                            minimum: 0
+                            type: integer
+                          template:
+                            description: Template describes the csi-node-driver DaemonSet
+                              pod that will be created.
+                            properties:
+                              metadata:
+                                description: Metadata is a subset of a Kubernetes
+                                  object's metadata that is added to the pod's metadata.
+                                properties:
+                                  annotations:
+                                    additionalProperties:
+                                      type: string
+                                    description: Annotations is a map of arbitrary
+                                      non-identifying metadata. Each of these key/value
+                                      pairs are added to the object's annotations
+                                      provided the key does not already exist in the
+                                      object's annotations.
+                                    type: object
+                                  labels:
+                                    additionalProperties:
+                                      type: string
+                                    description: Labels is a map of string keys and
+                                      values that may match replicaset and service
+                                      selectors. Each of these key/value pairs are
+                                      added to the object's labels provided the key
+                                      does not already exist in the object's labels.
+                                    type: object
+                                type: object
+                              spec:
+                                description: Spec is the csi-node-driver DaemonSet's
+                                  PodSpec.
+                                properties:
+                                  affinity:
+                                    description: 'Affinity is a group of affinity
+                                      scheduling rules for the csi-node-driver pods.
+                                      If specified, this overrides any affinity that
+                                      may be set on the csi-node-driver DaemonSet.
+                                      If omitted, the csi-node-driver DaemonSet will
+                                      use its default value for affinity. WARNING:
+                                      Please note that this field will override the
+                                      default csi-node-driver DaemonSet affinity.'
+                                    properties:
+                                      nodeAffinity:
+                                        description: Describes node affinity scheduling
+                                          rules for the pod.
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node matches the corresponding
+                                              matchExpressions; the node(s) with the
+                                              highest sum are the most preferred.
+                                            items:
+                                              description: An empty preferred scheduling
+                                                term matches all objects with implicit
+                                                weight 0 (i.e. it's a no-op). A null
+                                                preferred scheduling term matches
+                                                no objects (i.e. is also a no-op).
+                                              properties:
+                                                preference:
+                                                  description: A node selector term,
+                                                    associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                weight:
+                                                  description: Weight associated with
+                                                    matching the corresponding nodeSelectorTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - preference
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to an update),
+                                              the system may or may not try to eventually
+                                              evict the pod from its node.
+                                            properties:
+                                              nodeSelectorTerms:
+                                                description: Required. A list of node
+                                                  selector terms. The terms are ORed.
+                                                items:
+                                                  description: A null or empty node
+                                                    selector term matches no objects.
+                                                    The requirements of them are ANDed.
+                                                    The TopologySelectorTerm type
+                                                    implements a subset of the NodeSelectorTerm.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                type: array
+                                            required:
+                                            - nodeSelectorTerms
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        type: object
+                                      podAffinity:
+                                        description: Describes pod affinity scheduling
+                                          rules (e.g. co-locate this pod in the same
+                                          node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                      podAntiAffinity:
+                                        description: Describes pod anti-affinity scheduling
+                                          rules (e.g. avoid putting this pod in the
+                                          same node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the anti-affinity expressions specified
+                                              by this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling anti-affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the anti-affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the anti-affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                    type: object
+                                  containers:
+                                    description: Containers is a list of csi-node-driver
+                                      containers. If specified, this overrides the
+                                      specified csi-node-driver DaemonSet containers.
+                                      If omitted, the csi-node-driver DaemonSet will
+                                      use its default values for its containers.
+                                    items:
+                                      description: CSINodeDriverDaemonSetContainer
+                                        is a csi-node-driver DaemonSet container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the csi-node-driver DaemonSet container
+                                            by name.
+                                          enum:
+                                          - csi-node-driver
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named csi-node-driver
+                                            DaemonSet container's resources. If omitted,
+                                            the csi-node-driver DaemonSet will use
+                                            its default value for this container's
+                                            resources.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  nodeSelector:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'NodeSelector is the csi-node-driver
+                                      pod''s scheduling constraints. If specified,
+                                      each of the key/value pairs are added to the
+                                      csi-node-driver DaemonSet nodeSelector provided
+                                      the key does not already exist in the object''s
+                                      nodeSelector. If omitted, the csi-node-driver
+                                      DaemonSet will use its default value for nodeSelector.
+                                      WARNING: Please note that this field will modify
+                                      the default csi-node-driver DaemonSet nodeSelector.'
+                                    type: object
+                                  tolerations:
+                                    description: 'Tolerations is the csi-node-driver
+                                      pod''s tolerations. If specified, this overrides
+                                      any tolerations that may be set on the csi-node-driver
+                                      DaemonSet. If omitted, the csi-node-driver DaemonSet
+                                      will use its default value for tolerations.
+                                      WARNING: Please note that this field will override
+                                      the default csi-node-driver DaemonSet tolerations.'
+                                    items:
+                                      description: The pod this Toleration is attached
+                                        to tolerates any taint that matches the triple
+                                        <key,value,effect> using the matching operator
+                                        <operator>.
+                                      properties:
+                                        effect:
+                                          description: Effect indicates the taint
+                                            effect to match. Empty means match all
+                                            taint effects. When specified, allowed
+                                            values are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Key is the taint key that the
+                                            toleration applies to. Empty means match
+                                            all taint keys. If the key is empty, operator
+                                            must be Exists; this combination means
+                                            to match all values and all keys.
+                                          type: string
+                                        operator:
+                                          description: Operator represents a key's
+                                            relationship to the value. Valid operators
+                                            are Exists and Equal. Defaults to Equal.
+                                            Exists is equivalent to wildcard for value,
+                                            so that a pod can tolerate all taints
+                                            of a particular category.
+                                          type: string
+                                        tolerationSeconds:
+                                          description: TolerationSeconds represents
+                                            the period of time the toleration (which
+                                            must be of effect NoExecute, otherwise
+                                            this field is ignored) tolerates the taint.
+                                            By default, it is not set, which means
+                                            tolerate the taint forever (do not evict).
+                                            Zero and negative values will be treated
+                                            as 0 (evict immediately) by the system.
+                                          format: int64
+                                          type: integer
+                                        value:
+                                          description: Value is the taint value the
+                                            toleration matches to. If the operator
+                                            is Exists, the value should be empty,
+                                            otherwise just a regular string.
+                                          type: string
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                        type: object
+                    type: object
+                  fipsMode:
+                    description: 'FIPSMode uses images and features only that are
+                      using FIPS 140-2 validated cryptographic modules and standards.
+                      Default: Disabled'
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                  flexVolumePath:
+                    description: FlexVolumePath optionally specifies a custom path
+                      for FlexVolume. If not specified, FlexVolume will be enabled
+                      by default. If set to 'None', FlexVolume will be disabled. The
+                      default is based on the kubernetesProvider.
+                    type: string
+                  imagePath:
+                    description: "ImagePath allows for the path part of an image to
+                      be specified. If specified then the specified value will be
+                      used as the image path for each image. If not specified or empty,
+                      the default for each image will be used. A special case value,
+                      UseDefault, is supported to explicitly specify the default image
+                      path will be used for each image. \n Image format: `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
+                      \n This option allows configuring the `<imagePath>` portion
+                      of the above format."
+                    type: string
+                  imagePrefix:
+                    description: "ImagePrefix allows for the prefix part of an image
+                      to be specified. If specified then the given value will be used
+                      as a prefix on each image. If not specified or empty, no prefix
+                      will be used. A special case value, UseDefault, is supported
+                      to explicitly specify the default image prefix will be used
+                      for each image. \n Image format: `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
+                      \n This option allows configuring the `<imagePrefix>` portion
+                      of the above format."
+                    type: string
+                  imagePullSecrets:
+                    description: ImagePullSecrets is an array of references to container
+                      registry pull secrets to use. These are applied to all images
+                      to be pulled.
+                    items:
+                      description: LocalObjectReference contains enough information
+                        to let you locate the referenced object inside the same namespace.
+                      properties:
+                        name:
+                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                            TODO: Add other useful fields. apiVersion, kind, uid?'
+                          type: string
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    type: array
+                  kubeletVolumePluginPath:
+                    description: 'KubeletVolumePluginPath optionally specifies enablement
+                      of Calico CSI plugin. If not specified, CSI will be enabled
+                      by default. If set to ''None'', CSI will be disabled. Default:
+                      /var/lib/kubelet'
+                    type: string
+                  kubernetesProvider:
+                    description: KubernetesProvider specifies a particular provider
+                      of the Kubernetes platform and enables provider-specific configuration.
+                      If the specified value is empty, the Operator will attempt to
+                      automatically determine the current provider. If the specified
+                      value is not empty, the Operator will still attempt auto-detection,
+                      but will additionally compare the auto-detected value to the
+                      specified value to confirm they match.
+                    enum:
+                    - ""
+                    - EKS
+                    - GKE
+                    - AKS
+                    - OpenShift
+                    - DockerEnterprise
+                    - RKE2
+                    type: string
+                  logging:
+                    description: Logging Configuration for Components
+                    properties:
+                      cni:
+                        description: Customized logging specification for calico-cni
+                          plugin
+                        properties:
+                          logFileMaxAgeDays:
+                            description: 'Default: 30 (days)'
+                            format: int32
+                            type: integer
+                          logFileMaxCount:
+                            description: 'Default: 10'
+                            format: int32
+                            type: integer
+                          logFileMaxSize:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: 'Default: 100Mi'
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          logSeverity:
+                            description: 'Default: Info'
+                            enum:
+                            - Error
+                            - Warning
+                            - Debug
+                            - Info
+                            type: string
+                        type: object
+                    type: object
+                  nodeMetricsPort:
+                    description: NodeMetricsPort specifies which port calico/node
+                      serves prometheus metrics on. By default, metrics are not enabled.
+                      If specified, this overrides any FelixConfiguration resources
+                      which may exist. If omitted, then prometheus metrics may still
+                      be configured through FelixConfiguration.
+                    format: int32
+                    type: integer
+                  nodeUpdateStrategy:
+                    description: NodeUpdateStrategy can be used to customize the desired
+                      update strategy, such as the MaxUnavailable field.
+                    properties:
+                      rollingUpdate:
+                        description: 'Rolling update config params. Present only if
+                          type = "RollingUpdate". --- TODO: Update this to follow
+                          our convention for oneOf, whatever we decide it to be. Same
+                          as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345'
+                        properties:
+                          maxSurge:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: 'The maximum number of nodes with an existing
+                              available DaemonSet pod that can have an updated DaemonSet
+                              pod during during an update. Value can be an absolute
+                              number (ex: 5) or a percentage of desired pods (ex:
+                              10%). This can not be 0 if MaxUnavailable is 0. Absolute
+                              number is calculated from percentage by rounding up
+                              to a minimum of 1. Default value is 0. Example: when
+                              this is set to 30%, at most 30% of the total number
+                              of nodes that should be running the daemon pod (i.e.
+                              status.desiredNumberScheduled) can have their a new
+                              pod created before the old pod is marked as deleted.
+                              The update starts by launching new pods on 30% of nodes.
+                              Once an updated pod is available (Ready for at least
+                              minReadySeconds) the old DaemonSet pod on that node
+                              is marked deleted. If the old pod becomes unavailable
+                              for any reason (Ready transitions to false, is evicted,
+                              or is drained) an updated pod is immediatedly created
+                              on that node without considering surge limits. Allowing
+                              surge implies the possibility that the resources consumed
+                              by the daemonset on any given node can double if the
+                              readiness check fails, and so resource intensive daemonsets
+                              should take into account that they may cause evictions
+                              during disruption.'
+                            x-kubernetes-int-or-string: true
+                          maxUnavailable:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: 'The maximum number of DaemonSet pods that
+                              can be unavailable during the update. Value can be an
+                              absolute number (ex: 5) or a percentage of total number
+                              of DaemonSet pods at the start of the update (ex: 10%).
+                              Absolute number is calculated from percentage by rounding
+                              up. This cannot be 0 if MaxSurge is 0 Default value
+                              is 1. Example: when this is set to 30%, at most 30%
+                              of the total number of nodes that should be running
+                              the daemon pod (i.e. status.desiredNumberScheduled)
+                              can have their pods stopped for an update at any given
+                              time. The update starts by stopping at most 30% of those
+                              DaemonSet pods and then brings up new DaemonSet pods
+                              in their place. Once the new pods are available, it
+                              then proceeds onto other DaemonSet pods, thus ensuring
+                              that at least 70% of original number of DaemonSet pods
+                              are available at all times during the update.'
+                            x-kubernetes-int-or-string: true
+                        type: object
+                      type:
+                        description: Type of daemon set update. Can be "RollingUpdate"
+                          or "OnDelete". Default is RollingUpdate.
+                        type: string
+                    type: object
+                  nonPrivileged:
+                    description: NonPrivileged configures Calico to be run in non-privileged
+                      containers as non-root users where possible.
+                    type: string
+                  registry:
+                    description: "Registry is the default Docker registry used for
+                      component Docker images. If specified then the given value must
+                      end with a slash character (`/`) and all images will be pulled
+                      from this registry. If not specified then the default registries
+                      will be used. A special case value, UseDefault, is supported
+                      to explicitly specify the default registries will be used. \n
+                      Image format: `<registry><imagePath>/<imagePrefix><imageName>:<image-tag>`
+                      \n This option allows configuring the `<registry>` portion of
+                      the above format."
+                    type: string
+                  serviceCIDRs:
+                    description: Kubernetes Service CIDRs. Specifying this is required
+                      when using Calico for Windows.
+                    items:
+                      type: string
+                    type: array
+                  typhaAffinity:
+                    description: Deprecated. Please use Installation.Spec.TyphaDeployment
+                      instead. TyphaAffinity allows configuration of node affinity
+                      characteristics for Typha pods.
+                    properties:
+                      nodeAffinity:
+                        description: NodeAffinity describes node affinity scheduling
+                          rules for typha.
+                        properties:
+                          preferredDuringSchedulingIgnoredDuringExecution:
+                            description: The scheduler will prefer to schedule pods
+                              to nodes that satisfy the affinity expressions specified
+                              by this field, but it may choose a node that violates
+                              one or more of the expressions.
+                            items:
+                              description: An empty preferred scheduling term matches
+                                all objects with implicit weight 0 (i.e. it's a no-op).
+                                A null preferred scheduling term matches no objects
+                                (i.e. is also a no-op).
+                              properties:
+                                preference:
+                                  description: A node selector term, associated with
+                                    the corresponding weight.
+                                  properties:
+                                    matchExpressions:
+                                      description: A list of node selector requirements
+                                        by node's labels.
+                                      items:
+                                        description: A node selector requirement is
+                                          a selector that contains values, a key,
+                                          and an operator that relates the key and
+                                          values.
+                                        properties:
+                                          key:
+                                            description: The label key that the selector
+                                              applies to.
+                                            type: string
+                                          operator:
+                                            description: Represents a key's relationship
+                                              to a set of values. Valid operators
+                                              are In, NotIn, Exists, DoesNotExist.
+                                              Gt, and Lt.
+                                            type: string
+                                          values:
+                                            description: An array of string values.
+                                              If the operator is In or NotIn, the
+                                              values array must be non-empty. If the
+                                              operator is Exists or DoesNotExist,
+                                              the values array must be empty. If the
+                                              operator is Gt or Lt, the values array
+                                              must have a single element, which will
+                                              be interpreted as an integer. This array
+                                              is replaced during a strategic merge
+                                              patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchFields:
+                                      description: A list of node selector requirements
+                                        by node's fields.
+                                      items:
+                                        description: A node selector requirement is
+                                          a selector that contains values, a key,
+                                          and an operator that relates the key and
+                                          values.
+                                        properties:
+                                          key:
+                                            description: The label key that the selector
+                                              applies to.
+                                            type: string
+                                          operator:
+                                            description: Represents a key's relationship
+                                              to a set of values. Valid operators
+                                              are In, NotIn, Exists, DoesNotExist.
+                                              Gt, and Lt.
+                                            type: string
+                                          values:
+                                            description: An array of string values.
+                                              If the operator is In or NotIn, the
+                                              values array must be non-empty. If the
+                                              operator is Exists or DoesNotExist,
+                                              the values array must be empty. If the
+                                              operator is Gt or Lt, the values array
+                                              must have a single element, which will
+                                              be interpreted as an integer. This array
+                                              is replaced during a strategic merge
+                                              patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                weight:
+                                  description: Weight associated with matching the
+                                    corresponding nodeSelectorTerm, in the range 1-100.
+                                  format: int32
+                                  type: integer
+                              required:
+                              - preference
+                              - weight
+                              type: object
+                            type: array
+                          requiredDuringSchedulingIgnoredDuringExecution:
+                            description: 'WARNING: Please note that if the affinity
+                              requirements specified by this field are not met at
+                              scheduling time, the pod will NOT be scheduled onto
+                              the node. There is no fallback to another affinity rules
+                              with this setting. This may cause networking disruption
+                              or even catastrophic failure! PreferredDuringSchedulingIgnoredDuringExecution
+                              should be used for affinity unless there is a specific
+                              well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution
+                              and you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution
+                              will always have sufficient nodes to satisfy the requirement.
+                              NOTE: RequiredDuringSchedulingIgnoredDuringExecution
+                              is set by default for AKS nodes, to avoid scheduling
+                              Typhas on virtual-nodes. If the affinity requirements
+                              specified by this field cease to be met at some point
+                              during pod execution (e.g. due to an update), the system
+                              may or may not try to eventually evict the pod from
+                              its node.'
+                            properties:
+                              nodeSelectorTerms:
+                                description: Required. A list of node selector terms.
+                                  The terms are ORed.
+                                items:
+                                  description: A null or empty node selector term
+                                    matches no objects. The requirements of them are
+                                    ANDed. The TopologySelectorTerm type implements
+                                    a subset of the NodeSelectorTerm.
+                                  properties:
+                                    matchExpressions:
+                                      description: A list of node selector requirements
+                                        by node's labels.
+                                      items:
+                                        description: A node selector requirement is
+                                          a selector that contains values, a key,
+                                          and an operator that relates the key and
+                                          values.
+                                        properties:
+                                          key:
+                                            description: The label key that the selector
+                                              applies to.
+                                            type: string
+                                          operator:
+                                            description: Represents a key's relationship
+                                              to a set of values. Valid operators
+                                              are In, NotIn, Exists, DoesNotExist.
+                                              Gt, and Lt.
+                                            type: string
+                                          values:
+                                            description: An array of string values.
+                                              If the operator is In or NotIn, the
+                                              values array must be non-empty. If the
+                                              operator is Exists or DoesNotExist,
+                                              the values array must be empty. If the
+                                              operator is Gt or Lt, the values array
+                                              must have a single element, which will
+                                              be interpreted as an integer. This array
+                                              is replaced during a strategic merge
+                                              patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchFields:
+                                      description: A list of node selector requirements
+                                        by node's fields.
+                                      items:
+                                        description: A node selector requirement is
+                                          a selector that contains values, a key,
+                                          and an operator that relates the key and
+                                          values.
+                                        properties:
+                                          key:
+                                            description: The label key that the selector
+                                              applies to.
+                                            type: string
+                                          operator:
+                                            description: Represents a key's relationship
+                                              to a set of values. Valid operators
+                                              are In, NotIn, Exists, DoesNotExist.
+                                              Gt, and Lt.
+                                            type: string
+                                          values:
+                                            description: An array of string values.
+                                              If the operator is In or NotIn, the
+                                              values array must be non-empty. If the
+                                              operator is Exists or DoesNotExist,
+                                              the values array must be empty. If the
+                                              operator is Gt or Lt, the values array
+                                              must have a single element, which will
+                                              be interpreted as an integer. This array
+                                              is replaced during a strategic merge
+                                              patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                type: array
+                            required:
+                            - nodeSelectorTerms
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                    type: object
+                  typhaDeployment:
+                    description: TyphaDeployment configures the typha Deployment.
+                      If used in conjunction with the deprecated ComponentResources
+                      or TyphaAffinity, then these overrides take precedence.
+                    properties:
+                      metadata:
+                        description: Metadata is a subset of a Kubernetes object's
+                          metadata that is added to the Deployment.
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: Annotations is a map of arbitrary non-identifying
+                              metadata. Each of these key/value pairs are added to
+                              the object's annotations provided the key does not already
+                              exist in the object's annotations.
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: Labels is a map of string keys and values
+                              that may match replicaset and service selectors. Each
+                              of these key/value pairs are added to the object's labels
+                              provided the key does not already exist in the object's
+                              labels.
+                            type: object
+                        type: object
+                      spec:
+                        description: Spec is the specification of the typha Deployment.
+                        properties:
+                          minReadySeconds:
+                            description: MinReadySeconds is the minimum number of
+                              seconds for which a newly created Deployment pod should
+                              be ready without any of its container crashing, for
+                              it to be considered available. If specified, this overrides
+                              any minReadySeconds value that may be set on the typha
+                              Deployment. If omitted, the typha Deployment will use
+                              its default value for minReadySeconds.
+                            format: int32
+                            maximum: 2147483647
+                            minimum: 0
+                            type: integer
+                          strategy:
+                            description: The deployment strategy to use to replace
+                              existing pods with new ones.
+                            properties:
+                              rollingUpdate:
+                                description: Rolling update config params. Present
+                                  only if DeploymentStrategyType = RollingUpdate.
+                                  to be.
+                                properties:
+                                  maxSurge:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    description: 'The maximum number of pods that
+                                      can be scheduled above the desired number of
+                                      pods. Value can be an absolute number (ex: 5)
+                                      or a percentage of desired pods (ex: 10%). This
+                                      can not be 0 if MaxUnavailable is 0. Absolute
+                                      number is calculated from percentage by rounding
+                                      up. Defaults to 25%. Example: when this is set
+                                      to 30%, the new ReplicaSet can be scaled up
+                                      immediately when the rolling update starts,
+                                      such that the total number of old and new pods
+                                      do not exceed 130% of desired pods. Once old
+                                      pods have been killed, new ReplicaSet can be
+                                      scaled up further, ensuring that total number
+                                      of pods running at any time during the update
+                                      is at most 130% of desired pods.'
+                                    x-kubernetes-int-or-string: true
+                                  maxUnavailable:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    description: 'The maximum number of pods that
+                                      can be unavailable during the update. Value
+                                      can be an absolute number (ex: 5) or a percentage
+                                      of desired pods (ex: 10%). Absolute number is
+                                      calculated from percentage by rounding down.
+                                      This can not be 0 if MaxSurge is 0. Defaults
+                                      to 25%. Example: when this is set to 30%, the
+                                      old ReplicaSet can be scaled down to 70% of
+                                      desired pods immediately when the rolling update
+                                      starts. Once new pods are ready, old ReplicaSet
+                                      can be scaled down further, followed by scaling
+                                      up the new ReplicaSet, ensuring that the total
+                                      number of pods available at all times during
+                                      the update is at least 70% of desired pods.'
+                                    x-kubernetes-int-or-string: true
+                                type: object
+                            type: object
+                          template:
+                            description: Template describes the typha Deployment pod
+                              that will be created.
+                            properties:
+                              metadata:
+                                description: Metadata is a subset of a Kubernetes
+                                  object's metadata that is added to the pod's metadata.
+                                properties:
+                                  annotations:
+                                    additionalProperties:
+                                      type: string
+                                    description: Annotations is a map of arbitrary
+                                      non-identifying metadata. Each of these key/value
+                                      pairs are added to the object's annotations
+                                      provided the key does not already exist in the
+                                      object's annotations.
+                                    type: object
+                                  labels:
+                                    additionalProperties:
+                                      type: string
+                                    description: Labels is a map of string keys and
+                                      values that may match replicaset and service
+                                      selectors. Each of these key/value pairs are
+                                      added to the object's labels provided the key
+                                      does not already exist in the object's labels.
+                                    type: object
+                                type: object
+                              spec:
+                                description: Spec is the typha Deployment's PodSpec.
+                                properties:
+                                  affinity:
+                                    description: 'Affinity is a group of affinity
+                                      scheduling rules for the typha pods. If specified,
+                                      this overrides any affinity that may be set
+                                      on the typha Deployment. If omitted, the typha
+                                      Deployment will use its default value for affinity.
+                                      If used in conjunction with the deprecated TyphaAffinity,
+                                      then this value takes precedence. WARNING: Please
+                                      note that this field will override the default
+                                      calico-typha Deployment affinity.'
+                                    properties:
+                                      nodeAffinity:
+                                        description: Describes node affinity scheduling
+                                          rules for the pod.
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node matches the corresponding
+                                              matchExpressions; the node(s) with the
+                                              highest sum are the most preferred.
+                                            items:
+                                              description: An empty preferred scheduling
+                                                term matches all objects with implicit
+                                                weight 0 (i.e. it's a no-op). A null
+                                                preferred scheduling term matches
+                                                no objects (i.e. is also a no-op).
+                                              properties:
+                                                preference:
+                                                  description: A node selector term,
+                                                    associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                weight:
+                                                  description: Weight associated with
+                                                    matching the corresponding nodeSelectorTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - preference
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to an update),
+                                              the system may or may not try to eventually
+                                              evict the pod from its node.
+                                            properties:
+                                              nodeSelectorTerms:
+                                                description: Required. A list of node
+                                                  selector terms. The terms are ORed.
+                                                items:
+                                                  description: A null or empty node
+                                                    selector term matches no objects.
+                                                    The requirements of them are ANDed.
+                                                    The TopologySelectorTerm type
+                                                    implements a subset of the NodeSelectorTerm.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        labels.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchFields:
+                                                      description: A list of node
+                                                        selector requirements by node's
+                                                        fields.
+                                                      items:
+                                                        description: A node selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: The label
+                                                              key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: Represents
+                                                              a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists, DoesNotExist.
+                                                              Gt, and Lt.
+                                                            type: string
+                                                          values:
+                                                            description: An array
+                                                              of string values. If
+                                                              the operator is In or
+                                                              NotIn, the values array
+                                                              must be non-empty. If
+                                                              the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. If the operator
+                                                              is Gt or Lt, the values
+                                                              array must have a single
+                                                              element, which will
+                                                              be interpreted as an
+                                                              integer. This array
+                                                              is replaced during a
+                                                              strategic merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                type: array
+                                            required:
+                                            - nodeSelectorTerms
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        type: object
+                                      podAffinity:
+                                        description: Describes pod affinity scheduling
+                                          rules (e.g. co-locate this pod in the same
+                                          node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the affinity expressions specified by
+                                              this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                      podAntiAffinity:
+                                        description: Describes pod anti-affinity scheduling
+                                          rules (e.g. avoid putting this pod in the
+                                          same node, zone, etc. as some other pod(s)).
+                                        properties:
+                                          preferredDuringSchedulingIgnoredDuringExecution:
+                                            description: The scheduler will prefer
+                                              to schedule pods to nodes that satisfy
+                                              the anti-affinity expressions specified
+                                              by this field, but it may choose a node
+                                              that violates one or more of the expressions.
+                                              The node that is most preferred is the
+                                              one with the greatest sum of weights,
+                                              i.e. for each node that meets all of
+                                              the scheduling requirements (resource
+                                              request, requiredDuringScheduling anti-affinity
+                                              expressions, etc.), compute a sum by
+                                              iterating through the elements of this
+                                              field and adding "weight" to the sum
+                                              if the node has pods which matches the
+                                              corresponding podAffinityTerm; the node(s)
+                                              with the highest sum are the most preferred.
+                                            items:
+                                              description: The weights of all of the
+                                                matched WeightedPodAffinityTerm fields
+                                                are added per-node to find the most
+                                                preferred node(s)
+                                              properties:
+                                                podAffinityTerm:
+                                                  description: Required. A pod affinity
+                                                    term, associated with the corresponding
+                                                    weight.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: A label query over
+                                                        a set of resources, in this
+                                                        case pods.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaceSelector:
+                                                      description: A label query over
+                                                        the set of namespaces that
+                                                        the term applies to. The term
+                                                        is applied to the union of
+                                                        the namespaces selected by
+                                                        this field and the ones listed
+                                                        in the namespaces field. null
+                                                        selector and null or empty
+                                                        namespaces list means "this
+                                                        pod's namespace". An empty
+                                                        selector ({}) matches all
+                                                        namespaces.
+                                                      properties:
+                                                        matchExpressions:
+                                                          description: matchExpressions
+                                                            is a list of label selector
+                                                            requirements. The requirements
+                                                            are ANDed.
+                                                          items:
+                                                            description: A label selector
+                                                              requirement is a selector
+                                                              that contains values,
+                                                              a key, and an operator
+                                                              that relates the key
+                                                              and values.
+                                                            properties:
+                                                              key:
+                                                                description: key is
+                                                                  the label key that
+                                                                  the selector applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: operator
+                                                                  represents a key's
+                                                                  relationship to
+                                                                  a set of values.
+                                                                  Valid operators
+                                                                  are In, NotIn, Exists
+                                                                  and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: values
+                                                                  is an array of string
+                                                                  values. If the operator
+                                                                  is In or NotIn,
+                                                                  the values array
+                                                                  must be non-empty.
+                                                                  If the operator
+                                                                  is Exists or DoesNotExist,
+                                                                  the values array
+                                                                  must be empty. This
+                                                                  array is replaced
+                                                                  during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                            required:
+                                                            - key
+                                                            - operator
+                                                            type: object
+                                                          type: array
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: matchLabels
+                                                            is a map of {key,value}
+                                                            pairs. A single {key,value}
+                                                            in the matchLabels map
+                                                            is equivalent to an element
+                                                            of matchExpressions, whose
+                                                            key field is "key", the
+                                                            operator is "In", and
+                                                            the values array contains
+                                                            only "value". The requirements
+                                                            are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    namespaces:
+                                                      description: namespaces specifies
+                                                        a static list of namespace
+                                                        names that the term applies
+                                                        to. The term is applied to
+                                                        the union of the namespaces
+                                                        listed in this field and the
+                                                        ones selected by namespaceSelector.
+                                                        null or empty namespaces list
+                                                        and null namespaceSelector
+                                                        means "this pod's namespace".
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                    topologyKey:
+                                                      description: This pod should
+                                                        be co-located (affinity) or
+                                                        not co-located (anti-affinity)
+                                                        with the pods matching the
+                                                        labelSelector in the specified
+                                                        namespaces, where co-located
+                                                        is defined as running on a
+                                                        node whose value of the label
+                                                        with key topologyKey matches
+                                                        that of any node on which
+                                                        any of the selected pods is
+                                                        running. Empty topologyKey
+                                                        is not allowed.
+                                                      type: string
+                                                  required:
+                                                  - topologyKey
+                                                  type: object
+                                                weight:
+                                                  description: weight associated with
+                                                    matching the corresponding podAffinityTerm,
+                                                    in the range 1-100.
+                                                  format: int32
+                                                  type: integer
+                                              required:
+                                              - podAffinityTerm
+                                              - weight
+                                              type: object
+                                            type: array
+                                          requiredDuringSchedulingIgnoredDuringExecution:
+                                            description: If the anti-affinity requirements
+                                              specified by this field are not met
+                                              at scheduling time, the pod will not
+                                              be scheduled onto the node. If the anti-affinity
+                                              requirements specified by this field
+                                              cease to be met at some point during
+                                              pod execution (e.g. due to a pod label
+                                              update), the system may or may not try
+                                              to eventually evict the pod from its
+                                              node. When there are multiple elements,
+                                              the lists of nodes corresponding to
+                                              each podAffinityTerm are intersected,
+                                              i.e. all terms must be satisfied.
+                                            items:
+                                              description: Defines a set of pods (namely
+                                                those matching the labelSelector relative
+                                                to the given namespace(s)) that this
+                                                pod should be co-located (affinity)
+                                                or not co-located (anti-affinity)
+                                                with, where co-located is defined
+                                                as running on a node whose value of
+                                                the label with key <topologyKey> matches
+                                                that of any node on which a pod of
+                                                the set of pods is running
+                                              properties:
+                                                labelSelector:
+                                                  description: A label query over
+                                                    a set of resources, in this case
+                                                    pods.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaceSelector:
+                                                  description: A label query over
+                                                    the set of namespaces that the
+                                                    term applies to. The term is applied
+                                                    to the union of the namespaces
+                                                    selected by this field and the
+                                                    ones listed in the namespaces
+                                                    field. null selector and null
+                                                    or empty namespaces list means
+                                                    "this pod's namespace". An empty
+                                                    selector ({}) matches all namespaces.
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: A label selector
+                                                          requirement is a selector
+                                                          that contains values, a
+                                                          key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: operator
+                                                              represents a key's relationship
+                                                              to a set of values.
+                                                              Valid operators are
+                                                              In, NotIn, Exists and
+                                                              DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: values is
+                                                              an array of string values.
+                                                              If the operator is In
+                                                              or NotIn, the values
+                                                              array must be non-empty.
+                                                              If the operator is Exists
+                                                              or DoesNotExist, the
+                                                              values array must be
+                                                              empty. This array is
+                                                              replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: matchLabels is
+                                                        a map of {key,value} pairs.
+                                                        A single {key,value} in the
+                                                        matchLabels map is equivalent
+                                                        to an element of matchExpressions,
+                                                        whose key field is "key",
+                                                        the operator is "In", and
+                                                        the values array contains
+                                                        only "value". The requirements
+                                                        are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                namespaces:
+                                                  description: namespaces specifies
+                                                    a static list of namespace names
+                                                    that the term applies to. The
+                                                    term is applied to the union of
+                                                    the namespaces listed in this
+                                                    field and the ones selected by
+                                                    namespaceSelector. null or empty
+                                                    namespaces list and null namespaceSelector
+                                                    means "this pod's namespace".
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                topologyKey:
+                                                  description: This pod should be
+                                                    co-located (affinity) or not co-located
+                                                    (anti-affinity) with the pods
+                                                    matching the labelSelector in
+                                                    the specified namespaces, where
+                                                    co-located is defined as running
+                                                    on a node whose value of the label
+                                                    with key topologyKey matches that
+                                                    of any node on which any of the
+                                                    selected pods is running. Empty
+                                                    topologyKey is not allowed.
+                                                  type: string
+                                              required:
+                                              - topologyKey
+                                              type: object
+                                            type: array
+                                        type: object
+                                    type: object
+                                  containers:
+                                    description: Containers is a list of typha containers.
+                                      If specified, this overrides the specified typha
+                                      Deployment containers. If omitted, the typha
+                                      Deployment will use its default values for its
+                                      containers.
+                                    items:
+                                      description: TyphaDeploymentContainer is a typha
+                                        Deployment container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the typha Deployment container by name.
+                                          enum:
+                                          - calico-typha
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named typha Deployment
+                                            container's resources. If omitted, the
+                                            typha Deployment will use its default
+                                            value for this container's resources.
+                                            If used in conjunction with the deprecated
+                                            ComponentResources, then this value takes
+                                            precedence.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  initContainers:
+                                    description: InitContainers is a list of typha
+                                      init containers. If specified, this overrides
+                                      the specified typha Deployment init containers.
+                                      If omitted, the typha Deployment will use its
+                                      default values for its init containers.
+                                    items:
+                                      description: TyphaDeploymentInitContainer is
+                                        a typha Deployment init container.
+                                      properties:
+                                        name:
+                                          description: Name is an enum which identifies
+                                            the typha Deployment init container by
+                                            name.
+                                          enum:
+                                          - typha-certs-key-cert-provisioner
+                                          type: string
+                                        resources:
+                                          description: Resources allows customization
+                                            of limits and requests for compute resources
+                                            such as cpu and memory. If specified,
+                                            this overrides the named typha Deployment
+                                            init container's resources. If omitted,
+                                            the typha Deployment will use its default
+                                            value for this init container's resources.
+                                            If used in conjunction with the deprecated
+                                            ComponentResources, then this value takes
+                                            precedence.
+                                          properties:
+                                            claims:
+                                              description: "Claims lists the names
+                                                of resources, defined in spec.resourceClaims,
+                                                that are used by this container. \n
+                                                This is an alpha field and requires
+                                                enabling the DynamicResourceAllocation
+                                                feature gate. \n This field is immutable.
+                                                It can only be set for containers."
+                                              items:
+                                                description: ResourceClaim references
+                                                  one entry in PodSpec.ResourceClaims.
+                                                properties:
+                                                  name:
+                                                    description: Name must match the
+                                                      name of one entry in pod.spec.resourceClaims
+                                                      of the Pod where this field
+                                                      is used. It makes that resource
+                                                      available inside a container.
+                                                    type: string
+                                                required:
+                                                - name
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-map-keys:
+                                              - name
+                                              x-kubernetes-list-type: map
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Limits describes the maximum
+                                                amount of compute resources allowed.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              description: 'Requests describes the
+                                                minimum amount of compute resources
+                                                required. If Requests is omitted for
+                                                a container, it defaults to Limits
+                                                if that is explicitly specified, otherwise
+                                                to an implementation-defined value.
+                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                              type: object
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  nodeSelector:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'NodeSelector is the calico-typha
+                                      pod''s scheduling constraints. If specified,
+                                      each of the key/value pairs are added to the
+                                      calico-typha Deployment nodeSelector provided
+                                      the key does not already exist in the object''s
+                                      nodeSelector. If omitted, the calico-typha Deployment
+                                      will use its default value for nodeSelector.
+                                      WARNING: Please note that this field will modify
+                                      the default calico-typha Deployment nodeSelector.'
+                                    type: object
+                                  terminationGracePeriodSeconds:
+                                    description: Optional duration in seconds the
+                                      pod needs to terminate gracefully. May be decreased
+                                      in delete request. Value must be non-negative
+                                      integer. The value zero indicates stop immediately
+                                      via the kill signal (no opportunity to shut
+                                      down). If this value is nil, the default grace
+                                      period will be used instead. The grace period
+                                      is the duration in seconds after the processes
+                                      running in the pod are sent a termination signal
+                                      and the time when the processes are forcibly
+                                      halted with a kill signal. Set this value longer
+                                      than the expected cleanup time for your process.
+                                      Defaults to 30 seconds.
+                                    format: int64
+                                    type: integer
+                                  tolerations:
+                                    description: 'Tolerations is the typha pod''s
+                                      tolerations. If specified, this overrides any
+                                      tolerations that may be set on the typha Deployment.
+                                      If omitted, the typha Deployment will use its
+                                      default value for tolerations. WARNING: Please
+                                      note that this field will override the default
+                                      calico-typha Deployment tolerations.'
+                                    items:
+                                      description: The pod this Toleration is attached
+                                        to tolerates any taint that matches the triple
+                                        <key,value,effect> using the matching operator
+                                        <operator>.
+                                      properties:
+                                        effect:
+                                          description: Effect indicates the taint
+                                            effect to match. Empty means match all
+                                            taint effects. When specified, allowed
+                                            values are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Key is the taint key that the
+                                            toleration applies to. Empty means match
+                                            all taint keys. If the key is empty, operator
+                                            must be Exists; this combination means
+                                            to match all values and all keys.
+                                          type: string
+                                        operator:
+                                          description: Operator represents a key's
+                                            relationship to the value. Valid operators
+                                            are Exists and Equal. Defaults to Equal.
+                                            Exists is equivalent to wildcard for value,
+                                            so that a pod can tolerate all taints
+                                            of a particular category.
+                                          type: string
+                                        tolerationSeconds:
+                                          description: TolerationSeconds represents
+                                            the period of time the toleration (which
+                                            must be of effect NoExecute, otherwise
+                                            this field is ignored) tolerates the taint.
+                                            By default, it is not set, which means
+                                            tolerate the taint forever (do not evict).
+                                            Zero and negative values will be treated
+                                            as 0 (evict immediately) by the system.
+                                          format: int64
+                                          type: integer
+                                        value:
+                                          description: Value is the taint value the
+                                            toleration matches to. If the operator
+                                            is Exists, the value should be empty,
+                                            otherwise just a regular string.
+                                          type: string
+                                      type: object
+                                    type: array
+                                  topologySpreadConstraints:
+                                    description: TopologySpreadConstraints describes
+                                      how a group of pods ought to spread across topology
+                                      domains. Scheduler will schedule pods in a way
+                                      which abides by the constraints. All topologySpreadConstraints
+                                      are ANDed.
+                                    items:
+                                      description: TopologySpreadConstraint specifies
+                                        how to spread matching pods among the given
+                                        topology.
+                                      properties:
+                                        labelSelector:
+                                          description: LabelSelector is used to find
+                                            matching pods. Pods that match this label
+                                            selector are counted to determine the
+                                            number of pods in their corresponding
+                                            topology domain.
+                                          properties:
+                                            matchExpressions:
+                                              description: matchExpressions is a list
+                                                of label selector requirements. The
+                                                requirements are ANDed.
+                                              items:
+                                                description: A label selector requirement
+                                                  is a selector that contains values,
+                                                  a key, and an operator that relates
+                                                  the key and values.
+                                                properties:
+                                                  key:
+                                                    description: key is the label
+                                                      key that the selector applies
+                                                      to.
+                                                    type: string
+                                                  operator:
+                                                    description: operator represents
+                                                      a key's relationship to a set
+                                                      of values. Valid operators are
+                                                      In, NotIn, Exists and DoesNotExist.
+                                                    type: string
+                                                  values:
+                                                    description: values is an array
+                                                      of string values. If the operator
+                                                      is In or NotIn, the values array
+                                                      must be non-empty. If the operator
+                                                      is Exists or DoesNotExist, the
+                                                      values array must be empty.
+                                                      This array is replaced during
+                                                      a strategic merge patch.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              description: matchLabels is a map of
+                                                {key,value} pairs. A single {key,value}
+                                                in the matchLabels map is equivalent
+                                                to an element of matchExpressions,
+                                                whose key field is "key", the operator
+                                                is "In", and the values array contains
+                                                only "value". The requirements are
+                                                ANDed.
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        matchLabelKeys:
+                                          description: MatchLabelKeys is a set of
+                                            pod label keys to select the pods over
+                                            which spreading will be calculated. The
+                                            keys are used to lookup values from the
+                                            incoming pod labels, those key-value labels
+                                            are ANDed with labelSelector to select
+                                            the group of existing pods over which
+                                            spreading will be calculated for the incoming
+                                            pod. Keys that don't exist in the incoming
+                                            pod labels will be ignored. A null or
+                                            empty list means only match against labelSelector.
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        maxSkew:
+                                          description: 'MaxSkew describes the degree
+                                            to which pods may be unevenly distributed.
+                                            When `whenUnsatisfiable=DoNotSchedule`,
+                                            it is the maximum permitted difference
+                                            between the number of matching pods in
+                                            the target topology and the global minimum.
+                                            The global minimum is the minimum number
+                                            of matching pods in an eligible domain
+                                            or zero if the number of eligible domains
+                                            is less than MinDomains. For example,
+                                            in a 3-zone cluster, MaxSkew is set to
+                                            1, and pods with the same labelSelector
+                                            spread as 2/2/1: In this case, the global
+                                            minimum is 1. | zone1 | zone2 | zone3
+                                            | |  P P  |  P P  |   P   | - if MaxSkew
+                                            is 1, incoming pod can only be scheduled
+                                            to zone3 to become 2/2/2; scheduling it
+                                            onto zone1(zone2) would make the ActualSkew(3-1)
+                                            on zone1(zone2) violate MaxSkew(1). -
+                                            if MaxSkew is 2, incoming pod can be scheduled
+                                            onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+                                            it is used to give higher precedence to
+                                            topologies that satisfy it. It''s a required
+                                            field. Default value is 1 and 0 is not
+                                            allowed.'
+                                          format: int32
+                                          type: integer
+                                        minDomains:
+                                          description: "MinDomains indicates a minimum
+                                            number of eligible domains. When the number
+                                            of eligible domains with matching topology
+                                            keys is less than minDomains, Pod Topology
+                                            Spread treats \"global minimum\" as 0,
+                                            and then the calculation of Skew is performed.
+                                            And when the number of eligible domains
+                                            with matching topology keys equals or
+                                            greater than minDomains, this value has
+                                            no effect on scheduling. As a result,
+                                            when the number of eligible domains is
+                                            less than minDomains, scheduler won't
+                                            schedule more than maxSkew Pods to those
+                                            domains. If value is nil, the constraint
+                                            behaves as if MinDomains is equal to 1.
+                                            Valid values are integers greater than
+                                            0. When value is not nil, WhenUnsatisfiable
+                                            must be DoNotSchedule. \n For example,
+                                            in a 3-zone cluster, MaxSkew is set to
+                                            2, MinDomains is set to 5 and pods with
+                                            the same labelSelector spread as 2/2/2:
+                                            | zone1 | zone2 | zone3 | |  P P  |  P
+                                            P  |  P P  | The number of domains is
+                                            less than 5(MinDomains), so \"global minimum\"
+                                            is treated as 0. In this situation, new
+                                            pod with the same labelSelector cannot
+                                            be scheduled, because computed skew will
+                                            be 3(3 - 0) if new Pod is scheduled to
+                                            any of the three zones, it will violate
+                                            MaxSkew. \n This is a beta field and requires
+                                            the MinDomainsInPodTopologySpread feature
+                                            gate to be enabled (enabled by default)."
+                                          format: int32
+                                          type: integer
+                                        nodeAffinityPolicy:
+                                          description: "NodeAffinityPolicy indicates
+                                            how we will treat Pod's nodeAffinity/nodeSelector
+                                            when calculating pod topology spread skew.
+                                            Options are: - Honor: only nodes matching
+                                            nodeAffinity/nodeSelector are included
+                                            in the calculations. - Ignore: nodeAffinity/nodeSelector
+                                            are ignored. All nodes are included in
+                                            the calculations. \n If this value is
+                                            nil, the behavior is equivalent to the
+                                            Honor policy. This is a beta-level feature
+                                            default enabled by the NodeInclusionPolicyInPodTopologySpread
+                                            feature flag."
+                                          type: string
+                                        nodeTaintsPolicy:
+                                          description: "NodeTaintsPolicy indicates
+                                            how we will treat node taints when calculating
+                                            pod topology spread skew. Options are:
+                                            - Honor: nodes without taints, along with
+                                            tainted nodes for which the incoming pod
+                                            has a toleration, are included. - Ignore:
+                                            node taints are ignored. All nodes are
+                                            included. \n If this value is nil, the
+                                            behavior is equivalent to the Ignore policy.
+                                            This is a beta-level feature default enabled
+                                            by the NodeInclusionPolicyInPodTopologySpread
+                                            feature flag."
+                                          type: string
+                                        topologyKey:
+                                          description: TopologyKey is the key of node
+                                            labels. Nodes that have a label with this
+                                            key and identical values are considered
+                                            to be in the same topology. We consider
+                                            each <key, value> as a "bucket", and try
+                                            to put balanced number of pods into each
+                                            bucket. We define a domain as a particular
+                                            instance of a topology. Also, we define
+                                            an eligible domain as a domain whose nodes
+                                            meet the requirements of nodeAffinityPolicy
+                                            and nodeTaintsPolicy. e.g. If TopologyKey
+                                            is "kubernetes.io/hostname", each Node
+                                            is a domain of that topology. And, if
+                                            TopologyKey is "topology.kubernetes.io/zone",
+                                            each zone is a domain of that topology.
+                                            It's a required field.
+                                          type: string
+                                        whenUnsatisfiable:
+                                          description: 'WhenUnsatisfiable indicates
+                                            how to deal with a pod if it doesn''t
+                                            satisfy the spread constraint. - DoNotSchedule
+                                            (default) tells the scheduler not to schedule
+                                            it. - ScheduleAnyway tells the scheduler
+                                            to schedule the pod in any location, but
+                                            giving higher precedence to topologies
+                                            that would help reduce the skew. A constraint
+                                            is considered "Unsatisfiable" for an incoming
+                                            pod if and only if every possible node
+                                            assignment for that pod would violate
+                                            "MaxSkew" on some topology. For example,
+                                            in a 3-zone cluster, MaxSkew is set to
+                                            1, and pods with the same labelSelector
+                                            spread as 3/1/1: | zone1 | zone2 | zone3
+                                            | | P P P |   P   |   P   | If WhenUnsatisfiable
+                                            is set to DoNotSchedule, incoming pod
+                                            can only be scheduled to zone2(zone3)
+                                            to become 3/2/1(3/1/2) as ActualSkew(2-1)
+                                            on zone2(zone3) satisfies MaxSkew(1).
+                                            In other words, the cluster can still
+                                            be imbalanced, but scheduler won''t make
+                                            it *more* imbalanced. It''s a required
+                                            field.'
+                                          type: string
+                                      required:
+                                      - maxSkew
+                                      - topologyKey
+                                      - whenUnsatisfiable
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                        type: object
+                    type: object
+                  typhaMetricsPort:
+                    description: TyphaMetricsPort specifies which port calico/typha
+                      serves prometheus metrics on. By default, metrics are not enabled.
+                    format: int32
+                    type: integer
+                  variant:
+                    description: 'Variant is the product to install - one of Calico
+                      or TigeraSecureEnterprise Default: Calico'
+                    enum:
+                    - Calico
+                    - TigeraSecureEnterprise
+                    type: string
+                  windowsNodes:
+                    description: Windows Configuration
+                    properties:
+                      cniBinDir:
+                        description: CNIBinDir is the path to the CNI binaries directory
+                          on Windows, it must match what is used as 'bin_dir' under
+                          [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni]
+                          on the containerd 'config.toml' file on the Windows nodes.
+                        type: string
+                      cniConfigDir:
+                        description: CNIConfigDir is the path to the CNI configuration
+                          directory on Windows, it must match what is used as 'conf_dir'
+                          under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni]
+                          on the containerd 'config.toml' file on the Windows nodes.
+                        type: string
+                      cniLogDir:
+                        description: CNILogDir is the path to the Calico CNI logs
+                          directory on Windows.
+                        type: string
+                      vxlanAdapter:
+                        description: VXLANAdapter is the Network Adapter used for
+                          VXLAN, leave blank for primary NIC
+                        type: string
+                      vxlanMACPrefix:
+                        description: VXLANMACPrefix is the prefix used when generating
+                          MAC addresses for virtual NICs
+                        pattern: ^[0-9A-Fa-f]{2}-[0-9A-Fa-f]{2}$
+                        type: string
+                    type: object
+                type: object
+              conditions:
+                description: Conditions represents the latest observed set of conditions
+                  for the component. A component may be one or more of Ready, Progressing,
+                  Degraded or other customer types.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              imageSet:
+                description: ImageSet is the name of the ImageSet being used, if there
+                  is an ImageSet that is being used. If an ImageSet is not being used
+                  then this will not be set.
+                type: string
+              mtu:
+                description: MTU is the most recently observed value for pod network
+                  MTU. This may be an explicitly configured value, or based on Calico's
+                  native auto-detetion.
+                format: int32
+                type: integer
+              variant:
+                description: Variant is the most recently observed installed variant
+                  - one of Calico or TigeraSecureEnterprise
+                enum:
+                - Calico
+                - TigeraSecureEnterprise
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_tigerastatuses_crd.yaml b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_tigerastatuses_crd.yaml
new file mode 100755
index 000000000..b1087f8a2
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico-crd/v3.27.001/templates/operator.tigera.io_tigerastatuses_crd.yaml
@@ -0,0 +1,106 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  name: tigerastatuses.operator.tigera.io
+spec:
+  group: operator.tigera.io
+  names:
+    kind: TigeraStatus
+    listKind: TigeraStatusList
+    plural: tigerastatuses
+    singular: tigerastatus
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - description: Whether the component running and stable.
+      jsonPath: .status.conditions[?(@.type=='Available')].status
+      name: Available
+      type: string
+    - description: Whether the component is processing changes.
+      jsonPath: .status.conditions[?(@.type=='Progressing')].status
+      name: Progressing
+      type: string
+    - description: Whether the component is degraded.
+      jsonPath: .status.conditions[?(@.type=='Degraded')].status
+      name: Degraded
+      type: string
+    - description: The time the component's Available status last changed.
+      jsonPath: .status.conditions[?(@.type=='Available')].lastTransitionTime
+      name: Since
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: TigeraStatus represents the most recently observed status for
+          Calico or a Calico Enterprise functional area.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TigeraStatusSpec defines the desired state of TigeraStatus
+            type: object
+          status:
+            description: TigeraStatusStatus defines the observed state of TigeraStatus
+            properties:
+              conditions:
+                description: Conditions represents the latest observed set of conditions
+                  for this component. A component may be one or more of Available,
+                  Progressing, or Degraded.
+                items:
+                  description: TigeraStatusCondition represents a condition attached
+                    to a particular component.
+                  properties:
+                    lastTransitionTime:
+                      description: The timestamp representing the start time for the
+                        current status.
+                      format: date-time
+                      type: string
+                    message:
+                      description: Optionally, a detailed message providing additional
+                        context.
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the generation that
+                        the condition was set based upon. For instance, if generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A brief reason explaining the condition.
+                      type: string
+                    status:
+                      description: The status of the condition. May be True, False,
+                        or Unknown.
+                      type: string
+                    type:
+                      description: The type of condition. May be Available, Progressing,
+                        or Degraded.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+            required:
+            - conditions
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/Chart.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/Chart.yaml
new file mode 100755
index 000000000..36795ed8d
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/Chart.yaml
@@ -0,0 +1,13 @@
+annotations:
+  catalog.cattle.io/namespace: tigera-operator
+apiVersion: v2
+appVersion: v3.27.0
+description: Installs the Tigera operator for Calico
+home: https://projectcalico.docs.tigera.io/about/about-calico
+icon: https://projectcalico.docs.tigera.io/images/felix_icon.png
+name: rke2-calico
+sources:
+- https://github.com/projectcalico/calico/tree/master/calico/_includes/charts/tigera-operator
+- https://github.com/tigera/operator
+- https://github.com/projectcalico/calico
+version: v3.27.001
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/README.md b/charts/rke2-calico/rke2-calico/v3.27.001/README.md
new file mode 100755
index 000000000..6953eac4a
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/README.md
@@ -0,0 +1,161 @@
+# Calico
+
+Calico is a widely adopted, battle-tested open source networking and network security solution for Kubernetes, virtual machines, and bare-metal workloads.
+Calico provides two major services for Cloud Native applications:
+
+- Network connectivity between workloads.
+- Network security policy enforcement between workloads.
+
+Calico’s flexible architecture supports a wide range of deployment options, using modular components and technologies, including:
+
+- Choice of data plane technology, whether it be [eBPF](https://projectcalico.docs.tigera.io/maintenance/ebpf/use-cases-ebpf), standard Linux, [Windows HNS](https://docs.microsoft.com/en-us/virtualization/windowscontainers/container-networking/architecture) or [VPP](https://github.com/projectcalico/vpp-dataplane)
+- Enforcement of the full set of Kubernetes network policy features, plus for those needing a richer set of policy features, Calico network policies.
+- An optimized Kubernetes Service implementation using eBPF.
+- Kubernetes [apiserver integration](./apiserver), for managing Calico configuration and Calico network policies.
+- Both non-overlay and [overlay (via IPIP or VXLAN)](https://projectcalico.docs.tigera.io/networking/vxlan-ipip) networking options in either public cloud or on-prem deployments.
+- [CNI plugins](./cni-plugin) for Kubernetes to provide highly efficient pod networking and IP Address Management (IPAM).
+- A [BGP routing stack](https://projectcalico.docs.tigera.io/networking/bgp) that can advertise routes for workload and service IP addresses to physical network infrastructure.
+
+# Installing
+
+1. Add the projectcalico helm repository.
+
+   ```
+   helm repo add projectcalico https://projectcalico.docs.tigera.io/charts
+   ```
+
+1. Create the tigera-operator namespace.
+
+   ```
+   kubectl create namespace tigera-operator
+   ```
+
+1. Install the helm chart into the `tigera-operator` namespace.
+
+   ```
+   helm install calico projectcalico/tigera-operator --namespace tigera-operator
+   ```
+
+# Upgrading
+
+Prior to release v3.23, the Calico helm chart itself deployed the `tigera-operator` namespace and required that the helm release was
+installed in the `default` namespace. Newer releases properly defer creation of the `tigera-operator` namespace to the user and allow installation
+of the chart into the `tigera-operator` namespace.
+
+When upgrading from a version of Calico v3.22 or lower to a version of Calico v3.23 or greater, you must complete the following steps to migrate
+ownership of the helm resources to the new chart location.
+
+## Upgrade from Calico versions prior to v3.23.0
+
+1. Patch existing resources so that the new chart can assume ownership.
+
+   ```
+   kubectl patch installation default --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
+   kubectl patch apiserver default --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
+   kubectl patch podsecuritypolicy tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
+   kubectl patch -n tigera-operator deployment tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
+   kubectl patch -n tigera-operator serviceaccount tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
+   kubectl patch clusterrole tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
+   kubectl patch clusterrolebinding tigera-operator tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
+   ```
+
+1. Install the helm chart in the `tigera-operator` namespace.
+
+   ```
+   helm install {{site.prodname | downcase}} projectcalico/tigera-operator --version {{site.data.versions[0].title}} --namespace tigera-operator
+   ```
+
+1. Once the install has succeeded, you can delete any old releases in the `default` namespace.
+
+   ```
+   kubectl delete secret -n default -l name=calico,owner=helm --dry-run
+   ```
+
+> **Note:** The above command uses --dry-run to avoid making changes to your cluster. We recommend reviewing
+> the output and then re-running the command without --dry-run to commit to the changes.
+
+## All other upgrades
+
+1. Run the helm upgrade:
+
+   ```bash
+   helm upgrade {{site.prodname | downcase}} projectcalico/tigera-operator
+   ```
+
+# Values reference
+
+The default values.yaml should be suitable for most basic deployments.
+
+```
+# imagePullSecrets is a special helm field which, when specified, creates a secret
+# containing the pull secret which is used to pull all images deployed by this helm chart and the resulting operator.
+# this field is a map where the key is the desired secret name and the value is the contents of the imagePullSecret.
+#
+# Example: --set-file imagePullSecrets.gcr=./pull-secret.json
+imagePullSecrets: {}
+
+# Configures general installation parameters for Calico. Schema is based
+# on the operator.tigera.io/Installation API documented
+# here: https://projectcalico.docs.tigera.io/reference/installation/api#operator.tigera.io/v1.InstallationSpec
+installation:
+  enabled: true
+  kubernetesProvider: ""
+
+  # imagePullSecrets are configured on all images deployed by the tigera-operator.
+  # secrets specified here must exist in the tigera-operator namespace; they won't be created by the operator or helm.
+  # imagePullSecrets are a slice of LocalObjectReferences, which is the same format they appear as on deployments.
+  #
+  # Example: --set installation.imagePullSecrets[0].name=my-existing-secret
+  imagePullSecrets: []
+
+# Configures general installation parameters for Calico. Schema is based
+# on the operator.tigera.io/Installation API documented
+# here: https://projectcalico.docs.tigera.io/reference/installation/api#operator.tigera.io/v1.APIServerSpec
+apiServer:
+  enabled: true
+
+# Certificates for communications between calico/node and calico/typha.
+# If left blank, will be automatically provisioned.
+certs:
+  node:
+    key:
+    cert:
+    commonName:
+  typha:
+    key:
+    cert:
+    commonName:
+    caBundle:
+
+# Resources for the tigera/operator pod itself.
+# By default, no resource requests or limits are specified.
+resources: {}
+
+# Tolerations for the tigera/operator pod itself.
+# By default, will schedule on all possible place.
+tolerations:
+- effect: NoExecute
+  operator: Exists
+- effect: NoSchedule
+  operator: Exists
+
+# NodeSelector for the tigera/operator pod itself.
+nodeSelector:
+  kubernetes.io/os: linux
+
+# Custom annotations for the tigera/operator pod itself
+podAnnotations: {}
+
+# Custom labels for the tigera/operator pod itself
+podLabels: {}
+
+# Configuration for the tigera operator images to deploy.
+tigeraOperator:
+  image: tigera/operator
+  registry: quay.io
+calicoctl:
+  image: docker.io/calico/ctl
+
+# Configuration for the Calico CSI plugin - setting to None will disable the plugin, default: /var/lib/kubelet
+kubeletVolumePluginPath: None   
+```
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/_helpers.tpl b/charts/rke2-calico/rke2-calico/v3.27.001/templates/_helpers.tpl
new file mode 100755
index 000000000..f73abc67b
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/_helpers.tpl
@@ -0,0 +1,23 @@
+{{/* generate the image name for a component*/}}
+{{- define "tigera-operator.image" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- $_ := set .Values.tigeraOperator "registry" .Values.global.systemDefaultRegistry -}}
+{{- end -}}
+{{- if .Values.tigeraOperator.registry -}}
+    {{- .Values.tigeraOperator.registry | trimSuffix "/" -}}/
+{{- end -}}
+{{- .Values.tigeraOperator.image -}}:{{- .Values.tigeraOperator.version -}}
+{{- end -}}
+
+{{/*
+generate imagePullSecrets for installation and deployments
+by combining installation.imagePullSecrets with toplevel imagePullSecrets.
+*/}}
+
+{{- define "tigera-operator.imagePullSecrets" -}}
+{{- $secrets := default list .Values.installation.imagePullSecrets -}}
+{{- range $key, $val := .Values.imagePullSecrets -}}
+  {{- $secrets = append $secrets (dict "name" $key) -}}
+{{- end -}}
+{{ $secrets | toYaml }}
+{{- end -}}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-node.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-node.yaml
new file mode 100755
index 000000000..5830c2af2
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-node.yaml
@@ -0,0 +1,13 @@
+{{/* if any of .Values.certs.node or .Values.certs.typha is not nil */}}
+{{ if without (concat (values .Values.certs.node) (values .Values.certs.typha)) nil }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: node-certs
+  namespace: tigera-operator
+type: Opaque
+data:
+  cert.crt: {{ required "must set certs.node.cert" .Values.certs.node.cert | b64enc }}
+  key.key: {{ required "must set certs.node.key" .Values.certs.node.key | b64enc }}
+  common-name: {{ required "must set certs.node.commonName" .Values.certs.node.commonName | b64enc }}
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-typha.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-typha.yaml
new file mode 100755
index 000000000..4463e8948
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/certs/certs-typha.yaml
@@ -0,0 +1,23 @@
+{{/* if any of .Values.certs.node or .Values.certs.typha is not nil */}}
+{{ if without (concat (values .Values.certs.node) (values .Values.certs.typha)) nil }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: typha-ca
+  namespace: tigera-operator
+data:
+  caBundle: |
+{{ required "must set certs.typha.caBundle" .Values.certs.typha.caBundle | indent 4}}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: typha-certs
+  namespace: tigera-operator
+type: Opaque
+data:
+  cert.crt: {{ required "must set certs.typha.cert" .Values.certs.typha.cert | b64enc }}
+  key.key: {{ required "must set certs.typha.key" .Values.certs.typha.key | b64enc }}
+  common-name: {{ required "must set certs.typha.commonName" .Values.certs.typha.commonName | b64enc }}
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/crs/custom-resources.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/crs/custom-resources.yaml
new file mode 100755
index 000000000..802e31570
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/crs/custom-resources.yaml
@@ -0,0 +1,52 @@
+{{ if .Values.installation.enabled }}
+{{ $installSpec := omit .Values.installation "enabled" }}
+{{ $_ := set $installSpec "imagePullSecrets" (include "tigera-operator.imagePullSecrets" . | fromYamlArray) }}
+{{ $_ := set $installSpec "kubeletVolumePluginPath" .Values.kubeletVolumePluginPath }}
+{{ $defaultRegistry := get $installSpec "registry" }}
+{{ $finalRegistry := coalesce .Values.global.systemDefaultRegistry $defaultRegistry }}
+{{ $_ := set $installSpec "registry" $finalRegistry }}
+{{ if empty .Values.installation.calicoNetwork.ipPools }}
+{{ $calicoNetwork := get .Values.installation "calicoNetwork" }}
+{{ if not (empty .Values.global.clusterCIDRv4) }}
+{{ $myIP4Dict := dict "natOutgoing" "Enabled" "encapsulation" "VXLAN" "cidr" .Values.global.clusterCIDRv4 }}
+{{ if not (empty .Values.global.clusterCIDRv6) }}
+{{ $myIP6Dict := dict "natOutgoing" "Enabled" "encapsulation" "VXLAN" "cidr" .Values.global.clusterCIDRv6 }}
+{{ $ipPoolList := list $myIP4Dict }}
+{{ $finalIpPoolList := append $ipPoolList $myIP6Dict }}
+{{ $_ := set $calicoNetwork "ipPools" $finalIpPoolList }}
+{{ else }}
+{{ $finalIpPoolList := list $myIP4Dict }}
+{{ $_ := set $calicoNetwork "ipPools" $finalIpPoolList }}
+{{ end }}
+{{ else if not (empty .Values.global.clusterCIDRv6) }}
+{{ $myIP6Dict := dict "natOutgoing" "Enabled" "encapsulation" "VXLAN" "cidr" .Values.global.clusterCIDRv6 }}
+{{ $finalIpPoolList := list $myIP6Dict }}
+{{ $_ := set $calicoNetwork "ipPools" $finalIpPoolList }}
+{{ end }}
+{{ if empty .Values.installation.calicoNetwork.nodeAddressAutodetectionV4 }}
+{{ $calicoNetwork := get .Values.installation "calicoNetwork" }}
+{{ $autodetect := dict "firstFound" true }}
+{{ $_ := set $calicoNetwork "nodeAddressAutodetectionV4" $autodetect }}
+{{ end }}
+{{ end }}
+
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+{{ $installSpec | toYaml | indent 2 }}
+
+{{ end }}
+
+{{ if .Values.apiServer.enabled }}
+{{ $apiServerSpec := omit .Values.apiServer "enabled" }}
+---
+
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec:
+{{ $apiServerSpec | toYaml | indent 2 }}
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/felixconfig.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/felixconfig.yaml
new file mode 100755
index 000000000..3d46f9ba1
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/felixconfig.yaml
@@ -0,0 +1,11 @@
+{{ $felixConfig := dict }}
+{{ range $key, $value := .Values.felixConfiguration }}
+{{ $_ := set $felixConfig $key $value }}
+{{ end }}
+
+apiVersion: crd.projectcalico.org/v1
+kind: FelixConfiguration
+metadata:
+  name: default
+spec:
+{{ $felixConfig | toYaml | indent 2 }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/ipamconfig.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/ipamconfig.yaml
new file mode 100755
index 000000000..22dba0e53
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/ipamconfig.yaml
@@ -0,0 +1,7 @@
+apiVersion: crd.projectcalico.org/v1
+kind: IPAMConfig
+metadata:
+  name: default
+spec:
+  strictAffinity: {{ .Values.ipamConfig.strictAffinity }}
+  autoAllocateBlocks: {{ .Values.ipamConfig.autoAllocateBlocks }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-namespace-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-namespace-tigera-operator.yaml
new file mode 100755
index 000000000..b7e260e46
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-namespace-tigera-operator.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tigera-operator
+  annotations:
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+    openshift.io/node-selector: ""
+{{- end }}
+  labels:
+    name: tigera-operator
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+    openshift.io/run-level: "0"
+{{- end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-uninstall.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-uninstall.yaml
new file mode 100755
index 000000000..3dd5e9ec2
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/00-uninstall.yaml
@@ -0,0 +1,38 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: tigera-operator-uninstall
+  namespace: tigera-operator
+  labels:
+    k8s-app: tigera-operator-uninstall
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # Mark this Job as a pre-deletion hook. This will only be executed as part
+    # of helm uninstall, in order to ensure the Installation is cleaned up prior to
+    # tearing down the operator.
+    helm.sh/hook: pre-delete
+    helm.sh/hook-weight: "-5"
+    helm.sh/hook-delete-policy: hook-succeeded
+spec:
+  template:
+    metadata:
+      name: "{{ .Release.Name }}"
+      labels:
+        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    spec:
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: Never
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: tigera-operator
+      containers:
+      - name: cleanup-job
+        image: {{ template "tigera-operator.image" . }}
+        args: ["-pre-delete"]
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/01-imagepullsecret.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/01-imagepullsecret.yaml
new file mode 100755
index 000000000..1421ad38c
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/01-imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- $envAll := . }}
+{{- if .Values.imagePullSecrets }}
+
+{{range $key, $value := .Values.imagePullSecrets }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $key }}
+  namespace: tigera-operator
+data:
+  .dockerconfigjson: {{ $value | b64enc }}
+type: kubernetes.io/dockerconfigjson
+{{- end }}
+
+{{- end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-configmap-calico-resources.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-configmap-calico-resources.yaml
new file mode 100755
index 000000000..2270813ca
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-configmap-calico-resources.yaml
@@ -0,0 +1,27 @@
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: calico-resources
+  namespace: tigera-operator
+data:
+  # To create Calico resources before Calico components are started add
+  # an entry here and the contents of the resource under the entry.
+  # The resources here should all be projectcalico.org/v3.
+  # Multiple resources/entries can be added to this ConfigMap.
+  #
+  # If you need to remove a resource that was added to this ConfigMap
+  # you should remove it from here or else it will be re-created.
+  #
+  # example-global-network-set.yaml: |
+  #   apiVersion: projectcalico.org/v3
+  #   kind: GlobalNetworkSet
+  #   metadata:
+  #     name: a-name-for-the-set
+  #     labels:
+  #       role: external-database
+  #   spec:
+  #     nets:
+  #     - 198.51.100.0/28
+  #     - 203.0.113.0/24
+{{- end}}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml
new file mode 100755
index 000000000..ca2d9e6fd
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml
@@ -0,0 +1,49 @@
+{{- if semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion -}}
+{{ if ne .Values.installation.kubernetesProvider "openshift" }}
+# This should not be rendered for an OpenShift install.
+# OpenShift uses SecurityContextConstraints instead.
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: tigera-operator
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  requiredDropCapabilities:
+  - ALL
+  volumes:
+  - 'hostPath'
+  - 'configMap'
+  - 'emptyDir'
+  - 'projected'
+  - 'secret'
+  - 'downwardAPI'
+  # Assume that persistentVolumes set up by the cluster admin are safe to use.
+  - 'persistentVolumeClaim'
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{ end }}
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-role-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-role-tigera-operator.yaml
new file mode 100755
index 000000000..5096a3c23
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-role-tigera-operator.yaml
@@ -0,0 +1,331 @@
+# Permissions required when running the operator for a Calico cluster.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tigera-operator
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - podtemplates
+      - services
+      - endpoints
+      - events
+      - configmaps
+      - secrets
+      - serviceaccounts
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - resourcequotas
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - resourcequotas
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+    resourceNames:
+      - calico-critical-pods
+      - tigera-critical-pods
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      # Need to update node labels when migrating nodes.
+      - get
+      - patch
+      - list
+      # We need this for Typha autoscaling
+      - watch
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+      - rolebindings
+      - roles
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+      - bind
+      - escalate
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+      - daemonsets
+      - statefulsets
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - apps
+    resourceNames:
+      - tigera-operator
+    resources:
+      - deployments/finalizers
+    verbs:
+      - update
+  # The operator needs read and update permissions on the APIs that it controls.
+  - apiGroups:
+      - operator.tigera.io
+    resources:
+      - apiservers/finalizers
+      - installations
+      - installations/status
+      - installations/finalizers
+      - tigerastatuses
+      - tigerastatuses/status
+      - tigerastatuses/finalizers
+      - apiservers
+      - apiservers/status
+      - imagesets
+    verbs:
+      - get
+      - list
+      - update
+      - patch
+      - watch
+  # In addition to the above, the operator creates and deletes TigeraStatus resources.
+  - apiGroups:
+      - operator.tigera.io
+    resources:
+      - tigerastatuses
+    verbs:
+      - create
+      - delete
+  - apiGroups:
+    - networking.k8s.io
+    resources:
+    - networkpolicies
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+    - crd.projectcalico.org
+    resources:
+    - felixconfigurations
+    verbs:
+    - create
+    - patch
+    - list
+    - get
+    - watch
+  - apiGroups:
+    - crd.projectcalico.org
+    resources:
+    - ippools
+    - kubecontrollersconfigurations
+    - bgpconfigurations
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - projectcalico.org
+    resources:
+    - ipamconfigurations
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+      - scheduling.k8s.io
+    resources:
+      - priorityclasses
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - policy
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - apiregistration.k8s.io
+    resources:
+      - apiservices
+    verbs:
+      - list
+      - watch
+      - create
+      - update
+  # Needed for operator lock
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - storage.k8s.io
+    resources:
+      - csidrivers
+    verbs:
+      - list
+      - watch
+      - update
+      - get
+      - create
+      - delete
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+  # When running in OpenShift, we need to update networking config.
+  - apiGroups:
+      - config.openshift.io
+    resources:
+      - networks/status
+    verbs:
+      - get
+      - list
+      - update
+  - apiGroups:
+      - config.openshift.io
+    resources:
+      - networks
+      - infrastructures
+    verbs:
+      - get
+      - list
+      - patch
+      - watch
+  # On OpenShift, we need to modify SCCs.
+  - apiGroups:
+      - security.openshift.io
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  # The following rule is only for operator certification purposes.
+  # The operator normally runs in a namespace with openshift.io/run-level=0 which bypasses SCC.
+  # However in certification tests, the operator is run in a normal namespace so this
+  # rule is needed for host networking and hostPath volume access.
+  - apiGroups:
+      - security.openshift.io
+    resources:
+      - securitycontextconstraints
+    resourceNames:
+      - hostaccess
+    verbs:
+      - use
+  # Need these permissions for the calicoctl init container.
+  - apiGroups:
+      - crd.projectcalico.org
+    resources:
+      - bgpconfigurations
+      - bgppeers
+      - felixconfigurations
+      - kubecontrollersconfigurations
+      - globalnetworkpolicies
+      - globalnetworksets
+      - hostendpoints
+      - ippools
+      - networkpolicies
+      - networksets
+    verbs:
+      - create
+  - apiGroups:
+     - crd.projectcalico.org
+    resources:
+      - ipamblocks
+    verbs:
+      - list
+  # Need this permission for the calicoctl version mismatch checking
+  - apiGroups:
+      - crd.projectcalico.org
+    resources:
+      - clusterinformations
+    verbs:
+      - get
+  # For AWS security group setup.
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+      - cronjobs
+    verbs:
+      - create
+      - update
+      - list
+      - watch
+{{- else }}
+  # Add the appropriate pod security policy permissions
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    resourceNames:
+      - tigera-operator
+    verbs:
+      - use
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+# Add the permissions to monitor the status of certificatesigningrequests when certificate management is enabled.
+  - apiGroups:
+      - certificates.k8s.io
+    resources:
+      - certificatesigningrequests
+    verbs:
+      - list
+      - watch
+{{- end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-rolebinding-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-rolebinding-tigera-operator.yaml
new file mode 100755
index 000000000..5689683a3
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-rolebinding-tigera-operator.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tigera-operator
+subjects:
+- kind: ServiceAccount
+  name: tigera-operator
+  namespace: tigera-operator
+roleRef:
+  kind: ClusterRole
+  name: tigera-operator
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml
new file mode 100755
index 000000000..ace99b2fe
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tigera-operator
+  namespace: tigera-operator
+imagePullSecrets: {{- include "tigera-operator.imagePullSecrets" . | nindent 2 }}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-tigera-operator.yaml
new file mode 100755
index 000000000..654dd22fd
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/tigera-operator/02-tigera-operator.yaml
@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tigera-operator
+  namespace: tigera-operator
+  labels:
+    k8s-app: tigera-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: tigera-operator
+  template:
+    metadata:
+      labels:
+        name: tigera-operator
+        k8s-app: tigera-operator
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: tigera-operator
+      # Set the termination grace period to match how long the operator will wait for
+      # resources to terminate when being uninstalled.
+      terminationGracePeriodSeconds: 60
+      hostNetwork: true
+      # This must be set when hostNetwork is true or else the cluster services won't resolve
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+        - name: tigera-operator
+          image: {{ template "tigera-operator.image" . }}
+          imagePullPolicy: IfNotPresent
+          command:
+            - operator
+          volumeMounts:
+            - name: var-lib-calico
+              readOnly: true
+              mountPath: /var/lib/calico
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          env:
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: "tigera-operator"
+            - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION
+              value: {{.Values.tigeraOperator.version}}
+          envFrom:
+            - configMapRef:
+                name: kubernetes-services-endpoint
+                optional: true
+      volumes:
+        - name: var-lib-calico
+          hostPath:
+            path: /var/lib/calico
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+        - name: calico-resources
+          configMap:
+            defaultMode: 0400
+            name: calico-resources
+        - name: install-resources-script
+          configMap:
+            defaultMode: 0777
+            name: install-resources-script
+      initContainers:
+        - name: create-initial-resources
+          image: {{.Values.calicoctl.image}}:{{.Values.calicoctl.tag}}
+          env:
+            - name: DATASTORE_TYPE
+              value: kubernetes
+          command:
+            - calicoctl
+          args:
+            - --allow-version-mismatch
+            - create
+            - --skip-exists
+            - --skip-empty
+            - -f
+            - /calico-resources
+          volumeMounts:
+            - name: calico-resources
+              mountPath: /calico-resources
+{{- end}}
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/templates/validate-install-crd.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/templates/validate-install-crd.yaml
new file mode 100755
index 000000000..3ec25c5c4
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/templates/validate-install-crd.yaml
@@ -0,0 +1,35 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "crd.projectcalico.org/v1/BGPConfiguration" false -}}
+# {{- set $found "crd.projectcalico.org/v1/BGPFilter" false -}}
+# {{- set $found "crd.projectcalico.org/v1/BGPPeer" false -}}
+# {{- set $found "crd.projectcalico.org/v1/BlockAffinity" false -}}
+# {{- set $found "crd.projectcalico.org/v1/CalicoNodeStatus" false -}}
+# {{- set $found "crd.projectcalico.org/v1/ClusterInformation" false -}}
+# {{- set $found "crd.projectcalico.org/v1/FelixConfiguration" false -}}
+# {{- set $found "crd.projectcalico.org/v1/GlobalNetworkPolicy" false -}}
+# {{- set $found "crd.projectcalico.org/v1/GlobalNetworkSet" false -}}
+# {{- set $found "crd.projectcalico.org/v1/HostEndpoint" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPAMBlock" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPAMConfig" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPAMHandle" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPPool" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPReservation" false -}}
+# {{- set $found "crd.projectcalico.org/v1/KubeControllersConfiguration" false -}}
+# {{- set $found "crd.projectcalico.org/v1/NetworkPolicy" false -}}
+# {{- set $found "crd.projectcalico.org/v1/NetworkSet" false -}}
+# {{- set $found "operator.tigera.io/v1/APIServer" false -}}
+# {{- set $found "operator.tigera.io/v1/ImageSet" false -}}
+# {{- set $found "operator.tigera.io/v1/Installation" false -}}
+# {{- set $found "operator.tigera.io/v1/TigeraStatus" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rke2-calico/rke2-calico/v3.27.001/values.yaml b/charts/rke2-calico/rke2-calico/v3.27.001/values.yaml
new file mode 100755
index 000000000..600232a32
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.27.001/values.yaml
@@ -0,0 +1,91 @@
+# imagePullSecrets is a special helm field which, when specified, creates a secret
+# containing the pull secret which is used to pull all images deployed by this helm chart and the resulting operator.
+# this field is a map where the key is the desired secret name and the value is the contents of the imagePullSecret.
+#
+# Example: --set-file imagePullSecrets.gcr=./pull-secret.json
+imagePullSecrets: {}
+
+installation:
+  controlPlaneTolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+  - key: "node-role.kubernetes.io/etcd"
+    operator: "Exists"
+    effect: "NoExecute"
+  enabled: true
+  kubeletVolumePluginPath: "None"
+  kubernetesProvider: ""
+  calicoNetwork:
+    bgp: Disabled
+  imagePath: "rancher"
+  imagePrefix: "mirrored-calico-"
+  flexVolumePath: "/var/lib/kubelet/volumeplugins/"
+  # imagePullSecrets are configured on all images deployed by the tigera-operator.
+  # secrets specified here must exist in the tigera-operator namespace; they won't be created by the operator or helm.
+  # imagePullSecrets are a slice of LocalObjectReferences, which is the same format they appear as on deployments.
+  #
+  # Example: --set installation.imagePullSecrets[0].name=my-existing-secret
+  imagePullSecrets: []
+
+apiServer:
+  enabled: false
+
+certs:
+  node:
+    key:
+    cert:
+    commonName:
+  typha:
+    key:
+    cert:
+    commonName:
+    caBundle:
+
+# Resource requests and limits for the tigera/operator pod.
+resources: {}
+
+# Tolerations for the tigera/operator pod.
+tolerations:
+- effect: NoExecute
+  operator: Exists
+- effect: NoSchedule
+  operator: Exists
+
+# NodeSelector for the tigera/operator pod.
+nodeSelector:
+  kubernetes.io/os: linux
+
+# Custom annotations for the tigera/operator pod.
+podAnnotations: {}
+
+# Custom labels for the tigera/operator pod.
+podLabels: {}
+
+# Image and registry configuration for the tigera/operator pod.
+tigeraOperator:
+  image: rancher/mirrored-calico-operator
+  version: v1.32.3
+  registry: docker.io
+calicoctl:
+  image: rancher/mirrored-calico-ctl
+  tag: v3.27.0
+
+global:
+  systemDefaultRegistry: ""
+  clusterCIDRv4: ""
+  clusterCIDRv6: ""
+
+# Config required by Windows nodes
+ipamConfig:
+  strictAffinity: true
+  autoAllocateBlocks: true
+
+felixConfiguration:
+  wireguardEnabled: false
+  # Config required to fix RKE2 issue #1541
+  featureDetectOverride: "ChecksumOffloadBroken=true"
+  healthPort: 9099
+  defaultEndpointToHostAction: "Drop"
+  logSeveritySys: "Info"
+  xdpEnabled: true
diff --git a/index.yaml b/index.yaml
index 96c282f15..d1b6525d2 100755
--- a/index.yaml
+++ b/index.yaml
@@ -988,6 +988,23 @@ entries:
     urls:
     - assets/rke2-calico/rke2-calico-v3.1906.tgz
     version: v3.1906
+  - annotations:
+      catalog.cattle.io/namespace: tigera-operator
+    apiVersion: v2
+    appVersion: v3.27.0
+    created: "2024-02-12T16:02:55.295165866Z"
+    description: Installs the Tigera operator for Calico
+    digest: 3d7540c98c7a5b16fb9e82c4e576deba41a7211ea8e93ab90720370ee519fbea
+    home: https://projectcalico.docs.tigera.io/about/about-calico
+    icon: https://projectcalico.docs.tigera.io/images/felix_icon.png
+    name: rke2-calico
+    sources:
+    - https://github.com/projectcalico/calico/tree/master/calico/_includes/charts/tigera-operator
+    - https://github.com/tigera/operator
+    - https://github.com/projectcalico/calico
+    urls:
+    - assets/rke2-calico/rke2-calico-v3.27.001.tgz
+    version: v3.27.001
   - annotations:
       catalog.cattle.io/namespace: tigera-operator
     apiVersion: v2
@@ -1634,6 +1651,15 @@ entries:
     - assets/rke2-calico/rke2-calico-v3.18.1-101.tgz
     version: v3.18.1-101
   rke2-calico-crd:
+  - apiVersion: v1
+    created: "2024-02-12T16:02:55.26813464Z"
+    description: Installs the CRDs for rke2-calico
+    digest: 8f3bab4979cd6a31d6d572e66bb2dbbe0faa5cac8ad819e1b035617a11f76f64
+    name: rke2-calico-crd
+    type: application
+    urls:
+    - assets/rke2-calico/rke2-calico-crd-v3.27.001.tgz
+    version: v3.27.001
   - apiVersion: v1
     created: "2024-02-09T19:15:55.358102015Z"
     description: Installs the CRDs for rke2-calico